Speakers
Synopsis
It is generally understood that cybersecurity is not “an IT problem”, but the gap between cybersecurity and business leaders persists. CISOs have been instructed to “use business language” and success is based on driving security from the top down, but those are simply unclear t-shirt slogans. We have clear, actionable steps for cybersecurity leaders to present cyber risk in line with other strategic business risks using common risk management concepts and language.
Dan Elliott is a former Intelligence Officer turned international speaker and cyber risk leader. As one of the operational risk managers for the Canadian Security Intelligence Service, he presented complex operational risks in relatable terms for organizational leaders. As an undercover operator, he learned effective social engineering methods to gain partners and effectively turn dissidents into supporters.
Attendees will leave with actionable takeaways to improve their communication of cyber risk to their non-technical colleagues, increase awareness of cyber mitigation activities, and present with greater confidence to organizational leaders and the Board. The techniques provided are drawn from government training, social engineering methodology, traditional risk management practices and multiple successful engagements with clients who have been able to reduce their overall cyber risk through increased collaboration and a focus on effective cyber controls.
This is not a session telling CISOs to speak in business language. This is a shortcut to helping CISOs understand how the rest of the business measures risk and how they can effectively position cyber risks in that environment.
