Security chiefs at home: No such thing as 'off duty'

It's a good idea to think twice before pursuing certain professions -- they could change your daily habits, if not your entire outlook on life. A chief financial officer might choose a house project based on its impact on home value. An emergency room worker might forbid his kids from jumping on a trampoline.

What about a chief security officer? CSOs are paid to be vigilant (some might say paranoid), so how can that mind-set not impact their personal affairs, particularly when it comes to traveling, securing personal information, protecting belongings and raising kids?

To find out, we spoke with five security chiefs about how their profession influences them outside of the office. Their precautions may occasionally seem extreme, but take heed -- even these experts aren't always immune to credit card fraud or identity theft.

Name: Stanton Gatewood

Title: Chief of information security

Organization: Georgia Board of Regents of the University System of Georgia

"This is who I am -- it's in my blood," says Stanton Gatewood, chief of information security at the Georgia Board of Regents of the University System of Georgia. After more than 30 years as a security professional, including stints in the U.S. Air Force, AT&T Bell Labs and the University of Southern California, he says, "It's what I do, and I can't turn it off at 5:00 p.m."

While he was at AT&T, he says, a system at the security operations center visually displayed the thousands of attacks per minute that threatened the network, representing people probing for back doors and weaknesses. "I've seen too much," he says. "Scams, threats, people being bullied, things being stolen, identity theft, vulnerabilities being capitalized on -- I live and breathe this every single day."

Gatewood recalls sitting with his extended family at a holiday gathering when the conversation turned to the Internet. As the discussion went on, one of his uncles noticed he'd gotten quiet and compared his reaction to those of friends who had fought in Vietnam. "He said, 'They have this stare, and I see it in you,'" Gatewood says.

At home, Gatewood admits to being a geek. "I love the tools available to us today," he says. In addition to securing his home computers with rootkit detection utilities, intrusion-prevention software, antivirus and antispyware software, and firewalls that isolate the network when they sense an attack, he has safeguarded his house with a keyless entry system (accessible via his smartphone), automated lights and a security system that includes motion detectors and video cameras.

Gatewood also uses a credit-watching service, because he and his wife have twice been victims of identity theft. In both cases, he says, the theft of their personal data probably occurred while they were on road trips during which they gave their credit cards to desk clerks at several hotels.

He advises people to extend credit monitoring services to their children's and elderly parents' credit lines as well. "The largest growing sector in the population for identity theft is our kids," he says. "From cradle to grave, we should be watching our electronic selves."

Gatewood sees himself as an evangelist spreading the word about the dangers of the digital world. In presentations at community organizations like churches and schools, he teaches people about identity theft, fraud and Internet bullying. "When I first read Google's vision statement -- to capture all the world's information and catalog it -- it sent chills up and down my spine," he says. "It could be good, or it could be a catastrophe."

'Some airlines I won't fly due to their safety record.'

Name: Richard Gunthner

Title: Vice president of global security

Company: MasterCard

"I'm paid to be thoughtful -- not paranoid," says Richard Gunthner, vice president of global security at MasterCard. "I'm not a big believer in overdoing it in terms of security -- it needs to add value, whether in business or your personal life."

Working at a global company requires constantly balancing security with business needs, Gunthner says. "Many in this business see things in black and white, but I see shades of gray," he says. "The world is not as safe as I'd like it to be, but we're a global company, so it's a matter of how do we do that with adequate measures of safety."

From outward appearances, Gunthner says, "I'm no more cautious than my neighbors." However, when he travels, he does take some extra precautions when it comes to selecting an airline. He studies carriers' safety ratings, crew training programs and maintenance records, as well as the age of the planes in their fleets. While emphasizing that plane crashes are extremely rare, he says, "You can greatly minimize the risk if you do certain due diligence. Some airlines I won't fly due to their safety record."

He also follows the same guidelines he gives MasterCard employees on subjects such as the safest place to sit on a plane and how to conduct oneself when traveling abroad. Among other things, he says travelers should try not to stand out in general, and specifically they shouldn't wear expensive-looking jewelry, watches or clothing. "I have a cheap little travel watch that I use versus the nicer one I wear at home," he says.

Gunthner's parenting style is to be upfront with his teenage kids about the dangers that exist in the world. "You can't be overprotective, but if you instill the right thought process, hopefully they'll make the right decisions," he says.

He did go slowly when ushering his kids into the digital world: "Letting them have a cell phone was a big step," he says. And while they're allowed to have instant messaging and Facebook accounts, "we put a number of parameters around that, and we do look at their logs -- not to spy but to make sure they're safe and that their behavior on these sites is appropriate."

Gunthner also reads his kids' text messages periodically. "That was our agreement before we gave them access," he says. "We want them to be educated but not totally sheltered, because it's part of our society and culture, especially for their generation."

Name: Leslie Lambert

Title: Chief information security officer

Company: Juniper Networks

International travel is a particular interest for Leslie Lambert, chief information security officer at Juniper Networks and former CISO at Sun Microsystems (which has since been acquired by Oracle). But when she's in a foreign country -- or at any airport, on any city street or in any shopping mall, for that matter -- she's more alert and vigilant than most people she knows.

"I'll ask them, 'Did you see that person? Did you see what he was doing?'" she says. She's particularly watchful, she adds, in areas of the world where Americans are most likely to stand out as targets of theft. "I take responsibility for that on behalf of others, whether they know it or not," she says. "It's woven into the fabric of who I am."

Lambert says she has trained her traveling companions to face one another when standing in a group, rather than everyone facing the same direction. That way, everyone has a view of what's going on behind the others. "It's good to have a 360-degree view to make sure you're not being targeted or possibly victimized," she says.

Lambert is also careful not to keep all her credit cards and cash in one place, and she uses a protective folder for her passport so that the embedded RFID tag can't be read -- a common means of identify theft around the world, she says. "Sometimes I'm looked upon as being overly concerned," she says. "But to me, it's an ounce of prevention."

When it comes to her home computers, Lambert says she is also more vigilant than most people in terms of updating antivirus software and patches and verifying that browsers are appropriately communicating with online banking and shopping sites. "I don't think general users focus on whether their machine is appropriately patched on a daily or weekly basis," she says. "It can be very annoying for my family, because the computers are always in preventive maintenance mode."

She's also careful with personally identifiable information, shredding any piece of paper with her name, address or any membership or account numbers on it, as well as documents that contain other private information, such as the value of her home. Credit card receipts, solicitations for credit cards and requests for donations all go into the shredder. "We have shredders at every turn in our home," she says.

Despite these precautions, her credit card number was compromised three times in an eight-month period. "I could never figure out where it was coming from, but the credit card's fraud detection service caught it every time," she says.

Name: Roland Cloutier

Title: Chief security officer

Company: ADP

Roland Cloutier, CSO at business outsourcing giant ADP, says that the vigilance he has honed throughout his career -- first in law enforcement and now in security -- has become part of who he is.

"If you're working to understand security risks and problems for a living, you become significantly more cautious and conscientious about your behavior online, with your family, around the home and when traveling on vacation," he says. "I certainly have a keen understanding of the bad things that happen in the world, and so I adjust how I live and how our family interacts with the world."

This is particularly evident, he says, when it comes to his teenage daughter's use of social media. His approach -- which he describes as "on the side of overcautiousness" -- is 90% deterrence and 10% enforcement. In addition to implementing content filters on his home computers and his daughter's mobile device, he also monitors her digital activity. "She tells her friends, 'Don't talk like that -- my parents are monitoring this.'"

While he allows his daughter to use some forms of social media, he has administrative access to her accounts and ensures that no one except friends can view her name, photos or personal information. That level of oversight extends to his daughter's cell phone use; he knows who's in her address book and what calls are coming through.

"Parents should be active in their children's online life and the technology they use. For example, we make sure there are no numbers in the address book that don't have names assigned," he says. "There should be no blocked calls, and if we see any, we'll stop the phone service."

Cloutier sets expectations by outlining clear rules and ensuring that he and his wife follow through on the agreements they make with their daughter. "If I walk in the room and the screen goes down, she loses the computer for 30 days," he says. "I teach her, 'Cyberspace is dangerous, you're a target and these protections are there for you,'" he says. "She's lived with it since she was a kid."

But Cloutier says his awareness does not stop him from enjoying international travel and other family outings. "Would we go to Times Square when there's a higher probability of terrorism, like on New Year's Eve? No. Would we go to Chinatown to go shopping on a Saturday morning? Sure."

And while he acknowledges that he's more situationally aware than other people, Cloutier says "that doesn't mean I'm strapping on a gun and won't come out at night. I just maintain an understanding of the area I'm in and who and what's around me, and [make sure] I have an answer for what to do next."

Name: Alan Nutes

Title: Security Manager

Organization: City of Atlanta Department of Watershed Management

"Situationally aware" is a term that resonates for Alan Nutes, security manager for the City of Atlanta's Department of Watershed Management. "I'll go into a restaurant, and I always take a table facing the door," he says. "When you talk to people in the security or law enforcement professions, we have a tendency to want to see who's coming toward us." He likens it to a fireman whose first thought is to look for the emergency exit.

When he walks down a city street, Nutes says, he uses store windows as mirrors to see who's walking behind him. When talking to a group outside a building, he adds, "I've been accused of not looking at them but past them to see who's coming from all angles."

I've been accused of not looking at [people I'm talking to] but past them to see who's coming from all angles.

Alan Nutes, security manager, City of Atlanta Department of Watershed Management

Working in the security field has also made Nutes aware of the dangers involved with travel. When his kids were young, Nutes says, he would book two separate flights for himself and his wife in case something happened to either flight. "It's contingency planning," he says.

It's different now that the kids are grown: "Now we're on the same flight, but I'm in back and my wife's in front," he says.

Even though his kids are grown, Nutes says he's still aware of their use of social media services like Facebook and Twitter: "They're on it all the time, and they get a lecture every night."

Brandel is a Computerworld contributing writer. Contact her at marybrandel@verizon.net.

Join the newsletter!

Error: Please check your email address.

Tags securityUniversity System of Georgia

Show Comments
[]