That starts by listening, in my view: Listening to stakeholders and sponsors, understanding their expectations, their pain points, what has worked in the past, what hasn’t and why, what happened with your predecessor… Sometimes “what can I do to help you?” is simply the best question to ask…
This process should initiate a journey of co-construction of the cybersecurity narrative, and beyond that, of the firm’s cybersecurity strategy.
If objectives are shared with stakeholders and sponsors, friction is reduced; over time, business champions emerge who relay the cybersecurity narrative, not because it’s the CISO’s but because it’s theirs.
