Shelley Stewart: Business view

Head of global security at Cummins brings a business background to the role (CSO Compass Awards 2012)

With her broader view of risk and deep knowledge of business, Shelley Stewart has made risk and security management a value creator. The executive director of global security for Cummins, an international manufacturer of diesel engines and power generators, didn't come to the position with the usual background in security.

"A lot of people in my role grew up in law enforcement," she says. "I didn't."

The 2012 CSO Compass Award Honorees

This year's CSO Compass Award winners point the way toward risk management that's more inclusive -- and more exact

Jack Jones: Numbers game

Shelley Stewart: Business view

Kristin Lovejoy: Enabling innovation

Dick Parry: Culture change

Rick Kelly: Value focus

Eric Cowperthwaite: Connect the dots

She started as director of benefits strategy, and after implementing a major overhaul of the company's healthcare program, she began looking for a new challenge. The director of risk insurance had just left the company and Stewart, along with her boss, recognized she had two strengths that made her a perfect fit for the job: a deep knowledge of insurance and an excellent understanding of Cummins. That last is no small thing in a company with 44,000 employees and customers in 190 countries.

Working closely with the risk management group gave her a comprehensive understanding of security operations, and she was asked to help find a new head of security for the company. "The senior executives weren't comfortable with the outside candidates who'd been brought in," says Stewart. "As the search went on, my boss kept saying, 'You should do it.'"

In her previous positions, Stewart had been able to increase the business value of the risk, safety, human resources and environmental functions. Management realized that this ability and her knowledge of the corporate culture were more important than a background in government, law enforcement, security systems or investigation.

As head of global security, Stewart is in charge of security operations, information asset protection, standardizing security processes, and intelligence and crisis management. Stewart says she figures out how security can better help business units instead of just telling them what the problems are.

"My job isn't to tell them what not to do, but how to do it with the least risk," she says. "This sometimes means security doesn't have to be as extensive as we thought because it turns out the risk we're protecting against isn't that great."

One of her most important achievements was putting together an intelligence program that quickly delivers information around the world. This program helped her, her team and their partners execute preventive measures in response to the Arab Spring, the 2011 earthquake and nuclear disaster in Japan, and other crises.

While Stewart knows that a strong knowledge of security is essential for risk management, she understands that other skills are important, too. She believes having a deep understanding of business drivers is the key to making security add value to the organization.

"We could see that the company's most critical asset is engineering information, so we brought in an engineer to help us with information asset protection," she says. "This let us understand that in order to help the company, we had to come up with ways to protect that information which were flexible enough to let us work with outside partners."

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Constantine Von Hoffman

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts