In Depth

Leadership Lessons: CSO Compass Awards 2008

Three of the six 2008 CSO Compass Award winners - Ed Amoroso, Ron Baklarz and Renee Guttmann - share takeaways drawn from diverse backgrounds

By Mary Brandel

Ron Baklarz
Director of Information Systems Security, MedStar Health Information Systems

"The single most significant factor is to understand your organization's culture. For example, in the military sector, implementing security is much easier since it is ingrained in the culture. When you try the same approach in private sectors such as financial industries or health care, it is a much more difficult endeavor. Implementing security at the U.S. House of Representatives was particularly challenging, since it was equivalent to working with 435 CEOs.

Ron Baklarz

"In any industry, my approach to implementing security has been to:

• Keep an even keel. In many cases, it doesn't help to get too emotional especially when trying to implement security programs in an immature environment. Changing culture takes time.
• Be consistent. Users will constantly test you and your security program, so it is important to apply security in a consistent manner. Consistency sends a good, solid security message rather than a waffling one.
• Educate and communicate. Often, users may not like the security controls you are implementing, but if they are aware and educated, at least they may appreciate and understand what you are trying to accomplish."

In his 20-plus years in the information security field, Ron Baklarz (CISSP, CISA, CISM, IAM, IEM) has developed information security programs for the Naval Nuclear Program, the U.S. House of Representatives, the American Red Cross and MedStar Health, where he is currently the HIPAA Security Officer. He has also led incident-response and monitoring teams for a variety of industries, including government, insurance, health care and Big Five consulting firms.

Baklarz's security expertise spans policy development, incident handling and response, network intrusion detection, antivirus and network perimeter protections, cyber-related fraud investigations and computer forensics.

Baklarz holds a MS degree in information science and a Certificate of Advanced Study in telecommunications, both from the University of Pittsburgh, and is currently an adjunct professor at the University of Virginia. He writes articles and books, including The Art of Information Warfare.

"Over the course of my career I have had to learn to work with many different kinds of people, including some who are directly confrontational. I was fortunate that the company helped me get a coach who recommended the book Crucial Conversations: Tools for Talking When Stakes Are High. It talks about working toward a common outcome and showing we care about each other's goals.

Renee Guttmann

I started to embrace difficult and challenging people. A lot of times they have great ideas but don't know how to communicate them. Now, I seek out the rock throwers. They've often saved my bacon. I learned to recognize that they aren't challenging me; they are challenging my role. It isn't personal. That realization helped me to listen to the ideas they are trying to get across. We're in this together; we want the same outcome."

• Email
• Print
• Comments
• Digg This
• SlashDot