At the height of the recession, Providence Health & Services in Seattle whacked its IT training budget by a hefty 65%. That meant conferences and most tuition-based classroom training were out of the question. So Eric Cowperthwaite, the health service provider's chief information security officer, started looking for alternate ways to provide his staff with ongoing education.
He approached officials at a local security company and offered to pay them a small amount to jointly develop training modules he could then deliver to his staff himself. What he got was a customized course on risk management methodologies and risk analysis skills.
The payback: "I was able to demonstrate to employees that I was still committed to their growth and development," Cowperthwaite said. "While I may not be able to let them go to a conference in Orlando, I'm still able to invest in my people. That was what was most critical: to show people that we were still willing to invest in them."
Cowperthwaite said he also visits with local FBI and Secret Service agents working in Seattle, Los Angeles, Portland and San Francisco -- cities where Providence Health has offices.
"Someday, something bad is going to happen to your company. A laptop may get stolen or data gets stolen or a virus gets inserted into your network. Before you ever get to that point, go find the local FBI or Secret Service office, or even your local chief of police, and invite them to lunch and get to know them," Cowperthwaite advised.
The payoff is that if and when you're faced with a security crisis, you'll have allies you can turn to. You'll also get tips on how to help law enforcement authorities solve your case, Cowperthwaite said.
He cited a time when he worked with the Secret Service on some problems with malicious software. "What they wanted from us were forensically clean versions of the computers involved," Cowperthwaite said, and knowing that upfront meant the incident could be resolved quickly.