Security leaders today are facing attacks on more fronts than ever before. As the threat landscape continues to broaden, many companies are moving toward a more unified defense strategy by bringing cyber and physical security together into a single, converged organization.

In the latest episode of Cyber at the Top, a new podcast from RSAC where I interview CISOs and security leaders from leading organizations, I had the opportunity to speak with John Scimone, Chief Security Officer at Dell Technologies. Our conversation explored Dell’s journey toward a converged security organization, the benefits it's delivered to the company, and what other leaders can learn from their experience.

Cybersecurity Leaders Are Taking on Physical Security

If we rewind the clock ten years, the overlap between cyber and physical security was minimal. At RSAC Conference, we would occasionally add a few sessions focused on physical security, and only a handful of people would attend. The reverse was also true. When I visited physical security conferences, cybersecurity barely made it onto the agenda.The world has changed, and the convergence of cyber and physicalsecurity is becoming more prevalent.According to IANS Research and Artico Search 2025 State of the CISO Report, 25-50% of CISOs today also have functions such as physical security, privacy, and fraud in their remit.

Dell Technologies may be an early adopter, but we’re seeing growing convergence across industries for two key reasons. First, the nature of threats themselves has evolved. As Scimone put it, “It’s rare that you see physical or digital crimes happening without some evidence in the other domain.” Physical crimes increasingly rely on digital systems and data, while cyber incidents often leave physical footprints behind. Second, the role of the CISO is expanding. As cybersecurity has moved into the spotlight, CISOs are spending more time with executive leadership and boards. With that increased visibility and trust often comes a broader mandate. Leaders who demonstrate strong judgment and execution are being asked to take on additional responsibility, including physical security.

The Organizational Benefits of Convergence

 Bringing cyber and physical security together delivers real, tangible business benefits to the organization. In talking to Scimone, I learned some very interesting and positive outcomes that Dell has experienced since shifting to a unified approach to security. A converged model streamlines communication and accelerates decision-making. Leadership hears from a single, credible voice internally and externally, rather than navigating multiple perspectives. There are often financial efficiencies as well, particularly when both teams work with overlapping vendors or technologies.From a risk management standpoint, convergence creates clarity and accountability. When one leader owns the full spectrum of security risk, gaps are easier to identify and address.

At Dell, this convergence shows up operationally. Cyber and physical security share an integrated operations and intelligence model, with unified processes for investigations and incident response. Teams analyze multiple data sets together, work from joint priorities, and align on strategy, recognition, and outcomes. As Scimone described it, “It’s one team, one mission, and a way of doing business across both domains.”

There are also less obvious, but equally powerful advantages that Scimone pointed out, which I found fascinating. For example, physical security teams often have different relationships within the business, including closer connections to leadership around personal safety, facilities, and even the protection of employees’ families. Those relationships create additional touchpoints and insights that cybersecurity teams can learn from and leverage.

Taking the First Steps to Building a Converged Security Organization

Of course, any amount of organizational change can be difficult, especially in large enterprises where cyber and physical security have historically lived in very different worlds. As Scimone noted, physical security practitioners sometimes view cyber as the “dark arts,” while cybersecurity professionals may be less inclined to engage face-to-face or operate outside their digital comfort zone. Successful change leadership requires demystifying both sides.

There’s no universal playbook for convergence, but there is a common starting point: taking the first step. CISOs need to evaluate what’s best for the organization, customers, and teams and then act. Practically speaking, that means building a clear business case, identifying low-hanging fruit, and securing executive buy-in. Don’t be afraid to start small. Partner with trusted leaders at the middle-management level. Demonstrate success, then build on it. Over time, momentum grows, and the benefits compound.

The decision to shift to a converged security organization can lead to aligning leadership, operations, and strategy with the complicated realities of today’s threat landscape. And for many organizations, that journey begins simply by deciding to start.

We covered more details in the podcast episode, including other areas—likefraud—that are starting to fall under the CISO’s remit. If your organization is considering a shift to converging cyber and physical security or if you’re a cyber leader looking to expand your role, I encourage you to listen to the full episode or watch the video to hear more.