Building The Language Bridge Between Security and the C-Suite

Assess your CX management
Rank your CX program maturity based on six key competencies.

Take the assessment   

If you had half an hour with a board member, and you wanted to get coaching from them about how to communicate with them about  security, what would you ask them?

In a few weeks’ time, I will have just that opportunity when I facilitate a panel with some prominent board directors.  Getting inside the mind of the C-suite in a relaxed environment is not an opportunity I have every day. These are the senior executives who generally support (or otherwise) our daily efforts of cyber safety. I feel that I want to understand them more than I do at the moment.

And I’m thrilled to have this opportunity in a relatively relaxed manner (if you call a panel discussion at a conference relaxed that is). This is important as it’s a very different conversation from the usual intense conversations that I usually have with these stakeholders.  We are often intensely discussing cyber security strategies, funding or an incident.

The topic of how to talk to and influence boards / executives / business on security has been a highly fashionable subject of discussion in security communities world over for years now. I myself have published reports and delivered presentations and roundtables on this very topic. As many security leaders of my vintage, I have also had to deliver presentations, artifacts and messages to these stakeholders. Whilst I’ve received some feedback on these presentations, I am just not sure that I have fully stopped to hear it from their perspective! How do they need me to work with them?

Personally, I want to know:

  • What do boards and executives themselves actually want to know and about security? Versus what WE security folk think they need to know?
  • How much detail would they need?
  • How do they prefer to receive this information ?
  • And perhaps more importantly, what do they not care about?
  • What do they want their relationship with their CISOs to be like? How often do they want to catch up for example?
  • What do they see as the most important cyber security initiative in their organisation at the moment? What has been the single best practice they’ve experienced?

I would love your views. Add any questions you’d want to ask and I will look forward to including some of the responses and learning in my future research.

Help me help all of us bridge that language gap!

in Privacy, security & risk See All