Cyber Elevator Pitch
George Finney
CISO | Bestselling Author of Project Zero Trust and Well Aware | Keynote Speaker
What’s your Cybersecurity elevator pitch? Let’s say you’re riding the elevator with your CEO and they ask what’s your cybersecurity strategy? What do you say?
Let's start with strategy.
For something to qualify as a strategy, it has two parts. You have to have a well defined goal and you need to have a plan on how to reach that goal. Ideally you'll be able to measure your progress towards reaching that goal.
Zero Trust is the security strategy I use. The goal is to prevent or contain breaches. The plan is to remove as many of the trust relationships that we have in our digital systems as possible.
Now here's the pitch.
There are four parts to an elevator pitch: the hook, the problem, the solution, your value statement, and a call to action.
You’ve got about 30 seconds to respond before he or she gets off the elevator. That’s probably about 100 words based on how fast a normal human can speak. You shouldn't try and talk too fast because a) you want them to understand you and b) talking too fast may make them think you're crazy.
I think you should always start a pitch with a hook that grabs their attention. Here's an example: "We’re working too hard to let one email shut down our company."?
领英推荐
The next part of your elevator pitch should be to lay out the problem. When it comes to cybersecurity, your CEO probably already knows about the cybersecurity headlines that hit the news. But you need to make this relevant for your specific company and CEO. It should be personal - meet them where they are.
The solution should reflect the core message of your strategy. I think this is where zero trust helps distill down the best practices across all the technology solutions and cybersecurity practices. We know that the way that cybercriminals get in is by abusing the trust relationships that we put in place when it comes to technology.
Zero Trust also helps translate the value of this strategy. An ounce of prevention is worth a pound of cure. It’s ten times less expensive to get security right from the beginning rather than have to pay a bunch of lawyers and consultants after the fact to clean up a breach.
I wouldn’t ask for a bag full money in your call to action. I think it makes more sense to ask for their time or support to implement your strategy. What will you need will vary depending on the organization - maybe you just need help doing an assessment to come up with a plan. Maybe you’re already on your journey and there are some obstacles you need help in overcoming. Maybe you need support for building bridges with key stakeholders.?
Here’s my zero trust elevator pitch: “We’re working too hard to let one email shut down our company. We know that the way that cybercriminals get in is by abusing trust relationships that we have when it comes to technology. Our strategy is to prevent or contain breaches by removing the trust relationships we have in our digital systems. An ounce of prevention is worth a pound of cure and focusing on prevention can save us up to 10x over what we’d pay to fix our problems after a breach. I’d like to ask for your support in working with the leadership team to align our strategy with the needs of each business unit.”
So technically, that’s 108 words, but I can talk fast sometimes.
Whatever your cybersecurity strategy is, you need an elevator pitch. You need to be easily able to communicate your strategy to be effective in building the support you’ll need to succeed. I think Zero Trust helps, not just with execution of a good security program, it helps us communicate it as well.
#zerotrust #elevatorpitch #strategy #cybersecurity
Chief Marketing Officer | Product MVP Expert | Cyber Security Enthusiast | @ GITEX DUBAI in October
3 周George, thanks for sharing!
CISO/CSO/VP Information Security
1 个月Lol no one is going to talk about AI generation interpretation your elevator pitch - how's this for a pitch "my AI understands metaphors"
Proven Cyber Security Excellence and Experience | Proven Business Success | Exceptional Person Green Card Holder
1 个月Good read. That 32 of the AI Elevators needs Tommy John before he can pitch again!
Advancing Networking & Security | Passionate About Simplifying Complex Tech | Expert in Product, Marketing, & Enablement | VMware Top 100 Influencer | Author | Father of Two | CyberTechDad on TikTok | Mountain Biker
1 个月Let me give it a try Imagine a hotel where any guest can take the elevator to any floor, no questions asked. That’s a huge risk, right? Our network is no different. If we don’t control access, anyone who gets in can move freely. That’s why we’re adopting Zero Trust. It’s not just another tool—it’s a mindset shift. No one is trusted by default—every user, device, and request is continuously verified. This approach minimizes risk, reduces our attack surface, and stops lateral movement. I’d love your help in prioritizing this mindset and ensuring we have the support to implement it across the organization.
Finding Answers
1 个月30 seconds and punchy/jovial - less about strategy and more about benefits - 'help keep the execs out of jail, reduce liability claims and regulatory fines, and protect your revenue by keeping market access open'. End with happy to setup time if you need to brief your further to give confidence that our strategy is effective and supports the company goals' (fortunately, my job doesn't require these pitches)