November 10, 2014 By Iurii Garasym 2 min read

Much has been said about the importance of a chief information security officer (CISO), but it is vital for these professionals to maintain C-level friendships as information security becomes an increasingly important aspect of business survivability.

Successful CISOs should have many types of friends with whom they can pleasurably discuss daily business life, IT goals, strategies, visions and missions. These will likely all revolve around the cloud, big data and analytics, mobile, social media and security. Together, these professionals prepare for different risky situations and justify business adventures that none of their competitors even dare participate in.

With time, the number of potential friends a CISO can have is increasing, especially in fields that expect strong collaboration, such as business growth, innovation, investment, government and regulatory changes and value proposition. These friends can enhance and add value to the CISO’s solutions. Unfortunately, sometimes there is a lack of clear understanding of how each C-level friend helps the CISO.


The CISO and chief executive officer (CEO) are best friends that never speak about security. CISOs always collaborate with others, converting security threats into overall business risk and focusing on the most vital assets. More often, these are “invisible” assets, such as advantage in the marketplace, goodwill, copyrights, trademarks and patents. Friendships are important to CEOs because of the tremendous influence they hold over survivability. Both CEOs and CISOs are business leaders and see security as a business imperative, rather than a technology imperative.

Technology and Information

The chief technology officer and chief information officer are the CISO’s close friends — or, rather, classmates or group members. They get along with and understand each other with a glance. This trio is excellent at avoiding breaches and data loss by investing in and implementing cutting-edge technologies to meet business goals.

Finance, Legislation and Human Resources

The chief financial officer, chief legal officer and chief human resources officer capitally supplement the CISO. They possess an extraordinary knowledge base that helps them improve security practices (through financial transactions, compliance and culture), obviate losses due to a breach or incident and translate metrics into business results. They are highly esteemed by CISOs.

Operation and Risk

Almost daily, CISOs work with chief operating officers, chief risk officers and managed security services providers to bring more value to the business by enhancing its security program and risk processes, minimizing operational downtime and integrating security metrics with business risk measurements.

Taking Advantage

It is the CISO’s responsibility to establish relationships with all these employees since their support, knowledge and experience can be critical for success. They all look at challenges in different ways. A good friend of a CISO will do the following:

  • Listen, ask, understand, do and say;
  • Value and promote business vision, strategy and goals;
  • Proactively align with business initiatives;
  • Be honest, clear and avoid security-related terminology;
  • Avoid abusing time, which costs money;
  • Keep in touch with friends to boost moral spirit.

Building Friendships Is a Business Survivability Strategy for a CISO

With these friends, businesses should be ready to take risks and not be afraid to take brave, bold steps. Often, risk can be a good thing. Taking advised, yet risky decisions is what helps businesses grow. The resulting friendships are the stimuli for improvement and moving forward to make the business survivable.

View the infographic: Insights from the 2014 CISO Assessment

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today