Free the CISO, a podcast series that attempts to free CISOs from their shackles so they can focus on securing their organization, is produced by CIO.com in partnership with DataBee®, from Comcast Technology Solutions.
In each episode, Robin Das, Executive Director at Comcast under the DataBee team, explores the CISO's role through the position's relationship with other security stakeholders, from regulators and the Board of Directors to internal personnel and outside vendors.
Episode 2 focuses on the Board of Directors. In this episode, Das is joined by:
Kristen Davies, former CISO at Unilever and The Estée Lauder Companies Inc.
Claude Knight, a managing director of cybersecurity for Ernst & Young
Together, the group addresses an increasingly common -- and perplexing -- catch-22 for CISOs everywhere: a Board of Directors hungry for security insights but unequipped to understand those metrics in relation to risk.
"[The board's] job is, on behalf of the shareholders, to really oversee and have governance over the risk posture of the organization, whether that's the market risk, credit risk, financial risk -- all these things," Davies says. "Now, cyber has emerged. And so, on the side of the CISO, there's this urgent need to actually understand risk as opposed to [just] what metrics [are] in place. [They're asking] what vulnerabilities do we have?"
The secret for CISOs, she continues, is striking the right balance when communicating with the board. In other words, they must "apply what I would call both the art and the science of being a CISO." But at the end of the day, it's about distilling the message to resonate best with this highly unique audience.
"When you're dealing with the board, they understand risk, so [you can't go into] this eye-watering amount of detail about all the technological vulnerabilities or technical debt or all of these types of things. They're all important. But the CISO really has to be a translator in order to help the board interpret what exactly is the risk posture of the organization."
Davies -- a three-time CISO, among other security leadership roles -- even shares a few tips for effectively communicating with the board. A little later, when Knight joins the conversation, Das asks the most critical question of all: "From the board's perspective, what drives confidence in the CISO and their cyber program?"
Want to find out? Listen to the full episode to better navigate the role of CISO and deliver real value for your enterprise.
Don't miss Episode 3: Fitting into the C-Suite.
To learn more about DataBee and the DataBee Hive™ security data fabric platform, visit their website or follow along on LinkedIn.
More about Robin Das, Executive Director, Market Growth Strategist, DataBee
Robin is responsible for defining DataBee's unique value proposition in the market, long term strategy and product vision, and business development opportunities via outreach to strategic targets, partnerships, alliances, and other investments to continue to drive overall growth.
His prior experience at Comcast includes roles in Corporate Strategy, FP&A, and development of Customer Experience tools.
He lives in Philadelphia, with his wife Stephanie, nine-year old daughter Pearl, and two dogs, Emma & Eggy. Outside of work he likes to run slowly, cook adequately, and eat out frequently.