Most of my CISO assignments have been transformative roles. I've usually been called in when the company is in crisis or to replace a CISO that has been let go for some specified reason. When this occurs, my first priority is to ensure that the business understands that security is not just a technology concern; rather, it is a business concern that can be positively impactful across the enterprise.
I recently had an opportunity to discuss transfomative security from a business perspective as part of a roundtable hosted by MSS. Whether your are a security professional working to relate security to your business brethren or a business leader working to understand how to engage your security team, you may find some useful insights in this discussion.
You can find the podcast here. Enjoy!