As organizations prepare for the remainder of 2020, cybersecurity leaders can use this opportunity to review their communication style and improve how they share key messages across the organization. Taking time to refine business communication can help those in security and technical leadership roles heighten the effectiveness of their messaging and ensure alignment with organizational priorities.
At a time when we’re limited in how we can interact, choosing the right medium and shaping the right message are key to delivering on security’s function: to enable and protect value creation. Communicating upward to the C-suite and the board, for example, is about demonstrating how cybersecurity brings value to the business. As such, security teams should redouble their efforts to align the mission and value of their department with shared business goals.
Set Your Sails
How cybersecurity leaders craft their messages can either help propel the organization through the winds of change or leave it stranded in the middle of an ocean. Crafting an effective message can be challenging in the best of circumstances, but answering some important questions can help you deliver a persuasive pitch.
What is the goal of the message? Why am I reaching out? Spending a few minutes to review one’s purpose in sending a message can help make the difference between a rant and a directive, a complaint and a warning.
What does success look like? Asking this simple question can help identify elements that may be missing from an important message, such as the intended result of this exchange or how you will measure whether the goal behind the message was achieved down the road.
There’s No Sailing Without a MAST
Without a solid “MAST,” there can be no venturing out, even into the bluest ocean. If the message is the sail that propels the organization forward, the MAST is there to help translate and support that propulsive force into a forward motion for the organization. Here’s a breakdown of the acronym.
Cybersecurity leaders can benefit greatly from considering whether they are choosing the right medium for their message and whether they are adapting the message to that medium well. Too many important messages are ignored because they are delivered as a poorly crafted or poorly narrated set of slides. In some cases, a series of messages delivered through more than one medium might need to be coordinated to achieve the desired effect. For example, a point raised in an introductory email might be followed by a more detailed plan-of-action report and brought home by a digestible presentation.
The best leaders acknowledge the importance of having allies throughout the organization. While you may have crafted the perfect message over a great medium, your communications might not land if you don’t have the support of key allies.
Who can you turn to ahead of time for feedback on this message? Try to seek out technical peers and organizational influencers whose interests are aligned with yours and who understand your target audience.
While the medium influences the message, the meeting space in which the message is delivered can also have a strong effect on how it is perceived. Is your message set to be delivered in person, in a meeting, over the phone, over email, during an interactive one-on-one session or in a large meeting?
As the saying goes, strike while the iron is hot. The timing of when your message is delivered can make or break your request. The most in-tune leaders ask themselves when is the best time to deliver their messaging. Some ideas may not be well received after some bad financial news or a reorg announcement, while other ideas may be key to securing people and assets during times of transition.
Align With Organizational Winds
Even with a great sail and a solid mast, your sailboat would just sit idle without another key element: the wind. As important as it is for cybersecurity leaders to craft a good message, get feedback, and determine the best time, space and medium to deliver it, organizational headwind is one of the most important considerations to take into account.
Because the purpose of security is to support value creation and value protection, security leaders must invest time, energy and influence into staying in-tune with organizational winds. To determine the extent that security efforts are aligned with organizational priorities, it’s important for the chief information security officer (CISO) to have their finger on the pulse of the business and to know and support the direction it has chosen.
Are there any recent high-level business updates or reports that provide critical insights to that end? Who are the cybersecurity leader’s key allies at your organization, and do they provide a good view into the business horizon of the organization as a whole?
While technologies and threats continue to evolve, security leaders must keep their eye on what the business needs to survive and thrive. Smooth sailing requires careful alignment and communication of the value that the security function brings to the entire organization.
InfoSec, Risk, and Privacy Strategist - Minnesota State University, Mankato
Chris Veltsos is a professor in the Department of Computer Information Science at Minnesota State University, Mankato where he regularly teaches Information ...