Royal Flying Corps First World War fighter ace Harry Day once remarked that “rules are for the obeyance of fools, and the guidance of wise men”.
Ask anyone who is a hardcore fan of a sport and they will know the rules inside and out. Flags thrown and whistles blown are an indicator of some broken rule. Penalties are handed out and offenders are pulled out of the game. Those offended are given free throws or a gain of yardage.
Fans will yell at the TV or in the stands when their favorite team is given the penalty. The stats are adjusted and behind the scenes, analysts wonder about the impacts on the player.
Ask anyone in technology and they will spout any number of guidelines and security measures that are in place. They can rattle off the applications used and how they are configured.
If the right rules are in place, there will be a mantra of Zero-Trust built into all aspects of the business.
Think about this: How do these rules impact the morale of the employees (players)?
What would a team be without a strong coach? Championships are won and lost by the relationship between coaches and the teams.
The CFO’s role as a coach can steer conversations, boost employee morale, and change the course of tech investments.
Travis Russel, Director of Cyber Security for Oracle, stated that “employees are your first line of defense“. While that may be true in some respects, there is an offensive security strategy that can take place.
One strategy is to create a process for Cloud Security Posture Management (CSPM). One states that this is as:
IT security tools that are designed to identify misconfiguration issues and compliance risks in the cloud
For example, you may utilize a platform such as Tenacity Cloud to get insights into your cloud strategy and governance.
So, where does the CFO come in?
According to a Gartner post this year, “worldwide spending on information security and risk management technology and services is forecast to grow 12.4% to reach $150.4 billion in 2021, according to the latest forecast from Gartner, Inc. Security and risk management spending grew 6.4% in 2020”.
Part of the offensive coaching is for the CFO to collaborate with the CIO, CTO, or CISO to craft a strong CSPM strategy. The CFO will have an understanding of the cash flow and know when, where, and how to invest in the right technology. If this isn’t done in a cohesive manner, it would be like a coach taking the team to the game, but showing up at the wrong stadium.
The play you call now will have strong downstream impacts.
The CFO may need to switch to the role of the referee and call a time-out if things are being executed properly. Yes, there is always the inherent risk in the move you make, but it should be founded on risk intelligence. This can only be done correctly in a harmonized environment.
Lastly, stand behind your decisions. Remember this quote from the movie “Remember the Titans”.
“I don’t scratch my head unless it itches and I don’t dance unless I hear some music. I will not be intimidated. That’s just the way it is.”Coach Herman Boone, Denzel Washington