Enterprise-Level Cybersecurity, Risk Mitigation & Digital Compliance for SMBs | Founder @ Rougemont Security
I walked into my first boardroom in 2001 armed with a 20-slide deck on risk mitigation. By slide 3, I’d already lost every CxO. Here's how I learned to flip the script: I used to enter C-suite meetings ready to talk security. I'd jump straight into topics like attack surface, technical debt, and risk mitigation… then wonder why half the room looked like they were waiting for the fire alarm to go off. One day, before meeting a CFO, I decided to flip it. Instead of coming in with my talking points, I asked him: “What are the 3 biggest things you’re trying to accomplish this quarter?” Simple question, but the shift was massive. He opened up: → plans for expansion into regulated sectors → aggressive push to improve EBITDA → preparing to pitch for PE funding And just like that, I knew exactly how to position my work. Instead of pitching XYZ tool, I said: → Here’s how we avoid being flagged in DD → Here’s how we reduce risk exposure on paper → Here’s how security helps make you funding-ready That conversation was a turning point. I realised that my role was less about risk and more about enabling opportunity. So when I meet with any CxO today, I never use a script. We just have an honest, structured conversation with one goal: Find out what they actually care about. Here’s how I approach each one: CEO: I want to know the mission and what's standing in the way. → Do they want to enter a new market or product line? → Are they trying to close a major partnership/acquisition? → Are there concerns about investor confidence? CRO: I want to understand their total view of risk. → What’s keeping them up at night? (legal, compliance, etc.?) → Are they struggling to quantify cyber risk alongside operational risk? → Are they under pressure to demonstrate risk maturity to regulators or clients? CFO: I want to know where the money’s going and why. → Are there deals being held up by security compliance? → Are they looking to reduce operating costs? → Do they need to impress potential investors? COO: I want to understand where operational friction is. → Is outdated tech slowing them down? → Are they dealing with service outages or failures? → Do manual processes make audits a nightmare? CMO: I want to get ahead of brand risk. → Are they planning customer-facing campaigns? → Do they rely on third-party data processors? → What’s the reputational impact if something goes wrong? My only agenda is to understand their agenda. Because they don't care about my password policy or my "urgent" need for a new XDR tool. All that is noise if I can't tie them to what they actually need to achieve. Security can absolutely be a growth enabler. But it has to be seen as aligned with the mission first. To any advisors trying to gain board-level support: Understand what they wake up thinking about, and figure out where security fits in. If you can’t speak the language of business, don’t be surprised when the business ignores your advice.
Good advice. Instead of 20 slides, how many do you use now and what is the typical agenda you present?
Great approach, also do a little homework first, for whomever you are meeting pose the what are the top need / concerns question using their company / industry background to GAI, get the top 6-10 likely concerns overall, then use that person’s business profile (experience) to tailor and rank those likely responses Then map your efforts to enhance / minimize THEIR business risks Go into the meeting well prepared and more confident Same process any salesperson does…
Nicely done Chris. With AI, the soft skills and emotional intelligence for the human element is going to become more and more critical. There's lot's of data and knowledge. Little wisdom to apply it properly. I'm sure your going to enjoy yourself as the only people who would understand what you say are the one's who will actually listen and apply your recommendations and save themselves a lot of heartache, time and money.
Chris Cooper thank you for sharing
Thanks for sharing Chris - great advice.
Brilliant
This is called, "Know your audience."
This captures a key lesson many security leaders eventually learn. Technical depth is valuable but it rarely resonates in the boardroom unless it is framed in the language of business outcomes. Executives care about growth, efficiency, resilience and reputation. Security has to be presented as a way to enable and protect those priorities. The shift from pitching tools and controls to listening first and aligning second is what turns security from a cost centre into a partner in strategy. By understanding what a CEO, CFO or COO is actually trying to achieve, it becomes far easier to demonstrate how cyber initiatives directly support those goals. This approach does not mean ignoring technical risks. It means translating them into terms that connect with decision makers and framing them as obstacles or accelerators for business objectives. Done consistently it builds credibility, secures investment and makes security part of the organisation’s growth story. The lesson is simple. Speak in the language of business first, then connect it back to security. That is how influence and impact are built at the highest level.
Great analogy Chris, I flipped my Bio and CV (introduced by my mentor) for a Board advisors position, you need to position and pitch yourself what their needs are. Well done. ;)
Experienced charity fundraiser, podcaster and award-winning newspaper editor
1moAnother fab insightful post Chris Cooper - please do share this message in the DESTINATION BASINGSTOKE LIMITED Ambassador Community LinkedIn group.