SlideShare a Scribd company logo

Hackers are from Mars; CxOs are from Jupiter

infoedge LLC
infoedge LLC

Techniques that the average hacker and information security specialist can use to communicate with C-level executives.

Technology
1 of 40
1 proudly presents at
2 Hackers Are from Mars; CxOs Are from Jupiter Rob Havelt Director of information Governance, Risk and Compliance (iGRC) infoedge LLC
3 • A background as a packet monkey, wireless geek and leader of a pretty big pen test team • A hacker and technologist who bleeds ink from all those tested pens • A director of iGRC for a management consulting firm called infoedge LLC Rob is decidedly from Mars
4 Denizens of the boardroom and the SOC A rift often exists between the denizens of the boardroom and the SOC, who each inhabit different worlds.
5 Denizens of the boardroom and the SOC They don’t think, communicate or process information the same.
6 The title of this talk isn’t arbitrary; the planet names are significant. Beyond simple lexicon
7 • God of war • Protector of agriculture • Guardian of populace M ARS
8 • Lightning bringer • Controlled the realm • Father of Gods JUPIT ER
9 Why bother knowing this? Fair question.
10 Why bother knowing this? Fair question. I’d rather be taking apart an ATM, developing exploits or getting root.
11 As a director at a technical firm for many years, I thought I knew a decent amount about the business layer until I left that bubble and entered theirs.
12 Then everything changed...
13 I realized that words and concepts meant completely different things to a CPA than an engineer.
14 Like any hacker, I wanted to pull things apart, see exactly how it worked and know the rules.
15 What’s in it for hackers? • Leave “the bubble” • Communicate clearly to get your funding • Hack “the rules” to get your way
16 Disregarding bold ideas • Ideas for solving non-technology problems are often non-starters • They aren’t bad ideas but lack business context (metrics, operationalization, optimization, planning) • They also lack visualization of how they contribute to the company (mission, vision, goals, objectives)
17 Don’t let good ideas stagnate due to presentation.
18 All Other Business Levels Board of Directors Jupiter Players Other Players (CIO|CMO|CCO|CTO) Company Management (CEO|COO|CFO)
19 What about the CISO? • Chief Information Security Officer (CISO) or Chief Security Officer (CSO) • Has the least secure position in the organization • Is the person who takes the fall for the inevitable breach • Knows heshe will take the fall • Accepts impermanence as part of the job description CISO?
20 Keep the following in mind when strategizing on how to present to these players.
21 Executives have unique expectations and priorities • Do some homework to find out what those priorities are • Prepare to cycle through a few contexts to see what resonates
22 Executives have limited time and demand clarity • Deliver key messages up front • Have a plan A, B, C and D in your pocket
23 Executives require high-level communication • Use graphical models whenever possible • Use pre-reads and handouts
24 How do hackers align CISO/CSO InfoSec expectations?
25 Align your message with business risk strategy • Understand the risk appetite of the organization • Make a proposal that enables business decision-making
26 Satisfy cyber security risk concerns • Cyber risk is one of the top three boardroom concerns, and therefore an executive concern • Other concerns include current risks, emerging trends and strategy
27 Use effective storytelling • Know what impression you want to leave behind/story you want to tell • What outcome do you want?
28 Take the time to refine your message.
29 Tell a story that aligns with your objective • Facts and data are great, so use them • Ensure your data can stand on its own • Connect the dots to tell a compelling story • Socialize your story ahead of time
30 Paint a complete picture without raising alarms • Risk management is about both opportunities and threats • Don’t exaggerate and negatively impact your credibility; expect counter information to exist • Any counter information can destroy your credibility
31 Communicate risk and provide clear parameters • Terms like “high risk” are open to interpretation • Use frequencies rather than percentages • People respond differently when you allow a comparison of how often an activity is undertaken
32 Constructs management loves • Corporate dialogue • Analytics • Process flows • Value propositions
33 Learn these constructs to help you present your ideas more effectively.
34 Learn your corporate dialogue • Technological talk actually makes sense to the initiated • Terms have definitions, acronyms all stand for something and they are defensible • “Corpspeak” has to be made up; what do words like “operationalization” even mean?
35 Analytics • Measure everything...even if your approach to measurement is unique • Gather real, obtainable measurements • If you can’t directly measure something on its own scale, compare it to something similar, e.g. BSIMM • Look to someone with “Auditor” in their title to learn how to do this in your organization
36 Process flows • Arrange into corresponding swim lanes • Number all steps • Have descriptions for all artifacts • Include an input and output for each block
37 Value propositions • Straightforward yet hard to do • Must start with business issues • Focus on threats and opportunities in a risk context • Define what you want and the impact it will have • End with what people will get out of it
38 Tying it all together • Both sides have different concerns, focus and drivers • People working towards the same objective can approach it in vastly different ways • Bridge the gap by taking an objective look at your players and their risk drivers • Frame the issues that are most critical for the C-suite to understand
39 Questions?
40 Rob Havelt Director information Governance, Risk and Compliance (iGRC) infoedge LLC rob.havelt@infoedgellc.com @dasfiregod About infoedge LLC infoedge helps you improve business strategy, accelerate innovation and manage risk, so you can succeed in the information economy.

Recommended

What about the_gentiles
What about the_gentilesWhat about the_gentiles
What about the_gentileslucinda34
 
Lição 20
Lição 20Lição 20
Lição 20CARLOS LINUS FERREIRA
 
CCNP Certificate
CCNP CertificateCCNP Certificate
CCNP Certificaterahul_cuet
 
ACA Enrollment Update for Utah
ACA Enrollment Update for UtahACA Enrollment Update for Utah
ACA Enrollment Update for UtahUtah Health Policy Project
 
Our Team
Our TeamOur Team
Our TeamRohitha Rathnaweera
 
Cinco características de um casamento saudável
Cinco características de um casamento saudávelCinco características de um casamento saudável
Cinco características de um casamento saudávelEder Silva
 
BID CE Workshop 1 - Session 13 - Advanced Biodiversity Data Publishing
BID CE Workshop 1 - Session 13 - Advanced Biodiversity Data PublishingBID CE Workshop 1 - Session 13 - Advanced Biodiversity Data Publishing
BID CE Workshop 1 - Session 13 - Advanced Biodiversity Data PublishingAlberto González-Talaván
 
Etiquette Dinner Flyer v6 copy
Etiquette Dinner Flyer v6 copyEtiquette Dinner Flyer v6 copy
Etiquette Dinner Flyer v6 copyEmilee Smith
 

Recommended

What about the_gentiles
What about the_gentilesWhat about the_gentiles
What about the_gentileslucinda34
 
Lição 20
Lição 20Lição 20
Lição 20CARLOS LINUS FERREIRA
 
CCNP Certificate
CCNP CertificateCCNP Certificate
CCNP Certificaterahul_cuet
 
ACA Enrollment Update for Utah
ACA Enrollment Update for UtahACA Enrollment Update for Utah
ACA Enrollment Update for UtahUtah Health Policy Project
 
Our Team
Our TeamOur Team
Our TeamRohitha Rathnaweera
 
Cinco características de um casamento saudável
Cinco características de um casamento saudávelCinco características de um casamento saudável
Cinco características de um casamento saudávelEder Silva
 
BID CE Workshop 1 - Session 13 - Advanced Biodiversity Data Publishing
BID CE Workshop 1 - Session 13 - Advanced Biodiversity Data PublishingBID CE Workshop 1 - Session 13 - Advanced Biodiversity Data Publishing
BID CE Workshop 1 - Session 13 - Advanced Biodiversity Data PublishingAlberto González-Talaván
 
Etiquette Dinner Flyer v6 copy
Etiquette Dinner Flyer v6 copyEtiquette Dinner Flyer v6 copy
Etiquette Dinner Flyer v6 copyEmilee Smith
 
CaseStudy-Archway
CaseStudy-ArchwayCaseStudy-Archway
CaseStudy-ArchwayMatthew Bonanno
 
Combinacion de correspondencia
Combinacion de correspondenciaCombinacion de correspondencia
Combinacion de correspondencialina carolina ramos zapata
 
Emplois du temps_2emes
Emplois du temps_2emesEmplois du temps_2emes
Emplois du temps_2emesChennoufi Med
 
School Stars Library Card Campaign
School Stars Library Card CampaignSchool Stars Library Card Campaign
School Stars Library Card CampaignEileen Cole
 
