How Connected Are You to the Business?

How Connected Are You to the Security Business? - Security Magazine

December 1, 2017

One of the most frequent discussions among senior security executives for years has been about gaining a seat at the table with the C-suite and the Board. The only way to gain that coveted seat is by transforming the Security function into a business enabler and demonstrating the intrinsic value it provides to the business. If you and your program are not viewed as adding value and assisting the business in executing its strategy, then you are relegated to a draw on overhead or worse yet a necessary evil. If you are viewed as the latter, it might be time to brush up your resume, as your days may be numbered.

Granted, it is much easier said than done... but, at the end of the day, isn’t that what we are all being paid to do? While some have already transformed their security function to this model, others will engage and struggle with this concept. Realistically, relative few will really understand how to get there, and there will be those who are simply not willing to adapt their programs to such a model.

Do Your Due Diligence

The first step down the path to the nirvana of a seat at the table for any CSO begins with gaining a deep understanding of the business. I can’t emphasize enough that this is the most important due diligence you will ever conduct.

Start by reviewing the company’s website and read everything you can find. In the Investor Relations section, there will typically be briefings from analyst meetings as well as the annual report and other key regulatory filing documents, which are filled with a treasure trove of information.
Your next stop is the company’s Strategic Planning function where you can obtain a copy of the corporate strategic plan and, hopefully, they can provide you with the strategic plans for each of the business units. It is vital that you become deeply familiar with these roadmaps to the company’s future.
Drop by your Sales and Marketing department where you can become acquainted with the company’s products/service, its markets and channel structure, and the ultimate customer for your company’s products or services. And, don’t forget to ask about the competition while you are there.
Sit down with the folks in Operations; they can fill you in on where the company produces its products and the supply chain. They can also provide information on the company’s logistics network.
If your company has a Chief Risk Officer or ERM department, stop in and ask to see the annual risk briefing/report provided to the Board each year and the annual risk review done on all the functions of the company each year.
Another key area for data collection is the Audit department. Obtaining copies of audit reports provides insights into issues that may exist across the company.
Your last stop during this phase of data collection is with your R&D department. It is vitally important to gain a picture of what the future pipeline of products and services in development by the company looks like and the expected impact they will have on the company’s revenue stream.

The data you have collected so far will help you establish a foundational understanding of the business. Remember though that it is just as important to “read between the lines” as there is also a lot of hidden data that won’t be revealed in the documentation that you have accumulated.

In next month’s column, I will map out the next rung on the ladder as you begin the ascent to that Seat at the Table.

Lynn Mattice is Managing Director of Mattice & Associates, a top-tier management consulting firm focused primarily at assisting enterprises with ERM, cyber, intelligence, security and information asset protection programs. He can be reached at: matticeandassociates@gmail.com

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

How Connected Are You to the Business?

Do Your Due Diligence

Recent Articles by Lynn Mattice

How Security Leaders Can Gain a Seat at the Table

How to Develop an In-Depth Understanding of the Business

How to Research Your Enterprise's Unique Risks

Here We Go Again! ERM vs. ESRM

Security Magazine

2020 October

How Connected Are You to the Business?

Do Your Due Diligence

Recent Articles by Lynn Mattice

Related Articles

Report Abusive Comment