Speaking Security in Board Language: How CISOs Can Elevate Cybersecurity from IT to Business Priority
In this episode of Threat Vector, host David Moulton speaks with Nigel Hedges, Executive General Manager of Cyber and Risk at Chemist Warehouse, about transforming cybersecurity conversations at the executive level.
Key Discussion Points:
-
Reframe cyber as business risk: Nigel describes cyber as "technology-enabled business risk" rather than just a technology issue
-
Master storytelling with analogies: Learn how to explain identity access management using train stations vs. stadiums, making complex concepts accessible to boards
-
Focus on materiality: Nigel limits board presentations to 20 metrics maximum and advocates for 5 minutes of content plus 5 minutes for questions
-
Measure engagement beyond clicks: Track not just phishing click rates, but employee reporting rates when they identify suspicious emails
-
Build business relationships first: Spend your first 100 days understanding both cyber risks and meeting business unit leaders with the question "How can I help you?"
What You'll Learn:
- How to connect cybersecurity priorities directly to business strategy using frameworks like NIST and Australia's Essential Eight
- Why listening skills and active questioning are critical soft skills for boardroom success
- Practical approaches to getting cybersecurity spending prioritized in annual budgets
- The importance of humor and team culture in building resilient security teams
- How to use frameworks like SABSA (Sherwood Applied Business Security Architecture) to map security to business outcomes
- Nigel brings perspectives from leading cybersecurity across retail (Kmart), professional services (CPA Australia), healthcare, and higher education, while maintaining his creative pursuits as a DJ and gamer.
Related Resource:
