For a long time, when we talked about security it was generally focused on physical security — except, of course, in many of the three-letter government organizations and the contractors that supported them. Then in 1995, in the wake of a rumored Russian cyber attack on Citicorp/Citigroup, the Chief Information Security Officer (CISO) role was “born” when Steve Katz joined the organization in the CISO role.
Since then, the CISO role and the information security office has evolved and matured. In the early days, securing the network perimeter using firewalls was the first priority. Over the years, information security became driven towards governance, risk management, and compliance. The security office became the department of “no” and published all the policies that caused extra work for teams. Today and into the near future, CISOs and their team must continue to evolve by becoming true business leaders with much greater engagement in marketing and sales.
Secure marketing information early and often
Senior security leaders are well-versed with client-facing and other external-facing engagements. They have had extensive client-facing experiences over years of presenting and interacting with the board, the executive leadership team, outside certifying agencies, auditors, and — yes — many, many clients.
With this experience comes a wealth of knowledge, specifically regarding how security can improve, how to manage acceptable risk levels, and how to sell the business value of world-class security. They must wash away the perception that security always says no. Instead, CISOs must emphasize that they do not have the right to say no. Rather they can only advise of the risk involved, support the business decision made, and help drive revenue.
The best security leaders will support business success, directly and indirectly for their company and clients. They ensure that other leaders in their company have the necessary information to make the best decisions for the business. This experience and intent is a valuable asset for marketers and salespeople to use to their advantage.
As soon as there is an opportunity to get in front of the client, ask yourself “Is my security leader available? How can I get them involved?” Invite them to the early calls so that they can bring the quality of their security program to the table from the start. Every client wants their data to be secure. Demand that your marketing vendors use their senior security leaders to establish the ability to satisfy that desire as a required added value upfront.
Once you have ensured your martech vendors’ security leaders are engaged, keep engaging them. Create a strong relationship with these security teams, this will make later security discussions go easier and much more quickly.
Next steps for marketers and executives
- Ask that your vendor invites their security leaders to client meetings to build closer relationships.
- Ask your vendor if their security team is available to discuss security or provide presentations to you on security subjects.
- Ask about meeting security team leaders at martech vendor meetings and networking events to allow them to meet and build relationships with your team members.
- Ask the vendor to engage the security leaders early to help with proposals and presentations to add a sense of security.
Changing the perception of the security team and leaders is an important first step to bringing security into the marketing and client success lifecycle. Capitalizing on the value security teams can bring will help security leaders to become valued marketing and client success partners. What’s more, it will seamlessly improve security throughout every customer touchpoint and the entirety of your martech vendor relationship.
Patrick Benoit is the Deputy Chief Information Security Officer for Cheetah Digital. He previously served as an Executive Business Partner for Experian, Client Delivery Executive for Dell Services, and an IT Director after selling his business, a Dallas-based business and technology consulting firm, which he founded in 1992.