Home » Security Leadership » Exec. Communication

Let's Talk: Security Leadership and Executive Communication

The CSO's guide to strategic executive communication

September 04, 2002 — CSO — New CSO Bill Hancock found his security team's reputation summarized, symbolically, in the contents of a locked closet. He had been CSO for less than a week when he discovered the dirty little secret. A routine tour of the security facilities at Exodus (now the U.S. base of Cable & Wireless) in Santa Clara, Calif., turned up the closet. When Hancock opened the door, he saw 45 computers stacked high in a haphazard pile.

"What the hell is all this stuff?" he asked. Quite matter-of-factly, a security staffer informed him they were computers that had been hacked. Struggling to understand how that had led to this leaning tower of machines, Hancock asked, "Well, who do they belong to?" When that question seemed to stump the staffer, the magnitude of the problem began to dawn on Hancock. Not only had the previous CSO impounded computers instead of fixing them, the security team didn't even know where the computers came from or whether replacements had been issued to their users. The message this sent to the rest of the company was reminiscent of Jerry Seinfeld's despotic Soup Nazi: Been hacked? No computer for you!

As Hancock discovered at Exodus, the top security role in many companies is in desperate need of a reputation makeover. Nowhere is this more apparent than in the relationships between CSOs and other line-of-business executives. Though they are relative newcomers to the executive lineup (and in many cases are still waiting to get in the game), CSOs will achieve success based on the strength of their peer executive relationships. Why? Because in order to effectively execute security programs, CSOs will depend almost entirely on winning access to and cooperation from their fellow executives.

Naturally, a negative image can get in the way. "Security tyrant" is just one of the unfortunate sobriquets CSOs have earned. Business executives complain that CSOs kill projects with their unreasonable and expensive technology demands. They are "techies" who make no effort to understand or relate to the business. They speak in a foreign-sounding language, peppered with terms like buffer overflow and packet filtering. Their duties seem to consist largely of getting in the way of business rather than solving its problems. When the position devolves into stereotypes, the CSO role risks becoming marginalized. Other key executives will begin to engage in that time-tested business strategy, the end run.

In order to build strong partnerships, says Hancock, you need to deflate criticisms and communicate well with other top executives. "If you can't explain to people how to solve a problem, they'll never come back to you again," he says. "They'll do everything to work around you rather than work with you."