How to Get Your Board on Board With Cybersecurity

CISOs can refine their soft skills to help get their cybersecurity best-practices message across. Steps include increasing staff incident-response training and staying current with the threat landscape.

Brent Johnson, Chief Information Security Officer, Bluefin

September 18, 2023

4 Min Read
Meeting room with people talking
Source: Stefan Dahl Langstrup via Alamy Stock Photo

Nearly three-quarters (73%) of cybersecurity industry leaders have experienced burnout in the last 12 months — and who can blame them?

The shift to remote and hybrid work models has increased organizations' reliance on cloud services, limiting security teams' visibility into employee network and endpoint environments. But reduced visibility places company data at greater risk of cyber threats, and the subsequent surge in software supply chain attacks and ransomware incidents has cast a spotlight on the significance of cybersecurity. As a result, CISOs face more pressure than ever to maintain robust cyber defenses.

However, the role of the CISO has also evolved in other ways. With the frequency and severity of cyberattacks increasing, security has become a board-level issue given the potential reputational, financial, and operational damage associated with an attack. While it's a positive development that more C-suite and board leaders are becoming active participants in cybersecurity conversations, it has also placed added pressure on CISOs, who must communicate advanced security protocols to a non-technical audience and justify their defense plans.

To champion cybersecurity initiatives while staying within budget constraints and aligning investments with overarching business goals, you need more than technical prowess. You must be able to effectively communicate and collaborate with your C-suite peers — and that's sometimes not as easy as it sounds.

Four Ways CISOs Can Elevate Leadership Skills to Champion Cybersecurity

You know better than anyone that business success goes hand in hand with having proper cybersecurity processes and defenses in place. An effective cybersecurity strategy not only safeguards sensitive data but also yields significant cost savings and risk mitigation by preventing data exposure, curtailing downtime costs, and preserving the organization's reputation.

As you embrace a more visible leadership role, alignment with your C-suite counterparts hinges on your ability to communicate, listen, and guide. Consider these tactics and strategies to hone your leadership skills so you can help your organization make more-informed cybersecurity decisions:

  1. Speak the language of the C-suite. One of the most important yet challenging parts of your role is engaging your governing counterparts on cybersecurity matters. It all boils down to simplifying the link between cyber- risk and business risk. So, rather than overwhelming your CFO with the intricacies of specific security systems, focus on the results.

    For example, to advocate for an enhanced IDS, explain how your current system has detected and blocked over 50,000 attacks in the past year, potentially preventing millions of dollars in financial losses. By tying technologies and tools to specific business outcomes, you can effectively communicate with other leaders at the organization who may not have the same level of technical expertise.

  2. Spearhead training initiatives. Your responsibility for the entire organization's data security demands effective engagement with employees to ensure strong network and system security. To bolster employee vigilance and training efforts, develop initiatives such as targeted anti-phishing campaigns and incident response training. The benefits are twofold: You can demonstrate your leadership skills and better safeguard the organization's data.

  3. Remain curious and aware. As the threat landscape continues to evolve, your knowledge base should evolve, too. It's important to remain aware of emerging cyber threats and industry trends so you can identify tools and resources that assist your organization in mitigating threats. Whether you pursue an advanced degree, complete a certification, or simply reassess your office network and system security on a regular basis, continuing your education plays a vital role in protecting your organization from attacks.

    But it's not enough to educate yourself — you need to share your knowledge with your broader leadership team. Amid ongoing news coverage of ransomware attacks and data breaches, C-suite leaders tend to lack awareness about other external factors that affect security — such as recent legislative attempts to control organizations' use of encryption. With an understanding of how such bills impact business operations and direction, you can help leaders at your organization navigate the intersection of security and regulatory compliance for more informed decision-making.

  4. Hone your soft skills. While technical skills are a must in your role, excellent soft skills can make or break the effectiveness of your communication with stakeholders. Foster non-technical abilities like communication and leadership by partnering with other leaders at the organization to conduct cross-functional projects. You can also attend workshops on topics such as public speaking and active listening. Additionally, consider seeking feedback from colleagues after you give a presentation to identify areas for improvement.

Ready to Lead Your Organization to a More Secure Future?

Your role as CISO is simultaneously growing in complexity and importance. In addition to remaining aware of emerging cyber threats and risk-mitigation strategies, you must also advocate for cybersecurity policies and investments that are in budget and align with the organization's overarching business objectives.

In prioritizing your own professional development alongside companywide security initiatives, you can effectively defend your organization's digital assets while fostering a culture of proactive defense.

About the Author

Brent Johnson

Chief Information Security Officer, Bluefin

Brent Johnson is the Chief Information Security Officer at Bluefin. He is responsible for Bluefin’s security infrastructure and PCI-DSS/P2PE compliance programs. Brent has two decades of experience in information security, and he maintains an extensive consulting and assessment background within payments and critical infrastructure protection.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights