“I have been able to create relationships with the CFO and the C-suite, and I have regular quarterly meetings so that when it’s time to ask for money, the repertoire is there,” says Jill Knesek, CSO of BT.

Chief Financial Officer (CFO), Finance Director, Corporate Treasurer…whatever the title may be, they control the money in an organization – where it’s spent, how much is spent, perhaps even why it’s spent.

As a corporate officer in many organizations and with a spot at the C-suite, the CFO is primarily responsible for managing the financial risks of a corporation. This officer is also responsible for financial planning and record-keeping, as well as financial reporting to higher management. In some sectors the CFO is also responsible for data analysis. The CFO typically reports to the CEO and to the board of directors and may additionally sit on the board. 

As a CSO who may be trying to get a new security program or funding, the CFO is someone you’ll have to sit down and discuss how you spending money is actually going to save the company money. How do you sell security to someone who’s thinking it is all about dollars and cents, profit and loss and who possesses advanced business and financial degrees and experience?

For Jill Knesek, CSO of BT (British Telecom), it doesn’t have much to with security at all.

It’s The Business

BT is one of the world’s leading providers of communications solutions and services. The company’s principal activities include networked IT services, local, national and international telecommunications services, and higher value broadband and internet products and services. BT is also the world’s oldest communications company, with a direct line of descent from the first national telecommunications undertaking in the world.

The company’s global services security department, which Knesek heads up, operates in 170 countries, and is responsible for end-to-end security – cyber security, physical security, crime, fraud, asset protection and risk mitigation for 1,500 facilities. Knesek’s staff consists of 27 security directors.

“People in security think they are special because they save lives, but they’re not that special, because HR, marketing, sales and IT all think they’re special as well. We’re all competing for the same piece of pie,” says Professor Christopher Walker, executive professor of strategy with the College of Business Administration at Northeastern University, in Boston.

“With a CFO, it’s important to talk about security, but it’s more important to talk about the business,” Knesek says. “It’s been one my biggest challenges. But I have been able to create relationships with the CFO and the C-suite, and I have regular quarterly meetings so that when it’s time to ask for money, the rapport is there. So when I get face time with the CFO or the Board, I articulate reducing the cost of crime, protecting our brand and reputation and showing security’s long term value.”

“As a telecommunications company, we see a lot of potential for revenue fraud,” she says, “for example, theft of assets, cable, copper, and illegitimate customers. So I tell the CFO how my security operations will save millions of dollars in fraud losses per year. Once you start talking about dollars and cents and revenue, provide metrics and articulate how you will reduce costs with mitigation plans in place, you’re on your way to reaching the CFO. Security is not just about throwing a guard at a problem, it’s about reducing risk.”

As a former CSO with a Fortune 50 company and with a leading media firm, Christopher Walker once reported to the CFO. Professor Walker is currently the executive professor of strategy with the College of Business Administration at Northeastern University, in Boston, Mass. Professor Walker has also consulted with a number of business firms across several industries. He has created management development programs within three universities and among a range of organizations and businesses.

During his career, he says, articulating the logic behind the security systems that you want in place was always a difficult task. “You have to articulate financial logic behind doing what you do,” he suggests. “If you ask companies to spend a large of amount of money for a feeling of safety, that’s not sufficient. Articulate how you’re going to reduce the company’s liability exposure and the loss of assets. Show the financial impact that could be attached to a security disaster.”

Specifically, Professor Walker advocates benchmarking. “Someone has that experience,” he says. “Look at what has happened and the financial impact of litigation that has taken place, the case laws that are out there and provide a logical argument that embodies the legal and the financial aspects.”

As with Knesek, Walker stresses understanding your company’s line of business first. He also says that past experiences may not be the best thing on which to rely.  “Maybe you have had success in another job so you make certain assumptions about what should be done in your current company. That’s not necessarily the best way to go about it because business is about context.”