There have been volumes written about the role of the CSO and how to gain a seat at the table in the C-suite. A relatively small number of CSOs have been able to convince their management that the CISO should be under their purview, citing the inherent mission conflicts that exist when the CISO reports to the CIO. With the Board focusing an increasing amount of attention on cyber risks, any CSO that turns down the opportunity to bring the CISO function into their fold would be making a potentially fatal career error. I am in no way saying that owning the cyber component doesn’t have its share of risks, but it is far better to take on the larger role than risk being brought under the CISO, whose role may be perceived as a more critical function.
From a personal and professional growth perspective, why stop at just incorporating the cyber component? Increasingly, senior security executives have demonstrated their value, professionalism and sound judgement. Having gained the trust of senior management, an increasing number of senior security executives have been asked to dramatically expand their role.
Some examples that come to mind include: John Turey from TE Connectivity, who heads the company’s entire Enterprise Risk Management program as well as the global security program. John plays a vital role in helping the company and each of its diverse business units catalog the enterprises dynamic risk portfolio, identify risk mitigation solutions and apply the ERM philosophy to development of the company’s overall long term strategic plan. Greg Halvac at Cardinal Health is not only the SVP and CSO, but he has been asked by management of this $121 billion company to take on a broad portfolio of functions that include facilities, real estate, corporate aviation and corporate travel. Similarly, Shelley Stewart, CSO of Cummins, was asked by management to develop a Global Integrated Services organization that brought together facilities, real estate, corporate aviation, corporate hospitality (food services), and corporate security to provide cost effective and efficient services to the 150-plus countries in which Cummins operates. Stevan Bernard of Sony Pictures Entertainment has been elevated to Executive Vice President of the company with a broad portfolio that transcends other Sony Corporation business units.
These are but a few of the success stories of individuals who have proven to their management that they are top echelon executives capable of handling an extensive portfolio of key business functions with sound judgement and managerial finesse.
I would appreciate hearing from our readers of other security executives who have successfully pressed management for more responsibility or who were assigned expanded roles due to the trust that management has in their demonstrated expertise and capabilities.