Mark Thomas felt trouble brewing when he was a CIO with a CISO reporting to him as the pair stumbled over what could have been seen as conflicting priorities.The two hashed out a plan to overcome the discord, Thomas says. They developed a set of common standards to help them communicate and pull toward common objectives. Thomas considered it an executive version of middleware.\u201cIt gave us common terminology and common objectives. It aligned our goals,\u201d Thomas says. \u201cThat was a really good starting point for breaking down our siloes.\u201dThomas, now president of Escoute Consulting, which focuses on the governance of enterprise IT, says it was important to get out in front of the communication breakdown between himself and the CISO, because he views the relationship as a crucial partnership for enterprise success.Yet he and others say it\u2019s common, and in many ways expected, for CIOs and CISOs to butt heads. They have different objectives that bump up against each other: CIOs strive to deliver consistent reliable services as quickly as possible, while CISOs seek to deliver those services securely.\u201cBut they have to work in harmony, build the right team structure and promote the right culture. And they have to work together for the common good of the organization,\u201d says George Moraetes, a security consultant and interim CISO with his firm Securityminders LLC.When they don\u2019t, the organization is at risk for slower, less secure technology services and stinted digital transformation overall.Signs of troubleThere are many telltale signs of trouble in the CIO-CISO relationship, according to experienced executives, researchers and management consultants. They include:A lack of respect. The executives (and, as a result, their managers and staff) disregard each other\u2019s advice, ignore requests for cooperation, dismiss the other\u2019s opinions, issue commands to be obeyed rather than calls for collaboration, and refuse to share information.No clear delineation of responsibilities. Especially in areas where technology and security overlap, a lack of clarity around roles and responsibilities can lead to either battles over territory or neither side taking ownership of projects.High turnover. A high turnover rate, particularly in either executive position, but also in staff positions within both departments, could indicate a toxic work environment that may (but not exclusively) stem from problems at the top.An us-vs.-them mentality. This adversarial approach fosters an obstructive working relationship rather than a collaborative one.Failure to do the job.\u00a0Missed deadlines, incomplete projects, or ignored requests for input where the IT and security teams need to coordinate all can result in work not getting done.Frequent or increased downtime. In particular, unplanned downtime due to security needs could indicate inconsistent or nonexistent communication and coordination between the two teams.Lack of peer relationshipSeveral factors can lead to a troubled CIO-CISO relationship that manifests in bad behaviors like those just listed. The people in those roles could be particularly egocentric. They might not like each other and can\u2019t work through the ill feelings. Or they don\u2019t know \u2013 and don\u2019t care \u2013 about the pressures that the other one faces.But often a troubled CIO-CISO relationship stems from an imbalance in the positions, according to multiple experts.They say the CIO and the CISO should be on equal footing within an organization, with each one involved in strategic planning.That\u2019s the case in many organizations, but not all. The 2018 Global State of Information Security Survey from PwC, CSO and CIO found that 40 percent of the top information security executives reported to the CEO, 27 percent reported directly to the board of directors, and 24 percent reported to the CIO.Similarly, the 2018-2019 EY Global Information Security Survey found that 40 percent of organizations charge their CIOs (not the CISOs) with ultimate responsibility for information security.Relationship fixesA problematic CIO-CISO relationship can be repaired if you're willing to put in the work. The experts we spoke with offer the following steps that the executives can take to help overcome misalignment, professional conflicts and even animosity.Make CISOs and CIOs peers. Have CISOs present to the CEO and\/or board so that security requirements are clearly understood and get equal consideration in strategic planning. \u201cIf you want security to be important to your organization, you\u2019re going to have to give that CISO a seat at the table, and they\u2019re going to report to the CEO, CFO or general counsel. They\u2019re going to have to have a seat at the table, where they sit next to \u2014 and not behind \u2014 the CIO,\u201d says Alexis Culp, director of engineering at Apollo Information Systems and an active member in the Women in CyberSecurity (WiCyS).Set security budgets and staffing levels independent of the CIO budget and IT plans. This further helps create equality between the IT and security departments \u2014 and also makes the most sense, says Tony Scott, CEO of the strategic consulting firm TonyScottGroup, former CIO of the U.S. Government, and SPJ Ambassador Board CIO Chairman. \u201cThe best organizations take a risk-based approach to cybersecurity and make active decisions about what risks they\u2019ll accept and which ones they\u2019ll put resources against. That impacts budget and headcount, and in most organizations that has little or no relation to how much IT is spending. So I\u2019ve always favored looking at these at two separate items,\u201d he says.Establish a clear understanding of responsibilities. Especially in areas where IT and security overlap and require collaboration, it is critical the CIO and CISO roles and responsibilities are clear. \u201cThe goal is to have a seamless working relationship, where roles and corresponding processes are well defined and well understood,\u201d says Frank Kim, founder of ThinkSec, a security consulting and CISO advisory firm and a senior instructor with the SANS Institute.Involve the CIO and CISO in the organization\u2019s strategic planning process. This gives both teams a single common objective that they can work toward, ensuring alignment. \u201cIT and security should have a shared technology vision that\u2019s mapped to different business drivers,\u201d Kim says, noting that this approach helps ensure neither team\u2019s objective is minimized.Require CISOs and CIOs to master executive skills. It\u2019s not enough for these leaders to have domain expertise; they must also be strong executives skilled in strategic thinking, negotiation, communication and relationship building. \u201cAnd you need to get to know the other person on a personal level if you\u2019re going to work day in and day out together,\u201d says Robert LaMagna-Reiter, CISO at FNTS, a global IT strategy and managed services company.Understand the other\u2019s job and its objectives. \u201cBoth the CIO and the CISO have to know each other\u2019s world, otherwise there\u2019s politicking and animosity. They have to be teachers and mentors to one another,\u201d Moraetes says. When one has a more informed appreciation for what the other must accomplish to succeed, they\u2019re both better able to identify common priorities and agree on compromises. For example, Moraetes says the CIO at one of his corporate clients drew on security architects to work on an identity and access management initiative that was overloading IT, a partnership that helped turn the project into a win for both departments \u2013 and the business as a whole.Employ executive training. Scott says coaching services and 360-degree reviews can be particularly effective in building strong relationships. \u201cSometimes an outside facilitator needs to come in and help the two be better collaborators. In most cases they help point out where there are issues but also they help encourage a more collaborative environment from the get-go,\u201d he says.Step down. Experts say there are times when the CIO-CISO relationship is beyond repair, and it\u2019s better to walk away than let the situation endanger the organization\u2019s success. \u201cIn extreme cases, one or the other has to leave,\u201d Scott says. Culp says she has seen situations where the CIO and others on the executive team simply did not respect the CISO\u2019s expertise or value security as a whole. In one such case, the CISO saw the company renege on funding for key security initiatives, a scenario that the CISO believed put the company at significant risk and the individual\u2019s reputation on the line \u2013 so the CISO quit.