In Depth
Evolution of the CSO
From incident reaction to proactive risk assessment, the CSO role has evolved dramatically. Next stop: new services and business operations intelligence.
By Joan Goodchild, Senior Editor
The CSO of the Future
To project future developments in the CSO role, it's again useful to look a bit deeper at the CIO position, arguably the most recent to make a transformation from corporate support player to a more elevated executive spot. (Though not the first; recall that CFOs, before they became strategists focused on shareholder value, were simply accountants.) The challenge for CSOs, says Saffo, is to find ways to demonstrate their effectiveness beyond their core protective mission. He believes going to the next step will require CSOs to do what CIOs have managed to do over the last decade. That is, move from a support/infrastructure role, to a central role in enhancing productivity and effectiveness around a company's core mission.
That is the hope of Beth Cannon, CSO with Thomas Weisel Partners, an investment bank and broker-dealer based in San Francisco. Cannon has been with the company from its beginning in 1999, taking on the CSO role in 2004. Prior to her promotion, she was responsible for engineering and infrastructure that included the operations of the server and the network side of things.
"I had always had some level of security under me related to compliance and the network," she says. "When regulations started increasing, the CIO said, 'I think we need someone to focus on these things.' That's how my role was born in company."
In five years, the role has clearly changed, says Cannon. The company began doing international business, and Cannon then had to learn about compliance rules in several other nations in addition to the United States. The company also went public in 2006.
"Initially the job was very operational and infosec-focused in the respect that we had to get our patching stuff up to date, our network activity logged," she says. "We had to get several things in place in order to have a better handle on what was going on outside of the network."
Now, according to Cannon, she feels that many of the protective measures she put in place at the start of her tenure have become operational. Things that had to be taken care of in the beginning are just business as usual now. That has given her a chance to put more time into finding ways for security not only to protect, but also to add value to the organization. A primary focus now is business continuity, she says. The recent swirl of concern around the swine flu pandemic helped bring the issue to the top of mind for executives.
cso
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
- IDC White Paper: CCM for IT Compliance and Risk Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
