I have a management role, but really my job is about providing the services to protect Cancer Care’s personal health information and making sure information is secure.
I’ve got a bachelor’s degree in business administration from Nipissing University and a master’s in information security from Royal Holloway, University of London – an online degree. I started out in a business/I.T. role with a public health care focus, and then I moved on to specialize in information security. It’s an area whose different aspects appealed to me.
Health care is a really exciting field. There are a lot of complexities to the I.T. systems, and sensitive information to protect, and that leads to exciting work in the security field. You also feel really good about helping people.
I’m taking a certificate in computer security and digital forensics through Ryerson University. The program focuses on the specialty area of digital forensics, and that appealed to me because it’s an opportunity to get back in touch with hands-on I.T.
I’m more in a management role, so this is an opportunity to upgrade and focus my security technology skills in an area I find interesting. The skills I’m learning are directly applicable to responding to security breaches.
To rapidly learn new technology, you definitely need hands-on experience. You need to build your own computer lab at home, practise with the tools and technologies and understand them, and put in the time and get experience through work as well. You can’t expect to read a book or do a lab and directly apply that the next day.
The courses do a really good job of splitting the book learning and the theory as well as the hands-on application and the structured learning. It may not be so valuable for someone focused on a different area of information security, but in general most people in an operation-delivery capacity who have to run an information security program or deliver services internally could benefit from this type of course.
A day doesn’t go by when there’s not a new discovery, vulnerability or attack, so you really have to keep apprised of current events and threats. It’s also about understanding business and being prepared to learn about business so you can bridge that gap between the technology and the business side.
A lot of people ask what my undergrad was in, and I say business. I think it served me well that I had that foundation and sought out specialized information security training afterwards.
It’s a lot of pressure to make sure everything is as secure as reasonably possible. Every day there’s a news event about a large breach or surveillance or cyber-espionage, so it’s in the public eye, and that gets a lot of people worried. It really does put a fair bit of pressure on us to make sure we get this right.
