- Audience 1st
- Posts
- Why Business Information Security Officers Are Strategic Cybersecurity Translators
Why Business Information Security Officers Are Strategic Cybersecurity Translators
The Information Security Team can’t just be the department of ‘no.’ They have to understand the business needs and translate those into information security terms.
Dani Woolf
12 Dec • Read Time: 7 minutes
The challenge is clear:
BISOs must bridge the widening gap between security priorities and business demands, often dealing with a space that is fraught with competing interests and high stakes.
But how do BISOs balance the demands of risk mitigation with the realities of operational goals?
How can they make meaningful connections with vendors who often fail to understand the nuances of their role?
These are the questions that Rob Dalzell, a Business Information Security Officer (BISO) at a major financial institution, grapples with regularly.
In this episode of Audience 1st, I had a candid conversation with Rob, where we unearthed invaluable insights into what drives buying decisions and operational realities for BISOs.
POLL: What’s the most effective way to differentiate your cybersecurity solution in a crowded market? |
Before we dive in, don’t forget to subscribe to join 1700+ cybersecurity marketers and sales pros mastering customer research. You’ll get notified whenever a new episode and buyer insights summary drops.
Who is Rob Dalzell?
Rob Dalzell is a seasoned cybersecurity professional with over 30 years of experience in Information Technology and Cybersecurity.
Currently, he serves as a Business Information Security Officer (BISO) at a large financial institution, a role he has held since June 2021.
In this position, he advises the line of business on risk issues related to information security and recommends actions to support the bank's risk management and compliance programs.
Throughout his career, Dalzell has held various positions in the cybersecurity and IT fields.
He has worked extensively with large financial institutions, holding roles such as Cyber Security Attack Surface and Vulnerability Management, Cyber Security Technology Program Management, and Email Encryption Specialist.
His experience also includes positions at other notable companies like CGI, Wells Fargo, and JD Edwards ERP.
Insights and Key Takeaways
Bleeding Neck Challenge – Legacy Systems and Patch Management
Rob’s "bleeding neck challenge" is managing legacy systems and patching vulnerabilities.
This issue is exacerbated by internal resistance, where business priorities often overshadow security imperatives.
"Getting rid of old software and hardware that shouldn’t be out there is risky. But people say, ‘We don’t have the time, we don’t have the money.’"
Solutions should be positioned to highlight the cost of inaction and deliver clear, measurable ROI.
Messaging should address how to integrate patch management seamlessly into existing workflows without disrupting operations.
Rob’s Strategic Priority – Email Encryption
One of the key use cases Rob highlighted is email encryption.
His organization required a solution that automates encryption to eliminate human error, such as sending sensitive information unencrypted.
"We want to do things in a way that makes it impossible for people to make mistakes."
Vendors should focus on solutions that simplify security for end-users.
Messaging must emphasize ease of use, automation, and the prevention of costly mistakes—all critical factors for buyers like Rob.
The BISO Role is a Role of Translators in Cybersecurity
As a BISO, Rob describes his role as a translator between technical and business teams, ensuring both sides understand each other’s priorities.
"We can’t just be the department of ‘no.’ We have to understand the business needs and translate those into information security terms."
Sales and marketing efforts must bridge this gap by showing how their solutions align with both business goals and technical requirements.
Case studies and content should demonstrate this dual value in clear, relatable terms.
Buyers Value Long-Term Learning
Rob champions continuous learning and mentorship, appreciating vendors who provide genuine educational value rather than just pushing products.
"I like helping people. Whether it’s young referees or interns, I’m always trying to teach and mentor."
Vendors can build trust by delivering thought leadership content, actionable insights, and opportunities for skill-building.
Positioning events or campaigns as learning experiences resonates with buyers who prioritize growth.
Relationship Building Through Small Events
Rob prefers small, intimate gatherings over large conferences or virtual events.
These settings foster genuine, distraction-free conversations and meaningful connections.
"I like being in a room where we can put the phones down and have a single focus."
Instead of focusing solely on large trade shows, vendors should host smaller, regional events.
These intimate settings provide opportunities to discuss industry challenges in a non-salesy environment, building trust and credibility.
Barriers to Adoption – Cost and Usability
Rob identifies cost, ease of use, and lack of knowledge as primary barriers to adopting cybersecurity solutions.
He emphasizes that solutions need to show clear, tangible value to justify their expense.
"Cost, ease of use, and lack of knowledge are the three barriers I can think of."
Marketing efforts must address these objections upfront.
Articulate financial benefits clearly and showcase how the product simplifies security management.
Providing educational resources can help bridge knowledge gaps.
The Hidden Buying Committee
In large organizations, decision-making involves navigating a hidden network of stakeholders who may intentionally obscure their identities for security reasons.
"Instead of first and last name, they might use initials on LinkedIn to avoid unwanted contact."
Sales strategies must account for this complexity by mapping out the entire buying committee.
Leveraging trusted relationships, hosting community events, or creating tailored content can help uncover and engage these decision-makers.
Future Concerns – Quantum Computing and AI
Emerging technologies like quantum computing and artificial intelligence are on Rob’s radar.
He highlights their potential to disrupt security practices and create new vulnerabilities.
"Quantum computing will change things quite a bit. Passwords we thought were secure can be cracked very quickly."
Vendors should position their solutions as future-ready, addressing emerging threats.
Messaging should highlight resilience against quantum and AI-driven risks to reassure forward-looking buyers.
My Final Thoughts
Rob’s insights reveal a recurring theme:
Cybersecurity buyers are looking for solutions that align with their reality.
Whether it’s addressing patch management challenges or simplifying email encryption, vendors need to stop selling in a vacuum and start solving real problems.
The best way forward?
Listen, learn, and build relationships based on trust and value.
Authenticity wins every time.
If there’s one thing I want to leave you with, it’s this:
Don’t just sell a product—sell a solution to a buyer’s specific, tangible pain points.
Ask yourself, “How does this make their life easier today?”
The difference between a vendor and a partner is understanding.
Be a partner.
Until next time,
Dani
Subscribe to Audience 1st Podcast Newsletter
Thanks for reading! If you like summaries like this, subscribe to Audience 1st Podcast Newsletter to get notified whenever a new episode drops.
Excited to collaborate? Let’s make it happen!
Check out our sponsorship details to connect with real security practitioners and showcase your brand to an engaged community of cybersecurity decision-makers giving and seeking real buyer insights.
Reply