• United States



by Diann Daniel

MBA Takeaways

Dec 01, 20066 mins
CareersIT LeadershipSecurity

Five lessons from three CSOs who went the MBA route

In general, an MBA pays off: Business school graduates this year could expect a $92,000 base

salary (up 4 percent from 2005), according to the Graduate Management Admission Council. IT

executives with an MBA see an 8 percent salary boost, the University of Michigan has found.

But that education doesn’t come cheap. A master’s in business administration can cost anywhere from

$59,000 (Ohio State) to $115,700 (Duke). There are also costs in time and to your personal life. So,

should you go for it? It depends on your goals, your industry, your life. Here are five takeaways from

three CSOs who went the MBA route:

1. Business savvy = opportunity. Timothy Gladura, president of the research and

investigative divisions of the Carco Group, says learning business management can be done on the job.

But those three letters, “M-B-A,” confer business cachet. “You may be the best person in the world, but

having that stamp tells others a lot about what’s in your tool bag,” he says. Specifically, it means you

understand corporate goals for profitability and growth. Gladura armed himself with an MBA when he

decided to move beyond the military service. The West Point graduate, computer specialist and Army

officer prepped himself for the business world with a nighttime accelerated MBA program at Oklahoma

City University in 1985 and finished his studies the following year. Subsequently, Gladura held posts in

the FBI and the White House, including as director for counterintelligence and security programs for

then National Security Advisor Condoleezza Rice. He later became CSO at Cardinal Health, where he

developed core programs that included intrusion detection and vulnerability assessments. He credits

his MBA for nudging open the door at Cardinal: “There was nothing more important that contributed to

being a success than business acumen,” he says.

2. Broad risk management expertise. Ann Garrett, State CISO with the North

Carolina Office of Information Technology Services, says an MBA program teaches you to survey

operations and talk about risk in business terms. It was about 15 years ago when Garrett, then working

as a software project line manager at Infocel, decided she needed deeper business skills. She packed

her business school studies at Meredith College in Raleigh, N.C., into a life that also included her job,

her husband and elementary school–age son.

Developing risk management skills to use in a business operations environment is particularly

important for CSOs, Garrett says, and business school has helped her “have a cool head and a

methodical approach” to security challenges.

Mary Ann Davidson, CSO of Oracle and a 1984 Wharton School of Business graduate, agrees. Davidson

was a naval officer just off active duty with a degree in engineering when she enrolled in the MBA


In her economics and finance classes, Davidson says she learned lessons she now applies to security.

“The MBA is invaluable in thinking about how to approach security from an economic and risk

management standpoint, rather than just a technical ‘belldss and whistles’ standpoint,” she says.

Financial theory in particular teaches that there is a direct correlation between risk and return, she says.

The greater the volatility of a stock, for example, the greater the upside and downside. In other words,

business is about assuming risk, and financial theory shows a direct correlation (in financial markets)

between risk and return. If you take no risk, you do not reap any rewards either.

3. Budget battle credibility. A CSO must understand how the company makes

money, says Gladura. “If you don’t understand business and don’t understand how to say, ‘This is how

security will save you money or recover money,’ you won’t be at the C level ever.” In order to convince

the CEO and the CFO that your recommended security investments are necessary, you have to

understand how the CEO wants to grow the business. And there’s a synergistic effect. That ability to see

security as a business enabler means it’s more likely that you will be proactive about spotting risk in

new ventures, if, for example, your company is expanding into Central America, and you will be able to

speak about that risk in a language the business executives understand.

An MBA also teaches you how to analyze problems and potential solutions in a broad business context,

to see enterprisewide rather than from one function like security. “We need to know what [an

investment] is actually worth to us, not just what we pay,” Davidson says. “I wouldn’t have that

perspective if I hadn’t gotten an MBA.”

4. Confidence. Garrett says her MBA education, combined with her business

experience, gives her the confidence to be a mentor to her staff. Sometimes she finds herself passing

along her MBA learning, occasionally in unexpected ways. Take the red glass monkey that sits on her

office bookshelf. It’s a reminder to her to question whether things that appear as problems—”the

monkey on my back”—are really worth carrying. “In MBA school you do lots of case studies about

when to move the monkey,” Garrett explains. “Does the monkey belong on my back or should I move it

to someone else’s?” When an employee comes to her with a problem, she sometimes uses that symbol

to work through the problem. She asks herself, Can I solve this problem? If not, then whose is it and

how can I engage him to take responsibility? Garrett has carried that simple learning tool with her for

10 years. “The trick,” she says, “is to make learning less painful.”

5. The ability to communicate. Studying business in-depth changes your

view—of the business, of your function within it, of when you need to listen and when you need

to talk—and it gives you tools to better get your point across. Business school, says Garrett,

taught her to “walk the walk and talk the talk with the business guys.” She learned the role of each part

of the organization, service providers and operational folks, and how to translate difficult concepts into

simple graphs and reports. “Personally, I know I no longer talk techie,” she says, “I talk person to