The Beauty of Awareness

Feb 1, 2008 12:00 PM, By Sandra Kay Miller

In the realm of ever-changing technology, keeping skills up-to-date is critical, especially in large data-driven enterprises. Veteran trainers who have worked their way through the multitude of platforms, hardware and business trends can also be found on the frontlines of securing — both logically and physically — multi-national manufacturers, communications and entertainment giants and arms of the United States government.

That has been the career path for Ron Clement, who was first introduced to computers during his nine years in the Air Force. After leaving the service, he began attending college in New York for accounting, but then “fell in love” with computers.

“I started working with computers at the help desk level,” says Clement who is currently a risk management and compliance consultant at Estée Lauder Companies Inc. Clement hints at his age, admitting to teaching DOS on dual floppy machines with green screens at telephone service provider GTE.

On his most recent project, Clement was tasked with creating a security awareness program for Estée Lauder, the 70-year-old skin care, makeup and fragrance company based in New York City. Recently, Clement had the opportunity to meet with the head of Estée Lauder's physical security. “We talked about the touchpoints of our two groups and how we're going to work together. For instance, using Internet portals, hotlines and security awareness campaigns, we can feed a lot of the physical security information — there's a lot of stuff we can do together.”

Despite the trend to centralize security operations, thanks to Clement's vast experience, his goal is to develop a somewhat de-centralized program so individual countries will have some autonomy in order to accommodate multiple languages and cultures. “They are in 130 countries, so it's going to be pretty huge. It will run the gamut from posters to brochures to becoming part of employee orientations,” explains Clement, who believes that awareness is the first line of defense because people can prevent so much if they are informed and allowed to help.

It's the latest episode in a career that has progressed in lockstep with developments in IT technology.

When Clement moved on earlier in his career, GTE had become Verizon, and he was a senior systems analyst going from teaching one to all 18 of the classes they offered through corporate training for software packages such as Lotus, dBase and WordPerfect. Clement also gathered invaluable hands-on training when he assisted in the build-out of a new corporate headquarters in Dallas. “We laid wire, set up the LAN, printers, computers — the works — so 3,000 people from all over the country could move to Dallas and work.” Clement stayed in Dallas for a few years, delving deeply into network architecture and administration.

But then an opportunity lured him in a new direction: Microsoft. At the height of the dot-com boom, Clement went to work for the rapidly growing Redmond, Wash., giant as a technical account manager, handling enterprise installations. However, taking the new position also meant a cut in pay for him at the time. “I really enjoyed learning all the Windows stuff and networking, but at that time, they were big on stock options, and didn't pay very well,” he says, following with an explanation of how his two years at Microsoft paid off later. “My plan was take a step back to take two steps forward.”

With Microsoft certifications in high demand, so were Clement's skills. He signed on as a technical consultant with point-of-sale provider NCR, traveling throughout the world deploying and securing networks for clients such as hotel chains.

With a market downturn, many of the projects on which Clement was working were either reduced or eliminated, so he turned back to teaching. “I've always done some sort of teaching either at a night school or technical college,” he says, ticking off a list of commonly taught networking, security and UNIX classes. His skills caught the eye of Chicago-based Accenture, a large consulting firm, but when the market dipped again, Clement found himself unemployed. “Now I was on the streets with a boatload of skills and a list of certifications behind my name.”

Being resourceful, he returned to teaching full-time at Central Piedmont Community College near his home in Charlotte, N.C., where he taught Microsoft and Cisco certification courses until becoming the program chair of the department, a job that included putting together the curriculum and schedules and hiring other instructors.

Wanting to get back into hands-on technical work, Clement began studying computer security. Not long after that, 9/11 occurred and the demand for security was on the rise, so he hit the road again, teaching week-long CISSP boot camps across the country.

But after a few years, Clement sought continuity in his work schedule and began contracting with large enterprises such as Bank of America, Wachovia, Time Warner Cable, Walt Disney World and the Department of Defense for security projects.

Moving through various organizations, Clement soon recognized the growing convergence between physical and computer security. “Physical and logical security are joined at the hip in a lot of places. Hackers are walking into buildings, picking up laptops and walking out or walking into a building and plugging their laptop into a jack in an empty conference room and gaining access to the corporate network,” he says. “You know, once somebody is in your building, they can do pretty much anything.” Furthering his observations, he points out that in the CISSP course there is an entire section devoted to physical security, including locks, doors, fences, security guards, wire installation as well as business continuity and disaster recovery.

Next on Clement's career agenda is to obtain his auditor certification. “I really enjoy the security arena — especially standards, data classification, risk management and policies,” he says, justifying his decision based upon the growing demands of regulatory compliance. “Compliance is another piece that fits into security. It was never figured into the bottom line because it didn't generate any income. Security was ignored. So now we have things like SOX, Visa, PCI and all the other compliance regulations. Companies are forced to implement security, and a lot of them are scrambling because they never did it before. Now they have big budgets, otherwise they're going to have big fines if they don't comply.”

As he becomes more experienced in compliance issues, Clement has found that most of the regulations boil down to basic security practices.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue