One of the most frequent discussions among senior security executives for years has been about gaining a seat at the table with the C-suite and the Board. The only way to gain that coveted seat is by transforming the Security function into a business enabler and demonstrating the intrinsic value it provides to the business. If you and your program are not viewed as adding value and assisting the business in executing its strategy, then you are relegated to a draw on overhead or worse yet a necessary evil. If you are viewed as the latter, it might be time to brush up your resume, as your days may be numbered.

Granted, it is much easier said than done... but, at the end of the day, isn’t that what we are all being paid to do? While some have already transformed their security function to this model, others will engage and struggle with this concept. Realistically, relative few will really understand how to get there, and there will be those who are simply not willing to adapt their programs to such a model.

Do Your Due Diligence

The first step down the path to the nirvana of a seat at the table for any CSO begins with gaining a deep understanding of the business. I can’t emphasize enough that this is the most important due diligence you will ever conduct.

• Start by reviewing the company’s website and read everything you can find. In the Investor Relations section, there will typically be briefings from analyst meetings as well as the annual report and other key regulatory filing documents, which are filled with a treasure trove of information.
• Your next stop is the company’s Strategic Planning function where you can obtain a copy of the corporate strategic plan and, hopefully, they can provide you with the strategic plans for each of the business units. It is vital that you become deeply familiar with these roadmaps to the company’s future.
• Drop by your Sales and Marketing department where you can become acquainted with the company’s products/service, its markets and channel structure, and the ultimate customer for your company’s products or services. And, don’t forget to ask about the competition while you are there.
• Sit down with the folks in Operations; they can fill you in on where the company produces its products and the supply chain. They can also provide information on the company’s logistics network.
• If your company has a Chief Risk Officer or ERM department, stop in and ask to see the annual risk briefing/report provided to the Board each year and the annual risk review done on all the functions of the company each year.
• Another key area for data collection is the Audit department. Obtaining copies of audit reports provides insights into issues that may exist across the company.
• Your last stop during this phase of data collection is with your R&D department. It is vitally important to gain a picture of what the future pipeline of products and services in development by the company looks like and the expected impact they will have on the company’s revenue stream.

The data you have collected so far will help you establish a foundational understanding of the business. Remember though that it is just as important to “read between the lines” as there is also a lot of hidden data that won’t be revealed in the documentation that you have accumulated.

In next month’s column, I will map out the next rung on the ladder as you begin the ascent to that Seat at the Table.