How CISOs can drive revenue gains and advance their careers

How CISOs can drive revenue gains and advance their careers

Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and gain efficiencies by improving and scaling citizen developers. look now.


One of the fastest ways for a CISO to get promoted is to prove that their security team can drive revenue gains by protecting customers and building trust. The security posture of any organization is at the heart of the customer experiences it provides. Protecting customer identities and data can be the difference between being in business next year and being gone.

Forrester Research’s 2022 Security and Risk Forum session provided practical, pragmatic advice and information for security and risk professionals. He challenged them to take control of cybersecurity initiatives, which is a core competency of their businesses.

Two presentations provided insight into how CISOs can deliver more value and advance their careers. One was “Cybersecurity Drives Revenue: How to Win Every Fiscal Battle” by Jeff Pollard, vice president and principal analyst at Forrester. The other was “Communicating Value: A CISO’s Business Acumen Primer” by Chris Gilchrist, also a principal analyst at Forrester.

CISOs must ease their growing influence

The degree of confidence and effectiveness of a given company’s security posture affects its revenue and deal pipeline. How close is an organization to achieving its zero-trust initiatives, including multi-factor authentication (MFA), identity access management (IAM), and privileged access management (PAM) ? The answer will determine whether she will qualify for cyber insurance and what the premiums will be.

Event

Smart Security Summit

Learn about the critical role of AI and ML in cybersecurity and industry-specific case studies on December 8. Sign up for your free pass today.

Register now

And a business must show business buyers that cyber insurance is in place before it can benefit from larger sales opportunities and transactions, and before buyers sign a purchase agreement. and issue their first purchase orders. “When something hits as much revenue as cybersecurity, it’s a critical skill. And you can’t pretend it’s not,” Pollard said during his presentation on how cybersecurity generates revenue. income.

>>Don’t miss our new special issue: Zero trust: The new security paradigm.<

CISOs need to demonstrate growing influence and prove that they and their teams can be counted on to drive revenue. A great way to do this is to focus their teams on how cybersecurity investments protect and build customer trust. “This means that security is now a driver of business strategy rather than buried as an operational line item only to be managed and measured as a cost. In other words, security now has the latitude to champion and drive growth,” said Gilchrist.

CrowdStrike co-founder and CEO George Kurtz sees more CISOs joining boards through their contributions to making organizations more resilient and secure, and to fostering business. Source: “Communicating Value: A CISO’s Business Acumen Primer for 2023” presented by Chris Gilchrist, Principal Analyst, Forrester

“I see more and more CISOs joining boards of directors. I think this is a great opportunity for everyone here [at Fal.Con] to understand what impact they can have on a business. From a career perspective, it’s great to be a part of this boardroom and help them on their journey – to ensure business resilience and security,” said George Kurtz, co-founder and CEO of CrowdStrike, during his speech at his company’s annual event. He continued, “Adding security should be a business enabler. It should be something that adds to the resilience of your business, and it should be something that helps protect the productivity gains of digital transformation.

As cybersecurity is a cost of doing business, CISO roles are now strategic and can morph into board-level positions. CISOs who excel at leading their teams to drive revenue gains are key to helping boards understand how technology reduces enterprise-wide risk. “While CISOs need to continue to work on translating technology and technical risk into business risk, and be able to better convey that risk story to their board, across the aisle we we need the board to be able to understand the true implication of cyber risk on ultimate shareholder value and business objectives,” said Lucia Milica, global resident CISO at Proofpoint.

Proofpoint’s recent report, Cybersecurity: The 2022 Board Perspective, found that 73% of boards have at least one member with cybersecurity experience. Additionally, most board members (77%) think cybersecurity is a top priority for their board itself. So, “the CISO’s role is evolving from a technical specialist to a business executive who can understand where business value comes from and explain to the board how to protect it,” said Betsy Wille, director of The Cybersecurity Studio and former CISO at Abbott.

