When it comes to the relationship between information security teams and their communications departments, the tide is turning. Gone are the days when the two groups would only touch base reactively, following an incident that jeopardizes the organization’s reputation among its customer base. Now, there’s a much more constant flow of communication and even instances where the infosec function reaches out proactively to stay ahead of any looming incidents.
While security practitioners are seeing the value of building that relationship, the communications function is not quite caught up to the needs of security teams, says Melanie Ensign, head of security and privacy communications for Uber.
“We see a lot of security teams who’s only option is a corporate communications person who is perhaps experienced in something like crisis or issues management, but doesn’t have technical experience or doesn’t understand the nuance of the security industry and the details that are going to be really critical when it comes to communicating about a specific type of incident,” Ensign told InfoSec Insider during an interview at the InfoSec World Conference & Expo.
In the full interview below, Ensign discusses the relationship between the communications function and the infosec teams and offers up some uncommon communication tips for security leaders that may have a skewed view of the communications department within their organization.