Study Options
Course Listings
MSIT 442: Cybersecurity Leadership



This course provides insights into leading an enterprise information security/cybersecurity program from the perspective of a Chief Information Security Officer (CISO), CIO, CTO, and senior or middle-management leader. This innovative program applies the time-tested McKinsey 7-S organizational effectiveness framework (strategy, structure, systems, style, staff, skills, shared values) to cybersecurity leadership. Using practical experience and relevant current cybersecurity issues, the topics addressed include developing a cybersecurity strategy, emerging technologies and trends, organizational structure and reporting models, leveraging incidents, security control frameworks, risk management, laws, data protection and privacy, policies and procedures, multigenerational workforce dynamics and reporting to the Board of Directors. Students would benefit from taking the MSIT 441 Risk Management Course in the first 5 weeks, and this course in the second. While not pre-requisites, they are complimentary and leverage the same textbook.

REQUIRED TEXT:  “CISO Compass Navigating Cybersecurity Leadership Challenges with Insights from Pioneers” by Todd Fitzgerald.

COURSE GOALS:  To develop an understanding of enterprise cybersecurity leadership issues, concerns and areas which if not addressed will compromise the ability to protect an organization’s information assets. Students will gain a broad understanding of various approaches to providing leadership to the information security program

COURSE OBJECTIVES: As a result of this course students will be able to:

  1. Develop an understanding of cybersecurity leadership concepts;
  2. Understand the cybersecurity role of the C-Level Executives, senior/middle management, and the Board of Directors;
  3. Relate existing and emerging cybersecurity and privacy laws to information protection;
  4. Utilize a holistic approach (7S model applied to cybersecurity leadership) to reviewing an information security program;
  5. Develop organizational structures, reporting models, control frameworks, and policies/procedures to implement an information security program to reduce risk.
  6. Communicate causes of significant recent breaches and develop mitigating controls and solutions to reduce the likelihood and impact of a breach.
  7. Enhance presentation capabilities.


Week 1: CISO Roadmap and Strategy.
Week 2: Structure & Systems.
Week 3: (Systems) and 6 (Staff).
Week 4: (Shared Values) , Section 7 (Skills).
Week 5: Styles.

TEACHING METHODS: Classes will be comprised of lectures, interactive classroom, group discussions, a mid-term exam (essay), and a final paper and supporting presentation.

GENERAL INFORMATION ABOUT THE CLASS: Homework will be assigned according to the schedule in section VIII.

  • Required Reading and Homework: Weekly reading from the text and other sources will be provided on CANVAS in advance.
  • CISO Reflection Exercises. Students will be assigned to groups, and each person will participate in the preparation of the “CISO Reflection Exercises” provided in weeks 1 and 2 of the course, to be presented to the rest of the group in weeks 2-3.
  • Mid-Term. The mid-term exam will be a take-home exam and will consist of seven essay questions and each student will select four of six questions to answer, each accounting for 25% of the mid-term exam grade. All deliverables will be sent though CANVAS to the instructor prior to the due date. Grading is based on ability to apply the concepts taught in class, and overall performance.
  • Final Presentation Preparation. The final deliverable will consist of a 1200-word, paper (+- no more than 100 words, 12pt font), including a 1-page Executive Summary delivered electronically via CANVAS prior to the start of the final class. The student assumes the role of the Chief Information Security Officer (CISO) and prepares a presentation to a Board of Directors to solve a cybersecurity-related business issue based upon a real or hypothetical business problem they are facing. The student will have some time in class to discuss their business problem with others. The student is expected to apply critical thinking to several of the “7S Model Applied to Cybersecurity Leadership” concepts discussed in the reading and the course. The other students will assume the role of the ‘Board’ during the presentation and ask probing questions of the student (CISO).
  • Final Presentation Delivery: Each student will deliver the presentation orally and individually based upon the paper prepared. The presentation will consist of no more than 3 slides to the Board of Directors and/or Senior Management team, which will be comprised of the other students. The 7–10-minute presentation will be graded based on how well the student communicates the cybersecurity business issue to,  (Delivery), applies critical thinking to providing a realistic scenario and actions to take (Content) and provides an understanding of addressing one or more of the 7S Cybersecurity Leadership areas (Strategy, structure, systems, staff, skills, style, shared values).  The other students will assume the role of the ‘Board’ during the presentation and ask probing questions of the student (CISO).

GRADING CRITERIA: Your final grade will be based upon the following:

  • CISO Reflections Discussions and Value-added - Class Participation: 20%
  • Take Home Mid-Term Exam: 40% 
  • Paper and Presentation of Board of directors Case Study: 40%

Faculty Profile

Todd Fitzgerald