Navigator - Curriculum | ISTARI

Curriculum

Elevating cyber leaders into transformative business leaders

What you will learn

The unique curriculum covers organisational and leadership development topics based on ISTARI’s proprietary framework for building cyber resilient-by-routine organisations and advanced by the University of Cambridge academics.

Through Navigator, we explore what it takes to forge the path to cyber resilience — now and in the future. We provide an environment where you can contribute freely and learn directly from peers, all to delve into the learnings from real-life cyber scenarios and advance the field toward increased resilience.

The Resilience-by-Routine Model

Designed in partnership with the University of Oxford Said Business School, our Resilience-by-Routine Model is a conceptual framework that global leaders can use to understand how to build resilience within their organisations.

Primary Activities

Arrow
Cap
ResiliancebyRoutine2
ResiliancebyRoutineMob
Develop - Navigator Icons

Develop

The skills required to lead the organisational transition from cyber security to cyber resilience.

Design - Navigator Icons

Design

Your organisation’s resilience journey using a proprietary framework.

Deliver - Navigator Icons

Deliver

Your strategy with effective communication and influence skills.

A curriculum designed to accelerate

Day 1 - Afternoon

Converging Risks in a Fragmented World Order
Dr. Melanie Garson, ISTARI

“Technology and geopolitical expertise increasingly need to be in the boardroom. Pro-activity on this front will place boards in a strong position to steer their ships in an increasingly interconnected and rapidly changing global landscape.”

Tobias Feakin, Former Ambassador for Cyber Affairs, Australia

Today’s expanding technology environments expose organizations to geopolitical risk at every layer—from critical infrastructure to supply chain partners. In this session, we will map the evolving threat landscape, where opportunistic attackers, state-sponsored actors, and hacktivists increasingly target corporate vulnerabilities to create disruption. Participants will gain strategies for strengthening resilience: visualising risk across interconnected systems, anticipating periods of heightened geopolitical tension, and protecting critical operations against emerging threats.

 

Day 1 - Afternoon

Surviving a Ransomware Attack
Jo De Vliegher & Jason Mallinder, ISTARI

“A cyberattack can hit all departments globally within minutes, even seconds. Not many other crises have that same immediate impact.”

Jo De Vliegher, Client Partner at ISTARI and former CIO at Norsk Hydro

“It’s not if, but when.” In today’s interconnected world, cyberattacks can cripple global operations within minutes, leaving organisations facing operational paralysis, financial loss, reputational fallout, and strategic risk. In this session, Jo De Vliegher—Client Partner at ISTARI and former CIO of Norsk Hydro—shares firsthand lessons from one of the most significant ransomware attacks in industrial history. When Norsk Hydro’s 22,000 computers across 170 sites were disabled almost instantly, Jo and his teams were forced to navigate a high-stakes recovery under extreme pressure. Through direct testimony and practical insights, participants will explore what it takes to lead through a cyber crisis, protect critical operations, and prepare their organisations for the realities of large-scale digital disruption.

 

 

Day 2 - Morning

Resilience of the Enterprise
Professor Danny Ralph

“The resilient resists shocks and stays the same; the antifragile gets better.”

Nassim Nicholas Taleb, Author, Antifragile

 

Even well-prepared organisations and governments struggle to imagine — let alone prepare for — large-scale, systemic events. This session asks a pressing question: How can leaders navigate unpredictable crises? Through interactive discussion, peer exchange, and scenario-based group work, participants will explore what securing organisational resilience means, how to test it, and how to strengthen it for the future. We will examine contagion effects to identify the cascading impacts of systemic crises, apply a taxonomy of business risks to reveal organisational blind spots, and use comparative scenario analysis to assess resilience and pinpoint vulnerabilities across ecosystems. Participants will leave with practical tools to embed foresight into their risk management practices, build adaptive capacity, and position their organisations to withstand — and even thrive in — the unexpected.

Day 2 - Afternoon

Crafting a Cyber Resilience Strategy
Dr. Manuel Hepfer, University of Oxford & ISTARI

“Then, in 72 words, I laid out the strategy, which was essentially to be the conduit of capital between those who have it and those who need it. That’s our job. Then we took a poll, and the result was that 98 percent understood and agreed with the strategy. Clarity of message is key.”

James Gorman, CEO Of Morgan Stanley, 2019

Can you summarise your company’s cyber resilience strategy in 35 words or less? If so, would your colleagues put it the same way? Very few executives can answer these simple questions in the affirmative. The companies that those executives work for are often the most successful in their industry. This session is dedicated to the art of understanding and crafting a cyber resilience strategy, then communicating it effectively.

Day 3 - Morning

Rethinking Cyber Risk Management
David White, Axio

“We will bankrupt ourselves in the vain search for absolute security.”

Dwight D. Eisenhower, 34th President of The United States, 1961

Managing cyber risk within organisations is a major, costly leadership challenge. Building and maintaining cybersecurity capability is expensive and the return on investment is often uncertain. This session focuses on expanding cyber leaders’ understanding of key issues in their cybersecurity strategy and aligning this strategy with the organisation’s broader corporate governance and enterprise risk management practices and capabilities.

