How do you describe your job to average people?
My number one job is to protect my company's brand and both our company's and our customer's information.
Why did you get into IT security?
My career in the U.S. Navy led me into this field and it was a natural choice to stay in it once I retired.
What was one of your biggest challenges?
Keeping fear-uncertanty-doubt (FUD) out of the equation when I first started. Learning to rely heavily on facts and using real metrics to justify requirements and spend was challenging, especially coming out of the military where it was easy to justify security requirements.
Of what are you most proud?
My team. I receive numerous accolades and compliments on my staff regularly – on how good they are to work with and how helpful they are. To us, security is what we do day in and day out so it is easy for us to forget that our customers don't live in our world and don't see what we do. My team understands this and doesn't look at them like they are the enemy or the one that needs to be constantly watched. Instead, the team takes the time to explain things to people in ways they can relate to, which, in turn, raises awareness and compliance.
What keeps you up at night?
How are our service providers and vendors maintaining their control structures and are they as diligent as we are? In today's world, we use service providers and vendors to assist us in various areas, and although we have a robust vendor management and due diligence process in place and conduct regular audits, these are still point-in-time views and may not reveal weaknesses that can negatively affect our customers, our company or both.
For what would you use a magic IT security wand?
To make suppliers and developers deliver secure products (e.g., software and devices).