Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

PING: Shelly Barnes

Read an interview with Shelly Barnes, vice president of technology and process at Arizona Tile.

This article can also be found in the Premium Editorial Download: Information Security magazine: Security Products Readers' Choice Awards 2007

As vice president of technology and process at Arizona Tile, Shelly Barnes does not have a CSO to rely on. Barnes...

has to make the most of the SMB's resources to handle security.


How do you align your IT team with security? We structure it based on different areas of focus. We have nine areas that consist of the typical security layers: personnel layer, the physical portion, the network layer, storage, storage devices, platform, applications, file and data and then an overall umbrella of governance. There is someone who leads each team.

What does your network team cover in terms of security? One example: They are involved in physical security of the data center. We have security cameras at different facilities, and the data that passes through those are on the network. They are owners of the network layer from firewalls to DMZ, various devices and routers, encryption, the proxy servers, authentication.

Do you have an example of a recent security project that you rolled out and how the teams were involved? We're currently revamping our proxy server--going from Microsoft ISA 2004 to another vendor. We're making the move because Microsoft wasn't robust enough for our needs. Before we go live with the new proxy server, we're going to demo it in a test environment for a week to make sure we have the performance and throughput we need and that we're not throwing any unknowns to it. Then we'll work with our vendor to make sure it can co-exist with our firewall and other devices.

Why did you decide to break up your IT team this way instead of assigning one person to security? We're a small group. When I started, we had three people and a handful of outside contractors. We've grown the company and our IT staff--it makes sense from a cost standpoint. We can break up the responsibilities and manage it more effectively this way.

How have you proven that this structure saves money? I don't have one person dedicated to just security. We all have a role to play in it. I really feel it's difficult for any one person to maintain a very deep, strong level of the intricacies and complexities of the different security layers. It's just too much for one person.

As the company grows, do you think you'll find a need for a CSO? I think we are handling this effectively at this point. I don't see the need in this organization.

Read the full interview with Shelly Barnes at searchsecurity.com/ismag.

This was last published in April 2007

Dig Deeper on Security industry market trends, predictions and forecasts

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.