How do you describe your job to average people?
I always start with: “I am responsible for the protection of data and electronic privacy of customers.” And then I expand a little on what I mean by “electronic privacy.”
Why did you get into IT security?
I was a mathematics major at the University of Michigan when I took an elective computer class and caught a visiting professor drawing the wrong graph for an equation. I struggled whether I should raise my hand and point out the mistake or just be quiet. But at the end, I just couldn't hold back. He asked to see me after class. I thought he was going to let me have it, but he wanted to hire me to help him enter a bunch of data for a project he was working on. I had never previously worked with mainframes but noticed that other departments and students had access to his data. He asked me to fix this issue, and the rest is history.
What is one of your biggest challenges?
Two words: “culture change.” I find that changing the way people do things has always been challenging. I want information security to be a “way of life” for everyone – not something they do to adhere to policies. So, everything that I do is to promote that culture.
What keeps you up at night?
How I can utilize the tools and people I have in my department to improve what we do. Like other security professionals, I have to rely on the “operation” staff to get my projects implemented. So, anything I can do to maximize what I have already deployed can save me time and effort.
Of what are you most proud?
Convincing people that they shouldn't look at security as a hindrance, but something we should all work together to achieve. After more than 20 years in the field, I believe I have been successful in promoting that “culture change” and that is what I am proud of the most.
For what would you use a magic IT security wand?
If I had a magic wand I would wave it around to find where all my security “holes” are. We conduct an annual risk assessment, but if anyone tells you that this is going to paint you the complete picture, they don't know security.