Computerworld -
What I need and what I do are two different things. I know that what I need is to take a very long vacation in a warm place where I could sit on the beach, sipping something alcoholic and sweet while my toes wriggle in the sand and the warm water of the incoming tide laps about my ankles. No cell phone, no laptop, no schedule. I wouldn't be responsible for anything.
This year has been crammed with projects at work and activities at home, yet instead of giving my frazzled mind the rest it needs, I heaped more work and responsibility on my head. My problem is that I want to rule the world.
First, I accepted an appointment at the local university to teach telecommunications, security and IT classes. I used to teach before I moved to this state. I love teaching and have been waiting for an opportunity here. It finally came -- at the busiest time in my life. I will be working at my state agency security manager job during the day and teaching several nights a week.
Second, I threw my hat into the ring for the state's chief information security officer position. I have already been through the first round of interviews, and it went so well that I almost convinced myself that it was a done deal. But I have been around long enough to know that it is entirely possible that a senator's nephew is in line for the job and I am just part of the process to help make the selection look legitimate.
At the interview, I was asked the usual questions about how I would deal with various scenarios. I answered them all with conviction and clarity.
One of the more interesting questions was how I would handle huge security concerns with very little budget money. I told the interviewers the story of what happened two years ago when the state legislature refused to approve the funding that would let my state agency purchase firewall technology. As I've explained before in this column, my only option was to build open-source firewall and intrusion-detection tools. Using old computers, extra network interface cards and some time, I satisfied our needs with no budget.
I also expounded on some philosophical issues. I said that the most important thing for CISOs to do is to keep their eye on the ball, the ball being total security. I know that total security doesn't really exist, but it remains the goal nonetheless, and that means that everything matters, from the physical layer up through the application layer. Data at rest and data in transit must be protected from unauthorized access. It's that simple -- and it's that complicated. It's a daunting responsibility.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
