Skip to main content

Perspectives Home / SECURITY

How to Speak Board: A Primer for CISOs

The first step: Understand each member's background and unique concerns.

individuals in corporate setting

Boards come in different sizes, and their members from varied backgrounds.

There’s no “one-size-fits-all” approach for CISOs wondering how to navigate board relationships effectively. But LaLisha Hurt, a three-time CISO and currently a public sector industry advisor at Splunk, has some pointers. With her extensive experience communicating with a board of directors during her previous tenures at Capital One, GDIT, and General Electric, she is well-equipped to offer valuable insights.

She emphasizes the need to speak their language, which involves understanding each member’s background and their unique concerns. This empathetic approach not only helps a CISO gauge their cybersecurity knowledge but also explain how security risks are business risks. “Present security as a business enabler and not a cost center,” Hurt advises; she also recommends interjecting dollars and numbers wherever possible to describe the impact. 

My entire conversation with LaLisha Hurt is a treasure trove of insights on how to navigate board relationships as a CISO. Don't miss out on these valuable perspectives. And for more thought-provoking discussions from security, IT, and engineering leaders delivered straight to your inbox, sign up for our monthly newsletter.

Read more Perspectives by Splunk

May 21, 2024   •  22 minutes listen

Is Your Organization in Step with AI? Check on Your Data Tenancy.

Forget the lone-wolf mentality of a single SOC. Today, it’s all about cross-sector collaboration and information sharing.

February 9, 2024 • 4 minute read

5 Ingredients for a Robust Cybersecurity Culture

What it takes to help every part of your organization understand the function and value of security.

APRIL 18, 2024 • 5 minute read

It Takes a Village: Why Security Teams Won’t Achieve Resilience Without Collaboration

CISOs in 2024 may face rigid security incident disclosure mandates, but they also have opportunities to align priorities and become stronger cyber champions for their boards.