ISACA Journal
Volume 2, 2,016 


The Network 

George Quinlan 

George Quinlan, CISA, has worked in IT infrastructure, operations, governance, security, risk and compliance for 25 years and currently works as a senior IT consultant for Equilibrium IT Solutions in Chicago, Illinois, USA. For the past 10 years, he has taught the CISA review courses for the ISACA Chicago Chapter, and now also teaches the CRISC review course.

What is the biggest security challenge that will be faced in 2016? How should it be addressed?

The frequency and impact of security breaches will continue to rise. Security practices need to become more mainstream.

What are your goals for 2016?

  1. Obtain my Certified in Risk and Information Systems Control (CRISC) certification
  2. Work on my Certified Information Security Manager (CISM) certification next

What is your favorite blog?

What is on your desk right now?

Lots of coffee cups!

What is your best piece of advice for other IT security professionals?

Work for a company/organization that has support from the top.

What do you do when you are not at work?

In the summer, I race sailboats on Lake Michigan. In the winter, I ski and I am a member of the Ski Patrol (we rescue injured skiers). In between, I try to hit the gym.

Question How do you think the role of the IT security professional is changing or has changed? What would be your best piece of advice for IT security professionals as they plan their career path and look at the future of IT security?

Answer Ten to 15 years ago, IT security was an obscure IT role that few companies had or really needed. Now, IT security is becoming mainstream, highly in demand and sought after. The best advice I would give someone is to seek opportunities for training and acquiring new skills and knowledge and to leverage the resources of ISACA to improve your professional self.

Question How do you see the roles of IT security, governance and compliance changing in the long term?

Answer I think these roles are going to become mainstream business functions, no longer optional or “nice to have,” but critical to the ongoing business operations in many industries and organizations.

Question What do you see as the biggest risk factors being addressed by IT security professionals? How can businesses protect themselves?

Answer The biggest risk factors are the speed, complexity and ease with which an organization can become the victim of a cyberincident. Perhaps an even larger risk is the ignorance at the level of the chief executive officer (CEO) and board of directors (BoD). Many CEOs and BoDs still believe that IT has security and risk covered and are happily unaware of the real risk their organizations are facing. I do not think a business can fully protect itself, but must look at security through the lens of a risk-based approach and act accordingly.

Question How have the certifications you have attained advanced or enhanced your career? What certifications do you look for when recruiting new members to your team?

Answer I started in IT as a very technical, hands-on network engineer and worked my way up into IT management. In 2005, I was running IT operations for a credit card processing company and my boss asked me to take on security and Payment Card Industry (PCI) compliance. At that time, I discovered ISACA and the Certified Information Systems Auditor (CISA) certification, and it was the best certification I had ever sat for (I had approximately 15 active technical certifications at one time). The body of knowledge I have gained through ISACA and the CISA certification has made me better in every aspect of my job. I am far more knowledgeable, and I can also relate industry best practices and that knowledge to my job and my clients.

Question How did you make the transition from IT security to roles in sales and marketing? And what skills have helped you the most in these more recent roles?

AnswerI think an effective IT salesperson knows the industry and the business inside and out. The skills I have obtained throughout my career help considerably. What I find interesting is that sales has a lot to do with psychology and human needs and emotions as much as it does technology.

Question What has been your biggest workplace or career challenge and how did you face it?

AnswerIT incidents or major outages are very challenging, and this includes security incidents. I cannot really elaborate on specific details, but I will say that the key to effective response in a time of crisis is being prepared. I have been through a number of fairly serious and high pressure incidents, some were major. Being prepared is the key. This should include a response plan, a team that has practiced responding and more.

Unfortunately, all too often I see organizations focus solely on preventative controls (the latest firewalls or other security measures) and really miss the boat on detective and corrective controls. I am a part-time ski patroller with emergency medical services (EMS) training so I see a lot of injured patients on a regular basis and deal with a lot of stressful trauma situations. The two key things I have learned are:

  1. Crisis situations are always stressful, confusing and never go by the book
  2. Preparation and practice ahead of time is absolutely critical. It is your training and practice that gets you though these kinds of crises. For instance, I would not want someone having to read the cardiopulmonary resuscitation (CPR) manual when I am in cardiac arrest.

Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.