Zalud Report

Closing the CEO, CSO Gap

May 1, 2008
/ Print / Reprints /
/ Text Size+

A number of security executives routinely interact with top CEOs and top enterprise chief security officers as a way to conduct their business and bridge the gap. Three are Michael McCann, president and CEO at McCann Protective Services; James Lee Witt, CEO, Crisis Management and Preparedness Services, James Lee Witt Associates; and Howard Safir, CEO, Security Consulting and Investigations Unit, SafirRosetti.

To complement this month’s cover story on What CEOs Think, I’ve gathered these perspectives from the three.


McCann – I see security budgets as continuing to tighten (unless of course there is a major incident).  Justification for new equipment and technology will be required.

Witt – In many companies, the individual responsible for security is also responsible for emergency preparation. This often poses some budget overlapping, and in the current economic environment, budgets will be getting even tighter. The company model that CEOs prefer has become one of a minimal internal staff managing the right external resources needed to protect the organization’s proprietary assets. 

Those CEOs and companies ahead of the curve will continue to be cognizant of regulatory requirements and security’s role, commented Howard Safir.


McCann – Now that security has a seat at the table, CSOs will continue to be under greater scrutiny.  I believe audits of their operation and associated costs will occur more often.

Safir – Security executives should expect regulatory requirements in security and emergency preparedness to increase. Those CEOs and companies ahead of the curve, however, will continue to be cognizant of these requirements and will work proactively to identify and address gaps before they become a problem. Companies do not want to be behind the eight ball in this regard and have to play catch up.  Being proactive will help.

“The CEO is demanding more from the CSO,” said Michael McCann.

People Issues

McCann – It will be more and more difficult to attract highly qualified and experienced candidates. RFP and bids for outsourced security operations will be very competitive.  However, with the tightening of security budgets, companies will be more likely to accept low bids. Security companies will be forced to pay lower hourly rates and hire less skilled workers and invest fewer dollars in training.

Safir – Given all the areas of specialization in fields such as business continuity, disaster management, computer forensics and security planning, it is vital that the top security executive develop trusted and vetted partnerships with external vendors that can provide competent and licensed professionals when needed. Controlling supplier relationships in this manner tends to result in better service and considerable savings beyond what a company could maintain in-house.

In the current economic environment, CEOs will demand that budgets get even tighter, observed James Lee Witt.


McCann – With each emergency or incident, more and more focus from the CEO will be directed at security operations and their ability to deliver.  Plans have been formulated, security budgets have increased, additional personnel have been hired and senior management has been briefed.   Importantly, when an incident occurs, top management will focus on the incident and the response.   No more excuses.

Witt – Smart CEOs and their companies use an all-hazards approach to emergency preparation, dedicating the appropriate resources and energy to planning for any type of event. This preparation needs to take place internally, as well as externally with local governments and key vendors.  The chief security officer needs to be an integral part of the disaster management and recovery planning process. They must work internally to put a plan in place, but just as importantly, should become familiar with local first responders and law enforcement personnel.  You don’t want to meet the fire chief for the first time when your building is on fire.

Management Attention

McCann – The CEO will be demanding more from the CSO.  In some cases, discussions between CEOs will focus on a comparison to others of their respective security operation. In particular if there is a security incident. 

Witt – The events that have occurred in our country over the last seven years such as natural disasters, terrorist attacks and regulatory compliance should convince every CEO of the importance of having the right person at the table to plan and manage these high-level issues on a daily basis.  Additionally, a CEO’s commitment to the security function is often demonstrated by whether or not they have someone at the table, and the value that is placed on that individual.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Bill Zalud

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

July 2014

2014 July

In the July issue of Security Magazine, read about how the NFL is balancing security with fan experience to make sure sporting events are running smoothly. If you're doing any traveling this summer, be sure to read the 5 hot spots for business travel security, also, employers can track on-the-go employees with new mobile apps. Also, check out the latest news and industry innovations for the security industry.

Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive


CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+