Global CSO Explains the Value of Cybersecurity

Security leaders are constantly under pressure to demonstrate the value and impact of their cybersecurity programs and security technology investments. That pressure is even greater in times of economic uncertainty.

During a recent ExtraHop webinar titled Demonstrating the Value of Cybersecurity, Roland Cloutier, a global CSO and Digital Business Enablement Executive, shared methodologies and strategies he’s used to promote the value of cybersecurity over the course of his career. Roland has worked for TikTok, ADP, EMC, the U.S. Department of Defense, and the Department of Veterans Affairs.

Roland also introduced the concept of business operations protection and walked through what it takes to be a successful business and technical partner to the C-suite.

The First Principles of Business Operations Protection

You can’t protect what you don’t understand. It’s critical to know how the business goes to market, the products they make, their margins, the competitive landscape—and everything in between. That way, you have a stronger understanding of what needs to be protected.

Have principled priorities through Value at Risk. Once you understand what parts of the business hold more weight, such as the supply chain or manufacturing, you can make more informed decisions on where security needs to be implemented or improved.

Drive business through market trust enablement. Now that you’ve aligned the business’s goals and how it operates to create an effective security strategy, you can build trust—both from within the organization and the greater industry—to grow and deliver a greater ROI. Established companies with a trusted security posture are going to drive customers to partner with them.

Being a Successful Business Partner

To build an effective cybersecurity or business operations protection program, Roland maintained that security leaders need to start “by being a better business partner.” He defined this practice from a business perspective and a financial perspective.

On the business side, Roland noted that security executives still need to “run the business like a business” while maintaining organizational efficiency and metrics. He recommended that CSOs and CISOs define achievable cybersecurity capabilities within the company and be transparent about limitations preventing them from providing certain services. This clarity on priorities allows security leaders to set consistent expectations and build trust with both board members and customers. “Happy customers are repeat customers,” Roland reminded viewers.

From the financial perspective, Roland stressed the importance of thinking like a business owner. While growth is almost always top of mind, it may not always be the most important goal. At any given moment, the economy or industry may demand a different approach. When thinking about your company’s goals, Roland recommended asking yourself these questions:

• Are we taking the right financial steps?
• How are we doing service cost analysis on the offerings we’re delivering?

Being finance-focused shows other executives and board members a level of accountability and responsibility that they can get behind and support. “It’s all about risk versus reward,” Roland said. “Being cognisant of what the organization is going through and making intelligent and risk-based decisions is critical.”

Watch the webinar recording to learn more about Roland’s philosophy on business operations protection and how to establish a greater ROI in your organization’s cyber defense strategy.