Recently I have found myself thinking more and more about the struggle of getting the cybersecurity message to the people that can make a difference in an organization. The obvious answer is the CEO of course. No one is more engaged in the success nor more blamed for the failure than the CEO. During a recent dinner with a friend of mine in the cybersecurity arena we found our conversation trailing off into the subject of CEO’s and how to best get the information across to them. “Gary, the problem is where the message is coming from.
[Cyberhub Summit is Coming back to Atlanta, Ga | October 9-10, 2018 - Cyber Security education for executives and business owners and Powerful Networking. | Get the latest from Cyberhub Summit by signing up for their newsletters. ]
This information needs to come from within, not a sales person from the outside. It’s best if the CISO can bring this to the CEO as they should have the right relationship. Here’s the problem, in many cases the CEO doesn’t understand the role of the CISO, and that’s assuming he even has one to begin with. Often times the CISO’s that are in place are not trained in how to most effectively communicate their needs to the CEO”. Understanding this, the question now becomes how to fix the delivery system to get results.
As providers of cybersecurity education, products and services it is up to us to not only help them build a case for what they need but to also help them deliver it in an effective manner. This isn’t about sales, and it can’t be about padding our own pockets. If our goal as an industry is to help keep companies and organizations safe from cyber threats, then it’s up to us to be good stewards of security and how it is managed. So, the next time you are preparing to work with a new organization or entity, take a minute and ask yourself one simple question: Are you building a case for the CISO?