I run a training and consulting organisation, and do a little research into information security issues on the side. We specialise in delivering information security and privacy training and consulting, focusing on the intersection with legal and compliance obligations.
1. What do you like about your job?
For me, training and consulting is more about knowledge sharing. I get so much from the people we work with. I love talking to them about what they do, how things work in their organisations, their biggest challenges and some more philosophical things - like what 'security' means to them. Running a company also gives me flexibility to work the hours that suit, giving me time to be involved in other activities like industry groups and research.
2. How did you get into this role?
I started off as a lawyer but realised pretty quickly I wanted to be more directly involved in running a business. I had a couple of in-house legal counsel roles with technology companies - like Unisys and Dell Financial Services - before taking the big step of setting up my own business with my brother and a colleague of his. The business specialised in data networking and security and was my entry into the world of information security. I taught myself by reading everything I could find (including ISO 27001 - then AS7799.2) and then did the CISSP in around 2003 which gave me a really good grounding across the whole information security landscape. We worked with some great clients as the security practice developed. I ended up taking the training part of that business and setting up a new company focusing just on that in 2008.
3. An example of what you do each day.
I talk to our training partners, trainers and to people interested in doing one of our courses. I think about the issues that are impacting our community and how they might be addressed by training or consulting services. I develop new training material and keep all our course ware up to date. Things are always changing in the world of information security!
I'm trying to write more regularly on issues that go to the fundamentals of current information security practice because I firmly believe it needs a bit of an overhaul.
I also try and stay connected with the wonderful network of friends I've made in the information security world.
4. What would you say to others who are considering following the same career path? (Your Words of Wisdom)
There are so many opportunities in information security, especially for people who think outside the square and those interested in solving really tricky problems involving people and technology. Information security is still relatively new, and there are lots of ways to contribute to the development of an exciting new area of practice, particularly from the social side. There are lots of problems to solve and and exciting new ways to help the whole Australian community feel safe and secure.