How do you describe your job to average people? My role is ‘adjacent innovation’ to solve information security problems. We are taking information available from other quantitative practices and applying it to the Big Data problem.
What makes you most proud?
There’s a certain level of complexity when users access information. We want to use it to detect a breach early. It’s a win when a customer can say they detected a breach in one day.
Why did you get into IT security?
For the sport! Think about it: Every time a vendor or customer makes a move, the threat actors do as well.
What was one of your biggest challenges?
The amount of IT security data in any given organization continues to grow and people don’t appreciate the magnitude of this problem. For example, we ran an assessment for a customer with 40,000 employees. There were 2.6 million ways to access information. That creates a lot of access data points. Then we explained how to make sense of the data, giving an accurate picture of where their greatest risks lie.
What keeps you up at night?
Is it cliché to say ‘fear’? Think about the recent breaches we’ve read about: Target, Heartbleed, etc. The threat side is continuing to innovate. I think about the attackers’ tools, techniques, practices and how we can counter.
How would you use a magic IT security wand?
Identity and access management technologies were built around prevention and many believe investment should still be focused on prevention. But, just like banks put safes, locks and passcodes in place to prevent robberies, people have to accept that breaches are inevitable. It’s not just about prevention. We need to think about detection. I’d use the magic IT security wand to tap everyone on the head and give them this perspective.