Compliance Management, Critical Infrastructure Security, Privacy

Me and my job

How do you describe your job to average people?
Priceless. I have the best IT job in the world. I am at the helm of an IT operation serving the entire container shipping industry (and growing 100-percent year-on-year five years running). That puts our technology and solutions at the heart of the global supply chains of the world's leading companies.

Of what are you most proud?
Offshore IT expansion can typically cause a sense of insecurity within the local team, and it takes great care and communication to prevent this from draining productivity or losing people. Several years ago, when I first undertook offshore expansion, I drove the accountability for the initiative down two levels in my IT management team. So I had mid-level managers engaged in the selection process who've now become veterans, directly managing multi-shore staff, and working with manager peers halfway around the world. Now, the offshore team is viewed as an accelerator and a mission-critical part of the overall operation, rather than a threat.

What do you think needs more attention?
I like what I'm seeing in terms of the IT landscape becoming a frontier in the Green movement. More attention and more success stories in terms of ROI would be fantastic.

What would you use a magic IT security wand for?

I would create a benevolent global identity and security credentialing authority. It would be an open, neutral and trusted repository to maintain identities and access rules. It would rely on open-source technology, issue physical security tokens which are universally accepted and integrated with hardware and software security systems, be completely free and nonprofit, and never have a breach. Companies around the world would receive generous tax breaks to sponsor their best and brightest volunteers.

What security threats are overblown?
I hope to never be in a position to eat the words I'm about to say but; “pandemic influenza or avian flu” are not on my radar. From a business continuity standpoint and sake productivity, we need our workers to be able to work securely from anywhere in the world without being tied to an office. And, our communications procedures need to be effective for emergencies ranging from snow storms on up... but I'm just not attending the conferences and workshops on “viral pandemics” despite the steady stream of invitations. Knock on wood!

Skills in demand

With compliance requirements growing and high profile breaches in the news, the PCI assessment market is red hot. As payment card companies seek to transfer risk, merchants are being held to higher levels of accountability and PCI consultants are in demand.

More jobs than people
Professional services firms with PCI practices have more engagements than they have people to support them. Ideal candidates have a background in audit or assessment and are able to travel.

Cert carries big stick
Those that have the PCI Security Standards Council's QSA (qualified security assessor) certification are in greatest demand. Compensation depends on experience, but base salaries range from $90K to $130K plus bonus.

- Source: Jeff Combs, Alta Associates

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.