External risk assessments and reviews are performed frequently to meet compliance and regulatory requirements but are seldom put to effective use in guiding security program implementation or strategy. To get the most out of your next cybersecurity risk assessment, the assessment, assessment team, and assessment results must be tuned to organizational needs. In this session, we will discuss how to leverage external cybersecurity assessments to support the growth and maturity of the organization's security program. We will cover the creation of an assessment strategy, how to budget, scope and contract an effective cybersecurity risk assessment, how to integrate the assessment findings into an enterprise risk management strategy, and how to recognize and demand key competencies in your external cybersecurity assessment provider.