Cybersecurity can feel quite overwhelming and complicated for business leaders. That poses a challenge to the CISO who must communicate the impact of security breaches and attacks, in business language. Business leaders need to understand more about data security, and the impact of data breaches – on customers, shareholders, partners and employees. At the end of the day, it’s important that business leaders get back to the basics to stay secure: identifying their assets, backing up those assets, identifying vulnerabilities, and patching those vulnerabilities. Physical security is often neglected and should also be given its due importance.
In a video interview with CISO MAG, Caroline Wong, Chief Strategy Officer at Cobalt said it is a myth that business leaders do not understand cybersecurity. But the complication occurs because cybersecurity is about measuring risks and it is a challenge to put straightforward metrics on that, as we do with everything else in business. Wong says there are so many parameters in cybersecurity. She says everyone is trying to come up with a number for the dollars that would be lost if an organization is breached. Instead, the value number to have is the cost of a plan to achieve an objective. Cybersecurity leaders should begin with risk management objectives. Caroline offers seven risk management objectives. Business leaders should agree on a risk management objective and a common goal.
Caroline is a strategic leader with great communications skills, deep cybersecurity knowledge, and a lot of experience in delivering global programs. Her practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec product manager, and day-to-day leadership roles at eBay and Zynga.
In all Caroline has 15+ years of deep and practical cybersecurity expertise, including leading teams at eBay, Zynga, Symantec, and Synopsys.
She authored the popular textbook Security Metrics: A Beginner’s Guide; hosts the cybersecurity podcast Humans of Infosec, and teaches cybersecurity courses on LinkedIn Learning.
Most recently, Caroline published a new book called The PtaaS Book. To learn more about it, click here.
Cobalt is a global, remote-first cybersecurity company with a focus on Pentest as a Service (PtaaS).
In this interview Caroline offered advice on how security leaders should communicate with Board members and other stakeholders.