The Pivotal Role of Communication in Building Cyber Resilience

In recent times, the role of Chief Information Officer (CIO) has become increasingly complex and multifaceted. To shed light on this transformation and explore the critical aspects of cyber resilience, we spoke with Rizwan Jan, the VP and CIO at CNA, a prominent organization operating in the cybersecurity realm. Jan is also a member of the Cyber Security Tribe Advisory Board and the private closed community of Cyber Security Tribe. 

Jan's journey from a Chief Information Security Officer (CISO) to CIO provides insights into the evolving nature of cybersecurity and the intersection of technology and security within organizations. This article will uncover the nuances of his career transition and how communication is key in the ever-changing landscape of cyber resilience.

From CISO to CIO: A Career Evolution

Jan's career trajectory serves as a testament to the dynamic nature of the cybersecurity domain. He began his journey as a CISO at the Henry M. Jackson Foundation for the Advancement of Military Medicine (HJF), a congressionally authorized nonprofit focused on military medicine. At HJF, he found himself facing the daunting task of building a cybersecurity department from scratch.

With the support of his CIO at the time, Jan embarked on a mission to establish a robust security operation center, third-party risk governance capabilities, incident response protocols, and application security practices within a mere ten months. The experience was transformative and set the stage for his transition into the role of CIO, a move he didn't foresee but eventually embraced with enthusiasm.

His role as a CIO encompassed a broader set of responsibilities, including overseeing the entire IT department, which allowed him to integrate cybersecurity seamlessly into the organization's overall IT strategy. This journey from CISO to CIO underscores the growing significance of cybersecurity within the broader IT landscape.

The Role of Communication in Cyber Resilience

In our conversation, Jan emphasized the pivotal role of communication in building cyber resilience. Recognizing that it is not only about implementing security measures but also about ensuring that everyone within the organization understands their role in safeguarding sensitive information. Here, we delve deeper into the critical role that communication plays in building cyber resilience:

• Obtaining Buy-In: One of the key challenges faced by cybersecurity professionals is gaining the support and buy-in of stakeholders across the organization. This includes executives, employees, and even third-party partners. The approach is rooted in presenting cybersecurity measures as a form of insurance. By illustrating how investing in security safeguards the organization's reputation, data, and overall well-being, it becomes easier for stakeholders to understand and support these initiatives.
• Simplifying Technical Jargon: Cybersecurity is rife with technical jargon and complex terminology that can overwhelm non-technical stakeholders. The emphasis is on presenting these concepts in a clear and understandable manner. Whether speaking to the board, other department heads, or employees, the focus is on translating technical details into relatable, real-world scenarios. This approach empowers individuals at all levels of the organization to comprehend the importance of cybersecurity.
• Storytelling as a Tool: Storytelling is employed as a powerful tool in the communication strategy. Instead of presenting cybersecurity as an abstract concept, real stories and anecdotes are attached to it. For instance, describing the potential consequences of sensitive data being exposed due to inadequate security measures. Storytelling makes the message relatable and helps stakeholders connect on a more emotional level, reinforcing the need for robust security practices.
• Board-Level Communication: Effective communication with the board of directors is a critical aspect of cyber resilience. Concise and informative one-page summaries that highlight the top risks and mitigation strategies are used. These documents tell a story, providing the board with a clear understanding of the organization's cybersecurity posture. This enables the board to make informed decisions and allocate resources accordingly.

The Intersection of Data and Cybersecurity

When discussing the future of cybersecurity, Jan highlighted the increasing significance of data. In an era where network boundaries are porous and data is spread across diverse environments, organizations must prioritize understanding their data. This includes knowing where data resides, its classification, and identifying the critical data assets or "crown jewels."

There is great need for organizations to adopt a data-centric approach to cybersecurity. This approach involves creating a data classification model and gaining full visibility into how data is processed, stored, and transmitted. Understanding the data landscape is a foundational step in building robust cybersecurity measures.

The Importance of Continuous Learning and Collaboration

As the conversation came to a close, Jan stressed the importance of continuous learning and collaboration in the cybersecurity field. He encouraged professionals to remain active in the cybersecurity community, join information-sharing and analysis centers (ISACs), and build relationships with peers. In this collaborative environment, professionals can share insights, seek help, and collectively address the ever-evolving cyber threats.

Jan’s parting message was a reminder to stay humble and never hesitate to ask for help. The cybersecurity community is built on the principle of mutual support, and there is always room for individuals to contribute their knowledge and learn from others.

Takeaways

Rizwan Jan's career journey from CISO to CIO at CNA offers a unique perspective on the evolving role of cybersecurity professionals within organizations. His emphasis on effective communication, data-centric cybersecurity, continuous learning, and collaboration serves as valuable guidance for professionals navigating the complex and dynamic cybersecurity landscape.

As organizations face increasingly sophisticated cyber threats, the lessons learned from Jan's experiences highlight the importance of resilience, adaptability, and a holistic approach to cybersecurity. In an age where data is the lifeblood of organizations, protecting it has never been more critical.

Join Rizwan Jan in our closed private community to further discuss the role of communication in cyber resilience or other cybersecurity related matters.