I currently work on identity management, which doesn't help explain things at all to non-technical people. They generally understand that a human resources system exists and they can conceptualize a student information system.
So, I say that I take your information from those systems, twist it through a few things and create email addresses, user names and passwords. In reality, the job is mostly policy and documentation, with a side of audit and compliance.
What part of your job makes you most proud?
It makes me most proud when no one notices the systems I manage. The more transparent and seamless the system can be, the more successful I feel.
What's your information security dream job?
Managing identities for Google. What could be better than managing one of the largest user stores in the world? There is great innovation to learn from there, and the sheer size requires some true out-of-the-box thinking.
What do you think is dangerously ignored?
Basic documentation. We all have lots of pieces, but do we have them consolidated with a clear check list? I think you could go into any organization and find room for improvement in documentation.
For what would you use a magic IT security wand?
I'd unite vendors and never let a product go to market that wasn't interoperable and standards based.
How did you get interested in information security?
It's just one of those things that morphed into my career.
Any information security predictions for the next five years?
Federated identities will become the norm, and you'll see large rollouts of token or multifactor authentication.