Most big companies have both a CIO and a CISO (or CSO). Depending on how the company is organized, it’s the CISO reporting to the CIO. This relation is special, can be very rewarding, but also has some serious risks.
The CIO, the “boss of IT”, is fulfilling a very challenging role. He (or she) needs to think about things like sourcing strategies, innovations within the field of IT, supporting the business properly and increasing performance of the IT landscape. While daily operations is done by professionals, sooner or later issues will end up at the CIO’s desk. We can safely conclude the CIO is a busy person, even if everything is working as expected.
Like the CIO, a CISO has a broad spectrum of activities. As a CISO you can’t be a specialist in just one area. For example good understanding the business of the company, budgeting skills and know your way around in the technology. Even though the CISO has to be generalist, there are two main areas to focus on:
- Protect the assets of the company
- Make sure the business can operate properly
Where the focus of the CIO is to delivery and catch up with the high speed, the CISO is usually seen as one to block initiatives. Instead the CISO should sell his role as an ally to projects, colleagues and new initiatives. The CISO should however not accept everything, especially when it comes to compliance with the law of regulations. Also when initiatives are threating to the initiatives within a security program, the CISO should implement proper safeguards.
There are many things you can do as a CISO to support the efforts of the CIO. Still one should be careful not to be become a slave of the CIO’s program. The main three actions to take:
- Determine new trends and how to jump on the bandwagon soon enough. This saves you from being an obstacle later on.
- Know the roadmap of your CIO, so you can be supporting
- Show the results of your efforts in measurable terms (metrics, savings)
The CIO is both our foe and friend. Depending on a good relationship with this person, you both will be rewarded. For the CIO it will mean less worrying about availability and better protecting of the company assets. The CISO will benefit from having better input to perform the daily duties, get budget and increased exposure to management and end-users.