Custom Conversation

At Pythia Cyber we say that your cybersecurity should be part of a program, by which we mean that there should be communication between those who do the securing and those who oversee the securing. By communication, we mean that the overseers know and approve what is being secured and that those doing the securing offer proof of that securing. By proof, we mean evidence that the overseers can understand.

It is not enough for the overseers to blindly trust that the securing is happening and is working It is not enough that those doing the securing are given time and money. The oversight is important, because we all do a better job when someone is paying attention. The proof is important, because the act of gathering and presenting evidence in a way that lands ensures a level of attention that is hard to ensure any other way.

A key component of such a cybersecurity program (CSP) is the agreement between overseer and securer on what constitutes "proof." The tricky part is finding the level between raw data, which often makes sense to techie but not the manager, and data so processed that it is inaccurate.

Finding this level takes work and can be frustrating. Management reporting is its own field and many techies are not trained in this discipline at all. Worse, there is tension between the techie tendency toward unfiltered detail and the management requirement that the data be summarized.

The techies who founded Pythia Cyber were all to familiar with these issues which is why they chose a co-founder who is a research psychologist and behavioral expert. Few people are aware of or admit to the critical role communication plays in having trusted, proven, self-sustaining cybersecurity that is constantly elevated to meet the ever-rising threat level. But most people, when presented with the requirement of communication instantly recognize it as something that has been missing from the cybersecurity conversation.

This constant negotiation and conversation is why Pythia Cyber does not offer canned courses on how executives can be better at cybersecurity, or on how techies can be better at talking about cybersecurity: the only conversation that matters to you is the one you need to have. A generic course on how generic techies should communicate with generic execs is of limited use. We respectfully assert that you need to figure out how do have this conversation in your organization with the people that need to have it. Furthermore, you need to learn how to maintain this level of communication over time. You need some limited outside help from a team that includes both behavior and technical expertise. You need Pythia Cyber.