Module 3: Communicate effectively to influence stakeholders

Bridging the Gap: A Communication Handbook for Cybersecurity Professionals

Welcome, future security champions! This tutorial equips you with the skillset to navigate the often-murky waters of cybersecurity stakeholder communication. By understanding who your audience is, what concerns them, and how to translate technical jargon into actionable insights, you’ll bridge the gap between technical expertise and impactful decision-making.

Demystifying the Stakeholder Landscape:

Before crafting messages, let’s identify the players:

• C-Suite Executives: CEOs, CFOs, and COOs need high-level overviews of threats and potential financial impact. Focus on business risks and mitigation strategies.
• IT Leadership: CIOs, CISOs, and IT Directors require detailed technical information and incident response plans. Speak their language, but avoid excessive technical jargon.
• Legal and Compliance Teams: Lawyers and compliance officers prioritize data privacy and regulatory adherence. Highlight legal implications and potential breaches.
• Marketing and Public Relations: Public image and reputation management are their game. Communicate potential PR disasters and crisis response plans.
• Line-of-Business Managers: Sales, HR, and Operations heads need to understand how security impacts their day-to-day operations. Focus on specific risks and best practices within their departments.

Tailoring Your Message:

One size doesn’t fit all! Adapt your communication to each stakeholder group:

• Executive Summary: For C-suite, provide concise reports with data visualizations and executive summaries.
• Technical Deep Dives: Offer detailed reports with technical analysis and incident timelines for IT leadership.
• Legal Jargon: Ensure communication with legal teams is clear, concise, and adheres to legal language and terminology.
• Plain English Please: For non-technical stakeholders, avoid technical jargon and explain risks and solutions in simple terms.
• Actionable Insights: Go beyond just informing; provide concrete recommendations and actionable steps for each stakeholder group.

Building the Bridge:

Effective communication tools bridge the gap:

• Dashboards: Visually represent key security metrics, threat levels, and incident updates.
• Reports: Tailor reports to each stakeholder group, emphasizing information relevant to their roles and responsibilities.
• Regular Meetings: Foster open communication through regular meetings and briefings, answer questions, and address concerns.
• Active Listening: Actively listen to stakeholder feedback and tailor future communication accordingly.

Remember: You are the translator, the interpreter, the bridge between the technical world of cybersecurity and the diverse world of stakeholders. By understanding their needs, speaking their language, and providing actionable insights, you empower them to make informed decisions and contribute to a more secure organization.

Ready to become a master communicator? Explore these resources for further learning:

• SANS Institute: https://www.sans.org/
• NIST Cybersecurity Framework: https://www.nist.gov/cyberframework
• MITRE ATT&CK: https://attack.mitre.org/

Embrace the challenge, hone your communication skills, and bridge the gap with confidence! Together, we can build a more secure digital future, one clear message at a time.

We’ve covered so much in previous courses, from the foundations of security to
a basic understanding of networks and programming languages like SQL and
Python. These concepts are core
knowledge when preparing for a role in the security profession. But how does this information help
you on a day-to-day basis? And to whom do you communicate
this information? In this course, we’ll start by
discussing who stakeholders are. Then, we’ll identify their
roles in relation to security. Finally, we’ll share effective
communication strategies for relaying key information to stakeholders. But before we can communicate
with stakeholders, we have to understand who they are and
why they’re important. So let’s get started!

Stakeholders in Cybersecurity: Navigating the Ecosystem of Influence

Welcome, future security guardians! This tutorial unlocks the door to the diverse world of cybersecurity stakeholders, empowering you to understand their unique perspectives and communicate effectively for enhanced collaboration and security posture.

Understanding the Landscape:

Cybersecurity isn’t a solo act. Imagine an intricate ecosystem where various individuals and groups wield influence, shaping decisions and impacting daily operations. These are your stakeholders: individuals or groups with a vested interest in the organization’s security practices. Their decisions, from resource allocation to policy implementation, directly affect your work as an analyst.

