Every CISO must accept the harsh reality that he or she may not be invited to the boardroom table or the executive leadership team meeting. This relatively new function may not yet receive C-level attention in certain businesses, and in others, the organizational structure may preclude you from ever gaining a permanent seat at the table. If you report to a CIO or CTO and feel stifled by the hierarchy, you will face additional challenges. Alternatively, your message may be diluted by the time it reaches the top of the chain of command.
While not having access to your organization’s highest levels can be discouraging, keep in mind that you can still have a big impact on your organization’s security. It is possible that you will just have to hustle. Be a translator: When communicating with members of the executive or board of directors communicate in a businesslike manner and keep your communications brief and interesting.
As an executive, I would welcome the opportunity to meet with any team member (at any level) who wants to discuss their ideas with me. If these ideas are intriguing, I would probably let them sit for a few weeks before providing input to the employee. We have now established an open line of communication and begun to establish a rapport. Perhaps this person will continue to give thought-provoking thoughts during our talk. I might present their ideas to the board or invite them to do so.
Having a permanent seat at the table is, of course, desirable, If that is not possible, attempt to get yourself — or at the very least your ideas — into the boardroom. It does not imply you cannot have an influence if you do not have a standing invitation.
To reach time-crunched executives (or just about anyone else for that matter), you must meet them where they are. You already understand why investing in cybersecurity is critical to your job. Now put yourself in your boss’s shoes and explain why it is so important to them.