How do you describe your job to average people?
I tell them I help my company keep the bad guys out of their networks. A bit over simplified, I admit.
Why did you get into IT security?
I got into IT out of curiosity and the desire to help people. I thought security would be a way to ratchet that up. But I never thought it would be so hard to help people.
What keeps you up at night?
Nothing really. I accept the fact that there's always someone out there smarter than me that could breach my infrastructure in some new way. It's just a matter of time. If someone wants in, they'll get in. I'm confident that we're ready for them. We've got the technology and expertise. We'll catch them. And they're the one doing something wrong, so they can stay up all night worrying. But me? I'm sleeping like a baby.
What was one of your biggest challenges?
Learning the business I was a part of. As security folks or engineers, we spend a lot of time devoted to our craft. Passion and curiosity drive us to research vulnerabilities and their impact. So we often lose sight of what really pays the bills. My biggest challenge hasn't been to understand complex technical issues, it has been to stop and take the time to socialize my message. Securing sales teams, mobile employees and creative types – without impeding their creativity or productivity – is a delicate dance.
How would you use a magic IT security wand?
Passwords. This technology is ancient, but most of the world feels safe with a static simple password, like “password123” or “letmein.” I'd like to see a secure wireless style proximity token that could serve as a second factor. An identifier that has to be within range for you to be authenticated to your bank or computer. This is 2014. Why are we using simple password authentication as an out-of-the-box option?!