Dismantling a Security Department

Since my first reading of last month's cautionary CSO Undercover column, 'To Convergence (and Back),' I've been brooding about its meaning. In case you missed it,

Our anonymous author recounted what happened when a change in company leadership resulted in the blunt-force dismantling of his carefully architected, risk-based security program. Reasonable people can disagree over whether converged security governance is in all cases the right approach, but what happened in our columnist's company went well beyond a difference of opinion over organizational strategy. Instead, it was a form of rejectionism by a CEO who simply doesn't buy the idea that risk-based decision making creates opportunity, in a framework of rationality, and is an important strategic element of corporate leadership. Thus, a structure created to add value and quality to business performance was suddenly viewed, through different eyes, as a cost-cutting opportunity. Our author turned out the lights and skedaddled.

In running this magazine, we try to talk to the profession's leading lights.

We act as a virtual networking opportunity, where readers can look over the shoulders of enlightened peers and come away with ideas of potentially high value to try out in their own shops. But overexposure to leading lights carries with it the risk that we may come to believe that reality is far more evolved or advanced than is actually the case. And—son of a gun!—it seems possible, even likely, that there are way more myopic short-term thinkers running companies than we might ever have supposed.

And this reminds me anew that the need remains urgent for there to be a steady flow of executive education about security and risk. Until the day when it becomes literally unthinkable for a new CEO to propose the neutering of a well-crafted security model, the requirement to administer this unceasing curriculum will be part of the CSO's duties. A strong program of internal influence and awareness is therefore a CSO's best practice of untold value. And still there will always be pockets of backwardness in those who believe they can't afford to think beyond the next two quarters, making them able to comfortably strip away activities that appear to be cost-avoidance opportunities rather than precious business assets.

Because of his abundant talent, our anonymous author landed on his feet. But what did he leave behind? A more efficient and streamlined business?

Or one that is headed in a dangerous direction?

Let us know your thoughts.