The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/7599
www.iltanet.org 16 Peer to Peer ASK THE ExPERT How did you get into a risk management career? I have a bachelor of science degree in engineering and an MBA from Purdue. My movement toward the risk management field began when I was asked to help on a project where we ported mainframe data to a PC. This was in the healthcare environment for a chain of hospitals. They were concerned about protecting patient data and protecting the systems to ensure they'd be up and running as expected. Fundamentally, this requirement was tied to security, and, given my education and experience, I was asked to manage that piece of the project. The rest is history. My biggest challenge is striking the balance between security and functionality and between specificity and ambiguity. I'm an engineer, and we love specifications, which causes me to trend toward absolute security and absolute specificity, which Adam Hansen Sonnenschein Nath & Rosenthal LLP We turned to a few ILTAns out of risk mitigation DiREctoR of infoRMation sEcuRity chicaGo, il number of attorneys: 700 number of offices: 13 are rarely appropriate in any situation. My biggest rewards are probably the least obvious. Generally, they come when a member of my staff grows professionally or personally and/or an employee of the firm correctly applies a security concept without external poking or prodding. Three things keep me up at night. First, I worry about the data we have in our care and how people are handling or mishandling it. Second, I worry about how the firm mitigates risk — most folks approach this as a binary decision versus a portfolio approach, a process that unnecessarily drives up the expense of risk management. Third, I worry about not having enough eyes and ears to identify, escalate and address issues. Security and risk mitigation are everyone's responsibilities, and I worry that folks aren't thinking about it, they're cutting corners or turning a blind eye during these intensely difficult financial times. Have you seen a change in risk management interest levels within your firm over the past 12-18 months? Yes, interest in risk management has grown over the past 12-18 months — in pockets. We now see consistently high interest within IT, and we see heightened awareness at the board level and a growing interest among senior management. I am working to develop and cultivate this interest at all levels of the firm. ILTA How did you get into a risk management career? My formal education includes bachelor's degrees in science and computer information systems and continued post- Kevin Davidson Stinson Morrison Hecker LLP DiREctoR of infoRMation sEcuRity Kansas city, Mo number of attorneys: 360 number of offices: 8 secondary coursework. I was attracted to the this field because I often saw gaping holes in security in the places I've worked. My challenge in the management of security is trying to focus on what is important (strategic) rather than reacting to urgent situation. I'm gratified to see that our strategies to reduce risk have improved business processes rather than "locking business out." What keeps me awake at night? The gap between where we are and where we need to be. Have you seen a change in risk management interest levels within your firm over the past 12-18 months? Yes, risk management continues to overlap into the rest of the firm. ILTA