In general, CISOs and other security leaders only receive a short time window of time in the board meeting to pitch their updates and budgetary items. During this time, you need to communicate key risks and remediation tactics, explain your strategic goals and plan, and answer questions—all with a largely non-technical audience. This can be challenging to say the least, and you really can’t afford to make mistakes.
When polled, CISO-like pros all share similar views on common mistakes. Organizational boards care primarily about three simple things:
- Revenue growth
- Future expenses
- Threats to revenue or lack of future revenue
As a result, your update needs to address how security impacts the economics of the business. Don’t miss your chance to make an impact and get what you need to establish and run a robust application security automation and orchestration program. For some excellent tips straight from a real CISO, listen in on this webinar all about the Economics of Software Quality and Security.