Communication is a vital skill for any leader at an organization, regardless of seniority. For security leaders, this goes double. Communicating clearly works on multiple levels. On the one hand, security leaders and CISOs must be able to communicate strategies clearly – instructions, incident response plans, and security policies. On the other, they must be able to communicate the importance of security and the value of having robust defenses to the C-level.
For CISOs and other security leaders, this latter skill is crucial but often overlooked or not prioritized. A new webinar: "How to ace your Infosec board deck," looks to shed light on both the importance of being able to communicate clearly with management, and key strategies to do so effectively. The webinar will feature a conversation with vCISO and Cybersecurity Consultant Dr. Eric Cole, as well as Norwest Venture Partners General Partner Dave Zilberman.
More so than just talking about the dollar value of a security policy, however, security leaders need to show the importance of processes, tasks, decisions, and how threats and other security risks impact the math.
From tactics to strategy
One of the biggest differences in communicating to a security team or organization and communicating with management is the scale on which decisions are judged. Most security leaders are focused on the tactical world – the day-to-day perspective required to effectively defend their organizations. This view focuses on the actual decisions made daily, the processes put in place, incident response plans, and the immediate impact of these tasks.
For security leaders, this is essential. Threats happen on an immediate basis, and leaders must be able to make decisions that directly deal with them. However, tactics is nothing without a more strategic view. Even the most detail-focused security leader has a plan for how the overall protection of their organization looks. This strategic view abstracts the minute aspects of security while focusing on the big picture.
Bridging the communication gap
Unlike security leaders who are immersed in their tasks day-to-day, boards and C-levels are more concerned with the strategic side. To communicate effectively the value of their work, CISOs must be able to translate the tasks, policies, decisions, and tactics they deploy into their broader impact on the organization.
This includes not only the work being done, but also the risks and threats that could create issues for an organization. Board members might be less concerned with the specifics of how their organization is being protected, and more about the impact these strategies are delivering.
The conversation will cover:
- How InfoSec Leaders can quickly move communications from the tactical to the strategic viewpoint. One of a security leader's crucial skills is the ability to convey complex cybersecurity tactics in a broader sense and place them in the context of their organization's successes.
- How to convert complex security realities into easily digestible and actionable insights. The best presentations don't focus on nitty gritty. Instead, they offer interpretations, insights, and valuable data about what they mean and how they affect an organization.
- How to leverage security knowledge to align cybersecurity priorities with business and commercial goals. It often seems like security and business success are diametric opposites, but that's not quite true. A good security deck can thread the needle to align cybersecurity goals and business strategies in a way that enhances both.
- How can security leaders provide a real, pragmatic answer to the question: "how secure are we?" At the end of the day, the board really cares about how secure an organization is, and less about how they get there. This means that security leaders must look at their efforts and provide a transparent and frank accounting of the risks and how well prepared they are to face them.
You can register for the webinar here.