The Security Leader’s Communication Playbook: Bridging the Gap between Security and the Business
- Length: 394 pages
- Edition: 1
- Language: English
- Publisher: CRC Press
- Publication Date: 2021-09-13
- ISBN-10: 0367570017
- ISBN-13: 9780367570019
- Sales Rank: #0 (See Top 100 Books)
This book is for cybersecurity leaders across all industries and organizations. It is intended to bridge the gap between the data center and the board room. This book examines the multitude of communication challenges that CISOs are faced with every day and provides practical tools to identify your audience, tailor your message and master the art of communicating. Poor communication is one of the top reasons that CISOs fail in their roles. By taking the step to work on your communication and soft skills (the two go hand-in-hand), you will hopefully never join their ranks. This is not a “communication theory” book. It provides just enough practical skills and techniques for security leaders to get the job done. Learn fundamental communication skills and how to apply them to day-to-day challenges like communicating with your peers, your team, business leaders and the board of directors. Learn how to produce meaningful metrics and communicate before, during and after an incident. Regardless of your role in Tech, you will find something of value somewhere along the way in this book.
Cover Half Title Title Page Copyright Page Table of Contents Preface Acknowledgments Author Introduction Why a Book on Communication Just for Security Leaders? Structure of This Book Who Am I? Target Audience Why Soft Skills Are Hard, and Communication Is Difficult Summary References and Recommended Reading Part 1 Communication Foundational Skills Chapter 1 Foundational Communication Skills The Security Communication Manifesto Communication Scenarios You Will Face The High Cost of Poor Communication How Good Is Your Communication? Start With Your Mindset What Kind of Leader Are You? Working with Personality Types How Communication Works Source Encoding Channel or Medium Decoding Receiver Feedback Context Forms of Communication Intrapersonal Communication Interpersonal Communication Group Communication Public Communication Mass Communication Choosing the Right Communication Medium It All Starts with Understanding Your Audience C-Level Business Executives and the Board Non-technical Businesspeople General Technical People Security Managers and Architects Security Operation Center and Your Team Don’t Just Talk, Listen! Pay Attention Paraphrase, Repeat or Summarize Questioning Acknowledging The Only Advice on Listening That You Need Repetition Summary References and Recommended Reading Chapter 2 People Skills How Approachable Are You? Listen Actively Be Proactive Make a Personal Connection Keep an Open-Door Policy Greet Everyone Own Your Mistakes Have a Sense of Humor Get Feedback Emotional Intelligence Assessing Your EQ Self-Management and How to Improve It Self-Awareness and How to Improve It Breath Awareness Mantra Meditation Social Awareness and Empathy Relationship Management What About AQ? Reframe the Situation Keep a Long-Term Perspective Own the Outcome Be Willing to Compromise Let It Go Reflect and Improve Summary References and Recommended Reading Meditation and Mindfulness Apps Meditation Books Web Resources Chapter References Chapter 3 The Language of Business Risk Getting the Business to Own Risk Risk Exceptions, Risk Acceptance Handling Risk Exceptions Handling Risk Acceptances The Security Leader as a Business Enabler Start with Your Objective BLUF Your Way through Communications Fear, Uncertainty, and Doubt (AKA “FUD”) A Note on the Use of Technical Jargon “Selling” Information Security Understanding Business Drivers Revenue Generation Customer Request Regulatory or Legal Requirements Risk Reduction Reputation and Brand Protection Availability and Resiliency Data Integrity Previous Experience Changes in the Business Environment The Seven Cs of Communication Summary References and Recommended Reading Chapter 4 Company Culture Orient Yourself Using the OODA Loop “Fitting In” to the Company Culture How Do People Communicate? Change the Culture or Adapt to It? Take It Slowly Be Open and Be Flexible The Change Agent Mandate Building Influence Disagreements: Don’t Be the Department of NO Building a Security Culture A Word on Ethics Summary References and Recommended Reading Chapter 5 Better Business Writing Why Good Writing Matters The Writing Process Have a Plan, Have a Point Writing Editing Publishing Get Better at Writing the Easy Way General Writing Tips A Handful of Simple Grammar Rules The Only Grammar Tip You Really Need Watch Your Tone Use the Active Voice