Why did you choose security?

Security chose me. John Lennon wrote “Life is what happens to you while you’re busy making other plans.” Very true. Way back in the 1900s I finished my undergrad degree in History and English intent on teaching and coaching high school football. I went to work for an ISP the summer after graduation and never looked back. The seed was planted with WarGames, sprouted with Sneakers, and thrived at the summer job that lasted seven years.

In my career, I have bounced between higher education, industry, and consulting, with some overlap. I have been fortunate to have leaders in each realm who became mentors and lifelong friends. They set the standard and I have triple motivation to pay that servant leadership forward. They taught me about professional and personal relationships, understanding the boundaries between them, and understanding the difference between policy and the needs of the business.

I am an iconoclast because information assurance must be on the masthead. The late great Donn B. Parker called “security motivation through job performance evaluation ‘the mother of all security controls,'” I agree. Therefore information assurance must begin at board level. There are many laws and regulations (US State & Federal and International) that burden business with compliance to published standards. Risks to information are greater than published standards, graduate education, professional certifications, or vesting dates. Compliance and assurance are not the same. Assurance will meet compliance, but compliance cannot provide assurance.

I base my advisory services and industry deliverables on enabling business by aligning standards of due care with best practices. Opportunities for improvement exist within every organization and any assessment and resultant organizational, program, and process changes should be considered in that context, whether it originated from a team expense or out of the cap budget. The tragedy of the consultant is limitations within the statement of work. There is tremendous authority vested in the experience of a veteran consultant and the reputation of a consultancy practice. No matter the findings, they must be transparently presented with the audience of an executive or senior leader who will champion change.

I am a storyteller and enjoy communicating through storyboarding. I believe in giving people the time and space to best use their talents to serve our clients, our partners, our team, our organization, and themselves. Set people up to succeed. Remove roadblocks. I believe in respecting time and I expect it of my team. Meetings impaired by no agenda, late arrivals, and that run over time are not an acceptable practice. I do not do well in such a culture because I would rather give back time than expect people to stay over time as an ongoing work process.

In the end, my journey into security has been a winding path shaped by unexpected turns, influential mentors, and a deep-seated belief in the power of information assurance to enable and protect. What began as a summer job evolved into a lifelong mission to align security with business needs, championing a proactive approach that transcends mere compliance. As I reflect on my career—from the seeds planted by cinematic inspiration to the lessons learned in leadership and storytelling—I remain committed to empowering teams, breaking down barriers, and fostering a culture of respect and accountability. Security didn’t just choose me; it became the lens through which I view the world, a calling to safeguard what matters most while paving the way for progress.

Scroll to Top