I’m thrilled to share that I’ve recently earned the GIAC Strategic Planning, Policy, and Leadership (GSTRT) certification- a milestone that validates my ability to architect and sustain cybersecurity programs with a sharp focus on business value and executive alignment.
Deepened business and threat analysis
Preparing for GSTRT immersed me in frameworks for understanding an organisation’s history, values, and culture,and how these factors drive risk and opportunity. Building on my MBA skills, I also applied threat analysis techniques to make cyber security strategies more relevant to the organisation,
Strategic planning and business case development
I learned to perform gap analyses, develop prioritised roadmaps and build compelling business cases backed by meaningful metrics. These exercises taught me not only what to do, but how to present funding requests and program roadmaps so they resonate with both technical teams and the board.
Policy lifecycle mastery and information security mastery
I developed a comprehensive approach to information security governance – establishing the structures, processes and metrics that ensure policies are not only well‑crafted but actually drive measurable security outcomes. This governance‑centric approach allows me to embed them into the organisation’s fabric – driving compliance, reducing risk and demonstrating clear business value over time.
Elevated leadership and ommunication
GSTRT emphasises that modern CISOs must be as adept at leading change and active listening as they are at technical design. Through modules on situational leadership, delegation and challenging conversations, I sharpened my ability to inspire teams, remove obstacles and drive organisational change.
Applying GSTRT in my CISO role
Armed with these skills, I’m positioned to:
- Align security strategy with corporate objectives, ensuring every initiative supports revenue growth, innovation or risk reduction.
- Engage and influence key stakeholders, from engineering to the C‑suite, by speaking their language and demonstrating ROI.
- Build robust, metrics‑driven security programs, complete with roadmaps, policies, and governance frameworks that adapt as threats evolve.
- Lead and mentor high‑performing teams, using servant‑leadership principles to foster trust, accountability and continuous learning.
Achieving GSTRT wasn’t just about passing an exam – it was about adopting a strategic mindset that bridges cybersecurity and business leadership. I look forward to leveraging these tools to drive resilient, forward‑looking security programs that accelerate our organisation’s success.
Cyber Security Leadership 