Security Leadership: 2007 CSO Compass Awards

This year's CSO Compass Award honorees have achieved alignment of security and business goals, through advocacy, active engagement and, in some cases, a sense of humor.

1 2 Page 2
Page 2 of 2

Lohrmann says he continues to search for ways to deliver on his promises when he meets with his state agency colleagues. "You have to look for areas where you can add value as a [security] organization and as an individual," he says. "If you can always walk away from those lunches with a little nugget, you're going to have a reason to get back together again, and it's not just a courtesy call anymore."

It was through such lunches that Lohrmann learned that his security group's reputation as naysayers to new initiatives needed a makeover. His answer: find ways to say yes, securely. His initial rejection of a wireless network access gave way to limited connectivity that satisfied users without sacrificing security standards.

Read more at CSOonline: GovSpace, Dan Lohrmann's blog

Team Player

Lisa "LJ" JohnsonCurrent position: CISO, Nike 1998–present: Nike, various security management positions

1993–1998: security manager, U.S. Bank

It has been said that you can't truly understand a person until you walk a mile in her shoes. LJ Johnson, Nike's CISO, put that adage to shame when she recently embedded herself within her company's footwear organization for a year to learn how she could help with intellectual property protection.

In 2004, Johnson took the bold step of removing herself from the security group's daily operations so that she could focus on business outreach and alignment. She moved her office across the building and shifted her attention to strategic planning, business relationship development, and security marketing and communication issues. And she got involved in activities where she would meet people from all over the company. Sports—not surprisingly—has been a great way to make connections. Johnson meets people by playing racquetball, soccer and golf and gets involved in as many volunteer opportunities as she can make time for. "You're interacting with people that you don't bump into on a regular basis, and I have formed some good business relationships," says Johnson, 45. In one leadership training class she met a woman involved in product quality and counterfeiting protection. So far, they have exchanged ideas and hope to find some ways for Johnson's group to help.

Although she acknowledges that relationship building is an organic process, there are explicit steps that security executives can take to help it along. Johnson found that asking business executives for 30-minute informational interviews can yield good results. "It's an opportunity to ask them what security services they would like to see and if there are things you could do to add more value for them," she says. "People will give you a ton of ideas." Johnson has found that most executives are open to being approached like this; they especially appreciate it when you follow up later with some action items or ideas from the talk.

Johnson's most dramatic attempt to get closer to her business customers came recently, during her yearlong experience working with the footwear organization to learn about IP protection. "It was tricky juggling my other job," she admits, "but it made such a big difference to sit next to them, to go to their staff meetings and be a part of their team." She says she found ideas for product and IP protection, and training that she might not have otherwise. It's a technique she plans to try again in the future with other divisions.

See more at CSOonline: "The Team Builder"

Open for Business

Lynn MatticeCurrent Position: VP and CSO of Boston Scientific 1992–1997: Director of Corporate Security, Whirlpool

1980–1992: Corporate director of security at Northrop Grumman

When Lynn Mattice picks up a book or magazine, chances are good he won't be reading something focused on security. The Harvard Business Review, maybe, or MIT Sloan Management Review, to stay on top of the latest business trends. The World Economic Forum's Global Competitiveness Report, to keep up to date on the global sales environment. Or one of Soundview's Executive Book Summaries, which have led him to such gems as Execution, a book about getting things done by Honeywell's CEO, Larry Bossidy, and consultant Ram Charan.

"I need to be on the leading edge of the issues that are taking place in business," says Mattice, VP and CSO of Boston Scientific, the $7.8 billion medical-supplies company based in Natick, Mass. "When I'm talking with the business community here, I need to communicate with them in the language that they communicate in. They're interested in business results."

So, while security is certainly what Mattice does—he has global responsibility for business intelligence, business continuity and a fully converged corporate security program, including information security—his focus is Boston Scientific's business.

Mattice is deeply involved with sales efforts, for instance. Boston Scientific has salespeople or distributors in more than 100 countries, so he regularly attends sales meetings, where he provides intelligence about what's going on in different parts of the world. His work includes ensuring the safety of these far-flung teams.

Mattice also helps the sales group understand common business practices in other countries and make sure that Boston Scientific isn't working with businesses that require bribes or are likely to deal in counterfeit or gray-market goods. And anytime business leaders are looking at expanding into a new geographic area, he helps them evaluate the market conditions, environment, political situation and economic risks.

"We cover a broad range of issues so that people don't go into a country blind," says Mattice, who is 53. "You need to know how the country works. It's understanding your marketplace. And the more you do along those lines to support the business, the more the business comes to you and wants to engage you. When you're providing support and information that's important to them to do their job, then you're viewed as a partner."

His overriding mantra? "This isn't rocket science. This isn't anything that's hidden behind smoke and mirrors, and it's not anything special. These are business processes. We are working to help refine the effectiveness of the company in every possible way that we can."

Read more on "Mix Masters," about surviving mergers; "Vet Your Outsourcer"

Copyright © 2007 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 hot cybersecurity trends (and 2 going cold)