“I joined the military in the first place because I wanted to be an astronaut, and all astronauts were military. But after completing my degree and military classification training, a career placement officer assigned me to the Directorate of Communication Security at National Defence Headquarters in Ottawa. Very quickly I got to work on some interesting projects and I’ve never looked back.”
I didn’t know anything about security but I was told they would teach me. Six months of intensive courses in cryptography and TEMPEST, the detection and prevention of potentially compromising emanations from electronic equipment, and all kinds of other cool security stuff. It wasn’t a common field yet, so we were specialists with that feeling of being in a unique and interesting area. It wasn’t just run-of-the mill programming or system administration.
Looking back on the early days of the field
When I got into the field in ’89, we were still trying to wrestle with the theoretical foundations of the field. What did it mean for a system to be secure? A lot of my early readings were around the idea of “trusted computing”. A system based on trusted computing would have to be worthy of handling the nation’s secrets. That really interested me as I’ve always been attracted to logic and thinking about consistencies in frameworks.
Different landscapes, different threats
The threat landscape I deal with is different from the one you mostly hear about. I work in the classified side of government, so these are systems and environments that have nothing to do with the internet, they’re not connected. We don’t have to worry about the latest Russian hacker disinformation campaign or Ransomware. We focus on internal threats or weaknesses.
When it comes to security work, what keeps you awake at night?
Getting management at organizations to really understand that their security needs are real. This is such a long-standing complaint in the security community, maybe we don’t always speak the right language. Because security incidents are usually few and far between, it’s difficult to convince management that although incidents may be rare, if one of them does happen, you could suddenly find yourself vulnerable and compromised. Security is an important, critical investment.
Life at ADGA
I have been here almost twenty years, that’s a long commitment. But my loyalty to ADGA dates back to a difficult time in my life, when my first wife was ill with cancer. It was hard juggling the demands on the home front and at the office. ADGA was incredibly supportive in allowing me to work from home at a time when this was very uncommon and do all of the things I needed to do to support her and our children. I can’t speak highly enough about how well ADGA has treated me over the years, and the loyalty they’ve earned from me.