Evolution of the CSO

David Kent's experience at biotech firm Genzyme is familiar at organizations around the world that have decided to place a top security officer.

"His view was: Let's bring a business perspective to information security," says Katz. "[Reed] said, 'Citicorp sells two things: money and trust.' As security, we were there to help them deliver on the trust component."

Katz says he spent much of his first year traveling to meet with Citi executives around the world. His mission was to put a face on security and figure out what needed to be done to protect the company. He asked executives, "Do you care about who you transact with? Who are your customers?"

"Technology wasn't part if it," says Katz. "It was simply, 'Do you care about keeping information confidential and private."

In turn, Katz began to introduce concepts such as identity, and company officials began "shaking their heads and saying 'Yeah, that makes sense,'" says Katz.

Katz, who now runs his own consultancy, continues to meet with CSOs and CISOs and does some mentoring as well. When he is giving career advice, he urges up-and-coming security professionals to hone their understanding of business and risk if they want to be successful in today's corporate climate.

"The role is becoming a technical- and business-risk effort much more than it is viewed as a security role. The requirement to work with business professionals is probably the greatest hurdle security professionals have to face. If you aren't at home working with people at the executive level of a corporation, you will be relegated to a much smaller role in the company."

The CSO of the Future

To project future developments in the CSO role, it's again useful to look a bit deeper at the CIO position, arguably the most recent to make a transformation from corporate support player to a more elevated executive spot. (Though not the first; recall that CFOs, before they became strategists focused on shareholder value, were simply accountants.) The challenge for CSOs, says Saffo, is to find ways to demonstrate their effectiveness beyond their core protective mission. He believes going to the next step will require CSOs to do what CIOs have managed to do over the last decade. That is, move from a support/infrastructure role, to a central role in enhancing productivity and effectiveness around a company's core mission.

Show Comments