Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs

Bridging the IT-Security Gap with Jane Frankland

commvault
02/22/2026
1
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


TL;DR

  • CIOs and CISOs have opposing mandates—innovation versus risk reduction—creating organizational friction that leaves security concerns filtered or dismissed, particularly when CISOs report to CIOs.
  • Critical workflows like system patching, cyber recovery planning, and M&A due diligence fail when IT and security teams don't collaborate, as each holds essential knowledge the other lacks.
  • Technology-first approaches to bridging the gap actually widen it by reinforcing silos; effective solutions require leadership alignment on risk tolerance, cultural change, and cross-functional project work.
  • Simulated crisis exercises like 'Minutes to Meltdown' provide practical first steps by forcing stakeholders to collaborate under pressure and recognize their interdependencies.

The Structural Divide Between IT and Security

This episode examines the persistent organizational gap between CIOs focused on innovation and digital transformation and CISOs tasked with risk reduction and compliance. Jane Frankland, a 28-year cybersecurity veteran and MBE recipient, explains how these opposing mandates create friction: CIOs are incentivized on cost efficiency and operational uptime, while CISOs are measured on resilience and risk mitigation. The conversation reveals how reporting structures compound this problem, with many CISOs reporting to CIOs—a dynamic that can lead to security concerns being filtered or dismissed before reaching board level. Frankland notes she has witnessed CISOs removed for being 'too good at their job' when security requirements conflicted with IT delivery timelines.

Real-World Consequences and Use Cases

The discussion moves to practical scenarios where IT-security misalignment creates tangible risk. System patching emerges as a critical example: infrastructure teams traditionally deploy patches, but security teams possess the vulnerability intelligence needed to prioritize them effectively. Without collaboration, organizations patch inefficiently or miss critical vulnerabilities. Cyber recovery planning presents another case where both domains must converge—infrastructure teams manage backup and recovery operations, but security teams provide the forensic analysis to identify clean restore points. Frankland adds merger and acquisition due diligence as a third scenario, where failure to include security can result in acquiring companies with undisclosed breaches.

Solutions: Culture, Process, Then Technology

Frankland advocates for a layered approach to bridging the gap, starting with leadership alignment and risk tolerance definition at board level. She emphasizes that technology solutions deployed without addressing people and process first actually widen the divide, as security tools remain siloed in the SOC while infrastructure teams operate independently. The conversation highlights Commvault's 'Minutes to Meltdown' workshops as an effective first step—simulated ransomware exercises that force cross-functional stakeholders to collaborate under pressure. Frankland's prescription for security professionals: become evangelists who serve the business rather than enforcers who block it. For non-security stakeholders: increase cyber literacy and build relationships with security teams, who she insists are 'the department that now likes to say yes.'

Chapters

0:00 - Introduction and Episode Format
1:07 - Jane Frankland's Background
4:01 - MBE Recognition and Women in Cyber
5:24 - The IT-Security Gap Explained
9:06 - CISO Vulnerability and Reporting Structures
12:09 - Risk Tolerance and Organizational Culture
13:50 - Real-World Use Cases: Patching and Recovery
16:06 - M&A Due Diligence and Testing Scenarios
17:45 - Solutions: Leadership, Culture, and Process
19:08 - Technology as Enabler, Not Solution
21:02 - Working on Real Projects Together
22:03 - Final Advice and Closing

