Message to Cybersecurity Professionals: Learn the Language of the Business

April 26, 2019  Jeff B. Copeland

We recently spotted this tweet from a cyber risk professional attending a security conference, listening to a panel of CISOs and CTOs speak:

“Kinda like a (music) conductor who tells all the other conductors that nobody comes to his shows because the public just doesn’t understand music and convinces them to adopt his music because it’s ‘right’ and we end up with nobody listening to any orchestras.”

We know the feeling, and we reached out to the tweeter, Matt Martin, Vice President, Technology Risk, at LPL Financial, to learn more.  Matt is a FAIR-trained, risk minded security professional – in fact, he worked at TIAA with Jack Freund, co-author of the FAIR book.

Here’s what he had to say:

“The theme kept popping up at the panel discussion: The problem is that the C-suite doesn’t understand technology.

“To me, technology is just a tool to do business, like printers. Yet here were four security leaders or CTOs who couldn’t realize that the problem isn’t ignorant people in the C-suite.

“There was no discussion that we have to learn the business – it was that we have to get them to our level.

“As a profession, we have a sort of teenaged mindset that we ‘know everything’ because we know a lot about something that our elders don’t understand.

“We need to mature and start understanding that our jobs are to enable the business to make more money. We don’t have jobs to make the business secure. Everything we do should align to our corporate goals. The problem is so often we don’t understand the business well enough to do our real jobs.

“At the end of the day, we want decision-makers to better understand the decisions they are making. But coming in to those conversations, we’ve got to spend time learning the business or it doesn’t work.

“The biggest success I’ve had with that is using FAIR. It forces you to understand your business and the consequences for realized risk.  It leads you to a better, more educated conversations with risk owners so you can help them to make better decisions.”

At RiskLens, we think that the security profession is moving Matt’s way. The RiskLens Cyber Risk Quantification application is custom built on FAIR for organizations looking to support business decision-making with risk analysis that’s firmly aligned with corporate goals.