The CISO and the C-Suite: How to Achieve Better Working Relations

September 22, 2021
| |
2 min read

As the workforce moved from the cubicle desk to the dining room table in 2020, cybersecurity suddenly became everyone’s concern. Focus turned to the chief information security officer (CISO). It’s their job to keep businesses running and secure. In many companies, that also meant juggling a move to a full digital transformation with effective remote cybersecurity.

The CISO is a relatively new arrival to the C-Suite. It’s also one that is still finding its place among more established leadership positions. As organizations continue to use a remote or hybrid workforce, the CISO’s role at the executive’s table will be needed. But to empower them to defend against cyberattacks, the working relationship between the CISO and other members of the C-suite need to shift.

The Shared Language of CISO and CEO

“The CISO is a key organization protector and holds the entire weight of the organization’s data security in their hands,” Sean McDermott wrote for Forbes.

Because they’re such a keystone, best defense practices are key to steady business operations. And the only way the CISO can do their job is to have the full support of the CEO. Therefore, CEOs can no longer afford to ignore their digital defenses. It’s up to the CEO to make sure the CISO and the security team have the budget and resources — including the right tech and staffing — necessary to meet today’s challenges. It is also up to the CEO to make sure the CISO has the authority necessary to make decisions.

As McDermott pointed out, most CISOs act as the bridge between the business side and technical side. Therefore, they need to be able to speak the language of both sides. Meetings with the CEO should be conducted in clear, everyday language rather than in tech lingo. Spell out the impacts of a data breach or a compliance failure. Effective messaging is key here, and it should go in both directions.

Working With the CFO

While the CEO may be the one to approve budgets for each department, the CFO makes the decision on how those funds are given out. Getting the CFO to understand the need for security-related resources might be more difficult than the CEO.

Since CFOs like to see hard data, one approach is to create a security plan that reviews a past period (say 12-18 months). In that plan, the CISO can show the threats defended against and how they were defended against, as well as where attackers were aiming. With that information in hand, the CISO and CFO can create a plan for the upcoming fiscal year. Regular reviews might mean there are no surprises when the next budget requests come around.

The CISO and the CIO

The connection between the CIO and CISO has never been more vital than in 2020 and 2021. It was the CIO’s duty to make sure the workforce had the digital tools needed for their remote offices, while the CISO had to make sure those tools remained secure.

Many businesses and agencies turned to a zero trust strategy during remote work. For zero trust to be successful, it needs teamwork between the CIO and the CISO to set up the correct access and authorization for each ID within the network. In addition, both need to have firm knowledge of each device and platform requesting access.

Remote work is here to stay, in one form or another. The only way businesses keep running smoothly is for the CISO to work closely with C-suite partners.

Sue Poremba

I began writing within the branded content/content marketing space in 2011, including articles, blog posts, SEO, Q&A, and profiles. My specialties are cy...
read more