100%. This is a theme I keep coming across either at events I attend or through conversation. Communication and being able to articulate your POV effectively to a given audience is a requirement. My question to you, Russell: Who's perspective would you be most interested in hearing from on this conversation? CISO? CFO? CEO? Board Members? All of the above? - Jason

@@PurpleSec Great question. CISO for sure, as it's part of their remit (I would hope). But really whoever is signing checks / cheques. What are they looking for in a business case? What makes a good or bad case? Soft skills are really underated. Almost all security is about the "sexy" side, but policies, procedure, business cases, risk assesments are really (to me) what will make security move in the right direction. Without a stick and a carrot, it's all over the place.

@@RussellKeleher I have a CISO lined up already to have this very conversation (maybe in the next 2-3 weeks). I think it would be great to have a CFO (ideally a CEO who also used to be a CFO) on as well to make it more of a discussion from both perspectives. Really appreciate your feedback :) - Jason

Cant measure success if you haven't worked out your objective, requirements, impact and key metrics

Glad you found value! - Jason