CIOReview CIOReview
Women In Tech Review
  • Home
  • Technology
    • Agile
    • Artificial Intelligence
    • Audiovisual
    • Augmented & Virtual Reality
    • Big Data
    • BlockChain
    • Business Intelligence
    • Cloud
    • Cognitive
    • Content Delivery Network
    • Data Analytics
    • Data Integration
    • Data Visualization
    • DevOps
    • Digital Transformation
    • Digital Twin
    • Drone
    • Enterprise Architecture
    • FinTech
    • Gaming Tech
    • High Performance Computing
    • Internet Of Things
    • Machine Vision
    • Mainframe
    • Mobile
    • Networking
    • Predictive Analytics
    • Quantum Computing
    • Remote Work Tech
    • Robotics
    • RPA
    • SDN
    • Security
    • Simulation
    • Smart City
    • Software Testing
    • Storage
    • Video Surveillance
    • Virtualization
    • Web Development
    • Wireless
  • Industry
    • Agtech
    • Automotive
    • Aviation
    • Banking & Insurance
    • Biotech
    • Capital Markets
    • Casino
    • Chemical & Allied
    • Construction
    • Consumer Packaged Goods
    • Contact Center
    • Defense
    • E-Commerce
    • Education
    • Energy
    • Food
    • Healthcare
    • Latin America
    • Law Enforcement
    • Legal
    • Logistics
    • Manufacturing
    • Marine
    • Media & Entertainment
    • Metals & Mining
    • Naval Tech
    • Non Profit Technology
    • Oil & Gas
    • Pharma & life sciences
    • Proptech
    • Public Sector
    • Retail
    • Sports
    • Tech African
    • Tech Startup
    • Telecom
    • Textile & Apparel
    • Travel & hospitality
    • UAE
    • Utilities
  • Platforms
    • Adobe
    • Amazon
    • Cisco
    • Dassault Systemes
    • Dell
    • Google
    • HPE
    • HubSpot
    • IBM
    • Infor
    • Magento
    • Microsoft
    • NetApp
    • NetSuite
    • Oracle
    • Red Hat
    • Sage
    • Salesforce
    • SAP
    • VMware
  • Functions
    • Compliance
    • Contract Management
    • Corporate Finance
    • Environmental Health And Safety
    • GDPR
    • Human Resource
    • Marketing
    • Procurement
    • Sales
    • Supply Chain
  • Conferences
  • About Us
Go to...

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    • Home
    • VMware

    Yes, the CISO, CIO, and CTO can be friends!

    By Rebecca Wynn, Head of Information Security, Matrix Medical Network

    Join With Our Contributor Network

    On progress..
    Success! Thanks For Joining With Our Contributor Network.
    You Have Already Joined With Our Contributor Network
    Sorry! Something went wrong. Please try again.
    Yes,

    Rebecca Wynn, Head of Information Security, Matrix Medical Network

    It always has amazed me to see, read, and hear stories of Chief Executive Officers (CEOs) and other executives becoming very concerned that the Chief Information Security Officer (CISO) had become a close colleague of the Chief Information Officer (CIO) and/or the Chief Technology Officer (CTO). Why wouldn't you want a great working relationship? The CIO typically works on the business management side of the organization and is more internally and operationally focused. The CTO typically focuses on more long-term issues and new technology integration. The CISO typically monitors and analyzes potential security risks for the organization. The CISO has historical more times than not, reported into the CIO or CTO. True that when looking at the confidentiality-integrity-availability (CIA Triad) the CIO and CTO are normally more focused on availability than confidentiality and integrity. That is why the relationship between the CISO and CIO/CTO is so important.  Together they create balance in the CIA Triad as too much in any one of those areas singularly would cause the three-legged stool not to be balanced and tip over.

    What, then, can the CISO, CIO and/or CTO do to create harmony in the office? First, they can create a united front in the boardroom with all sharing an equal voice, ensuring it is understood. The CISO will talk more about data privacy, security, threats, and tools and personnel that is needed. The CIO will come from the "Land of Budgets" and "Business Needs." They should strive to meet in the middle and speak each other's language. Showing a united front in the boardroom can help calm the chaos. And, shift the tide.

    Remember that financial services, healthcare, Payment Card Industry (PCI) and Health Insurance Portability and Accountability Act (HIPAA) breaches, hacks and cyber-attacks affect everyone. They're not just problems for CISOs.

    Ask each other, what problems/challenges am I causing you? What can I do to better communicate my concerns and project needs? Commit to being partners in resolving the corporate problems/challenges.

