Have you had success with using guest speakers to drive security awareness, such as executive leaders/other internal employees, external experts or public figures? What sorts of speakers create the biggest impact, in your experience?

133 views3 Comments

Sort by:

Associate Vice President, Information Technology & CISO in Educationa year ago

We have a group called the O Triple CIO, which comprises the 24 colleges in Ontario. We meet monthly and share information. We also host an annual conference where IT professionals gather. Before my time, they brought in Kevin Mitnick, a famous hacker, as a guest speaker. His talk had a lasting impact on not just the cybersecurity team, but the entire IT community.

When I present to the board, we often bring in our partners, such as KPMG, who assist us with our cybersecurity strategy, or technical experts from companies like Proofpoint. They provide an executive perspective and validate our security efforts. It's not just me pushing the security agenda, but a trusted third party sharing what other institutions are doing and how we measure up against them. This approach has proven beneficial for us.

CISO in Bankinga year ago

In my previous role at a credit union, we often used guest speakers. We've also done so for board meetings at Apple. At my former employer, we brought in Dr. Ron Ross, one of the authors of the NIST framework guidelines, and financial industry experts to speak at annual board retreats. This approach served as reinforcement for the strategic direction we were taking as an organization.

CISO/CPO & Adjunct Law Professor in Finance (non-banking)a year ago

Personally, I haven't found much success using guest speakers, but that could be by design. My worry is that if people spend their attention focusing on the guest speaker, they might miss the message. So, I've generally steered clear of that approach.

People have suggested bringing in executives, but I feel they would need to be recognized as a security expert by our regular users. Unfortunately, I don't know of anyone who fits that description. My team knows who the security gurus are, but our goal is to educate beyond our team.

If an executive is tasked with speaking about cybersecurity, they might be able to read a speech, but that doesn't necessarily foster interaction. I'm aiming for a more personal connection with my staff. If they perceive it as an executive issue, they might hesitate to report.

My goal is to create a comfortable environment for my staff, and I feel an external party might not help achieve that.

Content you might like

We’re evaluating a new ERP. Our company, PROENERGY is a vertically integrated power partner (gas plant design/build, O&M, manufacturing including our PE6000 turbine, and 2.6 GW ERCOT operations).

Considering: SAP Public Cloud, Oracle Fusion Cloud, Microsoft Dynamics, IFS, and Infor Construction Cloud.

Key needs: manufacturing, complex structure with built-in consolidation/reporting, long-range planning, procurement/inventory, and core accounting.

We use Microsoft Dynamics today for CRM/Field Service. Biggest concerns: implementation partners and support resources.

Would love your thoughts.

Are you concerned that potential cuts to CISA’s funding/headcount (in the proposed Fed budget for 2026) could lead to increased cyber risks to your org?

Extremely concerned8%

Very concerned33%

Moderately concerned56%

Slightly concerned3%

Not at all concerned

View Results

How do you think AI will disrupt business across industries? Add to my list: 1. Content creation 2. Photos and video production 3. Basic coding and debugging 4. Strategic analysis to be highly complimented

What are the toughest cultural or operational challenges that come with implementing a zero-trust policy, in your experience? How did you tackle those issues when they came up?

In the next 6 months, which will your company do?

Invest more in eCommerce34%

Maintain the current investment in eCommerce60%

Invest less in eCommerce4%