How do you describe your job to average people?
I am the information security “communications department,” data security “marketing manager,” and cybersecurity “budget coordinator” – all in one. My job is to ensure that the right message regarding a threat, exploit, vulnerability or compliance requirement is communicated and marketed to the right people and that the appropriate budget to mitigate or remediate the issue is provided to the right resources.
Why did you get into IT security?
I’ve always been fascinated by the actions of people and the motivations behind those actions. I’m always interested in the “why” behind something as much as the “who” or “what.”
What was one of your biggest challenges?
Getting my head around a new exploit and determining how that affects my organization. I work with the various teams to map out how the exploit is mitigated. Next, it must be run through QA and, finally, deployed to thousands of devices within 30 days. Technology can help organizations to a point, but it must be vetted and approved, which can cause heartburn.
What keeps you up at night?
The future of information security. It is quite apparent that with Operation Aurora, Stuxnet and other recent blended threats, there is a shift in the level of sophistication and expertise we are seeing in malicious code and the focus of its application. We are seeing robust zero-day attacks blended with self-destruct sequences, so that any tracks will be covered.
Of what are you most proud?
The strong network of friends that I have developed during my career in the technology industry.
For what would you use a magic IT security wand?
For all past, present and future code to no longer be vulnerable to any exploits. Wait, that might leave me unemployed.