Congratulations on earning the coveted role of CSO. You’ve no doubt worked hard to get here. And statistically, you’ll be a success if you survive in the role for more than two years!
If you feel anxious, I can relate. But take a deep breath. You’re going to get through this.
I’m glad you found yourself here on the Symantec blog. We are probably facing many of the same complex challenges, as even the world’s largest and most established cyber security company has its share of them. I feel there’s a lot of value in you and I starting a conversation.
Over the coming months, this blog will share with the broader security community the trials and triumphs of running a large cyber security program.
You’ve perhaps heard that CSO stands for Chief Scapegoat Officer. A CSO role without the right executive support, funding and available skills is a role you want to avoid at all costs. But when the right ingredients fall into place – as they have for me - it can be an enjoyable and stimulating role, worthy of any of the heart palpitations that come with the job.
For me, things started to fall into place once I gave time to articulating a vision for the security function at Symantec.
Having made several key hires early in my tenure, I realised I needed a vision that could motivate and inspire them. I wanted to avoid handing down a vision of my own conception.
So I pulled my leadership team out of the office for a day. We talked through the proud history of our organization, the values that led us to a career in cyber security, and why we chose Symantec to help us reach our goals. To our satisfaction, we found ourselves aligned on those values. The values most cited across the team were later published to our broader team.
We found it easy to articulate our strategy, because we were already living it day-to-day.
But articulating our vision took a little more discussion and imagination.
A vision statement is about where you intend to be if you meet your goals. It lifts everybody out of the ‘work in progress’ – if only momentarily. It removes all the things that keep us needlessly busy and focuses our collective energy and imagination on achieving something bigger.
The Standard Bearer
Here’s what we came up with.
The concept of a Standard Bearer is derived from military history. As opposing armies met in battle, there was great pride when someone’s peers chose them to carry the flag. Bearing the military standard was a great honor, one reserved for those brave enough to draw fire for the sake of a broader outcome. It was also the prize that your enemy would most desire to seize from your hands. Who doesn’t love to ‘capture a flag’?
In the modern context, the concept of a flag bearer has taken on a new and even more compelling meaning. Olympic teams select an individual to bear their flag during the opening and closing ceremonies. That flag-bearer isn’t necessarily their highest medal winner or most experienced athlete. They are chosen because everyone agrees that this individual represents the best characteristics of the team. They demonstrate behaviors others aspire to.
My team – Symantec’s Global Security Office – is the internal security function of Symantec, covering both cyber and physical security. Our vision of being a Standard Bearer relates to security in practice. It’s about developing holistic programs that make the best use of our technologies and our human endeavor to protect the organization. When we talk about aspiring to be a ‘standard bearer, our aim is to earn the respect of our fellow practitioners – to use what we learn to create value for people like you.
Today I often hear my teams describe their work in the context of being a Standard Bearer. Every program is planned not only to meet the expected standard of today but also for what might break new ground in the future. I’m very proud of the transformational work underway in these programs and look forward to sharing more stories and insights with you in this blog.
We encourage you to share your thoughts on your favorite social platform.