In the driving seat: how to engage with C-level executives

When I meet colleagues at GSE conferences and events, it’s easy to lapse into technical jargon because of who we are and what we do. It can of course be a useful shortcut, to make sure we’re all talking about the same things and in the right ways. The problem is, it isn’t always the language of C-level executives.

This is the nature of the beast: we know the hardware and software inside out, how it works at a deep level, because we have to. We’re the people who look under the bonnet and quickly work out what’s broken and then fix it. We’re the people expected to identify the key engine parts that need to be changed, tuned or upgraded to increase speed and performance.

In this analogy, the CEO, CFO and perhaps even CIO are the car drivers: our customers. Their vehicle simply has to work and work well, every time they hit the ignition. They need to depend on it getting them from A to B and beyond in the most efficient ways. (Stretching this further, the rest of the family packed into the backseat are the managers and teams reporting to the execs, constantly asking “are we there yet?”)

Like most drivers, C-level execs want improved performance and reliability but don’t need to know how the engine works — only what it delivers. As the experts, our job is to help them understand who we are and what we do, but only in business terms. Then, we are far more likely to get the tools and budgets to do it. We need their support and buy-in, to authorize investments in technology and headcount. To secure that, we need them to understand our contribution to the business.

Part of our job as GSE and as individual members is to make that happen: engaging with C-level executives in the language they understand. This is about reframing the conversation. C-level execs want to grow and accelerate their businesses, and we can help them do that. In uncertain times such as today, the imperative may be more about protecting a business or even ensuring survival, perhaps through new ways of working or achieving even greater efficiencies. We’re part of the toolset to help them achieve that.

Here’s an example: talking to execs about how securing the mainframe actually opens up many new opportunities to exploit the technology in new and more profitable ways. It’s critical to plug the gaps and secure the business, sure, but that should also be seen as a positive commercial decision, a way to do new or better things rather than simply a reactive technical response to the cyber threat.

We can help senior leaders to understand the impacts on the business if mainframe operations and other technologies stop working, for any reason. Because this isn’t only about technical risks, it’s also about people risks: the impact of an ageing workforce and a lack of succession planning on operations. We can talk about the importance of connecting companies, industry and education, explaining the importance of investing in education programs to create the next generation. Perhaps pointing our leaders towards government help available for apprenticeships, encouraging them to put pressure on hardware and software suppliers to do more, or getting them to work with local universities and colleges to create new courses. This is about solving a people issue and removing a business risk—it’s not a technical issue.

When we’re talking to senior leaders, it can be a good idea to personalize it, to bring home the potential impact if they choose to do something, or not do something. I travel a great deal for work so often stay in hotels. One global chain I use regularly, I’m on their systems, announced a second major data breach this April. In this case, hackers accessed data such as guest names, dates of birth, addresses and loyalty information, plus airline loyalty programs and point balances. Guests like me.

Imagine if one of those guests is somebody important (i.e. not me): CFO of a major bank, say. The bad actors get his or her information from the hotel hack. They find them on Facebook and LinkedIn. They quickly identify some people in the CFO’s team. The bad actors then send an email to a member of the bank’s accounts team from what appears to be the CFO’s own email address that authorizes them to carry out a transaction or payment on some spurious premise. Which may or may not succeed. But this kind of thing really isn’t difficult, and there’s no need to hack the bank’s own systems. The message to your own C-level exec is clear: that could happen to you and your company, via you, a colleague or even a family member—and it could happen today.

And the risks never go away. They mutate and change like, well, like a virus. These are unusual times and one person’s lockdown is another person’s opportunity. Especially if you’re a hacker. With headlines in the last few weeks such as ‘Cyber criminals quick to jump on COVID-19 bandwagon’, ‘Pentagon networks under increased attack during mandatory telework’ and ‘Cyber criminals threaten to hold hospitals to ransom – Interpol’, it may only be a matter of time before some C-level execs are being briefed on the latest successful attack on their systems.

Let’s all stay safe and well out there, offline and on.

For more information, email rm@gse.org.uk

Mark Wilson is GSE UK Interim Region Manager and GSE UK Conference Manager. An international speaker in mainframe security and technology, and a passionate advocate of all things Z, Mark is Senior Director, Consulting Services, BMC Mainframe Services by RSM Partners