It’s all about the hierarchy

No, my boss doesn't (normally) read this magazine, nor am I fishing for a raise. Yes, I've read the latest think-tank projections and understand what convergence is. No doubt, a close working relationship between the physical and cyber sides is always vital, and 10 years from now, we may not even have CIOs.

Still, based on several survey results I've seen, most information security execs: currently report to the CIO; would rather report somewhere else, such as the CFO; expect to merge with the physical side; and think some day they'll report to the CEO (perhaps as chief risk officer).

The big (and I mean huge) problem with not being in the IT department is simply that you cannot have a true seat at the IT table. Security already struggles with the Us-Them syndrome. We're often viewed as party crashers when trying to become integrated into the lifecycle of projects. We fight the inhibitor label, and staying in sync with the IT team is hard — but worth the battle.

Everyone works on vital relationships, but no matter how hard you try, there is a cultural wall when security comes in under another chief. Simply stated, we become more like auditors — not true partners. I've never known anyone who was happy to undergo another security audit.

Of course, I'm making assumptions around what your CIO does, their effectiveness, and your inclusion within the IT team. All of it comes back to individuals — how we're perceived, the skills we possess, and the overall corporate culture. Everyone ultimately works for the same top boss, but for the foreseeable future, I'd rather leave information security under the CIO.

Dan Lohrmann

Dan Lohrmann is an internationally recognized cybersecurity leader, technologist and author. Starting his career at NSA, Lohrmann has served global organizations in the public and private sectors in many leadership capacities. As a top Michigan Government technology executive for seventeen years, Dan was national CSO of the Year, Public Official of the Year and a Computerworld Premier 100 IT Leader. He is currently CSO & Chief Strategist at Security Mentor, where he advises global and local corporations and governments on cybersecurity and technology infrastructure strategies and security culture change. He has been a keynote speaker at security conferences from South Africa to Europe and Washington D.C. to Moscow.

Dan’s award-winning blog:
CSO Magazine articles:

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.