Storytelling and Cybersecurity: How CISOs Can Convey the Cybersecurity Team’s Impact on the Business

Written By Karen Mesoznik

To share a story about the activities occupying the cybersecurity team is a feat since it is not always so clear how a CISO should go about it.

It's also a challenge to create the correct balance of story elements like plot and mood. The data is the focus of the story, but to convey it in a way that is memorable and moving takes more effort than just listing the facts. Here are some tips to tell a compelling story about the cybersecurity team and do their and your hard work justice.

The Hook

Hook the board with a good first topic or line. This will set the tone for the rest of the report so choose wisely.

One way is to use a board member’s life experiences as a person in business (and as a person in general) to convey cybersecurity risk successfully and interestingly. You can also relate complex cybersecurity concepts in an accessible way that promotes understanding through metaphors. Understanding is enhanced through accessible language and patient explanations so use language that is understandable and evokes emotion, yet maintain the correct level of composure.

Conveying information in a way that elicits an emotional response is paramount to telling a story that is valued and remembered. By using experiences and stories you can create a sense of connection and community with board members.

Beginning

Begin with your most important and urgent information. This will draw the attention of the board, since it's said in the beginning and it has inherent and urgent value.

Challenges can be articulated through stories in a way that helps the cybersecurity initiative. The same goes for opportunities. Although it is a story, plan it out carefully beforehand. Even more tech-savvy topics like risks and mitigations can be said to be effectively conveyed through storytelling. This is especially helpful and should be applied often to make your points relatable.

Middle

A through line is not necessary but it is a great way to add consistency and a compelling goal to your story.

A through line is your common thread that ties everything together. This is important for making a consistent and repeatable point. Your point should be repeatable so that board members can describe it to others who may need this information. Underlying themes in stories can provide the story with a lesson that makes it easy to remember. A big and clear takeaway from your presentation can positively direct the board’s response and focus in a direction that is constructive and conducive to good cybersecurity posture.

Support your claims with data or metrics that reinforce your throughline and overall mission.

End

To conclude, include examples of challenges that your team has had to overcome to show success and optimism. This can become anything from a happily ever after to a cliffhanger. To be extra detail-oriented, maintain continuity by continuing at your next board report where you left off your most recent one. Include a recap or summary as a reminder of your main idea.

Conclusion

While storytelling takes extra effort, it’s helpful in many ways. This includes helping CISOs and cybersecurity leaders who are sharing the story of their team's hard work under their leadership. This experience can indeed take more thought, but it is truly rewarding.

Karen Mesoznik
Previous

The Top CISO Stories From Around the Web: April
Next

Tactics and Metrics CISOs Can Use To Drive and Measure Cyber Security-Aware Behaviors Throughout Their Organization