Kim Keever: The Doer

For Kim Keever, security knowledge (no matter how thorough) is not enough. Vice president of information security and controls for Coca-Cola, Keever and her team of 60 security staffers have the expertise to implement security technology and practices in addition to evangelizing security awareness.

To Keever, this is a key distinction. Some security groups are set up as subject-matter experts for the rest of the organization, advising on what to do and remaining silent on how to do it. Keever believes this approach undermines credibility. "You can't just be a security specialist. You have to understand how to get things done in the IT space. I could not just pick technology and hand it over to another group in IT to implement it," she says.

Given her background, it's unlikely Keever would ever take a backseat approach to any aspect of security. She began her career as an IT consultant in the mutual fund industry, specializing in cross-functional team management and disaster recovery and business continuity. This led to a post as CIO for Invesco's retirement group back in Atlanta, her hometown.

"I focused on all aspects of IT but had a special interest in ensuring controls were in place in environments leading to a focus in security tools and audit practices," she says. When Invesco's retirement group was sold off, Keever seized the opportunity to spend a few years at home with her young children.

In 2009, she was recruited to enhance controls for Atlanta's Coca-Cola Enterprises (CCE), then the largest bottler in the Coke system. There, Keever led an effort to enhance access controls, and role was seen as important when Coca-Cola moved to acquire CCE's North American operations, which became Coca-Cola Refreshments (CCR) in 2010.

"They wanted to focus on aligning security with the Coca-Cola Company standards in this North American business unit," she says.

Following the acquisition, CCR's risk posture changed because it was now connected to its parent company's environment. "Things had to be modified quickly. We had the added pressure of needing to align with a global company that had a different set of security standards," she says.

Keever moved quickly to build her team, which she sourced both internally and externally. "I have a diverse group of people who had systems implementation experience, people that come from IT audit, and people that worked at the security vendors. My team is security-focused but business-minded and knows how to get things done."

One of her team's first initiatives was implementing a role-based identity- and access-management security infrastructure that allowed employees to serve themselves in many cases. For example, new hires are automatically provisioned and receive network access without having to go through the typical paperwork and manual processing. At the same time, Keever worked to simplify compliance with security practices for employees by easing password management by using a cross-company password-management tool and a federation platform.

Since 2010, Keever's team has delivered significant business value and reduced risk through a number of security initiatives, including raising security visibility and awareness, and implementing the first out-of-region disaster recovery capability for the North American environment. Keever also spearheaded development of a program to partner with audit and IT owners to develop root-cause resolution of audit findings.

Lately, she's been focused on compliance with payment card industry (PCI) regulations. She developed a center of excellence to serve as a centralized resource for this key area. The team evaluated compliance and mediated issues for PCI-relevant processes in the North American business as part of preparations for attaining tier one vendor status this year.

Keever's accomplishments are impressive, even more so given that they took place during a tumultuous time in her personal life. In 2011, both of her hitherto vibrant parents got sick and died, one after the other. Work provided a much-needed distraction during that time, she says.

Understanding the business-its threat profile, drivers and objectives-helps Keever when discussing funding needs for key security initiatives. "From a funding perspective, it is easier for me to make a case because I focus on value to the business," she says.

That is right in line with her belief that security people should be doers rather than just advisers. Having seen both ways of operating an information security organization, Keever comes down strongly in favor of her team implementing security technology as opposed to just advising the business and IT on security matters. "Your business can't afford to have a team of subject-matter experts telling people what to do from a security perspective. You have to have them doing things and showing value," she says.

"I feel very fortunate. Coca-Cola is a great company. It is really exciting with so much opportunity to succeed. It's very focused on diversity, women, accepting of different needs, enabling a flexible lifestyle," says Keever. "It's been very rewarding for me."

Read more about security leadership in CSOonline's Security Leadership section.

Join the CSO newsletter!

Error: Please check your email address.

Tags CCRCompass AwardsCoca-ColasecurityKim KeeverSecurity LeadershipCoca Cola

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lauren Gibbons Paul

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts