Symantec's CISO on Security Leadership

Patricia Titus Talks Team-Building, Breach Impact, CEO Shuffle

By , August 3, 2012.
Symantec's CISO on Security Leadership
Read Transcript

Her first nine months on the job included a data breach and a CEO shakeup. Hear how Symantec CISO Patricia Titus has adapted to business change and re-focused the company's security team.

No doubt, there are unique challenges to being the new security leader at one of the world's best-known security companies. Within months of taking over as Symantec CISO last November, Titus had to deal with the investigation into the pcAnywhere data breach - the 2006 theft of Symantec product source code.

"Nobody wants to have a security breach, regardless of whether you're in a security company or within a public sector entity," says Titus, who formerly was CISO at Unisys and the Transportation Security Administration.

And then in July came seismic moves at the top of the company, when Symantec's board replaced Enrique Salem with new CEO Steve Bennett.

"It hasn't been a huge change," Titus says. Both the old and new CEOs were focused on security. "[But] there's always a ripple effect," she adds. "You want to make sure you're doing all the right things that your new leader is looking for."

And amidst all this activity, Titus has been working to re-build Symantec's security team, starting by establishing her own role as a leader with a vision.

"I use the famous line that 'I work at a company where 80 percent of the people are smarter than I am, and 20 percent think they are,'" Titus says. "So, it's a challenge to get people to realize that you bring to the table a little bit of a different perspective on security."

As CISO, Titus oversees a team of about 35 security personnel, and she sees their roles as two-fold: to secure the technologies that Symantec's employees use, as well as to share insights that might help develop better security products for the company's customers. These responsibilities call for traditional security pros to expand their skill sets.

"It's an opportunity really to develop the information security team to think broader than just a typical security office, where you're so focused internally, vs. the external part," Titus says. "That's been a bit of a challenge ... but it seems to be working really well for us."

Among the areas where Titus has focused on strengthening leadership skills: Security engineering, threat response and governance, risk and compliance. "The team was focused very much on reactive," Titus says. "What we've gotten to in just the short nine months I've been here is to a more predictive state," able to determine better where and when the organization is at heightened risk.

In an exclusive interview, Titus discusses the do's and don't of building an effective security team, as well as:

  • The impact of Symantec's pcAnywhere data breach;
  • Her goals under the leadership of new CEO Bennett;
  • Responding to the security challenges of BYOD and the cloud.

Titus is the vice president and chief information security officer at Symantec, responsible for IT information security risk management, threat response and governance functions. she plays a strategic role in protecting Symantec's IT resources, infrastructure and information assets, as well as drives internal security initiatives.

Previously, Titus was vice president and global CISO for Unisys Corp., a global information technology company. At Unisys, she was responsible for enhancing network security and policies supporting global employees while ensuring the continued protection of sensitive corporate and customer data. Earlier, Titus was CISO at the Transportation Security Administration within the Department of Homeland Security, where she focused on creating, implementing and maintaining a robust IT security program. Titus also worked overseas for several years in various positions within the U.S. Department of Defense, the U.S. State Department and various private sector firms.

Follow Tom Field on Twitter: @SecurityEditor

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Obama to Issue Cybersecurity Executive Order

At a White House summit at Stanford University today, President Obama will sign an executive order...

Latest Tweets and Mentions

ARTICLE Obama to Issue Cybersecurity Executive Order

At a White House summit at Stanford University today, President Obama will sign an executive order...

The ISMG Network