View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Selling Security to the Board? Three Messages, Max, Says William Hill CISO

“Your job is to take all that data and crunch it down into something meaningful."

By CBR Staff Writer

If you try to sell your security measures to a company board by pointing out that current systems are rubbish, the company is not doing well when it comes to security, and overall everything is a hot mess behind the scenes they “won’t appreciate it and they won’t thank you for it.”

That’s the view of Killian Faughnan, Group CISO at bookmakers William Hill, who was blunt on the many blunders he has seen in the industry, when speaking at this year’s Infosecurity Europe event in London.

He warned that security pitches to board members often get too bogged down in the weeds. He believes that when information security offices address the board they should become marketers: “What we are doing when we talked to the board is we are marketing our product to our customer.”

“Security is our product.”

Read this: “I’m Terribly Sorry, but Would You Be Interested in Funding My Humble Little British Startup?”

Yet this leads to an uncomfortable truth that marketers know quite well: “Perception is more important than the truth of things or reality.”

He admits that as someone who works in an industry that is very much based on facts and hard truths this is a ‘discomforting’ reality to accept.

The key is understanding that the members of the board are human beings: “They’re not homogenous institutions, the board isn’t an individual; it’s a collection of people who have different views on what ‘good’ looks like. They have different goals, different ambitions, different agendas,” Faughnan noted.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Knowing that they have different views and agendas from each other should be factored into how you approach each meeting. It’s important to know: “What would delight one of them and what would frustrate another.”

selling security

An example of the types of slide one should avoid

 Selling Security

All of this should come into play when you construct a message for the board about the security of the company. Remember that you are part of the packaging for the product you are selling, the product is still security, but you are the tangible manifestation of that security, he emphasised.

The message needs to be delivered in a simple, but engaging manner.

Faughnan commented that: “If I try to land more than three messages I will confuse myself and I’ll confuse them and your message will get lost beneath all the detail. Your customer will tune out. If you confuse your customers. If you distract them with data. They will just buy your product from someone else, which unfortunately for us means they will hire someone.”

He suggest that people should keep it simple, slides need to be at a minimum, aim for one slide, “Obviously, you’ll never get down to one slide,” yet that is what he aims for each time and this drives him to cut out the unnecessary data that looks incredibly important to security offices, but is not needed right there and then.

You need to know all the data, the stats, the graphs, but they don’t. What they need is the message the data is communicating.

“Your job is to take all that data and crunch it down into something meaningful and be able to present that to the board in a way which makes them feel that you know what you’re doing and they trust you,” he states.

See Also: Nvidia Rolls Out A Scaleable Edge Computing AI Platform

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.