Last month I covered the unlikely probability of the security organization reporting to the Chairman of the Board of Directors.  While there are some rare instances of that occurring, it is something that most security professionals should not set their sights on. However, there has been an increase in instances where the security executive reports to the Chief Executive Officer (CEO). While this is not a particularly common reporting structure, it has some distinct advantages and disadvantages.


If you are reporting to the CEO, you certainly qualify as officially having made it to the C-suite! There is an inherent level of perceived importance and respect that any function reporting to the CEO generally garners from the rest of the folks in the company.

Participating as a member of the senior leadership team allows a seasoned security professional to not only participate in crafting the enterprise’s strategy, but also facilitates engagement in important business decisions. Keeping your antenna up and listening to what other senior leadership team members are reporting on allows you to inject security’s views of the risks and threats that may be inherent in decisions to expand into certain regions or acquire other enterprises. It also allows security to shine as an organization that assists in crafting solutions to aid the enterprise in getting to “YES” and helping the company successfully execute its plans.

Of course, there is one other advantage and that is the perks that go along with the rank – direct reports to the CEO are typically in the highest tier of compensation and benefits within the enterprise.


Unfortunately, your time in the limelight may be short, so make the most of it. Over the past 20 years, the average tenure of a CEO has dropped from 15 years to just three years. In most cases when a new CEO takes over, there is usually a purging of the existing senior leadership team so the new CEO can bring in a team of trusted associates he knows will be loyal to him or her. The same phenomenon usually occurs when mergers are executed, as eliminating redundant management is one of the benefits touted as reasons for merging in the first place.  While there used to be some pretty sweet golden parachute exit packages for C-suite executives, recent indications are that much of that largess is drying up.

The other thing to keep in mind is that everything you do or say will be heavily scrutinized by virtually everyone in the enterprise. You not only have to walk the walk and talk the talk, but you have to be a model citizen. More senior executives get booted for indiscretions and bad judgement than for just about any other cause. As a security executive, you already know that you are held to a higher standard than just about anyone else in the company… but being a security executive who reports to the CEO puts you in an even more highly scrutinized position.

I would love to hear from any CSOs who actually are reporting to the CEO of their enterprise. Please provide your insights on what you have found to be the pros and cons of reporting to the CEO in the comments section of this article on

Next month’s column will explore the pros and cons of reporting to the General Counsel.