Corporate security officers (CSOs), corporate information security officers (CISOs) and other cybersecurity executives often work directly with IT team members, who understand cybersecurity concepts and terminology. In these situations, communication can come naturally. However, cybersecurity executives must also present information to the board of directors. In this case, it can be challenging to successfully adjust one’s approach to communication. The following tips can help you prepare.
Coordinating with Other Executives
Boards are becoming increasingly aware of the importance of cybersecurity. As a result, more boards have begun requesting that CSOs and CISOs give presentations to board members. However, board members aren’t always receiving the information they are looking for, and this can reflect poorly on the cybersecurity department. To bridge the gap, it’s necessary for CISOs to reach out to other, non-cybersecurity executives who have more experience presenting to the board. Solicit recommendations and feedback. Find out what kinds of questions are likely to be forthcoming, what sort of information the board members want and how they prefer their information to be “packaged” or presented.
Knowing What the Board Members Want
It can be helpful to approach a presentation from the viewpoint of the board members. Boards of directors are generally concerned with the big picture. They want a concise assessment of the current status of the company’s cybersecurity framework. They want to know how their cybersecurity program needs to improve and which resources are required to make those improvements. Board members also want to know:
- Potential risks and liabilities
- Business effects or consequences of risks
- Comparison of the company’s cybersecurity program to those of their competitors’
- Whether past investments in cybersecurity have resulted in reductions in risk
Anticipating Difficult Questions
Even when a CSO or CISO has a solid grasp on the presentation, the questions can throw them off kilter. C-suite cybersecurity professionals tend to know their security frameworks cold, and so questions requesting detailed information shouldn’t be problematic. Often, the questions that seem the simplest are the ones that are most difficult to answer, such as “Is the company safe?” and “Is our security good?” These questions demand a “Yes” or “No” answer, but as any cybersecurity expert knows, the reality is far more complex. It’s best to avoid “Yes” or “No” answers and to instead give a response that honestly evaluates the reality of the security situation. Ideally, this response will also provide possible solutions for current challenges, enabling board members to understand the path forward.
Aligning with Company Goals
When cybersecurity executives are pitching a proposal to the board, it’s important to keep the focus on how that proposal aligns with the overall objectives of the company. CSOs and CISOs should brush up on the basics of the company’s strategies and goals before preparing their presentations. It’s also helpful to look for ways of highlighting the business value of proposals and past initiatives. Although an initiative may require an upfront investment, the board will appreciate knowing how that investment will translate to savings over time.
Working professionals who aspire to become executive-level cybersecurity specialists can earn a Master of Science in Cybersecurity online at Grand Canyon University. Acquire core competencies in risk management and security frameworks while developing your leadership abilities and communication skills. Our online master’s degree programs welcome Christian learners who are committed to academic excellence and professional advancement.
The views and opinions expressed in this article are those of the author’s and do not necessarily reflect the official policy or position of Grand Canyon University.