Getting unstuck

Communicating up can be tough sledding

The rate of change these days is so high that occasionally I think: "I'm just looking for a nice rut to fall into. Six months in a rut sounds really relaxing right now."

But of course, this isn't true. A routine may be good, and useful, but ruts are a bad way to travel. The expression "stuck in a rut," of course, refers to tracks worn in the ground by wheels that have traveled that way before. If your wheels are stuck in a rut, you may be able to move--but only along a path that others have carved out for you.

That's not what security leadership needs. Even if you've got a clear strategic vision, a two- or three-year road map, a great idea of where you need to go and how to get there, you still need agility. You need the ability to respond flexibly to unforeseen events, technical breakthroughs, changing business conditions and so on.

Striving to communicate effectively with other executives remains one of the most vexing ruts that CSOs get trapped in. Nearly 10 years ago, we launched CSO magazine with a cover story about how to build better bridges within your business, how to understand organizational priorities, how to construct better relationships and how to speak the same language as CEOs and line-of-business executives.

A decade later, these skills remain a challenge. Some security leaders still--still!--trot out low-level metrics, speak in technical gibberish and focus their arguments on what "must" be done according to a security code of honor that must come off to outsiders as downright medieval.

How do we bust out of that rut?

Our cover story in June (What I learned when I left security) offered up the perspective of four security experts who left the rut completely by moving into roles outside of security. One is now a retail CEO--John Hartmann, who in his former role as CSO of Cardinal Health helped advise our launch of CSO back in the day. Two of our panelists are now based overseas. One is in project management; another is a journalist.

So how have their perspectives changed? CSO contributor Mary Brandel asked each of the panelists what they wish they'd better understood back in their security days. Their observations and anecdotes are entertaining as well as informative. Ultimately, by sharing their experiences here, we hope to help get you out of the ineffective executive communication rut for good.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Derek Slater

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place