Much has been said about the importance of a chief information security officer (CISO), but it is vital for these professionals to maintain C-level friendships as information security becomes an increasingly important aspect of business survivability.

Successful CISOs should have many types of friends with whom they can pleasurably discuss daily business life, IT goals, strategies, visions and missions. These will likely all revolve around the cloud, big data and analytics, mobile, social media and security. Together, these professionals prepare for different risky situations and justify business adventures that none of their competitors even dare participate in.

With time, the number of potential friends a CISO can have is increasing, especially in fields that expect strong collaboration, such as business growth, innovation, investment, government and regulatory changes and value proposition. These friends can enhance and add value to the CISO’s solutions. Unfortunately, sometimes there is a lack of clear understanding of how each C-level friend helps the CISO.


The CISO and chief executive officer (CEO) are best friends that never speak about security. CISOs always collaborate with others, converting security threats into overall business risk and focusing on the most vital assets. More often, these are “invisible” assets, such as advantage in the marketplace, goodwill, copyrights, trademarks and patents. Friendships are important to CEOs because of the tremendous influence they hold over survivability. Both CEOs and CISOs are business leaders and see security as a business imperative, rather than a technology imperative.

Technology and Information

The chief technology officer and chief information officer are the CISO’s close friends — or, rather, classmates or group members. They get along with and understand each other with a glance. This trio is excellent at avoiding breaches and data loss by investing in and implementing cutting-edge technologies to meet business goals.

Finance, Legislation and Human Resources

The chief financial officer, chief legal officer and chief human resources officer capitally supplement the CISO. They possess an extraordinary knowledge base that helps them improve security practices (through financial transactions, compliance and culture), obviate losses due to a breach or incident and translate metrics into business results. They are highly esteemed by CISOs.

Operation and Risk

Almost daily, CISOs work with chief operating officers, chief risk officers and managed security services providers to bring more value to the business by enhancing its security program and risk processes, minimizing operational downtime and integrating security metrics with business risk measurements.

Taking Advantage

It is the CISO’s responsibility to establish relationships with all these employees since their support, knowledge and experience can be critical for success. They all look at challenges in different ways. A good friend of a CISO will do the following:

  • Listen, ask, understand, do and say;
  • Value and promote business vision, strategy and goals;
  • Proactively align with business initiatives;
  • Be honest, clear and avoid security-related terminology;
  • Avoid abusing time, which costs money;
  • Keep in touch with friends to boost moral spirit.

Building Friendships Is a Business Survivability Strategy for a CISO

With these friends, businesses should be ready to take risks and not be afraid to take brave, bold steps. Often, risk can be a good thing. Taking advised, yet risky decisions is what helps businesses grow. The resulting friendships are the stimuli for improvement and moving forward to make the business survivable.

View the infographic: Insights from the 2014 CISO Assessment

more from CISO

To Cybersecurity Incident Responders Holding the Digital Front Line, We Salute You

Over the course of two decades, I’ve seen Incident Response (IR) take on many forms. Cybercrime’s evolution has pulled the nature of IR along with it — shifts in cybercriminals’ tactics and motives have been constant. Even the cybercriminal psyche has completely rebirthed, with more collaboration amongst gangs and fully established ransomware enterprises running. When I was first starting off,…