• United States



Survivor: CSO Longevity

Jun 15, 20079 mins
CareersCSO and CISO

How I've managed to keep the same job for more than a decade

Very few CSOs last more than a few years at any given place. The turnover rate for security chiefs is pretty consistent with that of CIOs and some other C-level executives. Every three or four years, it seems, it’s out with the old and in with the new. There are a few reasons for this lack of longevity, not the least of which is a lack of political savvy. Find yourself on the wrong side of a power struggle and you could end up pushed aside if not outright ousted.

Senior executives often surround themselves with people they handpick, and that’s great when you’re the one riding the coattails. But what happens when your benefactor falls out of favor with the CEO or board of directors? Odds are that youll be asked to seek opportunities elsewhere, too, if you haven’t cultivated good relations with other key executives.

Likewise, if you’re aligned too closely with the wrong person or group, guilt by association can stymie your career even if you aren’t forced out altogether. Constituents in your organization may begin to give you the cold shoulder, and getting things accomplished in such an environment can be excruciatingly difficult if not almost impossible.

Now I don’t pretend to know all the answers for keeping a CSO job forever. But I will confess to having been CSO of the same company for more than a decadethrough a new boss every year or so and more mergers and acquisitions than I’d care to count. Sure, I think I’m good at my job, have hired well and produce consistent results; that goes a long way to not having to clean out one’s office. But there are also some basic CSO survival skills that have helped me keep my job.

Survival Strategy 1: Learn to Adapt

One thing I’ve realized is that there are times when going with the flow is the only sensible choice. It’s a lot like being in a kayak. Forget which way the current flows and you’ll find yourself upside down in an instant, which is way over on the terrifying side of thrilling.

I have to admit that as a fledgling kayaker years ago, I foolishly ventured out onto some stretches of white water before I perfected my Eskimo rollthat is, the ability to right yourself from being underwater without getting out of the boat. I had no business being on dangerous rivers without the necessary skills, but the allure was great and off I went. Luckily I compensated with a far less elegant and more dangerous approach, the wet exit, where the point is to get out of the kayak and get your head above water where you can breathe and see the rocks you’re about to be washed into. Soon after, though, I adapted and learned to roll the kayak. I practiced the skill in calm waters until I could execute it flawlessly in high-pressure, fast-moving situations.

Of course, it’s better to not capsize in the first place, and that’s where going with the flow comes in. In a fast-flowing river, a kayaker is at the mercy of the current unless he knows how much to float along and how much to fight. If you just float, expect to go wherever the river flows, often into rocks and over waterfalls. If you paddle too much, you’ll wear yourself out before you reach your destination.

Likewise, when faced with career survival, one must go with the flow on a great many things, including management strategies, philosophies and styles. Some managers will delegate everything and provide no direction; others will micromanage. Some managers are focused purely on cost and don’t want to spend a dime; others are insistent on meeting deadlines at any cost. These are cases where it might not matter so much to do things your way. You just have to go with it.

But there are other times, of course, when you need to take control of your destiny. Personally, there are some issues that I couldn’t and wouldn’t adapt to, such as differences around ethics or legalities. Those are the times to paddleand hard.

Survival Strategy 2:

Play to Stay in the Game

Just because I’ve been at this job more than a decade doesnt mean there havent been perilous moments. I can think of several points in my career when it looked like the deck was hopelessly stacked against me. There was one time when a member of the new executive inner circle took a dislike to me and actively tried to torpedo me and my career. During another period, I worked directly for what can only be termed an equine posterior. In each of those cases, strong resistance on my part would have been terminal. I had to hold my ground to some extent just out of principle, but I had to give more than resist. After all, if you fail to stay in the game, you can’t possibly win.

I liken this approach to judo, where you use your opponent’s momentum against her. You move to the side a bit, get out of the line of attack and give a little shove to your assailant. You dont act as an aggressor, but you don’t just stand still and take a beating either. It’s more about throwing your opponent off balance. It’s a passive sort of resistance.

I seem to have an innate tendency toward fight rather than flight, but I’ve learned over the years that the most important consideration is that you live to fight another day. Retreat is not necessarily a cowardly approach. Very often it’s the smartest thing you can do.

Although most careers shouldn’t feel like a war, they invariably come with a few battles, and it’s the way we respond that often defines how long we survive. It may feel good to shout, “Damn the torpedoes, full speed ahead!” but torpedoes sink careers as well as ships.

One mistake I’ve made and seen others make is sticking to a failed agenda. Sometimes ideas are ahead of their time, and people just arent ready to accept them. Other times an organizational culture just won’t accommodate certain changes. These are times when the politically savvy will shelve ideas and shift agendas rather than burn up political capital on no-win situations. Later, when the time is right, you can move on your original agenda.

This happened to me a few years back on a project involving PKI (public-key infrastructure) and digital certificates. Rather than fight a losing battle, I just changed my plans and shelved the project for a couple years.

By the way, I outlasted both of those people who were out to get me. Eventually, other people in the organization realized they just werent doing a good job. At the time, I felt very alone, but since then, people have said, oh yeah, she was evil and that guy was no good. Sometimes, if you just stay in the game long enough, your opponents will go away.

Survival Strategy 3:

Keep Your Friends Close

Another key to protecting your career is building relationships throughout the organization. Allies are always useful when problems unfold, but they can also tell you when others are beginning to plot against you or your agenda. If you know that a situation is brewing you have a better chance of avoiding it altogether.

This is how I knew to shelve the PKI project a few years back. Based on the intelligence I was getting from my allies, it just became clear that the project wasnt going to fly. People were digging in their heels to stop it from happening.

Other times, you can take hold of the situation and get others to see things your way. But to do this, you need to know what they’re saying in the hallways and manage the spin. If they’re saying an idea is

bad because of some specific reasons that you don’t believe are valid, you have to be able to counter that.

Say there’s a network topology issue youre dealing with. Maybe your security people say that if you go with this certain form of network topology, you can serve the business better. Meanwhile, the network engineers have a different approach they want to take. Tech people can be very bigoted toward certain architectural platforms. You have to fight for what you think is right, and part of that is managing what other people are saying about it. You may be able to persuade others to your position, but it’s a lot easier to do so if you get to the right people and influence them early, to help shape their ideas.

In addition to forming friendly relations with people, building credibility is paramount. At some point in business relationships, people are going to expect you to get the job done. If you establish a pattern of successfully solving problems and delivering on promises, sensible businesspeople will recognize your value. When people recognize that you can make them money or help protect them from losing it, they’ll appreciate you. Furthermore, given a finite number of people in an organization, the more allies you have, the fewer adversaries you can have.

Being valuable is even better than being liked. Put the two together, and allies will flock to your defense. Still, if someone just seems dead set against you for whatever reason, you should work hard at changing that dynamic. If you can’t win them over, at least keep tabs on them. As the saying goes, keep your friends close and your enemies closer.

Political savvy, of course, is a core competency for anyone in an executive role. Focus exclusively on the technical aspects of the job and youre likely to be caught off guard by political changes. At worst, the climate can become so inhospitable that you find yourself frozen right out of a job. But if the climate starts to grow chilly and youre intent on staying put, you must learn to survive. n

This column is written anonymously by a real CSO. Send your comments via e-mail to