William Hill CISO: Think more like a marketer

'When we're talking to the board, we are marketing our product to our customers'

Getting the board to support security initiatives is a perennial challenge, but in order to succeed, CISOs and security managers need to borrow some tricks from the marketing trade.

That's according to Killian Faughnan, the group CISO for betting company William Hill.

Speaking at London's InfoSecurity Europe convention, Faughnan highlighted the challenges that security professionals can face when obtaining buy-in, and how treating it like a marketing exercise can help overcome them.

"What we're doing when we're talking to the board is we're marketing a product to our customer," Faughnan said. "Security is our product."

Advertisement
Advertisement - Article continues below

He stressed that while security often things about 'the board' as a single, homogenous entity (more akin to the Borg), board members are all individuals with their own distinct attitudes and priorities. As such, he said, understanding what motivates each individual board member can be the key to getting your message across.

"Board members are people too... they're not homogenous institutions. The board isn't an individual; it's a collection of people who have different views on what success looks like. They have different goals, different ambitions [and] different objectives," he said. 

One of the common traps that security personnel fall into when selling to the board is the temptation to overcomplicate their pitches. In particular, Faughnan warned against overloading slide decks with infographics, graphs and data, stating that if there's too much concentrated information, board members often glaze over.

"Part of knowing your customer is that you should know they only have 15 minutes. Even if you've got a half-hour slot, by the time you get 10 to 12 minutes in, they're responding to email or doing something else, because these are busy people."

"Data has its place," he said, "but that place is mostly in your dashboards... because your job is to take that data and cut it down to something meaningful.

Faughnan's advice was to keep pitches short and sweet. He recommended picking the three most important messages you want to deliver, simplifying them as much as possible, and focusing on those. The ideal slide deck, he said, consists of one slide: a block of green, yellow or red, depending on how well the company's security posture is.

"Obviously, we're never going to get to one slide," he admitted, "but we should be aiming for it."

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/network-internet/wifi-hotspots/354283/industrial-wi-fi-6-trial-reveals-blistering-speeds
wifi & hotspots

Industrial Wi-Fi 6 trial reveals blistering speeds

5 Dec 2019
Visit/business/policy-legislation/354282/boris-johnson-suggests-uk-will-side-with-us-over-huawei
Policy & legislation

Boris Johnson suggests UK will side with US over Huawei exclusion

5 Dec 2019