Career Advisor: Do You Have What It Takes to Be a Converged CSO?
Who is the better choice to lead a newly converged organization--someone with more experience in information security or in physical security? A recruiter describes how three of his clients recently answered that question.
By Jeff Snyder
February 19, 2008
—
CSO
—
When companies decide to combine logical and physical security, one of the first challenges they face is finding a leader who has been exposed to both information security and physical security. Someone has to be put in place to create change. Who is this person? What is his skill set? Where can she be found? Does he or she actually exist?
I speak with both information security and physical security professionals every day, and when the conversation turns to who is best equipped to lead a converged security operation, I hear many opposing opinions. Usually, the opinion of the person to whom I’m speaking has a lot to do with his or her experience. Whose point of view is correct? I don’t know for sure, but I can tell you about the conclusions reached by three companies that have recently contacted me for assistance in their search for a converged security leader. No opinions to share here, just facts.
Example #1: At one global company, the newly hired executive will have responsibility over information security, physical security, facilities security, business continuity, global supply chain security, brand and reputation protection, and all the facets of risk management that could be wrapped around the aforementioned topics. Nobody I spoke with possessed expertise in every topic. My client interviewed the top three CSO-tracked and top three CISO-tracked candidates I surfaced, each of whom had some exposure to each topic. After phone interviews, only the top three CISO-tracked professionals were invited in for face-to-face interviews. Each of these business-savvy professionals were technically sound, had significant exposure to physical-security issues and were each outstanding communicators and leaders.
Example #2: A 90-year-old global company that is used to dealing with physical security issues has recently experienced a change in its business model, causing the business to become more and more digitally driven. The company is creating a VP-level security role, and believes that 60 to 70 percent of the new VP’s responsibility will be the protection of electronic assets, while the remaining part of his or her job will be a mix of blended issues such as access controls and fraud detection/prevention, along with many purely physical issues. The search team has concluded that the most desirable candidate to address these needs will come from a strong information-security and risk-management background and will have some exposure to physical-security issues.
Example #3: Another global company recently discussed with me their plans to replace a retiring physical-security-focused CSO. Their intention is to hire someone with an 80-percent information-security CISO skill set.
ESSENTIAL READING
How to hire, manage and retain security professionals, build a team and next-generation leaders, and keep your own security job / career rewarding and successful
CSOonline's security job board - free
Looking for the right candidate? Want a new position yourself? CSO's job board is the place to go.
CSO resumes: 5 tips to make yours shine
Establish your brand, highlight business accomplishments, and more (Insider registration required)
Making a security career (not just a job)
6 steps to security success for young upstarts
How to recruit and retain the best young employees
The security recruiter directory
- Balancing Increasing Security Requirements with Decreasing Budgets
- Gain Control of the New Threat Landscape
- Securing Your BYOD Strategy: Cisco Secure Mobility Solutions
- Securing Your BYOD Strategy: Cisco Secure Mobility Solutions
- Introduction to VMware vCenter Site Recovery Manager 5
- Reliable Disaster Protection with VMware vCenter Site Recovery Manager
- Overcome Top 7 Admin Challenges of Active Directory
- X-Ray of the PCI Process-4 Proactive Steps
- Beyond SFTP: Five Ways Secure Managed File Transfer Can Improve Your Business
- Secure Managed File Transfer: Bringing Coherence & Control to Compliance
- The TCO of FTP: Hidden Costs of "Free" File Sharing
- Streamline, Speed and Secure the Supply Chain with Managed File Transfer
- Patch Tuesday preview, February 2012
Microsoft published its Patch Tuesday Preview for February of 2012 a few minutes ago. IT admins can expect nine bulletins to address 21 security vulnerabilities.
It looks like four bulletins will be rated critical while the rest are designated as important.
Affected Microsoft products are:
- M86 report proves water is wet
- Actor, banker, soldier, spy: Suits and Spooks Anti-Conference aims to redefine security
More Salted Hash with Bill Brenner
