- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
But instead of following myriad federal and industry compliance regulations designed to make a company secure, Spinelli has found success by turning the idea on its head.
"Be secure, and you'll be compliant," he says.
That's not to say Spinelli and his team ignore regulations; as a public company, a financial institution and a multinational, the credit bureau lives and breathes more regulations than most companies have ever even heard of. But dealing with these complex, often vague rules in a reactive rather than strategic way is a mistake, he says.
"Most companies and [their] security leaders are getting lost because of [having to be] compliant -- regulations saying you have to do X or Y," he says. "A lot of people are letting compliance drive security, and that's as wrong as you can get."
Spinelli's approach of evaluating risk and then setting security standards across the company has offered Equifax the benefit of establishing and maintaining compliance at the same time, instead of as an afterthought.
"You have to become secure to be compliant; otherwise, you respond and react and reinvest without leverage," he says.
Read more about security in Network World's Security section.