If you could invite any 10 security pros to breakfast, who would you choose? Howard Schmidt, eBay CISO, recently convened a security dream team in San Francisco to announce the creation of the Global Council of CSOs.
Whit Diffie of Sun Microsystems showed up, as did Oracle's Mary Ann Davidson. Motorola's Bill Boni dialed in, along with Will Pelgrin, director of the New York State Office of Cyber Security & Critical Infrastructure Coordination. Other absent but accounted for charter members include MCI Group's Vint Cert, Microsoft's Scott Charney, Washington Mutual's Dave Cullinane, Steve Katz, formerly of Merrill Lynch, and Bank of America's Rhonda MacLean. The group is a veritable who's who of security.
Make that information security.
Cullinane is a CPP, but nevertheless, the focus of this braintrust is clearly information security. That's fine for much of what the group is doing, which is figuring out the CSO's role in implementing the voluntary National Strategy to Secure Cyberspace. But also on the agenda was the definition of the proper role, background and reporting arrangements for CSOs within business organisations.
When asked about the inclusion of physical security in this process, Schmidt confessed, "I've been forgetting to do that." That's no surprise to George Campbell, who is outspoken on the subject of corporate security execs being treated like knuckle-draggers by the infosec community. "Those guys — God bless them all — they have very important jobs in their respective companies, but their portfolio is really one subject," says Campbell, former president of ISMA. "With all due respect, they ought to call themselves what they are, the CISO Council."
What does Schmidt think about that? "The correlation of issues between physical and cyber are converging, and we represent that in our deliberations," he told CSO, adding that he and Boni have a broad base of security experience. The council will have an inaugural meeting in San Jose in January and will gather again in February in San Francisco. For more information, visit www.csocouncil.org.