Have you had success with using guest speakers to drive security awareness, such as executive leaders/other internal employees, external experts or public figures? What sorts of speakers create the biggest impact, in your experience?
Sort By:
Oldest
CISO in Banking2 months ago
In my previous role at a credit union, we often used guest speakers. We've also done so for board meetings at Apple. At my former employer, we brought in Dr. Ron Ross, one of the authors of the NIST framework guidelines, and financial industry experts to speak at annual board retreats. This approach served as reinforcement for the strategic direction we were taking as an organization.Associate Vice President, Information Technology & CISO in Education2 months ago
We have a group called the O Triple CIO, which comprises the 24 colleges in Ontario. We meet monthly and share information. We also host an annual conference where IT professionals gather. Before my time, they brought in Kevin Mitnick, a famous hacker, as a guest speaker. His talk had a lasting impact on not just the cybersecurity team, but the entire IT community.When I present to the board, we often bring in our partners, such as KPMG, who assist us with our cybersecurity strategy, or technical experts from companies like Proofpoint. They provide an executive perspective and validate our security efforts. It's not just me pushing the security agenda, but a trusted third party sharing what other institutions are doing and how we measure up against them. This approach has proven beneficial for us.
People have suggested bringing in executives, but I feel they would need to be recognized as a security expert by our regular users. Unfortunately, I don't know of anyone who fits that description. My team knows who the security gurus are, but our goal is to educate beyond our team.
If an executive is tasked with speaking about cybersecurity, they might be able to read a speech, but that doesn't necessarily foster interaction. I'm aiming for a more personal connection with my staff. If they perceive it as an executive issue, they might hesitate to report.
My goal is to create a comfortable environment for my staff, and I feel an external party might not help achieve that.