How do you describe your job to average people?
As a member of WellSpan security ops, I take the lead on vulnerability and protection management. I proactively mitigate technical risk for existing systems and new implementations. This role is also responsible for daily operations and support of WellSpan's security controls. I also manage the implementation of new security controls that protect the enterprise.
Why did you get into IT security?
I was looking for a way to expand my skillset. Previously, I held senior network engineer- and network manager-related positions at other organizations. I wanted to capitalize on this skillset to grow professionally. IT security is always something that caught my eye. I just had to gather enough courage to step outside my comfort zone. I'm happy I made the leap and would recommend others do the same.
What was one of your biggest challenges?
From a security standpoint, ensuring secure remote access for a large and complex organization is a challenge. AAA [authentication, authorization and accounting] are the driving factors for any remote access solution, but this is easier said than done and requires many infrastructure pieces to be implemented, including business processes.
What keeps you up at night?
Ensuring our systems and their data remains safe. Malware and network-based attacks become more sophisticated each day. This also holds true for phishing attacks. As a result, we are always looking for new products or ways to optimize existing protections to keep the bad guys out.
Of what are you most proud?
I'm proud of the work that has been accomplished, in a very short time, to stand up a new centralized security department and shape the direction of how the enterprise protects its systems.
For what would you use a magic IT security wand?
I would use my security wand to engrain the dangers associated with phishing email and how to identify them in our users' minds.