Here’s a Handbook for Becoming a Great Agency CISO

Cybersecurity is an ever-evolving field and, by extension, so is the role of agency chief information security officers. To help federal CISOs stay on top of security needs, the Chief Information Officer Council and CISO Council released the CISO Handbook.

The councils released the handbook in response to the administration’s management agenda, which puts a heavy emphasis on the need to modernize agency IT systems.

“Building security into technology from the beginning is a critical component of the administration’s modernization efforts and essential to securely delivering effective, efficient, customer-centered services to our citizens,” the councils wrote in a blog post announcing the new handbook, “a compendium of key information and actionable templates and processes…to provide a ‘one stop shop’ for new and emerging information security professionals to begin their upskilling into future cybersecurity executives.”

The 70-page handbook—plus 100-page appendix and glossary—focuses as much risk management techniques as it does on the role of an effective CISO and building a career in the field. With researchers projecting a workforce gap of 1.8 million qualified cybersecurity professionals by 2022, grooming the next set of leaders is paramount.

“At its core, the handbook is a collection of resources that illuminate the many facets of the cybersecurity challenge and the related issues and opportunities of federal management,” the executive summary states.

“The handbook will help CISOs embrace risk management practices like the [National Institute of Standards and Technology] Cybersecurity Framework in the context of legislation, policy and federal guidance,” said Emery Csulak, CISO at the Centers for Medicare and Medicaid Services. “Breaking the complex conversation of the CISO role and risk management into consumable pieces can only help the community succeed in bringing new talent onboard and meeting our mission needs.”

Along with the career guidance, the handbook includes a basic breakdown of the duties CISOs should be expected to perform and a comprehensive, searchable archive of frameworks, guidelines, policies and mandates.

“With frequent changes to policies, standards, executive orders, recommendations and new security entities being stood up, it is only appropriate that the CIO Council, in coordination with the CISO Council, provide you with a handbook to clarify the cyber security standards,” said Cord Chase, former CISO for the Office of Personnel Management and current senior adviser to the National Background Investigations Bureau. “This handbook is for federal cybersecurity professionals and CISOs, but it is valuable for other professionals as well.”