What is the biggest security challenge that will be faced in 2017? How should it be addressed?
Lack of awareness and support from senior management. Address this by engaging the board and senior management and keeping them situationally aware.
What is on your desk right now?
A work laptop, a personal laptop, a business notepad, a travel journal, a set of fountain pens
How has social media impacted you professionally?
It is amazing that we are no longer confined by physical geographical boundaries to network and collaborate.
What is your number-one piece of advice for other information security professionals?
Be proud and continue to partner with business and other functions toward common enterprise goals.
What is your favorite benefit of your ISACA membership?
Meeting like-minded professionals globally and learning from those interactions. Also, access to regular publications, surveys and research.
What do you do when you are not at work?
Spend my time with my family and volunteer. In my role as a director on ISACA’s Board of Directors, I visit various ISACA chapters and interact with chapter leaders and members. At the same time, I contribute in knowledge sharing by presenting at various conferences.
How do you think the role of the information security professional is changing or has changed?
As information technology becomes integrated with business, information security professionals should be well versed in business context. The role is now changing from being reactive and supportive to proactive and enabling. Information security professionals are enabling and delivering new values just like other business functions.
How do you see the roles of information security, risk and governance changing in the long term?
The functions will become intertwined more than they have ever been in the past. Professionals in information security, assurance, risk management and governance will have to work closely and seamlessly. I see that there will be both movement from one role to another, and professionals will become multidisciplined. ISACA enables professionals to acquire new knowledge areas and validate that knowledge through certifications.
How have the certifications you have attained advanced or enhanced your career? What certifications do you look for when recruiting new members of your team?
Through the process of certification, I have minimized my knowledge gaps by learning widely accepted bodies of knowledge. The certifications I have earned also help me to get recognized. When hiring, I do look at candidates who have relevant certifications more closely; for example, in a role focusing on IT risk management, a candidate who holds the Certified in Risk and Information Systems Control (CRISC) would be desirable.
What would be your best piece of advice for information security professionals planning their career paths and looking at the future of information security?
One should understand his/her strengths and areas of interest. Generally, there are technical and management tracks. In each of these tracks, there is an option to be a generalist or a specialist. The Cybersecurity Nexus (CSX) Cybersecurity Career Road Map is a great tool for mapping a career. One can choose to be a Certified Information Security Manager (CISM) (management) or a CSX Expert (CSXE) (technical).
What do you think are the most effective ways to address the cybersecurity skills gap?
Structured, practical and experiential learning with skill validation will have the greatest effect. Cybersecurity skills can be developed in various venues including colleges, universities and in the workplace through job conversion. An important element to bridge the gap is having the practical skill that can be usable in the field.
You have been an active volunteer in a number of security associations for more than a decade. Why do you make volunteering a priority among the many demands on your time?
Everyone can make a difference in this world and I choose volunteering in security associations as a way to make a positive impact in our society. Given the elevated importance of technology, our roles in ensuring that we continue to benefit from positive use of technology through security are critical.
What has been your biggest workplace or career challenge and how did you face it?
When the roles of information security and technology risk management were not seen as adding value to business, but rather unnecessary overhead, it was a challenging time. In order to transform the situation into a more conducive environment, I did extensive outreach to business leaders and other functions. As part of the outreach, I reintroduced our value proposition and how we can be a partner rather than a barrier.