|Name:||John J.||Years in Security Industry:||17|
|Title:||Global Security Program Manager||RSA Conferences Attended:||11|
What aspect of your job gets you up in the morning?
It may not always be easy to show that we're making progress, but I feel that I am helping to enable great things at my company, by staying engaged and informed and looking at business problems through the lens of the security professional. I make a difference.
Biggest security concern:
Staying ahead of the rapidly evolving threat landscape. In particular, big data scares me. If we don't act as data stewards, and protect data confidentiality, integrity and availability in an evolving legal and ethical environment, then we miss out on the tremendous opportunities that are possible.
Big Data – hype or not?
Every new trend gets hyped by vendors, but big data is real and it will drive a new industry and challenge us all to keep it safe. We need to take this seriously.
Why do you attend RSA® Conference:
RSA Conference is unique in its size and breadth, and if I could only attend one security conference a year, it would be RSA Conference because it provides the greatest value in the shortest period of time. There is no topic that a security professional will have, that the RSA Conference will not address.
What industry-wide changes need to happen in order to improve how security organisations work together?
I think security organisations want to draw upon industry best practices, but we need to have more of an open-source approach to gathering and sharing security events. There is a great benefit in sharing concerns and solutions in a common framework, with the ability to maintain confidentiality. There is progress being made between organisations, vendors and public sector, but it is hindered when everyone is concerned about what's in it for them.
What does "Security in knowledge: Mastering data. Securing the world" mean to you?
All organisations are facing the challenges of big data. Internetworked sensors and embedded systems proliferate globally, and computers are becoming ubiquitous. The potential value that comes from mining and visualising these huge data sets is tremendous. To transform this information to knowledge will take professionals who are trained to manage and manipulate and reduce these data sets while maintaining their integrity, and treating the data in an ethical and secure manner.
Most memorable career moment?
I feel fortunate to have worked at a government facility when infosec was young and the first firewalls were being developed. I feel something similar today, as security is rapidly evolving in light of the cloud, mobility, consumerisation of IT and big data. Our greatest challenges lie ahead of us!
Favourite session topic:
I am turning a lot of my focus to security governance and risk management, but I love to attend sessions where security veterans tell great war stories! I wouldn't miss the Cryptographer's Panel on Day One.
Best advice ever received:
A security professional shouldn't be concerned with eliminating all security risks; the focus should be to advise the business on the risk and the options and help them make informed decisions on how best to manage risk. Bridging the gap means explaining security concerns in language the business will understand, and applying security policies in the context of the business. Strive to have security seen as a business enabler, not a roadblock.
Most important mentor and why:
I am so fortunate to meet others in this field who are willing to share what they've learned from years of experience. They've all helped me grow and learn. The most important thing is to learn to listen, more than you speak.
As a child, what did you want to be when you grew up?
I think I always wanted to be an explorer of some sort, and I became enamoured with cyber security as an exciting new frontier to explore.
Perfect day off:
Why do you keep coming back to RSA Conference?
Every year I meet with an ever-growing cadre of security leaders from different industries and we discuss security trends and challenges and practical approaches to solve common problems. RSA Conference acts as a level-set, and is invaluable in helping me prioritise my security efforts back at the office.
Biggest professional challenge?
It is difficult to spend sufficient time to really understand the needs and concerns of the business, yet without doing this, it is next to impossible to develop aligned security goals and communicate these effectively to business leaders.
Why you're in the security industry:
I enjoy solving difficult problems and the security industry never fails to provide challenges and variety. Security is more than a job, it's a way of thinking about the world. This is a career for people who aren't satisfied with the status quo, who have an insatiable curiosity and a desire to learn and apply that knowledge for the benefit of humanity.
I worked at a waste treatment facility. It's hard to think of a worse job. It motivated me to work hard and get an education, so I always had options and could have a job doing the things I was passionate about.
PC or Mac?
Blackberry, Android or iPhone?