I believe in studying the backgrounds and career paths of successful people for insights into operational thinking and future industry directions. Integrators can benefit from studying our industry’s security executives. Dave Tyson, CISO of Pacific Gas & Electric (PG&E) is a good study.


I met Tyson at an ASIS event seven years ago. Since then, his focus areas and career advancement have served as a role model for CISOs, and a benchmark to the integrator community. Tyson started his career as a senior security consultant at IBM. In 2004 he became CSO for the city of Vancouver, and was instrumental in the city’s preparation for the 2010 Winter Olympic Games.


In 2007 he wrote the book, “Security Convergence — Managing Enterprise Security Risk,” and stated, “The basic premise of convergence is that technology must be deployed in a new, more integrated way.” With a clear understanding of technology convergence, Tyson began to see how electronic transactions were impacting the future of business commerce from both a positive (increased revenues) and a negative (increase fraud) perspective. As the expansion into the electronic domain was increasing risk to businesses in multiple ways, from intellectual property theft to global supply chain breeches, he realized that security practitioners were ill-prepared for this development.


Tyson inherently knew that the best place to gain experience in the latest cyber crime tools and tradecraft would be to join a company that not only embraced an e-commerce model, but was itself a prime target of hackers and criminal syndicates. e-Bay ($8.7 billion 2009 revenues) enjoys a global reputation as a leading-edge innovator in digital commerce. Its entire business model, reputation and stock valuation depends on the security of the digital infrastructure and financial transactions. e-Bay has effectively deployed a culture of cyber crime countermeasures to protect its assets. Tyson felt that just as technology had converged the threats to the business, the actual investigation “process” had to converge as well.


“I have found that the true IT security professional sees security as a process — the way it should be seen. I had been in the security industry for nearly two decades, but it was not until I entered the IT security industry that I saw what a standards-based approach and formal security methodology could do for an organization,” he wrote.


Tyson rounded out his convergence experience in enterprise risk management and mitigation, and accepted the CISO position at PG&E, the $15 billion utility leader. He stresses the importance of having a security framework from which to direct security dollars to areas where the greatest threats to the business exist. One of those growing areas involves cyber crime and ever-evolving exploits directed against our nation’s energy infrastructure.


Security integrators and professionals alike can benefit from understanding this intersection of physical and cyber security threats, and its impact upon enterprise risk.


Tyson states his concerns as follows: “What the corporate security departments should be most concerned with is that the average security professional knows very little about these (cyber) issues at this time, and they are often the primary organizational security resource that deals with the effects of these technology-based threats.”


Given these observations, the security integrator must step up and provide leadership and solutions in the area of cyber security convergence. The fact is that cyber crime is a growing area, and security executives are looking for countermeasure expertise. It is a market segment that will be with the industry for years to come, and can provide a recurring revenue opportunity when viewed in the context of continuous threats. The 21st Century security integrator will follow the leaders into the cyber domain.