Of what are you most proud?
The establishment of a security framework within our organization that business units will be assessed and measured against. This framework provides a foundation that demonstrates the state of security within a business unit, and can be used to address any incremental security measures.
How do you describe your job to average people?
Guidance and governance.
It is my responsibility to provide policy, standards and guidelines to business units, which guide information security practices and controls within our business units. Following development and implementation, I ensure that the practices and controls are properly followed.
What do you think needs more attention?
We need to change the paradigm that security is an expense and a nuisance. Security should be viewed as a business enabler. Those looking for goods or services should consider security to be as important as cost in their decision-making process.
What annoys you?
Vendors that tell you that their product or service solves your fill-in-the-blank problem. They don't understand my line of business, my infrastructure or my needs, but believe I need to invest in their solution.
What would you use a magic IT security wand for?
I would use the wand to create a security "score" for every PC, network, company or provider. This would allow individuals and businesses to know the "score" before purchasing from that company.
What security threats are overblown?
None really. They all have some form of merit. It is important for a company to be in a position to understand its exposure to a threat and then determine if the threat is relevant or overblown.
SKILLS IN DEMAND
Litigation fuels demand
In 2007, expect to see a significant increase in hiring related to e-discovery and litigation support. Given that electronic data is a component in virtually all civil and criminal litigation, companies are starting to focus their efforts on developing ways in which to better manage and catalog their data.
Dig deep
Legal, constitutional, political, security and privacy issues are major drivers right now. IT security professionals experienced in digital forensics, data protection and related legal requirements will be in demand in 2007.
City has advantage
Compensation ranges from the mid-$70K range to over $200K in major metro areas.
Source: Jeff Combs, Alta Associates