ENGAGEMENT
For a large US Non-Profit, DayBlink Consulting provided a dedicated part-time CISO to lead its existing team, help define and track against organizational security goals and accelerate several strategic initiatives, including: org design, budget acquisition, planning, staffing modeling and capturing opportunities for improving cyber maturity, until the organization recruited and hired a full time replacement. The non-profit was a several hundred person relatively large and technologically sophisticated organization, without a dedicated cyber team.
PROBLEM
The newly appointed CTO wanted a dedicated Cyber leader to identify, mitigate and communicate risk to the rest of the organization and to the leadership team. The client had a variety of part-time security resources – predominantly IT professionals with other roles and responsibilities, each of whom were attempting to secure their particular portfolio and provide advice to the rest of the organization. Budgetary requirements were not yet finalized and approved, creating a window for part-time resourcing while a full-time solution was determined. Rather than continue without security leadership, the CTO sought an interim leader as a bridge until he hired and onboarded a full-time CISO.
SOLUTION
DayBlink Consulting started by assessing the broader organization, prioritizing remediation of immediate gaps and then focusing on medium term opportunities that could be leveraged by future leadership. We proposed an initial org design, structure and cost to the CTO, which was accepted and then presented to the Board of Directors for approval. Simultaneously, we projected budgetary requirements for the newly built cyber organization. We then created the organization’s first maturity model for security, including a capabilities and gap assessment. Moderated discussions led to an articulated desired future state which informed a staffing model proposal. Next we cataloged opportunities and potential initiatives for improving maturity over the next 1 to 2 years. Finally we built metrics and board reporting materials to hand off to the incoming management.
RESULT
Over 6 months, DayBlink Consulting quickly increased the client’s organizational cyber maturity, positioning the organization for long-term, sustainable and repeatable security capabilities. We drafted, socialized and received approval on a security roadmap which was used for 3-year planning. The newly onboarded team members, including a full time CISO, immediately leveraged our 30/60/90 day plan. We were told that the maturity and capability framework informed hiring/staffing and budgetary decisions over the next few years. The CISO as a Service function deployed at this non-profit became a model for related non-profit entities to scale up security capabilities (the client was one business of a larger consortium of related non-profits).