And they have a lot to do. Managing the constant improvement of their system, making prioritization decisions, and making cases to the C-Suite for budget and priorities.

‍

One of the methods CISOs had been using to make these decisions was to poll their employees through a NIST-standardized list of questions across multiple components. The client wanted us to create a product that leveraged this standard.

‍

I designed a dashboard based UI that created an aggregated view of the status their improvements, with the ability to deep dive into areas for more context. KPIs at the top with goals and improvements provided quick understanding of their status. This allowed CISOs to: 

• manage the timing of the questionnaires
• see progress over time
• understand what initiatives to undertake to improve a certain component
• monitor those initiatives and actions
• quantify the impact of their efforts
  ‍

I also created a way for them to set goals and see their progress towards that goal. The goal could be set by them or be informed by companies from similar industries and sizes. This also allowed them to compare themselves against peers.

This work enabled the client to create a program they could sell as a managed software service to act as CISOs on demand, and provide a white-labeled solution to sell to enterprise customers.