Moving Across National Borders in Information Security

I am originally from the U.S. and relocated to New Zealand in 2014. Prior to coming to New Zealand, I worked as an IT auditor in Phoenix, Arizona, U.S. Long before engaging in IT related work, I obtained an undergraduate degree in Aerospace Engineering from University of Arizona and also an MBA from Thunderbird School of Global Management. The engineering degree taught me how to think about systems. The MBA prepared me for working in other countries.

You might wonder why I moved from aerospace engineering, IT audit and then to information security. I am a multipotentialite (http://puttylike.com), and have many different interests and pursuits in life. For some time, I had resisted pursuing information security as I thought it was primarily about hacking.Then I saw a chart (see below) that showed me the many facets of information security. Having so many facets interested me.

I was informed about the CISSP by colleagues in the U.S. At the time, I thought I was not ready for it. I found out about the Associate Program from the (ISC)² website. I decided to obtain the Associate designation because I wanted to be considered for an information security position. Then I moved to New Zealand.

Transition to New Zealand

Why New Zealand?  New Zealand is a beautiful country. Anyone who has seen “Lord of the Rings” or “The Hobbit” movies has seen the beauty of New Zealand. I was also intrigued by a country that posted a high SPI (Social Progress Index http://www.socialprogressimperative.org) score and a high Transparency score (Transparency International http://www.transparency.org/cpi2015 ).

Currently, I am the information security manager for Waikato District Health Board headquartered in Hamilton. This organization provides healthcare to more than 300,000 New Zealand citizens and residents. Anyone who has worked in a hospital system can understand the complexity of providing healthcare, managing information systems and balancing security and privacy. In my present role, I am charged to lead the development of the organization’s information security strategy, framework, culture and policy. In conjunction, I develop information policies, protocols, procedures and guidelines. Also, I perform risk assessments and review operational compliance. My favorite part is working to raise security awareness and provide advice and guidance.

When I applied for my current position, one of the requirements was that “the candidate holds an information security certification.” I had studied for and passed the CISSP exam in October 2013. At the same time, I was also able to apply work experience as an IT auditor and work experience as an information security manager. I was able to obtain the CISSP in September 2015.

Borderless Certifications

One thing I would like to share regarding the internationally recognized certifications like the CISSP is that such credentials cross borders. I really do not have to explain that I am an information security professional. This is important in a world where information security knowledge and skills are wanted. The certifications give me credibility when I speak about information security. This is important in gaining trust and the acceptance of others.

I was encouraged by Ryan Ko, Ph.D. at the University of Waikato (http://www.cms.waikato.ac.nz/people/ryan) to obtain the CCSP (Certified Cloud Security Professional). I had come into cloud technologies by accident and had worked on cloud-based implementations. The CCSP has given me the creditability to speak about issues of data security and cloud use. The CCSP is not well known and I am having to educate colleagues about it. By the way, the Maori’s (first people to come to New Zealand) name for New Zealand is “Aoteoroa” which means “Land of the Long White Cloud.”

Since moving to New Zealand, I have been able to write and speak more about information security.  I write a blog published within Waikato District Health Board. I have also written a chapter on cloud governance in “Cloud Security Ecosystem.” At Cloud Asia 2016 (http://www.cloudasia.asia ) in Singapore, I gave a presentation on “An Experiment in Virtual Healthcare.” This is an initiative of Waikato District Health Board to provide healthcare through a cloud-based system and mobile devices. I have also worked with Cloud Security Alliance (www.cloudsecurityalliance.org) which is a partner with (ISC)² on the CCSP.

You may be wondering how the work environment in New Zealand compares to what I experienced in the U.S. There does appear to be a better work-life balance. Also, there are more holidays and vacation days in New Zealand. This allows for more time to enjoy the beauty of this land.

Advice to Novice Security Practitioners

The (ISC)² Associate Program indicates to anyone that the holder of this designation is serious about information security. Take the exam (for whichever certification you want) as soon as you are ready to do so.  Even if you are a student, having the Associate designation makes you stand out from other students. Once you obtain the Associate, it really is only a matter of time before you become certified.

---

About the Author:

Name: Sai Honig

Job Title: Information Security Manager, Waikato District Health Board, New Zealand

Where are you from or currently based: Originally from the U.S.; currently based in Hamilton, New Zealand

(ISC)² certifications: CISSP, CCSP

Years of experience in the industry: 6

Topic(s) of interest in infosec: Cloud, Governance, Data

Career Goal: CISO

Social Media Contact: nz.linkedin.com/in/saihonig/

(ISC)² Management

[(ISC)² Blog]