Home > Information Security Magazine > Columns > PING: Shelly Barnes
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

PING: Shelly Barnes
by Stefanie McCann
Issue: Apr 2007
printer-friendly

As vice president of technology and process at Arizona Tile, Shelly Barnes does not have a CSO to rely on. Barnes has to make the most of the SMB's resources to handle security.


SHELLY BARNES


How do you align your IT team with security? We structure it based on different areas of focus. We have nine areas that consist of the typical security layers: personnel layer, the physical portion, the network layer, storage, storage devices, platform, applications, file and data and then an overall umbrella of governance. There is someone who leads each team.

What does your network team cover in terms of security? One example: They are involved in physical security of the data center. We have security cameras at different facilities, and the data that passes through those are on the network. They are owners of the network layer from firewalls to DMZ, various devices and routers, encryption, the proxy servers, authentication.

Do you have an example of a recent security project that you rolled out and how the teams were involved? We're currently revamping our proxy server--going from Microsoft ISA 2004 to another vendor. We're making the move because Microsoft wasn't robust enough for our needs. Before we go live with the new proxy se...



rver, we're going to demo it in a test environment for a week to make sure we have the performance and throughput we need and that we're not throwing any unknowns to it. Then we'll work with our vendor to make sure it can co-exist with our firewall and other devices.

Why did you decide to break up your IT team this way instead of assigning one person to security? We're a small group. When I started, we had three people and a handful of outside contractors. We've grown the company and our IT staff--it makes sense from a cost standpoint. We can break up the responsibilities and manage it more effectively this way.

How have you proven that this structure saves money? I don't have one person dedicated to just security. We all have a role to play in it. I really feel it's difficult for any one person to maintain a very deep, strong level of the intricacies and complexities of the different security layers. It's just too much for one person.

As the company grows, do you think you'll find a need for a CSO? I think we are handling this effectively at this point. I don't see the need in this organization.


Read the full interview with Shelly Barnes at searchsecurity.com/ismag.





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts