Executive Cyber Leadership

Executes decision-making authorities and establishes vision and direction for an organization's cyber and cyber-related resources and/or operations.
  • Knowledge of computer networking concepts and protocols, and network security methodologies.
  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Knowledge of cybersecurity and privacy principles.
  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of specific operational impacts of cybersecurity lapses.
  • Knowledge of application vulnerabilities.
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities.
  • Knowledge of industry technologies' potential cybersecurity vulnerabilities.
  • Knowledge of capabilities, applications, and potential vulnerabilities of network equipment including hubs, routers, switches, bridges, servers, transmission media, and related hardware.
  • Knowledge of emerging security issues, risks, and vulnerabilities.
  • Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
  • Knowledge of cyber competitions as a way of developing skills by providing hands-on experience in simulated, real-world situations.
  • Skill in creating policies that reflect system security objectives.
  • Skill in communicating with all levels of management including Board members (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience).
  • Skill to anticipate new security threats.
  • Skill to remain aware of evolving technical infrastructures.
  • Skill to use critical thinking to analyze organizational patterns and relationships.
  • Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
  • Ability to apply critical reading/thinking skills.
  • Ability to exercise judgment when policies are not well-defined.
  • Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.
  • Ability to tailor technical and planning information to a customer's level of understanding.
  • Ability to think critically.
  • Ability to prioritize and allocate cybersecurity resources correctly and efficiently.
  • Ability to relate strategy, business, and technology in the context of organizational dynamics.
  • Ability to understand technology, management, and leadership issues related to organization processes and problem solving.
  • Ability to understand the basic concepts and issues related to cyber and its organizational impact.
  • Ability to ensure information security management processes are integrated with strategic and operational planning processes.
  • Ability to ensure that senior officials within the organization provide information security for the information and systems that support the operations and assets under their control.
  • Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
  • Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle.
  • Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
  • Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate.
  • Supervise and assign work to programmers, designers, technologists and technicians, and other engineering and scientific personnel.
  • Coordinate with organizational manpower stakeholders to ensure appropriate allocation and distribution of human capital assets.
  • Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities.
  • Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization's strategic plan.
  • Perform an information security risk assessment.
  • Conduct long-range, strategic planning efforts with internal and external partners in cyber activities.
  • Collaborate on cyber privacy and security policies and procedures
  • Collaborate with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation
  • Appoint and guide a team of IT security experts.
  • Collaborate with key stakeholders to establish a cybersecurity risk management program.