This is a transcript of a keynote address presented at the RSA Conference on Thursday by
Dave Hansen, corporate senior vice president and general manager for CA's Security Management Business Unit. The address is titled: "Strategic Security: The Evolving Role of the Security Professional."

Good afternoon.

Today, I am going to talk about security, but more specifically, I am going to explore the evolving role of the security professional.

In some organizations the senior security person is called the Chief Security Officer. Other companies use different titles – Vice President, Enterprise Security; CISO (chief information security officer); VP Security & Compliance, and so on. To keep things simple today, I am going to talk about the CSO, but please understand that my focus is on the senior-most security professional, no matter what title that role carries in your organization.

As everyone here knows, the job is changing. Not in quiet, imperceptible ways, but in ways that are loud, visible and meaningful.

When the role of Chief Security Officer emerged as a defined position, the common perception was that the role was akin to a corporate cop – on patrol within the organization to slap wrists when somebody broke the rules. Nobody really thought the cop was necessary, so, generally the position didn't get a great deal of respect.

But that's changed. In today's well-run enterprises, the CSO is more visible, has more authority – and more responsibility. No longer merely an enforcer of security protocol, the CSO works with the CIO, CFO and other C-Suite executives as a business enabler, a strategist, and a security evangelist who helps the organization recognize the need to embed secure practices in every facet of the business.

So what has brought about this change? And, how will the role of the CSO continue to evolve?

Let's start at the beginning – with why this job became necessary in the first place.

Connectivity was the catalyst.

The rise of the Internet and the proliferation of mobile devices enabled even small companies to extend their reach beyond traditional physical boundaries to create virtual businesses and execute transactions globally and instantaneously.

Suddenly, because information was now flowing outside closed, highly secured environments, confidential business-critical data was at risk like never before.