WalkMate Account Statement
WalkMate Account StatementWalkMate Account Statement
WalkMate Account StatementEileen Cole
 
cv liz2
cv liz2cv liz2
cv liz2Elizabeth Kunene
 
HabíA Una Vez Tres Cerditos Hermanos Que VivíAn
HabíA Una Vez Tres Cerditos Hermanos Que VivíAnHabíA Una Vez Tres Cerditos Hermanos Que VivíAn
HabíA Una Vez Tres Cerditos Hermanos Que VivíAnUniversidad Pontificia Comillas ICAI-ICADE
 
Lesson 9 show
Lesson 9 showLesson 9 show
Lesson 9 showGreg
 
Building consTRUCTION
Building consTRUCTIONBuilding consTRUCTION
Building consTRUCTIONsahil saini
 
Analytics in-action-survey
Analytics in-action-surveyAnalytics in-action-survey
Analytics in-action-surveyAnjan Das
 
Digipack analysis
Digipack analysisDigipack analysis
Digipack analysisHollie15
 
17-02-14-UHPP ACA Update
17-02-14-UHPP ACA Update17-02-14-UHPP ACA Update
17-02-14-UHPP ACA UpdateUtah Health Policy Project
 
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?Anthony Melfi
 
Secure DevOps - Evolution or Revolution?
Secure DevOps - Evolution or Revolution?Secure DevOps - Evolution or Revolution?
Secure DevOps - Evolution or Revolution?Security Innovation
 
Conquering Chaos: Helix & DevOps
Conquering Chaos: Helix & DevOpsConquering Chaos: Helix & DevOps
Conquering Chaos: Helix & DevOpsPerforce
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021Adam Shostack
 
CS101- Introduction to Computing- Lecture 42
CS101- Introduction to Computing- Lecture 42CS101- Introduction to Computing- Lecture 42
CS101- Introduction to Computing- Lecture 42Bilal Ahmed
 
Publishing Strategic Technology for Association of Catholic Publishers
Publishing Strategic Technology for Association of Catholic PublishersPublishing Strategic Technology for Association of Catholic Publishers
Publishing Strategic Technology for Association of Catholic PublishersCraig Miller
 
Project professionals: Ready for the future? AI and Change Management, James ...
Project professionals: Ready for the future? AI and Change Management, James ...Project professionals: Ready for the future? AI and Change Management, James ...
Project professionals: Ready for the future? AI and Change Management, James ...APMDonotuse
 
CSA Fall Summit 2017
CSA Fall Summit 2017CSA Fall Summit 2017
CSA Fall Summit 2017Chad Hoffmann
 
Hit the ground running 2013 - Strategic Thinking
Hit the ground running 2013 - Strategic ThinkingHit the ground running 2013 - Strategic Thinking
Hit the ground running 2013 - Strategic Thinkingphilpickford
 

More Related Content

Viewers also liked

Emplois du temps_2emes
Emplois du temps_2emesEmplois du temps_2emes
Emplois du temps_2emesChennoufi Med
 
School Stars Library Card Campaign
School Stars Library Card CampaignSchool Stars Library Card Campaign
School Stars Library Card CampaignEileen Cole
 
WalkMate Account Statement
WalkMate Account StatementWalkMate Account Statement
WalkMate Account StatementEileen Cole
 
Lesson 9 show
Lesson 9 showLesson 9 show
Lesson 9 showGreg
 
Building consTRUCTION
Building consTRUCTIONBuilding consTRUCTION
Building consTRUCTIONsahil saini
 
Analytics in-action-survey
Analytics in-action-surveyAnalytics in-action-survey
Analytics in-action-surveyAnjan Das
 
Digipack analysis
Digipack analysisDigipack analysis
Digipack analysisHollie15
 

Viewers also liked (12)

CaseStudy-Archway
CaseStudy-ArchwayCaseStudy-Archway
CaseStudy-Archway
 
Combinacion de correspondencia
Combinacion de correspondenciaCombinacion de correspondencia
Combinacion de correspondencia
 
Emplois du temps_2emes
Emplois du temps_2emesEmplois du temps_2emes
Emplois du temps_2emes
 
School Stars Library Card Campaign
School Stars Library Card CampaignSchool Stars Library Card Campaign
School Stars Library Card Campaign
 