Avoid Run-On Sentences Proper Punctuation Avoid Technical Jargon and Be Careful with Acronyms Use Grammar Checkers, but Don’t Depend on Them Making Peace with Email Managing Your Inbox Social Media Reading Summary Online Resources to Improve Your Grammar Grammar Girl Daily Writing Tips The Purdue Online Writing Lab (OWL) Recommended Reading Chapter 6 Say What? Verbal Communication Skills Projecting Confidence and Authority When You Have Neither Eliminate Filler Words Being Loud Is Not the Same as Being Confident The Importance of Breathing Avoid Uptalk Staying Present Baseline Your Voice Commanding Authority and Gravitas without Sounding Like a Dork Dress the Part Mind Your Pace Say It Clearly Watch Your Tone Improve Your Speaking Voice Phone Conversations Does It Make Sense to Use the Phone? Stay Focused Have a Clear Purpose Have a Professional Phone Manner Listen Actively and Empathically Avoid Interrupting Speaking Up in Business Meetings Running Effective Meetings Virtual Meetings Pay Attention Be Active and Be Heard Take Care of the Elements under Your Control Start with Your Mindset Using Cameras Use Good Lighting Have Good Sound Avoid Distracting Room Backgrounds or Virtual Backgrounds What You’re Wearing Slow Your Speech Down Zoom Feature Avoiding Last-Minute Technical Issues Leverage the Chat Window Hosting a Meeting Giving Presentations Presenting to a Large Virtual Audience Making PowerPoint Hurt Less Audience First Storyboard It Images and Graphics A Note on Visual Communication Delivering Presentations What’s Your Story? Building a Business Story Better Public Speaking: From Conferences Podcasts and Interviews Step 1: Start with Your Mindset Step 2: Prepare Step 3: Practice! Step 4: Get Some Feedback Step 5: Pace Yourself Other Considerations You’re Still Nervous? That’s Great! Summary References and Recommended Reading Chapter 7 Communication Superpowers A Crash Course on Nonverbal Communication How to Read Body Language Use Vocal Dynamics Facial Expression Fidgeting Posture Eye Contact Your Body Language Saying No Use a Personal Policy Decline Gracefully What If You Should Have Said No but Didn’t? What If It’s Your Boss? Negotiating Like a Boss Prepare Keep Communications Crystal Clear Active Listening Collaborate and Use Teamwork Focus on Problem Solving Use Decision-Making Abilities Mastering the Elevator Pitch Prepare Start with Your Audience Think Bigger Than Yourself What’s Your Best Outcome? Align Your Voice to Your Message Want to Sound Spontaneous? Practice! Managing Salespeople Remembering Names Start with Your Mindset Pay Attention! Face Associations Repetition Mental Associations When All Else Fails … Use Their Preferred Name Conflict Resolution Ask Better Questions Dealing with Difficult People Mindset Approach Asking for Help: The Right Way Summary References and Recommended Reading Part 2 Communication in the Real World Chapter 8 Policies, Standards, Guidelines and Procedures Document Your Security Program The Policy and Standards Writing Process Writing a Policy or Standard Compliance Security Controls Lawyers Are Your Friends Length and Policy Bloat Measuring and Enforcing Compliance Risk-Prioritization Spelling and Grammar Frequency Revisions “Should” Statements and Other Weak Language Clarity Publishing and Storage Get Executive Sponsorship Manage Stakeholders Central Repository Balance Risk and Feasibility A Word on Cloning The Policy and Standards Lifecycle Communication Challenges in Global Organizations Summary For additional help on this subject, including policy and standards samples, I recommend the following: References and Recommended Reading Chapter 9 Training and Awareness The Right Mindset Security Is Everyone’s Business Five Steps to Security Training and Awareness Analyzing Planning Deploying Measuring the Program Optimizing Self-phishing Campaigns Training Programs Summary References and Recommended Reading Chapter 10 Driving Change through Metrics Why Metrics Are a Powerful Communication Tool Start with Your Audience Metrics That Matter: The Data You Have, versus the Data You Need Measuring the Unmeasurable What Makes a Metric Effective? The Key Indicators of Security Thinking in Probabilities to Measure Risk Putting It All Together Goal, Question, Metric: A Powerful Tool for Creating Meaningful Metrics Summary References and Recommended Reading Chapter 11 The High Stakes of Incident Response Communication Preparing for an Incident Writing an Incident Response Plan Laying the Groundwork for Your Plan IT Security Incidents Data Breach Incidents Incident Severity First Responder Call List The Escalation List Roles and Responsibilities Other Documents You May Need to Be Prepared