Focusing on the Key Players:

While many stakeholders play a role, let’s zoom in on those influencing your day-to-day and potentially receiving your findings:

• Risk Managers: The risk management team champions proactive vigilance. They identify potential threats, manage incident response, and act as the bridge between security and legal/PR departments, ensuring clear communication in critical situations.
• The CEO: Commanding the helm, the CEO prioritizes overall business success, naturally placing security at the forefront. Understanding the financial and reputational risks of cyber threats is crucial for informed decision-making at the highest level.
• The CFO: Guardian of the organization’s financial well-being, the CFO analyzes the tangible costs of security incidents and weighs them against investments in preventative measures. Understanding their perspective helps tailor your communication to highlight cost-effectiveness and risk mitigation.
• The CISO: The maestro of the security orchestra, the CISO designs the organization’s security architecture, conducts risk assessments, and oversees incident response plans. Communicating your findings clearly and concisely empowers them to make informed decisions about security posture and resource allocation.
• Operations Managers: Your closest allies in the trenches, operations managers lead the security professionals on the front line. They rely on your expertise to identify threats, investigate incidents, and implement security controls. Effective communication with them ensures efficient operations and timely escalation of critical issues.

Your Role in the Symphony:

While direct communication with upper-level stakeholders may be infrequent, your insights reach them through the operations managers. Therefore, crafting clear, concise reports and effectively communicating your findings to your immediate team is crucial. Remember, you are the voice of technical expertise, translating complex jargon into actionable insights that guide their decisions and ultimately inform the strategic direction of the organization’s security posture.

Beyond the Basics:

As you navigate this dynamic landscape, remember to:

• Identify specific needs: Each stakeholder has a unique perspective. Tailor your messaging to address their specific concerns and priorities.
• Speak their language: Avoid technical jargon with non-technical stakeholders. Focus on clear, concise explanations that resonate with their understanding.
• Data is your ally: Support your findings with credible data and visualizations to enhance credibility and persuasiveness.
• Actively listen: Feedback is invaluable. Be open to questions, concerns, and alternative perspectives to foster collaboration and build trust.

By understanding your stakeholders, their needs, and honing your communication skills, you become a vital contributor to a robust cybersecurity ecosystem. Together, you can build a fortress against cyber threats, one informed decision at a time.

Ready to delve deeper? Explore these resources for further learning:

• SANS Institute: https://www.sans.org/
• NIST Cybersecurity Framework: https://www.nist.gov/cyberframework
• MITRE ATT&CK: https://attack.mitre.org/

Embrace the challenge, master the art of stakeholder communication, and become a champion of informed security decisions!

Let’s discuss the hierarchy
within an organization. It goes from you, the analyst, to management, all the
way up to executives. Hierarchy is a great way to
understand stakeholders. A stakeholder is defined as an individual or group that has an interest in the decisions or activities of an organization. This is important
for your role as an entry-level analyst
because the decisions made on a day-to-day basis by stakeholders will impact
how you do your job. Let’s focus on stakeholders
who have an interest in the daily choices
analysts make. After all, you may be asked to communicate
your findings to them. So let’s learn a little
bit more about who they are and the roles they play
in regards to security. Security threats, risks, and vulnerabilities can affect an entire company’s
operations from financial implications
to the loss of customer data and trust, the impact of security
incidents are limitless. Each stakeholder has
a responsibility to provide input on the various decisions
and activities of the security team and how to best protect
the organization. There are many stakeholders
that pay close attention to the security of critical
organizational assets and data. We’re going to focus on
five of those stakeholders: risk managers; the Chief
Executive Officer, also known as the CEO; the Chief Financial Officer, also known as the CFO; the Chief Information
Security Officer, or CISO; and operation managers. Let’s discuss each of these
stakeholders in more detail. Risk managers are important in an organization
because they help identify risks and manage the response to
security incidents. They also notify the
legal department regarding regulatory issues
that need to be addressed. Additionally, risk managers
inform the organization’s public relations team in
case there is a need to publish public communications
regarding an incident. Next, is the Chief
Executive Officer, also known as the CEO. This is the highest ranking
person in an organization. CEOs are responsible for financial and
managerial decisions. They also have an
obligation to report to shareholders and manage the
operations of a company. So naturally, security is a
top priority for the CEO. Now, let’s discuss the
Chief Financial Officer, known as the CFO. CFOs are senior executives responsible for managing the financial operations
of a company. They are concerned
about security from a financial
standpoint because of the potential costs of an
incident to the business. They are also interested in
the costs associated with tools and strategies that are necessary to combat
security incidents. Another stakeholder with an
interest in security is the Chief Information
Security Officer, or CISO. CISOs are high-level executives responsible for developing an organization’s
security architecture and conducting risk
analysis and system audits. They’re also tasked
with creating security and business
continuity plans. Last, we have
operations managers. Operations managers oversee security professionals to help identify and safeguard an organization from
security threats. These individuals
often work directly with analysts as
the first line of defense when it comes to
protecting the company from threats, risks, and
vulnerabilities. They are also generally
responsible for the daily maintenance
of security operations. As an entry-level analyst
at a large organization, it’s unlikely that you’ll communicate directly
with the risk manager, CEO, CFO, or the CISO. However, the operations
manager will likely ask you to create communications to share with those individuals. Coming up, we’ll
focus a bit more on stakeholders and how to effectively
communicate with them.

