The Path to C-Suite for Cyber Professionals


Being a cybersecurity leader is not for the faint of heart. You must have the business skills of a C-suite executive, the technical capabilities of a SecOps professional, and the fortitude of a field marshal in battle. According to the IANS CISO survey, a CISO's tenure is often 25% shorter than that of other C-suite executives. The unique challenges of this role drive this; CISOs live at the nexus of regulators, customers, supply chains, criminal organizations, and nation-state threat actors. Becoming a successful CISO takes proactive and constant education, skills development, and work-life balance.

"In the midst of chaos, there is also opportunity.”

- Sun Tzu

Throughout the program, participants will have access to a robust network of cybersecurity leaders and an array of resources to support their continued growth. The in-person events and project work will enable participants to translate learning into action and make an immediate impact in their organizations.

This program will share insights from over 50 previous and current CISOS to give participants the confidence and capabilities to lead effective cybersecurity programs and manage risk in an increasingly complex landscape. Armed with operational best practices, measurement techniques, and leadership skills, they will drive results and enable their organizations to navigate the digital future securely.

CISOs must bring order to their organizations from the chaos of threat actors, users' behaviors, and business governance demands. Our CISO Executive Program will provide the perspectives, tools, and development skills required to take the chair in one of the world's most demanding and rewarding jobs.


One unspoken truth of career advancement is the need to shift one's perspective of the world and adjust priorities and team engagement to align with the demands of one's business.

The cynical would call this “selling out,” and the informed would know that this is developing leadership maturity. As a member of the C-Suite, you will need to think about strategies, tactics, and tasks in a new light, which requires relearning many of the skills that got you promoted.

Our CISO Executive program will prepare you to succeed and see the business world from a new angle with new thinking for long-term success.


This intensive 12-week hybrid program is designed to equip managers and executives with the knowledge and skills to lead cybersecurity efforts effectively, understand and manage risk, and fulfill their duty of care obligations. The program combines self-paced online learning with in-person events featuring 1:1 sessions with experienced CISOs, discussion breakouts, and immersive simulations.

Program Objectives:

By the end of this program, participants will be able to:

  • Understand the cybersecurity landscape and its role in managing cyber risk
  • Effectively communicate cybersecurity risks and strategies to various stakeholders
  • Fulfill their Section 16 officer obligations and duty of care responsibilities
  • Implement operational best practices for cybersecurity
  • Lead and develop high-performing cybersecurity teams
  • Measure and optimize cybersecurity intent and outcomes

Program Structure:

Eight weeks of self-paced online learning (3-5 hours/week)

  • Four in-person weekend events spread throughout the 12 weeks
  • 1:1 sessions with experienced CISOs
  • Small group discussion breakouts
  • Immersive cybersecurity simulations and exercises
  • The capstone project focused on the participants' organizations


Weeks 1 – 2<br>

Cybersecurity Foundations
Weeks 1 – 2
Cybersecurity Foundations
  • The evolving cyber threat landscape
  • Key cybersecurity concepts and frameworks
  • The role of managers and executives in cybersecurity
  • Communicating cybersecurity to various audiences
Weeks 3 – 4<br>Governance, Risk, and Compliance
Weeks 3 – 4
Governance, Risk, and Compliance
  • Understanding Section 16 officer obligations
  • Conducting duty of care risk assessments
  • Aligning cybersecurity with business objectives
  • Navigating regulatory and compliance requirements
  • In-Person Event 1: Duty of Care Risk Assessment Workshop
Weeks 5 – 6<br>Cyber Operations
Weeks 5 – 6
Cyber Operations
  • Implementing security controls and best practices
  • Incident response planning and execution
  • Vendor risk management
  • Measuring and reporting on security operations
Weeks 7 – 8<br>Leading Cyber Teams
Weeks 7 – 8
Leading Cyber Teams
  • Building and structuring effective security organizations
  • Recruiting, developing, and retaining top talent
  • Fostering a culture of security
  • Communicating with and influencing stakeholders
Weeks 9 – 10<br>Measuring and Optimizing Outcomes
Weeks 9 – 10
Measuring and Optimizing Outcomes
  • Defining and aligning security metrics
  • Quantifying Cybersecurity Risk and ROI
  • Leveraging data and analytics for continuous improvement
  • Presenting to the board and senior leadership
  • In-Person Event 3: Metrics and Measurement Workshop
Weeks 11 – 12<br>Capstone Project
Weeks 11 – 12
Capstone Project
  • Participants apply learnings to their organizations.
  • Develop a comprehensive cybersecurity strategy and roadmap
  • Present to a panel of experienced CISOs for feedback
  • In-Person Event 4: Capstone Presentations and Graduation


Sign up for the Arbitr ThreatOps feed with your business email.