How do you describe your job to average people?
I am part of a team that protects the availability and integrity of information necessary for United Nations workers around the world to ensure food security and quality for everyone.
Why did you get into IT security?
The U.N. is one of many organizations where people who are looking to give back can serve with pride. Prior to the U.N., I worked as a consultant with the U.S. Department of Defense and many other federal agencies. If you want to have meaning in a career, then the U.N. provides a great opportunity.
What is one of your biggest challenges?
U.N. staff and our partners need to consciously balance the conflicting pressures for transparency with those to properly protect sensitive information. We must also be concerned with the subset of research which constitute valuable and commercially exploitable intellectual property. Once we establish what needs to be protected, we introduce appropriate controls, which cannot be narrowly constrained to technical measures associated with our IT systems, but need to be all encompassing, to consider staff, physical and procedural security as well.
What keeps you up at night?
The average computer user has the potential to become an open door for cyber criminals. Many in management believe that applications are inherently secure and resist any security review. Everyone insists on mobile devices, and we provide them without particular safeguards. These devices run apps that anyone can download freely.
Of what are you most proud?
Security has the potential to become an innovation agent. Introducing digital contract signing and developing a single application across all U.N. agencies with federated access demonstrated a CISO's ability to be a change agent.
If you would like to contribute a "Me and My Job" column, click here for guidelines.