When it comes to protecting networks and information, people are routinely dubbed the weakest link. Lately, the notion that the executives in charge are making it worse is gaining traction, too.\tIf you believe either of those to be true, then you are likely the cause of the problem.\tIt is frustrating to struggle and fail to effectively communicate the value of security to others. When they don't understand, it's easy to draw the conclusion that they "just don't get it", and are probably incapable of appreciating security.\tThis is simply not true.\tEspecially when it comes to executives. They understand risk quite well. Often better than we do. The underlying problem is how security risks are communicated. It\u2019s not so much the capacity of executives to understand and act.\tThis is where the friction of communication gets in the way. It creates a challenge for the security team to articulate risks and describe proper actions in a clear, understandable and convincing way.\u00a0\tThe friction of communication erodes value. It prevents the right information and context from being understood and acted on appropriately. Friction requires more energy and effort to connect value to people.\tTime to change how we communicate the value of security\tTo get others to understand and act on security requires us to adopt a different approach. Minimally, it means matching the message to the audience, delivering it in a way that works for them, and taking the time to ensure mutual understanding.\tFocus on what the audience\u00a0needs to know not sharing (and trying to impress them with) everything you\u00a0know.\tKeep in mind that when navigating to mutual understanding, often you learn that initial assumptions were incomplete and the process moves you to a new understanding as much as it moves the audience, sometimes more.\tConnecting the value of security to executives\tWithout a doubt, executives in organizations do pose unique challenges: many competing interests for their attention, different pressures, and the desire to adopt new mobile technology and work without restrictions.\tHere are three things to consider in an effort to improve your ability to effectively communicate the value of security to executives:\t1. Executives have a larger field of view\tExecutives have a different, often larger, field of view than others in the organization. As a result, when they dismiss identified risks in the larger scheme, they may be accurate. It depends on their understanding of the risk, which is directly dependent on how the security team communicated.\tInstead of expressing frustration, ask for an explanation. Use the opportunity to learn more about the business (learn more about how to do that\u00a0here).\t2. Security must align value to the business\tSecurity has a tendency to focus on "risk" like catnip, without first mapping the risk against the needs and objectives of the business.\tRisk is not a zero-sum game. The real challenge is focusing on what matters to the company - and building the right solution to enable the business with the right protection (read more about how here).\tPersuade others by capturing and distilling the value of the solution. Gather and provide clear and compelling evidence that shows how this meets their needs to increase business value while also offering the necessary protection(s).\tThe operative concept is value; security must align to the business based on value.\t3. Translate complexity into understanding\tSecurity professionals quickly accumulate thousands of hours of insight and understanding of the myriad of risks that face our organizations.\tThe problem is that it's often complicated to understand, and more so to explain. However, for executives to act on the information, the value must be translated from complexity into understanding. It needs to make sense to the audience.\tThis means investing the time to craft the right business story for the executive audience\u00a0(check out\u00a0why we need better stories\u00a0here, and\u00a0how to tell better business stories\u00a0here).\tWhen we skip this step, the audience remains disconnected from the impacts of the actions and decisions. Even if they agree they understand with the concepts presented (perhaps to avoid embarrassment), it likely does not register on an individual basis.\tWe act on what we understand\tThe challenge is not the information, nor the inability of executives to understand the information. The primary challenge is that security frequently fails to align the information to the audience.\tWithout understanding how security builds business value, executives naturally and justifiably focus on what they know.\tSecurity professionals that work on translating the complexity of security into understanding\u2014matched to the audience\u2014enjoy more success. The executives they support benefit from a more accurate understanding of risk.\tConnecting and effectively communicating value with others requires a shift in thinking and change in approach to work with executives in a way they understand.\tThis is a challenge we can overcome. When we do, everyone benefits.