communication

“Boards Love to Hear Jargon,” Says Soon-to-Be-Fired CISO

Cybersecurity boards often lack expertise, making meaningful governance challenging as many directors cannot critically evaluate risk reports and rely heavily on CISOs’ presentations. Experts suggest CISOs should engage with board members one-on-one outside formal meetings to build understanding and trust, translating technical risk into business terms, while emphasizing that boards must maintain fiduciary responsibility without needing deep technical knowledge. Additionally, rapid AI adoption in competitive markets pressures organizations to balance speed with security, with the consensus favoring faster innovation despite associated risks.

https://cisoseries.com/boards-love-to-hear-jargon-says-soon-to-be-fired-ciso/

Most CISOs Report Pressure to Bury Bad Security News

A report by Checkmarx reveals that 95% of CISOs feel pressured to suppress or delay reporting security issues, due to competing business priorities and concerns from boards and executives about timing and public perception. This pressure undermines transparency and complicates disclosure decisions, especially when vulnerabilities may not pose significant immediate risk but could affect customer trust and legal standing. Experts suggest integrating CISOs more fully into business strategy and shifting cybersecurity from a compliance checkbox to an operational resilience focus to alleviate these challenges.

https://www.darkreading.com/cyber-risk/most-cisos-report-pressure-to-bury-bad-security-news

7 Ways for CIOs to Deliver Bad News Without Losing Trust

The article outlines seven strategies for CIOs to deliver bad news effectively without losing trust, emphasizing transparency, clear communication, and solution-oriented approaches. Key recommendations include sharing information early to avoid surprises, presenting the core issue upfront, translating technical problems into business impacts, owning the problem while proposing solutions, sticking to facts without speculation, maintaining neutrality without emotional defensiveness, and fostering a culture that encourages early reporting of issues. These practices help build trust, facilitate timely decision-making, and shift focus from blame to constructive action.

https://www.cio.com/article/4177020/7-ways-for-cios-to-deliver-bad-news-without-losing-trust.html

Nobody Pushed Back: Why Engineers Stay Silent Until It’s Too Late

The article explains that major engineering failures often occur not because of a lack of knowledge but because engineers stay silent when they foresee problems, as speaking up is socially or professionally costly. Cases from Nokia, TSB, Boeing, and Microsoft illustrate how technical risks were known internally but suppressed due to company culture, fear of backlash, and a prioritization of “alignment” over genuine dissent, leading to disastrous outcomes. The piece emphasizes the need for organizational environments that encourage safe and constructive pushback to prevent such failures.

https://howtocenterdiv.com/beyond-the-div/nobody-pushed-back

Delivering an Impactful 15-Minute Board Briefing

Cyber risk oversight is increasingly a priority for audit committees, which often allocate only 10 to 15 minutes per quarter for cybersecurity briefings amidst other responsibilities. Effective CIO and CISO briefings focus on delivering concise, actionable insights that highlight material risks, changes in the external environment, and program health, enabling directors to govern with clear priorities and decisions rather than merely receiving status updates.

https://www.cio.com/article/4163334/delivering-an-impactful-15-minute-board-briefing.html

Why Leaders Need “Power Skills”

Many leaders today face a significant skills gap as traditional leadership abilities no longer align with the demands of modern workplaces, leading to eroding trust, low employee engagement, talent loss, and reduced innovation. Developing mastery in soft skills, referred to as “power skills,” is essential for leaders to effectively build trust, foster engagement, and sustain success in evolving organizational environments.

https://hbr.org/2026/04/why-leaders-need-power-skills

Why ‘Need-to-Know’ Communication Fails Modern IT Teams

Fredrik Hagstroem argues that “need-to-know” communication fails modern IT teams because withholding information constrains decision-making and trust. He emphasizes that clarity requires completeness and context rather than brevity, noting that modern complex IT environments demand broader information sharing to empower teams, build trust, and drive effective action toward goals.

https://www.cio.com/article/4153864/why-need-to-know-communication-fails-modern-it-teams.html

Shooting Down Ideas Is Not a Skill

The article discusses how easily proposed ideas in meetings are often dismissed due to immediate criticism, which requires little effort compared to the imagination and courage needed to create them. It highlights that while identifying flaws is important for preservation, it does not create value, and encourages adopting a mindset that first explores an idea's potential before critiquing it, promoting constructive contributions that build up ideas rather than quickly tearing them down.

https://scottlawsonbc.com/post/shooting-down-ideas

Watch Your Words: Tim Brown’s Advice for CISOs

Tim Brown, former CISO of SolarWinds, shared insights at RSAC 2026 about the 2020 SolarWinds supply chain attack and his personal experience as the first CISO indicted in a civil lawsuit by the SEC for alleged fraud related to cybersecurity disclosures. Brown highlighted how excessive communication and misunderstood internal language during the ensuing SEC investigation led to legal challenges, emphasizing the critical need for clear communication policies and cautious internal messaging to prevent misinterpretation and legal risks in cybersecurity incident management.

https://www.techtarget.com/searchsecurity/feature/Watch-your-words-Tim-Browns-advice-for-CISOs

5 Tips for Communicating the Value of IT

CIOs must effectively communicate IT's business value to shift perceptions from being a cost center to a profit driver. Key strategies include: highlighting IT's impact, focusing on business outcomes rather than technical metrics, using relevant KPIs, developing storytelling skills, and framing IT as an asset builder. By translating IT achievements into relatable business language and results, CIOs can ensure stakeholders recognize IT's contributions.

https://www.cio.com/article/4137669/5-tips-for-communicating-the-value-of-it.html

Scroll to Top