roy_wattanasin_1Roy Wattanasin is a SecureWorld Advisory Council member in Boston, and serves as an information security leader in the healthcare industry. He is also an adjunct professor at Brandeis University, where he co-founded the Health Medical Informatics program.

Because Advisory Council Members have told us they love learning from each other, we asked him some questions about his role and challenges. Here is that question and answer session.

SW: How did you get started in cybersecurity?

RW: Technical support, web/application development, system administration, network consulting, and then information security.

SW: What is the most challenging aspect of your job?

RW: Managing risks for all users and projects in the organization and outside the organization. Additionally, managing all third-party risks.

SW: What constraints or challenges do you see in the industry as a whole?

RW: Challenges and constraints include prioritizing projects for the security program and assigning them in low, medium, and high categories that are understandable to the business. This also includes trying to constantly study and understand all of the threats and risks out there to stay ahead of the curve. Furthermore, trying to be more “proactive” than reactive to any issues. It is always amazing to see the maturity level of an organization’s security program go from one level to a better level.

SW: How do you see current threats evolving over the next year?

RW: Current and new threats will always be evolving. We must interact very well with all of our users or else the attackers will or have already been doing so. 

SW: Do you feel there is enough sharing of threat intel within the cybersecurity community?

RW: No, we as the good guys and girls, aka blue teams, need to share information more readily. The attackers have been doing this very well in many forms.

SW: If you had to choose, what’s the one security practice people can adopt that would have the greatest impact?

RW: One security practice people can adopt is using 2FA, or two-factor authentication, in their daily lives, but also try to help users to make it easy as possible. It also helps to make users understand the pros and cons of using it.

SW: How do you view current compliances and regulations? Are they doing enough or not at all?

RW: They can be good and bad. They have been helpful, however, we must do our own due diligence to ensure that our organizations are secure, compliant, and meet or exceed the regulations.

SW: What actor would play you in the latest cybersecurity/hacker blockbuster movie?

RW: Robert Redford as Martin Bishop from "Sneakers."