This book is for cybersecurity leaders across all industries and organizations. It is intended to bridge the gap between the data center and the board room. This book examines the multitude of communication challenges that CISOs are faced with every day and provides practical tools to identify your audience, tailor your message and master the art of communicating. Poor communication is one of the top reasons that CISOs fail in their roles. By taking the step to work on your communication and soft skills (the two go hand-in-hand), you will hopefully never join their ranks. This is not a “communication theory” book. It provides just enough practical skills and techniques for security leaders to get the job done. Learn fundamental communication skills and how to apply them to day-to-day challenges like communicating with your peers, your team, business leaders and the board of directors. Learn how to produce meaningful metrics and communicate before, during and after an incident. Regardless of your role in Tech, you will find something of value somewhere along the way in this book.


Preface xvii

Acknowledgments xix

Author xxi

Introduction 1

Part 1 Communication Foundational Skills 13

1 Foundational Communication Skills 15

2 People Skills 43

3 The Language of Business Risk 59

4 Company Culture 79

5 Better Business Writing 93

6 Say What? Verbal Communication Skills 119

7 Communication Superpowers 157

Part 2 Communication in the Real World 183

8 Policies, Standards, Guidelines and Procedures 185

9 T raining and Awareness 203

10 Driving Change through Metrics 217

11 The High Stakes of Incident Response Communication 235

12 Communicating with Your Team and Colleagues 249

13 Managing Up: Finding Your Boss’s Communication Style 269

14 The Board of Directors 279

15 Working with Auditors 295

16 Your Next Job 305

17 Consultants and Sales: Building and Maintaining Client Relationships 325

Appendix 341

Index 361