Best Practices for the CSO: Convergence Works
I just read Dan Dunkel’s article in Today’s Systems
Integrator, a newsletter directed toward security integrators. The
discussion this month was on the CSO Executive Council’s Bob Hayes’ dislike of
the term “convergence” when applied to security.
Bob’s complaint is that it “misses the mark from the
executive and management perspectives.”
I think that convergence is nothing but goodness, especially
when you think of it as collaboration, communication, alignment, understanding,
and the other characteristics of truly “coming together.” The physical security industry – and frankly,
the IT security industry that Bob Hayes’ group is mostly focused on – are not typically
the most collaborative business units in an organization. Although, in my experience, the IT folks are
infinitely more collaborative with business units than the physical security
folks. But still…neither is great at it.
The CSO Executive Council is an organization of security executives – mostly with IT backgrounds – but also many with awareness of or new oversight of physical security. The organziation publishes best practices for senior security managers, mostly with an IT flavor. But in fact, many more IT managers are tapped to lead "convergence" initiatives than their counterparts in physical security. So the CSO Executive Council serves an important role. Frankly, no other organization (ASIS, Open Security Exchange, ISSA, the Alliance) has stepped up to provide CSO leadership like the CSO Executive Council has.
But I digress – Convergence, which forces communication and understanding, can only improve these troubled disciplines.
I think what Bob and CSO Executive Council probably balk at
is the draconian approach to convergence – the sometimes foolish and often
misinformed crunching together of IT security and physical security personnel
into one management group. 9 times out of 10, that’s a train wreck. But working together toward a common goal on
projects that highlight the skills and experience of various parties – that’s a
management best practice.
Security convergence is a market force already generating
billions in revenue and new organizational value. And security convergence is making both IT security and physical