The CISO as Culture-Builder:
Trust, Alignment, and the New Leadership Mandate
Insights from Mike Zachman (CSO, Zebra Technologies) and Bill Briggs (CISO/Senior Security Leader, Fintech/Manufacturing/Energy/Banking/Retail)
The stereotype of the CISO as the “Department of No” is long gone. With the security industry now shaped by AI acceleration, operational complexity, and heightened board scrutiny, security leaders are expected to do more than protect the business.
They’re expected to influence it, enable it, and shape its outcomes.
In a recent conversation with Intaso, Mike Zachman and Bill Briggs explored how the role has evolved on both sides of the Atlantic. Despite different market dynamics between the US and Europe, a shared truth emerged:
Modern CISOs succeed not through technical control, but through organisational influence, commercial fluency, and the ability to make secure decisions feel simple.
Here are the three leadership shifts redefining the role.
01
The influence game:
How modern CISOs earn trust at the top table
For both leaders, influence doesn’t come from dashboards, KPIs or red-amber-green charts.
It comes from trust, earned long before the board meeting begins.
Mike captured one of the clearest measures of influence:
“One key measure is the style of engagement with the board. Is it conversational, or is it a battery of questions? When trust is low, it feels like a congressional hearing… But when trust grows, the conversation becomes more open and forward-looking.”
Bill agreed, emphasising that true influence is reflected in outcomes:
“I think the real test is whether your strategy and budget get approved with reasonable challenge. That’s a leading indicator of trust.”
Where influence is strongest, boards aren’t just questioning security, they’re partnering with it.
And when CISOs communicate in commercial terms (valuation, resilience, operational continuity) security becomes a strategic conversation, not a defensive one.
The takeaway:
Winning CISOs don’t just present metrics; they shape the conversation around business resilience, trust, and strategic decision-making.
02
Turning compliance into customer value
Compliance has long been perceived as a burden; a checkbox exercise to pass an audit or satisfy due diligence.
But top CISOs are reframing it as a pathway to customer value and product differentiation.
Bill highlighted the nuance across industries:
“In banking, compliance and risk management are inseparable; it’s about protecting reputation. In oil and gas, it’s about protecting people.”
But compliance as value creation was best illustrated through Mike’s example:
“Our mobile devices used in courier operations automatically blur faces or personal details in delivery photos. That feature reduces customer risk and adds value without being asked for; it’s compliance used proactively to enhance trust.”
In private equity–backed environments, this shift is especially important.
A company that treats compliance as its ceiling rarely scales.
A company that treats compliance as its floor can transform security into a differentiator, earning trust from customers, regulators, and investors alike.
The takeaway:
Compliance shouldn’t constrain innovation; it should guide it. When it’s embedded early, it elevates products, strengthens brand trust, and protects valuation.
03
Rethinking talent:
Building teams that accelerate the business
The CISO role has matured, and so must the teams that support it. The leaders agreed that traditional hiring criteria no longer works.
Certifications and technical knowledge matter, but business acumen, partnership, and communication matter more.
Bill captured it perfectly:
“The first thing I look for is attitude, then aptitude, then technical ability… Ethics is baseline.”
Mike, who has led global teams across manufacturing and technology, echoed the shift:
“Early in my career, it was all about technical prowess. Today, I look for technologists who are also business partners. Technical skills can be taught; partnership and curiosity can’t.”
Where businesses embrace this mindset (hiring diagnosticians rather than box-ticking technologists), the security function stops being a friction point and starts becoming an enabler.
Controls become smoother. Decision-making becomes faster. Adoption becomes easier.
The takeaway:
A high-performing security team thinks in business terms first, technology second. The most secure path must also be the easiest one.
In summary:
Leadership that builds trust
Across industries and continents, one principle consistently defines effective security leadership:
Diagnose before you prescribe.
As Mike put it, “Sell the why, describe the what.” Understand the business model. Build trust early. Make security the simplest path. And above all, design a function that accelerates the business, not one it has to work around.
A huge thank you to Mike Zachman and Bill Briggs for their candour, insight, and humanity in this conversation.