Communicating up can be tough sledding The rate of change these days is so high that occasionally I think: “I’m just looking for a nice rut to fall into. Six months in a rut sounds really relaxing right now.”But of course, this isn’t true. A routine may be good, and useful, but ruts are a bad way to travel. The expression “stuck in a rut,” of course, refers to tracks worn in the ground by wheels that have traveled that way before. If your wheels are stuck in a rut, you may be able to move—but only along a path that others have carved out for you.That’s not what security leadership needs. Even if you’ve got a clear strategic vision, a two- or three-year road map, a great idea of where you need to go and how to get there, you still need agility. You need the ability to respond flexibly to unforeseen events, technical breakthroughs, changing business conditions and so on.Striving to communicate effectively with other executives remains one of the most vexing ruts that CSOs get trapped in. Nearly 10 years ago, we launched CSO magazine with a cover story about how to build better bridges within your business, how to understand organizational priorities, how to construct better relationships and how to speak the same language as CEOs and line-of-business executives. A decade later, these skills remain a challenge. Some security leaders still—still!—trot out low-level metrics, speak in technical gibberish and focus their arguments on what “must” be done according to a security code of honor that must come off to outsiders as downright medieval.How do we bust out of that rut? Our cover story in June (What I learned when I left security) offered up the perspective of four security experts who left the rut completely by moving into roles outside of security. One is now a retail CEO—John Hartmann, who in his former role as CSO of Cardinal Health helped advise our launch of CSO back in the day. Two of our panelists are now based overseas. One is in project management; another is a journalist.So how have their perspectives changed? CSO contributor Mary Brandel asked each of the panelists what they wish they’d better understood back in their security days. Their observations and anecdotes are entertaining as well as informative. Ultimately, by sharing their experiences here, we hope to help get you out of the ineffective executive communication rut for good. Related content news Gitlab fixes bug that exploited internal policies to trigger hostile pipelines It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies. By Shweta Sharma Sep 21, 2023 3 mins Vulnerabilities Security feature Key findings from the CISA 2022 Top Routinely Exploited Vulnerabilities report CISA’s recommendations for vendors, developers, and end-users promote a more secure software ecosystem. By Chris Hughes Sep 21, 2023 8 mins Zero Trust Threat and Vulnerability Management Security Practices news Insider risks are getting increasingly costly The cost of cybersecurity threats caused by organization insiders rose over the course of 2023, according to a new report from the Ponemon Institute and DTEX Systems. By Jon Gold Sep 20, 2023 3 mins Budget Data and Information Security news US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks Cyber insurance claims frequency increased by 12% in the first half of 2023 while claims severity increased by 42% with an average loss amount of more than $115,000. By Michael Hill Sep 20, 2023 3 mins Insurance Industry Risk Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe