A strong working relationship between your CISO and CMO can bridge the gap between your organization’s information security and marketing priorities, allowing you to use data effectively while mitigating security risks.
Traditionally, an organization’s chief information security officer (CISO) and chief marketing officer (CMO) haven’t had a significant overlap when it comes to day-to-day roles and responsibilities. The CMO focuses efforts on brand growth and marketing strategy, while the CISO focuses on architectural efficiency, reliability and security.
Today, data is the lifeblood of business. Businesses have access to copious amounts of consumer data and use it to gain a better understanding of their market and customer base. To the CMO, this is a gold mine. Data supplies more detailed insight into the wants, needs, habits and activities of their target demographics. These insights can result in initiatives with large scopes and larger budgets.
On the flip side, the CISO sees the red flags and vulnerabilities that come along with this information. Privacy and security threats, technological limitations, and reputational risk, to name a few. Typically, their response is to reel the scope back in to reduce risk and budget. As you may expect, this can result in internal friction as to who is truly responsible for managing this data. This makes it more important than ever for the CISO and CMO to establish an effective working relationship.
For your organization to capitalize on the benefits of “big data,” the CISO and CMO must work together cohesively. This can be a challenge initially. The two likely have different objectives when it comes to the use of data. They also face difficulties in effectively communicating and understanding the other’s perspective. To establish this relationship effectively, the CISO and CMO should follow these critical steps to avoid setbacks or breakdowns in communication.
1. Establish common short- and long-term goals.
This one may seem obvious, but it’s likely the most critical aspect of the relationship’s foundation. Each side will have objectives they want to meet. Those objectives likely steer in opposite directions (especially when it comes to the budget). Where the CMO will look for more data points and more access, the CISO will look for stronger protections and stricter access control.
Rarely, if ever, will the two sides have aligned perspectives about what they should prioritize. To avoid issues and breakdowns in the relationship, establish long-term business goals and intermediary milestones. This will help ensure that both sides are working toward a common goal.
2. Break down the CISO to CMO communication barrier.
Anyone working within the IT realm has seen it. You start explaining the details of an issue or a project. You try to keep it simple, avoiding technical terms and acronyms as much as possible. But then you notice the others’ glazed-over eyes and nodding responses. You could be using completely made-up terminology for all they know.
If you expect others to understand your perspective, they need to understand the language you use, especially in security. The same goes for those within IT trying to understand marketing jargon and methodologies. Breaking down barriers by educating others on the simplest terminology can greatly increase the effectiveness of the relationship.
In addition to breaking down the language barrier, having a better understanding of mindsets and concerns will result in bringing better proposals to the table. Identifying the information and reasoning that will be valuable to the discussion for outside groups beforehand will result in conversations that are more open and productive.
What is a security framework? Why does working in a cloud environment present different risks and challenges? How are these data points relevant to marketing? Why does some data create a greater risk than others?
Things that may seem simple and obvious to you may not be so clear to others.
This may mean that you need an intermediary party with a better understanding of both the CISO and CMO point of view to facilitate conversations. Establish common ground. Ensure there is nothing lost in translation. These are important to creating a functional and effective relationship.
3. Establish an effective communication plan.
As with any relationship, communication between the CISO and CMO is key. Establish a recurring sit-down or planning session together. This will help ensure new ideas or needs are on the radar and both sides will give them the appropriate consideration. You should determine the frequency of these meetings based on the volume of work or upcoming goals and milestones.
If you bring an intermediary into the fold, they should be part of these conversations too. These sessions should serve as a chance for each side to better understand the wants, needs, and challenges the other faces.
As the business world continues to shift, the lines separating the traditional organizational charts will continue to blur. It’s critical to establish effective relationships among all departments and layers of an organization. Take steps to ensure relationships are open and reciprocal to help generate success not only for those parties but for your organization as a whole.
Wonder what a cyber attacker sees when they target your organization? Wonder no more. Watch a live network attack demo simulated by an industry-leading offensive security expert. In our on-demand webinar, you’ll learn how to uncover vulnerabilities that the average pen test misses.
