3 Questions Successful Security Leaders Should AskExpert Offers Insights on Overcoming Confusion, Friction With Simple Questions
Today's security executives are increasingly expected to possess a strong business acumen in addition to their expertise in managing risk. This means they must have the ability to communicate the mission of the security program to all levels of the organization, from the board down to the end user.
But communication is still often cited as a major hurdle for security, Michael Santarcangelo of the Security Catalyst, a research and consulting firm, says in an interview with Information Security Media Group.
"A lot of times in security we get overwhelmed," Santarcangelo says. "We don't want to be seen as the bottle neck. We don't want to be the party of no. Often people will throw stuff at us, and we don't always know what they're asking. "
Santarcangelo, who works with security teams to troubleshoot communication issues and accomplish their goals, suggests security leaders ask three simple questions at the outset of any project to achieve immediate clarity:
- What problem are you trying to solve?
- What value will the solution create?
- What is the impact of that solution?
"You're not using these questions to shut people down," he says. "You're using these questions to understand where the focus should be."
In the interview (see audio link below photo), Santarcangelo:
- Breaks down the purpose of each question and the specific information each question aims to uncover;
- Describes how to achieve the goal of eliminating friction between departments and create a deeper understanding of expectations;
- Distinguishes between creating value in an organization and expressing value successfully with strong communication.
Santarcangelo is the founder of Security Catalyst, an organization dedicated to turning complexity into comprehension. For over two decades, he has worked across several industries to solve security challenges.