Tuesday, June 11, 2013

CISOs Must Engage the Board About Information Security - CIO.com

CISOs Must Engage the Board About Information Security - CIO.com:

'via Blog this'

If you were a regular reader of the Security Recruiter Blog over the past 6 years, you would have at one time or another read most of the contents of this current CIO.com article.  

More specifically, on page 3 of this article, the author writes this:  


"At the "Prepare" stage, CISOs must determine what to say, how to say and to whom to say it."
Back in 2007, I wrote an article soon after working with a client in Hollywood, CA on a Converged CSO role.  After a couple of candidate interviews, I shared a conversation with my HR Director client in which Mike explained in very abstract terms what he thought his executive team wanted in a Converged CSO.

From that conversation, I came up with a skill set that I've shared in my blog and in the presence of ISACA and ISSA groups in live settings.  I don't have a label for the skill set but when I summarized what my client was saying, I said it this way.  



"Mike, you're asking me to deliver someone who knows what to say, when to say, how to say, to whom to say and when to say nothing skill set." 
Mike instantly told me I had nailed it.  To this day, as goofy as that skill set might sound when you first hear it spoken or when you first read it, I stand by my original analysis because the skill set applies as much today as it ever did.

Security professionals are generally very smart people.  Sometimes, they might even be the smartest people in the room.  However, that doesn't give security professionals a license to speak in techno-babble, a language that doesn't resonate with the business.

Security professionals who succeed at the highest levels learn to translate their technology message into risk based language that those in the business decision making audience can understand and take action on.

Jeff Snyder's SecurityRecruiter.com Security Recruiter Blog 719.686.8810

SecurityRecruiter.com's Security Recruiter Blog