William Hill CISO: Think more like a marketer

'When we're talking to the board, we are marketing our product to our customers'

Getting the board to support security initiatives is a perennial challenge, but in order to succeed, CISOs and security managers need to borrow some tricks from the marketing trade.

That's according to Killian Faughnan, the group CISO for betting company William Hill.

Speaking at London's InfoSecurity Europe convention, Faughnan highlighted the challenges that security professionals can face when obtaining buy-in, and how treating it like a marketing exercise can help overcome them.

"What we're doing when we're talking to the board is we're marketing a product to our customer," Faughnan said. "Security is our product."

He stressed that while security often things about 'the board' as a single, homogenous entity (more akin to the Borg), board members are all individuals with their own distinct attitudes and priorities. As such, he said, understanding what motivates each individual board member can be the key to getting your message across.

"Board members are people too... they're not homogenous institutions. The board isn't an individual; it's a collection of people who have different views on what success looks like. They have different goals, different ambitions [and] different objectives," he said. 

One of the common traps that security personnel fall into when selling to the board is the temptation to overcomplicate their pitches. In particular, Faughnan warned against overloading slide decks with infographics, graphs and data, stating that if there's too much concentrated information, board members often glaze over.

"Part of knowing your customer is that you should know they only have 15 minutes. Even if you've got a half-hour slot, by the time you get 10 to 12 minutes in, they're responding to email or doing something else, because these are busy people."

"Data has its place," he said, "but that place is mostly in your dashboards... because your job is to take that data and cut it down to something meaningful.

Faughnan's advice was to keep pitches short and sweet. He recommended picking the three most important messages you want to deliver, simplifying them as much as possible, and focusing on those. The ideal slide deck, he said, consists of one slide: a block of green, yellow or red, depending on how well the company's security posture is.

"Obviously, we're never going to get to one slide," he admitted, "but we should be aiming for it."

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021