6 signs the CIO-CISO relationship is broken — and how to fix it

Successful collaboration between the IT and security leaders is essential but not always easy. Here are signs the relationship is broken – and 8 steps you should take to fix it.

Mark Thomas felt trouble brewing when he was a CIO with a CISO reporting to him as the pair stumbled over what could have been seen as conflicting priorities.

The two hashed out a plan to overcome the discord, Thomas says. They developed a set of common standards to help them communicate and pull toward common objectives. Thomas considered it an executive version of middleware.

“It gave us common terminology and common objectives. It aligned our goals,” Thomas says. “That was a really good starting point for breaking down our siloes.”

Thomas, now president of Escoute Consulting, which focuses on the governance of enterprise IT, says it was important to get out in front of the communication breakdown between himself and the CISO, because he views the relationship as a crucial partnership for enterprise success.

Yet he and others say it’s common, and in many ways expected, for CIOs and CISOs to butt heads. They have different objectives that bump up against each other: CIOs strive to deliver consistent reliable services as quickly as possible, while CISOs seek to deliver those services securely.

“But they have to work in harmony, build the right team structure and promote the right culture. And they have to work together for the common good of the organization,” says George Moraetes, a security consultant and interim CISO with his firm Securityminders LLC.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!