Proficiency in translation for a Chief Information Security Officer, the need for it is one of the most important lessons I have learned as my career has progressed forward. Translation is a critical skill. Not Spanish to English, or Russian to Japanese, but tech (geek) talk to business speak. In today’s world (this is written in Jan 2022) the CISO’s (or whatever term your organization uses) role is becoming more and more business-centric (my feelings on this will be the subject of a different post). Moreover, Cybersecurity, Risk and Resilience are now legitimately boardroom matters (well, for mature companies they are) which makes this ability to perform effective translation, as discussed here, essential if you desire success in a modern day business setting.
Hard Lesson
A hard lesson to learn is that no one cares about how smart you are. Especially not board members or business people who mostly see the world through a lens very different than ours. Most of us who have come up the technical ranks take pride in our in depth knowledge of tech. A lot of hard work and late nights went into acquiring that corpus of knowledge. So it is no surprise that when we first get into leadership and/or management we innately try to sound really smart with impressive tech verbiage. What we don’t realize during that stage of our development is that really …. NO ONE CARES. I assure you that for instance talking about malloc and free (if you come from the application security realm) is not going to impress some MBA who thinks in terms of spreadsheets and bottom lines.
Realization
As maturity sets in a bit ( hopefully 🙂 ) we realize that translating the message from geek talk to something digestible by business people, or those MBA-types, becomes a very valuable skill. It is all about conveying a message and if your message gets lost in translation you have failed.
/*
For all of you technical purists who will look at the examples provided here and complain about them not being technically accurate – it doesn’t matter!! The technical accuracy of the verbiage does not matter, what matters is conveying an appropriate message to a person, or group of people, who need to be empowered by information in a way they can digest. Admittedly it took me years to come to terms with, and accept, that. Oh, and by the way that audience you need to empower are most likely the same people who control your Cybersecurity budget.
*/
Examples
Some examples of effective translations:
– Web or Cloud hosted application = customer facing solution
– Web Application Firewall (WAF) = protective mechanism for customer facing solutions
– Security Information and Event Management (SIEM) solution = centralized repository of event data
– Purpose of a WAF = to protect revenue generating resources
The few examples I have shared by no means represent an exhaustive list. If you have some good ones that would like to see added to the list email me (contact info) and I will add them. Use this format so that you can get credit:
Term = translated data (Credit: Your Name)
The bottom line is proficiency in translation for a Chief Information Security Officer, or for cybersecurity leaders of all experience levels, is an essential skill.