Home » Security Leadership » Exec. Communication

The Conversation Between Security and Business Leaders

How to stay in sync with your organization

In between Godfather I and II, Francis Ford Coppola squeezed out an art-house flick called The Conversation. Surveillance expert Gene Hackman records a furtive discussion between a man and woman who are apparently under the threat of being murdered by their conniving boss. I won't completely spoil the ending (though the movie's been out for 30-odd years) but it turns out Hackman hasn't heard things exactly right.

This movie comes to mind because of our Compass Awards. Every March we recognize some of the security profession's best and brightest. We change the theme a bit each year to keep things lively and also to recognize that leadership comes in many forms. This year's theme is business alignment, and surely there is no theme of greater importance to CSOs. Getting security perfectly synced up with the strategy, goals and priorities of the business historically has been tough sledding. So we chose to recognize six CSOs and CISOs for showing the way to business alignment. You can read about their strategies for alignment in "In Sync," starting on Page 40. This article is not a fluff piece. We charged our writers to think of these short pieces less as profiles and more as how-to stories.

Of course, "the business" means something quite different at Nike than it does in the state of Michigan. Nevertheless, as I read these short write-ups, I am struck by a common, simple theme: conversation. Conversation seems to be the number-one tactic by far that these leaders use for connecting with the business. Not accidental watercooler chatter, though that can also be useful, but very intentional discussion that involves the security pro asking questions. Lisa Johnson holds 30-minute informational interviews with business leaders and starts with the questions, "What services can we provide?" and "How can we add value to the business?" Deven Bhatt gave every employee at ARC his personal cell number. In a sense, these CSOs treat alignment as a sort of ongoing investigation, much like what Hackman's character does in the movie. Minus the weird mix of ennui and paranoia.

Security awareness programs are valuable, and there's a time and place for the CSO to do the talking. But it looks like the most successful security practitioners put effort into letting the business educate them, rather than vice versa. Yes, security metrics are huge. Yes, MBA training can help. These things only work for CSOs who engage business leaders in a running conversation to understand their priorities, their goals, their business strategies.