How do you describe your job to average people?
My title is Information Security Architect. I am a member of information risk management team at Brandeis University and I report directly to the CISO. My job is to design, implement and manage technology and processes that help make Brandeis more secure. Working on a network with such diverse services and technologies makes every day an adventure.
History shows that security is an afterthought for virtually all emerging technologies. You could create a list of the most recent services in computing and they would all have their own unique security deficiencies. Our biggest current challenges are locking down the smart grid and SCADA security.
What security threats are overblown?
It's easy to say some threats are overblown but in reality they received the title threat because they inflicted harm on someone. Even the small threats are serious. Two minor threats can be are combined to formulate a very serious threat.What annoys you?
I get annoyed how easily people are willing to hand over personal information to be part of an online network. The usual social networks are just the tip of the iceberg. Just last week I found out about a new social networking service called blippy.com where people are willing to share billing information on the web and receive nothing in return.
Of what are you most proud?
My very first security job was for a small anti-spyware company. The first time I created detections for new malware I received praise from so many customers. This made me proud of my career path and I was instantly hooked on that type of security satisfaction.
For what would you use a magic IT security wand?I would magically align all anti-malware naming nomenclature across security products. Uniform naming would simplify identifying bad actors.