June 3, 2020 By Christophe Veltsos 3 min read

As organizations prepare for the remainder of 2020, cybersecurity leaders can use this opportunity to review their communication style and improve how they share key messages across the organization. Taking time to refine business communication can help those in security and technical leadership roles heighten the effectiveness of their messaging and ensure alignment with organizational priorities.

At a time when we’re limited in how we can interact, choosing the right medium and shaping the right message are key to delivering on security’s function: to enable and protect value creation. Communicating upward to the C-suite and the board, for example, is about demonstrating how cybersecurity brings value to the business. As such, security teams should redouble their efforts to align the mission and value of their department with shared business goals.

Set Your Sails

How cybersecurity leaders craft their messages can either help propel the organization through the winds of change or leave it stranded in the middle of an ocean. Crafting an effective message can be challenging in the best of circumstances, but answering some important questions can help you deliver a persuasive pitch.

What is the goal of the message? Why am I reaching out? Spending a few minutes to review one’s purpose in sending a message can help make the difference between a rant and a directive, a complaint and a warning.

What does success look like? Asking this simple question can help identify elements that may be missing from an important message, such as the intended result of this exchange or how you will measure whether the goal behind the message was achieved down the road.

There’s No Sailing Without a MAST

Without a solid “MAST,” there can be no venturing out, even into the bluest ocean. If the message is the sail that propels the organization forward, the MAST is there to help translate and support that propulsive force into a forward motion for the organization. Here’s a breakdown of the acronym.


Cybersecurity leaders can benefit greatly from considering whether they are choosing the right medium for their message and whether they are adapting the message to that medium well. Too many important messages are ignored because they are delivered as a poorly crafted or poorly narrated set of slides. In some cases, a series of messages delivered through more than one medium might need to be coordinated to achieve the desired effect. For example, a point raised in an introductory email might be followed by a more detailed plan-of-action report and brought home by a digestible presentation.


The best leaders acknowledge the importance of having allies throughout the organization. While you may have crafted the perfect message over a great medium, your communications might not land if you don’t have the support of key allies.

Who can you turn to ahead of time for feedback on this message? Try to seek out technical peers and organizational influencers whose interests are aligned with yours and who understand your target audience.


While the medium influences the message, the meeting space in which the message is delivered can also have a strong effect on how it is perceived. Is your message set to be delivered in person, in a meeting, over the phone, over email, during an interactive one-on-one session or in a large meeting?


As the saying goes, strike while the iron is hot. The timing of when your message is delivered can make or break your request. The most in-tune leaders ask themselves when is the best time to deliver their messaging. Some ideas may not be well received after some bad financial news or a reorg announcement, while other ideas may be key to securing people and assets during times of transition.

Align With Organizational Winds

Even with a great sail and a solid mast, your sailboat would just sit idle without another key element: the wind. As important as it is for cybersecurity leaders to craft a good message, get feedback, and determine the best time, space and medium to deliver it, organizational headwind is one of the most important considerations to take into account.

Because the purpose of security is to support value creation and value protection, security leaders must invest time, energy and influence into staying in-tune with organizational winds. To determine the extent that security efforts are aligned with organizational priorities, it’s important for the chief information security officer (CISO) to have their finger on the pulse of the business and to know and support the direction it has chosen.

Are there any recent high-level business updates or reports that provide critical insights to that end? Who are the cybersecurity leader’s key allies at your organization, and do they provide a good view into the business horizon of the organization as a whole?

While technologies and threats continue to evolve, security leaders must keep their eye on what the business needs to survive and thrive. Smooth sailing requires careful alignment and communication of the value that the security function brings to the entire organization.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today