A New Paradigm for CISOs: Aligning Security with Revenue Generation

In today’s increasingly interconnected digital world, the role of a CISO is rapidly evolving. Beyond safeguarding organizational cybersecurity, modern CISOs are emerging as influential contributors to business strategy and revenue generation. In episode 90 of The New CISO podcast, host Steve Moore had an insightful conversation with Adam Currie, CISO at HCL Security, about this paradigm shift. Their insightful conversation covered the transformation of the CISO role, from aligning security programs with business objectives to forging essential partnerships within the organization.

In this article:

• The journey towards becoming a CISO
• Mastering the balancing act in cybersecurity
• Business outcomes and security: the imperative of alignment
• Fostering synergy between sales and security teams
• The new CISO: still figuring it out
• Conclusion: the evolving role of CISOs

The journey towards becoming a CISO

Adam’s cybersecurity journey spans 27 years, starting as a mainframe operator on the night shift at an IBM shop. His professional path, traversing through multiple IT domains — from end-user support to network engineering, from enterprise applications to systems and services — culminated in his ascension to the role of CISO.

Starting as the head of cybersecurity operations, security engineering, and security architecture at HCL, Adam transitioned into the CISO position just under a year ago, bringing with him a unique perspective informed by his diverse experiences.

Mastering the balancing act in cybersecurity

For Adam, one crucial factor shaping his approach to security operations and engineering is his understanding of the delicate balance needed in cybersecurity. This balance revolves around optimizing the productivity of tools and systems, securing them against potential breaches, and ensuring these controls don’t hinder the efficiency of the user base.

This perspective has empowered him to navigate the complexities of customer demands for unique security protocols, which often manifest as one-off requests. As Adam succinctly puts it, chasing these can result in “death by a thousand cuts.” He emphasizes the importance of spotting commonalities among such requests, enabling strategic resource allocation and informed decisions for future budgeting. “It’s where do we make these investments, right? So if we have one or two customers asking for FedRAMP, how do we work with sales to ensure that that investment, you know, what are our targets, how many customers we have to onboard by such-and-such date?” he explains.

Business outcomes and security: the imperative of alignment

A key point of discussion between Steve and Adam is the importance of aligning security efforts with business outcomes. Gone are the days when security was considered just a cost center or a necessary evil. In the current business climate, a robust security program is a selling point that can significantly enhance a company’s competitive edge.

Adam emphasizes the value of showcasing how security efforts directly contribute to deal closure or revenue generation. Moreover, he underscores the importance of equipping sales teams with adequate security-related information to effectively communicate the company’s capabilities to potential customers. As he notes, “The first conversation with the customer is always going to be with sales. So how do we provide as much security-related information to them upfront so that now we’re distinguishing ourselves within the market?”

Fostering synergy between sales and security teams

An interesting element of Steve and Adam’s conversation is their exploration of the relationship dynamics between the security and sales teams.Today’s business environment, with its complex security demands, calls for a strong connection between these two critical functions. 

Adam posits that arming the sales team with comprehensive knowledge of the organization’s security capabilities does more than just bolster the security program’s effectiveness. In fact, this approach can have a profound impact on the company’s overall revenue generation. 

Adam highlights the pivotal role the sales team plays in devising and implementing a successful security strategy. His perspective is that enabling sales teams and partners to fully capitalize on the security capabilities — ones they might not be thoroughly aware of — can be a game changer. This viewpoint encourages the establishment of a strong rapport between Security and Sales — a move that can potentially enhance the security program’s performance while boosting the company’s revenue.

The new CISO: still figuring it out

As Steve points out, the role of the modern CISO is still being defined. When asked about what being a “new CISO” means to him, Adam candidly admits, “I probably couldn’t answer it fully because I haven’t quite fully figured it out myself.”

Yet, Adam does emphasize a few defining features of this evolving role, primarily the importance of establishing strong teams and fostering trust within the team and the broader business. Without these foundational elements, Adam believes it would be challenging for any CISO to succeed in today’s complex business landscape.

Adam also recognizes that a CISO’s ability to influence and support different departments — particularly product development and engineering — is crucial. Strong partnerships within these areas of the business can significantly enhance the organization’s overall security posture.

Conclusion: the evolving role of CISOs

Steve and Adam’s conversation underscores the ongoing transformation of CISOs in contemporary business environments. Not merely cybersecurity guardians, CISOs are increasingly expected to be strategic partners in driving business outcomes and revenue generation.

This shift demands CISOs to navigate the complexities of one-off customer requests, align security initiatives with business objectives, and build stronger relationships with sales teams. It also calls for adaptability and a willingness to venture into uncharted territory, as Adam confesses.

While the role of the “new CISO” is still in flux, one thing is certain: this role will continue to evolve and expand, mirroring the rising significance of cybersecurity in our progressively interconnected world. As security continues to be a top priority for organizations across all sectors, the role of the CISO will undoubtedly become even more integral to business success.

Listen to the Podcast

Whether you’re a seasoned CISO, an aspiring cybersecurity professional, or a business leader looking to understand how security fits into your organization’s broader strategy, Adam’s insights offer valuable guidance. For more of Adam’s insights and experiences, listen to the full episode or read the transcript.