Communication with Stakeholders: A Balancing Act of Clarity and Security

Welcome, future security guardians! This tutorial equips you with the skillset to navigate the delicate dance of communicating with stakeholders in the realm of cybersecurity. It’s a balancing act, demanding both clarity for understanding and security for sensitive information. Mastering this art empowers you to bridge the gap between technical expertise and stakeholder awareness, strengthening your organization’s security posture.

Navigating the Sensitive Landscape:

Remember, security information can be highly sensitive. A careless email could expose vulnerabilities or reveal confidential details. Therefore, your communication needs to be:

• Audience-Aware: Identify who you’re communicating with and tailor your message accordingly. What resonates with the CEO might be irrelevant to the marketing team.
• Focused and Purposeful: Avoid rambling or digressions. Each message should have a clear purpose, providing specific information relevant to the recipient’s needs.
• Concise and Clear: Respect your stakeholders’ time by being brief and clear. Avoid technical jargon unless absolutely necessary. Use simple, understandable language without sacrificing accuracy.

Mindset Matters:

Developing a security mindset is crucial for effective communication. This means:

• Asking Questions: Don’t assume you know what matters most. Ask your manager or supervisor what information specific stakeholders need and how much detail is appropriate.
• Understanding Assets: Consider the data and assets under your protection. What’s most critical? Which security tools have proven most effective? This knowledge guides your communication priorities.
• Empathizing with Stakeholders: Put yourself in their shoes. What information would you need to do your job effectively? What concerns might they have? Understanding their perspective helps you tailor your message.

The Art of Relevance:

Remember, information overload is counterproductive. Focus on relevance:

• Prioritize Need-to-Know: Identify the absolute minimum information each stakeholder needs to know. Don’t bombard them with unnecessary details.
• Contextualize for Impact: Provide enough context for them to understand the significance of the information and how it relates to their role.
• Actionable Insights: Don’t leave them hanging. Suggest next steps or actions they can take based on the information you shared.

Your Role as the Bridge:

Your communication plays a vital role in:

• Empowering Stakeholders: By informing them about security issues, you equip them to make informed decisions and contribute to a safer environment.
• Building Trust: Open and transparent communication fosters trust between you and the stakeholders, paving the way for stronger collaboration.
• Strengthening Security Posture: When everyone is informed and engaged, your organization becomes more resilient against cyber threats.

Remember, mastering communication with stakeholders is an ongoing journey. Embrace the challenge, hone your skills, and become a champion of clarity and security!

Additional Resources:

• SANS Institute: https://www.sans.org/: https://www.sans.org/
• NIST Cybersecurity Framework: https://www.nist.gov/cyberframework: https://www.nist.gov/cyberframework
• MITRE ATT&CK: https://attack.mitre.org/: https://attack.mitre.org/

Let your voice be heard, clearly and securely, and watch your organization’s security posture soar to new heights!