Day 3 - Afternoon

How to Prevent a Crisis Becoming a Catastrophe
Dr. Simon Learmount, Cambridge Judge Business School

“Uber, the world’s largest taxi company, owns no vehicles.Facebook, the world’s most popular media owner, creates no content. Alibaba, the most valuable retailer, has no inventory. And Airbnb, the world’s largest accommodation provider, owns no real estate. Something interesting is happening.”

Tom Goodwin, Tech Crunch

This module is a specially designed business school case study for the Navigator programme. Focusing on Uber, it explores the strategic and disruptive forces that enabled it to become one of the world’s most well-known companies. However, it also has had organisational and management challenges along the way, which has at times led towards major governance and culture issues, including its former CSO, Joe Sullivan, being prosecuted by US authorities. Accordingly, effective cyber crisis management requires the full scope of the entire company, from individuals up to the C-suite, as management of the crisis impact may last well beyond the time required to mitigate the technical incident. This session focuses on those business processes.

Day 4 - Morning

Navigating Uncertainty and Instability in Organisational Leadership
Professor Jennifer Howard-Grenville, Cambridge Judge Business School

“Ultimately, being a CISO in times of crisis requires a mix of strong decision-making, clear communication, and a focus on both the technical and human elements of leadership. It’s about guiding the team through challenging situations while ensuring they feel supported and confident in your direction.”

Tim Brown, CIO, Solar Winds

Today’s CISOs must lead at the edge of predictability— where volatility, ambiguity, and complexity converge. This session equips participants with advanced frameworks from systems thinking, culture theory, and leadership research to navigate the unknown with clarity and confidence. Through interactive exercises and peer dialogue, participants will explore how uncertainty shapes organisational behaviour, and how to respond with resilience and purpose. Drawing on the concept of liminal leadership, we will examine how to maintain agency when traditional playbooks no longer apply. Participants will leave with practical tools for sensemaking, shared leadership, and building collective direction during times of flux—embracing the CISO’s evolving role as an adaptive leader in a world of continual transformation.

Day 4 - Afternoon

When Billions Vanish: The World’s Largest Documented Heist
Guy Segal, SVP Corporate Development & Yonatan Lipschitz, Director Client Leadership EMEA, Sygnia

“Every transaction is recorded on the blockchain forever. That makes it both the best and the worst place to commit a crime.”

Michael Gronager, CEO, Chainalysis

This session is an interactive deep-dive into one of the largest crypto heists in history. Learn how attackers stole over $1.5 billion from Bybit through a highly sophisticated supply-chain attack, and how Sygnia’s investigation exposed the tactics of the notorious Lazarus Group. Beyond the forensic story, this session will uncover vital lessons on navigating and communicating during a cyber crisis, offering practical insights you can apply in your own organisation. You will gain real-world knowledge to transform your cybersecurity readiness.

Day 4 - Afternoon

AI Mastery for CISO’s
Alan Bodnar, Murali Aiyer, & Dr. Melanie Garson, ISTARI

“AI is neither good nor evil. It’s a tool. Just like fire. Fire kept us warm, cooked our food, and burned down our houses.”

Oren Etzioni, CEO, Allen Institute for AI

This workshop is designed to equip senior cyber leaders with the knowledge and strategies to effectively navigate the complexities of AI. Participants will explore the dual nature of AI as both a powerful tool and a significant security risk. We will cover how to leverage AI for enhancing security operations, including threat detection and incident response, while simultaneously developing robust frameworks to mitigate the unique vulnerabilities introduced by AI systems. We will discuss governance models, policy creation, and the importance of a human approach to ensure responsible and secure AI adoption. Attendees will leave with a practical understanding for integrating AI securely into their organisations.

Day 5 - Morning

Through the Fog: Navigating a Cyber Crisis
Dr. Lucas Kello, University of Oxford & ISTARI

“It is easy to dismiss all communications as ‘spin’. But, in a crisis, communication really matters. It must be embedded in strategy.”

Alastair Campbell, Director of Communications and Strategy for Prime Minister Tony Blair

Get to the heart of a fast-moving cyber crisis where technical escalation meets political complexity. In this immersive tabletop exercise, participants will navigate the strategic, legal, regulatory, and ethical challenges triggered by a high-impact cyberattack of uncertain origin. Designed to mirror the realities of modern crises, this simulation tests leadership judgment, decision-making under pressure, and cross-functional coordination. Participants will rehearse how to respond when every move carries operational, reputational, and geopolitical consequences.

Day 5 - Morning

Putting Your Cyber Resilience Strategy into Action
Dr. Simon Learmount Cambridge Judge Business School

“Thinking is easy, acting is difficult, and to put one’s thoughts into action is the most difficult thing in the world.”

Johann Wolfgang von Goethe

The final session culminates all the knowledge and skills gained throughout the programme. It provides a toolkit that can empower cyber executives to put their learning into action within their respective companies. This session serves as a platform for participants to share their strategic thinking, leadership abilities and new-found expertise and how as a cohort they can continue their journey as a community of peers.