In Depth

Sharon O'Bryan: Called to Account

Some security executives see protecting their company's assets as a way to earn a living. ABN Amro's Sharon O'Bryan sees it as her mission.

By Simone Kaplan

February 01, 2003 — CSO — You're in good hands with Sharon O'Bryan.

That may sound like an advertising slogan or a political promise, but O'Bryan isn't campaigning for anything. She's the senior vice president and chief information security officer for Dutch banking giant ABN Amro's North American division, and she loves her job. To her, protecting her clients' cash and sensitive information is much more than a way to earn a paycheck. It's a calling.

"Security is so intrinsic to what we do for our clients," she says, her voice filled with conviction. "This is people's livelihood that I'm protecting. It's their ability to send their children to college, to pay for their daughters' weddings. It's a very big deal."

O'Bryan is passionate about security. She is also very honest about the challenges of being a CISO. Professionally, like many of her peers, O'Bryan faces a continually changing landscape that requires deft strategic planning and a nimble mind. On a larger scale, she must navigate the heavily regulated waters of the financial services industry, in which every action, every goal must be documented for corporate and federal auditors. She frequently visits Washington, D.C., where she represents her company on the financial services branch of Presidential Cybersecurity Adviser Richard Clarke's Critical Infrastructure Protection Board and is a major player in Bits, the technology arm of the Financial Services Roundtable, an industry lobbying group. "Staying on top of security technology and the nature of security threats, which change constantly, isn't easy," she admits. "But then, you know the saying, the only thing that's constant is change."

Considering how much she has going on, it's amazing that O'Bryan has time to talk at all. Since she joined ABN Amro four years ago (after several years as an IT auditor for two Big Five accounting consultancies), she's revamped the security architecture of her company's technology risk management group and helped her staff adjust to a global corporate reorganization. Not only that, but ABN Amro, which has 3,400 branches in 60 countries, is so active on the mergers and acquisitions front that O'Bryan is continually applying security standards to systems newly integrated into the company's network. Sometimes she feels like the company's landscape changes on a daily basis. As CISO, she's not in charge of the company's physical security arena, but she still has to make sure the two groups don't duplicate efforts in their common goal of protecting the business.

To top it all off, the CEO and the CIO of ABN Amro's North American division are both retiring, and O'Bryan doesn't know to whom she'll be reporting in the long run. Fortunately, she likes that kind of pressure.