If you had half an hour with a board member, and you wanted to get coaching from them about how to communicate with them about security, what would you ask them?
In a few weeks’ time, I will have just that opportunity when I facilitate a panel with some prominent board directors. Getting inside the mind of the C-suite in a relaxed environment is not an opportunity I have every day. These are the senior executives who generally support (or otherwise) our daily efforts of cyber safety. I feel that I want to understand them more than I do at the moment.
And I’m thrilled to have this opportunity in a relatively relaxed manner (if you call a panel discussion at a conference relaxed that is). This is important as it’s a very different conversation from the usual intense conversations that I usually have with these stakeholders. We are often intensely discussing cyber security strategies, funding or an incident.
The topic of how to talk to and influence boards / executives / business on security has been a highly fashionable subject of discussion in security communities world over for years now. I myself have published reports and delivered presentations and roundtables on this very topic. As many security leaders of my vintage, I have also had to deliver presentations, artifacts and messages to these stakeholders. Whilst I’ve received some feedback on these presentations, I am just not sure that I have fully stopped to hear it from their perspective! How do they need me to work with them?
Personally, I want to know:
- What do boards and executives themselves actually want to know and about security? Versus what WE security folk think they need to know?
- How much detail would they need?
- How do they prefer to receive this information ?
- And perhaps more importantly, what do they not care about?
- What do they want their relationship with their CISOs to be like? How often do they want to catch up for example?
- What do they see as the most important cyber security initiative in their organisation at the moment? What has been the single best practice they’ve experienced?
I would love your views. Add any questions you’d want to ask and I will look forward to including some of the responses and learning in my future research.
Help me help all of us bridge that language gap!
in Privacy, security & risk See All