I’m a recent graduate of Sheridan College’s information systems security program and currently work at TJX, which owns Winners, HomeSense and Marshalls. I work in the system and security department and the auditing and compliance section.
I’m responsible for making sure our section of TJX Canada is SOX-compliant. After the Enron accounting scandal, in 2002 the U.S. passed laws including the Sarbanes-Oxley Act (SOX), mandating that publicly traded companies like TJX be audited. [Sections of the act cover, among other things, responsibilities of a public corporation’s board of directors and criminal penalties for certain kinds of misconduct.]
My family were not the most technical people, but growing up I did a lot of coding and learned different coding languages. When I was younger I built websites and worked through HTML. I started participating in online capture-the-flag tournaments: you get an encrypted file and have to decrypt it and find the flag to get points. Some challenges can be as quick as a minute, and others can take a day.
In the Sheridan program, we went through a bunch of different aspects of security: cryptography, auditing procedures, secure software development, policy, ethical hacking and intrusion detection. We attacked the idea of security from different avenues.
There are very few jobs that require you to draw upon all the things you learn in school, but knowing all of that stuff is amazing. If I do a job for a while and want to change jobs, I have the skills to be able to switch.
The instructors were good at helping us relate what we learned to the real world. I’ve always enjoyed things like penetration testing – trying to get into a system from the outside like a hacker would to break into a network.
We had in-house networks and systems that we set up and ran exercises with and against each other to see what information we could pull out. So when you go out into the work force, you know how to defend against that stuff. Those classes were a lot of fun.
I started out in computer engineering at Sheridan, but that turned out not to be exactly what I wanted to do. I’ve always enjoyed technology – it came naturally to me. But in the engineering program, I noticed that people had an understanding of security but didn’t really care all that much about it. I could see the implication of that around the world: people having credit card info stolen from big companies, data breaches, private information being leaked to public sources. I found it fascinating.
On the job I really like the fact that I get to interact and work with so many parts of the company to help them beef up their systems to manage their information. I work with their teams to standardize the way information is stored and the way access is controlled. The information I gather also varies a lot between the different groups – it might be in different formats – so that makes my job challenging, too.
