About the Book
Aligning information security to the goals and strategies of the business is paramount for ensuring risks are addressed, without an abundance of negative impacts to the company. But how does a Chief Information Security Officer (CISO) accomplish effective alignment? A security executive must understand the detailed needs of business leaders and stakeholders from across all corners of the company. We cannot rely on a standard cadence of general security discussions across all of the lines of business, as well as functional areas, and expect our alignment to be maximally effective. Instead, we should promote our security programs in such a way that makes it personal to whomever we are speaking with at any given time.
By leveraging already established and tested marketing concepts, slightly altered for information security, the CISO can tailor their message to fit the needs of each stakeholder. This allows for in-depth business alignment, as well as a holistic view of the company’s underpinnings for the CISO. Within these pages, the reader will learn how segmentation, the Four Ps, and customer relationship management techniques, can help to transform their security program. Additionally, the book introduces a concept called Security Relationship Management (SRM) that optimizes the creation and nurturing of the hundreds of professional relationships (within and outside the company) that a CISO must balance each week. Through structured tracking of interactions and analyzing SRM data, the CISO ensures that relationships are managed effectively, which increases alignment between the business and cybersecurity initiatives. Pick up your copy of Security Relationship Management: Leveraging Marketing Concepts to Advance a Cybersecurity Program, today to begin your SRM journey.
Please visit www.novelsecurity.com for more information.
Table of Contents:
Dedication. Introduction. Chapter 1: Aligning on the CISO Role. Chapter 2: Security Relationship Management Defined. Chapter 3: Marketing Concepts Re-Imagined. Chapter 4: Segmentation (Not the Network Kind). Chapter 5: Segmentation Suggestions. Chapter 6: The Core Attributes of Segments. Chapter 7: The ABC’s of SRM. Chapter 8: SRM Analytics. Chapter 9: Moving Outside of Your Corporation. Chapter 10: Addressing Challenges. Chapter 11: The Future of SRM. Appendix: SRM Toolkit.
About the Author :
Lee Parrish is an award-winning technology executive with over two decades of unique experience in blending cybersecurity expertise with essential business competencies. As a Chief Information Security Officer, he has built customized cybersecurity strategies for global Fortune 500 corporations and has led real-world incident responses to cyber events. Lee has served as a trusted advisor on cybersecurity to multiple boards consisting of Chief Executive Officers, a former White House Chief of Staff, retired high-ranking military officers and a former U.S. Presidential candidate.
Lee possesses two graduate degrees and is certified as both a Boardroom Qualified Technology Expert as well as a Certified Information Systems Security Professional. He has published numerous articles in industry journals, contributed to a best-selling information security book, and authored The Shortest Hour: An Applied Approach to Boardroom Governance of Cyber Security, as well as a children’s book on cybersecurity. He is a frequent speaker at international security conferences and a guest on various podcasts.
Lee is a combat veteran of the United States Marine Corps.
Review :
Security Relationship Management is notable for applying marketing theory to cyber leadership. He replaces talk of firewalls with the “four Ps”. He argues that CISOs must intentionally design their services, decide when to outsource, manage how those services are delivered, and build a recognizable brand in a healthcare system that translates into risk-based service catalogues, differentiated support for clinicians and executives, and concise briefings that keep security visible without spamming busy staff.
The heart of the book is stakeholder segmentation. Parrish recommends mapping the organization into discrete groups—boards, executive teams, business units, and vendors—and tailoring messages and metrics to each. An accompanying ABC model and simple scoring system track relationship strength by rewarding face-to-face engagement and flagging long gaps. Where the book shines is in its emphasis on soft skills. Parrish warns against carpetbombing stakeholders with alerts, urges leaders to align security initiatives with their “wants,” and suggests small gestures—handwritten notes, coffee chats—to build trust. This focus on branding and relationships encourages CISOs to evolve from reactive technologists into advisors who speak the language of the business.
The drawback is that healthcare-specific issues like HIPAA and medical device security get only passing mention, and smaller teams may struggle to maintain
contact cards and scoring. Still, for those willing to adopt a marketing mindset, the book offers a human framework for making security programs resonate with
stakeholders.
Keith Duemling, Chief Information Security Officer
Just finished reading Security Relationship Management: Leveraging Marketing Concepts to Advance a Cybersecurity Program by Lee Parrish LinkedIn, and I’m genuinely inspired. As someone deeply interested in auditing policy and governance around GenAI and information security, this book resonated with me on multiple levels. Parrish’s approach to integrating marketing principles into cybersecurity leadership is not just innovative: it’s practical, human-centred, and refreshingly actionable. What stood out most was the concept of Security Relationship Management (SRM)—a structured, data-driven way to build and nurture relationships across the enterprise. It’s a reminder that cybersecurity isn’t just about controls and compliance; it’s about people, trust, and strategic alignment.
“If you aspire to be in a role and wish to be in a position of contributing more, act like you are already in that role.” — Lee Parrish
This quote hit home. It’s a call to lead with intention, to build bridges across departments, and to elevate the CISO role from technical guardian to strategic partner.
Whether you're a security leader, auditor, or someone navigating the intersection of business and technology, this book offers a compelling roadmap for making cybersecurity personal, relevant, and impactful.
Highly recommended for anyone looking to deepen their influence and build meaningful connections in the cybersecurity space.
Posted to LinkedIn by Yves Genest, Senior Executive and Experienced Internal and Performance Audit.
Security Relationship Management is notable for applying marketing theory to cyber leadership. He replaces talk of firewalls with the “four Ps”. He argues that CISOs must intentionally design their services, decide when to outsource, manage how those services are delivered, and build a recognizable brand in a healthcare system that translates into risk-based
service catalogues, differentiated support for clinicians and executives, and concise briefings that keep security visible without spamming busy staff.
The heart of the book is stakeholder segmentation. Parrish recommends mapping the organization into discrete groups—boards, executive teams, business units, and vendors—and tailoring messages and metrics to each. An accompanying ABC model and simple scoring system track relationship strength by rewarding face-to-face engagement and flagging long gaps.
Where the book shines is in its emphasis on soft skills. Parrish warns against carpetbombing stakeholders with alerts, urges leaders to align security initiatives with their “wants,” and suggests small gestures—handwritten notes, coffee chats—to build trust. This focus on branding and relationships encourages CISOs to evolve from reactive technologists into advisors who speak the language of the business. The drawback is that healthcare-specific issues like HIPAA and medicaldevice security get only passing mention, and smaller teams may struggle to maintain contact cards and scoring. Still, for those willing to adopt a marketing mindset, the book offers a human framework for making security programs resonate with stakeholders.
Keith Duemling
Chief Information Security Officer
Security Relationship Management bridges the often-siloed worlds of cybersecurity and business strategy with remarkable insight. Lee Parrish draws from his extensive experience as a CISO to introduce SRM—a framework that treats internal stakeholders like customers and promotes tailored, relationship-driven engagement. By borrowing from marketing disciplines, Parrish reframes cybersecurity as a service that must be understood, promoted, and aligned with organizational goals.
This book is more than a guide for security professionals—it’s a call to action for any executive who wants to see cybersecurity become a strategic enabler rather than a technical afterthought. Parrish’s emphasis on empathy, communication, and business acumen is refreshing and timely. His SRM toolkit, segmentation strategies, and analytics model offer a blueprint for building trust and influence across departments, geographies, and industries. It’s a must-read for anyone who believes that relationships are the foundation of resilience.
Gary Craven, P.Ag., FCMC, ITCP
Partner
Paradigm Consulting Group
