CISSPs From Around the Globe: An Interview with Laurie Mack

[ This article was originally published here ]

CISSPs From Around the Globe - An Interview with Laurie MackThe Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. This is so because of all the doors that certification opens to a CISSP professional. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted.

In this installment, we talk to Laurie Mack. Laurie lives in Canada and is Director for Security and Certifications at Thales. In this interview, Laurie shares with us how she started her career in the Canadian Armed Forces as a radio communicator and how her proudest professional moment was when her and her team were given a public service award for their work.

What job do you do today?

As Director, Security and Certifications for the Thales Digital Identity and Security (DIS) business, my team and I are responsible for leading security certifications for our products against industry and government standards, coordinating the management and response to security vulnerabilities in those products, and site security of our offices in Ottawa. We also support collateral company activities including such areas as product security design and development.

What problems does your company solve?

We develop solutions for the security integrity of many technologies, from secure software, to biometrics and encryption, DIS technologies and services, enabling businesses and governments to authenticate identities and protect data, so they stay safe.  We also enable services in personal devices, connected objects, the cloud, and everything in-between.

What was life like when you started out in your career in cybersecurity?

I started my career as a 17 year-old radio communicator in the Canadian Armed Forces in the early 1970’s. Security, and especially national security, was entwined in everything I did, so it was a natural evolution for me to move into that speciality 20 years later when I retired from the military. I was privileged to start my cybersecurity career in this rapidly evolving and transformational field in the Canadian government.

What was your first cybersecurity job?

My first focus on cybersecurity was with the Canadian government’s Communications Security Establishment, working in an area that focused on supporting federal government departments to better understand their risk and to guide them in applying good security measures. It was exciting and challenging work, and gave me the opportunity to address challenges both nationally and internationally.

Why did you first decide to get into cybersecurity?

Early in my career as a military officer, I became an advocate for the security and protection of sensitive information, but more than that, I embraced the notion that security could be an enabler for organizations. It was reliable security measures that facilitated the building of the infrastructure and capabilities that we use today, and I wanted to be a part of that process.

What first attracted you to consider getting a cybersecurity qualification?

I wanted to have a globally recognized professional security qualification.

Why did you decide to undertake CISSP?

The CISSP was the de-facto global recognition for security professionals at the time.

What prompted you to do that?

Happily my company funded it as part of professional development, so I was an eager candidate.

How long did it take to achieve CISSP?

It took me over six months, most of that through self-study, when I could find the time. I was reading Shon Harris’s book on my own time, as well as loads of other reference material. I enrolled in a boot camp course in advance of the exam. This is an enabler that I whole-heartedly recommend to anyone pursuing the CISSP.

What most surprised you about CISSP?

I hadn’t realized just how widely the certification is recognized. This professional certificate has helped me advance in my career.

How did it change how you approached your work?

The CISSP took me into areas of security that I hadn’t previously been involved with and it widened my scope of interest in cybersecurity.

What were the first changes you noticed after achieving the CISSP credential?

Holding this certification gave me greater confidence in my knowledge and approach.

Can you tell me about a time when having the CISSP designation brought you an unexpected benefit?

The most unexpected benefit I found was with team building and sharing my enthusiasm for cybersecurity and the CISSP. I was responsible for IT security at a large Canadian government department, and I decided to mentor some of my team members who wanted to take the CISSP exam. I started a weekly small study group to review the book and the various knowledge areas. That group doubled and then quickly tripled, with other employees who were just interested in security. I brought in guest speakers, held field trips to various secure sites, and we had really good discussions, with some of the ideas being implemented in the department. I really enjoyed running the “course”. As a bonus, the team members successful passed the CISSP exam.

What steps brought you to the job you do today?

Initially, I was the Canadian government representative on the Can/US joint Cryptographic Module Validation Program (CMVP) in the mid 90s, a lab director for an accredited third party lab in the late 90s, a consumer of validated products in the Canadian government in the early 2000s. Now, I am responsible for ensuring our products conform to the requirements of the CMVP program. So you might say that my career has come full circle.

What is the biggest challenge you have faced in your career?

I was working as a senior manager for one of the “Big Four” accounting firms, and the company decided that they were not going to continue with their security practice so my position was terminated. As a single mom, this was devastating! I gathered myself and started my own security consulting company and approached the company who had just let me go to work on the projects they had already committed for me. That kick started my successful security consulting business.

What ambitions do you have for your career ahead?

My company has several ongoing strategic cybersecurity initiatives that I would like to help bring to fruition.

What is it about your job that you love?

I love the people. I am privileged to work with such talented and wonderful people.

What contribution are you most proud of?

There are many. One that comes to mind is my work on some of the briefing books. Government Ministers’ briefing books were pages and pages of written notes. Changes to the books, and all the copies, were constructed manually. It was time-consuming and generally difficult for everyone involved. There was no obvious solution to this as the information was highly secure, so it was deemed that it could not be processed electronically. My team and I proposed that this information could be transposed to tablets, and we devised security solutions, including device certificates, central device management, authentication, and other measures that allowed these books to be transferred to tablets. Our team received a public service award for this and that was a great sense of pride and accomplishment for all of us.

How do you think you have personally benefited from becoming CISSP certified?

The CISSP has not only opened doors for me, but it inspires me to continue to give back to the security community at large through mentoring and supporting security practitioners to qualify for the certification.

How do you ensure your skills continue to grow?

I attend security conferences, presentations, local security community meetings, and I read security articles.

What do you think the biggest challenge is for cybersecurity right now?

The threat landscape is constantly and rapidly evolving and there are much more sophisticated attacks and attackers. The biggest cybersecurity challenge I see is the advanced persistent threat from nation states, and the extent that these will potentially impact our lives and our livelihoods.

What solutions do you think could address this?

The cybersecurity products and services we employ need to continually evolve with increased and advanced security measures. I am privileged to be in a position to influence this.

Who inspires you in the world of cybersecurity?

The members of my team inspire me – every day.

What do you think people considering a career in cybersecurity should know?

The traditional fields of cybersecurity – network, physical, software, etc., are really interesting and will be a great start for a career. I think the world is also moving more to a cloud environment, and the field of DevSecOps is also where an exciting future in the field lies. I wholeheartedly recommend obtaining the CISSP professional certification.

To discover more about CISSP download our Ultimate Guide or learn more with our white papers, 9 Traits You Need to Succeed as a Cybersecurity Leader or The Definitive Guide to Cybersecurity and Business Prosperity.

Or, check out more interviews with CISSPs as a part of this CISSP interview series.