CSO honors 2011 Compass Award winners

CSO has selected the recipients of the 2011 CSO Compass Awards. This year’s theme is ‘Security That Drives Business.’ Winners were chosen by CSO’s editorial staff and decisions were based on nominees’ career-long achievements in creating state-of-the-art security departments and programs.

The 2011 Compass Awards will be presented at the CSO Perspectives Conference, April 5-7, 2011, Naples Grande Resort, Naples, Florida.

The 2011 winners are:

Andy Ellis, Senior Director, Information Security, Akamai Technologies Transparency and openness of security models as a business driver; broad industry participationNomination highlight: As head of Akamai’s InfoSec, Ellis has not only driven the security practices at one of the world’s largest clouds, he has paved the way in openness and transparency to his customer base, supporting models like CloudAudit, building scalable compliance regimes to expose his security models, and been a public voice for security thought leadership. He has driven Akamai’s security product offerings, not only bring PCI Compliance to the cloud, but removing it from the data center with EdgeTokenization, supporting it with cloud-based Web App Firewalls, and defending customers against Distributed Denial of Service Attacks.

In recognition of:

Jamil Farshchi, CISO, Los Alamos National Laboratory Change leadership and creation of strategic planning process/tools that map to organizational goalsNomination highlight: Farshchi has served as a change-agent that has rebuilt a struggling information security capability for a national security institution by using best practices and transforming traditional security methodologies with new and innovative security strategies, approaches, and methods. When Farshchi was hired, the Los Alamos National Laboratory (LANL) information security program was reeling from public and government scrutiny due to security weaknesses which culminated in a security compliance order. He injected discipline in the areas of compliance, budget management, and operational security; built a highly talented team, and undertook game-changing innovative initiatives which resulted in the re-positioning of the information security program into a best-in-class capability.

In recognition of:

David Komendat, Vice President and CSO, The Boeing Company Embedding security and safety expertise & considerations within business units, projects, and sales cycles; internal leadership development programNomination highlight: Komendat depicts security’s greatest importance as a business function. He realized in 2005 that Boeing’s Global Security & Fire Protection (S&FP) organization leadership team lacked an acceptable level of business knowledge sparking the dedicated work with the finance and other business organizations to develop training and education to help leaders improve their individual business acumen and run their individual security and fire functions “like a business”. The result has significantly improved year-over year-resulting in exceptional budget performance. Leaders run Boeing S&FP utilizing LEAN practices, sound financial discipline and personal accountability to insure strong financial performance.

In recognition of:

Dwaine Nichol, Manager, Security & Life Safety, City of TorontoFostering cooperation and shared policy across numerous constituencies; development of metrics and SLAs appropriate for government reporting and budgetsNomination highlight: There is more than one area in which Nichol has raised the security bar for the City of Toronto’s Corporate Security Unit and for the City of Toronto. But one of which I would like to highlight is the creation and more importantly the implementation of the Corporate Security Plan.

In recognition of:

The Corporate Security Unit is responsible for all security operations for the City’s diverse operations such as water plants, yards, recreation centers, pools/rinks, daycares, social assistance offices, clinics, as well as, specialty centers including City Hall and Union stations — the busiest transportation hub in Canada. The security bar was further raised through the creation, adoption, and implementation of a City Wide Security Plan adopted by City Council. This three tiered approach helped change the way security was conducted and also viewed by senior management.

William Phillips, VP and Chief Security and Safety Officer, CNA Insurance Business enabler, global issues, brand protection, standardization and time/cost reduction; consulting to business on product developmentNomination highlight:Phillips views security first and foremost as a business function. He recognizes that remaining competitive and profitable requires all elements of a contemporary company — including the security function —to identify new methods to contribute to the organization’s success.

In recognition of:

Phillips views security’s role as an “enabler” of our business units — to assist them to operate in an environment where they can consistently and without significant disruption, focus on and exceed their business objectives. His philosophy is that security professionals should broaden their definition of risk and their view of their own function. Security should look at the full range of operational risks to the organization and should be ready to accept new challenges and opportunities. The security function can provide significant added value to business units through the use of existing security information, intelligence, resources and capabilities.

Jennifer Bayuk, Security Consultant and founder of Jennifer L Bayuk LLC, Formerly Senior Managing Director, CISO, Bear Stearns & Co., Inc. Consistent industry leadership in development of strategy and metrics

In recognition of:

Nomination highlight: Bayuk is an Information Security management and Information Technology due diligence expert and an industry professor at Stevens Institute of Technology. She is experienced in virtually every aspect of the Information Security. She has been a Wall Street CISO, a Big 4 Information Risk Management Consultant and Auditor, a Security Architect, a Manager of Information Systems Internal Audit, and a Bell Labs Security Software Engineer. Bayuk frequently publishes on IT governance, InfoSec, and audit topics, including 3 textbooks and 2 edited compilations on InfoSec Governance Issues. Bayuk has lectured for organizations that include ISACA, NIST, and CSI. Certifications CISSP, CISA, CISM, and CGEIT. She has Masters Degrees in Computer Science and Philosophy.

See a list of all Compass Award winners to date.