infosec.live’s Post

How to get execs to finally understand and care about what you’re saying Using 3 simple questions. I’ve helped over 20 cyber security leaders in the last 6 months. They all wanted to sell themselves better And sell the work they’re doing. But, most cyber security leaders overcomplicate their message. You can spend hours talking about threats and risks. But, if you don’t connect it to business value, you’ll get blank stares. Ask yourself these 3 questions before any meeting: 1/ What does this initiative protect? → Be specific. Revenue streams? Customer trust? Operational efficiency?  Connect your initiative directly to something that matters to the business. 2/ What’s the financial impact of not doing this? → Lay out the numbers. How much could a breach cost? What’s the potential hit to revenue or reputation? Speak their language...money. 3/ How will this initiative enable business growth? → Security is about supporting growth. Show how your work will make the business more agile, efficient, or competitive. Asking these questions does two things: → It forces you to tie security to business outcomes. → It shifts the conversation from technical to strategic. When you start speaking their language, not only do you elevate cyber, but you also elevate yourself. If you want to know more about how I'm helping my clients achieve success, then DM me 'BLUEPRINT' I am taking on new clients to start in October.

When we talk about culture of security, we’re talking about the ideas, perceptions and feelings that individuals have about cybersecurity. It’s not just a technology or an IT thing. We have to start from the top with the executive leadership. We have to lead by example, and we have to be able to show that this is important across all levels of the organization. Also, business areas have to take cybersecurity into consideration. When we are adopting new tools, technologies and business ventures or ideas, we need to think about cybersecurity and the potential risks associated and explain those to the team that is responsible for software and system development. Say, “These are the concerns that we have. Can you make sure the system that we put in place addresses these issues and risks?” Also, a lot of organizations have an IT and a help desk department. People often call there when they have problems. Use that group as an awareness moment or an awareness point of view. If a user calls in because they have a virus, take the time to explain to the user how the virus got in. Ask them if they went to a malicious website or used a foreign USB key. There is education across all departments and levels. It’s not just at the very end. We’ve been taking decisions from the very beginning, and those accumulate to the end users who have to use the systems and applications. We put the burden on them. Let’s look at all levels of the organization. #riskculturelab #riskculture https://lnkd.in/dQDNvhAE

One of the best things I have attended. The IT Europa Media & Intelligence Ltd Growth Forum was both informative and thought-provoking and my main takeaways are: AI is the next thing to shake up the industry, but it is not a solution on its own, coupled with effective processes and people it will make a massive difference enabling MSPs to do much more without increasing employees. Something we are already tacking at IT Naturally | B Corp | MSP. Cyber Security remains a massive area of concern, but strangely MSPs have to push customers hard to invest in protection up to the point that they are breached and only then do they invest. The advice from the experts: Don’t wait until it’s too late! 90% of breaches start outside business hours – do you have a cyber response team and cyber incident response process in place that can be called on 24/7? The SMB (10-499 employees) for MSPs is growing with a decline simple break/fix moving to an increase in fully managed services and tight partnerships with customers focusing on customer outcomes, not just achieving SLAs. I loved the market analysis from Nathan Marke Giacom, Baroness Eliza Manningham-Buller (former Head of MI5) after-dinner speech and chatting to Daniel Green ConnectWise. A special thanks to Michael O’Brien and The Grove hotel for hosting. But my favourite moment has to be listening to our very own Jess Blight on the panel talking about what pivotal role culture plays in your organisation.

Unlock the Secrets to a Successful Security Champion Program! 🔐 Is your organization looking to strengthen its security culture but unsure where to start? Our November newsletter dives into the "Do's and Don'ts of Security Champion Programs" to guide you on this journey. https://lnkd.in/eyQuDKez 🌟 What’s inside: - Top Ten Security Champion Program Blunders: Learn from common mistakes and how to avoid them. - Building a Security-Aware Culture: Strategies to foster proactive security mindsets. - Expert Insights on Engaging Developers: Listen to Katilyst's own Dustin Lehr talk through bringing secure coding practices to development teams Be sure to subscribe for more content focused on building resilient security culture programs, and send us a message if you're looking for support! Let's build a stronger, more secure future together. #CyberSecurity #SecurityChampions #ApplicationSecurity #ProductSecurity #SecurityCulture

Katilyst has just released it's November newsletter, focused on the Do's and Don'ts of Security Champion programs! If you're looking to build or scale your champion program, you'll definitely want to give this a read! #SecurityChampions #SecurityCulture #CyberSecurity

Shift the culture across your organization, but recognize that it's not a tick-the-box kind of exercise. Genuinely build better habits, norms and belief systems. Put priorities into practice. Learn more. #securityawareness #cybersecurity #CyberTalk

Shift the culture across your organization, but recognize that it's not a tick-the-box kind of exercise. Genuinely build better habits, norms and belief systems. Put priorities into practice. Learn more. #securityawareness #cybersecurity #CyberTalk

READ OUR SMALL BUSINESS BULLETIN – CYBERSECURITY BEST PRACTICES Cyberattacks are becoming more frequent and complex, and businesses of all sizes and industries are potential targets. In fact, cybercriminals increasingly go after small businesses since they contain much of the same types of sensitive information as larger enterprises but often have weaker cybersecurity defenses. Click the below link to read more. https://lnkd.in/gSKepBn5 #cyberattacks #smallbusiness #cybersecurity

Is the Security Awareness Saturated? Not When You're Doing it Differently! The other day, someone asked me a question: “There are already so many Cyber security awareness products out there. What makes you think yours is different?” It’s a fair point, and I’m excited to share why our Saas platform Hacker Rangers by Protect360 stands out in this crowded market. 1. Gamification: We are the only 100% gamified platform in the world. We’ve turned security training into something employees actually look forward to. By making the programs fun and interactive, we see higher participation and better retention of crucial security knowledge. It’s not just training—it’s an engaging experience. 2. Cultural Change: We go beyond just teaching security principles. Our goal is to embed a security-first mindset across the entire organization. We help companies create a culture where security is part of everyday conversation, empowering employees to take proactive steps. 3. Higher Engagement Rates: Traditional training methods often fail to capture attention. Our innovative and interactive approach keeps employees actively involved, which leads to better implementation of security practices. Engagement is key, and we excel at it. 4. Support from Our CAT: Our Cybersecurity Awareness Team (CAT) is dedicated to the success of our campaigns. From planning to execution and beyond, our experts work closely with your team to help with strategy, implementation, execution & ensuring maximum ROI of the efforts. 5. Customized Solutions: We understand that every organization is unique. That’s why we tailor our programs to meet the specific challenges and needs of each organization, ensuring our training is relevant and effective. 6. Continuous Improvement: The cybersecurity landscape is always changing, and so do we. Our programs are constantly updated to address the latest threats and incorporate the newest best practices. At Protect360, we’re not just another player in the security awareness field—we’re innovators, partners, and champions of a secure workplace culture. So, when I was asked what makes us different, my answer was as above. #Cybersecurity #SecurityAwareness #Innovation #Gamification #CulturalChange #EmployeeEngagement #DedicatedSupport