What annoys you?

That there is never enough time in a typical day to do everything I need to do, plus everything that I want to do to keep up professionally.


If you had a magic wand, what would you change?

That I could always find the perfect balance between proper security and usability that makes everyone happy!


What security threats are overblown?

Nothing specific I guess, just that we keep hearing, "You are at risk because you use XYZ OS/device/software or that you don't use ABC software/tool/device." My job is to pay attention to everything and make sure the threat is minimized.


What do you think needs more attention?

The "insider" threat. The trusted insider, whether malicious or by not following the rules, presents the most risk.




Bridging the gap

The demand for those who can bridge the gap between threat management, compliance requirements and business operations is skyrocketing.

Regulations a factor

Increasingly, security professionals are tasked with adding value to the business while satisfying regulators and addressing emerging technology threats.

A risk-based approach

Titles are varied, but the key is a risk-based approach and being able to strike the right balance. One insurance firm in California is searching for a director to manage a team of these hybrids and offers compensation of $175K. A financial services firm in New York seeks an information security risk officer, compensation of $300K.

Source: Jeff Combs, Alta Associates