FROM CISO TO CIO

“An Uncharted Course – or was it?”

1

The Right Place at the Right Time?CAREER PROGRESSION A 28 year trip without luggage

Locksmith → Physical Security Rep. → Manager (Northrop ASD) - Physical Security-OPSEC-EDP-Investigations - Security Management Experience

Security Manager (U.S. Navy at McDonnell Douglas in MO) - “Checkerboard” classification system (1st time ever) - Unique challenges for INFOSEC - Completed baccalaureate degree in Computer Science - Became “resident expert” on INFOSEC

2

Right Place at the Right Time?CAREER PROGRESSION (Cont’d)

Security Management (U.S. Navy in Washington, D.C.)- Multi-tasking: assigned several visible programs to oversee all security issues (learned a lot)- Briefed Executive Level Govt., military, corporate personnel- Continued education by obtaining masters degree in Computer Science

Director, Information Systems Security (U.S. House of Representatives)- Structuring an organization (from 6 -27 personnel)- Budgetary responsibility- Briefed Members of Congress & Executive Level personnel- Establishing security parameters/policy (900 offices, 15000

employees)- Recognizing confluence initiatives- Keeping abreast of the state-of-the-art in INFOSEC- Two year battle for CISO “State Hood”

3

The Right Wrong Place at Right Time?

CAREER PROGRESSION (Cont’d)

Chief Information Officer (U.S. House of Representatives) - Appreciate the “executive big picture” - P²- Teamwork approach towards organizational goals- Think “inside and outside the box” - Have a vision and a roadmap to get there- Inter-agency/departmental coordination (share successes and failures)

4

CISO CIOWhat I Didn’t Know:

- Competing Priorities- Each Business Unit has just as good a story as the other- Morale issues- Steering an aircraft carrier

What I Did Know:- Security business- Information Technology as a whole entity- Management – Decision Maker- Communication Skills- Motivator - Team Builder - Troubleshooter- Politics

5

The Executive Management Screw(kinda befitting title)

What kind of Security Person are you?

TOO LITTLEAVERAGE

AGGRESSIVERISKY

doomsday, chicken little, opportunists, risk manager-CB

6

What’s the Message?- Communicate in a layman’s terminology The hardest and MOST IMPORTANT trait a security professional can possess

- Know your job, but also know everyone else's job Especially the C- Suite

- Bear/Bull Market CSO-CISO When revenue/budgets are abundant – begin new projects When revenue/budgets are flat – tighten the reins or extend projects

- Keep your Frenemies close and help them be successful- Staffing: Don’t be afraid to hire good people (even those with a better resume than

you!) Take care of your people and they’ll take care of you…it’s

like the Golden Rule!Golden Rule! Use consultants and outside agencies to assist when necessary (everyone

needs help once in awhile!)

7

Self-PreservationOUTSIDE ACTIVITIES

You will be remembered for what you gave…not what you took! - Take advantage of opportunities to speak at public forums- Join professional security groups and be an active member- Write a magazine article- Get security certifications or more training- Reduce Stress – exercise, talk with colleagues, laugh often

and of course the occasional beverage of choice

AND FINALLY ---Keep the Lights on for ME –

I may need to come back home to Security!

8