Welcome back! Previously, we discussed stakeholders and the important
security roles they play within an organization. Now, let’s explore the role you play in communicating
with those stakeholders. The information that’s
communicated to stakeholders is sensitive.
For example, if you send an email to stakeholders about a
recent security breach, it’s important to be mindful of what you communicate and
who you communicate to. Different stakeholders
may need to be informed about different issues. As a result, your
communications with them need to be clear,
concise, and focused. Security is a detail-driven
profession, so it’s essential that
you stay mindful of the details when sending
your communications. Stakeholders are
very busy people. Your communication
should be precise, avoid unnecessary
technical terms, and have a clear purpose. You don’t want them to
have to guess the reason for your email or why
it matters to them. To help with this,
ask your manager or immediate supervisors
questions to find out what the stakeholders you
communicate with need to know. As you may recall, earlier we discussed what it means
to have a security mindset. A part of that
mindset means asking questions about the assets
and data you’re protecting. For example, you could ask: What’s the most
important data to protect on a daily basis? Or, what security tool has been
most important or useful to protect
our data and assets? Having a security
mindset also means understanding what matters
most to stakeholders, so you know what information
to share with them. Effective communication
involves relaying only the information that is most relevant to stakeholders. Staying informed
about security issues helps stakeholders do their
jobs more effectively. Your role in communicating with stakeholders is to help them
obtain that information. This is yet another
example of how essential your role is
within a security team. Coming up, we’ll discuss
the information that is most important to communicate
with stakeholders.

Captivating Your Audience: Crafting Compelling Security Stories for Stakeholders

Welcome, future guardians of digital fortresses! This tutorial equips you with the art of turning complex security narratives into captivating stories for stakeholders. By mastering this skill, you’ll bridge the gap between technical expertise and organizational understanding, empowering informed decisions and stronger security posture.

The Power of Storytelling:

Think of effective communication as weaving a captivating tale. Security concerns, often intricate and technical, can appear as a tangled mess to non-technical stakeholders. Your job is to transform this mess into a compelling narrative, one that resonates with their needs and priorities.

Building the Blocks of Your Security Story:

1. The Challenge: Introduce the security issue – a suspicious network anomaly, a potential phishing attack, or a data breach. Be clear and concise, avoiding technical jargon.
2. The Impact: Paint a vivid picture of the consequences. How does this incident affect the organization’s operations, finances, or reputation? Quantify the risk if possible, using data and real-world examples.
3. The Resolution: Offer a roadmap for action. Reference relevant security policies, propose mitigation strategies, and outline potential solutions.
4. The Hero’s Journey: Highlight your role in the story. Did you discover the threat? Did you initiate the response plan? Show yourself as a proactive defender, safeguarding organizational assets.

Pro Tips for a Captivating Narrative:

• Conciseness is King: Respect stakeholder time by keeping your story short and to the point. Focus on the essential details and avoid unnecessary digressions.
• Empathy Matters: Step into the stakeholder’s shoes. What information would be most relevant to them? Tailor your story to their specific role and responsibilities.
• Data Drives Decisions: Supplement your narrative with data – incident reports, threat analytics, or risk assessments. Visualize key points with charts or graphs to enhance understanding.
• Visuals Matter: Consider using visual aids like dashboards, infographics, or even video simulations to bring your story to life.
• Actionable Insights: Don’t leave stakeholders hanging. Conclude with clear recommendations, next steps, or calls to action.

Remember, your communication doesn’t exist in a vacuum. Consider the appropriate channel for your story:

• Email: For clear, concise updates and reports.
• Meetings: For interactive discussions and Q&A sessions.
• Dashboards: For ongoing monitoring and real-time updates.
• Ticketing Systems: For documenting and tracking incident response.

By crafting compelling security stories, you become a translator, a bridge between technical complexities and stakeholder understanding. You empower informed decisions, build trust, and ultimately, contribute to a more secure digital landscape.

