Kathleen Kotwica, Ph.D., is EVP and chief knowledge strategist for the Security Executive Council (SEC). She develops strategies and processes to identify, store, understand, build upon, and disseminate the Council’s Collective Knowledge™ and insights.. To learn about becoming involved, or to offer comments or questions about Next Generation Security leadership, e-mail contact@secleader.com or visit https://www.securityexecutivecouncil.com/sm.

Security’s 2012 Accomplishments and 2013 To-Do List

Kathleen Kotwica Ph.D.

Bob Hayes

December 1, 2012

No Comments

At the New Year we find ourselves reflecting on who we are as an industry, what we’re doing and where we hope to be. Our ongoing research of security-related issues has shed light on some remarkable changes in the security industry in the last ten years, many of which are driven by technology advances and shifts in the business environment.

How Business and Risk Drivers Impact Mitigation Strategy

Bob Hayes

Kathleen Kotwica Ph.D. Marleah Blades

December 1, 2012

One Comment

As business changes, so does – or so should – security. The direction of business can have significant consequences for security, both internally – in terms of influence, funding and organizational structure – and externally – in new threats, new risk, new mitigation requirements. Are you watching business trends and thinking about how they should impact security and your strategies to mitigate risk?

Eleven Areas for Improvement

Bob Hayes

Kathleen Kotwica Ph.D.

October 1, 2011

No Comments

In our July column, we discussed the dangerous gap in the transfer of knowledge between visionary security leaders and the next generation of leaders who will have to take up the mantle after them. Then in August, we laid out a roadmap for a new type of training that would help to close that gap. But what topics do up-and-coming leaders need to know more about?

Benchmarks Aren’t Magic, They’re Tools

Bob Hayes

Kathleen Kotwica Ph.D.

September 6, 2011

No Comments

Security executives frequently come to us to request assistance in benchmarking their processes or performance metrics with similar companies. Usually we find that their interest is at least partially driven by a strong push from management. Business leaders recognize benchmarking as a proven business practice that can identify competitive strengths and vulnerabilities as well as opportunities for improvement. Benchmarking can inform corporate goal-setting and can play a significant role in strategic planning.

A Roadmap to the Next Generation

Bob Hayes

Kathleen Kotwica Ph.D.

August 2, 2011

No Comments

Last month we talked about the knowledge transfer gap that exists in the security profession. We posited that the best of the best of security practitioners don’t have the time to teach their successors how to become future-oriented, business-aligned organizational influencers, and that the business-focused training programs available for security professionals do a great job of talking business, but they fail to marry business processes with the job of risk mitigation.

Is the Knowledge Transfer Gap Hurting Security?

Bob Hayes

Kathleen Kotwica Ph.D.

July 1, 2011

No Comments

Adding business value. Getting a seat at the table. Running security like a business. Aligning security with the organization. These are the contents of the Holy Grail of security leadership. Everybody talks about them. Everybody wants them. But most security leaders view them as the stuff of legend – great for motivation, but unattainable in reality.

Kathleen Kotwica Ph.D.

June 1, 2010

No Comments

What would you do if a YouTube video of your company’s employees willfully flouting policy and endangering customers went viral and was getting tens of thousands of hits a day?

Kathleen Kotwica Ph.D.

May 1, 2009

No Comments

Business leaders around the world are struggling to determine exactly how the global economic downturn will impact their operations and profitability. Among security leadership specifically, one oft-asked question is whether

Chad Schermerhorn, Security Expert at Brivo, will discuss how your physical security stack should be an operational asset. It should be based on the strongest, and most-up-to-date smart security that can protect you today and adapt for unexpected threats that may come.

DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

Security Magazine

2020 June

This month in Security magazine, we highlight COVID-19 and infosec's response. How has the sudden shift to remote work changed the roles of CISOs and security teams? Also this month, we profile Justin Dolly, CSO at Sauce Labs, his view on infosec and building security teams. In addition, security experts discuss continuous monitoring, radicalism, quantum technology, endpoint security and more.

View More Create Account

Kathleen Kotwica Ph.D.

ARTICLES

Security’s 2012 Accomplishments and 2013 To-Do List

How Business and Risk Drivers Impact Mitigation Strategy

Eleven Areas for Improvement

Benchmarks Aren’t Magic, They’re Tools

A Roadmap to the Next Generation

Is the Knowledge Transfer Gap Hurting Security?

Crisis Management at the Speed of Internet

The Real Impact of the Downturn

Security Magazine

2020 June