Why do I work in Security, Policy, Governance, Compliance? AKA boring old man stuff...
The TLDR : I don't do things I don't care about. So when I say I care about security I mean it.
Forcing myself to do something has never gone well for me, this applies to my career and my life. It even applies to this blog post. Writing is an extension of myself when I care about what I'm doing and self-torture when I don't.
And yet, I wake up at 6AM everyday and go to work by 7AM. In the summertime, I squeeze 30min of gym time before work, and when it's busy I may stay until 5-6PM to get the job done. I like my job, and I care about my coworkers.
In my free time I am the communications director for ISACA Calgary, I am a member of CSAZ46.1, volunteer at music festivals, and host for events across the city. I enjoy being involved in the community and meeting new people and constantly find that everything I need is outside of the house. The experiences I crave are not Netflix or Amazon Prime Video, they're in each individual I meet every day.
All of this is to show that when I say I care about security I mean it. I really really care about security, its why I dedicated 8 years of my life to learning and developing the skills to be in this field.
Of course, it didn't start this way. In the beginning, I chose electrical engineering because I liked circuits and the incredible opportunities that computing and electronics provided. During my student internship at Hexagon, I began to understand the seriousness of security. I worked in the applied research team hacking GPS's and learning about 5G location tracking technology. It also helped that I listened to a lot of Darknet Diaries during lunch break.
Before I worked at Hexagon I did not know very much about GPS, I didn't even know Python. Through the 16 month internship, I learnt about our reliance on this technology and taught myself Python to interact with the receivers. I cared about GPS security because of its application on aircraft and other critical technology in war zones or in the sky.
My research in the last half of the internship focused on 5G location tracking, I stumbled across some journals which showed how easy it was to location-track an individual when 5G towers would be in place. To me, this seemed like a serious breach of personal privacy. This was in addition to learning that our text messages and voice calls are not really encrypted, which was also a shock to me.
So, in my last year of university, I applied to do a master's thesis in electrical engineering with a professor who specialized in wireless communications - hoping to apply my knowledge of location tracking and do something to protect people with it. My thesis idea changed significantly throughout the first 4 months. I instead developed an algorithm and theoretical approach to the physical layer security of self-driving vehicles. Honestly, by the end of the thesis, I was beyond exhausted and just happy to move on.
Academia was not for me, I just couldn't care less about grants, approvals and theories any more. But I'm grateful for the experience because it formed the scientific foundation and discipline that I use in my work today. My long hours spent researching journals and doing things in the correct, scientific way have trained my mind to behave in a thoughtful structured way. My weeks spent preparing for conferences, speeches and thesis competitions has made me a confident technical writer and speaker.
Now at my current job, I have a lot of free reign. It started as a small company, no more than 11 people and there was a lot for me to sink my teeth into.
I care about my work at Applied4Sight because my coworkers care about me and support me in whatever I think is necessary to do. In my time here, in addition to my daily work, I've done a lot of fun side-quests. I learnt SharePoint and moved our old SharePoint into the 2019 New SharePoint structure. I've organized volunteering events and candle-making activities. We played volleyball together for two seasons, I got my ISACA CISM certificate, joined the CSA Z246.1 board and much more.
I'm grateful to be in a team that is supportive and to have a boss who actually cares about the well-being of his workers. I look around at corporate Calgary and the broader corporate America and I see a lot of numb, dissociated, disillusioned people who want to care and do more but don't for various reasons. Reasons I will get into - but not here.
Let's bring it back to security.
I'm writing this blog post because I've been thinking deeply about the path that I would like to take which is most true to what I am meant to do. I used to be motivated by a career that provided stability and a good salary, but I'm realizing that life is much more than a steady job. besides, what good is stability for *me* if my neighbour, my city or my community is struggling? That just doesn't sit well in my heart. I want to be an individual who takes responsibility for the impact I make on Earth. To me, it starts with kindness and respect for people and expands into being an active and engaged citizen.
This is why being on the CSAZ246.1 board is so important to me. I'm grateful to be with industry representatives and government representatives who are actively shaping Security (physical and cyber) policy in Canada. It's known that CSAZ246.1 is a well-structured, performance-based standard which is used as a template for multiple other performance-based security standards across North America. Working on this board and actively engaging with everyone provides a deep sense of meaning for me - and the knowledge that I am doing my duty as an engaged citizen.
This is also why being an active volunteer around the city is important for me. I don't just do governance all day. I also go out and volunteer for Folk Fest or other creative events. I've even had the pleasure of volunteering and going to Burning Man. Meeting people who are in a different way of living is important because they show me things that I need to do more like play, laugh or create.
After meeting so many thousands of unique, wonderful individuals over the last 3 years I have developed this feeling that something is changing and I need to be a part of it. I think it needs to start at the individual level - with each of us. I believe that my contribution to security awareness, governance, risk and all other related areas will change policy and steer our collective ship. I feel a lot of fear and unease when people talk to me about emerging threats such as AI and Cybersecurity and I care very deeply about its potential impacts to society.
That's why I'm documenting these thoughts on this blog now and restructuring my personal website. To provide some insight and thoughts on what's going on in a less techy and more open-hearted way.
So if you enjoyed reading these thoughts then let's connect! Send me a message and I'll keep reflecting on topics that are most important to us all.
