The relationship between CIO and CISO can be fraught with friction, but Angelic Gibson and Christina Quaine, CIO and CISO of B2B payment service AvidXchange, represent a new emerging dynamic between IT and security, one that relies on open communication, a commitment to diversity, and a strong bond between IT leadership.
It’s little secret that security has become a board-level priority for organisations across all industries, with organisations taking risk-adverse approaches to IT to stay ahead of security, compliance, and risk management issues. As security and its relationship to IT grows more complex, a solid relationship between CIOs and their CISO counterparts will be critical to delivering quality services, products, software, and hardware to customers.
“It’s all about building trust with our business partners that we’re providing a service to, with our customers, and with one another,” says Quaine, who heads up the cyber security portion of the partnership. “The trust aspect is huge for me — it’s really around doing what you say you’ll do and committing to that. So, if you’re aligned and you communicate that you’ll do something, that builds our trust as a leadership team, and just multiplies in the organisation.”
When speaking of their partnership, Gibson acknowledges that, as with anything, there “could be some competing objectives” between the two IT leaders, but she and Quaine have developed a professional relationship that enables them to stay on top of risks, while still meeting business objectives.
“My job is to ensure that we’re protected and we’re always available for our customers and our teammates, and security is an added layer of protection to enable that. I don’t look at it to be competing. I think it’s a complement, and it starts with, ‘Do you trust each other? Can you have balanced goals and objectives and work together to get to the end goal?’” Gibson says. “If we’re not protected at the starting point, nothing else really matters — and I carry that philosophy.”
Bringing diversity of thought to IT and security
Gibson’s and Quaine’s shared experiences of reaching a leadership position as women in a male-dominated industry was key in helping them establish a strong connection early on.
But their awareness of what it’s like to be overlooked and undervalued has also helped them bridge communication gaps between IT and security, as the last thing they would want to do is create an environment of contention between the two departments — one that might result in either group feeling shut out.
“We want high inclusion and diversity of thought from different people, groups, backgrounds. You don’t want a team of 400 minions of yourself; you need diversity of thought, which is going to truly spur on and create innovation,” Gibson says. “That is what’s going to set you apart; you’re better when you have that.”
For both Gibson and Quaine, this mindset has grown from their experiences being a gender minority at times in their own careers, giving them first-hand knowledge of how important it is to ensure leadership sets an example that makes everyone feel welcome.
“It’s almost unconscious, you just start looking for it, because you were a part of the minority,” Gibson says. “So — and this has been my experience — you start to naturally seek it out without even having to think about it.”
Quaine and Gibson feel this attitude trickles down through AvidXchange’s IT and security departments, helping them not only maintain open lines of communication but also attract talent and deliver effective products and services. The two are constantly working to find new ways to bring diverse candidates through the door — and to encourage career growth once employees sign on.
For Quaine, that importance of leaders who foster potential was stressed early in her career, as she was encouraged to pursue a chief privacy officer role by another woman IT leader in her organisation. Without that push, Quaine says she might not have had to confidence to go for the role or to pave a way in leadership.
“There’s plenty of people that I mentor in the organisation that aren’t in the security space that want to understand more about technology and want to be engaged, and we allow for that space and for that learning to happen, and for teammates to explore that opportunity,” Quaine says.
Gibson and Quaine’s strong relationship as CIO and CISO has not only helped set the stage for communication and collaboration between IT and security, but it has also invigorated a passion for technology throughout the entire organisation.
“Angelic is working hard to make sure that we’re up-skilling our teammates in the organisation and bringing them on the technology journey with us,” Quaine says. “It’s just amazing to see people really get excited and passionate about something. Once you see that in somebody, you just want to help and enable them.”