Public speakers, politicians, and professors.
All of these careers have one thing in common: they must be excellent communicators.
Imagine a public speaker stumbling over their presentation, a politician stammering under pressure, or a professor unable to answer a student’s question. These results could spell disaster.
So why should you, a chief security officer, care about your communication skills? After all, your only concern should be security, right?
It’s no joke that the techies have a reputation for poor social skills. But as jobs that require both math and social skills continue to grow while technical-only jobs decline or stagnate, these interpersonal skills are in high demand. Being able to interact and communicate with fellow humans will increasingly determine not only who stays and who goes, but who has the potential to lead a team or a company to success. Not to mention, social skills are becoming a key factor in whether or not you’re hired in the first place.
But for a CSO operating in the high-stakes realm of cybersecurity, communication can decide so much more.
Below, we’ll walk through why communication is so important for CSOs as well as tips and tricks you can use right now to do it even better.
Communicating with your peers
CSOs still struggle for acceptance amongst their C-suite peers, meaning they’re often left out of important meetings and decisions. This results in business priorities missing necessary security elements, and thus being weaker.
Let’s put this into perspective: the total cost of containing one data breach is estimated to be around $3.8 million, having increased by 23% since 2013. So if CSOs aren’t in on these conversations, you can predict your business will be paying the price (perhaps multiple times) in the near future.
But as a communicative CSO, you can diminish your vulnerability by asserting yourself in these meetings and informing your C-suite peers why security shouldn’t just be an IT issue, but should align with all the business’s goals.
“[I]f a company’s task is ‘selling shoes online,’” Ted Schlein states, “it’s the CSO’s job to tell the company that the task is now ‘selling shoes online securely’ and to get the company moving quickly in that direction.”
A CSO’s role, then, should extend beyond reporting to just the CIO, and instead directly to the CEO so the CEO understands the connection between business risk and cybersecurity.
“If senior executives do not have visibility into the company’s security posture, then that’s a bad thing,” Jacob Olcott, principal consultant on cybersecurity at Good Harbor Security Risk Management, tells CSO Online.
Without a direct link to the CEO, senior management isn’t as aware of constant, pressing security threats, resulting in these security conversations happening after the fact, costing your business customers and capital.
Your role as a CSO, then, shouldn’t be an emergency responder alone, but also a proactive protector and influencer.
So how do you do become a proactive protector and influencer?
For example, you know that security is more than just buying a network security software system, and it should be baked into everything the business does. So when making your point, don’t bog executives down in IT jargon or unnecessary information. Explain to them only what they need to know and emphasize the connection between business goals and security.
Communicating with your team
Seems like a no-brainer, right? But what if I told you that CSOs are just scratching the surface of communication with their teams?
Communication isn’t a one-way street. It also requires listening. Just as it’s important to listen for surfacing security threats, it’s equally important to listen to the team joining you on the battlefront.
And this is where many CSOs fail. If you aren’t listening to your team, you aren’t in touch with their needs. They can feel like just another cog in the system, undervalued and underappreciated.
For instance, diversity in tech isn’t a new issue and is getting better (ish), but as the face of IT changes, a CSO must become more accommodating and receptive to their team’s needs in order to retain top-notch talent.
In particular, women in IT often cite company climate and culture as a reason for leaving their jobs. And as women make up more than half of the population, a destructive culture has the potential to alienate half your talent pool.
But by listening to your team members and investing in a space that affirms diverse talent, you open your team to new perspectives and innovation, two qualities essential for combating evolving security threats.
So how do you listen to your team members better?
Unconscious bias in the workplace is an issue that pervades more than just tech. However, as a CSO, your role as a leader enables you to make quick changes to change team climate. Recognizing achievements and “investing in professional development” alone are two ways to foster better employee satisfaction, and are great ways to make all your team members feel valued. These are small changes to address such a large issue, but enough to make a major difference.
Communicating with the customer
Breaches are bad news. There’s no denying that. And multiple breaches are even worse. But while the tech department isn’t solely to blame, the CSO will still bear the brunt of the backlash.
This is where communication skills are key.
As the CSO, you are the figurehead and mouthpiece of security for your business. This may put you under the spotlight during a security scandal, though it also gives you the opportunity to revitalize customer confidence in your organization.
Think of Target. Back in 2013 they suffered a notorious data breach, releasing the debit and credit card information of 70 million customers. Lawsuits were filed, consumer confidence dwindled, and the company saw a drop in sales. However, the following June, Target hired Brad Maiorino as its CISO in hopes of rebuilding its reputation. Since then, and with Brad’s help, Target has distanced itself from the scandal, but its history remains a cautionary tale for CEOs and CSOs alike.
So what does this mean for your job as an established CSO?
If you are a CSO already in place, your job may take on more of a crisis management component, necessitating the social skills for mastering tough press questions and interviews in order to give this negative moment a light at the end of the tunnel. Because with cyber attacks against big companies rising by 40% in 2014 alone, the likelihood you’ll need to deal with one in the future is higher than ever before.
Think there are other benefits to being a stellar CSO communicator? Agree or disagree? Let me know in the comments below.
Header by Rachel Wille