Another key parameter is the audience. I tend to break an audience into strategic vs. tactical consumers. Both play a vital role as part of your security program. We need strategic insights to help us determine if we need to update our risk posture or redeploy our budget. For tactical consumers we may need feeds for research that support best practices and understanding of how criminals are attacking so we can determine how to manage our security controls.
When it comes to briefing on the research, I prefer to tell a story over presenting the data. Whether you have qualified or quantified data, humans relate to and remember stories better than numbers. So while a slide with statistics lends credibility, a slide showing the impact the data is having will both be remembered and provide more value. Additionally, think about your role — you don’t want to become a news reporter. You need to be more of an advisor offering the results of research that will facilitate actions.
Treat research like a skill that needs to be constantly improved.
Leaders consume, conduct, and present research constantly but most of us don’t stop and analyze how effective or impactful we are. Additionally, we need to ask if we have research as part of our strategy (internal and external). Remember the goal of good research should facilitate a decision or action.
© 2024 FS-ISAC, Inc. All rights reserved.
Steve Winterfeld is Akamai’s Advisory CISO. He has strong background in building operational security programs that are compliant with industry regulations. Before joining the team, he served as CISO for Nordstrom Bank,...Read More
Managing Director of Incident Response and Threat Intelligence at Charles Schwab and Senior Technical Director Cybersecurity & Group CTO at Northrop Grumman. Steve focuses on collaborating with Akamai’s customers to make sure they are successful in defending themselves and their customers. He also helps determine where Akamai should be focusing its security platform’s capabilities. Steve has published a book on Cyber Warfare and holds CISSP, ITIL and PMP certifications.