For A New Approach to Cyber Security Executive Education

Last January, Brown University launched a milestone “Executive Master in Cybersecurity”. The 16-months program aims at training a new generation of top security executives by offering professionals with a combination of on-campus as well as online, highly collaborative and interactive education modules. Experts from many different departments of the University were drawn into the program in order to provide students with a deep understanding of this multi-faceted issue – looking at InfoSec from a global, technical, human, and policy perspective.

This ambitious program stands out thanks to this interdisciplinary approach and is a much-needed step towards the shift Corix Partners has constantly been advocating for – that is, the realisation that InfoSec is not a merely technical challenge and should primarily be approached from a governance and management perspective.

The program’s motto says it best: “ Strategy is the best Security”.

The three main pillars of this program –  Technology, Law and Policy, and more importantly Human Factors - are reflective of such mindset.

Advanced technological knowledge is of course essential for any cybersecurity professional, and many universities are already doing a great job training technical experts in this field.

On the other hand, Law and Policy is perhaps that part of InfoSec that is the most salient to top executives and board members in all organisations. It is obvious that the regulatory environment surrounding cyber-protection and the sometimes disastrous legal consequences of undergoing a cyberattacks are very important as businesses dive into the digital era. However, this focus tends to lead organisations to approach InfoSec from a merely reactive, tick-in-the-box and compliance-oriented perspective that prevents them from effectively addressing the issue.

What is truly underestimated when it comes to true cybersecurity leadership is the last pillar - Human Factors. Your people indeed represents the biggest threat to the digital security of your organisation, and any successful InfoSec strategy must fully recognise and address this issue. Classes such as “Human Factors in Computer Security and Privacy” –  which aims at giving students a rich understanding of the complexity of human agents and draws from behavioural science, user interface and personal management – should allow future top executives of organisations to build innovative, much more resilient cybersecurity strategies.

It is good to see top universities finally addressing the critical cross-silo aspects of cybersecurity

And it should help a number of executives come to terms with the true dimension of the problem, looking beyond its mere technical dimension.

However, this kind of program is still mostly designed for CISO-level executives who rarely make it to the board room. The incorporation of InfoSec considerations into top executive MBA curriculums is the next crucial step that business schools must take in order to truly drive change at the top decision-making level. This is especially true as cyber security, data protection and privacy issues are quickly entering the realms of both CSR and corporate ethics. As of now, however, none of the world’s best-ranked MBA programs has yet decided to place enough emphasis on these emerging issues.

Corix Partners is a Boutique Management Consultancy Firm, focused on assisting CIOs and other C-level executives in resolving Cyber Security Strategy, Organisation & Governance challenges.

(Linkedin articles are written in collaboration with Vincent Viers)