Microsoft CISO Executive Summit
We are pleased to announce the third edition of the CISO Executive Series – a series that is reserved for the top Chief Information Security Officers.
In this day of learning, networking and insights, you will have candid conversations with some of the most influential CISOs and subject matter experts.
Pinpoint strategies, best practices of GCC organizations, evaluate regional security trends and leverage the community for business success
We look forward to having you with us
March 19 ,Burj Al Arab , Dubai UAE
March 20, Radisson Blu , Kuwait City
March 21, Hormuz Grand Hotel, Muscat, Oman
Each attendee will also be given a signed copy of our book, which we co-authored with Yuri.
For more information on evets:
Table of Contents

Boards of directors are more concerned than ever about their company’s cybersecurity strategy in today’s risk environment. You can’t wait to talk to a board about how you are protecting the enterprise if you want to keep their confidence. Engage them early and often in your strategy. You must provide the right level technical detail and present it in a way that allows the board to understand the details when they need it.
Cyberattacks have become more frequent and larger over the years. This makes cybersecurity as important to the overall health and safety of a business as financial and operational controls. Boards of directors today know this and are asking their executives to share more information about how they manage cybersecurity risks. If you are a security leader, aligning with the board is key to achieving your goals.
Bret Arsenault (corporate vice president and chief Information Security Officer (CISO) at Microsoft), was a recent guest on the CISO Spotlight Series. He shared many of his lessons on building a relationship between the board of directors and him. These are the three best practices we’ve identified:
Effectively use the time of the board
Your board members come from many backgrounds and are responsible for all aspects, not just security, of risk management for your business. While some board members may keep up with security trends, others won’t. You need to get through all the distractions to deliver your security update. This means that you need to think about how you will share your information. Keep these tips in mind:
This does not mean that you should make your report less detailed or skip important technical information. This means that you must prepare well. It can take several weeks to analyze the internal security data and identify key trends. Then, you will need to distill it into a 10-page report that can then be presented in 30-60 minutes. Quarterly updates will allow you to learn what should be in those 10 pages and will also give you the chance to build on previous reports as the board becomes more familiar with your strategy. It doesn’t matter what, good planning can make a huge difference in how your report is received.
Keep the board informed about cybersecurity issues
Security breaches are often the subject of a lot attention. Your board may wish to prevent such an attack from ever occurring. Your role is to educate them about the reasons why no company can ever be 100% secure. What a company does to respond to and recover from an unavoidable incident is what makes it different.
Your board can also benefit from an analysis of security incidents and current updates on cybersecurity legislation and regulations. These trends will help you to align resources to protect your company and comply with regional security laws.
Talk to the board about your top concerns