The Power of Storytelling and a Marketing Mindset in Driving Cybersecurity’s Organizational Impact
TWC – Deneen DeFiore, the esteemed Vice President and Chief Information Security Officer at United Airlines, has dedicated her career to leading the charge in cybersecurity and digital risk management. With a focus on preventing, detecting, and responding to evolving cyber threats, DeFiore’s expertise extends to improving cyber resilience across the global aviation ecosystem. In a recent interview for the Tech Whisperers podcast, we explored the complexities of her role. We delved into her unique approach to communication, specifically regarding the value of cyber to the business. Here are the key highlights from our conversation.
Why is it essential for CISOs to be intentional about ‘telling the story’? What difference does it make if one organization excels at storytelling while another does not?
Telling a compelling story that connects with the business outcomes is crucial for CISOs. While both organizations may provide similar value in protecting the company, the one that can effectively tell the story elevates itself beyond the technical realm. Without linking the efforts to business outcomes, the organization will remain limited in its influence and struggle to drive the necessary changes. By creating a value story, such as enhancing customer experiences through seamless system access, and highlighting how new initiatives like a password-less customer identity platform contribute to these experiences, CISOs can add value at a higher level, climbing the organizational value chain.
How do you navigate competing priorities and differences of opinion while focusing on outcomes?
The key is aligning everyone on the desired effect. By establishing shared goals, we can identify and address the disconnects. I emphasize the importance of problem-solving and highlight the end state rather than fixating on specific implementation details. As a facilitator and orchestrator, I encourage the team to collaborate and find solutions collectively. This approach leads to success in resolving conflicts and aligning diverse perspectives.
How do you communicate complex industry regulations and directives effectively?
It’s crucial to speak in a language that resonates with people, even when discussing complex rules. Avoid jargon and instead utilize common language to explain what is happening, why it matters, and the actions being taken. Rather than overwhelming stakeholders with technical details, provide a concise summary of the situation, the planned response, and any associated risks or concerns. Simplicity and clarity are essential for effective communication in the face of complexity.
How do you develop leadership skills, emotional intelligence, influencing abilities, and communication prowess within your team?
I encourage my team to preview important presentations or meetings to cultivate these essential qualities. By playing devil’s advocate and questioning the relevance and impact of each message, we fine-tune our communication approach. This exercise allows team members to anticipate and address potential concerns, ultimately eliminating the need for excessive preparation. Over time, individuals develop their communication muscles, aligning their mindset with a marketing-oriented approach emphasizing emotional intelligence, influencing skills, and effective communication.
In cybersecurity, Deneen DeFiore’s emphasis on storytelling, facilitation, and a marketing mindset highlights the transformative potential of effective communication. By elevating the value of cyber within organizations, CISOs can navigate complexities, inspire collaboration, and drive meaningful change, ultimately benefiting businesses in the ever-evolving digital landscape.
In today’s interconnected world, where cyber threats are ever-present, the Chief Information Security Officer (CISO) role has become increasingly vital. Deneen DeFiore, the Vice President and CISO at United Airlines understands the complexities and challenges associated with this position. In a recent conversation, she shed light on the importance of storytelling, facilitation, and adopting a marketing mindset to elevate the value of cybersecurity within organizations.
For CISOs, DeFiore emphasizes the significance of “telling the story” connected to business outcomes. While two cyber organizations may deliver comparable value in protecting their respective companies, the ability to articulate that value sets them apart. CISOs who can connect the dots between cybersecurity initiatives and tangible business outcomes transcend the technical realm. By creating a narrative that showcases how cybersecurity measures enhance customer experiences or streamline operations, CISOs can position themselves as value-adding partners, driving the organization forward.
DeFiore also highlights the need to align stakeholders on desired outcomes to navigate competing priorities and differing opinions. By focusing on the shared end state rather than fixating on minute details, CISOs can foster collaboration and find common ground. DeFiore ensures that diverse perspectives are heard, and solutions are collectively developed as the facilitator and orchestrator. This inclusive approach resolves conflicts, enhances team cohesion, and drives alignment across the organization.
Effectively communicating complex industry regulations and directives is another critical skill for CISOs. DeFiore emphasizes the importance of using clear, concise language that stakeholders can understand. Instead of inundating them with technical jargon and policy documents, CISOs should provide simplified explanations that convey what is happening, why it matters, and the proposed actions to address the situation. By speaking in relatable terms, CISOs can ensure everyone comprehends the risks and steps to mitigate them.