Opinion

Career Advisor: Do You Have What It Takes to Be a Converged CSO?

Who is the better choice to lead a newly converged organization--someone with more experience in information security or in physical security? A recruiter describes how three of his clients recently answered that question.

By Jeff Snyder

February 19, 2008CSO — When companies decide to combine logical and physical security, one of the first challenges they face is finding a leader who has been exposed to both information security and physical security. Someone has to be put in place to create change. Who is this person? What is his skill set? Where can she be found? Does he or she actually exist?

I speak with both information security and physical security professionals every day, and when the conversation turns to who is best equipped to lead a converged security operation, I hear many opposing opinions. Usually, the opinion of the person to whom I’m speaking has a lot to do with his or her experience. Whose point of view is correct? I don’t know for sure, but I can tell you about the conclusions reached by three companies that have recently contacted me for assistance in their search for a converged security leader. No opinions to share here, just facts.

Example #1: At one global company, the newly hired executive will have responsibility over information security, physical security, facilities security, business continuity, global supply chain security, brand and reputation protection, and all the facets of risk management that could be wrapped around the aforementioned topics. Nobody I spoke with possessed expertise in every topic. My client interviewed the top three CSO-tracked and top three CISO-tracked candidates I surfaced, each of whom had some exposure to each topic. After phone interviews, only the top three CISO-tracked professionals were invited in for face-to-face interviews. Each of these business-savvy professionals were technically sound, had significant exposure to physical-security issues and were each outstanding communicators and leaders.

Example #2: A 90-year-old global company that is used to dealing with physical security issues has recently experienced a change in its business model, causing the business to become more and more digitally driven. The company is creating a VP-level security role, and believes that 60 to 70 percent of the new VP’s responsibility will be the protection of electronic assets, while the remaining part of his or her job will be a mix of blended issues such as access controls and fraud detection/prevention, along with many purely physical issues. The search team has concluded that the most desirable candidate to address these needs will come from a strong information-security and risk-management background and will have some exposure to physical-security issues.

Example #3: Another global company recently discussed with me their plans

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Maximizing Site Visitor Trust Using Extended Validation SSL

VeriSignNow with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.

» Read the Paper

Featured Sponsors
Sponsored Links

Manage your IT more effectively

Secure your virtual and physical environments with the same software

Simplify your data center with Juniper Networks. View the webcast

How Are Open Source Development Communities Embracing Security Best Practices?

IDC Defines an Identity and Access Management Submarket

Using Likewise to Comply with PCI Data Security Standard

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Enabling Compliance with Converged Mainframe Security and Storage

Managing SSL Security in Multi-Server Environments

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Get in Compliance With Government Data Regulations

Taking the Botnet Threat Seriously

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

Efficient - Flexible - Compliant

Any company can promise identity protection. Only Debix can prove it

Envision Identity-Based Access Control for the Datacenter

Digital Identity Protection and Data Security Get Personal

Welcome to the age of Service-Oriented Security (SOS)

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

The Case for Business Software Assurance ~ Securing Your Applications

Maximizing Site Visitor Trust Using Extended Validation SSL

Solving Online Credit Fraud Using Device Reputation

Understanding Data Location is Imperative for Data Loss Prevention

5 Steps to Secure Outsourced Application Development