How do you describe your job to average people?
My job is to understand the level of risk that technologies create for customers, and then implement controls that manage that risk so it is invisible to the customer.
Why did you get into IT security?
IT security affords me the opportunity to understand business challenges and requirements while working on technical solutions to implement those requirements in a secure fashion.
What was one of your biggest challenges?
Managing people's time is one of my greatest challenges. The difficult task is managing against constantly evolving threats, so those who perform the product delivery do not feel they are wasting their time on security activities that have no meaningful value.
What keeps you up at night?
I often worry that there is some developer, administrator or manager to whom I failed to effectively communicate the value of security as it relates to their priorities. “Scope creep” and “slows down projects” are some common terms I've heard when IT security is mentioned, demonstrating that there are individuals I failed to reach.
Of what are you most proud?
I take pride in the payment industry's ability to provide solutions to problems, especially in the realm of security. If one needs to accept health information in a confidential manner, there's a way to do that. IT security is about solving problems to provide value to the customer.
For what would you use a magic IT security wand?
I would remove the fear, uncertainty and doubt present in the security industry and create a purely data-driven approach to IT security. There are a number of factors that prevent this from ever becoming a reality, but that's what my magic wand is for, right?