Cybersecurity can feel quite overwhelming and complicated for business leaders. That poses a challenge to the CISO who must communicate the impact of security breaches and attacks, in business language. Business leaders need to understand more about data security, and the impact of data breaches – on customers, shareholders, partners and employees. At the end of the day, it’s important that business leaders get back to the basics to stay secure: identifying their assets, backing up those assets, identifying vulnerabilities, and patching those vulnerabilities. Physical security is often neglected and should also be given its due importance.
In a video interview with CISO MAG, Caroline Wong, Chief Strategy Officer at Cobalt said it is a myth that business leaders do not understand cybersecurity. But the complication occurs because cybersecurity is about measuring risks and it is a challenge to put straightforward metrics on that, as we do with everything else in business. Wong says there are so many parameters in cybersecurity. She says everyone is trying to come up with a number for the dollars that would be lost if an organization is breached. Instead, the value number to have is the cost of a plan to achieve an objective. Cybersecurity leaders should begin with risk management objectives. Caroline offers seven risk management objectives. Business leaders should agree on a risk management objective and a common goal.
Caroline is a strategic leader with great communications skills, deep cybersecurity knowledge, and a lot of experience in delivering global programs. Her practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec product manager, and day-to-day leadership roles at eBay and Zynga.
In all Caroline has 15+ years of deep and practical cybersecurity expertise, including leading teams at eBay, Zynga, Symantec, and Synopsys.
She authored the popular textbook Security Metrics: A Beginner’s Guide; hosts the cybersecurity podcast Humans of Infosec, and teaches cybersecurity courses on LinkedIn Learning.
Most recently, Caroline published a new book called The PtaaS Book. To learn more about it, click here.
Cobalt is a global, remote-first cybersecurity company with a focus on Pentest as a Service (PtaaS).
Also Read:
In this interview Caroline offered advice on how security leaders should communicate with Board members and other stakeholders.
July 3-5, 2025 Location: Tivat, Montenegro Website: https://game-changer.tech/ Tivat Becomes a Hub of Innovation and…
June 11-12, 2025 Location: Mumbai, India CyberSec India Expo 2025 is India’s premier cybersecurity event,…
October 7-9, 2025 Location: Nuremberg, Germany Website: https://shorturl.at/DhXLj it-sa: Security for the digital future it-sa:…
July 10, 2025 Location: Manchester Central, Manchester, M2 3GX Website: https://bit.ly/43tNakH The Cyber Security EXPO…
June 26, 2025 Location: Hyderabad, India CISO India Connect 2025 is an invite-only summit bringing…
September 1-4, 2025 Location: Abuja and Lagos, Nigeria Website: https://www.gitexnigeria.ng/ Backed by NITDA and the…