Building a Network of Information Security Advisors 
Kathy Taylor, Information Security Officer
Siemens Energy & Automation
Presentation Abstract:
In large and distributed organizations it is difficult to keep employees informed about security policies and best practices. Building a network of security advisors embedded throughout the business can be effective in raising fostering security awareness. When a security manager builds such an organization it is important to understand you are engaging volunteers or people who were “volunteered”. In addition this is a part-time function each advisor will maintain on-top of current responsibilities. Therefore, the security manager will need to incorporate time-saving & easy to use materials to simplify execution of the program.
I’ve been a security officer in a large company with over 100 locations in U.S. and Mexico for the past twelve years. My locations vary from sales, manufacturing, distribution, customer support, research & development and corporate headquarters. Our business segments vary from oil & gas, industry automation, mining, food & beverage, drive technology, airfield solutions & logistics, chemical, and metals. Within each business segment and type of location are different security risks to mitigate, compliance regulations, and awareness targets to achieve. There have been many times when attempting to educate the various business segments with security policies has been like “herding cats”. I will share my experiences and invite participates to discuss theirs as well so we can all learn from each other.
To achieve improved security protection, compliance and policy adherence I have implemented a network of advisors to provide management and end users local security awareness. Takeaways in the presentation will include:
- Why to have advisors
- How to build such a network
- General role and responsibilities of the advisors
- Training needs
- Motivating the advisors
- Managing and measuring the program
- Communicating with the team
- Lessons learned.
Bio:
Kathy Taylor is the Information Security Officer for Siemens Energy and Automation, Inc. (SE&A). In this role, she established an Information Security Program that has enabled SE&A to become fully compliant with Siemens AG global security initiatives, internal business security, and compliance requirements. She has successfully transitioned a large IT Infrastructure supporting over 100 locations to an in-sourced Siemens IT service provider, while improving internal security measurement results. Kathy has also implemented a Remote Information Security Advisor Program to improve overall security awareness across all SE&A locations.
Kathy participates in many Siemens regional and global security councils, such as, eDiscovery and compliance, security roadmap planning, role-based access management, business continuity planning, security best practices sharing, mergers & acquisitions, and ITIL process implementation.
In her twelve years at SE&A, Kathy has developed and mentored numerous internal staff in their security careers at Siemens. She continues provide mentorship and guidance to her peers throughout the global Siemens community. She has developed a trusted security organization characterized by positive leadership, customer focus, and a strong team orientation. Recently Kathy was nominated for the prestigious 2008 Information Security Executive of the Year Southeast award.
