Building The Language Bridge Between Security and the C-Suite

Assess your CX management
Rank your CX program maturity based on six key competencies.

Take the assessment   

If you had half an hour with a board member, and you wanted to get coaching from them about how to communicate with them about  security, what would you ask them?

In a few weeks’ time, I will have just that opportunity when I facilitate a panel with some prominent board directors.  Getting inside the mind of the C-suite in a relaxed environment is not an opportunity I have every day. These are the senior executives who generally support (or otherwise) our daily efforts of cyber safety. I feel that I want to understand them more than I do at the moment.

And I’m thrilled to have this opportunity in a relatively relaxed manner (if you call a panel discussion at a conference relaxed that is). This is important as it’s a very different conversation from the usual intense conversations that I usually have with these stakeholders.  We are often intensely discussing cyber security strategies, funding or an incident.

The topic of how to talk to and influence boards / executives / business on security has been a highly fashionable subject of discussion in security communities world over for years now. I myself have published reports and delivered presentations and roundtables on this very topic. As many security leaders of my vintage, I have also had to deliver presentations, artifacts and messages to these stakeholders. Whilst I’ve received some feedback on these presentations, I am just not sure that I have fully stopped to hear it from their perspective! How do they need me to work with them?

Personally, I want to know:

  • What do boards and executives themselves actually want to know and about security? Versus what WE security folk think they need to know?
  • How much detail would they need?
  • How do they prefer to receive this information ?
  • And perhaps more importantly, what do they not care about?
  • What do they want their relationship with their CISOs to be like? How often do they want to catch up for example?
  • What do they see as the most important cyber security initiative in their organisation at the moment? What has been the single best practice they’ve experienced?

I would love your views. Add any questions you’d want to ask and I will look forward to including some of the responses and learning in my future research.

Help me help all of us bridge that language gap!

Categories

Related Posts in Privacy, security & risk See All

https://go.forrester.com/blogs/feed/

Add a Comment