Good story telling is an under-valued skill for cyber security
leaders. It’s a skill that helps executives gain a deeper understanding of an
organization’s cyber program and gaps. This includes the current state of the
program, and properly set expectations about the resources needed to keep, or
change, the current state.
All wrapped up in an
easily digestible, non-technical story.
Less obvious is that every security program has at least two
stories - a voice (or the communicated story) and a perception. Both are
stories. Both can also provide a certain amount of context for executives.
The difference is only
in who is telling the story.
A mismatch between your story and the perception is the best
indicator of a story that is ineffective or not compelling. Cyber leaders own
closing any mismatches.
You’ll need a good story.
Good stories identify those weak areas impacting a poor perception,
give context why those areas need work, indicate how/when they’ll be remediated
or what is required for the remediation. After hearing good story, executives (and
anyone really) should leave knowing what the focus areas are, what gaps exist,
and why.
And even a good story
left untold can end up leaving perception as the only easily digestible story for
executive planning or resource decisions.
Make your cyber security story a good one.
Like what you've read
enough to follow me on Twitter? @Opinionatedsec1.
SEE ALSO
No comments:
Post a Comment