    Now I know that some are thinking at this point that this all seems like a bed of roses. I know, like many of you, I have seen and heard many stories from my peers where they have not been as fortunate. Normally, that stemmed from insecure CEOs or other executive leaders that led a dysfunctional executive team. The CEO or other senior leaders may have subjected people to "bullying" at work. While the corporate bully may not look or acts like the playground thug, the victim’s response in either case is to hunker down and get out of the way. The executive bully uses fear or the threat of humiliation to silence critics or contrarian voices.

      Create a united front in the boardroom with all sharing an equal voice 

    In a corporate setting, that adds up to lost opportunity. Employees’ voices go unheard. Product defects are covered up; unethical practices continue unchecked; untenable financial risks are ignored; brilliant ideas never see the light of day. People are intimidated into keeping quiet.

    The bullies may "shoot the messenger," and punish those who deliver unwanted news. More common, however, is for "executive bullies" to flaunt their power by summarily dismissing ideas or warnings they don’t want to hear.

    Having an open, collaborative environment where executives are approachable, listen to their peers and employees, are healthier and those companies flourish. Where that is not happening, the CISO, CIO and/or CTO need to display even more of a united front.

    The CTO takes on new technologies keeping the organization’s competitive edge, the CIO takes on operational IT requirements that keep the organization running, and the CISO takes on the ever increasing security risks an organization faces as it embarks on new ways to store their company’s precious data and information.

    To Do List:

    • Communicate regularly
    • Be respectful of each position and its responsibilities
    • Be ingrained in the business
    • Avoid spreading fear without solutions
    • Be immersed with the new technology
    • Know the ever-changing threat landscape.
    • Learn to accept and embrace manageable risk
    • Learn to protect data while enabling the business to run
    • Know your scope, and your boundaries
    • Be clear on the priorities

    There is industry consensus that the relationship can, and often does, work. In my career, I have been fortunate to have a great working relationship with Emilia Sherifova (CTO, LearnVest; Head of Enterprise Architecture and CX/PX Engineering, Northwestern Mutual) and Mason Dansie (CIO, Matrix Medical Network).  One of the main reasons I believe that we were able to quickly sync is that, besides having a strong business, legal, governance, compliance, risk, and regulations background. I am a security person who comes from a technical background, having been a developer, database administrator, and code validation engineer, among other roles.  I've done all those "geeky" things. Like them, I want to fix things. We have strong business and strategic backgrounds. And like me, they are committed to excellence. It has been a pleasure to know them and work alongside them over the years. I hope that you will be fortunate to have successfully working relationships as I have. The key is PARTNERSHIP.

    On The Deck

    • IT Service Management

      2018-07-03

      #
    • Mobile Application Special

      2018-05-15

      #

    Editor's Pick

    • How Blue Shield of California implements finance technology in accordance with its mission and values Facing a 100% remote work environment, the 4.4 million-member nonprofit health plan also took a new approach to internal controls
      How Blue Shield of California implements finance technology in accordance with its mission and values Facing a 100% remote work environment, the 4.4 million-member nonprofit health plan also took a new approach to internal controls

      By Sandra Clarke, CFO, Blue Shield of California

    • Empowering Animal Welfare through Sound Science-based Solutions
      Empowering Animal Welfare through Sound Science-based Solutions

      By Karen Christensen, Sr. Dir. Of Animal Wellbeing, Tyson Foods

    • Top Digital Marketing Trends for 2021
      Top Digital Marketing Trends for 2021

      By Kara Jensen, Creative Principal, Bop Design

    • COVID-19 Creates a Myriad of Compliance Challenges for Employers
      COVID-19 Creates a Myriad of Compliance Challenges for Employers

      By Liliana Salazar, Esq. Chief Compliance Officer, Chief Compliance Officer, HUB International Limited

    • Challenges that Compliance Officers face Today
      Challenges that Compliance Officers face Today

      By Samantha-Anne Horwitch, General Counsel/Chief Compliance and Human Resources Officer, Citelum

    • Benefits of Having NetSuite ERP for Business
      Benefits of Having NetSuite ERP for Business

      By CIOReview

    • Simplify ASC Completes Its Acquisition of PhyBus RCM
      Simplify ASC Completes Its Acquisition of PhyBus RCM

      By CIOReview

    • Red Hat Acquires StackRox, a Validation of Its Approach to Container and Kubernetes Security
      Red Hat Acquires StackRox, a Validation of Its Approach to Container and Kubernetes Security

      By CIOReview

    • CVC Capital Partners Fund VII Signs an Agreement to Acquire STARK Group
      CVC Capital Partners Fund VII Signs an Agreement to Acquire STARK Group

      By CIOReview

    • Dave West and Irving Tan Joins Cisco
      Dave West and Irving Tan Joins Cisco

      By CIOReview

    Copyright © 2021 CIOReview. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy       |       Disclaimer