John had a massive challenge to tackle. A former IT security officer at a large bank in New York, he and his wife packed up and moved across the country so he could take on the role of chief security officer with a well-known provider of loans, retail financing, and other credit related products.
His first task? To build a converged security department (a single organization integrating disparate security branches, typically including digital and physical security at minimum). An undertaking any veteran security executive will tell you is no easy mission. John, who asked us not to use his name because he is not authorized to speak to the media, decided his strategy would be to take baby steps.
"I spent the first six months to a year just observing," said John. "Things were highly decentralized. People had built processes in silos. We didn't buy any tools for two years. We worked on organizational change first."
Merging things was slow and met with resistance. Resistance came from personnel on both sides, both physical and IT, as very different types of employees just couldn't relate to one another. And, of course, there were demands from management to do things as cheaply as possible.
When it comes to converged security, stories like this are not uncommon. How do you bridge both worlds if you come from one? Veteran CSOs agree that it all starts with personal growth and change.
Seek a network of support
John reached out to others who had been through converged efforts. While he said converged CSOs remain a relatively rare breed, he did find others with expertise to talk to-with industry association ASIS proving a particularly valuable resource.
"I think that ASIS has the strongest network of converged CSOs that I am personally aware of," said John. "I helped found an ASIS chapter locally and this association has been a great resource for information, contacts and support."
Seek practical experience
Martin Carmichael is the CSO of security software developer Mcafee. He is responsible for the company's internal information and physical security. His experience with convergence began when he was CSO at Asurion, a provider of customer contact and support services. There, he dealt with what he calls a "huge amount of resistance to change" from personnel.
"I found as I brought IT into physical there were complete misunderstandings," he said "Each thought the other had it easier. Physical security wanted to spend more on things like video surveillance. And the IT people didn't understand that physical security is critical to infrastructure."
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Controlling storage costs with Oracle database 11g
The state of Middleware
IT Service Management Needs and Adoption Trends: An Analysis of a Global Survey of IT Executives
How to improve employee productivity in small and medium businesses
Making the Business Case for IT Consolidation
The Case for an Untethered Enterprise
Look before you leap | Key considerations for moving to 802.11n
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Virtual magic: HR specialist throws out 40 servers, adds 8TB SAN and saves $100,000 for disaster recovery 2008-12-01 15:28:00+11
Sybiz adds up for SMEs in downturn 2008-12-01 14:27:00+11
EXCOM scores back-to-back award trifecta 2008-12-01 10:46:00+11
Citect extends SCADA networks with mobility solutions 2008-12-01 09:48:00+11
Citect extends SCADA networks with mobility solutions 2008-12-01 09:48:00+11
Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
Hyperion surveyed 163 companies to understand BI and EPM requirements, evaluation processes, and extent of adoption. Top areas of current and future investment for emerging businesses include budgeting and planning as well as management reporting solutions. Read on to discover more.
Buying Guides
Latest Products
