Stacey Halota, The Washington Post Company
As the corporate CSO of The Washington Post Company (TWPC), Stacey Halota is responsible for protecting the IT assets of a $4 billion global enterprise. She is charged with developing and implementing the security, privacy and IT compliance strategy for all divisions. In addition, she ensures security controls are effectively and consistently implemented in a highly decentralized company that employs over 35,000 individuals worldwide. As well, she must ensure that compliance requirements are met. Further, she is charged with making certain, in conjunction with the risk and legal departments, that all TWPC businesses appropriately meet strict privacy requirements – and these are ever-evolving depending on what region of the globe the business is in. She has been extremely successful in this position due to her absolute understanding of information security and how to implement controls in a smart and meaningful way.
Stacey brings a common sense attitude and business perspective to information security. She is highly technical, but also understands the language of business. As such, when she speaks to the board of directors, she communicates complex and technical issues in a language that clearly articulates the business risk and can easily sway senior management and the board to care. By doing so, Stacey has elevated the role of information security to that of a line item in the overall corporate strategy and that of each of the business units at TWPC.
Stacey has single-handedly integrated security as a point of discussion and importance at every senior strategy meeting and has built a global team of information security professionals to ensure that strategic security initiatives are implemented effectively and consistently across a worldwide and highly decentralized organization.
As well, she contributes to the security, compliance and privacy communities. For example, while at PricewaterhouseCoopers, she helped to develop the guidelines for performing ethical penetrations into networks, which is still the standard for PwC.