In Depth
Evolution of the CSO
From incident reaction to proactive risk assessment, the CSO role has evolved dramatically. Next stop: new services and business operations intelligence.
By Joan Goodchild, Senior Editor
On the opening day of the expo, 3,200 demonstrators turned out in front of the hall. Their presence, according to Kent, was uneventful; exactly what he hoped for.
"Nothing happened," he says." So we got tremendous visibility for that. When bad things happen, you've got to have the ability to have a good response. Those are the things they remember."
Soon after the event, Kent was elevated to vice president of security. The promotion, he says, marked the official beginning of the security group operating under a CSO model.
A Skill Set Beyond Security
Kent's experience at Genzyme is familiar at organizations around the world that have decided to place a top security officer, a CSO or a CISO, to be the key point of responsibility for a company's security. We've seen this position increase in numbers for more than a decade now. But as it has grown, so has the expectation of organizations who are hiring CSOs. As security programs become more robust and sophisticated, so, too, do the expectations of companies who have a top security officer in place. CSOs are now expected to expand their skill set: Those with technical backgrounds must understand facets of regulation, compliance, security and risk beyond the data center. CSOs from a physical security career, such as law enforcement or the military, must also have an understanding of information systems and the threats posed to their organization's data assets beyond just the facilities they are housed in.
It is an evolution that was expected among industry analysts when the first CSO roles began appearing in corporations. Much like how the role of the CIO has changed, it was inevitable that CSOs would have the same experience.
"They, of course, share the same problem that CIOs have traditionally faced," says Paul Saffo, a Stanford University professor, forecaster and essayist with a focus on long-term technological change and its impact on business. "CIOs have been the Rodney Dangerfields of management. 'I don't get any respect,' because their work is so arcane. The other XOs never understood it, or even tried, until recently. CIOs are moving past this stage slowly, but I think the CSOs are still hitting this."
However, while corporate perception of the CSO role is still unfolding, the job has some history to it, and recruiters and hiring managers are becoming savvier about what they want in a security executive, according to Tracy Lenzner, CEO of The Lenzner Group, an executive recruitment firm specializing in security.
cso
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
- IDC White Paper: CCM for IT Compliance and Risk Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
