How do you describe your job to average people?
I tell the average person that I'm in technology or engineering. When most people ask, I tell them I help Fortune X companies develop their network security roadmap.
Why did you get into IT security?
I was introduced to hacking in the mid-90s on local bulletin boards. I would read text files about “phreaking” and hacking, and used that as a foundation for learning networking and systems. I got my first job a few years later based on the knowledge I had gained running Linux and a home IP network.
What was one of your biggest challenges?
I made the transition from technical/engineering to technical leader to people leader. Growing as a person is important to me and my life goals.
What keeps you up at night?
Security doesn't keep me up at night. Making the people who work with me successful, challenged, happy, healthy and visible is what is most important to me.
Of what are you most proud?
For a large part of my career, I was directly responsible for securing the largest converged IP network in the world. I worked directly with the team that built this network from the ground up. I also love grooming and mentoring individuals, and helping them have successful careers in IT security.
For what would you use a magic IT security wand?
I would use my magic IT security wand to better communicate returns on security program investments. I'd lose terms like risk avoidance and insurance, and use my wand to create real tangible dollar and cents business proposals for security programs. There are methodologies out there that facilitate this, but they aren't being used enough and may not be mature enough. Security investments are still driven by “checking the compliance box” and media-induced fear.