Home » Security Leadership » Career/Staffing

Three Ways to Keep the Dream Alive

Career getting too predictable? We profile three security execs who found ways to keep their jobs exciting and their careers moving forward.

Hamrick was disillusioned enough that in 2003 he took the job of client leader at the GE consumer and industrial systems division, a move that allowed him to interact with users. But soon after, Hamrick received a most intriguing call from another of GE's states, GE Healthcare.

Healthcare wanted Hamrick, 37, to be their new CISO. Having abandoned a similar job out of frustration, Hamrick was reluctant. But then Healthcare put something on the table that intrigued him. "They told me they wanted me to spend time with product engineers," he says.

GE, it turns out, had decided it was time to turn technology away from cost-center activities and refocus it on revenue-generating opportunities. The medical technology GE Healthcare makes&mdashheart monitors, ultrasound, DNA and genomic diagnostic equipment&mdashneeds security just like e-mail servers do, and sometimes it needs more security due to FDA rules. Hamrick saw the chance to have a big impact on the business, "but I told them it was important they let me define how the role would interact with product engineers and sales." They agreed. He said he'd spend about 50 percent of his time on the revenue-generating part of the job. They said, in so many words, Go nuts.

"Now I get to spend half my time increasing the bottom line," Hamrick says, still with a bit of wonder. "I mean, think of the reach I can have now. I can help us build better products. Better products are easier to sell. Easier to use. It definitely energized me."

Hamrick's job was a dream again.

His first task upon taking the job was to reorganize information security and the CISO position to focus on product development as much as operations, and he started with a broad stroke. "The first thing we did was divest our operational security resources and move them into the network [IT] teams," he says. The operational security team of more than 2 dozen reports into the IT department and has a dotted-line relationship to Hamrick. The strategic team is much smaller&mdashfour people&mdashand reports directly to Hamrick.

This is how the team works: The strategic team comes up with a plan to ameliorate a security issue&mdashlast year, for example, the group devised a method to distribute vulnerability patches. With the operations group handling the internal security tasks, Hamrick's free to work with sales staff and product managers on product security and development. He develops risk-based strategies for adding security to products, and he even gets to work with customers who have specific security issues or concerns. This is the part of the job Hamrick loves.