How do you describe your job to average people?
For some people, the simple “I work with computers,” really suffices. For others, I explain that I help protect my company's information from would-be adversaries.
What was one of your biggest challenges?
Inspiring others to care about security. From what I have observed, the average employee seems to actively fight security. This, of course, makes my job all the more challenging. Everything is easier with cooperation.
Why did you get into IT security?
I really have to credit my father for this one. After graduating from college, I found myself in law school and hating every minute of it. I knew I needed to change my course, and thought, “Hey, maybe my dad was right and I should finally pursue the path he has encouraged literally my entire life.”
Of what are you most proud?
Co-building a security awareness program from scratch. It was really great to see which parts of our program were successful and inspired changes to the security mindset of our company. It is satisfying to see that the attitude “security is the bad guy” is changing. I'm also proud of my capstone project for my master's of science in security technologies at the University of Minnesota. Over the last five months, I have been interviewing local Fortune 500 companies about their security awareness programs, and identifying trends and compiling best practices.
What keeps you up at night?
Having been trained to think like an adversary, I know how easy it would be for even a non-sophisticated attacker to be successful.
For what would you use a magic IT security wand?
I would use my wand to instill to my fellow employees a basic respect of security. So much more could be accomplished if respect for security was present.