Listening In

What's more interesting than smart people talking to each other?

. What's this?

By

March 05, 2010CSO

Any field that's dominated by its product and service vendors is an immature field.

Products can typically solve a narrow problem, but if you lead the security function at a large organization, narrow problems are rare. Problems are connected to other problems and surrounded by all the fun issues of ownership and stewardship and cooperation and accounting that make our lives rich and rewarding. (You may detect a tiny hint of sarcasm here, although it's mixed with a larger portion of sincerity.)

Think of IT...er, management information systems...er, data processing back when it was all Big Blue over SNA. Costs were high and innovation was relatively slow. When the CIO voice became prominent—a business person running the IT shop based on the needs of the business, not the availability of whatever the vendors decided to put out—that's when IT started to enable and contribute to systemic change and improvement.

Also see What is a CSO, Part Two


That's why the primary point of view in this publication is that of the CSO, rather than that of the vendors. It's why we focus more on challenges at the business-process level than at the level of narrow security problems. We are less likely to write about a particularly nifty door lock—useful though it may be—and more inclined to look at the challenge of keeping track of all your keys, and how you might pair other procedures with that key management process, all in the service of the larger goal of letting the right people in and keeping other people out. And we aim to primarily source those articles by talking to security leaders.

Nevertheless, not all the smart people in security are CSOs.

In this [March] issue, we feature a conversation between two smart people who aren't CSOs.

Andrew Jaquith works for Forrester. Adam Shostack works at Microsoft. Eavesdropping on them on via their books and blogs and Twitter streams, it's clear these are two professionals with strong views about metrics and processes and "best" practices and many of the macro-challenges that CSOs face.

So we gave them a microphone and got out of their way.

I very much like this model of listening in while smart people talk to each other. One of the skills of a good journalist is the ability to shut up and listen. We've taken this approach before, sometimes with a CSO picking the brain of an expert from some other domain. For example, see former Cardinal Health CSO John Hartmann's interview with author and management guru Patrick Lencioni and former Boston Scientific CSO Lynn Mattice's discussion with Ram Chara.

Who else would you like to hear from—whether CSO, vendor, author or something else entirely? E-mail your suggestions to dslater@cxo.com.

Read more about data protection in CSOonline's Data Protection section.

Other stories by Derek Slater

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER