Now That Security Leaders Have Been Invited Into the Boardroom, What Do They Say?

This means demonstrating the financial, operational, and reputational benefits of investing in cybersecurity, making the case for cybersecurity as an integral part of your company's risk management strategy.

Don’t waste your executive leadership team’s time. They usually want to know if you need them to act, so don’t be shy—include a call to action. In my experience, you will be more successful if you have built a trusted relationship and keep cybersecurity simple and understandable for them.

Get your business units to pull help from security and not have security keep pushing improvements on them. The main thing is for the CEO to not just provide support and resources for the CISO but to actually change the dynamic by regularly expecting each business line executive or functional leader to be able to articulate at some appropriate leve

I had a client whose maturity scores didn’t improve over a 3-year period. If data was all that was presented this could easily be interpreted as a failure of progress. But when they focused the narrative around the successful integration of the multiple acquisitions they had over the past few years, the focus shifted to the successful expansion of

The simpler you can convey it, the better. Too often, cybersecurity professionals get mired in technical jargon only to lose their audience. “Be clear, unambiguous, and direct,” Noaman advises. “If you’re up front and say exactly what you need to do and put in terms of the why, you don’t have to explain the technical things, because now everyone ge