This article can also be found in the Premium Editorial Download "Information Security magazine: Tips from the 2007 Security 7 Awards."
Download it now to read this article plus other related content.
By Neil Roiter
With a typically small staff and tight budget, Sasan Hamidi knows he has to sell security to enlist the help of his IT and business colleagues.
"Security is always looked at like we're cops. We walk through the hallways and people try to hide," says Hamidi, CISO at vacation exchange company Interval International. "My job is to bring people together, convince them security is important and could affect the bottom line."
By all accounts, Hamidi does that quite well.
"He's always aware of different skill sets of certain people in each division, and leverages those skill sets," says Robby Fussell, senior information security engineer at AT&T Government Solutions and Hamidi's former colleague at IBM and AT&T. "He's proactive; most managers I've dealt with are reactive, plugging holes when there's a crisis."
The proof is in the results. With only two direct-report security staffers Hamidi, in his six years as CISO, has built a state-of-the-art security operations center, instituted two-factor authentication, secured mobile devices, assured compliance with regulations, and accomplished many other projects.
"He really does try to work with business, IT and other departments. He's dogged at making sure they are aware of a risk and assume responsibility," says Interval CIO Marie Lee, to whom Hamidi
| reports. "He always talks with the business managers and puts the need in a business context. And, he's willing to explain and to compromise."
"My mother says I should be a politician," says Hamidi.
He's much more than that. His knowledge of security policy, processes and technology is broad, deep and current. Hamidi built that knowledge base working at General Electric Power Systems, IBM Global Network Security and AT&T Global Network Security.
"What makes him extremely effective is not only wide knowledge of security across domains, but a vast array of products," says Fussell.
"He's the only person I know who has such wide knowledge," Fussell says.
Hamidi believes strongly in adding the personal touch as well. Years ago he was impressed when a security executive said he spent 10 minutes at his company's quarterly IT meeting telling people about his personal life--his career background, his military service, his wife and kids.
"I tried it and got a slew of email and calls," Hamidi recalls. "It makes you more human."
Hamidi's zeal extends into the community, where he's developing an initiative to introduce the basic concepts of information security to Orange County, Fla., middle and high school students.
"I'd just developed a comprehensive information security training and awareness program for my own organization," says Hamidi.
"Being the father of an 11-year-old daughter who spends a considerable amount of time in front of a computer connected to the Internet, I thought it would be appropriate to put something similar in place for our kids," Hamidi says.
And, though he's making his mark in corporate America, there may come a day when a simpler life beckons. That's why he found time to earn a Ph.D. despite a demanding career.
"I figured that some day, when the hustle and bustle of the corporate world gets to me, I can always teach and do research, my first loves."
This was first published in October 2007