CISO in the Middle: Managing Risk Up and Down the EnterpriseHumphrey Christian of Bay Dynamics on the CISO's Role
When it comes to cyber risk, how must the CISO manage communications across the enterprise? The board, the staff and the line-of-business leaders all have different needs. Humphrey Christian of Bay Dynamics offers advice for the CISO in the middle.
Historically, security leaders have communicated mainly upward to the CEO and to the board, and it's all been about numbers - how many vulnerabilities patched, how many incidents detected?
"It's been about 'what have I done?'" says Christian, vice president of product management. "What we're seeing is that CISOs are now being asked to talk the language of the board of the directors and the C-levels. And that language is the financial language - what is the financial impact of the cyber risk?"
Similarly, when discussing the topic with security professionals and line-of-business leaders, CISOs now find themselves having entirely new conversations.
In this interview about managing and communicating cyber risks, Christian discusses:
- How to manage up to the CEO and the board;
- How to manage down to security practitioners and teams;
- How to manage sideways/laterally to business and application owners.
Christian has over 16 years of experience designing and implementing data analytics solutions. Since joining Bay Dynamics in 2002, he has directed the product strategy, architecture, and implementation of the widely adopted IT Analytics and Risk Fabric products. He began his career in IT as a member of the Accenture consulting team.