One of the highest-stakes parts of my job as the leader of our Security & Risk business is the in-depth business review that I present to Forrester’s executive team twice a year. And I always start those presentations with a single slide in which I attempt to capture the Security & Risk profession in as few words as possible. My current formulation is: “We protect our company’s brand – and our Security & Risk program allows our company to pursue new business opportunities safely.”
Our CEO, George F. Colony, sat bolt upright and said, “Wow – I didn’t know that CISOs saw their roles in such business-centric terms!” To which I replied, “And that’s exactly the problem. Strong CISOs are generally all action and very little talk – they put the brand and business opportunity at the center of everything they do, but they don’t brag about it. And thus they don’t get the recognition they deserve.”
And my team and I are on a mission to help you change that. Because we know that a strong security & risk program can be a competitive differentiator. We can help our businesses win on the global stage by enabling our firms to accept more (and different!) risks than others can afford. Rethinking your security assumptions and your security infrastructure means that you will have the skills, processes, and tools your business needs to seize new opportunities. So now you just have to get the word out that you can help.
The best way to do that is to run at the threat. Meaning: Whenever anyone comes to you with a scary but possibly profitable idea, say: "Sounds exciting. Let's figure out how to make that work." Stick with that innovator every step of the way as he enters that new geography, co-develops a new product with a tiny startup on the other side of the world, or brings a customer-created service to market. And then be prepared for the avalanche of people with great ideas who need –and want! – your help.
My team and I, plus Security & Risk leaders from eBay, the Internal Revenue Service, Scania, and UPS, look forward to exploring new ways to run at the threat at Forrester’s Security Forum this year. Security Forum 2012 North America hits Las Vegas on May 24-25, and Security Forum 2012 EMEA will take place in Paris on June 19-20. For a sneak peek into the content, check out this short video.