Those who cannot, won't have a future, according to Tim Williams, director of global security at Caterpillar, the world's largest maker of construction and mining equipment, diesel and natural gas engines and industrial gas turbines. Williams likens the changing landscape to a game of musical chairs.
"The music has stopped and the people who are able to get the chairs today and in the future are the ones who really do have the business context and outlook."
Williams, a professional with decades of experience in security roles with companies such as Proctor & Gamble, Boise Cascade and Nortel, sat on the board of ASIS International, which first put together an official definition of a CSO five years ago. Today, Williams defines the role as one of enterprise security risk management.
"The CSO who has put together a cohesive strategy for the industry and the culture in which they work are probably the ones surviving this economic downturn," notes Williams. "They have the ability to explain what the security process is, link it to the business and show the value."
Williams believes that CSOs and CISOs will need to be able to come to the table armed with knowledge around the risk to the enterprise they work in from a security standpoint and be able to put that in a business context that can foresee the economic impact and the frequency or likelihood of a risk event to occur. He also speaks passionately about the need for an effective security leader to work well as part of a team. He credits much of the success he has experienced so far at Caterpillar with the strong dynamic between members of his security department.
Williams concurs that the job of the new CSO is to be an executive with a security-functional expertise. But how the CSO engages and puts risk context into the business is an art and a science that each CSO will need to master to gain the respect Saffo referred to previously. It will take as thorough an understanding of a company's product line and economic drivers, in addition to risks. And it will likely mean knowing how to make the case for investment with limited resources. Williams believes that the number of security executives who hold MBA degrees will continue to grow in the future.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.