and welcome back to revenue protection as a C. So
in this module we will talk about why it is important to be seen as a trusted adviser.
There's a quote from John Lee Coast that I like says the CSO role is now one of a trusted adviser to the business as a whole, not just the technology.
Sure, technology provides the tools that produce pris process, store and transmit business data, but the sea. So the technology itself is much less important than the business process is support.
Let's focus on the last part of it, but to the sea. So the technology itself
is much less important than the business processes it supports.
are we focused on processes or we focused on controls
in the Deloitte publication, the new C. So they list the four phases of the new C. So
I suggest you read the full publication, but for today we will focus on
So congratulations, you're on the executive team. You are likely the Onley non self focus leader next to the Chief HR Officer,
how do you become the trusted adviser?
You are the security leader, but to you, But do your colleagues trust you?
Be proactive. Stay in front of security trends, breaches, etcetera. Use current news to highlight how your organs protected.
And what I mean by that is,
you know, a new day, a new breach.
A lot of times the executive team will come to you and ask you like, Are we protected from that? If it's pretty large scale breach, there may even be a meeting You're calling to to explain how the company is being protected from that.
What I like to do is take a proactive approach
whatever cadence that your organization has is executive meetings.
I like to bring to the meeting ah, current breach or current set of breaches and then talked through not in technical talk, but in layman's terms on the policies, procedures and or technology that we have in place to protect us from that said
threat or exploit.
And then I feel questions on that,
Um, and one thing that does is it alleviates stress, but it also highlights what you're doing in your security program. But it could also be used to show where their gaps and you can, you know, justify more budget if there's a pretty widespread, um,
exploit zero day
or ah, mitigating control that needs to be implemented via solution or tool that you currently don't have the budget to implement.
So use those times when you are meeting with your executive teams. Are you presenting to the board to talk again? Not a technical top. I like to quantify in dollars cause we're talking into the board, right? They care about money
not in a bad way, but go back to what the business was founded to do is to generate a profit.
And if you're trying to justify mawr span Feehan apartment,
you better be able to quantify, um,
the reduction in risk
post implementation of this new tool
not implement the tool and your current risk. Um, no, what's the current exposure was the reputational damage that would happen if
you were reached or
and you didn't implement this particular control.
So that's just an example of one of the things that I like to do. But if we take a look at some of the other facets of this, this diagram
being a strategist, you are the chief protector of the guardian of the business you're expected to be the technologist. So you're going back again to the previous module.
You're respected to communicate. You're expected to be the subject matter expert. When it comes to all things security, you're expected to be the strategist. Meaning that you're not just looking at today, but you're looking,
you know, 234 years down the road. None of us have a crystal ball. But it is very important to have a strategic plan. Um, four year department
and, you know, security as a whole
as their trusted adviser and the gain trust, you must speak the language of the business. You must be able to quantify risk.
Um, you must be able to pick your battles strategically, know what he'll to die on and which one to walk away from. This is very important. You must not block business going back to our first module or don't be a blocker.
Don't be that guy.
Um, and you must develop mastery of your budget.
This is going back to seeking that feedback and having a collaborative approach and finding someone and finance that can help you and keep you on target.
mastery is one of the I would say top skills
that a c so
needs but often lands in the role without
depending on how you landed in that seat. If you know where manager or director, you probably do have some sort of budgeting skills. But being in the sea, soc just takes. That amplifies it to a
totally new level. Because now you're focusing all security for the entire organization. Just not
your department. And you have to budget accordingly. Especially, you know, if if I t rolls up to you as well, which is a growing trend that the sea so not only manages the security side of the house, but also
the I t infrastructure and I information technology side of the house. So being able to balance that budget
ah, against the knees of the business and your desires and projects is just of utmost importance that you don't go over budget and turn what I've said it before and keeps in it is a call center into a sunken ship that just won't work out.
I'm well for you. Long term.