Security manager's journal: Heading for the clouds

Our manager wanted a new challenge. His new job at a company that is offering software as a service fills the bill.

What makes a good information security professional? I think it's starting at the bottom and working your way up, occupying various positions along the way and obtaining skills in every one of them. It's understanding the business and having the ability to influence others. It's having a breadth of knowledge in various business sectors.

Trouble Ticket

At issue: Our manager has a new job, in which he will be heading up information security at a SaaS provider.

Action plan: Get up to speed quickly, and make connections with all the departments that can affect the company's security.

I've been thinking about all of this because I've taken a new position, leaving a company I worked at for more than five years. Did I hate my job? No. Did the company make me do risky things? Never. Did I hate my boss, or the people I worked with? Not at all. Was I kept from succeeding? No, in fact, there were no negatives driving me to leave.

Admittedly, my new job comes with a promotion and a pay raise, but that's not what clinched it for me. It was a chance for a new challenge, to work in a different technology sector and to build something -- all those things that go into making a good security pro.

I gave two weeks' notice and spent that time closing some open items, such as the Sarbanes-Oxley review and a firewall rule audit, and I created a transition plan. I think one thing a good security manager does is make sure that his successor steps into a mature environment, with a clear understanding of the burning issues. I created a spreadsheet listing significant areas of the company's security profile, prioritizing them, providing the names of the best contacts for each issue, and describing the details.

Today was my third day on the new job. My main goal in these first days is to map out the company's current security landscape. I'll then spend the next few weeks assessing it and prioritizing actions. Meanwhile, of course, there are all those things that anyone encounters in a new job: learning names and terminology, understanding a new business model and becoming familiar with the products and services that the company sells.

Upon arrival at my new company, I found that my predecessor had in turn left me with an eight-page transition plan. I've only gotten through two pages so far, but already I know that some burning issues will need to be addressed quickly. The first is hiring a security analyst to take charge of an event-monitoring project that is under way. If I don't do it before the end of the year, I'll lose the budget.

New Security Horizons

My new company has, over the past couple of years, moved from selling software that customers run on-premises to offering software as a service. It has also embraced cloud technologies to run the business. So I will be going well beyond my previous cloud experience, which consisted of assessing vendors, to help build the security of a company whose customers rely on it to keep data secure in the cloud.

To do this, I will need to work with the IT department in building a robust security program and ensuring that the security infrastructure is sound, that appropriate policies and processes are in place and that those policies are being followed. I will also connect with the company's marketing, sales and legal departments to help build marketing collateral and to offer my assistance whenever our customers have questions about the security of our infrastructure. Then I'll want to check in with product development to review the security of our product offerings.

I said I wanted a new challenge, and it looks like I have one. I look forward to sharing my new experiences with my readers.

This week's journal is written by a real security manager, "Mathias Thurman," whose name and employer have been disguised for obvious reasons. Contact him at

Join in the discussions about security!

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags cloud computinginternetSoftware as a service

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Mathias Thurman

Computerworld (US)
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Victorinox Werks Professional Executive 17 Laptop Case

Learn more >

Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?