Getting to grips with this technical field.

Appreciating the strategic, governance and compliance aspects, the high-level business perspective.

Understanding the cybersecurity content of reports, presentations and conversations with lower tiers, consultants, specialists, auditors, advisors and so on.

Engaging productively in risk and security committees, workshops, decisions, incident/crisis meetings, strategy away-days, audit meetings, vendor presentations and discussions with various stakeholders on cybersecurity and related matters.

Appreciating the practicalities of managing cyber and other information risks, the complexities and interrelatedness of technological, physical, administrative and legal controls.

Exploring and optimising the net value (benefits less costs) of various security controls, such as policies, insurance and security-related business and information services.