The Potential For Cyber Security “Who Cares” Conversations
The last thing that a cyber leader will want is an executive thinking, “who cares.” But, the way that we communicate may cause an executive to think it.
Let’s look at how.
Imagine that you need to bring your car to the only garage in town knowing that the vehicle isn’t riding like it should or sounding right. Your suspicion is that there are some unknown problems with alignment and perhaps the engine.
You arrive at the garage, you explain the symptoms of the issue that you’ve been experiencing. Your mechanic’s responses are instead focused on the hydraulic lift in the mechanic’s bay. He keeps mentioning the hydraulic lift throughout the entire conversation and discussing potential problems that have nothing to do with the symptoms that caused you to bring the car in.
The probability is high that, at some point, you’ll become frustrated and begin thinking, “who cares about the hydraulic lift? I’m here for you to check the alignment and engine timing.” You might be frustrated enough to even say it aloud.
To which the mechanic might respond, “The lift is important to me. I can’t see what’s wrong until I get underneath the car. The hydraulic lift is the easiest way to raise the car.”
Now, let’s put this story in the context of your cyber security program.
Think how many times that we’ve described our cyber program, roadmap, or capabilities to executives in terms of the things that we as cyber practitioners care about or view as key enablers of our job. For some reaon, we focus on the tools.
Pro Tip: The tools we use are not the outcomes of the cyber program, only enablers.
The users and business process owners are the cyber program’s customers. In order to be effective with them, they’ll want to ensure that that cyber leaders are answering their questions with answers that they can tie to things that matter to them.
In the above story, these answers would be specific things to the like “perhaps we should check alignment” or “it might be the engine timing”. A generic response of “we need to chack and fix everything” might be equally non-assuring to the customers. Fixing everything would involve lots of cost and likely more time that there s to spare. Broad, non-specific answers would not create confidence in the team.
Executive communications means talking to executives about topics like cyber security strategy, roadmaps, capabilities, gaps, and roadmaps. We have to frame our conversations in terms of what is important to our customers rather than us.
Otherwise, we’ll risk a loss of confidence and the lingering question of “who cares?”
Focus your conversation.
Show your executives that you can take the conversations to the next level.
That way, they’ll care.
