Xtra’s first specialist security officer says those aspiring to such roles need a range of IT and business skills.
While a computer security background is important, Carl Grayson says this is not enough.
“They need to understand the business implications, the media, legal and reputational implications of their work — be a jack of all trades,” he says.
As is often the case overseas, Grayson’s role involves all aspects of security, from physical security like building security management, to networking issues. He heads a team of five dedicated security staff, all reporting to IT manager Neil Forster, and works with other Xtra staffers whose roles partly encompass security.
“We all have our own focus. I am the overseer that integrates these focuses,” Grayson says. Firms need to have a dedicated security response, he says. They also need to put more resources into security and coordinate it “in a way that works”, he says.
“Somebody has got to wear it [take responsibility].”
But even though his responsibilities appear similar, Grayson has not taken a title common in the US, chief security officer. Grayson and marketing director Chris Thompson joke there are no “chiefs” at the ISP, just “Indians”.
The Telecom division recently lost its chief information officer after the former post-holder, Shane Ohlin, became the company’s strategic alliances and technology architecture manager. He was replaced by Forster.
Xtra created the post because its focus is on growth, Thompson citing new initiatives in mobile, email alerts, DSL, VPNs and roaming devices. “There’s a lot of action in IT security,” says Thompson.
“We needed someone with a good overview.”
Grayson suggests his role is more of a job destination than a stepping-stone to something else, a role for people who enjoy dealing with security.
“For me, it’s a challenge. There is never a dull day. It’s where I want to be; I want to specialise. We are the corporate police. We look at the regulatory environment, deal with things that are not law yet, like the Crimes Amendment Bill, DDoS attacks, etc,” he says.
Grayson has worked in IT for 12 years in the healthcare, telecomms and finance sectors. He joins Xtra from investment banker Merrill Lynch, where he was New Zealand IT manager and assistant vice-president of security, based in both Auckland and Sydney.
While Xtra recently beefed up virus protection for its customers, the ISP won’t reveal what security measures it plans next, either internally or for customers.
“I don’t believe I am allowed to discuss future projects — information leakage is part of my role,” Grayson says.