WalkMate Account Statement
WalkMate Account StatementWalkMate Account Statement
WalkMate Account Statement
 
cv liz2
cv liz2cv liz2
cv liz2
 
HabíA Una Vez Tres Cerditos Hermanos Que VivíAn
HabíA Una Vez Tres Cerditos Hermanos Que VivíAnHabíA Una Vez Tres Cerditos Hermanos Que VivíAn
HabíA Una Vez Tres Cerditos Hermanos Que VivíAn
 
Lesson 9 show
Lesson 9 showLesson 9 show
Lesson 9 show
 
Building consTRUCTION
Building consTRUCTIONBuilding consTRUCTION
Building consTRUCTION
 
Analytics in-action-survey
Analytics in-action-surveyAnalytics in-action-survey
Analytics in-action-survey
 
Digipack analysis
Digipack analysisDigipack analysis
Digipack analysis
 
17-02-14-UHPP ACA Update
17-02-14-UHPP ACA Update17-02-14-UHPP ACA Update
17-02-14-UHPP ACA Update
 

Similar to Hackers are from Mars; CxOs are from Jupiter

bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?Anthony Melfi
 
Secure DevOps - Evolution or Revolution?
Secure DevOps - Evolution or Revolution?Secure DevOps - Evolution or Revolution?
Secure DevOps - Evolution or Revolution?Security Innovation
 
Conquering Chaos: Helix & DevOps
Conquering Chaos: Helix & DevOpsConquering Chaos: Helix & DevOps
Conquering Chaos: Helix & DevOpsPerforce
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021Adam Shostack
 
CS101- Introduction to Computing- Lecture 42
CS101- Introduction to Computing- Lecture 42CS101- Introduction to Computing- Lecture 42
CS101- Introduction to Computing- Lecture 42Bilal Ahmed
 
Publishing Strategic Technology for Association of Catholic Publishers
Publishing Strategic Technology for Association of Catholic PublishersPublishing Strategic Technology for Association of Catholic Publishers
Publishing Strategic Technology for Association of Catholic PublishersCraig Miller
 
Project professionals: Ready for the future? AI and Change Management, James ...
Project professionals: Ready for the future? AI and Change Management, James ...Project professionals: Ready for the future? AI and Change Management, James ...
Project professionals: Ready for the future? AI and Change Management, James ...APMDonotuse
 
CSA Fall Summit 2017
CSA Fall Summit 2017CSA Fall Summit 2017
CSA Fall Summit 2017Chad Hoffmann
 
Hit the ground running 2013 - Strategic Thinking
Hit the ground running 2013 - Strategic ThinkingHit the ground running 2013 - Strategic Thinking
Hit the ground running 2013 - Strategic Thinkingphilpickford
 
Generative Analysis Overview
Generative Analysis OverviewGenerative Analysis Overview
Generative Analysis OverviewJim Arlow
 
CS 101 Introduction to computer computing-profession.ppt
CS 101 Introduction to computer computing-profession.pptCS 101 Introduction to computer computing-profession.ppt
CS 101 Introduction to computer computing-profession.pptathar549116
 
One hundred rules for nasa project managers
One hundred rules for nasa project managersOne hundred rules for nasa project managers
One hundred rules for nasa project managersAndreea Mocanu
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationEnergySec
 
DevSecOps with Microsoft Tech
DevSecOps with Microsoft TechDevSecOps with Microsoft Tech
DevSecOps with Microsoft TechDarin Morris
 
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptx
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptxSAL-DR-01-ELC 10 Understanding the SOC Audience.pptx
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptxhforhassan101
 
10 Observations from 10+ years in the Corporate UX Trenches
10 Observations from 10+ years in the Corporate UX Trenches10 Observations from 10+ years in the Corporate UX Trenches
10 Observations from 10+ years in the Corporate UX TrenchesArio Jafarzadeh
 
Three Secret Ingredients To Recruiting Software Developers
Three Secret Ingredients To Recruiting Software DevelopersThree Secret Ingredients To Recruiting Software Developers
Three Secret Ingredients To Recruiting Software DevelopersMichal Juhas
 
The Missing Link Between Governance and Agile Culture
The Missing Link Between Governance and Agile CultureThe Missing Link Between Governance and Agile Culture
The Missing Link Between Governance and Agile CultureJeremy Pullen
 

Similar to Hackers are from Mars; CxOs are from Jupiter (20)

bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?
 
