That is the hope of Beth Cannon, CSO with Thomas Weisel Partners, an investment bank and broker-dealer based in San Francisco. Cannon has been with the company from its beginning in 1999, taking on the CSO role in 2004. Prior to her promotion, she was responsible for engineering and infrastructure that included the operations of the server and the network side of things.
"I had always had some level of security under me related to compliance and the network," she says. "When regulations started increasing, the CIO said, 'I think we need someone to focus on these things.' That's how my role was born in company."
In five years, the role has clearly changed, says Cannon. The company began doing international business, and Cannon then had to learn about compliance rules in several other nations in addition to the United States. The company also went public in 2006.
"Initially the job was very operational and infosec-focused in the respect that we had to get our patching stuff up to date, our network activity logged," she says. "We had to get several things in place in order to have a better handle on what was going on outside of the network."
Now, according to Cannon, she feels that many of the protective measures she put in place at the start of her tenure have become operational. Things that had to be taken care of in the beginning are just business as usual now. That has given her a chance to put more time into finding ways for security not only to protect, but also to add value to the organization. A primary focus now is business continuity, she says. The recent swirl of concern around the swine flu pandemic helped bring the issue to the top of mind for executives.
"Now I'm trying to get out there and say, 'This is more than just technology'. Let's talk about what you are going to do with your personnel."
Another focus now is data classification. Cannon says she hopes her efforts will give security a seat at the executive table as she demonstrates the value that the department brings to future compliance and regulation efforts in the firm. Slowly, she says, she is pushing past that perception that security is merely a cost center, demonstrating its importance to the future mission of the company.
Just as social networking sites and other Web 2.0 applications have combined existing platforms to create a new way for users to communicate with each other, CSOs will need to combine knowledge of several aspects of business in order to effectively assess risk and communicate with executive management, according to Eric Domage, an information security analyst with IDC who focuses primarily on Western Europe. Domage recently spoke at a risk management conference about his vision of the duties for CSO 2.0.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.