Work without worry

1. Your number one principle for data security?

Attention to details matter. 90% of the time, a breach or an exploit happens because something really simple was missed or one simple change was made that caused the problem. This can be as simple as receiving an email and mistaking an illegitimate request as a legitimate one. Or accepting the default setting when making some change to a running system. It’s never foolproof, but paying attention to the details of things really does matter.

2. Most rewarding part of the job?

Helping the team, and growing with them. No one person can do and know everything. Everyone in history is standing on the shoulders of those before us. Recognizing that and helping to lift others up and sharing my experiences makes me happy.

3. Ever consider becoming a hacker?

I like puzzles and problems. But many puzzles don’t lead to legal issues. I’ve always preferred to share and protect, than break and exploit. Plus you can more freely talk about what you do without fear. 😀

1. Your number one principle for data security?

Don’t collect it if you don’t need it. We have designed a system that only collects data that is the minimum to provide the service. We don’t need to know the name/age/gender of any of the students answering questions – we just need to know what they answered. It keeps it simpler, and reduces security risk.

2. Most rewarding part of the job?

Seeing the awesome ways that people use our technology. The most recent example of this was a program of learning to teach media literacy, which is more relevant now than it every has been, to teach children (and adults) how to discern #realnews from #fakenews.

3. Ever consider becoming a hacker?

Not again, no 😉 My hacking exploits were limited to reverse engineering the copy prevention on Commodore 64 games when I was a kid and had more free time and no money. I had some successes and many failures – but in the end, this was what drove my interest and passion in software development.

1. Your number one principle for data security?

The effective use of defense in depth, in the context of it being a comprehensive security strategy. I think the best approach to that principle is to combine effective administrative controls, layered technical controls and ongoing security awareness education and training. The importance of security awareness by everyone in the organization cannot be overstated in today’s security climate. Information security is about a lot more than just cybersecurity.

2. Most rewarding part of the job?

Knowing that I’ve helped to improve Learnosity’s security posture and instilling confidence in our employees that our security posture is sound. While I want everyone at Learnosity to be security aware, I don’t want them to be security worried. No one works effectively or happily if they are worried.

3. Ever consider becoming a hacker?

A black hat hacker? No. A white hat? I did consider that at one point. Although I have a background in engineering, both hardware and software, I’ve always been most comfortable in broader analytical roles. Waist deep in the technical weeds rather than neck deep.