I'm a security engineer that is about to be promoted to assistant CISO in government. I created a dashboard in our SIEM to show some data points such as blocked connections, attempted malicious sign ins, etc. Our CIO shows this to the executive team to gain buy in and it has worked.

Wow I thought to myself, if I was a CISO and someone asked about security, I would say: we haven't been hacked, we doing good. Dr Eric just read my mind 😂

*IT is all about infrastructure up-time. *Cyber security is not an IT or security problem, cyber security is a business problem because it's risk, and what risks the business is willing to take. LAW of cyber security: every time a business adds a functionality it decreases security or increases risk. *Tell executives how many attacks are stopped daily from interrupting the business! (Cybersecurity budget spending has a return on the business) THEN, present how cyber security is a business enabler through stopping loss from occurring and saving the company money. 3rd, bring the executives into the solution by requesting to determine the level of risk accepted.

You never know when you get hacked. Be always prepare to respond.

So true aboit y2k