Time
1 hour 2 minutes
Difficulty
Advanced
CEU/CPE
1

Video Transcription

00:00
hello
00:01
and welcome back to revenue protection as a C. So
00:05
in this module we will talk about why it is important to be seen as a trusted adviser.
00:13
There's a quote from John Lee Coast that I like says the CSO role is now one of a trusted adviser to the business as a whole, not just the technology.
00:24
Sure, technology provides the tools that produce pris process, store and transmit business data, but the sea. So the technology itself is much less important than the business process is support.
00:40
Let's focus on the last part of it, but to the sea. So the technology itself
00:46
is much less important than the business processes it supports.
00:52
So
00:53
are we focused on processes or we focused on controls
01:03
in the Deloitte publication, the new C. So they list the four phases of the new C. So
01:10
I suggest you read the full publication, but for today we will focus on
01:15
the adviser.
01:17
So congratulations, you're on the executive team. You are likely the Onley non self focus leader next to the Chief HR Officer,
01:26
how do you become the trusted adviser?
01:30
You are the security leader, but to you, But do your colleagues trust you?
01:36
Be proactive. Stay in front of security trends, breaches, etcetera. Use current news to highlight how your organs protected.
01:45
And what I mean by that is,
01:47
you know, a new day, a new breach.
01:51
A lot of times the executive team will come to you and ask you like, Are we protected from that? If it's pretty large scale breach, there may even be a meeting You're calling to to explain how the company is being protected from that.
02:07
What I like to do is take a proactive approach
02:10
in,
02:12
um,
02:13
whatever cadence that your organization has is executive meetings.
02:17
I like to bring to the meeting ah, current breach or current set of breaches and then talked through not in technical talk, but in layman's terms on the policies, procedures and or technology that we have in place to protect us from that said
02:37
threat or exploit.
02:39
And then I feel questions on that,
02:42
Um, and one thing that does is it alleviates stress, but it also highlights what you're doing in your security program. But it could also be used to show where their gaps and you can, you know, justify more budget if there's a pretty widespread, um,
03:00
exploit zero day
03:01
or ah, mitigating control that needs to be implemented via solution or tool that you currently don't have the budget to implement.
03:13
So use those times when you are meeting with your executive teams. Are you presenting to the board to talk again? Not a technical top. I like to quantify in dollars cause we're talking into the board, right? They care about money
03:31
not in a bad way, but go back to what the business was founded to do is to generate a profit.
03:38
And if you're trying to justify mawr span Feehan apartment,
03:43
you better be able to quantify, um,
03:46
the reduction in risk
03:50
post implementation of this new tool
03:53
versus
03:54
not implement the tool and your current risk. Um, no, what's the current exposure was the reputational damage that would happen if
04:04
you were reached or
04:06
and you didn't implement this particular control.
04:10
So that's just an example of one of the things that I like to do. But if we take a look at some of the other facets of this, this diagram
04:19
being a strategist, you are the chief protector of the guardian of the business you're expected to be the technologist. So you're going back again to the previous module.
04:32
You're respected to communicate. You're expected to be the subject matter expert. When it comes to all things security, you're expected to be the strategist. Meaning that you're not just looking at today, but you're looking,
04:50
you know, 234 years down the road. None of us have a crystal ball. But it is very important to have a strategic plan. Um, four year department
05:02
and, you know, security as a whole
05:08
as their trusted adviser and the gain trust, you must speak the language of the business. You must be able to quantify risk.
05:15
Um, you must be able to pick your battles strategically, know what he'll to die on and which one to walk away from. This is very important. You must not block business going back to our first module or don't be a blocker.
05:32
Don't be that guy.
05:34
Um, and you must develop mastery of your budget.
05:41
This is going back to seeking that feedback and having a collaborative approach and finding someone and finance that can help you and keep you on target.
05:50
Um,
05:51
budget
05:54
mastery is one of the I would say top skills
05:58
that a c so
06:00
needs but often lands in the role without
06:05
depending on how you landed in that seat. If you know where manager or director, you probably do have some sort of budgeting skills. But being in the sea, soc just takes. That amplifies it to a
06:19
totally new level. Because now you're focusing all security for the entire organization. Just not
06:27
your department. And you have to budget accordingly. Especially, you know, if if I t rolls up to you as well, which is a growing trend that the sea so not only manages the security side of the house, but also
06:41
the I t infrastructure and I information technology side of the house. So being able to balance that budget
06:48
ah, against the knees of the business and your desires and projects is just of utmost importance that you don't go over budget and turn what I've said it before and keeps in it is a call center into a sunken ship that just won't work out.
07:08
I'm well for you. Long term.
07:11
Thank you.

Up Next

Revenue Protection as a CISO

In this course you will learn strategies to transform the way your security program is viewed.

Instructed By

Instructor Profile Image
Terence Jackson
Chief Information Security and Privacy Officer
Instructor