Friend or Foe: A CSO’s Guide to Key Boardroom Players

Cultivating a crew of most valuable partners from within the executive ranks can yield important benefits for CSOs: valuable insight into the inner workings of the company, a way to disseminate and validate the security agenda, and the leverage to achieve their goal. (For more on executive communication tactics, see Let’s Talk.) While the players may differ slightly depending on the industry, here is the roster of key individuals who should form the core of your MVP team.

VP of Human Resources HR is a critical partner in managing employee network access (new hires and terminations), policy creation and dissemination, and training. HR’s expertise in influencing employee behavior can also be a valuable resource. As a bonus, human resources could be a useful case study in overcoming a bad rap. Like the security function, HR used to be viewed as a bad business partner, plagued by insularity and detachment from the business.

VP of Finance For all the obvious reasons, it’s wise to build a strong relationship with the people who hold the purse strings. When capital expenditures are required for security, the process will run more smoothly if finance executives solidly understand the needs behind it.

VP of Marketing/PR Marketing and corporate communications are the company’s face to the marketplace. When a security situation arises, marketing and PR are critical to crafting and communicating the company’s message to customers and business partners.

VP of Audit The relationship between security and audit can be tricky. Both groups share the goal of governing standards and policies across the enterprise. The similar agendas could create a competitive climate, with one group constantly trying to trump the other. However, a strong partnership between the groups can be a tremendous asset to the CSO, with audit acting as the enforcement arm of the security group as well as its eyes and ears into the different business units.

General Counsel A number of issues are converging between law and technology that make a good relationship with the general counsel’s office important. This group is a valuable partner in situations involving privacy, technology misuse, copyright and trademark infringement on the Internet, and the growing nuisance of spam. The general counsel can also be an ally in drawing up airtight contracts that security vendors won’t wiggle out of.

Physical Security Manager In some companies both information security and physical security fall under the purview of the CSO. But even where they are separate functions, the relationship between the two is key to establishing an overall level of corporate security. Many of the controls that govern physical security are rooted in information security (access cards, biometrics). Physical security managers also play a central role in creating a secure IT environment since they conduct background checks and secure physical access to those precious data centers. (See “Combining IT and Physical Security: Taming the Two-Headed Beast”.)

Chief Information Officer CIOs and CSOs can have conflicting agendas, even when one reports to the other. With the CIO focused on service delivery and the CSO proposing measures that add expense and delay to those services, it can be hard to achieve balance between the two roles. Consequently, the two need to have a close working relationship so that security concerns aren’t swept aside.

Chief Executive Officer Very few chief security officers have the ear of the chief executive, but security enlightenment must somehow be fostered at the top of the company. Whether CSOs deliver the message themselves or enlist another executive as their proxy, they should look for opportunities to get their agenda in front of the CEO.