Misaligned, Not Opposed
Most of the hardest problems I’ve worked weren’t technical. They were standoffs between people who all wanted something reasonable and couldn’t get out of each other’s way. A corporate standard lands in a business unit. The business unit pushes back. Corporate digs in. From the outside it looks like a fight. It almost never is.
The parties in that standoff are not opposed. Their interests are misaligned — which is a different thing, and a far more workable one. Opposed interests are a contest; someone has to lose. Misaligned interests just need someone to translate. That translation is the whole job of a business security partner, and it’s worth being precise about how it works, because the instinct most people bring to it is the wrong one.
Three parties, each partly right
Picture the three parties around a single security requirement.
Corporate is big, and it owns the edict. The standard exists for a real reason — risk that’s genuine, consistency that matters across the whole company. Corporate’s fear is that the business unit goes its own way and quietly carries risk nobody signed off on.
The business unit’s leadership is smaller, and it owns outcomes. It needs the flexibility to deliver what the business requires. Its fear is being slowed by edicts that feel like injections from people who have never had to ship what it ships.
And inside the business unit, engineering owns the how. They are closest to the work, and they carry a quiet conviction that without them doing things their way, nothing would get built at all.
Here’s the part worth sitting with: each of them is partly right. The tension between them is legitimate. At a high altitude it’s even healthy — corporate should hold a line, the business should press for room to move. The trouble is entirely practical. That same tension is exactly where the work stops.
Left alone, it curdles into three grievances, all true at once. The business feels un-enabled, because edicts keep landing on it. Corporate feels the partner has gone rogue and won’t just do things right. Engineering feels unseen, because no one upstream understands what it takes to deliver. Three parties, three resentments, one stalled requirement. The mistake is to treat this as a problem of authority — to decide someone simply needs to win. Authority is what you reach for when you’ve run out of translation.
The move runs both ways
The partner’s job is to translate, and the surprising part is that it runs in two directions at once. Most people manage only one. They either carry the edict down and enforce it, or they go win the trust of the team and quietly let the standard slide. Done alone, the first makes you a messenger and the second makes you a defector. Done together, in order, they’re the whole craft.
Start by treating the customer’s leadership as the top. Inside the business unit, I operate as if BU leadership were the big organization — because for the work in front of us, they are. That re-centers authority where the work lives, and it earns the standing to do anything else.
Then align the business unit with itself, in both directions simultaneously. Carry leadership’s support downward, so the team knows this is real and backed. Work with engineering upward, to gather the real requirements and the honest constraints on how any edict can be met. The goal is a business unit that holds one coherent position instead of three competing ones.
That internal alignment is what unlocks the next layer. A business unit aligned with itself can finally align with corporate, because now you’re negotiating from a coherent place rather than a fractured one — and the ground truth you gathered from the bottom is exactly what makes the standard from the top implementable.
Here’s where it pays off: the edict itself can change. Because the partner weighed in with what’s true on the ground, the standard is now free to be right-sized. It comes out the other side with buy-in, and with confidence that it’s the right measure for the business on every end. Compliance was never the prize. A better, supported standard is.
Keeping your balance
The seat only works if you hold two instincts in tension, and it’s easy to tip off either side.
Smallness is leverage. The partner’s seat is small on purpose. Proximity to the work and to the customer — not positional power — is what makes the translation possible in the first place. You trade authority for closeness, and closeness is the more useful currency here.
But that same closeness is the danger. Get too embedded in the business unit and you stop translating for it and start advocating for it — the tail begins to wag the dog, and risk creeps in and gets accepted at the wrong level of the organization. This is organizational capture. I first came to the idea through red-team thinking — Micah Zenko’s Red Team among the influences — where the discipline is to stay outside and objective while inside and aware. I’ve done enough red-team work to know that pull firsthand. The way to stay balanced is to stay anchored to the ultimate authority, even while you sit close to the customer. You serve the customer best by never being absorbed into them.
Through all of it, you don’t pick a side. The partner’s loyalty is to the translation, not to corporate and not to the business unit. That’s what lets all three parties trust the result — because the result belongs to none of them alone.
A negotiation, not a contest
So it is a negotiation, but not the kind people brace for. Not disinterested parties, and not opposing ones. Just interests that aren’t yet aligned, held by people who are each right about something and waiting, usually without knowing it, for someone to make them legible to one another. Do that well and nobody loses the contest, because there was never a contest to lose. There was a translation — and a standard that got better for having gone through it.