Home » Security Leadership » Exec. Communication

Let's Talk: Security Leadership and Executive Communication

The CSO's guide to strategic executive communication

At Merrill Lynch, Chief Information Security and Privacy Officer David Bauer believes in laying out the options for a business team: the security risks, the possible solutions and the benefits or drawbacks of each choice. "Too often, security groups come back with [only] one answer, and people wonder if you analyzed at all," he says.

That said, there are of course times when an outright "no" must be firmly articulated. Anticipating that necessity, CSOs will find that that word commands much more respect if they use it sparingly rather than reflexively. Otherwise, CSOs who constantly shoot down projects as a menace to corporate security may not be taken seriously when real dangers arise. It's a balancing act that Hancock describes as a benevolent dictatorship. Things run much more smoothly if other people take an active part in the decision-making process. But when a serious security issue puts the company at risk, the CSO has to step up and make the call.2 Know Thy BusinessWhen Christiansen came to GM from Visa, where he was also head of security, he found the transition jolting. "Walking into a manufacturing corporation from financial services was like being the 13th warrior," says Christiansen, referring to the 1999 film in which Antonio Banderas plays a cultured Arab forced to fight alongside barbaric Vikings (while the movie was a flop, it might make appropriate viewing for any CSO who's ever felt like a fish out of water in the executive pool). "You speak a different language, look different and dress different." So Christiansen did two things: He signed up for classes on the auto industry, and he made a point of doing a lot more listening than talking.

In learning about GM, Christiansen had to glean the intricacies of four very different business areas: manufacturing, GMAC (GM's financial services division), OnStar (the onboard satellite communications system) and the defense industry, with which GM works closely. But immersing himself in the business was a necessary step for Christiansen to be able to communicate with the company's business line executives. "Everything I bring them is cost additive, and that can create a natural conflict," says Christiansen. "I need to be able to show the bang for the buck, the ROI per dollar and how I'm going to help them solve business problems." None of that can be achieved without a keen understanding of the business and the recognition that the CSO's role is to enable business success in an appropriately secure context.