Key Quotes

1:50 "I started my own penetration testing company back in the late 1990s. It was the first female owned penetration testing company in the UK."
7:09 "The CISO is seen as the disabler to business. They don't like change because change introduces risk."
8:53 "I've seen CISOs alert the CIO to certain risks and that CIO will be taking it to the board. But because that doesn't align with his or her objectives, their agenda, they're removing those risks. So the board is unaware."
8:58 "I've also seen CIOs actually, at the first opportunity remove the CISO because they are too good at their job. They're slowing things down."
19:08 "We talk a lot about people, process and technology, the golden triangle in security and how those three are required, but we tend to be solving the issues that we have mostly with technology."
22:09 "Security people go out there and be evangelists. Go out there and serve the business. Find out about what they are doing. Build your influence so that you can do a better job."
Categories:
  • » Webinar Library » Commvault
  • » Data Protection » Backup & Recovery
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Security Operations
  • Best Practices
  • Executive Briefing
  • Data Protection
  • Compliance & Governance
  • IT-Security Alignment
  • CIO-CISO Dynamics
  • Organizational Risk Management
  • Cyber Recovery Planning
  • Security Culture
  • Cross-Functional Collaboration
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Bridging the IT-Security Gap with Jane Frankland

              Upcoming Webinar Calendar

              • 03/17/2026
                06:00 AM
                03/17/2026
                L'importance cruciale de l'ITDR pour 2026 et au-delà
                https://www.truthinit.com/index.php/channel/1856/limportance-cruciale-de-litdr-pour-2026-et-au-delà/
              • 03/18/2026
                01:00 PM
                03/18/2026
                Beyond Chatbots: Agentic AI That Actually Fixes Identity Risk
                https://www.truthinit.com/index.php/channel/1847/beyond-chatbots-agentic-ai-that-actually-fixes-identity-risk/
              • 03/19/2026
                11:00 AM
                03/19/2026
                Risk in Real Time: Stopping Exploits Before the CVE Even Exists
                https://www.truthinit.com/index.php/channel/1372/unlocking-network-intelligence-for-smarter-risk-decisions/
              • 03/19/2026
                01:00 PM
                03/19/2026
                Cyber CSI 2.0: Phishing Forensics in the Age of AI and Deepfakes
                https://www.truthinit.com/index.php/channel/1842/cyber-csi-2-0-phishing-forensics-in-the-age-of-ai-and-deepfakes/
              • 03/26/2026
                01:00 AM
                03/26/2026
                Reclaim Network Clarity and Accountability with Netskope DEM
                https://www.truthinit.com/index.php/channel/1846/reclaim-network-clarity-and-accountability-with-netskope-dem/
              • 03/26/2026
                05:00 AM
                03/26/2026
                ITDR as an Integral Component of Critical Security Architecture
                https://www.truthinit.com/index.php/channel/1863/itdr-as-an-integral-component-of-critical-security-architecture/
              • 03/26/2026
                01:00 PM
                03/26/2026
                HUMAN Dialogue: Transforming City-Scale Cyber Resilience through AI Innovations
                https://www.truthinit.com/index.php/channel/1835/human-dialogue-transforming-city-scale-cyber-resilience-through-ai-innovations/
              • 03/26/2026
                01:00 PM
                03/26/2026
                Making GPUs Available On Demand (Without Breaking the Budget)
                https://www.truthinit.com/index.php/channel/1858/making-gpus-available-on-demand-without-breaking-the-budget/
              • 04/08/2026
                01:00 PM
                04/08/2026
                Managing Configuration at Scale Across Group Policy and Intune
                https://www.truthinit.com/index.php/channel/1865/managing-configuration-at-scale-across-group-policy-and-intune/

              Upcoming Events

              • Apr
                08

                Managing Configuration at Scale Across Group Policy and Intune

                04/08/202601:00 PM ET
                • Mar
                  26

                  HUMAN Dialogue: Transforming City-Scale Cyber Resilience through AI Innovations

                  03/26/202601:00 PM ET
                  • Mar
                    26

                    Making GPUs Available On Demand (Without Breaking the Budget)

                    03/26/202601:00 PM ET
                    • Mar
                      26

                      ITDR as an Integral Component of Critical Security Architecture

                      03/26/202605:00 AM ET
                      • Mar
                        26

                        Reclaim Network Clarity and Accountability with Netskope DEM

                        03/26/202601:00 AM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version