Communication is an essential part of the CISO's role, but too often we get it horribly wrong. That was the message laid out by communications expert David Porter at the RSA Conference in Europe recently.

We know that a large part of the CISO’s role is to influence, cajole and encourage our business leaders to make the right choices, enabling our firms to manage risk and move forward safely. Creating compelling communications is a differentiator, but too few CISOs excel in this area and this is holding back their credibility, their career and the risk posture of their employers.

David Porter proposed spending a great deal more time than most of us would be used to, refining the introduction to any piece of communication, and actively crafting it to flow from ‘Situation’  (“Once upon a time there was a beautiful princess..”) to ‘Complication’ (“..who was imprisoned in a tall tower by her wicked step-mother”). That sounds pretty standard, but it was interesting how David then analysed different RSAC submissions and showed how even the professionally written ones deviated from this model, and how much clearer they were once the rule had been applied.

This simple setup opens up the readers/listener's mind and plants questions that seek to understand how the story can be resolved, and stories are powerful communication tools.

You don’t need to be one of the Brothers Grimm to craft a tale that will draw in and engage your leadership. Take advantage of press stories to walk the directors through key scenarios; invite external guests from industry groups or government to provide perspective and insight; use video or quotes from customers and peers to make your facts speak for themselves.

When you are trying to connect with, and influence, your business leaders, remember that they will take compelling stories with them when they leave the room, and that rarely happens with charts, statistics and technical documentation.  Read more about the power of stories, and many other techniques and insights in our report entitled, “The CISO’s Handbook – Presenting To The Board".