The Influencers: Steve Katz
Steve Katz ex-CISO, Citibank, JP Morgan, Merrill Lynch; currently a consultant and widely sought-after speaker
Why He's an Influencer
Widely regarded as "the world's first CISO," Katz is a prominent figure in the network security discipline. Since 1985, he has served as the senior security executive for Citibank/Citigroup, JP Morgan, and most recently Merrill Lynch - and has been a force in raising the visibility and shaping the direction of the security industry at industry and government levels.
Deeply respected within both the financial services and security industries, Katz has testified to Congress on information security issues and was appointed as the Financial Services Sector Coordinator for Critical Infrastructure Protection by the Secretary of the Treasury.
His Experience
Beyond his work as a financial services CISO, Katz' other credentials include: Founder and Chairman of the Financial Services Information Sharing and Analysis Center; Chairman of the American Bankers Association Information Systems Security Committee; Vice Chair, Financial Services Roundtable-BITS Security and Risk Assessment Committee; member of the New York Clearinghouse Banks Data Security Officers Committee; and member of the Securities Industry Association Information Security Committee.
In His Own Words
On the role of an information security leader:
"To be a successful information risk executive, you have to believe that you are and that you have a seat at the executive table. Make sure that the other executives in the corporation realize you belong there. Go to them and say, "There are risks that have to be addressed. Let me understand the risks you're dealing with. Let's understand what I can do to meet your needs, and let me explain to you what information risk is all about." Security officers spend a lot of time talking about education and awareness, and it's primarily focused on training and educating. A greater amount of time has to be spent educating and making the executives aware so they understand that information and risk management are providing significant values to their customer base."
On selecting staff members:
"I'm going to sound awfully cliché, and I apologize for it, but someone once told me that the best thing you can do as a CISO is to hire giants -- because then you can stand on their shoulders. You may know more about any one specific area of security and the business, but you want to make sure that in the aggregate your direct security team knows more about the technology, the awareness, the finances, the programs than you do. Hire the best and smartest people around, set the objectives for them, and then let them go ahead and fulfill those objectives for you."
On starting a career today:
"I was fortunate that when I started in information security, there wasn't anything. Whatever I did was pretty much a green field. Today, it is recognizing that there is a profession out there called information security or information risk management, and you can make a choice to be part of it. There are certainly excellent educational opportunities, and I'm a firm believer in the program that Gene Spafford offers at Purdue. George Mason has some pretty good programs. Get a solid academic grounding in what it is you're supposed to be doing and say, "Is this a career choice I want to make?" Because it is a choice, it is an opportunity that will take you from entry level to some very challenging, very high-paying professions in very large enterprises."
Content Featuring Katz: