Senior Information Technologist (20 years) specializing in information security and information technology operations process. Easily able to leverage technology to achieve business objectives for controls, effectiveness, competitive advantages with respect to information technology. Experienced in IT Governance, Security Review, Incident Response, Risk Assessment, IT Operations, Process Engineering, Project Management, and Strategic Planning.
Information Security is a top-down concept and should be practiced everywhere across the organization. The idea sounds great, however in practice, is difficult. The problems could be that not everyone is equipped with security knowledge, not everyone is motivated in achieving security goals and no personal benefits at the job/responsibility level. To solve the aforementioned problems, we have to ask the right questions: How security decisions are being made and by whom? What are the reward system and measurements that drive towards the goals? What are the roles that support the responsibilities?