Last Updated on January 14, 2024
With the rise of compliance mandates like the Cybersecurity Maturity Model Certification (CMMC) or the California Privacy Rights Act (CPRA), many IT leaders find themselves needing to influence organizational decisions around major new cyber initiatives.
Do you up your data security and privacy game now and ride this unstoppable tide? Or get left on the beach while competitors sail off with your clients and contracts? A lot could depend on how well you communicate with your CFO, COO and others on why cyber matters—to them.
On a recent episode of The Virtual CISO Podcast, business coach and best-selling author John Sheridan shared astute and actionable advice on how IT can successfully collaborate with business decision-makers to yield awesome outcomes. Hosting the show as always was John Verry, Pivot Point Security’s CISO and Managing Partner.
One factor both Johns highlighted was the importance of language and word choices when it’s time to manage up.
“In the old days, the IT guys were not well spoken, necessarily—they were a little… Let’s say they didn’t have the highest emotional IQs (EIQs),” John Verry observes, “I think that’s changed a lot in the last 10 to 15 years. So really, what you’re saying is almost it’s an EIQ issue, right? You’re trying to be persuasive, you’re trying to sell an idea to management, and what you’ve got to do is rally the troops, gather all this additional support, to make this compelling argument that’s going to be self-evident.”
“I think you’re correct,” John Sheridan responds. “I have observed that change, and I think the cliche was, when learning about anyone in the IT, the highest compliment you can pay, or hear about somebody in that role was, ‘They don’t sound like someone from IT.’ Right?”
“Which brings me to this idea of language,” John Sheridan continues. “When you’re managing up, choose your words carefully, and choose what words not to use carefully. In other words, leave jargon at the door.”
“That’s difficult, because it’s your day-to-day, right?” John Sheridan relates. “It’s the world you live in. But it’s not the world that others live in, as you know.”
“So, you have to be conscious about your word choice, conscious about how you’re describing things: telling stories, giving context, not going down rabbit holes, so that you have an audience that’s receptive,” advises John Sheridan.
Keeping that commonsense view in mind as you’re approaching a C-Suite conversation can eliminate a great many barriers to understanding and agreement.
If you’re a security or IT leader who wants to maximize your success in discussions with top management, this podcast with author and business coach John Sheridan was brewed just for you.
A Simple Guide to Comply with the DoD's Cybersecurity Maturity Model Certification (CMMC) This NEW CMMC V2 Certification Guide will give you a quick and easily digestible introduction to the CMMC and the process we use to help our clients become CMMC compliant.