McAfee CSO finds new role brings new challenges

It has been a year since Ted Barlow took on the position of Chief Security Officer (CSO) for Plano, Texas-based security product provider McAfee Inc., and already his position has brought new challenges and opportunities.

In February of last year, Barlow was McAfee’s IT director of security (he continues to retain the title of vice-president of risk management). Then his job was focused on IT security — protecting systems from threats such as viruses and worms.

Today as the company’s CSO, he manages very much more than such traditional security risks. His job now involves making sure McAfee’s security policies meet the new regulatory requirements for security of financial and private information laid out in such legislation as the Sarbanes-Oxley Act of 2002. The act is meant to ensure the protection and integrity of corporate financial information.

“The role of the CSO has been around for a while, but it is now becoming more mature,” Barlow added. “Companies understand that they need a person who is responsible for security, compliance issues, and for such regulatory issues as Sarbanes-Oxley.”

Security, in Barlow’s opinion, is a business process as much as it is about technology.

He said one challenge he faces is there are no guideposts to help him figure out how to make McAfee’s own security policies conform to the government regulations. It is very much an on-the-job learning experience.

“It is a work-in-progress,” Barlow added. “There are no definite guidelines out there to tell you what you must do, so you have to develop some of that in conjunction with internal audits and with many of the other functions of the company. It is very much a moving target.”

Barlow said getting a company to conform to such legislation as Sarbanes-Oxley involves changing the thinking of everyone in the company about what security is, and how each employee should approach the issue.

He said this means getting employees to think about the security implications of actions they take. For example, he said, a simple action such as changing access rules for data can have real security consequences and affect on the bottom line. If an access change is not done correctly, it could expose sensitive information and if that becomes public the company suffers a loss of trust among consumers and partners, affecting the company’s stock or sales.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now