Security manager's journal: Heading for the clouds

Our manager wanted a new challenge. His new job at a company that is offering software as a service fills the bill.

What makes a good information security professional? I think it's starting at the bottom and working your way up, occupying various positions along the way and obtaining skills in every one of them. It's understanding the business and having the ability to influence others. It's having a breadth of knowledge in various business sectors.

Trouble Ticket

At issue: Our manager has a new job, in which he will be heading up information security at a SaaS provider.

Action plan: Get up to speed quickly, and make connections with all the departments that can affect the company's security.

I've been thinking about all of this because I've taken a new position, leaving a company I worked at for more than five years. Did I hate my job? No. Did the company make me do risky things? Never. Did I hate my boss, or the people I worked with? Not at all. Was I kept from succeeding? No, in fact, there were no negatives driving me to leave.

Admittedly, my new job comes with a promotion and a pay raise, but that's not what clinched it for me. It was a chance for a new challenge, to work in a different technology sector and to build something -- all those things that go into making a good security pro.

I gave two weeks' notice and spent that time closing some open items, such as the Sarbanes-Oxley review and a firewall rule audit, and I created a transition plan. I think one thing a good security manager does is make sure that his successor steps into a mature environment, with a clear understanding of the burning issues. I created a spreadsheet listing significant areas of the company's security profile, prioritizing them, providing the names of the best contacts for each issue, and describing the details.

Today was my third day on the new job. My main goal in these first days is to map out the company's current security landscape. I'll then spend the next few weeks assessing it and prioritizing actions. Meanwhile, of course, there are all those things that anyone encounters in a new job: learning names and terminology, understanding a new business model and becoming familiar with the products and services that the company sells.

Upon arrival at my new company, I found that my predecessor had in turn left me with an eight-page transition plan. I've only gotten through two pages so far, but already I know that some burning issues will need to be addressed quickly. The first is hiring a security analyst to take charge of an event-monitoring project that is under way. If I don't do it before the end of the year, I'll lose the budget.

New Security Horizons

My new company has, over the past couple of years, moved from selling software that customers run on-premises to offering software as a service. It has also embraced cloud technologies to run the business. So I will be going well beyond my previous cloud experience, which consisted of assessing vendors, to help build the security of a company whose customers rely on it to keep data secure in the cloud.

To do this, I will need to work with the IT department in building a robust security program and ensuring that the security infrastructure is sound, that appropriate policies and processes are in place and that those policies are being followed. I will also connect with the company's marketing, sales and legal departments to help build marketing collateral and to offer my assistance whenever our customers have questions about the security of our infrastructure. Then I'll want to check in with product development to review the security of our product offerings.

I said I wanted a new challenge, and it looks like I have one. I look forward to sharing my new experiences with my readers.

This week's journal is written by a real security manager, "Mathias Thurman," whose name and employer have been disguised for obvious reasons. Contact him at mathias_thurman@yahoo.com.

Join in the discussions about security! computerworld.com/blogs/security

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cloud computinginternetSoftware as a service

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Mathias Thurman

Computerworld (US)
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?