I've always done network administration, that type of thing. As security started to separate itself from normal IT work, I went out and studied for CISSP. The need was there and I was already doing a lot of it.
Q: What do you like most about your job?
What I find fascinating about it is that it encompasses knowledge across multiple platforms. You have to understand coding, wireless, networking. It lets you stay involved in a lot of various aspects of technology.
Q: Anything that annoys?
You train users on [a policy] over and over and they just don't want to do it because they don't see the risk.
Q: Who's influenced you?
It was when they arrested Kevin Mitnick back in the 90s. I read the book by the guy who caught him. It was fascinating how that was done and the way he wasn't that technical. He used a lot of social engineering. I realized how open things were and we really did need to do something about it.
Q: How do you describe your job to normal people?
It's a lot easier to say I'm in information security than in networking. When my grandparents ask me what I do, I say: "I stop the bad guys from stealing medical records" – they get it.
Q: Any words of wisdom?
Be passionate. You're selling an insurance policy. If you do your job really well, no one will know. Keep learning. You can't let yourself get stale.