Information technology and security

Where IT and security report in to

• “As an IT manager myself, I have reported to CTOs (10 employee startup many years ago), and COO and then later CFO (300 employee non-software company)”

• “Our IT currently reports in through our centralized strategy & ops function, before that it was through the CISO who reports to head of Eng, before that I think it was somewhere in G&A”

• ”(~150 employees, ~20m ARR): IT & Security -> VP of Engineering worked fine, put both functions along side cloud engineering. I liked a lot of the outcomes that drove.”

• ”(~1000 employees, Buttloads of ARR): IT & Security -> Legal / COO (TERRIBLE IDEA, slowest, most bureaucratic teams I ever encountered. Also, successfully navigated the business through highly regulated customers and FEDRAMP)”

• ”(~150 employees, ~40m ARR): IT -> COO - Works fine. It’s a tiny team supplemented with Upwork.”

• “Security -> CTO. Security handles SOC, Pentests, design review, and supports GTM, including pre-sales and marketing material. At some point I may move IT under Security.”

• “(120 people) IT & Security -> VP of Engineering. Worked well.”