#123 - Accepted Cyber Strategy (with Branden Newman)

In this episode of "CISO Tradecraft," G Mark Hardy discusses how to build an effective cyber strategy that executives will appreciate. He breaks down the four questions (Who, What, Why, and How) that need to be answered to create a successful strategy and emphasizes the importance of understanding how the company makes money and what critical business processes and IT systems support the mission. Later in the episode, Branden Newman shares his career path to becoming a CISO and his approach to building an effective cyber strategy. Newman stresses the importance of communication skills and the ability to influence people as the most critical skills for a CISO. He also shares his advice on how to effectively influence executives as a CISO. Full Transcripts - https://docs.google.com/document/d/1nFxpOxVl6spkK-Y8GLU5q2f6R_4VD-a2 Chapters: 00:00 Introduction 01:06 The Four Questions (Who, What, Why, and How) 08:11 Building an accepted cyber strategy 09:19 Importance of communication skills for a CISO 10:19 Understanding financial statements 12:47 Following the money 14:09 Reputation and cybersecurity 15:24 Getting executive buy-in into cybersecurity 15:57 Building Trust with Executives 16:45 Security Enables New Elements of Business 17:13 Why Cybersecurity Gets Ignored 20:07 Framing Cybersecurity as a Competitive Advantage 21:19 Mistakes CISOs Make When Communicating with Executives 22:54 Telling Stories to Communicate with Executives 24:09 Using Business Cases and Examples 27:28 The Importance of Listening to the Executives 29:31 Making Informed Risk-Based Decisions 30:54 Building Trust and Champions 32:55 Building a Network of Trust 35:13 Being Pragmatic