Communication Is Key to CISO Success

A panel of CISOs at the RSA Conference outlined what a successful first 90-day plan looks like, and it boiled down to effective communication and listening.

RSA CONFERENCE – San Francisco – A trio of high-powered CISOs talked about the first 90 days in their roles, and whether the aim was getting board of directors buy-in or building rank-and-file credibility, they all said how they communicated was what mattered the most.
The
RSAC panel
included Allison Miller, Reddits CISO and VP of Trust; Olivia Rose, Amplitudes CISO and VP of IT; and Caleb Sima, CISO for Robin Hood. Chenxi Wang, founder of the Rain Capital venture capital fund, moderated the discussion.
Practically, Sima opened up by explaining how during his first few days with Robin Hood he gathered simple data points he labeled top challenges and things that scare me.
But Rose interjected that in many instances blunt statements like that could end up offending and alienating critical engineering and IT teams right out of the gate, which can make a CISOs job much harder.
Its a dance, Rose said. You have to be careful not to offend those who have been handling this before you got there.
Rose suggests meeting members of other departments where they are.
Whether its infrastructure or executive, talk their language, she said. And be very clear and persistent.
Sima disagreed, adding with a bit of a chuckle, If you dont have any haters, youre not doing the right thing.
Regardless of the approach, both of them, as well as Miller, spent time early in their positions trying to sell a security program to internal teams often not in line with their strategies. Miller and Rose said legal and compliance became their most natural partners inside the business.
Youve got to have allies, Rose said. Theres often friction with engineering, infrastructure, IT, product, customer service, and others, but the legal and compliance teams have a clearer vision of the consequences of a security incident and can be invaluable in communicating them to the wider enterprise.
Beyond everyday internal wrangling, these CISOs unpacked their communications approach with their respective companies boards of directors. Sima explained he relies heavily on narrative to tell the story about where his team is right now and where its heading. The techie stuff he drops in the appendix in case someone wants more detail.
When it comes to providing boards with data they can digest and use, Rose said she relies on the
CMMI Cybermaturity Model
and Sima and Miller said they lean on the NIST CSF framework.
Its an easy way to visually show people who dont understand security where you need to be and why, Rose said.
Moderator Wang sits on a companys board of directors and suggested the boards should requisition a third-party validation assessment so they can be assured that the
information the CISO is providing
is correct.
The first board meeting should be about setting expectations, Sima added.
But for all the competing messages and audiences CISOs regularly juggle, during the first 90 days in the CISO chair, talking as little as possible is the best bet, Rose explained.
You first 90 days you should just shut up, Rose said. You have to listen to whats going on.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Communication Is Key to CISO Success