Secure DevOps - Evolution or Revolution?
Secure DevOps - Evolution or Revolution?Secure DevOps - Evolution or Revolution?
Secure DevOps - Evolution or Revolution?
 
Conquering Chaos: Helix & DevOps
Conquering Chaos: Helix & DevOpsConquering Chaos: Helix & DevOps
Conquering Chaos: Helix & DevOps
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
 
CS101- Introduction to Computing- Lecture 42
CS101- Introduction to Computing- Lecture 42CS101- Introduction to Computing- Lecture 42
CS101- Introduction to Computing- Lecture 42
 
Publishing Strategic Technology for Association of Catholic Publishers
Publishing Strategic Technology for Association of Catholic PublishersPublishing Strategic Technology for Association of Catholic Publishers
Publishing Strategic Technology for Association of Catholic Publishers
 
Project professionals: Ready for the future? AI and Change Management, James ...
Project professionals: Ready for the future? AI and Change Management, James ...Project professionals: Ready for the future? AI and Change Management, James ...
Project professionals: Ready for the future? AI and Change Management, James ...
 
CSA Fall Summit 2017
CSA Fall Summit 2017CSA Fall Summit 2017
CSA Fall Summit 2017
 
Hit the ground running 2013 - Strategic Thinking
Hit the ground running 2013 - Strategic ThinkingHit the ground running 2013 - Strategic Thinking
Hit the ground running 2013 - Strategic Thinking
 
Generative Analysis Overview
Generative Analysis OverviewGenerative Analysis Overview
Generative Analysis Overview
 
CS 101 Introduction to computer computing-profession.ppt
CS 101 Introduction to computer computing-profession.pptCS 101 Introduction to computer computing-profession.ppt
CS 101 Introduction to computer computing-profession.ppt
 
One hundred rules for nasa project managers
One hundred rules for nasa project managersOne hundred rules for nasa project managers
One hundred rules for nasa project managers
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
 
DevSecOps with Microsoft Tech
DevSecOps with Microsoft TechDevSecOps with Microsoft Tech
DevSecOps with Microsoft Tech
 
CISO's first 100 days
CISO's first 100 daysCISO's first 100 days
CISO's first 100 days
 
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptx
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptxSAL-DR-01-ELC 10 Understanding the SOC Audience.pptx
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptx
 
10 Observations from 10+ years in the Corporate UX Trenches
10 Observations from 10+ years in the Corporate UX Trenches10 Observations from 10+ years in the Corporate UX Trenches
10 Observations from 10+ years in the Corporate UX Trenches
 
Three Secret Ingredients To Recruiting Software Developers
Three Secret Ingredients To Recruiting Software DevelopersThree Secret Ingredients To Recruiting Software Developers
Three Secret Ingredients To Recruiting Software Developers
 
The Missing Link Between Governance and Agile Culture
The Missing Link Between Governance and Agile CultureThe Missing Link Between Governance and Agile Culture
The Missing Link Between Governance and Agile Culture
 

Recently uploaded

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 

Recently uploaded (20)

