How do you describe your job to average people?
I tell people I develop policies, guidance and procedures to protect Department of Education systems and information.
Why did you get into IT security?
It was a combination of my dad working for IBM as a programmer, my interest in computers, and having worked in physical security. So IT security was the way. I was fortunate to be in the right place at the right time to be promoted from a lead computer operator to information security administrator.
What was one of your biggest challenges?
Ensuring the regular end-user community, and even power users, are not only being provided the training and awareness they need to do their jobs, but to help them understand that security is here to help them get their job done. When people understand security helps them, it will be easier to implement.
What keeps you up at night?
Planning and thinking about what I need to do to stay ahead of the bad guys and the malicious insiders. After reading about all the security breaches that have been occurring over the past few years, it makes one wonder if we are fighting a losing battle. Fortunately, with training for users and a continuous monitoring program in place to maintain vigilance, there is more that can be done. We haven't lost the battle, yet.
Of what are you most proud?
The policies and guidance I have developed will help maintain a high security
posture, and secure education data.
For what would you use a magic IT security wand?
I would use it to increase the IT security training budget and staff so that we can continue to get the word out about the benefits of security and the need for everyone to play their part in keeping education systems, networks and information protected.