Security manager's journal: Heading for the clouds

Our manager wanted a new challenge. His new job at a company that is offering software as a service fills the bill.

What makes a good information security professional? I think it's starting at the bottom and working your way up, occupying various positions along the way and obtaining skills in every one of them. It's understanding the business and having the ability to influence others. It's having a breadth of knowledge in various business sectors.

Trouble Ticket

At issue: Our manager has a new job, in which he will be heading up information security at a SaaS provider.

Action plan: Get up to speed quickly, and make connections with all the departments that can affect the company's security.

I've been thinking about all of this because I've taken a new position, leaving a company I worked at for more than five years. Did I hate my job? No. Did the company make me do risky things? Never. Did I hate my boss, or the people I worked with? Not at all. Was I kept from succeeding? No, in fact, there were no negatives driving me to leave.

Admittedly, my new job comes with a promotion and a pay raise, but that's not what clinched it for me. It was a chance for a new challenge, to work in a different technology sector and to build something -- all those things that go into making a good security pro.

I gave two weeks' notice and spent that time closing some open items, such as the Sarbanes-Oxley review and a firewall rule audit, and I created a transition plan. I think one thing a good security manager does is make sure that his successor steps into a mature environment, with a clear understanding of the burning issues. I created a spreadsheet listing significant areas of the company's security profile, prioritizing them, providing the names of the best contacts for each issue, and describing the details.

Today was my third day on the new job. My main goal in these first days is to map out the company's current security landscape. I'll then spend the next few weeks assessing it and prioritizing actions. Meanwhile, of course, there are all those things that anyone encounters in a new job: learning names and terminology, understanding a new business model and becoming familiar with the products and services that the company sells.

Upon arrival at my new company, I found that my predecessor had in turn left me with an eight-page transition plan. I've only gotten through two pages so far, but already I know that some burning issues will need to be addressed quickly. The first is hiring a security analyst to take charge of an event-monitoring project that is under way. If I don't do it before the end of the year, I'll lose the budget.

New Security Horizons

My new company has, over the past couple of years, moved from selling software that customers run on-premises to offering software as a service. It has also embraced cloud technologies to run the business. So I will be going well beyond my previous cloud experience, which consisted of assessing vendors, to help build the security of a company whose customers rely on it to keep data secure in the cloud.

To do this, I will need to work with the IT department in building a robust security program and ensuring that the security infrastructure is sound, that appropriate policies and processes are in place and that those policies are being followed. I will also connect with the company's marketing, sales and legal departments to help build marketing collateral and to offer my assistance whenever our customers have questions about the security of our infrastructure. Then I'll want to check in with product development to review the security of our product offerings.

I said I wanted a new challenge, and it looks like I have one. I look forward to sharing my new experiences with my readers.

This week's journal is written by a real security manager, "Mathias Thurman," whose name and employer have been disguised for obvious reasons. Contact him at

Join in the discussions about security!

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cloud computinginternetSoftware as a service

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Mathias Thurman

Computerworld (US)
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?