I walked to the elevator with my CTO. I sighed a breath of relief as I had just wrapped up a Cyber Security meeting with about 15 Board of Directors. I made my way to the elevators and was joined by one of the Board members.
I remembered in the pre-Board meeting I was warned that he was the curmudgeon of the group. He was a long time Board member, influential, but tough and a squeaky wheel for sure.
As we stood there waiting for the elevator to arrive, he thanked me and my CTO profusely for coming out and visually presenting the IT Security roadmap, gaps, risks, remediation options for his organization. We had presented this roadmap, in partnership, with the new CIO who wanted a show of force and support in his first Boardroom meeting. The Board member said he loved the new roadmap approach.
One of the major benefits that came out of this meeting was that the discussion didn’t get sidetracked with shiny toys conversations that, we had been warned frequently, did happen in the past with this engaged and educated Board who were made of ‘three letter agency’ folks overseeing this commercial non-government entity.
What are Shiny Toys?
Shiny toys are “Barracuda Networks” signs that you see in airports.
Shiny toys are Magazines on the back of airplane seats recommending some ‘cloud strategy’ or articles in CEO Magazine, CFO Magazine. You know exactly what I mean.
Very interesting conversations happen in Board Rooms regarding IT Security and I think it is an IT Leadership issue. Once there is a long term focus that can be mapped to Tactical Execution, the shiny toy conversation will end.
I turned to visualization and used a simple graph to distill quite a bit of complexity into a solid window. One picture delivered a thousand words and answered as many as well.
Here is the sample graph that is used to explain Categories of Risk and Criticality over all security disciplines.
Shifting IT Security Conversation to Visualization
In retrospect I was of course thrilled with the outcome as it was important to show the Board that there was a team in place to handle the very discouraging threat landscape.
The new CIO was smart in allowing me to help him present the risk landscape; transparently describe their IT Security capabilities, matched to their priorities.
How do you do this?
Visually Displaying Quantitative Information is Critical
I like to display complex security and roadmap data visually. It is well known that the human eye can digest images very powerfully, but we forget this. DON’T.
It is critical. Here are a couple of links to support material if you are interested in knowing more of why.
- Edward Tufte is one of my favorite authors on this subject.
- I also wrote an article in 2015 about the bandwidth capacity of eyes called “What is the bandwidth capacity of your eyes…?”
People like to surround themselves not with complicated people, but people with ideas on simplicity and reduced complexity with IT Security.
Make it easy for IT decision makers. Clarity and transparency are your golden ticket. To achieve this job is to make the complex decision simple.
To learn more about me and the tools that my company can bring to you to reduce the complexity of your IT Security environment, see this link to CIO Scoreboard