Security Architect for e-Secure, Australia, working at Commonwealth Bank of Australia (CBA)
Which exams have you helped develop?
CompTIA Advanced Security Practitioner (CASP), CompTIA Security+ and CompTIA Linux+ Powered by LPI.
What do you get out of volunteering with CompTIA as a subject matter expert?
For me, it’s the networking, the exchange of ideas and concepts between like-minded individuals. I also liked giving back to the industry. For me, it was also an opportunity to get some good working knowledge about the U.S. as well.
What’s it like working with other subject matter experts to develop CompTIA exams?
I think it’s a great experience. I recommend it. CompTIA’s exam development operation is very mature, very optimized. They use appropriate methodologies that have built a strong framework capable of generating consistent and mature exam products. It’s a very smooth process. Participants also brainstorm—all together and in smaller groups—about what’s important for an overall exam.
CompTIA’s facilitators do just that: facilitate, allow the free flow exchange of ideas while keeping people focused. They’re able to constructively deal with different perspectives, different egos.
You’ve helped develop both the CompTIA Security+ and CompTIA Advanced Security Practitioner exams. What do you see as the main differences between these exams?
I see the CompTIA Security+ exam as a great benchmark exam for candidates to prove a base level of security knowledge to potential employers. The CASP exam is aimed at more senior security professionals looking to attain a credential that shows their demonstrated domain expertise.
What do you do for your day job?
Security architecture involves setting strategic direction within relevant security domains as well as working within projects to deliver solutions that closely align to business needs. So I work with IT architects, project managers, general managers for business systems, and general managers in the security space as well. Also, I work with the vendors who provide solutions.
How did you get into IT?
As a 15 year old, I saved my pocket money to purchase a computer that was average for its day. That’s when I realized there’s always something new to learn, there are always new challenges with computers. When I was 17, I began to learn about computer security and eventually decided to get a job in that field.
I held part-time jobs — generalist IT roles — while I went to university for a computer science degree. My real breakthrough occurred when I won a scholarship to do specialized security research during my senior year. Then I was offered a PhD scholarship. So I wound up in academia almost by accident. I did two years of my PhD before I realized I didn’t want to stay in academia. I prefer to be in industry. I was fortunate enough to have my resume picked up by a smaller specialized security firm (e-Secure) where I’ve been pretty much ever since.
What do you like about IT security? What interests you?
I like the continual challenge of and the tactics involved with protecting assets against attackers and new attack methodologies. For me, it’s staying ahead of the attackers, making sure we have adequate defenses in place to protect our information assets.
Based on your solid background in IT security, what knowledge or abilities do you think is most important for IT pros entering this field to possess?
Having a solid level of understanding of IT fundamentals across the board. To succeed, you need to be an IT generalist, but also an IT security specialist. Also, you need strong soft skills to be able to convey technical things not only to technical people, but to business people as well.
What are you doing when you're not working?
Spending quality time with my wife and two sons. I have a young family; we enjoy traveling and camping. I also play golf with my friends. Stuff away from computers.