Consulting to clients around security, risk and continuity strategy, architecture and technology.
1. What do you like about your job?
Flexibility, variety of clients with variety of problems to solve.
Knowing that I'm able to contribute by leveraging my extensive IT and security experience to securing an organisation, especially Government.
2. How did you get into this role?
After 10 years working as a data communications specialist, and doing some app dev and database work, I started becoming aware of potential threats, vulnerabilities and risks. Around 1999 I decided that I wanted to drive the info security industry, so ended up leading one of the first Australian specialist security consulting firms security practice.
3. An example of what you do each day.
The day could start at 1am if I'm doing outside business hours security testing for a client, or it could start at 10am if I'm working in the office (to avoid the horrific peak hour traffic). One of the first things I do (before the day officially starts) is check my email and the news (general and security-related).
I may generally have a few client meetings each week - this could involve hosting business stakeholder or technologists workshops or interviews to elicit their current state of security, requirements, risks etc.
A large chunk of the day is spent on research specific to a client engagement, and documentation of what I've discovered and recommendations.
4. What would you say to others who are considering following the same career path? (Your Words of Wisdom)
You cannot secure what you don't understand - get a good understanding of technology first before jumping into a security specialist degree, even if that's just self-education.
Relevant qualifications:CISSP - 2001
MBCI - 2014