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 

Hackers are from Mars; CxOs are from Jupiter

  • 2. 2 Hackers Are from Mars; CxOs Are from Jupiter Rob Havelt Director of information Governance, Risk and Compliance (iGRC) infoedge LLC
  • 3. 3 • A background as a packet monkey, wireless geek and leader of a pretty big pen test team • A hacker and technologist who bleeds ink from all those tested pens • A director of iGRC for a management consulting firm called infoedge LLC Rob is decidedly from Mars
  • 4. 4 Denizens of the boardroom and the SOC A rift often exists between the denizens of the boardroom and the SOC, who each inhabit different worlds.
  • 5. 5 Denizens of the boardroom and the SOC They don’t think, communicate or process information the same.
  • 6. 6 The title of this talk isn’t arbitrary; the planet names are significant. Beyond simple lexicon
  • 7. 7 • God of war • Protector of agriculture • Guardian of populace M ARS
  • 8. 8 • Lightning bringer • Controlled the realm • Father of Gods JUPIT ER
  • 9. 9 Why bother knowing this? Fair question.
  • 10. 10 Why bother knowing this? Fair question. I’d rather be taking apart an ATM, developing exploits or getting root.
  • 11. 11 As a director at a technical firm for many years, I thought I knew a decent amount about the business layer until I left that bubble and entered theirs.
  • 13. 13 I realized that words and concepts meant completely different things to a CPA than an engineer.
  • 14. 14 Like any hacker, I wanted to pull things apart, see exactly how it worked and know the rules.
  • 15. 15 What’s in it for hackers? • Leave “the bubble” • Communicate clearly to get your funding • Hack “the rules” to get your way
  • 16. 16 Disregarding bold ideas • Ideas for solving non-technology problems are often non-starters • They aren’t bad ideas but lack business context (metrics, operationalization, optimization, planning) • They also lack visualization of how they contribute to the company (mission, vision, goals, objectives)
  • 17. 17 Don’t let good ideas stagnate due to presentation.
  • 18. 18 All Other Business Levels Board of Directors Jupiter Players Other Players (CIO|CMO|CCO|CTO) Company Management (CEO|COO|CFO)
  • 19. 19 What about the CISO? • Chief Information Security Officer (CISO) or Chief Security Officer (CSO) • Has the least secure position in the organization • Is the person who takes the fall for the inevitable breach • Knows heshe will take the fall • Accepts impermanence as part of the job description CISO?
  • 20. 20 Keep the following in mind when strategizing on how to present to these players.
  • 21. 21 Executives have unique expectations and priorities • Do some homework to find out what those priorities are • Prepare to cycle through a few contexts to see what resonates
  • 22. 22 Executives have limited time and demand clarity • Deliver key messages up front • Have a plan A, B, C and D in your pocket
  • 23. 23 Executives require high-level communication • Use graphical models whenever possible • Use pre-reads and handouts
  • 24. 24 How do hackers align CISO/CSO InfoSec expectations?
  • 25. 25 Align your message with business risk strategy • Understand the risk appetite of the organization • Make a proposal that enables business decision-making
  • 26. 26 Satisfy cyber security risk concerns • Cyber risk is one of the top three boardroom concerns, and therefore an executive concern • Other concerns include current risks, emerging trends and strategy
  • 27. 27 Use effective storytelling • Know what impression you want to leave behind/story you want to tell • What outcome do you want?
  • 28. 28 Take the time to refine your message.
  • 29. 29 Tell a story that aligns with your objective • Facts and data are great, so use them • Ensure your data can stand on its own • Connect the dots to tell a compelling story • Socialize your story ahead of time
  • 30. 30 Paint a complete picture without raising alarms • Risk management is about both opportunities and threats • Don’t exaggerate and negatively impact your credibility; expect counter information to exist • Any counter information can destroy your credibility
  • 31. 31 Communicate risk and provide clear parameters • Terms like “high risk” are open to interpretation • Use frequencies rather than percentages • People respond differently when you allow a comparison of how often an activity is undertaken
  • 32. 32 Constructs management loves • Corporate dialogue • Analytics • Process flows • Value propositions
  • 33. 33 Learn these constructs to help you present your ideas more effectively.
  • 34. 34 Learn your corporate dialogue • Technological talk actually makes sense to the initiated • Terms have definitions, acronyms all stand for something and they are defensible • “Corpspeak” has to be made up; what do words like “operationalization” even mean?
  • 35. 35 Analytics • Measure everything...even if your approach to measurement is unique • Gather real, obtainable measurements • If you can’t directly measure something on its own scale, compare it to something similar, e.g. BSIMM • Look to someone with “Auditor” in their title to learn how to do this in your organization
  • 36. 36 Process flows • Arrange into corresponding swim lanes • Number all steps • Have descriptions for all artifacts • Include an input and output for each block
  • 37. 37 Value propositions • Straightforward yet hard to do • Must start with business issues • Focus on threats and opportunities in a risk context • Define what you want and the impact it will have • End with what people will get out of it
  • 38. 38 Tying it all together • Both sides have different concerns, focus and drivers • People working towards the same objective can approach it in vastly different ways • Bridge the gap by taking an objective look at your players and their risk drivers • Frame the issues that are most critical for the C-suite to understand
  • 40. 40 Rob Havelt Director information Governance, Risk and Compliance (iGRC) infoedge LLC rob.havelt@infoedgellc.com @dasfiregod About infoedge LLC infoedge helps you improve business strategy, accelerate innovation and manage risk, so you can succeed in the information economy.