Security Relationship Management Leveraging Marketing Concepts to Advance a Cybersecurity Program

Table of Contents

Dedication

Introduction

Chapter 1: Aligning on the CISO Role

               The Importance of Information Security

               Enterprise Reach

               Executive Level Access

               Putting It All Together

Chapter 2: Security Relationship Management Defined

Chapter 3: Marketing Concepts Re-Imagined

               Getting Started

               Product

               Price

               Place

               Promotion

Chapter 4: Segmentation (Not the Network Kind)

Chapter 5: Segmentation Suggestions

               Corporation

               Board of Directors

               Executive Team

               Cybersecurity Governance Committee

               Top Cybersecurity Proponents

               Other Committees

               Business Unit

               Manufacturing

               Distribution

               International

               Human Resources/Talent Management

               Finance

               Sales

               Information Technology (IT)

               Digital & eCommerce

               Communications/Investor Relations

               Legal (Including Outside Counsel)

               Internal Audit

               Top Cybersecurity Vendors

               The Cybersecurity Team

Chapter 6: The Core Attributes of Segments

               Critical Stakeholders

               Metrics & Measurements

               Segment Contributions

               Segment Details

               Feedback Loops

               Compliance Requirements

               Cultural Considerations

               Documentation Retention

Chapter 7: The ABC’s of SRM

               Connection Status

                              Advocate

                              Connection

                              Initial Interaction

                              Shadow

               Tracking Connections

               Connection Information

               Top Initiatives

               A Level Deeper

Chapter 8: SRM Analytics

               Scenario One

               Scenario Two

               Scenario Three

               Broader Themes

Chapter 9: Moving Outside of Your Corporation

               Frequency

               Scale

               Data Elements

               Vendor Relationships

Chapter 10: Addressing Challenges

               Managing Engagement Challenges

               Oversaturation & Balancing the Message

               Unconventional Measures

               Geographical Challenges

               Company Size

Chapter 11: The Future of SRM

Appendix: SRM Toolkit

               SRM Discussion Topics

               Industry-specific Relationship Building

Biography

Lee Parrish is an award-winning technology executive with over two decades of unique experience in blending cybersecurity expertise with essential business competencies. As a Chief Information Security Officer, he has built customized cybersecurity strategies for global Fortune 500 corporations and has led real-world incident responses to cyber events. Lee has served as a trusted advisor on cybersecurity to multiple boards consisting of Chief Executive Officers, a former White House Chief of Staff, retired high-ranking military officers and a former U.S. Presidential candidate.

Lee possesses two graduate degrees and is certified as both a Boardroom Qualified Technology Expert as well as a Certified Information Systems Security Professional. He has published numerous articles in industry journals, contributed to a best-selling information security book, and authored The Shortest Hour: An Applied Approach to Boardroom Governance of Cyber Security, as well as a children’s book on cybersecurity. He is a frequent speaker at international security conferences and a guest on various podcasts.

Lee is a combat veteran of the United States Marine Corps.

Security Relationship Management is notable for applying marketing theory to cyber leadership. He replaces talk of firewalls with the “four Ps”. He argues that CISOs must intentionally design their services, decide when to outsource, manage how those services are delivered, and build a recognizable brand in a healthcare system that translates into risk-based service catalogues, differentiated support for clinicians and executives, and concise briefings that keep security visible without spamming busy staff.
The heart of the book is stakeholder segmentation. Parrish recommends mapping the organization into discrete groups—boards, executive teams, business units, and vendors—and tailoring messages and metrics to each. An accompanying ABC model and simple scoring system track relationship strength by rewarding face-to-face engagement and flagging long gaps. Where the book shines is in its emphasis on soft skills. Parrish warns against carpetbombing stakeholders with alerts, urges leaders to align security initiatives with their “wants,” and suggests small gestures—handwritten notes, coffee chats—to build trust. This focus on branding and relationships encourages CISOs to evolve from reactive technologists into advisors who speak the language of the business. 
The drawback is that healthcare-specific issues like HIPAA and medical device security get only passing mention, and smaller teams may struggle to maintain
contact cards and scoring. Still, for those willing to adopt a marketing mindset, the book offers a human framework for making security programs resonate with
stakeholders.

Keith Duemling, Chief Information Security Officer

Just finished reading Security Relationship Management: Leveraging Marketing Concepts to Advance a Cybersecurity Program by Lee Parrish LinkedIn, and I’m genuinely inspired. As someone deeply interested in auditing policy and governance around GenAI and information security, this book resonated with me on multiple levels. Parrish’s approach to integrating marketing principles into cybersecurity leadership is not just innovative: it’s practical, human-centred, and refreshingly actionable. What stood out most was the concept of Security Relationship Management (SRM)—a structured, data-driven way to build and nurture relationships across the enterprise. It’s a reminder that cybersecurity isn’t just about controls and compliance; it’s about people, trust, and strategic alignment.
“If you aspire to be in a role and wish to be in a position of contributing more, act like you are already in that role.” — Lee Parrish
This quote hit home. It’s a call to lead with intention, to build bridges across departments, and to elevate the CISO role from technical guardian to strategic partner.
Whether you're a security leader, auditor, or someone navigating the intersection of business and technology, this book offers a compelling roadmap for making cybersecurity personal, relevant, and impactful.
Highly recommended for anyone looking to deepen their influence and build meaningful connections in the cybersecurity space.
 
Posted to LinkedIn by Yves Genest, Senior Executive and Experienced Internal and Performance Audit.

Security Relationship Management is notable for applying marketing theory to cyber leadership. He replaces talk of firewalls with the “four Ps”. He argues that CISOs must intentionally design their services, decide when to outsource, manage how those services are delivered, and build a recognizable brand in a healthcare system that translates into risk-based
service catalogues, differentiated support for clinicians and executives, and concise briefings that keep security visible without spamming busy staff.
The heart of the book is stakeholder segmentation. Parrish recommends mapping the organization into discrete groups—boards, executive teams, business units, and vendors—and tailoring messages and metrics to each. An accompanying ABC model and simple scoring system track relationship strength by rewarding face-to-face engagement and flagging long gaps. 
Where the book shines is in its emphasis on soft skills. Parrish warns against carpetbombing stakeholders with alerts, urges leaders to align security initiatives with their “wants,” and suggests small gestures—handwritten notes, coffee chats—to build trust. This focus on branding and relationships encourages CISOs to evolve from reactive technologists into advisors who speak the language of the business. The drawback is that healthcare-specific issues like HIPAA and medicaldevice security get only passing mention, and smaller teams may struggle to maintain contact cards and scoring. Still, for those willing to adopt a marketing mindset, the book offers a human framework for making security programs resonate with stakeholders.

Keith Duemling
Chief Information Security Officer

Security Relationship Management bridges the often-siloed worlds of cybersecurity and business strategy with remarkable insight. Lee Parrish draws from his extensive experience as a CISO to introduce SRM—a framework that treats internal stakeholders like customers and promotes tailored, relationship-driven engagement. By borrowing from marketing disciplines, Parrish reframes cybersecurity as a service that must be understood, promoted, and aligned with organizational goals.

This book is more than a guide for security professionals—it’s a call to action for any executive who wants to see cybersecurity become a strategic enabler rather than a technical afterthought. Parrish’s emphasis on empathy, communication, and business acumen is refreshing and timely. His SRM toolkit, segmentation strategies, and analytics model offer a blueprint for building trust and influence across departments, geographies, and industries. It’s a must-read for anyone who believes that relationships are the foundation of resilience.

Gary Craven, P.Ag.,  FCMC, ITCP
Partner
Paradigm Consulting Group