{
  "schema": "modernciso.operating_model.v1",
  "updated_utc": "2026-02-10T18:38:29.805Z",
  "identity": {
    "name": "Mantas Marcinkevicius",
    "role": "CISO",
    "email": "mantas@modernciso.io",
    "linkedin": "https://www.linkedin.com/in/cybermantis/",
    "site": "https://modernciso.io/"
  },
  "positioning": {
    "headline": "Security leadership that ships.",
    "short": "Outcomes over optics. Evidence by default. Decision-grade risk.",
    "focus": [
      "identity",
      "resilience",
      "assurance automation",
      "email security",
      "AI governance"
    ]
  },
  "recognition": [
    {
      "title": "Infosecurity Europe speaker",
      "year": 2025,
      "note": "Deep Dive Stage"
    },
    {
      "title": "IT Leaders 100",
      "year": 2025,
      "note": "UK recognition"
    },
    {
      "title": "Top 100 CISO (Computing)",
      "year": 2024,
      "note": "Industry visibility"
    }
  ],
  "operating_principles": [
    {
      "principle": "Outcomes over optics",
      "meaning": "Security that survives audit and incident beats slideware."
    },
    {
      "principle": "Evidence by default",
      "meaning": "Automate assurance so we stop debating and start delivering."
    },
    {
      "principle": "Reduce blast radius first",
      "meaning": "Identity and access controls buy time in every scenario."
    },
    {
      "principle": "Decision-grade risk",
      "meaning": "Execs need options, owners, dates, and trade-offs."
    },
    {
      "principle": "Design for change",
      "meaning": "Growth, M&A, regulation. Build controls that adapt."
    }
  ],
  "plan_30_60_90": {
    "days_0_30": {
      "outcomes": [
        "Executive-aligned threat and risk narrative (what matters, why, and cost of inaction)",
        "Critical services mapped to top attack paths",
        "Minimum security baseline defined (identity, cloud, endpoints, vendors)"
      ],
      "deliverables": [
        "Board-ready risk dashboard with owners and dates",
        "Incident readiness check: comms, backup reality, logging, response runbooks",
        "Identity quick wins: privileged access review, MFA gaps, high-risk apps"
      ]
    },
    "days_31_60": {
      "outcomes": [
        "Controls implemented on highest-risk paths (identity and email first)",
        "Assurance pipeline started (automated evidence for key controls)",
        "Security cadence established with exec sponsors"
      ],
      "deliverables": [
        "Email + identity uplift roadmap with milestones",
        "Third-party risk triage for crown-jewel suppliers and SaaS",
        "Detection tuning: signal over noise, tied to scenarios"
      ]
    },
    "days_61_90": {
      "outcomes": [
        "Resilience uplift with tested recovery paths",
        "Security embedded into delivery lifecycle, not bolted on",
        "Investment case for next 2 quarters with ROI framing"
      ],
      "deliverables": [
        "Tabletop exercise + remediation actions closed",
        "Assurance automation expanded: access reviews, logging, vendor controls",
        "Quarterly board pack: risk movement, decisions needed, progress vs plan"
      ]
    }
  },
  "metrics": {
    "north_star": [
      {
        "metric": "time to contain",
        "intent": "reduce materially quarter-on-quarter"
      },
      {
        "metric": "recovery confidence",
        "intent": "tested restores for critical services"
      },
      {
        "metric": "identity risk",
        "intent": "privileged access minimised + monitored"
      }
    ],
    "delivery_discipline": [
      {
        "metric": "top risks with owners",
        "intent": "100% owned, dated, tracked"
      },
      {
        "metric": "assurance automation coverage",
        "intent": "expand monthly"
      },
      {
        "metric": "audit readiness",
        "intent": "evidence available on demand"
      }
    ]
  }
}