Inner Circle

Being an effective CISO means being a skilled communicator, change agent, strategist and storyteller. It means making sure productive conversations around risk and security take place at every level – from the Board to individual contributors – and that each decision is backed with the right metrics. Whether it’s best practices for crisis communication or influencing the BOD, you’ll have the opportunity to share your approach with peers and unlock new ways to tell compelling, data-driven security stories.

Topic 1: Changing Communication

• What does the Board want to hear from CISOs? Metrics are important, but what should the message be?
• How do you tailor information and communication for different areas of the organization to tell a compelling story? How do you choose which KPIs/metrics to use?
• Cadence is critical – when do you share information, and how do you decide?

Topic 2: Better Information, Bigger Impact

• How are you measuring the effectiveness of employee-based communications, like phishing and security-awareness initiatives?
• What are your successes and challenges as you collaborate across the business to drive threat intelligence (real-time information gathering, following through on incident response plans)?
• What technologies are disrupting your workflow and/or organization? How are you talking about them with the Board and other stakeholders?

Topic 3: Trust and Alignment

• What’s helping you build trust between security and the greater organization?
• How is your team expected to respond to crises (ransomware, breaches, etc.)? How can we ensure the expectations of our teams align with the expectations of the business?
• What does it mean for you to be an effective influencer? Who should CISOs be influencing?