Rowenna Fielding is a self-confessed former IT and infosec nerd turned data protection anorak. Both in her professional capacity and her more irreverent ‘Miss IG Geek’ online persona, Rowenna’s articles, interviews and presentations have been prominent in the data protection landscape for several years. In her spare time, she is mostly preoccupied with knitting, puffins and gin (not necessarily in that order).
How did you get into information security?
I was a sysadmin for a startup, toiling among the trunking, when my day was unceremoniously disrupted by a network compromise. It turned out that the sales director’s unsavory leisure-time browsing activity had resulted in bringing a virus into the office. The investigation and cleanup – although a bit stressful – was fun and fascinating, so I decided that infosec was the way forward for me. Now though, I have moved on to data protection, which is also about human rights, law and records management as well as infosec. It is even more fun and interesting!
What’s the most misunderstood thing about data protection and security?
The mistake of conflating data protection with security is the most common and fundamental misunderstanding about the two. There is some overlap – data protection requires personal data to be processed securely; availability, integrity and confidentiality are also part of the data protection principles, but there is more divergence than overlap. Infosec does not get into human rights – lawfulness, transparency and people’s rights – and data protection is only concerned with personal data, not proprietary trade secrets.
What’s the best thing about your job?
The combination of hard-core ‘geekery’ and human factors are the best thing! Even when the work gets technical and intricate, there’s always the people factor underneath – their rights and freedoms, balanced against the needs of a civilized society. I enjoy taking these abstract concepts and turning them into operational advice, helping people understand that it is not about the paperwork or the dry goal of ‘compliance,’ but about the social contract and ethical principles.
What would you change about the information security industry?
Oh Lordy, where to start?! I think vendors of solutions have a lot to answer for – far too many make unrealistic promises about the capabilities of their products, masking the complexity and resources required to put those products to use. Also, the focus on coding skills is unhelpful – infosec is a broad discipline and in my view, people who work in user experience, as educators and policy-makers, should be afforded equivalent respect and visibility. We have a situation where everyone gets excited about exotic zero-day exploits, but most organizations are still neglecting the boring, unsexy basics.
Quick-fire Q&A
What’s your favorite film?
The Princess Bride – a timeless classic.
What’s your guilty pleasure?
I don’t believe that any pleasure should involve guilt, as long as it’s between consenting adults! If pushed, I’d probably say arguing about data protection on Twitter!
What’s your dream job?
I’d like to be a writer full-time, but making a living from that is pretty difficult these days.
BIO @MissIG_Geek
Rowenna Fielding is senior data protection lead at Protecture Limited, where she advises and consults voluntary and commercial organizations on good privacy practice. Prior to her role at Protecture Limited, Rowenna served as information governance officer at RNIB.