CISOs and CMOs - Joined at the Hip
Traditionally, an organization’s Chief Information Security Officer (CISO) and Chief Marketing Officer (CMO) haven’t had significant overlap when it comes to day-to-day roles and responsibilities. The CMO focuses efforts on brand growth and marketing strategy. The CISO on the other hand has been more focused on architectural efficiency, reliability, and security.
Today, data is the lifeblood of business. Businesses have access to copious amounts of consumer data that can be leveraged to gain a better understanding of their market and customer base. To the CMO this is a gold mine – more detailed insight into the wants, needs, habits, and activities of their target demographics. These can result in initiatives with large scopes and larger budgets. On the flip side, the CISO sees the red flags and vulnerabilities that come along with this information. Privacy and security threats, technological limitations, and reputational risk are all on the radar. Commonly their response is to reel the scope back in to reduce risk and budget. As you may expect this can result in internal friction as to who is truly responsible for the management of this data making it more important than ever for the CISO and CMO to establish an effective working relationship.
In order for your organization to best capitalize on the benefits of “big data”, the CISO and CMO must work together cohesively. This can be a challenge initially, as the two not only have different objectives when it comes to the use of data, but also in their ability to effectively communicate and understand the other’s perspective. In an effort to establish this relationship effectively there are critical steps that should be taken to avoid setbacks or breakdowns in communication:
Establish common short and long term goals
This one may seem obvious, but it’s likely the most critical aspect of the relationship’s foundation. Each side will have objectives they are looking to meet, and those objectives likely steer in opposite directions (especially when it comes to the budget). Where the CMO will be looking for more data points and more access, the CISO will be looking for stronger protections and stricter access control. Rarely, if ever, are the two sides going to have aligned perspectives on what should be prioritized. To avoid issues and breakdowns in the relationship, establish long term business goals and intermediary milestones to ensure that both sides are working toward a common goal.
Break down the communication barrier
Anyone working within the IT realm has seen it. You start explaining the details of an issue or a project. You try to keep it simple, avoiding technical terms and acronyms as much as possible, but then you notice glazed over eyes and nodding responses. You could be using completely made up terminology for all they know. If others are going to be expected to understand your perspective on things, they will need to understand the language, especially when it comes to security. The same goes for those within IT trying to understand marketing jargon and methodologies. Breaking down these barriers by educating the other team(s) on the simplest terminology and approach can go a long way to increasing the effectiveness of the relationship.
In addition to simply breaking down the language barrier, having a better understanding of mindsets and concerns will result in bringing better proposals to the table. Identifying the information and reasoning that will be valuable to the discussion for outside groups beforehand will result in conversations that are more open and productive. What is a security framework? Why does working in a cloud environment present different risks and challenges? Why are these data points relevant to marketing? Things that may seem simple and obvious to you may not be so clear cut to others.
This may mean that an intermediary party with a better understanding of both sides is needed to facilitate the conversations. Establishing common ground and ensuring that there is nothing lost in translation is an important part of creating a functional and effective relationship.
Establish a communication plan
As with any relationship, communication is key. Establishing a recurring sit down or planning session together will help to ensure that any new ideas or needs are on the radar and the appropriate considerations can be given from both sides. The frequency should be determined based on the volume of work being performed together or upcoming goals and milestones. If an intermediary is brought into the fold, they should be part of these sessions as well. These sessions should serve as a chance for each side to better understand the wants, needs and challenges the other is facing.
As the business world continues to shift, the lines within the traditional organizational charts will continue to blur. Establishing effective relationships between all of the departments and layers of an organization is critical. Taking steps to ensure that those relationships are open and reciprocal will help to generate success not only for those parties, but for the organization as a whole.