Me and my job
CSO equals common sense officer. I explain that since opportunities do not last long, businesses must strike quickly to be first in market. My role is to make sure the business can keep the momentum going while protecting their assets and customers.
What part of your job makes you most proud?
I am most proud when I am able to reach out to functions outside of information technology to collaboratively build security into the process early. The “people and technology” engine must continue to run, so having security invited to the table early, during the evaluation and feasibility discussions, is a big win.
What would you use a magic IT security wand for?
I would use this power in two key areas. First, to create meaningful security metrics that businesses can relate to and act on. There have been many starts and stops by groups to develop quantifiable metrics that can translate up the chain. If this was magically developed, I feel that security would evolve to the proper state of operation. Second, I would change the mindset from security being a technical issue to being a social issue. We, as humans, will continue to misconfigure technology, open doors for strangers and forget certain procedures to follow. Most of our technology issues today represent our behaviors as humans, so to switch the awareness to behavior would be a huge move forward.
What's your information security dream job?
I love the notion of a “power council” consisting of legal, compliance, security, human resources and IT that would look at risks and collaborate on mitigations. It would also exist in an environment where a strong foundation could be designed and implemented, each layer could be built on a trusted base. Also, the social aspects of security would govern the activity to drive awareness and adoption.
SKILLS IN DEMAND:
A shift underway
IT audit is going through a transformation. Companies are re-evaluating control objectives in light of new compliance, security and business challenges. IT auditors capable of interfacing with and providing consulting services to business, IT and risk management pros are in demand.
The goal is to create a better understanding of control requirements in regards to internal projects, compliance drivers and new business opportunities so that companies spend more resources on their core business.
Progressive audit professionals are earning base salaries ranging from $70K to $200K depending on their level of experience.
Source: Jeff Combs, Alta Associates, Inc..
From the - November 2007 Issue of SCMagazine »