Security Relationship Management

Lee Parrish is an award-winning technology executive with over two decades of unique experience in blending cybersecurity expertise with essential business competencies. As a Chief Information Security Officer, he has built customized cybersecurity strategies for global Fortune 500 corporations and has led real-world incident responses to cyber events. Lee has served as a trusted advisor on cybersecurity to multiple boards consisting of Chief Executive Officers, a former White House Chief of Staff, retired high-ranking military officers and a former U.S. Presidential candidate.Lee possesses two graduate degrees and is certified as both a Boardroom Qualified Technology Expert as well as a Certified Information Systems Security Professional. He has published numerous articles in industry journals, contributed to a best-selling information security book, and authored The Shortest Hour: An Applied Approach to Boardroom Governance of Cyber Security, as well as a children’s book on cybersecurity. He is a frequent speaker at international security conferences and a guest on various podcasts.Lee is a combat veteran of the United States Marine Corps.

• Dedication. Introduction. Chapter 1: Aligning on the CISO Role. Chapter 2: Security Relationship Management Defined. Chapter 3: Marketing Concepts Re-Imagined. Chapter 4: Segmentation (Not the Network Kind). Chapter 5: Segmentation Suggestions. Chapter 6: The Core Attributes of Segments. Chapter 7: The ABC’s of SRM. Chapter 8: SRM Analytics. Chapter 9: Moving Outside of Your Corporation. Chapter 10: Addressing Challenges. Chapter 11: The Future of SRM. Appendix: SRM Toolkit.

Security Relationship Management is notable for applying marketing theory to cyber leadership. He replaces talk of firewalls with the “four Ps”. He argues that CISOs must intentionally design their services, decide when to outsource, manage how those services are delivered, and build a recognizable brand in a healthcare system that translates into risk-based service catalogues, differentiated support for clinicians and executives, and concise briefings that keep security visible without spamming busy staff.The heart of the book is stakeholder segmentation. Parrish recommends mapping the organization into discrete groups—boards, executive teams, business units, and vendors—and tailoring messages and metrics to each. An accompanying ABC model and simple scoring system track relationship strength by rewarding face-to-face engagement and flagging long gaps. Where the book shines is in its emphasis on soft skills. Parrish warns against carpetbombing stakeholders with alerts, urges leaders to align security initiatives with their “wants,” and suggests small gestures—handwritten notes, coffee chats—to build trust. This focus on branding and relationships encourages CISOs to evolve from reactive technologists into advisors who speak the language of the business. The drawback is that healthcare-specific issues like HIPAA and medical device security get only passing mention, and smaller teams may struggle to maintaincontact cards and scoring. Still, for those willing to adopt a marketing mindset, the book offers a human framework for making security programs resonate withstakeholders.Keith Duemling, Chief Information Security OfficerJust finished reading Security Relationship Management: Leveraging Marketing Concepts to Advance a Cybersecurity Program by Lee Parrish LinkedIn, and I’m genuinely inspired. As someone deeply interested in auditing policy and governance around GenAI and information security, this book resonated with me on multiple levels. Parrish’s approach to integrating marketing principles into cybersecurity leadership is not just innovative: it’s practical, human-centred, and refreshingly actionable. What stood out most was the concept of Security Relationship Management (SRM)—a structured, data-driven way to build and nurture relationships across the enterprise. It’s a reminder that cybersecurity isn’t just about controls and compliance; it’s about people, trust, and strategic alignment.“If you aspire to be in a role and wish to be in a position of contributing more, act like you are already in that role.” — Lee ParrishThis quote hit home. It’s a call to lead with intention, to build bridges across departments, and to elevate the CISO role from technical guardian to strategic partner.Whether you're a security leader, auditor, or someone navigating the intersection of business and technology, this book offers a compelling roadmap for making cybersecurity personal, relevant, and impactful.Highly recommended for anyone looking to deepen their influence and build meaningful connections in the cybersecurity space. Posted to LinkedIn by Yves Genest, Senior Executive and Experienced Internal and Performance Audit.Security Relationship Management is notable for applying marketing theory to cyber leadership. He replaces talk of firewalls with the “four Ps”. He argues that CISOs must intentionally design their services, decide when to outsource, manage how those services are delivered, and build a recognizable brand in a healthcare system that translates into risk-basedservice catalogues, differentiated support for clinicians and executives, and concise briefings that keep security visible without spamming busy staff.The heart of the book is stakeholder segmentation. Parrish recommends mapping the organization into discrete groups—boards, executive teams, business units, and vendors—and tailoring messages and metrics to each. An accompanying ABC model and simple scoring system track relationship strength by rewarding face-to-face engagement and flagging long gaps. Where the book shines is in its emphasis on soft skills. Parrish warns against carpetbombing stakeholders with alerts, urges leaders to align security initiatives with their “wants,” and suggests small gestures—handwritten notes, coffee chats—to build trust. This focus on branding and relationships encourages CISOs to evolve from reactive technologists into advisors who speak the language of the business. The drawback is that healthcare-specific issues like HIPAA and medicaldevice security get only passing mention, and smaller teams may struggle to maintain contact cards and scoring. Still, for those willing to adopt a marketing mindset, the book offers a human framework for making security programs resonate with stakeholders.Keith DuemlingChief Information Security OfficerSecurity Relationship Management bridges the often-siloed worlds of cybersecurity and business strategy with remarkable insight. Lee Parrish draws from his extensive experience as a CISO to introduce SRM—a framework that treats internal stakeholders like customers and promotes tailored, relationship-driven engagement. By borrowing from marketing disciplines, Parrish reframes cybersecurity as a service that must be understood, promoted, and aligned with organizational goals.This book is more than a guide for security professionals—it’s a call to action for any executive who wants to see cybersecurity become a strategic enabler rather than a technical afterthought. Parrish’s emphasis on empathy, communication, and business acumen is refreshing and timely. His SRM toolkit, segmentation strategies, and analytics model offer a blueprint for building trust and influence across departments, geographies, and industries. It’s a must-read for anyone who believes that relationships are the foundation of resilience.Gary Craven, P.Ag., FCMC, ITCPPartnerParadigm Consulting Group