CISOs: Communicating Risk to Board Members

Cybersecurity doesn’t have to be a roadblock to effectiveness.

Cybersecurity doesn’t have to be a roadblock to effectiveness. CRITICALSTART’s SVP of Managed Security, Jordan Mauriello, and Michael Balboni, former advisor to Homeland Security share insights on empowering cyber networks by employing successful strategies.

Full Transcript:

JM: Hey guys, Jordan Mauriello with CRITICALSTART here, Senior Vice President of Managed Services. Today I have with me Michael Balboni, President of Redland Strategies, former Senator, Assemblyman, advisor to Homeland Security. Honored to have him here with us today. We’ve been doing some awesome discussions about things that we’re doing at CRITICALSTART and working with Redland Strategies.

JM: Today we wanted to take an opportunity just to talk to Michael about some general cybersecurity issues. He’s a major influencer in our community. I know many of you already know who he is and has had a major impact even on some of the legislature that we’ve seen around our industry too as well. We want to take the time to get some thoughts from him on some of the direction the industry’s going impact that some of the changes we see in cyber in general are having on national defense, the role of Senate and Congress, and where that’s going from a legislature perspective.

JM: We’re going to open up and have a nice, fun conversation here about some of these issues. Thank you so much for being with us, Michael.

MB: Thanks for having me Jordan, and thanks for your service to the country in the military.

JM: Thank you very much, sir. I appreciate your support.

JM: When you’re looking at a CISO and he’s attempting to communicate to the board about risk, what are some of the things that you would tell a CISO about how does the board look at cyber and risk for the business that can help them more effectively communicate the risk they might see?

MB: Obviously there is a wide variety of information, education experience as it relates to cyber issues and some board members who could be a Chief Information Security Officer on their own and they’re a huge asset to the board. That typically is not one of the criteria that boards use for attracting trustees or board of directors. That’s not one of the things I look for. It’s an added value, great but that’s not really part of the typical board of directors profile. Therefore you have people who sit there and say, “Okay, we have to do security. I look at security as one bucket.”

MB: Whether it’s the physical security of buildings, it’s physical security of the servers, it’s physical security of the data we have, and what they sometimes don’t focus on is that data is the new oil.

MB: We are a data-driven society.

JM: Absolutely.

MB: How we use data, how we protect data, how we explain data to the people that we serve or whether it’s our shareholders, our customers, the folks that we work for as a board of directors, it’s very difficult to articulate that many times. We need to have awareness and we need to let people know that cybersecurity doesn’t have to be a roadblock to effectiveness. It doesn’t have to be a drag on your business model. It doesn’t have to be something that’s just a cost driver. We can actually make the system such that we can empower the networks by doing the right, the smart, and the timely changes to the cyber network employing good strategies.

Newsletter Signup

Stay up-to-date on the latest resources and news from CRITICALSTART.
Benchmark your cybersecurity against peers with our Free Quick Start Risk Assessments tool!
This is default text for notification bar