Information Sharing: Connecting Dots

As publisher of CSO I have the great honor of meeting a great many very smart people. This is a good thing because it certainly helps compensate for my gaps in knowledge. The month of March this year was an exceptional one in particular.

During March I had the good fortune to spend some time at one of our annual events, the 2008 CSO Perspectives conference, and was again amazed by the depth of knowledge, experience and insight that is displayed by those in the security profession. This year's conference was themed "Becoming the Complete CSO." From those of you who attended and whom I had a chance to speak with, there was universal praise. Not just for the content and speakers (which were great) but also for the recognition that CSOs are rising to ever-greater heights within their organizations and that sometimes, at those elevations, an individual's focus must shift from tactical to strategic.

The week prior to CSO Perspectives I was at my good friend Robert Rodriguez's IT Security Entrepreneurs' Forum (ITSEF) at Stanford University. Funded by the Department of Homeland Security and the Kauffman Foundation, the ITSEF focuses on bringing together early-stage security businesses, the federal government and the venture capital community to make sure that important technologies that address critical security issues don't fall by the wayside before they can be fully commercialized. In this fast-growing but increasingly consolidating industry, the danger of critical-technology obscurity should be of concern to all security professionals. As with CSO Perspectives, this was another occasion for me to rub elbows with some very smart people in this business and to learn from them.

So what did I learn this month? First, that security is the responsibility­­­ of everybody—from the janitor to the CEO. Without a culture of security, an organization will always be vulnerable. Second, that security is not just about the technology. CSOs walk a fine line between security and business and must constantly strike a balance between the two. CSOs must understand the issues of both sides and act as a liaison between the folks from the business side and those from the security side—both are critical to selling the value of security. Finally, despite what you may hear, there are a lot of CSOs doing the first two very, very well. My advice to those CSOs who struggle with the balance of tactical and strategic responsibilities? To those who find it difficult to integrate security and business objectives? To those who struggle to sell the value of security in their organizations? Find your peers and learn from them.

CSOs are the most willing group of professionals I have ever had the pleasure to work with when it comes to helping their peers and advancing their profession. Read CSO and visit CSOonline.com. Meet your peers at conferences, dinners and industry organizations, or just call the CSO down the street and grab coffee. You may be amazed what you'll learn and the value of what you can share.

How do you share information with your peers? E-mail what you do and how it's working—I look forward to hearing from you.

Related:

Copyright © 2008 IDG Communications, Inc.

Subscribe today! Get the best in cybersecurity, delivered to your inbox.