How do you describe your job to average people?
I am an interpreter for security talk – I help enterprises avoid security mistakes and translate security information into actionable advice for the technical teams. In addition, I help businesses maintain their focus on their valuable data and allocate resources to protect what's most important.
Why did you get into IT security?
Out of embarrassment. Many years and a few jobs ago, a customer conducted a full security review of our code. After seeing the inch-thick report, I decided then and there to only work with systems where security is an essential requirement.
What makes you most proud?
There are lots of team accomplishments to be proud of but one incident to this date brings a satisfying smile to my face. A few years ago, we had a government audit used to cut vendors. I told the sales executive not to worry, they will most likely report no more than a dozen issues, none of them Critical or Urgent. Of course, I did not see his fainting on the other end of the line when I mentioned “a dozen issues.” Long story short, the auditor did say on the call that our report had the least amount of issues for any application they have ever audited.
What was one of your biggest challenges?
Communication. The toughest challenge was to be understood as business enablers among executives. Vendors drive the conversation to sell point solutions. We need to get boardrooms thinking of the bigger picture: Data as the new perimeter. It is paramount to address issues like data sovereignty and control over distributed data.
What keeps you up at night?
I'm most worried about leveraged insider attacks. Any second someone can open an email attachment with malicious payload and its game over. So I often think about ways to kill data to make it unusable, if stolen.