In the spring of 2016 we began an initiative to organize a group of CxOs to discuss the issue of cyber security. One thing we’ve learned about the topic of security is it’s hard to fake. We’re not security technology experts. As such we decided to focus on business issues. We observed heightened activity around cyber amongst CxOs on social media through our monitoring tools and decided to embark on a project to better understand how CIOs should communicate to boards about cyber.

This post describes the concept in detail. 

Here’s the research note that came out of this effort. 

There were four primary data inputs for this project including:

1. First we read a bunch of stuff on the Web for background and to educate ourselves.
2. Data from our Community Data Platform (CDP) – a proprietary SaaS tool that presents highly relevant data from targeted users on social media. We specifically sought CxOs to participate in the research. We organized a panel of 203 top CxOs on social media, monitored their public activity streams and solicited their participation in this research. We also analyzed 143,000 of their tweets to extract relevant context for the study. 
3. We then organized a CrowdChat to talk cyber security with a specific emphasis on how to communicate with the board of directors. We prepared a series of questions and held an open CrowdChat to test the premise and answer our questions. The CrowdChat can be found here. 
4. We used theCUBE – our live TV and broadcast platform – and specific events as a data extraction mechanism, specifically focusing on CIOs that had experience communicating at the board-level. Key events where we solicited feedback directly from CxOs included Hadoop Summit in Dublin, ServiceNow’s Knowledge ’16 conference, HPE’s Discover 2016 event in Las Vegas, the Nutanix .Next event, Informatica World, SAP’s SAPPHIRE NOW event and the GDS CIO Summit in Denver. We were able to gather insights from prominent executives, including Dr. Robert Gates, the 22nd U.S. Secretary of State and director of Starbucks and formerly of several other publicly traded companies:

We extracted data from 203 CxOs in our social groupd and approximately 20 CIOs and security practitioners on theCUBE. Numerous prominent CxOs agreed to participate in the CrowdChat and in social interacctions. We limited direct data input to CIOs, security practitioners and vetted security experts, including:

• Dave Schecklman, VP & CIO of Oshkosh Corporation
• Darrel Popowich, VP of IT at H&R Block of Canada
• Bart Murphy, CTO for York Risk Services Group
• Chris Bedi, CIO of ServiceNow
• Matthias Egelhaff of Siemens AG
• Link Alander, CIO of Lone Star College
• Muddu Sudhakar, CTO of Splunk,
• Will Lasselle, Digital Transformation Expert and Change Agent, MedicFP
• Grogs Axle, IT Architect
• Knebel Achim, CISO of Siemens
• Mark Terenzoni, CEO of SQRRL
• Dan Stolts, Chief Technology Strategist at Microsoft
• Michael Schiebel, Security Strategist at Hortonworks
• Vi Bergquist, CIO of St. Cloud Technical & Community College
• TJ Laher of Cloudera
• Mike Kail, Chief Innovation Officer of Cybric
• Phil Dunn of Oracle
• Dennis Spalding, CISO at Insight
• David Gee, former financial services CIO
• Aldo Ceccarelli, CIO and Enterprise Architect
• Justin Andrusk, Security Lead at Sherwin Williams
• Stephen Landry, CIO at Seton Hall University
• Teresa Devine, former VP, CIO & CISO at Asbury Automotive Group
• Oliver Bussmann, Group CIO at UBS, Michael Kail, CIO at Cybric

To all who participated, thank you for the collaboration and helping your peers.

,