娇色导航

CIOs and CISOs operate in high-stress environments that can at times place additional strain on their relationship, further distracting them from achieving beneficial outcomes.

In my own career, I’ve been a 娇色导航and a CISO, so I have firsthand experience with this issue from both perspectives. Defusing the situation so that the relationship is workable, healthy, and respectful for both parties can be challenging, especially for CISOs, who often reportto the CIO. It requires understanding the pressure and priorities of the other’s role, as well as how your partner operates.

Relationship ripe for tension

To understand why there is natural friction between CIOs and CISOs, one must consider the pressures and priorities of each.

The role of the 娇色导航is filled with a multitude of activities that all demand attention and have high visibility with executive management and the board, which want to see the 娇色导航on top of the IT agenda.

That agenda — the raison d’être for the 娇色导航— is to enable business transformation and growth through use of technology. Key stakeholders throughout the company demand delivery of tech-enabled change and positive customer experiences from these platforms, and the 娇色导航is judged on their ability to not only deliver these new digital solutions but also keep operational processes from being impacted by an outage or disruption to service.

Meanwhile, the CISO’s mandate is to protect the enterprise from external threats. Yes, the 娇色导航cares about this too, but they also face pressure from their business stakeholders when it comes to the trade-offs that may be required to secure the enterprise.

These trade-offs are pinch points that intersect with the CISO’s remit, highlighting conflicting priorities for both parties. Over time, such situations — and how they are handled and resolved — can lead to real friction between the two parties. This friction can be overt, boiling over in public, or covert, where it is more hidden from other colleagues or the CIO/CISO themselves.

Common CIO-CISO pressure points

In every mature enterprise risks have to be accepted for the time being, with remediation deferred. Vulnerability patching is one example where tension between the 娇色导航and CISO can arise.

In the case of highly critical vulnerabilities that have been exploited, the CISO will want patches applied immediately, and the 娇色导航is likely aligned with this urgency. But for medium-level patches, the 娇色导航may be under pressure to defer these disruptions to production systems, and may push back on the CISO to wait a week or even months before patching.

The same tension exists for programs that impact digital customer experience. For example, new multifactor authentication functionality requires new customer communications and perhaps associated short-term disruption of the channel, something that may be difficult for the business to accept.

Or the 娇色导航and the engineering team may be working with business units to facilitate new customer features via an API platform. From the CISO’s perspective, those APIs must be managed properly, and even penetration-tested, to ensure they don’t create an unexpected data loss vector. The CISO will want more controls applied, but the CIO, while agreeing in principle, must also satisfy the stakeholders by ensuring the feature is delivered, often in a short time frame.

Incident management is another are ripe for tension. The CISO has a leadership role to play when there is a serious cyber or business disruption incident, and is often the“messenger” that shares the bad news. Naturally, the 娇色导航wants to be immediately informed, but often the details are sparse with many unknowns. This can make the CISO look bad to the CIO, as there are often more questions than answers at this early stage.

A fifth example is DevOps, as many CIOs, including myself, advocate for continuous delivery at velocity. Unfortunately, not as many CIOs advocate for DevSecOps to embed cybersecurity testing in the process. This is perhaps because the 娇色导航is often under pressure from executive stakeholders to release new software builds and thus accept the risk that there may be some iteration required if this is not perfect. Meanwhile, not many CISOs come from a software developer background, and so are often not comfortable engaging with and challenging this process.

How differing 娇色导航and CISO archetypes engage

The above areas of friction have nothing to do with the personalities of the 娇色导航and CISO, an additional incompatibility issue that can create further strain on the relationship.

The 娇色导航and CISO are likely to have arrived at their positions through different career paths and may have a differing approach to their work. Some of these resulting archetypes naturally work better together, while others may clash.

David Gee

My advice here is to consider how your counterparty operates, what is their natural style, and how you might approach potential pressure points differently. For instance, a Business 娇色导航or Partnering 娇色导航will value stakeholder engagement as key for success. If paired with a Technical CISO or Transformational CISO there may be some mismatch of approach.

How to manage this tension

If you find you are operating in a scenario of elevated CIO-CISO tension, or you recognize there is a natural divergence of your approaches, it is important for both the 娇色导航and CISO to acknowledge this issue and work through how to reconcile their differences.

In these circumstances it is best to sit down and discuss how to work together respectfully and with business objectives in mind. Some suggested principles to consider include:

1. Adopt a company-first attitude.
2. Understand the business benefits of all proposed actions.
3. Be fact-driven.
4. Be transparent and honest but never offensive.
5. Look for the win-win.

This approach may not work if both parties are not committed to effecting a change. If that’s the case, then a reset may be required, with a third party or independent coach brought on board to help facilitate the relationship. Hopefully this reset can be made with some small tweaks, without one or both of the parties giving up and walking away.

A healthy dose of tension is good for the 娇色导航and CISO in their everyday work. But this has to be managed so that it does not become conflict that spills over to create non-productive situations. That would be a lose-lose for both parties, and not a great outcome for the business as a whole.