Letter from Kevin West, CEO - Feats of Strength June 2016

VIEW KEVIN'S LETTER HERE

VIEW FEATS OF STRENGTH MAGAZINE HERE

TO THINK LIKE A MEMBER OF THE C-SUITE, LEARN LIKE A KID

As another school year winds down, I was chatting with my kids about all they have learned. My fourth grader rattled off how she’s continuing to progress in English, Mandarin Chinese and coding, “three languages dad!” It’s been 34 years since I was in the fourth grade and things have definitely changed. I thought to myself, “I can’t learn another language”, and then it struck me – that is not the attitude children have towards learning. Instead of “I can’t learn”, they are more likely to say, “I haven’t learned yet”.

It is an important distinction because my way of thinking implies that I have a finite amount of knowledge, and learning a new language will never be in my repertoire. But, by acknowledging they, “haven’t learned yet”, children are open to the opportunity to acquire that knowledge. It turns out, openness is all we need to be adept learners of second languages, whether it is English, Mandarin, or more relevant to our industry, the language of business. In other words, when it comes to learning new skills, we should think like kids.

LEARNING ON THE MOVE; MAKING STRIDES WITH THE C-SUITE

In this issue of Feats of Strength we focus on the CISOs relationship with other senior executives in the company. We examine the roles the CFO, CEO, General Counsel and others who play in information security decisions. What do they need to know, and how can the CISO best communicate with them? In our article about the CFO relationship with the CISO, and in the Boardroom advice column, we hear these executives come back to the same theme – CISOs need to speak to us in our language, about the things we care about.

These executives need the CISO to provide a better understanding of information security, but they want that education to be set in their comfort zone. As you will see in our article “How to Talk Security”, executives are asking us to speak in business language when we present risk factors, and make requests for security programs, processes and technologies.

So, while the rest of the C-Suite is working to acquire the knowledge they need about information security, we need to work harder and smarter to learn their language. This will improve collaboration, communication and overall security posture, while also raising the CISOs profile in the company.

SPEAKING THE LANGUAGE OF BUSINESS

In this issue you will read about tying information security to revenue, shareholder value and time to value, all the things your C-Suite cares about. We will ask you to consider that maybe the way we have approached security conversations and decisions in the past marginalizes us because it prevents CISOs from having an impact on the things that make a business successful.

Instead of the old approach, let’s try to focus our conversations with other executives on the things that matter to them. We know that list includes revenue (information security can be a competitive differentiator in a lot of industries), shareholder value (because information security can reduce business risks and avoid costly fines and penalties), and time to value (reducing the time between technology purchase to when it is demonstrating value).

While we are making strides, the C-Suite is asking us to do more to communicate in business terms. It might just be as simple as this: in order to transition from technical leader to senior business executive we need to remember to learn like a kid.