Managing Across: Building Trust Before You Need It
In the first article in this series, we focused on identifying internal influencers—the people who shape execution, surface early signals, and quietly determine whether cybersecurity strategy translates into reality.
Finding is only the first step: the real work begins with building trust. Not performative trust, not transactional trust, but the kind of durable trust that holds when priorities collide, timelines compress, and decisions must be made under pressure.
For CISOs, inter-company trust is not an abstract ideal. It is infrastructure. And like any critical infrastructure, it must be built intentionally—long before it is tested.
Build Relationships Before the Moment of Need
Trust can’t be rushed during a crisis.
When an incident is unfolding or a major control change must be implemented quickly, relationships are already being drawn upon—whether or not they were intentionally built. This is why the most effective CISOs invest in relationships during calm periods, when conversations can be exploratory rather than urgent. We develop, test, and refine incident response plans well in advance of a breach. Similarly, connections and relationships that are needed with urgency should already be built, reinforced, and ready to be effective when required
Early interactions should be low-stakes and curiosity-driven. These engagements are not about asking for approval or alignment. They are about understanding people and how they get their work done across the enterprise. This includes how work actually happens, what pressures teams are under, and where friction tends to emerge. Quite likely, these early conversations are not even about security at all! Instead, they are all about getting to know the real engines behind the enterprise, at both an individual and group level.
Showing up consistently—without an immediate ask—signals long-term intent and investment. Often, our time is our most valuable and precious asset. Therefore the simple act of spending time with a colleague is a signal that this person matters. Over time, these moments compound. When a hard decision eventually arrives, the relationship already has context, credibility, and trust to support it.
Start with Listening, Not Alignment
One of the quickest ways to stall a relationship is to move too quickly into solution mode, or into “why I’m right” posture. We’ve all done it – been so convinced by the correctness of our approach that we move immediately into convincing others exactly why we are right. This skips over the initial step of understanding them first. And until another person feels truly heard, their ears are not as open to listening – no matter how technically correct you in fact are!
People do not feel influenced by answers; they feel influenced by being understood. Active listening is therefore not a courtesy—it is a prerequisite for trust.
For CISOs, this means slowing down enough to understand:
- why resistance exists
- what incentives are truly driving behavior
- what constraints teams are operating within
It also means reflecting what you hear before responding. When stakeholders recognize their concerns in your framing, they are far more likely to engage with the outcome—even if it is not their preferred one.
Active listening creates alignment not by persuasion, but by recognition. And recognition is often what opens the door to influence.
People surface early warnings, uncomfortable truths, and half-formed concerns only when they believe it is safe to do so. Safety, in this context, is not about comfort—it is about predictability. Stakeholders need to trust that bad news will not be punished, transparency will not be weaponized later, and that raising concerns will not damage credibility.
When CISOs cultivate this environment, internal influencers become early-warning systems. They flag emerging risks, operational workarounds, and unintended consequences before those issues escalate into incidents or public failures.
Psychological safety is not built through policy. It is built through repeated, consistent responses over time.
Respect Stakeholder Fatigue
Internal influencers are often among the most stretched people in the organization. They are sought out precisely because they are effective—and effectiveness tends to attract more requests, more meetings, and more interruptions. Security can easily become an additional tax on already limited attention.
Effective CISOs are intentional about how they engage. They respect timing. They batch requests. They minimize unnecessary friction. They make it easier—not harder—for internal partners to work with the security organization.
This is not about lowering standards; it is about protecting relationships so that when security truly needs attention, the organization is willing and able to respond. Trust is built in quiet moments, but it is tested when tradeoffs must be made.
Think about a control that had to be rolled out, as fast as possible, either directly after or even during an active breach. Not negotiable, it absolutely had to be done and ideally done yesterday. And, let’s be realistic, oftentimes controls are burdensome on the broader employee base, maybe even tactically and tangibly making certain jobs harder to do. When the natural, inevitable resistance arises, being able to draw on existing relationships to smooth that road can mean the difference in a breach that lasts twenty-four hours and one that is three months.
Common polarities that every CISO has to balance include speed versus safety, usability versus control, cost versus coverage… These tensions are unavoidable, and internal influencers are often caught in the middle. CISOs who have invested in trust can navigate these moments with credibility rather than escalation. They frame tradeoffs clearly, acknowledge what is being asked of the business, and avoid fear-based arguments.
By presenting options instead of ultimatums, and by recognizing the realities on both sides of the decision, CISOs reinforce their role as partners—not obstacles.
This is where trust shows its true value.
Trust Is What Carries You Through the Hard Moments
Trust is not built in a single meeting or a single decision. It is built through patterns of behavior: listening first, respecting constraints, responding consistently, and showing up when there is nothing to gain. For CISOs, relationships with internal influencers are not transactional. They are cumulative. When pressure mounts and uncertainty rises, those relationships often determine how smoothly the organization moves forward.
In Part 3 of this series, we’ll explore what becomes possible when this trust is firmly in place—how CISOs can translate influence into momentum, navigate political landmines, and drive outcomes when it matters most.
Joanna McDaniel Burkey is a corporate board director and technology executive with extensive experience in cybersecurity leadership.
