June 3, 2020 By Christophe Veltsos 3 min read

As organizations prepare for the remainder of 2020, cybersecurity leaders can use this opportunity to review their communication style and improve how they share key messages across the organization. Taking time to refine business communication can help those in security and technical leadership roles heighten the effectiveness of their messaging and ensure alignment with organizational priorities.

At a time when we’re limited in how we can interact, choosing the right medium and shaping the right message are key to delivering on security’s function: to enable and protect value creation. Communicating upward to the C-suite and the board, for example, is about demonstrating how cybersecurity brings value to the business. As such, security teams should redouble their efforts to align the mission and value of their department with shared business goals.

Set Your Sails

How cybersecurity leaders craft their messages can either help propel the organization through the winds of change or leave it stranded in the middle of an ocean. Crafting an effective message can be challenging in the best of circumstances, but answering some important questions can help you deliver a persuasive pitch.

What is the goal of the message? Why am I reaching out? Spending a few minutes to review one’s purpose in sending a message can help make the difference between a rant and a directive, a complaint and a warning.

What does success look like? Asking this simple question can help identify elements that may be missing from an important message, such as the intended result of this exchange or how you will measure whether the goal behind the message was achieved down the road.

There’s No Sailing Without a MAST

Without a solid “MAST,” there can be no venturing out, even into the bluest ocean. If the message is the sail that propels the organization forward, the MAST is there to help translate and support that propulsive force into a forward motion for the organization. Here’s a breakdown of the acronym.

Medium

Cybersecurity leaders can benefit greatly from considering whether they are choosing the right medium for their message and whether they are adapting the message to that medium well. Too many important messages are ignored because they are delivered as a poorly crafted or poorly narrated set of slides. In some cases, a series of messages delivered through more than one medium might need to be coordinated to achieve the desired effect. For example, a point raised in an introductory email might be followed by a more detailed plan-of-action report and brought home by a digestible presentation.

Allies

The best leaders acknowledge the importance of having allies throughout the organization. While you may have crafted the perfect message over a great medium, your communications might not land if you don’t have the support of key allies.

Who can you turn to ahead of time for feedback on this message? Try to seek out technical peers and organizational influencers whose interests are aligned with yours and who understand your target audience.

Space

While the medium influences the message, the meeting space in which the message is delivered can also have a strong effect on how it is perceived. Is your message set to be delivered in person, in a meeting, over the phone, over email, during an interactive one-on-one session or in a large meeting?

Time

As the saying goes, strike while the iron is hot. The timing of when your message is delivered can make or break your request. The most in-tune leaders ask themselves when is the best time to deliver their messaging. Some ideas may not be well received after some bad financial news or a reorg announcement, while other ideas may be key to securing people and assets during times of transition.

Align With Organizational Winds

Even with a great sail and a solid mast, your sailboat would just sit idle without another key element: the wind. As important as it is for cybersecurity leaders to craft a good message, get feedback, and determine the best time, space and medium to deliver it, organizational headwind is one of the most important considerations to take into account.

Because the purpose of security is to support value creation and value protection, security leaders must invest time, energy and influence into staying in-tune with organizational winds. To determine the extent that security efforts are aligned with organizational priorities, it’s important for the chief information security officer (CISO) to have their finger on the pulse of the business and to know and support the direction it has chosen.

Are there any recent high-level business updates or reports that provide critical insights to that end? Who are the cybersecurity leader’s key allies at your organization, and do they provide a good view into the business horizon of the organization as a whole?

While technologies and threats continue to evolve, security leaders must keep their eye on what the business needs to survive and thrive. Smooth sailing requires careful alignment and communication of the value that the security function brings to the entire organization.

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today