Created by the Security Executive Council
In the first article in this series
, we discussed the reasons the CSO has become one of corporate America's most complex jobs. But the SEC knows many CSOs who have built successful programs despite the challenges. While there is not a definitive set of steps that guarantees success, here are a few things we've learned from their experiences.
One of our clients was asked to take on temporary leadership of functions like facilities and audit during transition periods. Another was put in charge of aviation and real estate. In both cases, the requests came because upper management was familiar with and trusted the business skills of their CSOs.
They are good at identifying solutions rather than just problems, and they know how to socialize those solutions through the management chain, get concurrence, and drive results. They have a history of making sound business-oriented decisions.
The successful CSOs we know have determined what gets results in the company, find the business leaders behind those results, and build relationships with them. They asked, "How did you make this work?" or "Who did you go to for that?" They have discussions with their mentors to acquire information about what they know and how they learned it.
One client emphasized that it's not effective to go to executives and ask what keeps them up at night. It's more effective to keep tabs on business media and strategic news, identify the items that may impact risk to the organization, and approach executives with the information and ask, "I see this is happening. Here's what it may mean for us and what I'd like to do about it. What are your thoughts?"
These CSOs do not implement programs just because they see other organizations doing it. They propose new programs or projects only if they have already considered the business impact and can define the desired results. They develop metrics and KPIs to track these results. If they cannot define outcomes, there is no point in moving forward.
Many CSOs who are great at what they do become unsure or unsteady in front of the executive team. Those who have the most impact are the CSOs who have a passion for what they're presenting and the confidence that grows from that. They know what they're talking about. They think ahead, anticipating management questions and practicing their responses. They find someone to run their ideas by before they present to the C-suite.
Many successful clients have said that they partner with other functions, such as information security and audit, to multiply their impact. Three department leaders make a better case than one, and they can more comprehensively answer questions and rebut criticisms over a broader area.
One successful leader worked in a company organized around HR principles, so he ensured that everything security did matched up with those. CSOs who excel know the company's mission and vision, mantra and culture, and they make sure that every action they choose to take works in support of those guiding principles.
You can download a PDF of this resource below.