CISOs: Leave the Jargon Out to Bridge the Cybersecurity Communications Gap

There’s a serious gap in communication skills between cybersecurity pros and their general audiences, and it’s essential for Chief Information Security Officers (CISO) and their teams to bridge it. Increasingly complex security threats demand that cybersecurity professionals use plain language with those less familiar with tech talk. This requires an uncommon approach: Design stakeholder-centric cybersecurity solutions.

Recently, in my keynote address to the 2019 ISEC Infosecurity conference in Mexico City, I shared my take on solution design for cybersecurity. I started my talk with the Fourth Industrial Revolution (4IR), which involves an increasingly complex matrix of technologies from cloud computing and mobile apps to IoT devices and robotics. The opportunities 4IR presents are almost boundless, but so are the cyber threats it faces. Data breaches, data ransom plots, and email hacks intimidate us all. Cybersecurity teams themselves feel hard-pressed enough to prepare themselves for the onslaught of these gremlins, let alone to accomplish the challenging task of communicating to stakeholders about how to mitigate and deal with cybersec risks.

I shared that organizations across the globe are aware of the ever-increasing level of threat, but according to their self-reports, few of them are prepared to deal with it. Of the 9,500 leaders in 122 countries who replied to PwC’s 2018 Global State of Information Security® Survey:

  • 44% did not have an overall information security strategy.
  • 48% lacked an employee security awareness training program.
  • 54% had no incident-response process.

To protect against potential cyber threats, it is high priority to design sustainable cybersecurity strategies. Key to this is hiring experts who have not only tech skills, but also the skills to comfortably interact socially and clearly communicate in lay terms.

Dawson and Thomson’s The Future Cybersecurity Workforce: Going Beyond Technical Skills for Successful Performance, (Frontiers in Psychology, June 2018) shows that successful cybersec teams have:

  • Social communication skills required to convey technical information in training co-workers and partners on the latest vulnerabilities. Engaging and motivating them to comply with policies is key to success.
  • Unflagging enthusiasm for continual learning. As cyber threats are multiplying and mutating endlessly these days, this quality is essential for sustained drive.

Note that these characteristics of successful teams are those of their members – that success depends just as much on people as it does on technology. This point is brought home by the World Economic Forum Future of Jobs Report, which identifies 3 must-have skills that employees and leadership should have to maximally benefit their organizations:

  • Complex problem-solving
  • Critical thinking
  • Coordinating, cooperating, and communicating with others

These are the qualities that enable ongoing stakeholder engagement, which means mapping, connecting with, and listening to everyone impacted regularly. They are crucial to designing and implementing sustainable solutions.

Cybersec teams can be trained to become solution designers who can connect the dots. They can then capture, clarify, and address all stakeholders’ concerns, helping them to determine and keep their goals aligned. Such cybersec pros enable success by listening to everyone involved before sharing their own viewpoints.

Our book, From Problem-Solving to Solution Design, explains our I.D.E.A.S. framework (Identify-Design-Engage-Act-Sustain) to empower managers with proven techniques to tackle problems like the one of clearly communicating cybersecurity information. The book’s stakeholder mapping templates, tips on creating effective communication plans, and case studies of employing solution design help organizations create and maintain robust cybersecurity solutions.

Find out more about sustainable cybersecurity solution design and schedule a consultation at embedded-knowledge.com. J. Eduardo and Erica bring years of experience and expertise to designing solutions for complex business problems and managing large projects involving multi-disciplinary and cross-cultural teams.

For more information about how to differentiate your tasks and problems, explore embedded-knowledge.com


Originally posted at ForbesBooks.com

J. Eduardo Campos, EMPA CISSP CPP (He/Him)

Board Member | Author | Executive Coach | Advisor
Talks about #ciso, #cybersecurity, #executivecoaching, #leadershipdevelopment, and #artificialintelligence