Explain what you do in less than 50 words:
I am responsible for information security and development, with delivery of new policies and process to support the existing infrastructure. We deploy a risk-based approach to support these processes, with a staff awareness program to ensure the firm maintains its high levels of information security.
What is the biggest information security threat to your industry?
Lack of training and awareness of data loss risks by the legal industry.
What technology or information security solution could you not live without?
My security-enabled smartphone. Everything I need for my personal life is on it, and I can keep in touch with the office when I have to, knowing that it is secure.
If you were leaving your role, what one piece of advice would you give to your successor?
Don’t fight battles you can’t expect to win. Wherever possible, find a business need for the security you want to implement and use that as a driver, using the ‘S’ word as little as possible.
What is the information security industry’s biggest shortfall?
Training and awareness of the end users; specifically that the impact on business is rarely identified as the potential risk.
What is your proudest achievement?
Finding a great wife and being happily married for over 30 years, with two wonderful children.
What is your biggest regret/mistake?
Not buying a house when I was 17.
In three words, what should the information security industry expect to be facing in 2013?
The insider threat.
Name a project, movement, product or legislation / standard that has impressed you in this industry.
ISO27001: love it or hate it, this standard has put a stake in the ground for all of us to be measured against.
Who, in this industry, inspires you?
- James Lyne (Sophos). He has a brilliantly enthusiastic approach and engaging passion for raising awareness.
- Ken Munro (Pen Test Partners) for his practical and pragmatic approach.
- Stewart Room (Field Fisher Waterhouse LLP). He has excellent knowledge and sensible solutions for data protection legislation plus application.
What are we, as an industry, doing right?
Raising the profile and awareness of the threats to our information, which at the same time highlights the need for trained professionals with specialist skills and knowledge to be part of the process.
If you weren’t an information security professional, what would you be?
A health and safety manager/advisor.
What are you hoping to see/hear at Infosecurity Europe 2012?
Useful and practical solutions to make the user’s life easier, whilst ensuring that the level of security in the business is increased moving forward.
| Tracy Andrew will be speaking on the ‘Can There Ever Be Such a Thing As a ‘Trusted’ Third Party Provider?’ panel at 13:15 on Tuesday, April 24, at Infosecurity Europe 2012. |