CISOs who can translate how cybersecurity technologies reduce business risk, who can generate revenue through cybersecurity, and who think strategically have the best chance of being promoted to a board position. Source: “Cybersecurity: The 2022 Board Perspective”, by Proofpoint in collaboration with Cybersecurity at MIT Sloan (CAMS).

How CISOs can drive revenue gains

Here are some critical areas that CISOs and their teams need to focus on to drive revenue: identifying how cybersecurity practices affect deal flow; reduce barriers to entering new markets by complying with regulatory requirements; and reduce breach costs. Jeff Pollard’s presentation offered a four-step approach to identifying the impact of security spending on revenue.

  1. Identify requirements for security controls.
  2. Quantify the current aggregate value of the contract and the lifetime value of the customer.
  3. Link expense allocations for all controls that meet these requirements.
  4. Then, total each of these items separately as reasons for security expense allocations.

One of the main benefits of following this framework is that it quantifies the value of customer risk reduction. Additionally, CISOs who attend board meetings with quantified risk assessments speak the language of board members. It is an excellent career strategy to gain visibility and promotion.

Explaining how and why cybersecurity spend allocations are made based on contract value and customer lifetime value is a solid framework for CISOs to defend and potentially increase their budgets. Source: “Cybersecurity Drives Revenue: How to Win Every Fiscal Battle,” presentation by Jeff Pollard, VP and Principal Analyst, Forrester

The objective of the Forrester methodology is to determine the cost of a specific security investment per customer and the revenue generated by that specific customer segment. Essentially, the methodology examines the return on security investment while quantifying what is at stake if the customer base is not protected.

Knowing the number of customers who rely on an organization to protect their identity using Privileged Identity Management (PIM) and the amount of revenue generated by those customers helps determine the percentage of the security budget that should be spent on the IMP. “We spend Z; they’re responsible for Y revenue. You can also recognize in-game revenue if you got rid of that control… if you didn’t have the budget to renew that control, renew the licenses… to support it,” Pollard explained during of his presentation.

Forrester’s suggested methodology enables CISOs and their teams to defend budgets while generating the financial analysis board members need to understand the risks of insufficient cybersecurity funding. Source: “Cybersecurity Drives Revenue: How to Win Every Fiscal Battle,” presentation by Jeff Pollard, VP and Principal Analyst, Forrester

For example, suppose 330 customers need an enterprise-level PIM to protect their identity, at an annual cost of $250,000. The cost per customer is $757.58. The analysis then takes the total annual revenue of customers requiring PIM and divides it by the costs of implementing a PIM system, yielding the costs per revenue of customer security coverage. Thus, Forrester’s analysis also provides value to CISOs by helping them quantify the revenue risk of not adequately protecting customers.

CISOs can use this analysis to protect their budgets by considering whether it’s worth putting millions of dollars in revenue at risk by not spending the $250,000 to protect them. Extending it to all line items in a budget gives a CISO significant bargaining power in negotiations with a CFO and the board. It also provides a consolidated financial view of the cost of risks in the event of budget cuts.

Additionally, for CISOs interested in advancing their careers, risk quantification is what boards are focusing on today.

Forrester’s methodology for defending security budgets can also quantify, at the revenue line level, the risks of not protecting customers enough. Source: “Cybersecurity Drives Revenue: How to Win Every Fiscal Battle,” presentation by Jeff Pollard, VP and Principal Analyst, Forrester

CISOs need to be bold to deliver value

CISOs face a number of challenges, including consolidating their technology stacks, doing more with less staff thanks to a chronic shortage of security manpower, and continued pressure to cut budgets. They therefore need a methodology to defend their budgets. As security budgets evolve, so do the careers of entire departments.

Showing how security generates revenue and knowing how to quantify risks is a valuable skill that CISOs and their teams must develop. Boards of directors think and speak in these terms. Thus, CISOs who develop them early on as a skill set will boost their careers and may eventually gain promotion and a role on the board.

VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Discover our Briefings.

Leave a Reply

Your email address will not be published. Required fields are marked *