First Line Of Defense

With security among the most important business issues, many companies are creating new IT positions to take charge of both the technology and the politics.

Paul Raines cut his security teeth in a very paranoid world. He was a handler of the keys used to launch Minuteman nuclear missiles for the U.S. Air Force. Several promotions later, he landed the responsibility for securing Air Force command and control communications.

"My real baptism in encryption came when I worked at the U.S. Postal Service between 1993 and 1996," says Raines, 42. There, he and his team developed the certificate authority infrastructure behind the Post Office's digital postage program. In the past two years, the postal digital certificate program has issued more than 500,000 certificates, which are used to authenticate downloads to, and draws from, a user's digital postage meter.

1pixclear.gif
1pixclear.gif
1pixclear.gif

Security Blanket

Who: Paul Raines

Title: Chief security officer

Where: Federal Reserve Bank of New York

Reports to: CIO

Credentials: Raines represents information security for the Federal Reserve at the Bank of International Settlements in Switzerland; he's also a published security pundit and speaker on internal security policy, encryption and international electronic-banking issues.

Salary: Chief security officers can expect $100,000 to $250,000, depending on the industry, according to Tony Carr, vice president of technical recruiting, networking specialty, at Pencom Systems Inc. in New York.

Demand: Chief security officers are wanted at companies that have highly valued information assets or intellectual property and a Web presence.

Characteristics/Background*:

• Had similar role in same or like industry, or is ready to step up a notch

• Able to execute senior management responsibilities such as presentations, direct management, business development and executive teamwork

• Political ability to leverage ideas, concepts and technology within changing global environments

• Hands-on technical background

• MBA, computer science degrees preferred

* Source: Tracy Lenzner, president of Lenzner and Associates, a Las Vegas-based job placement firm for security managers
1pixclear.gif

In 1996, Raines took a director-level security position at the Federal Reserve Bank of New York. With him, he brought two of his team leaders from the Postal Service - one to develop and supervise user policy training and enforcement and the other to hire and supervise a Red Team (four Federal Reserve security staff members who hack the Reserve's systems to test for vulnerabilities). The Blue Team, responsible for access controls and security services to the Reserve's business areas, already existed.

Combined, 23 of Raines' reports hold some type of information security job, but not many of these are direct reports, he says. He's too busy in executive offices, evangelizing and building interagency relationships, to form close relationships with these workers.

"The types of issues I deal with tend to be policy-related. Like, 'How do we coordinate software reviews between all the Federal Reserve Banks so we don't reinvent work?' " Raines explains. But maybe he shouldn't have opened his mouth - he now coordinates those efforts between banks.

The other part of his job is crisis management. Take, for example, the time Raines was sipping a double espresso at a Starbucks at 6:30 a.m. the day the "I Love You" virus struck. "I took one look at the paper and called our network people from the train station, telling them to shut down our mail server," he says with a chuckle. "Thankfully, by the time I got to work, they had already updated the virus pattern."

Fast-Moving Field

History proves security is a moving target. Threats, security tools and security policy models have already gone through several iterations in the past 10 years. Thus, chief security officers (CSO) must also possess the ability to seed and execute change at the cultural level, says Pete van De Gohm, CSO at Enron Energy Services in Houston.

That requires a certain amount of political savvy, since the job involves wooing the support of the nontechnical CEO while leading the company into the next security shift: proactive, holistic security attended to by every level of the organization.

The CSO position calls for a rare bird in the technical community, according to Tracy Lenzner, president of Lenzner and Associates, a Las Vegas-based security management recruitment firm.

For this reason, former military leaders like Raines and van De Gohm make great CSOs, says Lenzner. She adds that there's an equal ratio of CSOs who have corporate backgrounds in the field. (Van De Gohm also did a Minuteman stint in an Air Force missile silo in South Dakota before overseeing both physical and technical security of the Shadow jet development facility in southern California.)

"The key is the ability to execute," Lenzner says. "People with military backgrounds make excellent leaders because they learned in the military that when given a job, they overcome obstacles and they execute."

Copyright © 2000 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon