Bonnie and Clyde, Kirk and Spock, and Bert and Ernie are all examples of dynamic duos, but nothing trumps the pairing of the CISO and the CFO.
There are several reasons why a CISO may want to establish a good working relationship with their organization’s CFOs, the professional responsible for all financial activities associated with their business. But establishing rapport with these finance-focused execs may not come as easily for a CISO as it does with other security-minded professionals.
Improving their working relationship with the CFO is top of mind for some CISOs. Danielle Ruderman, Amazon Web Services’ (AWS) senior manager of worldwide security specialists, leads the company’s “CISO Circle” program, a series of invitation-only events allowing CISOs to discuss pressing topics and challenges under the Chatham House Rule. Ruderman told IT Brew that the program hosted a meeting at last year’s AWS re:Inforce conference around how CISOs could better discuss their needs with CFOs. It generated so much discussion that the guest speaker, a former CFO, was unable to get through his slide deck.
“That’s just a sign that this topic [is]…important to our customers,” Ruderman said.
Watch your language! Masha Sedova, VP of human risk strategy at Mimecast, told IT Brew one of the mistakes she sees CISOs make when communicating with CFOs and other leadership team members is that they fail to speak about security as a “strategic business initiative.”
“As a security professional, if you go in and talk to a CFO about incidents and vulnerability management, you’re going to be speaking two very different languages,” Sedova said.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
When communicating with a CFO, Sedova said CISOs should frame their needs around the return on investment they could bring to their organization.
“What a CISO needs to do is think about the investment into his or her team as a business enabler to go into the conversation explaining how the budget being put into your team is going to help sales sell more, customers buy more, customers stay on the product longer, and help the company expand its footprint,” she said.
She added that while jargon is highly regarded in the security industry, CISOs should lay off throwing out complex terms that their non-technical counterparts might not understand during conversations.
“Most successful security leaders I know and have seen do not pride themselves in using ambiguous acronyms and terms,” Sedova said. “They are able to articulate complex security ideas in a way that every executive can understand without having to have a background in security.”
Mission accomplished. Kirkham IronTech CEO and Founder Tom Kirkham told IT Brew that the CISO will know when they’ve successfully communicated their needs to the CFO and other stakeholders when security feels ingrained into the culture of their organization and conversations with them reflect that.
“You’ll know you’ve really gotten it done and baked into the culture when the…CEO is walking the talk, the finance person is walking the talk, all the whole C-suite is walking the talk, and everybody in the company is walking the talk.”