The 2006 Compass Awards Winners

The experiences of CSO Compass Awards honorees

The ability to step out of one's comfort zone and convince others to do the same is a rare leadership quality, but it's one that each of this year's CSO Compass Award honorees has in spades. Each of these leaders understands that convergence is about creating communication and cooperation, whether it is between security peers, security personnel and their business units, or a government and its partners in industry. We asked each honoree to recount their experiences, and to share what a converged security function looks like.

Timothy Williams

Chief Security Officer, Nortel

Why chosen: Since 1990, Williams has led a converged security department with global responsibility for Nortel's computer and telecom system security, as well as risk assessment, crisis management, security-related investigations and employee protection. As an author, speaker and member of the ASIS International board of directors, he has been an ardent advocate of the need for better integration between security departments and the businesses they serve.

Turning point: Earning his MBA. He applied some of his new business skills to some nagging problems in risk, strategy and process management, making the case for a converged security department. As people started to agree on process ownership and cross-functional responsibilities, the direction of the entire security apparatus fell into alignment. "Once we had good process management and an understanding of the business risks and what we were trying to mitigate, then we started to see a break in the clouds."

Why convergence matters: "I've seen a more effective response to security issues and crises, better teamwork and a greater ability to come to the best solution for the company when we start to work together in this context. There's a lot more money saved, a lot less frustration on the security team, and we all have a better understanding of our objectives."

Dave Cullinane

CISO, Washington Mutual

Why chosen: As a CISO with both a physical security background and a CPP, Cullinane is a rare breed. As the president of the Information Systems Security Association (ISSA), he has advocated for the convergence of traditional and information security functions. On his watch, ISSA has also been very active in forging connections with ASIS International and the Information Systems Audit and Control Association (ISACA).

Turning point: "In 2004, ISACA asked me to speak at an 8 a.m. conference session on convergence. I was shocked when the room, which normally held 2,000 people, was standing room only. I realized something was going on. Afterwards, I was talking with some people from ASIS and saying we need to be doing something here. We're trying to put together some training that will allow people in the traditional security space to learn information security and vice versa."