Speaking Security in Board Language

Jul 31, 2025

Nigel Hedges, Executive General Manager of Cyber & Risk at Chemist Warehouse and Sigma Healthcare, dives into transforming cybersecurity into a business priority. He emphasizes the importance of aligning security strategies with enterprise goals and building trust with boards. Nigel discusses using storytelling to effectively communicate risks, bridging the gap between technical jargon and board-level conversations. He also highlights the value of team culture and creativity in fostering collaboration and resilience in cybersecurity initiatives.

Ask episode

AI Snips

Chapters

Books

Transcript

Episode notes

ADVICE

Elevate Cybersecurity By Helping Business

To elevate cybersecurity, spend equal time understanding inherited cyber risks and meeting business stakeholders.
Start conversations with business units by asking how you can help them in their domain.

ADVICE

Speak Board Language Clearly

Avoid technical jargon and focus on materiality when talking cyber risk to boards.
Use frameworks and board guidelines to improve cyber discussions and decision-making.

ADVICE

Be Concise and Material-Focused

Limit board presentations to key material issues that connect to fiduciary duties.
Plan for brief talks with time for questions, cutting less critical points.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Speaking Security in Board Language: How CISOs Can Elevate Cybersecurity from IT to Business Priority

In this episode of Threat Vector, host David Moulton speaks with Nigel Hedges, Executive General Manager of Cyber and Risk at Chemist Warehouse, about transforming cybersecurity conversations at the executive level.

Key Discussion Points:

Reframe cyber as business risk: Nigel describes cyber as "technology-enabled business risk" rather than just a technology issue
Master storytelling with analogies: Learn how to explain identity access management using train stations vs. stadiums, making complex concepts accessible to boards
Focus on materiality: Nigel limits board presentations to 20 metrics maximum and advocates for 5 minutes of content plus 5 minutes for questions
Measure engagement beyond clicks: Track not just phishing click rates, but employee reporting rates when they identify suspicious emails
Build business relationships first: Spend your first 100 days understanding both cyber risks and meeting business unit leaders with the question "How can I help you?"

What You'll Learn:

How to connect cybersecurity priorities directly to business strategy using frameworks like NIST and Australia's Essential Eight
Why listening skills and active questioning are critical soft skills for boardroom success
Practical approaches to getting cybersecurity spending prioritized in annual budgets
The importance of humor and team culture in building resilient security teams
How to use frameworks like SABSA (Sherwood Applied Business Security Architecture) to map security to business outcomes
Nigel brings perspectives from leading cybersecurity across retail (Kmart), professional services (CPA Australia), healthcare, and higher education, while maintaining his creative pursuits as a DJ and gamer.

Related Resource:

How to Become a Board Member? 4 Pointers for CIOs and CISOs - Additional insights on transitioning to board-level cybersecurity leadership
Perfect for CISOs, security leaders, and executives looking to improve board communication and strategic alignment.