- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
CSO - If someone had told Scott Pettigrew 20 years ago when he was first starting out that he would go on to build complete security organizations for three different large companies, he might have just taken a nap. Instead at this point in his career, Pettigrew finds himself the architect of security programs for no less than Tandy Corp., American Airlines and his current employer, HMS-an achievement of which he rightly proud.
Pettigrew's security career began in 1994, when he was asked to run security at Tandy Corp., a family-owned leather goods company. "Security wasn't such a developed area back then," says Pettigrew, now vice president and CSO for HMS, a cost-containment firm that serves the healthcare industry. "There wasn't the focus on security then that there is now. It was much harder to get things done, get budget." A lot of the focus then was on basic user administration. Let's just say the world has grown much more complex.
After a stint providing security advice for management consultancy Ernst and Young, Pettigrew was lured to head security for American Airlines in 2000, where there was a lot of tumult even before 9/11. "That was right when they were splitting from SABRE and just starting to hire IT staff," he says.
As for security, the airline was lacking. Pettigrew had carte blanche developing the program. "They had so many problems on the IT security side the auditors said it was going to have to be a footnote on our next financial statement. So there was a lot of work to do at that point," he recalls.
And then hijackers struck two American Airlines flights, along with a United flight, throwing the airline, the industry and the economy into turmoil. "We were implementing a security architecture [when] 9/11 hit and everything went crazy for the next year," says Pettigrew. "I worked more in that year and a half than I ever had before." He worked with the FBI during that time, and he's still sitting on stockpiles of information that he can't talk about thanks to a nondisclosure agreement.
After that, there was a much greater emphasis on security, both at American and throughout the industry. "Internal controls became crucial, and understanding patterns and data mining pretty much started then," he says. Pettigrew remained for a year and a half after 9/11, but then he needed a break. "I just had to get away from that for a while."
He opened his own security consulting firm, but "it wasn't as easy as I thought it would be." In 2004, he was asked to create the security function from the ground up for Baylor Health Care System, which gave him an understanding of healthcare. Four years later, with Baylor's security program in good shape, Pettigrew was asked yet again to build a security organization, this time for HMS.
His reaction? "Oh my God, here I go again," he says with a small chuckle. "But I realized those opportunities don't really come along all the time." At HMS, "I had one person for more than a year; now we will have 21 people at the end of this year" protecting 2,500 employees, he says, adding that finding good people with the right mix of technical and business skills is the most difficult part of his job.