How do you describe your job to average people?
I counsel clients in the information security and data privacy areas and handle software licensing and other technology-related transactions.
Why did you get into IT security?
My initial work in the software licensing field attracted me to the information security area. Since then, to a greater extent non-technology businesses have had the need to address regulatory compliance and develop information security policies for protecting the security of their information systems, and data privacy and software.
What was one of your biggest challenges?
One of the biggest challenges is in making companies more aware of the importance of devoting sufficient resources to developing effective policies and procedures to deal with information security. In the case of cloud computing, issues of confidentiality, privacy, ownership of data, loss of data, data integrity, access to data and data preservation need to be addressed with particular care. Consideration also needs to be given to mitigating the associated risks through corporate governance, due diligence in the selection of cloud providers, negotiating contracts with these providers and ensuring that the appropriate insurance coverage is in place.
What keeps you up at night?
Businesses are facing escalating risks not only in terms of direct costs of data breaches, but also in dealing with their exposure to regulatory investigations and enforcement actions, defending class action and shareholder litigation and other liabilities.
Of what are you most proud?
I am proud of work I have done with the Internet Security Alliance in helping to advance companies’ awareness of cyber risks and effective, enterprise-wide approaches to managing these risks.
For what would you use a magic IT security wand?
In my view, an effective collaboration between government and the private sector in arriving at partnership that supports and encourages private initiatives in the data security field is the key.