Winner: Scott Sysol, CSO/VP IT service management and security, CUNA Mutual Group
In the financial services industry, IT in general and IT security in particular plays a vital yet sometimes unrecognized and unrewarded role. Some people notice the function only when things go wrong. Working (and succeeding) in this field requires not just technology talent but a clear understanding of the unique rhythms of industry, as well as constant awareness of the diverse pressures of external threats, internal compliance controls and the effect of each measure and implementation on productivity enterprise-wide. It also takes a thick skin. And from the CISO's office, building a strong team takes a good mix of experience, persistence and constant communication. It is also important to realize when specific individuals who might otherwise have unique skills don't fit the team, and take steps to change the structure.
Sysol has in the past worked with senior executives – particularly in the insurance industry, which is in the business of risk assessment – who simply didn't understand (and sometimes didn't want to understand) the complexities of information security. It is important to remember that their concerns are valid – they need to deliver for their customers, and those customers take their financial services provider's security for granted. Rather than getting into unproductive battles, listening to executives talk about their needs and pressures helps the CISO and the team not only to build better security and compliance controls, but to communicate those benefits with effective ‘messaging.' This brings credibility with the management team, and that eases the process with the company at large. Corporate executives view Sysol as a leader who tempers serious security needs with what is best for the business, given current circumstances.
Again, credibility goes a long way. Moreover, even executives who don't understand the specifics of information security threats are well aware of the compliance mandates governing internal procedures. The CISO who cannot only demonstrate familiarity with the relationship between government restrictions and internal processes, but also tie regulations and threats to real world – with examples, case studies, horror stories and benefits – will gain influence throughout the company. Sysol has made this a top priority.
• Tim Waggoner, National Government Services
• David Billeter, InterContinental Hotels Group
• Jason Taule, General Dynamics Information Technology
• Scott Sysol, CUNA Mutual Group