The afternoon discussion, The Art of Persuasion\u2014Selling Up in the organization, was moderated by CSO editor Derek Slater, and included panelists David Burrill, CSO British American Tobacco; Pete Metzger, Partner, Heidrick & Struggles, and Krizi Trivisani, director systems security operations, CSO George Washington University.While 3:45 is a dangerously good time of day for a nap, an ice cream truck happened to pull up outside the conference room, so everyone entered the session seeming somewhat renewed. Slater began the panel with breaking news: "Conference tracking tells us that CIOs eat more than CSOs, but CSOs drink more than CIOs." On a more serious note, Slater told us that 70 percent of the 350 CSOs polled in our State of the CSO Survey said that their company\u2019s upper management has put a greater emphasis on risk management this year than in previous years. He asked the panel if this is an uptick?Trivisani: We meet twice a year in front of the board, security gets five to six minutes to present their progress, plans and needs. The board seems much more informed. All I have to do is say NIST and they say, we know we need to be at level three, how are we doing?Metzger: Those who play in the international level are keenly aware of threats against their brand and people. It\u2019s not hard for me to sell up when they come to me looking for this.Burrill: I think times have never been better than they are now to influence up. There\u2019s a growing professionalism among security folks and a growing recognition among the board that this is an area they can\u2019t neglect. The two are probably related. There\u2019s a tremendous opportunity here to cash in on. But I think it\u2019ll be a gradual improvement rather than an overnight change.Slater: That\u2019s good news: it\u2019s a fertile time for security awareness and a good time for CSOs to put their cause forward. Let me ask you to recount the first time you presented to the board.Burrill: I looked for a topic I could brief them on, tried to find a topic where there was clear multi-functional concern. I was briefing them on something that was fundamental to the business. Counterfeit. Give them something they would welcome. In that sense, I had an easy one. If you\u2019re going to represent any company at any level, if you can interface with them and feel comfortable than there are benefits to that.Slater: What are the presentation skills you\u2019re looking for?Metzger: The ability to present oneself with confidence is important.Qualities our clients seek:Ability to act as a peer; Establish yourself with a credible history; Ability to understand business; Need to understand enough about the business;To show value to your security programs; Ability to think expansively. You need to think about what\u2019s happening three or four countries or continents away and how it can affect my business. That\u2019s something CEOs are paying a big compensation package for right now.Trivisani: The CSO before me only lasted two days. He told people what to do.Slater: You have to be particularly careful at the university, which is open and doesn\u2019t want to be locked down.Trivisani: Make your security message personal and relevant to the person you\u2019re trying to convince. Look for ways to make it personal to that individual. Burrill: I tried to make sure everytime the board got together, I got my face in front of them. I only talk to the board for five minutes when I go in. I choose one topic that I want endorsement from them. That\u2019s what I concentrate on. There\u2019s never been an occasion when it hasn\u2019t worked. It\u2019s good to be in front of them, and talking to them.Slater: What do you do when you identify someone whose endorsement is important, but seems improbable.Metzger: Sit down with someone and clearly determine what their objections are. Show them the wisdom of listening to a different perspective. Show them how it can return shareholder value. That comes through competence, self-confidence and experience. Be convincing in your logic. Even if they don\u2019t like what you\u2019re saying, they have to endorse it.Burrill: I don\u2019t have enemies, I have friends and potential friends. I don\u2019t want enemies around. It\u2019s seeing everyone in the best light and not being naove about it. I\u2019m selective with what I present to the board. I pick a particular topic and give them some statistics and an example. I\u2019m not driven by metrics, I\u2019m driven by relationships with people.Metzger: Make your message redundant, clear and simple. If you can\u2019t put the rules on a t-shirt, no one is going to read it. Question from the crowd: Do you have tips to help us gauge the risk tolerance of our corporations?Metzger: If you create the opportunity to meet with your leadership with the purpose expressly being, one, I\u2019m responsible to you for the security operations for this company. Two, you are responsible for the leadership of this company. You\u2019ve delegated me authority. At the conclusion of this discussion, I\u2019d like you to tell me where your risk tolerance is. Understand the risk tolerance of the person who is responsible for the business. My best professional advice to you Mr. chairman is X. They can then do with that advice what they want.Trivisani: Their tolerance at GW is this: Keep us out of the Washington Post. So if you see GW in the Washington Post, you probably won\u2019t see me there anymore.Burrill: We need to know the risk tolerance of the board in every area. Question from crowd: What do you think of using something from the board person\u2019s past to bring into the present context.Burrill: That\u2019s due diligence. Yes.Slater: What about FUD. Is FUD effective?Metzger: I don\u2019t think it\u2019s necessary to use scare tactics, all you have to do is live in this world. People know there are threats. Burrill: No. Your risk factors when you use scare tactics soar. You need to play it straight. If you don\u2019t play it straight and you\u2019re called out, you\u2019re done. If they see through you, then you\u2019ve lost them. The answer is no, no. no.Trivisani: I agree, no. Just state the facts. Our motto is: We partner and protect; we don\u2019t punish.