Content

Me and my job

How do you describe your job to average person?Provide strategic advice and innovative solutions that help organizations and people obtain the right information at the right time so that they can better optimize their business while reducing the inherent operational risk associated with the internet. If my clients are not successful – I am not successful.

Why did you get into IT security?
When I was in college, I began to take computer courses and started to realize the power of information. Later, while in the military as a cryptology officer, I quickly came to the conclusion that having access to the appropriate data was a strategic asset. This led me to start thinking about the protection of data. A cyber criminal could manipulate data, causing an organization to doubt the validity of the data; disrupt a transmission, resulting in non-availability; or exploit the data, causing doubt in the confidentiality of the data.What keeps you up at night?
The realization of the breath of the capability of individuals, organizations and nation-states to maliciously exploit the internet and the impact that can occur coupled with our lack of proactive and preemptive actions to combat that threat given the complexity of the issues fuels my sleepless nights.Of what are you most proud?
Helping others achieve their goals and providing clients with that “ah-ha” moment when they come to the conclusion that the risks associated with using the internet are real and can be effectively and efficiently managed – when risk management disciplines are applied to the often highly technical discussions outlining information and cyber-related findings.For what would you use a magic IT security wand?
To reinforce the concept that information security is not a technology issue – technology is the enabler. I would use the wand to create teams in organizations whose primary purpose was to operationalize the existing technologies found within organizations and delay purchase of additional IT security-related technology. By optimizing the technology and using the available technology, the organization could reduce their cyber risk, resulting in specific value-added and actionable cybersecurity techniques.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.