What is a CSO, Part 2
How security and the CSO can create business value and competitive advantage
By Derek Slater
December 03, 2009 — CSO —
Maybe the single-most influential article on CSOonline.com has been What is a CSO? A number of people have helped big companies better understand the role—then create a better-funded and better-managed security function—by forwarding that article to a CEO, a CFO or an HR manager.
Here's a still more advanced way of understanding the CSO role and the business value of risk management.
In the 80s, Harvard business professor and consultant Michael Porter wrote about value chains. A simplified explanation of his theory is this:
Every company tries to build a great sales department. A great marketing department. Efficient financial systems. Excellent manufacturing operations. And because every company tries to make those functions great, it's very hard to get a big competitive advantage that way. Good departments are a basic requirement, likely not a competitive advantage.
The place to build competitive advantage, Porter said, is in how well those departments are connected to each other. Lots of value and speed is lost in passing information and goods between those functions. A company that takes the friction out of those interconnections will be faster, more nimble, better than a company that doesn't have the same fluidity.
If you apply this thinking to the CSO's role, you can see how to add value to your company. Instead of simply trying to "build a great security department", define your role this way: You are a connector. Your job is to help forge strong connections between other departments specifically on issues of operational risk. You reduce friction and thus build value in the value chain.
Here's a chart has been on my office wall for about four years. I find it very useful in explaining what CSO is about. It just dawned on me that you might find it useful too. (Hopefully I'm better looking than I am smart.)
The CSO is not in this diagram. You aren't the pie chart. What the chart depicts is how various executives and their functions have overlapping risk concerns. The job of the enlightened security leader is to help those executives see their common challenges and address them in a way that facilitates cooperation between departments.
A CSO doesn't necessarily "own" every slice of the pie. This has nothing to do with power or empire-building or even org charts. But a good CSO can see that every issue provides an opportunity to help connect the various functions within the company. Michael Porter says if you remove friction and solder smoother connections, you are providing a basis for competitive advantage for your organization.
ESSENTIAL READING
How to hire, manage and retain security professionals, build a team and next-generation leaders, and keep your own security job / career rewarding and successful
CSOonline's security job board - free
Looking for the right candidate? Want a new position yourself? CSO's job board is the place to go.
CSO resumes: 5 tips to make yours shine
Establish your brand, highlight business accomplishments, and more (Insider registration required)
What I learned when I left security
The security recruiter directory
The security certification directory
- Enterprise File Sharing: All You Need to Know
- Forrester Research and EMC on Continuous Availability
- Big Ideas; Big Tech-Continuous Availability for VMware
- Reduce Costs, Maximize Performance and Ensure High Availability of your Business Critical Applications
- Security Analytics Video
- B2B Integration on Cloud: Real World Solutions and Technology Advances
- Protection for Every Enterprise: How BlackBerry 10 Security Works
- IDC - SAP Enterprise Mobility: Bringing a Cohesive Approach to a Complex Market
- Navigating the New Mobile World
- Harvard Business Review: How Mobility is Changing the World
- How Mobility is Changing the Enterprise
- How Mobility is Transforming Industries
- Attacks from China: A survival guide
Chinese cyberattack activity is back in the news this morning, with new details emerging on new attacks. Here's a collection of stories to help infosec pros better understand the threat. - #FFSec: Infosec pros who bring value to Twitter
- B-Sides Boston is Saturday
More Salted Hash with Bill Brenner
