Professionally, I'm most proud of where our project is today, considering where it was four years ago. It's not an easy thing to consolidate the IT systems of three police departments, each with their own set of policies, procedures, regulations, beliefs and opinions. I'm proud of the willingness of these departments to embrace the idea and their patience and persistence in pulling it off.
How do you describe your job to average people?
I am the “IT guy” that makes sure that the three police departments I work for have the applications they need to conduct business on a daily basis. I'm in charge of keeping the cities connected and keeping the applications running for them. In my spare time, it's finding new and better technology to use to make them more efficient.
What do you think needs more attention?
The needs of small organizations. Too many technologies are designed for large companies and the budgets that go with them.
What annoys you?
Right now, it's software licensing models that are inflexible and unrealistic. Virtualization is going to change our industry, but some vendors seem unwilling to embrace that. I should not have to license every physical machine I have because I might run an application on one machine one day, but the next run it on a different machine. Licensing models should acknowledge my intent, which is to run only one copy of the software.
For what would you use a magic IT security wand?
For my own benefit, to forever secure my networks from the expanding threats that are out there. For the benefit of all, to protect our private information in the databases of companies so that we don't have to worry about using e-commerce and the other great things the web has to offer.
What security threats are overblown?
I hate to say it, but if it's a threat, then it's probably not overblown. We need to consider them all, not taking all threats seriously is what will lead to trouble.
SKILLS IN DEMAND
Executives need to understand what they're spending money on when it comes to security. Technology risk management is about identifying risk, measuring risk and mitigating risk relative to an organization's tolerance for risk.
Security programs must measure up to industry regulatory requirements. However, looking beyond regulatory requirements is where we find an organization's true tolerance for risk. The ability to properly align risk mitigation strategies with business objectives is a skill more and more employers need and demand.
Corporate salaries range from $80-120K and consultant salaries push into the mid-$100s.
Source: Jeff Snyder, president, SecurityRecruiter.com