CISOs Need to Speak the Language of Board Members

CISOs Need to Speak the Language of Board Members

"I understand the pitfalls of cyber security, but my boss just won't support me with the budget I need.”

Does this sound familiar to you as a CISO?

I have 3 pieces of advice for you: Speak their language

I like to say that CISOs are from Mars, while CEOs and board members are from Venus.

It’s because they don't speak the same language.

You might go to your board and say, “I installed Akamai Prolexic. subnet to mitigate an SYN flood attack.”

And they’d be scratching their heads, saying, “What did you just say?”

Instead, suppose you said, “I deployed a $100,000/year denial of service solution so that our website can withstand a hacker trying to take it down.”

Now they understand what you're saying and how you’re contributing to the business. Use KPIs

When communicating with board members, you must:

  • speak in plain business terms
  • use the language of P&L
  • come prepared with industry standards, comparables, etc.

You can use tools like SecurityScorecard to provide you with KPIs that help bridge the communication gap. Build relationships with them outside the boardroom

It all starts from being partners with each other.

The job of a security practitioner is to help enable and help drive the business securely.

The best way to communicate what you need and why is to make sure you get to know and trust each other personally.


SecurityScorecard is the global leader in cybersecurity ratings and the only
service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.

#cybersecurity #cyberrisk #cyberratings #linkedin