CISSPs From Around the Globe: An Interview with Laurie Mack

nThe Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. This is so because of all the doors that certification opens to a CISSP professional. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted.

n

nIn this installment, we talk tonnLaurie Macknn. Laurie lives in Canada and is Director for Security and Certifications atnnThales. In this interview, Laurie shares with us how she started her career in thenCanadian Armed Forces as a radio communicator and how her proudestnprofessional moment was when her and her team were given a public servicenaward for their work.n

n

nWhat job do you do today?n

n

nAs Director, Security and Certifications for the Thales Digital Identity andnSecurity (DIS) business, my team and I are responsible for leading securityncertifications for our products against industry and government standards,ncoordinating the management and response to security vulnerabilities innthose products, and site security of our offices in Ottawa. We also supportncollateral company activities including such areas as product securityndesign and development.n

n

nWhat problems does your company solve?n

n

nWe develop solutions for the security integrity of many technologies, fromnsecure software, to biometrics and encryption, DIS technologies andnservices, enabling businesses and governments to authenticate identities andnprotect data, so they stay safe. We also enable services in personalndevices, connected objects, the cloud, and everything in-between.n

n

nnWhat was life like when you started out in your career in cybersecurity?nn

n

nI started my career as a 17 year-old radio communicator in the CanadiannArmed Forces in the early 1970’s. Security, and especially nationalnsecurity, was entwined in everything I did, so it was a natural evolutionnfor me to move into that speciality 20 years later when I retired from thenmilitary. I was privileged to start my cybersecurity career in this rapidlynevolving and transformational field in the Canadian government.n

n

nWhat was your first cybersecurity job?n

n

nMy first focus on cybersecurity was with the Canadian government’snCommunications Security Establishment, working in an area that focused onnsupporting federal government departments to better understand their risknand to guide them in applying good security measures. It was exciting andnchallenging work, and gave me the opportunity to address challenges bothnnationally and internationally.n

n

nWhy did you first decide to get into cybersecurity?n

n

nEarly in my career as a military officer, I became an advocate for thensecurity and protection of sensitive information, but more than that, Inembraced the notion that security could be an enabler for organizations. Itnwas reliable security measures that facilitated the building of theninfrastructure and capabilities that we use today, and I wanted to be a partnof that process.n

n

nnWhat first attracted you to consider getting a cybersecuritynqualification?nn

n

nI wanted to have a globally recognized professional security qualification.n

n

nWhy did you decide to undertake CISSP?n

n

nThe CISSP was the de-facto global recognition for security professionals atnthe time.n

n

nWhat prompted you to do that?n

n

nHappily my company funded it as part of professional development, so I wasnan eager candidate.n

n

nHow long did it take to achieve CISSP?n

n

nIt took me over six months, most of that through self-study, when I couldnfind the time. I was reading Shon Harris’s book on my own time, as well asnloads of other reference material. I enrolled in a boot camp course innadvance of the exam. This is an enabler that I whole-heartedly recommend tonanyone pursuing the CISSP.n

n

nWhat most surprised you about CISSP?n

n

nI hadn’t realized just how widely the certification is recognized. Thisnprofessional certificate has helped me advance in my career.n

n

nHow did it change how you approached your work?n

n

nThe CISSP took me into areas of security that I hadn’t previously beenninvolved with and it widened my scope of interest in cybersecurity.n

n

nnWhat were the first changes you noticed after achieving the CISSPncredential?nn

n

nHolding this certification gave me greater confidence in my knowledge andnapproach.n

n

nnCan you tell me about a time when having the CISSP designation broughtnyou an unexpected benefit?nn

n

nThe most unexpected benefit I found was with team building and sharing mynenthusiasm for cybersecurity and the CISSP. I was responsible for ITnsecurity at a large Canadian government department, and I decided to mentornsome of my team members who wanted to take the CISSP exam. I started anweekly small study group to review the book and the various knowledge areas.nThat group doubled and then quickly tripled, with other employees who werenjust interested in security. I brought in guest speakers, held field tripsnto various secure sites, and we had really good discussions, with some ofnthe ideas being implemented in the department. I really enjoyed running then“course”. As a bonus, the team members successful passed the CISSP exam.n

n

nWhat steps brought you to the job you do today?n

n

nInitially, I was the Canadian government representative on the Can/US jointnCryptographic Module Validation Programn(CMVP)nin the mid 90s, a lab director for an accredited third party lab in the laten90s, a consumer of validated products in the Canadian government in thenearly 2000s. Now, I am responsible for ensuring our products conform to thenrequirements of the CMVP program. So you might say that my career has comenfull circle.n

n

nnWhat is the biggest challenge you have faced in your career?nn

n

nI was working as a senior manager for one of the “Big Four” accountingnfirms, and the company decided that they were not going to continue withntheir security practice so my position was terminated. As a single mom, thisnwas devastating! I gathered myself and started my own security consultingncompany and approached the company who had just let me go to work on thenprojects they had already committed for me. That kick started my successfulnsecurity consulting business.n

n

nWhat ambitions do you have for your career ahead?n

n

nMy company has several ongoing strategic cybersecurity initiatives that Inwould like to help bring to fruition.n

n

nWhat is it about your job that you love?n

n

nI love the people. I am privileged to work with such talented and wonderfulnpeople.n

n

nWhat contribution are you most proud of?n

n

nThere are many. One that comes to mind is my work on some of the briefingnbooks. Government Ministers’ briefing books were pages and pages of writtennnotes. Changes to the books, and all the copies, were constructed manually.nIt was time-consuming and generally difficult for everyone involved. Therenwas no obvious solution to this as the information was highly secure, so itnwas deemed that it could not be processed electronically. My team and Inproposed that this information could be transposed to tablets, and wendevised security solutions, including device certificates, central devicenmanagement, authentication, and other measures that allowed these books tonbe transferred to tablets. Our team received a public service award for thisnand that was a great sense of pride and accomplishment for all of us.n

n

nnHow do you think you have personally benefited from becoming CISSPncertified?nn

n

nThe CISSP has not only opened doors for me, but it inspires me to continuento give back to the security community at large through mentoring andnsupporting security practitioners to qualify for the certificationnn.nn

n

nn

n

nHow do you ensure your skills continue to grow?n

n

nI attend security conferences, presentations, local security communitynmeetings, and I read security articles.n

n

nnWhat do you think the biggest challenge is for cybersecurity right now?nn

n

nThe threat landscape is constantly and rapidly evolving and there are muchnmore sophisticated attacks and attackers. The biggest cybersecuritynchallenge I see is the advanced persistent threat from nation states, andnthe extent that these will potentially impact our lives and our livelihoods.n

n

nWhat solutions do you think could address this?n

n

nThe cybersecurity products and services we employ need to continually evolvenwith increased and advanced security measures. I am privileged to be in anposition to influence this.n

n

nWho inspires you in the world of cybersecurity?n

n

nThe members of my team inspire me – every day.n

n

nnWhat do you think people considering a career in cybersecurity shouldnknow?nn

n

nThe traditional fields of cybersecurity – network, physical, software, etc.,nare really interesting and will be a great start for a career. I think thenworld is also moving more to a cloud environment, and the field of DevSecOpsnis also where an exciting future in the field lies. I wholeheartedlynrecommend obtaining the CISSP professional certification.n

n

nTo discover more about CISSP download ournnUltimate Guidenn. Or read our whitepaper,nn9 Traits You Need to Succeed as a Cybersecurity Leadernn.n

n

nOr, check out more interviews with CISSPs as a part of thisnnCISSP interview seriesnn.n

]]>