Ready to hone your storytelling skills? Explore these resources:

• Security Storytelling: https://www.cybrary.it/success-stories
• NIST Cybersecurity Framework: https://www.nist.gov/cyberframework
• MITRE ATT&CK: https://attack.mitre.org/

Embrace the challenge, weave your tales, and watch your communication become a shield against cyber threats!

Which of the following are concise, effective communication methods for conveying key details to stakeholders? Select two answers.

An email. A visual presentation

Visual presentations and emails can be used to effectively convey key details to stakeholders.

Previously, we discussed
communicating information that is important
to stakeholders. It’s essential that
communications are specific and clear, so stakeholders understand
what’s happening and what actions may
need to be taken. In this video, we’ll go
into more detail about how to create precise and
clear communications. Creating security
communications to share with stakeholders is similar
to telling a great story. Stories typically have a
beginning, middle, and end. Somewhere in that story
there is some sort of conflict and an
eventual resolution. This concept is also true when telling security stories
to stakeholders. The security story details what the security challenge is, how it impacts the organization, and possible solutions
to the issue. The security story also includes data related to the challenge, its impact and
proposed solutions. This data could be in the form
of reports that summarize key findings or a list of issues that may need
immediate attention. Let’s use the following
scenario as an example. You’ve been monitoring
system logs and notice possible
malicious code execution in the logs that can lead to the exposure of sensitive
user information. Now, you need to communicate what is happening
to a stakeholder, in this case, your
immediate supervisor. The first step is to
detail the issue: potential malicious
code execution found while monitoring the logs. The next step is to refer to the organization’s incident
response playbook, and mention the suggested
guidance from the playbook regarding
malicious code found in system logs. This shows your supervisor that you’ve been
paying attention to the procedures already
established by the team. The final piece of your story is to provide a possible
solution to the issue. In this scenario, you may not be the final decision maker
regarding what action is taken, but you’ve explained to
the stakeholder what has happened and a possible
solution to the problem. You can communicate the story we just discussed
in various ways. Send an email, share a document, or even communicate through the use of a visual
representation. You can also use
incident management or ticketing systems. Many organizations have
incident management or ticketing systems that follow the steps outlined in
their security playbooks. Some scenarios are better expressed by using
visual elements. Visuals are used to convey key details in the
form of graphs, charts, videos, or
other visual effects. This allows stakeholders to view a pictorial representation
of what is being explained. Visual dashboards
can help you tell a full security story
to stakeholders. Later in this course, you’ll have an opportunity
to learn how to use Google Sheets to create
a visual security story. That’s going to be fun! A security professional
who knows how to tell a compelling and concise
security story can help stakeholders make
decisions about the best ways to
respond to an incident. Ideally, you want to be someone that make
stakeholders’ jobs easier, and communicating
effectively will certainly help you do that. Coming up, we’ll continue our discussion about
communicating with stakeholders.

The ability to communicate threats,
risks, vulnerabilities, or incidents and possible solutions is a valuable skill for
security professionals. In this video, we’ll focus on various
communication strategies that can help you engage with and
convey key ideas to stakeholders. Let’s start with visuals. The use of visuals to tell a security
story can help you communicate impactful data and metrics. Charts and
graphs are particularly helpful for this. They can be used to compare data points or
show small parts of a larger issue. Using relevant and detailed graphics can help you develop
the story you want to tell stakeholders, so they can make decisions that would
help protect the organization. While visuals are a compelling way
to capture the attention of your stakeholders, some issues
are best explained in an email or even a phone call. Be mindful of the sensitive
information contained in these types of communications. For security purposes, it’s important to communicate
sensitive information with care. Be sure to follow the procedures outlined
in your organization’s playbooks and always make sure to send emails to the
right email recipient, as it could create a risk if the wrong person receives
confidential security information. One challenging thing about emails is the
potentially long wait time for response. Stakeholders have many responsibilities. This means they may
sometimes miss an email, or fail to respond in a timely manner. In these instances, a simple phone call or
instant message may be a better option. My experience in security has taught me
that sometimes a simple instant message or call can help move a situation forward. Direct communication is often better
than waiting days or weeks for an email response to an issue that
requires immediate attention. When appropriate, take the initiative
to follow up with a stakeholder if they haven’t responded to
an email in a timely manner. It sounds simple, but a friendly call can often prevent
a major issue from occurring. It’s important to stand out
in the security profession, especially if you don’t have
previous experience in the industry. Visual representations, emails, and
phone calls are great ways to showcase your written and
verbal communication skills. The visual aspect shows your
ability to put metrics and data together in an impactful way. If you don’t receive a timely
response from a stakeholder, following up shows initiative.

