A Peer-Submitted Best Practice

Security: Not a Practice, A Passion

If I’ve learned anything it’s that security is something that you must regularly evaluate and adjust. The efforts made to secure your systems today could easily be compromised tomorrow, depending on a variety of circumstances. Attention to regular security assessments will be key to a future of confidentiality, integrity, and availability.

For IT leaders my age, when we started our careers, security was not paramount. In the 1980s few people were thinking about hackers, let alone nationstates, compromising systems. Fast forward to today and security is a major part of every IT Team’s regular conversation.

Back in the 1990s we did have the concept macro virus and I remember the first sleepless night devoted to mitigating a virus outbreak and refreshing staff computers. The first of many related sleepless nights. Leading up to the end of the millennia, the Y2K scare had everyone on edge and even security teams were on alert. Immediately upon reaching 2000 the I LOVE YOU virus ensured that attention remained on security. It was at that time that I sought the first outside security assessment of my corporate systems. A kid half my age came in and spent a couple of days poking around and left us with a report of numerous findings to remediate. We did our due diligence and responded to the findings then shelved the report.

Fast forward to 2013 when we got a call from the FBI asking about an email that three of our staff had received and wanting to know if they had clicked on it. I didn’t know the FBI could tell what emails we were receiving. Regardless, what we did find out was that those emails were part of a targeted nation-state campaign directed toward member companies of the natural gas industry we served. It was at this point that we began annual assessments from outside security firms resulting in annual opportunities to further tighten our security posture.

We can never be too vigilant. The adversary is prowling and ready to compromise our systems for sport and for profit. Be safe out there!

About the Author

Jim has spent the past 33 years of his career in Information Technology and Cybersecurity management with several non-profit organizations in the Washington, DC area. He is currently Chief Information Officer for the American Gas Association (www.aga.org), and has worked there for the past 20 years. Prior to that he spent eight years as IT Director for the Chemical Manufacturers Association. He planned IT projects and set technical direction for both of these organizations.

In addition, he is a Certified Chief Information Security Officer, Certified Information Systems Security Professional, Certified Association Executive and holds many other industry certifications.

Photo of Jim Linn

By Jim Linn

Chief Information Officer at American Gas Association

Share this Best Practice

You might also be interested in these Best Practices