Security Laboratory

Sec Lab - Security Heroes

The SANS Security Heroes project is to help introduce you to people that have made a difference in information security. We believe there are a lot of people contributing to make security work, and we want to introduce you to them.

Kathleen Lynch, Security Hero - August 31st, 2009
Paul Henry, Security Hero - May 12th, 2009
Anthony Giandomenico, Security Hero - February 18th, 2009
Craig Wright, Security Hero - April 4th, 2008
Peter Giannoulis, Security Hero - March 19th, 2008
Suzanne Novak, Security Hero - February 13th, 2008
Laura Taylor, Security Hero - February 8th, 2008

Suzanne Novak, Security Hero

February 13th, 2008
By Stephen Northcutt


I met Suzanne, Executive Vice President of ERUdyne, LLC and President of the Connecticut Chapter of InfraGard, as we were doing our due diligence related to running a SANS conference in Boston. Suzanne also serves as a Disaster Assistance Employee (Reservist) for FEMA as an External Affairs Specialist from Region I (New England). Her professional focus is on developing and implementing strategies that facilitate information sharing, one of the hardest problems to solve, especially in a disaster. She has been willing to do an interview with the SANS Technology Institute Security Laboratory, and we certainly thank her for her time.


Suzanne, can we start with your personal philosophy; in one sentence, how does one choose their career and the path of their life?

Events in life and the choices we make as a result of those events create the fabric of our lives. My career has evolved over the past twenty-five years in response to the people I have come in contact with, the experiences I have been involved with, and events that have occurred along the way.


Makes sense, my own life is much the same. When you first started working, what was your primary goal, what were you trying to accomplish?

I started out wanting to make a difference and doing the right thing for the right reasons. Although how I make a difference has changed, my fundamental values, goals and decision-making process have not changed. I still believe in making a difference wherever and whenever I can.


Well, hang on to that! I would hate it if security just became a job for me instead of a mission. So, where did you start?

Early in my career, I was living in Northern Virginia and working in Washington DC. At the time, my career was focused on technology and its impact on business. Today, nearly twenty-five years later, I am living back in my home state of Connecticut, and my career is focused on homeland security and its impact on business. The common theme throughout my career has been issues, events and people and the impact of those on business.


OK, so how did you end up in information technology?

In 1984, while working for a large law firm in Washington DC, I was tasked with learning how to manage our existing AT&T phone system and the call/cost accounting system to track billable calls to our clients. At the same time, AT&T divestiture occurred and a new industry emerged - telecommunications management.


I’ll say, those were crazy times for anyone associated with telecommunications. Heck, it is still crazy with the intense need to wrap our arms around VoIP. So share a bit more about those days, please?

My career in the field began with the responsibility of selecting a new phone system for a 400 person law firm in a high stress environment. A consultant was hired and it was my job to help them assess the voice communications needs of the firm. It became obvious pretty quickly that the consultant was not adding the value I thought they should. After suggesting to the Managing Partner that I could conduct the assessment and select a new phone system without the assistance of a consultant, my future career path was born. I ultimately selected a new system, managed the implementation, developed the training for the end-users and was ready for my next challenge. I left the law firm and went to work for a regional bank in Northern Virginia.


How did you make the leap to information security?

The year was 1986 and security as a career did not exist as we know it today. As part of my role for the bank, I designed and managed the implementation of the telecommunications system for a new operations center. I also was responsible for managing the existing voice communications infrastructure throughout the 37 branches and the executive office building - all in separate locations. In this role, I was first exposed to security. It was the first time I worked in a building with a centralized security operations center and an access controlled environment.


So you were aware of security before it was a true discipline! It was rare to find people who really "got it" with respect to security, and you were still on the telco side of the house?

In those days, voice communications was a separate discipline from Information Technology (IT). I reported to the Senior Vice President of Administration who had responsibility for Human Resources, Security and Administrative Services (telecom was part of this group). The only interaction with IT was at the basic cable plant design level (placing the jacks and laying cable to accommodate both voice and data infrastructure). This created both challenges and opportunities.

As my career progressed, so did technology and the integration of voice and data communications. As the technology advanced, security issues were developing as well. Issues such as securing information that was being transmitted; blocking access to PBX lines from outside users; and protecting passwords from getting into the wrong hands were emerging management challenges for many businesses during the late 1980’s and early 1990’s. Additionally, vendors and end-users were beginning to deal with disaster preparedness and recovery by building in redundancy in the technology being developed by vendors and in the processes and systems being implemented by end-users.


Got it, that explains the FEMA connection, you were early to the disaster recovery space. So, what happened to get you out of the 9 - 5 corporate America job scene and into the crazy world you are living in today?

My career migrated from a telecommunications manager to a consultant. From that point forward, I was problem-solving for businesses and finding the right balance between people, processes and technology. Over time, I worked my way through various technology-related jobs in corporate America and, along the way, was exposed to the success of creative entrepreneurs.

