CyberOXtales
Join Neatsun Ziv, CEO of OX Security, in this bi-weekly, 20-minute video podcast designed for senior-level security professionals. Each episode features one guest and includes 3-5 questions, delving into key areas such as cybersecurity leadership and strategy. Gain insights into the strategic aspects of being a CISO, developing effective cybersecurity policies, building a security-minded culture, and aligning security strategies with business objectives. Stay updated on emerging threats and trends, focusing on the latest cybersecurity threats, trends, and techniques affecting application security. Additionally, explore compliance and regulatory updates, with discussions on the evolving landscape of compliance and regulations impacting application security, including CISA Directives, GDPR, CCPA, and HIPAA. Learn how CISOs can navigate these requirements effectively. Featuring conversations with CISOs, security experts, and thought leaders, this podcast is your go-to source for high-level and strategic communication of risk.
CyberOXtales
How to Effectively Communicate Cybersecurity Risks to the Board: Yabing Wang’s Playbook for Executives
In this episode of CyberOXTales Podcast, host Neatsun Ziv, CEO of OX Security, welcomes Yabing Wang, VP, Information Security & CISO of Justworks. They explore how to effectively communicate cybersecurity risks to the board, avoid common pitfalls in board presentations, and align cybersecurity with business priorities. Yabing shares her unique experience bridging technical and business leadership roles, offering practical advice for security professionals at the executive level.
About Our Guest:
Yabing Wang is the VP, Information Security & CISO of Justworks, a New York-based company specializing in payroll, benefits, and insurance services. With over 20 years of experience in cybersecurity and former roles at Netscape and HEB, Yabing has a rich background in both technical and executive leadership.
Connect with Yabing: LinkedIn
Key Takeaways:
- Use plain language and relatable examples when communicating cybersecurity risks to non-technical board members.
- Avoid focusing solely on metrics. Frame the data within the broader security context to show progress and highlight key risks.
- While CISOs act as advisors on risk, business owners should ultimately own the risk decisions.
- Yabing discusses the benefits of reporting to general counsel versus traditional IT reporting lines, offering unique visibility to the board.
- Yabing shares details about his new book, 97 Things Every Application Security Professional Should Know, a comprehensive guide for security professionals.