Captivate Your Audience: Building a Visual Security Story with Google Sheets

Welcome, security champions! This tutorial equips you with the power of visual storytelling to captivate stakeholders and inform critical security decisions. Today, we’ll use Google Sheets to craft a compelling narrative around phishing email clicks, showcasing your data analysis and communication skills.

The Scenario: The CISO seeks insight. They want to know which departments champion (or perhaps unintentionally champion) phishing email clicks. Your investigation reveals the top five culprits: Human Resources, Customer Service, Global Security, Media Relations, and Professional Development.

Our Mission: Transform this data into a visual security story that resonates with stakeholders and guides effective action.

Tools of the Trade:

• Google Sheets: Our free, cloud-based platform for data manipulation and visualization.
• Bar Chart: Our chosen weapon for showcasing departmental phishing click trends.

Let’s Get Started:

Step 1: Setting the Stage:

1. Access Google Sheets: Sign in or create your free account.
2. Start a New Sheet: Click the “+” icon and choose “Blank spreadsheet.”
3. Label your Data: In Cell A1, type “Department.” In Cell B1, type “# of Clicked Phishing Emails.”

Step 2: Enter the Data:

1. List the Departments: In Cell A2, type “Human Resources.” Continue filling in Departments (A3, A4, etc.) for the remaining four offenders.
2. Record the Clicks: In Cell B2, type the number of phishing email clicks for Human Resources. Repeat for each Department (B3, B4, etc.).

Step 3: Craft the Visual Narrative:

1. Highlight the Data: Select the entire data range (Cells A1:B6).
2. Insert the Chart: Click the “Insert” menu and choose “Chart.”
3. Choose the Bar Chart: In the Chart editor, select the desired bar chart type. (Clustered or stacked bars are good options.)
4. Customize the Title: Click “Chart & axis titles” and update the title to reflect your story (e.g., “Phishing Email Clicks by Department”).

Step 4: Sharing Your Story:

1. Download or Share: Click “File” and choose “Download” to save the sheet as a file. Alternatively, click “Share” to grant access to stakeholders.

Beyond the Bar Chart:

• Experiment with Different Chart Types: Explore line charts, pie charts, or even scatter plots depending on your data and desired message.
• Add Contextual Elements: Include data labels, annotations, or even trendlines to enrich your story.
• Remember the Audience: Tailor your visuals and explanations to resonate with your stakeholders’ level of technical understanding.

The Impact of Visual Storytelling:

By using Google Sheets to create compelling visual security stories, you:

• Transform complex data into easily digestible narratives.
• Engage stakeholders and capture their attention.
• Facilitate informed decision-making and proactive risk mitigation.

Become a master storyteller, not just a data analyst. Embrace the power of visual communication and watch your security insights become catalysts for positive change!

Ready to dive deeper? Explore these additional resources:

• Google Sheets Tutorial: https://support.google.com/a/users/answer/9282959?hl=en
• Data Visualization Best Practices: https://help.tableau.com/current/blueprint/en-us/bp_visual_best_practices.htm
• Security Storytelling Examples: https://www.axonius.com/blog/storytelling-in-cybersecurity

Remember, the power to inform and inspire lies within your data. Unleash it through visual storytelling and see your security expertise shine!

