CIO-CSO tension makes businesses stronger

Strong relationships within the C-suite are critical, but perhaps none are more important that the relationship between CIO and CSO.

The relationship between the CIO and CSO (or CISO) can be fraught with tension - and that can be a good thing. Both executives play a critical role in your organization's C-suite, and better understanding these sometimes overlapping roles can only make your business stronger and more secure.

Out of the shadows

In the past, the CSO, or CISO, depending on your organization's language, was a role secondary to that of the CIO, the CFO or another C-suite executive. But as security becomes a more pressing concern, CSOs have come out of the shadows to take a separate, but equally important role at the executive table.

"That can be hard for other C-suite players to swallow; this role that once reported to them - whether it was an offshoot of the CIO's role, or a CFO or even the CEO - is now a separate role with its own distinct priorities, budgets and concerns that sometimes appear to conflict with what other C-suite members' priorities are," says Zia Bhutta, co-founder and COO of consulting and strategic outsourcing firm Synechron.

Same goals, different priorities

"There's a natural tension between these roles because they have what appear to be different priorities, and because in many larger organizations, the CSO role, and security in general, becomes a higher priority," says Justin Cerilli, managing director, financial services technology and operations, Russell Reynolds and Associates.

"Both the CIO and the CSO are concerned with how to transform the business. What are the business' goals? How does technology both enable and hinder those goals? How can you focus on efficiency and speed of delivery, but also maintain security? These are really similar goals, but the priorities are different," Cerilli says.

It's not so much that the goals of the CIO and the CSO are different, but that the priorities are flipped, says Bhutta. For CIOs, speed of delivery - for new hardware, software and applications - and efficiency are paramount. For CSOs, the concern is with the security of data, information and privacy, says Bhutta.

Contention comes into play when the CIO and CSO don't work together to plan and agree on an overall strategy that takes both of their needs and concerns into account, says Robert Orshaw, COO and executive vice president at Velocity Technology Solutions.

"As security becomes an increasing concern, sometimes CSOs can start to develop strategy, architecture and budget spend priorities in isolation from the CIO - that's a problem," Orshaw says. "When they work as a team to jointly develop architectures, priorities and budgets that consider the needs of the whole business - that is a beautiful thing," he says.

Striking a balance

The key is effective communication, an ability to present a united front to board members and other c-level execs and to finesse compromises on both sides to achieve speed, availability and security, says Russell Reynolds' Cerilli.

"You have to be on the same page around people and processes as well as technology; create a consistent message around the business goals, the challenges and what's needed. Then, you can present a united front for your executive board and the market," he says.

One of the struggles in achieving this balance and laying the foundation for a good working relationship between CIOs and CSOs is the potential for personality clashes, says Cerilli. Human Resources can and should play a major role in finding leaders who can work well together and put the business' needs ahead of any personal need for career advancement or recognition, he says.

"Many times, we see CSOs who are either great at tech or great at relationships, same with CIOs. Having an HR organization that understands that ensuring these two roles, with a good balance of these qualities working together is a great asset. That also means that, in areas where it's not working well, you might have to find new blood for these positions if they're not effectively working with their peers," he says.

CSO, prove your worth

Working well with other members of the C-suite can require CSOs to educate their peers on their role and their value to the organization, says Orshaw.

"It's all about perspective - we had a client ready to move into a brand-new data center location until the CSO spoke up and said, 'Well, it's right near a major curve in a railyard. What happens if a train derails and runs right into our data center?' And that was an aspect no one had considered because they weren't looking at the physical security considerations," he says.

As the CSO role gains importance in the enterprise, they should consider some ongoing investment of time and energy into educating the organization on their challenges and vulnerabilities, and how the business can collaborate to solve problems, Orshaw says. Effective collaboration on every aspect of the business from physical security to hardware to software to delivery can only serve to make businesses stronger and more secure.

Join the CSO newsletter!

Error: Please check your email address.

Tags SynechronCIO roleIT management

More about CSOTechnologyTechnology Solutions

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sharon Florentine

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts