Adarma Cyber Insiders Vol 3 Digital spreads FINAL 2 - Flipbook - Page 9
INTERVIEW WITH PAUL MIDIAN
encourages a more nuanced
approach.
production pipe, you can build it
so that risks are engineered out.”
“If you become a department
of no, the business will simply
go around you, and you’ve
effectively lost. In business,
to make a profit, you must do
something, and doing something
usually involves an element
of risk somewhere. The key is
to engineer the risk out at the
source.
Establish Clear
Communication with the
C-Suite Early On
Paul explains that by aligning
risk considerations with
business objectives from the
outset, security can become a
proactive collaborator rather
than an impediment. “You need
to understand what direction
the business is going in and
its goals, then you can start
highlighting the risks. This
way, the board knows where
the risk lies early on. Then,
as development proceeds,
for example, through an IT
According to Paul, transparency,
mutual understanding, and
effective communication should
foster a symbiotic relationship
between business leaders and
security practitioners. “Like
anything in life, once you can
communicate and empathise
with each other’s requirements,
you can find common ground
and a mutually beneficial
compromise that works for
both parties, but it has to be
relationship-driven rather than
transactional.”
Articulating cybersecurity
risk, security challenges, and
the value of cyber to a nontechnical audience poses
a unique communication
challenge. Paul advocates
shedding the cloak of mystique
that sometimes surrounds
security discussions.
“I’m a big advocate for less
fear, uncertainty and doubt.
We need more plain speaking,
transparency, and openness,
I see signs of progress in that
direction. However, as security
professionals, it’s crucial for us
to be accountable and avoid
exaggerating risks. Throughout
my career, much of my role
has involved delivering tough
messages to businesses or
persuading them to take actions
they may resist. On that basis,
you need to get good at selling.”
Paul recommends keeping it
simple, “Don’t bamboozle your
audience with jargon, or you’ll
lose their attention. They need
to understand the risk straight
off the bat to ensure they
understand the implications
ADARMA CYBER INSIDERS
|
9
