Skip to main content

Empowering the CISO

November 12, 2014

A security-focused business culture can empower the CISO to effectively perform their job, and allow them to become a respected member of the “C” level. As a result, they are able to implement a business-aligned security program that brings real value to the company. 

Generate Revenue 

A successful security program will contribute to revenue. It will enable business efficiency and capabilities through process improvements, ultimately enhancing output and topline. 

An effective security program also builds brand name confidence, another revenue driver. Customers are becoming more savvy buyers and a well-articulated security program can make the difference in obtaining new customers. When a major breach occurs, customer confidence drops significantly and customers look for alternative places to conduct business. A business-aligned security program helps mitigate the risk of this happening, as retention of customers is extremely important to the executive team. 

It may be more difficult in some industry sectors to understand how a security program contributes to revenue, but believe me it does! It is the job of an effective CISO to understand and articulate these contributions; it just may take a little more thought.  

Positively Contribute to EBITDA

An effective security program will also positively contribute to bottom-line EBITDA and not just an expense line. For example, if security failure does occur, having a proper security program in place will significantly lessen the overall impact because your organization will be prepared with an incident response plan. This minimizes the cost of the breach and reduces operating expenses related to security failure.

A successful security program is also linked to the organization’s business strategies and is designed to defend against the real risks to the business. This focus reduces the need to put high protection on unimportant information, thereby reducing long-term costs of the information security program due to efficiency. 

Another way a business-aligned security program can positively contribute to EBITDA is by circumventing costs of regulatory non-compliance. When a security breach occurs, it can have significant legal and regulatory costs. This impact to the organization will last for years and add to the overall operating cost of the company. An effective security program mitigates the risk of breach. 

Become a Respected Member of the Executive Team

Having a business-aligned security program in place is only part of the job. The CISO must also learn to articulate their security plan, and the value it brings, in terms of benefits to the business in order to become a respected member of the executive team. They should keep in touch with what is going on in the industry and within the business, and be able to talk about how it ties back to the security program and aligns to the business.

And don’t underestimate the importance of learning to talk-the-talk and walk-the-walk.  

For example, one CISO I was working with who was struggling with acceptance in the executive team got up from our conversation to head to his executive meeting. He was walking out the door with his iPad when I asked, “Do the other executives usually have iPads at the meeting?”  He said, “No, they bring notebooks.” I gave him advice to put the iPad down and take a notebook.

This is just a simple illustration of how it is important to be seen as a fellow executive, and not just a technical resource. If the other executives were using iPads, then it would have been okay for him to do so, but that wasn’t the case. It may seem petty, but learning to speak and act like an executive will allow you to gain acceptance more quickly.  

In order to become a recognized and respected member of the executive team, act like one. Understand how your efforts contribute to the overall success of the organization and articulate those contributions in terms that are in alignment with the other members of the executive team. 

Final Thoughts

A company that has an empowered CISO who is able to implement a business-aligned information security program, and who is a respected member of the executive team, can expect to experience enhanced security, process improvements, effective compliance, and create an environment that allows “ease of doing business.” 


Related Blogs

September 12, 2014

A CISO Needs a Plan

I had the opportunity to talk with Tim Wilson on Dark Reading Radio recently. The topic we discussed is one that cannot be overemphasized these days g...

See Details

May 09, 2014

The Evolution of the CISO to CIRO

Over the past five years the role of the Chief Information Security Officer (CISO) has changed dramatically, and will probably go through an even more...

See Details

September 21, 2017

Six Key Alignments for CISO's on Cloud Security

Many CISO's and security teams are struggling with developing and executing an effective cloud security strategy, especially one that can keep up with...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

July 21, 2015

Application Security Solutions

Learn how Optiv can help with web, email and application protection.

See Details

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.