As we introduced in part 1  and part 2 of this “word crimes” series, cybersecurity terminology is important, especially when representing our profession.

In this final installment, we have broadened the scope as it relates to business terminology.

It is vitally important for cybersecurity professionals, including current and future leaders, to understand the nuances between common business planning terminology, such as mission, vision and strategy statements.

Cybersecurity is crucial to business, and it is time that our profession speaks the same language as the business units we support. In the end, it is all about aligning cybersecurity initiatives to be in the best interests of the organization.

Why Should You Care?

The purpose of this article is to help cybersecurity leaders up their game.

All too often, unprincipled cybersecurity leaders manipulate the business through Fear, Uncertainty and Doubt (FUD) to scare other technology and business leaders into supporting cybersecurity initiatives.

These bad actors maintain the illusion of a strong cybersecurity program, when in reality the cybersecurity department is an array of disjointed capabilities that lacks a unifying plan. These individuals stay in the job long enough to claim small victories, implement some cool technology, and then jump ship for larger roles in other organizations to extend their path of disorder. In these cases, a common theme is the lack of viable business planning beyond a shopping list of technologies and headcount targets to further their career goals.

Cybersecurity is a cost center, not a revenue-generating business function. That means cybersecurity competes with all other departments for budget, and it necessitates a compelling business case to justify needed technology and staffing. Business leaders are getting smarter on the topic of cybersecurity, so cybersecurity leadership needs to rise above the FUD mentality and deliver value that is commensurate with the (Read more...)