Jeff Sherwood
Jeff Sherwood
How do you describe your job to average people?
For the average employee, I say, “My job is to help you do your job, securely.” For the business leader, “To enable your success by removing costly information security surprises”. For my mom, “I make certain your neighbor doesn't access your wireless do-hicky.”

Why did you get into IT security?
Information security represents the ultimate challenge for enabling the success of others. I've always viewed information security as a barometer that indicates how well, or how poorly, the needs of the business are aligned with the capabilities of technology. The challenges in this space are endless, and I love a great challenge.

What was one of your biggest challenges?
My biggest challenge is continually discovering how best to make information security a business-forward discipline, and not a costly and fruitless exercise of chasing compliance. The best leaders in business know how to minimize their risks to maximize their investments. Information security is the practice of driving risk out of IT and all operations that use technology. The challenge is to empower leaders to drive risk from all levels of the business, including information security risks.

What keeps you up at night?
Nothing. At the end of the day “acceptable risk” is subjective – all technologies fail and all people make mistakes. You do your best to advise business leaders, prepare the technology to be resilient and minimize the mistakes of individuals while learning from your own. So, get a good night's sleep, for tomorrow, you may need it!

Of what are you most proud?
I'm most proud when I see business partners, leaders and colleagues advance their initiatives successfully and securely with limited guidance from me. Making others self-sufficient and self-reliant in this space means you've got allies and proponents that truly “get it.” This means you've got a good governance program in place and the pressure of securing the informational assets of the organization is mutually shared.

For what would you use a magic IT security wand?
No doubt, I'd use the magic IT security wand to replace the notion that there's an information security silver bullet with the knowledge to empower leaders and technologists to use information security as a strategic differentiator within their market. Information security is an enabler to a brand's success, much like other areas of the business that may not necessarily tie directly to the balance sheet.