As a global investment and advisory firm, Blackstone invests in many businesses that seeks cybersecurity guidance. In the capacity of CISO, Leek speaks often with the Blackstone board and the boards of other businesses within Blackstone’s portfolio.
Leek says that communicating with the board isn’t rocket science and that boards need a realistic understanding of the state of cybersecurity today.
“A lot of the time, I’m explaining the nature of the challenge to boards of directors,” says Leek.
“I’m telling them that it’s not possible to stop everything and that some threats are going to get in, and why it’s so important to be able to respond effectively. It’s very important just to get boards to understand that,” he says.
Next month, Leek is making a presentation to a board of directors at a Blackstone company and one of his primary goals is to keep the message straightforward.
“The presentation is four slides, two of which explain the realistic state of security, so they can understand and wrap their heads around the nature and magnitude of the problem before I try to explain anything about what they need to do,” he says.
“I believe we as security professionals, myself included, have done our industry such a disservice by making what we do so complicated to others. We have crazy frameworks and hundreds of different controls and best practices among other things. We have 1,200 vendors in the space and argue that we need all these crazy, magical things so we can be able to hopefully secure ourselves,” he says. “We really don’t, and I’m a big believer in communication with the board and simplifying how we communicate.”
Sounds like a great way to better align cybersecurity with business leaders. Now, if only more would get that message.
Sign up for Computerworld eNewsletters.