Editor's Note: Magnus Solberg is the security lead for Storebrand Group in Norway. He is one of the speakers for the upcoming European Security Awareness Summit in London 11 Nov. Below he discusses his talk on how security teams can effectively communicate.
In my past years as a security consultant, I've always strived to improve how the people responsible for IT/cyber/information security communicate. Building a positive, resilient security culture begins by changing the way the information security department acts in relation to and is perceived by the rest of the organization.
We have an image problem and a lot of it is our own fault!
In my present role, I was tasked with creating a security culture program from scratch, with plenty of freedom with regards to results and deep-rooted C-level support, but with limited budget & resources and an uncertain mandate. By giving you the brief on how our team a bit over a year later have built the foundation of a powerful, measurable and positive security culture, I'll share a few tips on how to:
- Change your image from "the department of NO" to "the department of GO!"
- Get to know your audience and how to communicate respectfully, positively, and effectively with them.
- Measure your baseline, your impact, and your results.
- Sustain that C-level support and gain the support of other important players.
- Avoid going down the same dead ends as we did.
Come join me 11 Nov at the European Security Awareness Summit so we can all share and learn how to better secure the human element.
BIO: Magnus Solberg: I'm an infosec evangelist with a deep-rooted holistic approach to tackling the threats of our digital age. Working in IT most of my life, the last decade has been dedicated to information security in the private and public sectors: First as a techie and security architect, but for the last five years focusing on the "softer" aspects such as governance and ISMS's, policy frameworks, standards & compliance – and building security awareness and culture through training and motivation. Although a tech nerd at heart, I'm convinced that information security begins and ends with people, and love to spread the good word whether from the stage or over some craft beer! After being a consultant for most of my career, I'm now happily employed with the Storebrand Group, Norway's leading insurance and pension fund provider. Certifications: CISSP, CISM, ISO 27001 LI, ISO 27001 PA, ISO 27005 RM, ISO 22301 BCMF, CCSK