Why did you get into IT security?
I've always been interested in taking things apart, and taking that to the next level of breaking things in new ways, especially from the “bad” guy's perspective. This, combined with my passion for applications and systems led me to the security arena.
How do you describe your job to average people?
My job is to protect Addepar and improve the company's overall security. This involves building a culture of security in all teams as well as proactively taking steps to mitigating the overall risk the company faces.
What was one of your biggest challenges?
Balancing compliance, user experience and internal processes. A number of standards have requirements that create unnecessary red tape, or result in a jarring user experience. For example, certain standards require that a user needs to change their password every 45 days, which only ends up in a user forgetting their password frequently or, worse, writing them down on notes at their desk. We try to provide this same level of security (i.e. prevent password compromise) by implementing a control such as two-factor authentication.
What keeps you up at night?
The seemingly non-stop security breaches that have been happening to major companies. Everyday there is a new headline that millions of accounts have been compromised. This is the one thing that keeps me up at night because those cases are mostly out of my control.
Of what are you most proud?
I work with more engineers than the average IT person so there's definitely a heavy culture of pushing the envelope and experimentation. Being able to complement that with a broader focus on and commitment to cutting-edge security features is no easy feat, but we've largely done that.
