How do you describe your job to average people?
My primary job is to help our physicians and clinicians provide health care services in the event of a crisis. I do this by creating systems and processes that work when the power goes out, information systems go down, or our facilities become unusable. As part of the information security office, I also have the opportunity to develop security policies and procedures, document and help coordinate security incidents and other issues, and support security assessments.
Why did you get into IT security?
Formerly, I was a network analyst tasked with protecting the company's perimeter. Later, when managing global data centers, I worked to protect information from internal and external threats. My business continuity duties require me to identify and mitigate risk to the business from a loss of information integrity and availability. Working in the security office is actually an ideal spot for the business continuity professional, as many of the responsibilities for data protection cross over into both areas.
What was one of your biggest challenges?
Convincing corporate executives that business continuity is more than backing-up data. Business continuity protects the organization by ensuring critical functions continue, even in adverse conditions. Disaster recovery is really just a part of the overall business continuity program.
What keeps you up at night?
As the only business continuity professional in our organization, I continue to experience significant challenges implementing tools and processes when there are so many other competing priorities.
For what would you use a magic IT security wand?
I'd use it to develop a single, integrated security tool that would solve all our current and future security issues … including business continuity, of course!