The CISO’s Playbook: How Trust Makes Security a Business Growth Engine

Today's customers don’t just want a product that works. They want to trust the company behind it.

For Erik Bloch, vice president of information security at Illumio, that’s exactly where cybersecurity comes in.

Under Erik’s leadership, security has become a frontline business enabler at Illumio. It’s a key part of how Illumio earns trust, closes deals, and builds lasting customer relationships. Security doesn't just protect the business. It helps the business grow.

In this new installment of The CISO’s Playbook series, I sat down with Erik to understand how security leaders can reframe their strategies to support business growth, scale, and customer confidence in their organization.

Trust is the new security perimeter

If you're running a security team at a growing company, you already know this: security is make or break for sales.

As Erik put it, “If we didn’t have our SOC 2, our ISO 27001, our PCI — if we couldn’t answer all our customers' questions — we wouldn’t be able to do business.”

Certifications and security posture aren’t just about compliance. They’re table stakes for growth.

And they show up everywhere, from RFPs and legal reviews to onboarding questionnaires.

“On pretty much every single deal that comes through, security is part of the sales cycle,” Erik says.

In this environment, security becomes a growth function. It’s what clears the path to revenue. “We unlock those doors so the business can continue doing business,” Erik explained.

Why security leaders need to speak the language of business

Erik’s most important advice for security leaders is to be able to move fluently between security and business objectives.

“If I go to the CEO and say, ‘My SOC handled 2,000 alerts last month,’ he’s going to say, ‘Why are you telling me this?’” Erik explained. “But if I say, ‘We’re at risk of not being able to onboard half the deals in the pipeline next quarter,’ now I’ve got his attention.”

That shift from security speak to business impact is critical.

Executives don’t want tooling names or tactical metrics. They want clarity. They want to know, Are we going to hit our goals? And if not, what’s in the way?

“It’s about arming them with just enough information to ask the next question or make the next decision,” Erik says. “If they’re confused or asking me to back up and explain again, I haven’t done my job.”

Build trust from the inside out

Erik’s team is responsible for securing the internal environment of Illumio and its product. Those efforts reinforce each other.

One part of his team focuses on day-to-day operations, alerts, and incidents. Another is embedded with engineering to ensure secure code, review new features before release, and guide product decisions.

“We’re involved early,” said Erik. “It’s the old adage: measure twice, cut once. If we secure it up front, we’ll have fewer problems later.”

They also use Illumio products internally. Erik’s team can provide feedback to product teams and reassurance to customers.

“You can’t say, ‘We don’t use our own product,’” said Erik. “That’s a trust killer.”

Erik's 3 pillars of a trust-centric security strategy

Erik organizes his strategy around three pillars all tied to one north star: building trust.

1. Secure the business. Maintain strong day-to-day security practices and meet foundational compliance requirements. ‍
2. Support sales and scale. Ensure the security team doesn’t become a bottleneck as the company grows. “Onboarding new customers shouldn’t become a drag,” Erik says. “We have to keep pace with the business.” ‍
3. Use what you sell. Deploy Illumio internally and share those experiences with customers. “We’re validating the product and helping the field teams explain its value,” he said.

These initiatives are mutually reinforcing.

“If I wasn’t doing the basics, I couldn’t get the certifications. If I didn’t have the certifications, we couldn’t close deals. And if we weren’t using our product, we couldn’t earn customer trust,” Erik explained.

Simplify first, automate second — with visibility that drives action

Scaling trust starts with seeing what’s actually happening. For Erik, that means always moving towards more centralized visibility of the network.

That’s where Illumio Insights has come in.

Insights delivers a central place where security data flows in, alerts get prioritized, and action becomes clear without the noise.

“Insights is helping us get to the point where we can drive more productivity,” said Erik. “I don’t want to live in 15 different consoles. I want prioritized issues I can take action on, and I want it all in one place.”

He’s not alone. Security teams everywhere are overwhelmed with alerts and disconnected tools. The more complexity, the harder it is to earn trust or prove impact.  

Solutions like Insights are changing that by delivering real-time visibility, risk context, and actionable recommendations from a single platform.

“It’s helping me and my team measure impact and make better decisions faster,” he said.

Why trust matters now more than ever

In today’s threat landscape, every company is under pressure to move faster, adopt new technologies, and scale operations. This is all while navigating tighter budgets and rising expectations from customers, boards, and regulators.

In that environment, security leaders can’t afford to operate in silos or speak a different language than the business.

What’s needed is a security program that earns trust, communicates clearly, simplifies operations, and accelerates business outcomes.

“Everything we do is about trust,” Erik says. “Security is trust.”

CISOs who lead with trust will be the ones who help their organizations grow and thrive in the years ahead.

Want to reduce risk, simplify decision-making, and build trust that grows the business? Start your Illumio Insights free trial today.