What a Chief Strategy Officer does, and why you need one

Seasoned IT security expert and former Gartner analyst Richard Stiennon recently became the Chief Strategy Officer for the Blancco Technology Group.

It was the perfect opportunity to talk with him, and explore the challenges that come with filling this pivotal information security role – a role that requires the executive to be involved in not just long-term strategic planning, but also product positioning, public affairs, analyst relations, joint ventures and industry partnerships.

The required skills

Many in the infosec industry recognize Stiennon from his days as VP of Research at Gartner Inc. Most recently, he served as Chief Research Analyst at IT-Harvest, where he ended up researching over 1,400 IT security vendors.

“In the four years I spent as VP of Research at Gartner, I researched, spoke to and met with hundreds of technology, data management and IT security vendors, and it was an experience that can’t really be matched in any other role. I was able to observe how each of those organizations developed and then executed their corporate, product and marketing strategies. I saw the ones that worked and the ones that failed. For example, I was one of the first analysts to identify and help CheckPoint Software Technologies’ senior executive team see where and how the company’s software-only strategy couldn’t and didn’t measure up to Cisco’s appliance strategy,” Stiennon told Help Net Security.

The time he spent working at technology and security vendors like Fortinet and Webroot and, on the analyst and research side, with Gartner and IT-Harvest, has given him a unique perspective and understanding of corporate challenges/priorities that he can bring to this new role.

“I’ve also been able to meet with corporate CIOs, heads of data privacy and IT professionals within retail, healthcare, finance, auto brands, as well as top officials within state, federal and international government agencies and regulatory bodies. This has allowed me to get a very deep understanding of their pain points, challenges, and identify existing gaps in their knowledge/security practices and technologies, to then provide useful recommendations to improve their organization’s security posture,” he says.

Becoming a Chief Strategy Officer

The Chief Strategy Officer role requires a strong background and deep understanding of the industry from different angles. It’s equally important to have technical and market analysis know-how – a strategy cannot be executed successfully without integrating both.

“One of the prerequisites for defining a strategy is listening to your teams and to your customers, partners, distributors and resellers, prospects, industry influencers and government agencies/officials, to gauge their current understanding of and approach to data management, security risks and overall IT/data privacy priorities. Only then will you be able to define a strategy that solves the challenges your business faces, allowing it to fill the gaps that other vendors cannot – be it through educational content that outlines best practices, new and insightful data security research, hands-on training workshops or discussions with analyst firms,” says Stiennon.

At the end of the day, it’s about shining a light on what’s holding companies back from being fully secure, and then showing them how to address those issues through information, tools and recommendations.

What makes this position unique

A Chief Strategy Officer doesn’t look at the industry differently than other security executives like CISOs, CEOs and CFOs. “Rather, (s)he looks at the industry with a more prescriptive lens, to see corporate data management approaches, data security and privacy threats and security gaps/weaknesses, and then applies those insights and lessons when devising the corporate strategy across long-term strategic planning, product positioning, marketing initiatives, thought leadership and public affairs.”

A Chief Strategy Officer also looks at other data security software providers to identify their strengths, weaknesses and opportunities. “By doing so, you will be able to see if, where and how you can learn from them, and if it makes sense to develop competitive positioning or if you could benefit from a strategic partnership/relationship,” he notes.

The Chief Strategy Officer and the boardroom

While CISOs in many industries still need to earn their place in the boardroom, it’s only natural for infosec vendors to reserve a seat for the Chief Strategy Officer.

In fact, in his new role Stiennon will be working closely with the CEO, VP of Product Management, VP of Customer Experience, VP of Global Marketing, and additional internal departments/teams.

“A Chief Strategy Officer’s role in the boardroom is two-fold: (s)he needs to be an objective listener to understand what the board values, understands and expects from the business. Second, (s)he needs to communicate the larger corporate strategy to the board in a way that meets their understanding, educates them on the strategy’s potential impact on the business, and provides roadmaps,” he says.

The characteristics of a true leader

What makes companies and people true leaders? It’s not about beating your chest and saying how great your company and product are.

“There are a few key things that make a company, its products and people stand out and lead ahead of competitors: having a winning product development process, making sure their products and marketing always have a customer-centric focus and, ultimately, using data and metrics to identify their company’s product, customer experience, sales and marketing strengths or weaknesses. If a company can’t deliver on these requirements, it will have a tough time in creating awareness, consideration, trust and use by its target audience,” Stiennon concludes.

Is there a specific infosec job you’d like to find out more about? Are you doing something our readers should know about? Let me know.