How do you describe your job to average people?
My job is to build communities of experts who can define what best practice looks like for securely configuring IT components, such as operating systems, web browsers and mobile devices. At CIS, we call each set of best practices a “benchmark.” From there, our team coordinates with customers and partners to automate the assessment and implementation of those benchmarks in organizations.
Why did you get into IT security?
I wasn't given a choice. I've had a heavy stoke for security-related work since high school, when a friend and I developed an interest in phone security. We found other like-minded people on a bulletin board system. Over the years, the communities and projects have changed, but not the stoke.
What was one of your biggest challenges?
CIS benchmarks cover a wide range of technologies and I enjoy studying the security mechanics of most of them. One of my biggest challenges is maintaining a balance between digging in enough to effectively perform my job and spending too much time geeking out.
What keeps you up at night?
I lose sleep when a project isn't progressing as fast as I'd like, or when I'm amped about a concept that CIS or another organization is developing.
Of what are you most proud?
I take pride in my work, but I'm most proud of my family and friends. IT accomplishments are awesome, but bear hugs and high fives are my kind of jam.
For what would you use a magic IT security wand?
I would conjure up an infinite pool of highly skilled security experts who took to heart the wise words of Spider-Man's Uncle Ben: “With great power, comes great responsibility.”