If you apply this thinking to the CSO's role, you can see how to add value to your company. Instead of simply trying to "build a great security department", define your role this way: You are a connector. Your job is to help forge strong connections between other departments specifically on issues of operational risk. You reduce friction and thus build value in the value chain.

Here's a chart has been on my office wall for about four years. I find it very useful in explaining what CSO is about. It just dawned on me that you might find it useful too. (Hopefully I'm better looking than I am smart.)

The CSO is not in this diagram. You aren't the pie chart. What the chart depicts is how various executives and their functions have overlapping risk concerns. The job of the enlightened security leader is to help those executives see their common challenges and address them in a way that facilitates cooperation between departments.

A CSO doesn't necessarily "own" every slice of the pie. This has nothing to do with power or empire-building or even org charts. But a good CSO can see that every issue provides an opportunity to help connect the various functions within the company. Michael Porter says if you remove friction and solder smoother connections, you are providing a basis for competitive advantage for your organization.