[BreachExchange] 3 Questions Successful Security Leaders Should Ask

[Destry Winant]

https://www.databreachtoday.com/interviews/3-questions-successful-security-leaders-should-ask-i-3676

Today's security executives are increasingly expected to possess a
strong business acumen in addition to their expertise in managing
risk. This means they must have the ability to communicate the mission
of the security program to all levels of the organization, from the
board down to the end user.

But communication is still often cited as a major hurdle for security,
Michael Santarcangelo of the Security Catalyst, a research and
consulting firm, says in an interview with Information Security Media
Group.

"A lot of times in security we get overwhelmed," Santarcangelo says.
"We don't want to be seen as the bottle neck. We don't want to be the
party of no. Often people will throw stuff at us, and we don't always
know what they're asking. "

Santarcangelo, who works with security teams to troubleshoot
communication issues and accomplish their goals, suggests security
leaders ask three simple questions at the outset of any project to
achieve immediate clarity:

What problem are you trying to solve?
What value will the solution create?
What is the impact of that solution?

"You're not using these questions to shut people down," he says.
"You're using these questions to understand where the focus should
be."

In the interview (see audio link below photo), Santarcangelo:

Breaks down the purpose of each question and the specific information
each question aims to uncover;
Describes how to achieve the goal of eliminating friction between
departments and create a deeper understanding of expectations;
Distinguishes between creating value in an organization and expressing
value successfully with strong communication.

Santarcangelo is the founder of Security Catalyst, an organization
dedicated to turning complexity into comprehension. For over two
decades, he has worked across several industries to solve security
challenges.