CISO in the making

The challenge

A large behavioral health center experienced a cyberthreat and required help to mitigate the resulting impact. RSM US LLP had previously worked with the client on a variety of IT and consulting needs, and given the trusted relationship, was contacted by the client to assist with their security concerns and aftermath. RSM professionals quickly provided fortified security measures while also conducting penetration analysis, vendor evaluation and governance recommendations. As a result, the client was able to respond to the threat swiftly with new and stronger systems and processes in place to fend off further attacks and damage.

That’s not the end of the story, however. It’s really the start of something new and transformational for the client.

The real story

Following the threat event, the client and RSM debriefed on future steps, one being the need to hire a chief information security officer, someone who could focus more on the security needs of this large and growing behavioral health center. Since the cyberthreat, the client had enlisted RSM to perform in that CISO capacity, but with expanding needs it was clear they required a full-time dedicated person. After an arduous recruiting period, however, the client was unable to find a suitable CISO candidate given the tight labor market, geographic constraints and salary fit.

That’s when a little creative thinking sparked a solution. RSM suggested the client could develop the CISO role internally, handpicking a strong candidate within the organization willing to learn and develop leadership skills. RSM professionals could train the individual on all things CISO, providing the required technical education and strategy development, all custom to what the client needed. And as luck would have it, after a vetting and interview process, the client did have an eager candidate happy to take on the opportunity to grow in his career.

The solution

RSM developed a two-year program for the CISO candidate—an apprenticeship, if you will—providing an initial boot camp including key security education, assignments, tests and certifications, ongoing check-ins, as well as knowledge-building on a variety of topics from understanding the threat landscape in the health care industry to governance, budgeting and policy development. Each step of the way RSM provided the CISO candidate instruction, advisory and mentoring to help shape his abilities and leadership qualities. The client’s new CISO will “graduate” next year, ready to take the IT security helm for his organization.

The results

Through the CISO training program, RSM provided the following:

• Vetted and identified highly motivated CISO candidate from the organization
• Created customized, comprehensive security and privacy training, concluding with appropriate certification
• Delivered diverse learning modules on a variety of topics from technical acumen to management skills
• Created a conduit between the technical IT and business teams

In turn, the client gained the following benefits:

• A CISO custom fitted for the organization, culture and behavioral health sector
• Cost savings due to hiring candidate within the organization, avoiding costly recruiting and relocation expenses
• A leader who can strategize and plan for future direction, to prepare for cyber threats before they arise

The CISO training program can be customized for other health care organizations, depending on need. Learn more about RSM’s comprehensive, cost-effective approach for your security program and contact us.