Table-top Exercises Scenario Questions to Consider A Simple Ransomware Scenario During an Incident: You Don’t Know What You Don’t Know A Note on Public-Facing Communications After an Incident: What Did You Learn? The Ten Commandments of Incident Response Communications Summary References and Recommended Reading Chapter 12 Communicating with Your Team and Colleagues Mindset Communication Channels Bad Managers Be Consistent Be Authentic and Candid Cascading Business Knowledge Engage Everyone Leading versus Managing Avoiding Burnout Difficult Conversations You Are Giving Negative Feedback Keep It Specific and Objective Make Sure You’ve Seen the Behavior Directly Keep Feedback Timely Ask to Give Feedback Situation, Behavior, Impact You Are Receiving Negative Feedback The Business Accepts the Risk Difficult Conversations: You Need to Let an Employee Go The Language of Inclusive Leadership People First Don’t Let Casual Language Get too Causal Show Zero Tolerance Don’t Let Expert Knowledge Get in the Way View Multiple Perspectives Try to Use Gender Neutral Language Avoid Language with Implied Connotations Be Authentic Lose the Ego Some Notes on Virtual Attendees Running Effective One-on-One Meetings Make It a Safe and Candid Environment Your Role in a One-on-One Ask Great Questions Summary References and Recommended Reading Chapter 13 Managing Up: Finding Your Boss’s Communication Style Technical Detail Offer to Help Own Your Area Connect on a Personal Level No Surprises Set Expectations Read the News, Because Your Boss and the Board Do Program Status Reports Manager One-on-One Meetings Checklist for effective manager communications Summary References and Recommended Reading Chapter 14 The Board of Directors Presenting to the Board First Seek to Understand … Get to Know Your Board, If Possible Prepare Relentlessly Know Your Business Risks Have a Clear Agenda Be Data Driven with Meaningful Metrics Be Concise and Stick to the Main Points Use a Framework Talk About Business Risk, not Fear Tactics Use Storytelling Be Consistent Read the Room, not Your Presentation Anticipate Favorite Topics Be Strategic Follow Up Anticipating Questions Boardroom Failures Board Scenario: You’ve Been Breached Strategy Board Scenario: A Competitor Has Been Breached What’s in a Good Board Presentation? A Summary from Your Last Meeting Business Risks The Threat Environment Program Trends Keep It Professional and Polished Board Metrics Educating the Board Slowly Over Time Summary References and Recommended Reading Chapter 15 Working with Auditors Three Types of Audits Prepare in Advance Risk and Control Self-Assessment (RCSA) During an Audit Be Cordial Be Accurate and Honest Answer Clear Questions Assume Auditors Know Nothing About Your Area Be Concise and Specific Passing an Audit Does Not Mean You’re Secure Create a Partnership Address Issues Audit Action Plans Don’t Argue Auditors and Regulators Don’t Run Your Program, You Do After an Audit Summary References and Recommended Reading Chapter 16 Your Next Job Preparation Your Personal Brand An Executive Résumé Isn’t What You Think It Is “Must Have” Résumé Elements Objective Title or Branding Statement Professional Summary Statement Tailor Your Résumé Checklist Beating Online Parsers Managing LinkedIn Use a Professional Profile Picture Write a Good Headline Don’t Skip the “About” Summary Watch for Junk Words, Focus on Action Words List Your Relevant Skills Publish and Share Content Keep Your Résumé and Linked In Roughly in Sync Let Recruiters Know You’re Open to Searching Some Thoughts on Finding Your Next Opportunity The Three Questions of Job Interviews Can You Do the Job? Do You Want to Do the Job? Can We Stand Working with You? Managing Situational Interviews with the STAR Framework Tactics Focus on Your Achievements Culture Fit After the Interview: The Long Silence Write a Thank You Note or Thank You Email Check-In Keep in Touch Negotiating Job Offers Summary References and Recommended Reading Chapter 17 Consultants and Sales: Building and Maintaining Client Relationships The Sales Process But Cybersecurity Sells Itself, Right? Common Sales Mistakes Assuming the CISO Is Your Only Prospect Making Assumptions That We Already Know Everything About Your Product Being Insulted by the Word Vendor Selling Fear Selling Miracle Solutions Don’t Make Your Sales Targets Their Problem Do More Listening than Talking Better Sales Strategies Selling Security Services Keep a Positive Mindset Exceptional Communication Know Your Audience Don’t Make Sales, Solve Problems Exceed Expectations Summary References and Recommended Reading Conclusion and Key Takeaways Appendix Index
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.