Blog post

Product Security Officer : Product Managers the Time is Now to Capitalize on Security

By Barika Pace | July 15, 2020 | 0 Comments

By the end of 2023, 40% of the top 100 technology and service providers by revenue will adopt the role of product security officer, up from 10% today.


Too often security requirements are narrowly defined by secure by design imperatives, relegated to product development. Unfortunately, this narrow definition leads to re-work, product liability cost, and a reactive approach to responding to security risk that can damage your company’s brand. Unaddressed concerns can lead to project cancellations or additional investments, by buyers or vendors, required to complete projects. As a result, product managers are starting to look for ways to bring in deeper security (and privacy, in some cases) expertise into their senior leadership teams. In doing so, they are looking to mitigate risk and demonstrate a new focus on security to customers.  In addition, the recent pandemic (COVID-19) has seen an uptick in cyber-security incidents, fraud, and  privacy woes that have end-users rethinking security, privacy, access and business continuity.   Now is the time for technology providers to press the accelerator switch on security and privacy as a product strategy imperative, but few product leaders have the expertise in-house that is needed to capitalize on this demand.

A small number of vendors — including Apple, Microsoft and Philips — have already invested in creating a PSO within parts of their product organizations, but this role is by no means widespread among technology providers. Gartner has observed that the positions created so far are very much aligned to specific single products within vendors; the positions are not at a product portfolio level.
We propose product managers — especially those with aims related to a security narrative — should consider appointing a senior PSO, and we outline the responsibilities for this role within the product organization.

In the current climate, we have seen extra spending on security by end users to mitigate risk associated with digital transformation. Adoption of emerging security technologies requires strategic focus on product launch and planning. Thus, capitalizing on security requires greater focus by product management, as the new environment goes beyond secure by design or extends beyond the mission of product development. Today, one-third of end-users say they have abandoned a project due to technical and security risk. Technology providers must consider the PSO role to address risk, capitalize on emerging security technology and strengthen their brand’s trust story.

There are numerous benefits for adopting this role:

The PSO core responsibilities are listed below — and the role should be a central player in product strategy:
  • Leads the continuous development and cultivation of product security and privacy vision, including the strategy for product security as part of an organization’s product planning process.
  • Accountable for working cross-functionality to drive the implementation of that vision into product development and product life cycle management.
  • Defines security requirements, risk profiles and input into all new feature development.
  • Drives the product’s trust storyline, acts as a thought leader, and leverages security and privacy as differentiators to disrupt the marketplace.
  • Captures voice of the customer (VoC), and prioritizes security and privacy product roadmap features.
  • Responsible for compliance, customer requirements, an eye toward future laws that may disrupt the landscape and company policies.
  • Leverages emerging security and privacy technology to transform product strategy


Product managers focused on product leadership to innovate and mature their product must:
  • Capitalize on customer security requirements by going beyond product development imperatives of “secure by design,” and contemplate the PSO to redefine security as part of the product strategy and planning organization.
  • Evaluate the suitability of a PSO role by assessing the need against the organizational aspirations to turn security into a strategic product themestrengthen security posture, demonstrate security in product design or utilize emerging security technology.
  • Build stakeholder buy-in by using cost, value or risk associated with third-party security and privacy assessments, and customer security requirements to justify investment in hiring a PSO.

Recommended Reading

Product Manager Insight: The Emergence of the Product Security Officer

Product Manager Insight: Improving Situational Awareness for Nonexpert Users With AI

Emerging Technologies and Trends Impact Radar

Emerging Technology Analysis: Act Now on Quantum-Safe Encryption or Risk Losing Deals

Comments are closed