There are many instances where a member of a cybersecurity team will need to create a visual dashboard to communicate impactful data and metrics to stakeholders. Which of the following programs can be used to create visual dashboards that can communicate impactful data and metrics to stakeholders? Select all that apply.

Apache OpenOffice, Google Sheets

Apache OpenOffice and Google Sheets are no cost options that allow users to create spreadsheets and other visual presentations.

In this video,
we’re going to have a bit of fun! We’ll create a visual security story. Here’s the scenario: The operations manager, one of the
stakeholders we previously discussed, has been informed that the Chief Information
Security Officer, also known as the CISO, wants to know how many employees
are often clicking on phishing emails. The goal is to identify which five
departments click on those emails most often. An investigation reveals that the five
departments that most frequently click on phishing emails are: human
resources, customer service, global security, media relations,
and professional development. Based on this information,
the security team can create a visual representation of the data to share with
the operations manager and the CISO. Those stakeholders and the security team can then work together
to determine how to address the issue. There are many different platforms
available that can be used to create and share visual stories of data. Apache OpenOffice is a free, open-source
office suite that allows users to create spreadsheets and
other visual representations. Another no cost option is Google Sheets. Today, we’ll enter our
data into Google Sheets. Then, we’ll create a bar chart
visualization to develop the data story. If you don’t have a Google account,
you’ll need to create one. Let’s start by demonstrating
how to create an account. First, go to Google.com And click on: Sign in Click: Create account And select: For my personal use Then, complete each step to
create your personal account. Now that you’ve created your
Google account, it’s time for us to begin creating our Google Sheets
bar chart visualization. Click: the dots menu in
the top right corner Click: the Sheets icon Click: Blank to start a new spreadsheet Select: Cell A1,
Type: Department Select: Cell B1,
Type: # of clicked phishing emails Select: Cell A2,
Type: Human Resources Select: Cell B2,
Type: 30 Select: Cell A3,
Type: Customer Service Select: Cell B3,
Type: 18 Select: Cell A4,
Type: Global Security Select: Cell B4,
Type: 10 Select: Cell A5,
Type: Media Relations Select: Cell B5,
Type: 40 Select: Cell A6,
Type: Professional Development Select: Cell B6,
Type: 27 Then, select: the rows and
columns containing headers, department names, and data. Click: Insert at the top of the sheet Select: Chart In the Chart editor menu,
click: Chart type drop-down menu, scroll down to the bar chart options. Then, select: the first bar chart In the Chart editor menu,
click: Customize Then, click on the: Chart & axis
titles section. Now, update the title to read something
like: Clicked phishing emails by department, or
another title related to the data. Then, Click on the: x icon at the top of
the chart editor to close the editor menu. Great job creating your
first visual security story! Creating visual stories of data allow
security team members to convey essential information to stakeholders, so issues can be communicated in
a meaningful and understandable way. These data stories can also help promote
a better understanding of issues that exist within an organization and
allow decision makers to determine how to address security issues that
put the organization at risk.

You’ve had an opportunity to learn about the important role stakeholders play
and different ways to communicate with them. Let’s review what we covered. We started by
defining stakeholders and their roles in
protecting an organization. We also explored the sensitive nature
of communications with stakeholders and the
importance of sharing that information with
care and confidentiality. Then, we discussed
information that needs to be communicated
to stakeholders. After all, stakeholders
are extremely busy, so we only want to share relevant information that
they need to be aware of. We ended our discussion by introducing various
communications strategies, including emails, phone
calls, and visual dashboards. Understanding who
the stakeholders are within your
organization and how to communicate with them,
will help you throughout your career as a
security professional. Be intentional about
the strategies you use to communicate. Remove unnecessary details from your communications, and be specific and precise when relaying information
to stakeholders. Stakeholders are
depending on you, as a story-teller, to tell
them the security story, or the potential issues and solutions, in a way
that makes sense. The communication strategies we discussed will
help you stand out as someone who has
a combination of technical and
transferable skills. Coming up, your instructor for the final sections of
this course, Emily, will discuss a few
ways to engage with the security
community and how to find and apply for jobs
in the security field.