How do you describe your job to average people?
I'm a cybersecurity consultant working primarily with the federal government and military to identify improvements in enterprise architecture that can better identify who people are, and what they should have access to.
Why did you get into IT security?
I began my career as a software developer on military projects where the deployment target was secure datacenters that handled classified information. Identity management and access control was a primary consideration, and determining that access was an interesting problem that I found exciting, engaging, and ever-evolving.
What was one of your biggest challenges?
One of my biggest challenges was addressing one organization's need for a security management framework that would work on a global scale. At the time, current guidance was focused on security implementations at national level. I was able to construct an enterprise architecture that built on the national model, customize it for a more global approach, define a three year transition roadmap, and ultimately win approval by the CIO for future implementation.
What keeps you up at night?
The frequency and magnitude of the data breaches in the last year alone have been eye-opening. There are likely more attacks ongoing that we're not yet aware of. We're still in the early days of information sharing, often times with legacy systems that were never meant to be interconnected to begin with. IT security will be exponentially more important moving forward.
What makes you most proud?
I pride myself on looking for not only the “best” solution, but one that is practical to implement. Security is about finding the right balance between the two. Every customer and project is different, and I enjoy the challenge of a new problem.
How would you use a magic IT security wand?
I would enable organizations the time and resources to implement IT security from a holistic and foundational perspective. IT security isn't just the job of a single department, it needs to be implemented at all levels of the organization.