Security Relationship Management is notable for applying marketing theory to cyber leadership. He replaces talk of firewalls with the four Ps. He argues that CISOs must intentionally design their services, decide when to outsource, manage how those services are delivered, and build a recognizable brand in a healthcare system that translates into risk-based service catalogues, differentiated support for clinicians and executives, and concise briefings that keep security visible without spamming busy staff. The heart of the book is stakeholder segmentation. Parrish recommends mapping the organization into discrete groupsboards, executive teams, business units, and vendorsand tailoring messages and metrics to each. An accompanying ABC model and simple scoring system track relationship strength by rewarding face-to-face engagement and flagging long gaps. Where the book shines is in its emphasis on soft skills. Parrish warns against carpetbombing stakeholders with alerts, urges leaders to align security initiatives with their wants, and suggests small gestureshandwritten notes, coffee chatsto build trust. This focus on branding and relationships encourages CISOs to evolve from reactive technologists into advisors who speak the language of the business. The drawback is that healthcare-specific issues like HIPAA and medical device security get only passing mention, and smaller teams may struggle to maintain contact cards and scoring. Still, for those willing to adopt a marketing mindset, the book offers a human framework for making security programs resonate with stakeholders.
Keith Duemling, Chief Information Security Officer
Just finished reading Security Relationship Management: Leveraging Marketing Concepts to Advance a Cybersecurity Program by Lee Parrish LinkedIn, and Im genuinely inspired. As someone deeply interested in auditing policy and governance around GenAI and information security, this book resonated with me on multiple levels. Parrishs approach to integrating marketing principles into cybersecurity leadership is not just innovative: its practical, human-centred, and refreshingly actionable. What stood out most was the concept of Security Relationship Management (SRM)a structured, data-driven way to build and nurture relationships across the enterprise. Its a reminder that cybersecurity isnt just about controls and compliance; its about people, trust, and strategic alignment. If you aspire to be in a role and wish to be in a position of contributing more, act like you are already in that role. Lee Parrish This quote hit home. Its a call to lead with intention, to build bridges across departments, and to elevate the CISO role from technical guardian to strategic partner. Whether you're a security leader, auditor, or someone navigating the intersection of business and technology, this book offers a compelling roadmap for making cybersecurity personal, relevant, and impactful. Highly recommended for anyone looking to deepen their influence and build meaningful connections in the cybersecurity space.
Posted to LinkedIn by Yves Genest, Senior Executive and Experienced Internal and Performance Audit.
Security Relationship Management is notable for applying marketing theory to cyber leadership. He replaces talk of firewalls with the four Ps. He argues that CISOs must intentionally design their services, decide when to outsource, manage how those services are delivered, and build a recognizable brand in a healthcare system that translates into risk-based service catalogues, differentiated support for clinicians and executives, and concise briefings that keep security visible without spamming busy staff. The heart of the book is stakeholder segmentation. Parrish recommends mapping the organization into discrete groupsboards, executive teams, business units, and vendorsand tailoring messages and metrics to each. An accompanying ABC model and simple scoring system track relationship strength by rewarding face-to-face engagement and flagging long gaps. Where the book shines is in its emphasis on soft skills. Parrish warns against carpetbombing stakeholders with alerts, urges leaders to align security initiatives with their wants, and suggests small gestureshandwritten notes, coffee chatsto build trust. This focus on branding and relationships encourages CISOs to evolve from reactive technologists into advisors who speak the language of the business. The drawback is that healthcare-specific issues like HIPAA and medicaldevice security get only passing mention, and smaller teams may struggle to maintain contact cards and scoring. Still, for those willing to adopt a marketing mindset, the book offers a human framework for making security programs resonate with stakeholders.
Keith Duemling Chief Information Security Officer
Security Relationship Management bridges the often-siloed worlds of cybersecurity and business strategy with remarkable insight. Lee Parrish draws from his extensive experience as a CISO to introduce SRMa framework that treats internal stakeholders like customers and promotes tailored, relationship-driven engagement. By borrowing from marketing disciplines, Parrish reframes cybersecurity as a service that must be understood, promoted, and aligned with organizational goals.
This book is more than a guide for security professionalsits a call to action for any executive who wants to see cybersecurity become a strategic enabler rather than a technical afterthought. Parrishs emphasis on empathy, communication, and business acumen is refreshing and timely. His SRM toolkit, segmentation strategies, and analytics model offer a blueprint for building trust and influence across departments, geographies, and industries. Its a must-read for anyone who believes that relationships are the foundation of resilience.
Gary Craven, P.Ag., FCMC, ITCP Partner Paradigm Consulting Group
