Me and my job: Ron Woerner, Bellevue University

Share this article:
Ron Woerner
Ron Woerner
How do you describe your job to average people?
Not only do I help protect my organization (a university), but I also teach students about the security profession. There are so many aspects to information security that it's a challenge to determine what's critical for them to know in order to succeed. It's quite similar to security awareness training where there's only a finite amount of time and attention and you need to make the most of it.

Why did you get into IT security?
Like many, I fell into security. As a military intelligence officer, I learned about data classification and safeguarding sensitive information. As a UNIX systems administrator, I learned how to apply controls to protect the systems and its data. As a junior security analyst, I learned the importance of policies and awareness. The variety of activities required of a security professional is what keeps me interested. That and the many great people I've gotten to know in the security field.

What was one of your biggest challenges?
Security is often a constant battle, not only against the “bad guys” but also with management who may not “get” security as well as end-users who bypass controls for their own convenience.

What keeps you up at night?
After 20 years, [computer science professor Eugene] Spafford's Law of Security is alive and well: “If you have responsibility for security, but no authority to make changes, then you're just there to take the blame when something goes wrong.”

For what would you use a magic IT security wand?
It would be used to influence those that take undue risks without understanding the consequences. All security pros need the ability to lead those around them to develop and implement controls to assure protection. The technology is easy compared to having this ability. The support of other security pros is what keeps me jazzed.
Share this article:

Sign up to our newsletters

More in Features

Following the framework: Government standards

Following the framework: Government standards

New government standards promise to address risk and improve online security for critical infrastructure, reports Karen Epper Hoffman.

HIPAA shake: Health care

HIPAA shake: Health care

Adherence to HIPAA, the national law that aims to protect patient information, is about to get trickier, reports Alan Earls.

Affecting the C-suite: The CSO's reputation in today's corporate environment

Affecting the C-suite: The CSO's reputation in today's ...

Those who occupy the C-suite all bow to one corporate god: Reputation, says Blackstone CISO Jay Leek. James Hale reports.