The Help Net Security video titled “The CISO’s guide to stronger board communication” features Alisdair Faulkner, CEO of Darwinium, who discusses how the role of the Chief Information Security Officer (CISO) has evolved significantly in recent years. The piece frames the challenge: CISOs now must bridge the gap between deep technical knowledge and strategic business conversations.
Faulkner argues that many CISOs fall into the trap of using overly technical language when speaking with board members. This can lead to misunderstanding, disengagement, or even resistance. He highlights that clarity and relevance are vital: CISOs should aim to translate complex security concepts into business-oriented terms.
One key shift he advocates is positioning cybersecurity not as a cost center, but as a business enabler. In other words, security initiatives should be tied to business value—supporting goals like growth, innovation, resilience, and risk mitigation—rather than being framed purely as expense or compliance.
Faulkner also delves into the effects of artificial intelligence on board-level discussions. He points out that AI is both a tool and a threat: it can enhance security operations, but it also introduces new vulnerabilities and risk vectors. As such, it shifts the nature of what boards must understand about cybersecurity.
To build trust and alignment with executives, the video offers practical strategies. These include focusing on metrics that matter to business leaders, storytelling to make risks tangible, and avoiding the temptation to “drown” stakeholders in technical detail. The goal is to foster informed decision-making, not just to show knowledge.
Faulkner emphasizes resilience and innovation as hallmarks of modern security leadership. Rather than passively reacting to threats, the CISO should help the organization anticipate, adapt, and evolve. This helps ensure that security is integrated into the business’s strategic journey.
Another insight is that board communications should be ongoing and evolving, not limited to annual reviews or audits. As risks, technologies, and business priorities shift, the CISO needs to keep the board apprised, engaged, and confident in the security posture.
In sum, Faulkner’s guidance reframes the CISO’s role—from a highly technical operator to a strategic bridge to the board. He urges CISOs to communicate in business terms, emphasize value and resilience, and adapt to emerging challenges like AI. The video is a call for security leaders to become fluent in “the language of the board.”
My opinion
I think this is a very timely and valuable perspective. In many organizations, there’s still a disconnect between cybersecurity teams and executive governance. Framing security in business value rather than technical jargon is essential to elevate the conversation and gain real support. The emphasis on AI is also apt—boards increasingly need to understand both the opportunities and risks it brings. Overall, Faulkner’s approach is pragmatic and strategic, and I believe CISOs who adopt these practices will be more effective and influential.
Here’s a concise cheat sheet based on the article and video:
📝 CISO–Board Communication Cheat Sheet
1. Speak the Board’s Language
- Avoid deep technical jargon.
- Translate risks into business impact (financial, reputational, operational).
2. Frame Security as a Business Enabler
- Position cybersecurity as value-adding, not just a cost or compliance checkbox.
- Show how security supports growth, innovation, and resilience.
3. Use Metrics That Matter
- Present KPIs that executives care about (risk reduction, downtime avoided, compliance readiness).
- Keep dashboards simple and aligned to strategic goals.
4. Leverage Storytelling
- Use real scenarios, case studies, or analogies to make risks tangible.
- Highlight potential consequences in relatable terms (e.g., revenue loss, customer trust).
5. Address AI Clearly
- AI is both an opportunity (automation, detection) and a risk (new attack vectors, data misuse).
- Keep the board informed on how your org leverages and protects AI.
6. Emphasize Resilience & Innovation
- Stress the ability to anticipate, adapt, and recover from incidents.
- Position security as a partner in innovation, not a blocker.
7. Maintain Ongoing Engagement
- Don’t limit updates to annual reviews.
- Provide regular briefings that evolve with threats, regulations, and business priorities.
8. Build Trust & Alignment
- Show confidence without overselling.
- Invite discussion and feedback—help the board feel like informed decision-makers.
Secure Your Business. Simplify Compliance. Gain Peace of Mind
InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot | Comprehensive vCISO Services | ISMS Services | Security Risk Assessment Services | Mergers and Acquisition Security
