Member Priorities

CISO Challenge agenda

Priority Focus Areas Identified by Members on Regular Basis


CYBER TALENT MANAGEMENT, Experiential Development & Cyber Exercises

Model Programs to Develop Talent and Improve Performance

Special Focus: Women in Security 

Focus Topic: Examining the emerging role of cyber ranges and exercises as continuous assessment and talent development tools, as well as opportunities to test technologies and tools in a safe environment. 

Focus Topic: Sharing successful corporate models for supporting career paths for women in cybersecurity as well as nonprofit and education partners that help our members expand their talent pipelines and provide development opportunities.


3rd Party Security Risk Management

Emerging Practice and Innovative Partnerships

Focus Topic: Building an integrated program using innovative assessment technologies to guide risk awareness and risk management practices. New threats and dependence on vendors managing sensitive data and vendor software with elevated privileges running our networks and systems require fundamental changes in 3rd party risk programs, including risk frameworks, contractual terms, automation, and industry collaboration.



The Realities and Necessities of a Hard Cyber Insurance Market

Focus Topic: Cyber insurance has become an increasingly important component of corporate risk management strategies. With the elevated reporting of ransomware attacks and insurance claims, premiums are significantly rising and carriers are demanding more evidence of cybersecurity defenses. CISOs must play a central role in shaping those relationships, ensure appropriate coverage based on risk, and take actions to reduce premiums. 


Collaborative Defense in the Cloud

Strategies for Multi-cloud Security & the Essentials of Zero Trust 

Focus Topic: As Cloud becomes commonplace, multi-cloud becomes inevitable.  Managing and securing a multi-cloud environment requires a thoughtful strategy and architecture, effective staff, and innovative tooling.  We examine effective practice in building the necessary resources internally and externally to gain visibility across the multi-cloud and hybrid environments and transform the implementation of essential controls. 

Focus Topic: Zero Trust has a wide range of uses, meanings, and applications.  The Presidential Executive Order has emphasized its importance and NIST is working to more narrowly define Zero Trust Architecture. The ACSC, working with Research Partners, looks to establish the common questions members can be asking to ensure they are developing an effective, efficient Zero Trust strategy. 


Red Teams for Continuous Assessment

2020 Research Topic Revisited

Focus Topic: See who has explored or implemented Red Teams, where they have been most successful, and how they have scoped the activity.

Asset Management

Emerging Practice and Innovative Partnerships

Focus Topic: A difficult task to perfect, but strong asset management is an essential building block for building a security program. Challenges range from asset discovery to lifecycle management. Acquisitions and mergers add to the scope. In order to best protect an enterprise, it’s best to know how far and wide it stretches, and what remains connected even after you thought it was unplugged.  

Vulnerability Management

Emerging Practice and Innovative Partnerships

Focus Topic: Another important building block for a security program. Prioritization and timely patching require a thoughtful program to respond to the needs of your individual organization. Responding to the current supply chain attacks.


Threat Intelligence

Building And Running An Effective Threat Intel Program

Focus Topics:

  1. Building a program - justifying the need, attracting the right talent, building networks, establishing budget support
  2. Getting the most from External Sources: Commercial Feeds, ISACs & ISAOs, Open Source
  3. Effective Vendor Management: What to outsource, how to structure, how to manage, how to get the most from your providers