2025-12-13 –, Rookie Track 2
Cyber security is now firmly a board-level issue, but most security professionals are never taught how to talk to the board. In this 15-minute talk, I’ll share lessons learned from creating cyber security training specifically for boards — including what boards care about, what they don’t, and why technical accuracy alone doesn’t cut it. I’ll walk through a simple communication framework that helps bridge the gap between security teams and executive leadership, and show how anyone from junior analyst to aspiring CISO can build the confidence to brief leadership effectively. This talk is aimed at anyone who wants to make security relevant at the top of the org chart.
Cyber security has climbed the agenda in boardrooms, but many security professionals still struggle to communicate with executive leadership. Too often, vital risk information is buried in technical jargon or framed in ways that don’t align with how boards make decisions.
In this 15-minute talk, I’ll share insights from developing board-level cyber security training, focusing on how to translate technical risk into business relevance. I’ll walk through a simple framework to help security practitioners present threats, vulnerabilities, and controls in a way that resonates with non-technical leaders. You’ll hear what boards actually want to know, what turns them off, and how to influence outcomes without overwhelming your audience.
Whether you’re new to the field or aiming to step into a leadership role, this talk will give you practical tools to make your voice heard at the top. You don’t need to be a CISO to shape strategic decisions — you just need to speak the right language.
This is a talk for anyone who wants to make security matter beyond the SOC, connect with decision-makers, and turn good technical work into real business impact.
I am a cyber security GRC consultant who helps SMEs and supply chain businesses build better cyber governance. With a background in cyber security education and a focus on board-level engagement, I recently developed a training course for executive teams on cyber security risk. This is my first BSides London talk and part of a broader effort to make governance and communication skills more accessible to security professionals at every level.