Source: [id: 41018; name: CSO; isActive: true; siteId: 3] -- CSO -- $content.altguid

A Rogue's Gallery of Security Leaders

What makes a good CSO? Or, maybe more important, what makes a bad one? Some role models for up-and-coming CSOs to follow-or not.

By

April 01, 2004CSO — It takes all kinds, as they say, and believe me, I've seen 'em all in the past 30-plus years.

I'm talking about CSO-types. You know, the guys and gals like you and me who make a living out of measuring risk, protecting data and securing the enterprise. You've heard all the clichés before. Our personality types become cliché as well. Remember Wilfred Brimley in The Firm? A wholesome, ethics-laden pillar of the corporate community, he made a great poster child for Sarbanes-Oxley.

And then there are the yahoos who keep the security role in the blue-collar ranks. The B-school executives see these security types and roll out the pigeonholes, while some CEO cop buffs think that hiring their local federal agent-in-charge is the answer to modern security risk management. I can't say that I blame them, though. It's easy to create the stereotypes that inundate this profession.

Where are the role models for businesses to follow when trying to establish the CSO position? And more to the point, who are the role models for our own up-and-coming CSOs to follow? Other Chief Whatever Officers seem to understand their own profiles. What's wrong with us?

Maybe, in part, it's because the CSO title is a relatively new idea. As a result, we don't have a lot of experience on which to draw.

Maybe, just maybe, the profession has some spring cleaning to do. If we truly want to help promote the value of the good CSOs, we're going to have to cultivate some of the bad seeds:

The Chief Sympathy Officer This whiner complains to anyone who will listen that he "doesn't get no respect." It's true, but is it any wonder why? He doesn't know anyone in the corner office of the parking garage, let alone someone on Executive Row. As a result, his department gets handed every menial task imaginable.

The Knuckle-Dragger This CSO is intellectually uninspired and wonders aloud how some of his counterparts in other local companies "do that." By "that," he means getting connected to business processes and being seen as a player in the corporate risk management scheme. He has reported to three different managers in the past three years, each time falling lower and lower in the pecking order. And no one in his company will know they're in trouble until something hits the fan.

Mr. Spandex This guy is right out of central casting. He's the sleazeball who got canned at a prior security gig for planting cameras in the women's locker room in the company exercise facility. Tanned and fit, he dresses to the nines and starts every sentence with the word "I." And if you dare to call him after hours in the event of an emergency, you have to yell to be heard over the bar crowd.

RESOURCE CENTER