An evolving job description

An evolving job description

The hottest trend in corporate "C" positions is the chief security officer, or "CSO, " which continues to gain momentum and controversy within corporate America. At first, this position was predominantly concerned with securing corporate information-technology systems. After Sept. 11, 2001, the CSO's role was expanded to address the more traditional aspects of physical, personnel and operational security.

With this change, wide diversities are apparent in existing job descriptions, qualifications, compensation and even the reporting structure of the CSO within a company's organization.

A flurry of new reports and studies point out that the most likely companies to add a CSO would be those within six "critical infrastructures" - industrial transportation; financial services; media and telecommunications; energy and utilities; information technology; and health care.

While one might presume that the majority of companies would already have a CSO in place, the management consulting firm Booz Allen Hamilton - in a sampling of 72 companies generating over $1 billion a year in revenues - found that only 54 percent currently include a CSO title.

But analysts agree that in today's environment of corporate layoffs and terrorist threats, a company's vulnerability to security breaches has never been more real, and that a growing need for the CSO is not only legitimate, but is anticipated to generate a surge in demand due to what is perceived to be a shortage of qualified candidates.

What are the qualifications of a CSO? A report by the Ciga Information Group says "physical security skills combined with familiarity with IT language and issues constitutes the optimal, though extremely rare, background for the CSO." Why is such a background "extremely rare"? A Conference Board study concluded that the highest percentage of high-level security executives have backgrounds in law enforcement (47 percent) or the military (33 percent). In other words, they tend to be strong in traditional loss prevention, guard and police action, but generally lack formal training in IT security, not to mention a host of other business acumens such as developing business plans, profit-and-loss responsibility, contract negotiation, risk/change management, and communication and public speaking skills.

If the company happens to be a complex multinational engaged in international trade, the CSO would also need to be versed in cargo security, international and domestic logistics, supply-chain management, Customs regulations, trade process and security hardware and technology.

Where will CSOs get this training? One potential new source could be the "Certified Supply-Chain Protection Professional" program being considered by the National Cargo Security Council ( Interestingly, the NCSC itself recognized that the challenges of today's cargo security professional extend beyond the traditional skill sets and backgrounds held by many of its members.

While still in development, the preliminary structure of the program would offer separate security certification "paths" such as air, rail, sea and waterway, trucking, and logistics, with core competencies for each to potentially include formal security disciplines (including IT and counterterrorism), federal regulations, business management, quality processes, enabling technology, and best practices.

The program could represent an important "first" by molding many of these formerly disparate subjects into a single comprehensive discipline. But it will be challenged to ensure that it is firmly grounded in established and accepted security standards, and backed by a recognized accrediting and/or sponsoring body that requires the applicant to earn the title. The latter point is critical if the designation is to carry any real weight or credibility, as well as distinction among the various related and sometimes confusing family of other designations, such as the "Certified Protection Professional," "Certified Information Systems Auditor" or "Certified Information Systems Security Professional."

In many ways, the growing sophistication of the CSO position is somewhat reminiscent of the evolutionary path of the present-day customs director. Before that position emerged, the responsibilities for trade and customs were typically "inherited" by a company's traffic/procurement manager. However, the companies that invested in a dedicated customs professional often created competitive advantages for themselves through improvements in compliance, cost reduction and import cycle-time. I would envision that today's new CSO could have no less an impact on a company's bottom line.

William G. "Jerry" Peck is president and founder of Global Trade Management Solutions. He can be reached at (815) 462-1732, or via e-mail at