Bruce Bonsall, security lead at MassMutual Financial Group since 1991, says one of the best changes in the financial industry over the years has been increased collaboration to fight IT threats. That's not to say, though, that he doesn’t want his company's level of security to be a differentiator. "There is an old saying that explains if you are hiking in the woods with a friend and a bear attacks, you don’t have to be able to outrun the bear, you just have to be able to outrun the friend," says the CISO for the Springfield, Mass., company. "If we have better security than the company down the street, then it's more likely they are going to get attacked." Bonsall, who has 50 people in his charge and oversees management of some 3.4 million identities, recently shared more of his thoughts on network security with Network World Senior Editor Denise Dubie.

What projects top your priority list for 2007?

Our priorities fall along a couple of lines. One is automating a lot of the manual work that we do, particularly in the identity management area in terms of adding IDs to all the systems and setting up all the access that people need. The reason we need to automate is that although we are very good at [ID management], we have grown to the point where we just can't scale. We could keep throwing bodies at it, but I think through automation we will be a lot more nimble. The company is in growth mode, and we'd like to be in a position where we can acquire other companies and bring them on board quickly. If we have to do that manually, it can really hinder our growth.