For years, CISOs have tried to get on the Board’s meeting agenda.
Now that they are on the agenda, many have struggled to understand the structure and brevity of their cybersecurity presentation slot within a Board meeting and what is typically valued and actionable from a Board’s perspective.
In this video, Ashley Ferguson, Global Director of SecureWorks Executive Advisory Services covers how SecureWorks Executive and Board Cybersecurity Briefing is intended to help CISOs and Security Leadership deliver a concise and risk driven presentation based on a number of factors, inputs and questions including:
- The background of the audience and their goals
- The security acumen of the audience
- Alignment with what the business is trying to accomplish
- Tying cybersecurity initiatives to business and Board initiatives
- Integration of the latest industry intelligence
- Comparison to peers in the same industry
For years CISOs have been wanting to get the opportunity to get the board’s attention, to get on the agenda for a board meeting. I think what a lot of CISOs haven’t realized is the true structure of a board meeting. And so they may have their initial meeting where they’ve talked about what they do with their program and they get in and they don’t realize the brevity of the time that they have and the type of environment they come into.
We’ve seen everything from questions around their personal cybersecurity to very specific incidents in the media, recognizing that you might only have 5 minutes. We try to prepare a lot of these CISOs to understand that even though they may prepare a big slide presentation, or want to talk about technical details, what the board is really interested in is the risk and association with the business and their ability to continue to serve their clients and their customers, and the ability to know that they are doing well and where are they compared to their peers.
And so a lot of times there’s questions that can come up, or things that they think they’re preparing for, and they may not be used to the way it may adjust and change. So everything from understanding the audience in the room and their acumen when it comes to cybersecurity, but also understanding the background and the type of information that they’re interested in. If you think about traditional board presentations, and the traditional board audience, they’re very focused and have always been meeting with the CFO and the chief operations officer. You really have to be able to look at it through that lens and understand what they’re looking for. Obviously, the impact to revenue, margins, the operational capacity of the business. When you look at it through that lens, you paint a very different picture than a very technical presentation. So I think there’s a lot of things that come into planning a proper board presentation. We really help our clients with that piece of it. And understanding how they compare to their industry, what we’re seeing from an intelligence perspective, but also the type of information and questions they may get from their board, and then, obviously, being there with them. We’re used to being in those presentations and being able to respond to the type of questions that come up, as well.