How do you describe your job to average people?
My job is to figure out how to address policy so we have seamless and comprehensive mobile capabilities across the Army.
Why did you get into IT security?
The human body can only pursue an infantry career for a finite number of years. Cyber security is an area where the work is challenging, and I can make a significant contribution.
What was one of your biggest challenges?
My biggest challenge is to find the sweet spot between the speed of innovation and security with Department of Defense and Army policies. We need to implement a solution that provides the proper base to build on. We can’t wait for perfection, but neither should we rush into dead ends. We have a compelling need to field mobile devices, but we also have a very real threat environment. Our certification and acquisition processes are at their limits with static networks. They cannot support the short lifecycles found in the mobile device environment.
What keeps you up at night?
That in our rush to get mobile devices onto the network, we gloss over the security lessons we should have learned from our static devices. Trying to bolt security on after the fact is expensive and rarely successful.
Of what are you most proud?
Convincing people that mobile devices require a joint services approach, and participation of the entire stakeholder community.
For what would you use a magic IT security wand?
Other than solving all the technical problems that go into a securable yet available mobile device capability? I would use it to gain a fundamental understanding of how various agencies and their processes interact. Once I grokked these relationships, I would be able to cut the appropriate corners while addressing core requirements.