Kevin McLaughlin, Director, Deputy CISO & Adjunct Professor, American Public University System (APUS)

An Executive Level Steering Committee is Critical to CISO Success

  • Use simple visuals to communicate the cost impact of threat and remediation. The higher up in the organization you go, the shorter, sweeter, and more visual it needs to be.
  • Don’t provide decision makers with one solution they must accept or reject. Give them risk and cost choices, and let them buy into what’s most important for the business.

Knowing what’s important to the business and being able to track your efforts to address it become the cornerstones of your communication strategy with executive-level decision makers.

Before making a case for security expenditures to the C-suite or board, Kevin McLaughlin, associate professor at the American Public University, advises that you first understand what your executives and executive steering committee feel is important. “If you don’t have an executive-level steering committee, you need to put one in place,” says McLaughlin. The steering committed could include key C-level executives like the CFO, possibly a board member with an understanding of security issues, and key business unit executives.  “They are the touch points that allow you to understand the business priorities and make those priorities your priorities.”

This is an excerpt from 7 Experts on Justifying Security Spend. The eBook was generously sponsored by Nehemiah Security.