How do you describe your job to average people?
I manage a team that implements security measures to safeguard sensitive information at the enterprise and maintains the availability of critical systems.
Why did you get into IT security?
Simple answer is I have a passion for information security and love the challenges in this field. I was initially an IT infrastructure specialist, and securing the systems was an important part of my job. I got deeper into IT security when I was appointed to lead the centralized patch management and malware protection implementations.
What was one of your biggest challenges?
One of the biggest challenges has been changing the organization's culture about information security from reactive to proactive. In information security, the “if it ain't broke, don't fix it” mindset can be quite dangerous and result in severe consequences.
What keeps you up at night?
The fact that IT security management is becoming a more challenging job every day. We live in an era where the network perimeter has almost disappeared, sensitive data can be stored anywhere and malware is getting more sophisticated. We need to leverage more effective technology, improve processes and constantly educate our people to be able to catch up.
Of what are you most proud?
I have been a key contributor in improving the security posture of The Hospital for Sick Children, one of the top pediatric hospitals in the world. Leading successful implementation of enterprise patch management, endpoint encryption and security awareness training are all examples of what I have accomplished. Undoubtedly, support of IT management and especially of our CIO, was essential in moving these initiatives forward.
For what would you use a magic IT security wand?
I'd use it to raise public awareness about cyber security. In a world where every end-user, hardware/software designer and executive is educated about information security, security practitioners would spend far less time on firefighting and would be more successful in helping the business achieve its objectives. The Ontario Privacy Commissioner has brought forward the philosophy of Privacy by Design, meaning embedding privacy proactively into technology itself. I truly believe the same approach should be followed for information security.
Windows devices are being targeted by a novel hacking campaign leveraging two exploits in Chinese remote control software Sunlogin to facilitate Sliver post-exploitation toolkit deployment and Bring Your Own Vulnerable Driver attacks, BleepingComputer reports.
E-commerce targeted by GuLoader malware attacks E-commerce organizations in the U.S., South Korea, Saudi Arabia, Japan, Taiwan, and Germany are being subjected to ongoing GuLoader malware attacks that involved the use of Nullsoft Scriptable Install System executables rather than malicious Word documents for malware distribution, according to The Hacker News.