Chief Security Officer: No Magic Bullet

While most companies interviewed by Underground Reporter say there has been a heightened focus on security and a review of measures in place, chief security officers (CSOs) still remain a rare breed. What’s more, some early pioneers are embattled.

Several high-profile security chiefs have lost their jobs or been reassigned in recent months. For example, Michael Young, chief information security officer at State Street Global Advisors in Boston, lost his position in a company reshuffling in April. Fidelity Investments’ vice president of infrastructure and risk management, Michael Moulton, was dismissed last December, and Steve Katz, the high-profile chief security and privacy officer at Merrill Lynch, accepted a buyout.

Those in the industry say a debate over who should be responsible for security within an organization, and to whom that executive should report, undoubtedly causes much of the turmoil.

“You’re seeing the organizational frictions that have always been in place coming to a head,” says Lloyd Hession, chief security officer for Radianz, a New York-based company that operates a private trading network handling transactions between many of the world’s largest brokerage houses. “Companies that brought in a CSO after 9/11 thought it would sort out their internal security issues. What it really did was highlight the conflicts that exist.”