Once I discovered the joys and challenges of being an entrepreneur, it appeared that my destiny was to become one myself. Ultimately, I made the choice in early 2001 to join my sister’s business, ERUdyne, a cross-cultural training and consulting firm. My role is to manage the business and find ways to grow the company.


Business is a hoot and we live in such fascinating times, so now you have a lot of independence and a big say in what work you take on. Can you share a bit about how life is as an independent consultant?

Since the time I joined ERUdyne, the world has changed and so have we. Experiencing the aftermath of the terrorist attack on the United States on September 11, 2001; the bankruptcy of one of our major clients; and the impact of the corporate scandals - all of which occurred in the fourth quarter of 2001 -- severely impacted our business plan and potential success, yet we persevered.


Ouch, Suzanne, ouch! So, what did you do?

Like many people, September 11, 2001 changed my life and my career forever. We shifted the focus of our company from working with global sales, marketing and customer service departments to global security and public servants. We developed new courses and identified a new potential client base.


Okay, I am starting to pull the core philosophy statement together: these events in life were at their strongest in 2001, and the choices you had to make then influence where you are today. Where are you today?

I can honestly say I did not know where my career would take me when I started out in 1984, but I followed my instinct and responded to circumstances which brought me to where I am today - an entrepreneur and a reservist for the Federal Emergency Management Agency (FEMA).

Along the way there have been many obstacles. Some large. Some small. All of them provided a challenge for me to overcome. In the early days most of the obstacles involved the uniqueness of being a woman in a technology field.


Hopefully people are starting to respect women in technology, I am certainly seeing more women in the class I write and teach, SANS Security Leadership Essentials, and many of them are in director positions. But it is more than gender, correct? Values about all the rest need to matter, true?

As time went on the obstacles were more about the conflict between my values and corporate values. I stuck to my values which sometimes led me to leave a job or a company because I could not stay and be true to whom I was and what I believed in. I made an impact where I could and left when I knew I could no longer positively affect change.

Staying focused on my values and my beliefs helped me overcome the obstacles I faced -- in my career and my life. This philosophy has enabled me to clearly integrate who I am with what I do for a living.

Today I am an entrepreneur, a public servant, and a business resiliency professional with a specialized discipline in emergency management and homeland security as it applies to public-private sector partnerships.


That is a mouthful Suzanne, what does this mean? Can you break it down a bit?

I help companies learn about the government and how all levels of government prevent, protect, respond to and recover from both man-made and natural disasters. I also help government understand how businesses make decisions and prepare for emergencies that could impact their business. When I am not working with businesses developing their role in homeland security and emergency management, I am serving as a reservist for FEMA responding to disasters and helping communities recover.


Looking back across the landscape of your life, what are you most proud of?

There are many accomplishments throughout my career of which I am proud but the one that stands out the most in my mind is when I sat down with my sister after September 11, 2001 and we talked about how we could take our skills and apply them to homeland security. We talked for a long time about what we could do to assist in the fight against terrorism and how our business would change when we went down that path. The decision was an obvious one. We developed new courses to teach people about the impact of culture on global security and how culture impacts investigations. I got actively involved in InfraGard, a public-private sector partnership led by the FBI, and consequently began an in-depth learning experience in government run national security exercises, national preparedness and disaster response and recovery.


If you could share just one thing with our readers, one tip about disaster recovery, what is the most important thing for them to know?

The most important tip I can share is to be prepared. I know it sounds trite, but it is the truth. Everyone needs to take a hard look at what they need to survive should a disaster occur. On a personal level (individual preparedness - water, food, and basic essentials for 72 hours of survival on your own), within their families (does everyone know where to go if they get separated and whom to call), and within their communities (business resiliency plans in their companies, local emergency plans where they live, evacuation routes in their States, etc).

You never know when something is coming but if you are prepared for the worst, and pray for the best, then disaster recovery becomes a bit less stressful and, hopefully, more successful than if you do nothing and wait to see what happens and then try to pick up the pieces. We all know what happens when we don’t pay attention to the world around us. Preparedness is all about paying attention and knowing what to do and when to do it.


Can you tell us just a bit about Suzanne Novak, what do you do when you are not working late into the night? What do you do when you are not at a keyboard?

Let’s see...who I am is largely intertwined with what I do...I guess that is why I enjoy it so much! Having said that, I love the outdoors in New England and especially the beach year-round, so I get there whenever I can. I just finished writing my first novel and am seeking an agent and/or publisher when I have time.

I don’t have any kids of my own so I borrow other people’s kids (nieces, nephews and friends’ children) whenever I get the chance because I love being around them and the perspective they bring to my world. It’s easier to explain building a sandcastle with kids around then doing it on my own!


What is your most important career goal for the next 18 months, can you tell us something specific?

My most important career goal is to continue pursuing the development of a national model for integrating the private sector into homeland security and emergency management initiatives. I want to write a book and teach courses on this topic to further bring this issue to the forefront of our national efforts...with a solution/framework, not just a number of questions with no answers.

I am not sure I will accomplish that in the next 18 months, but I am going to give it my best shot!!


Where do you see yourself in the next five years?

Only time, events and circumstances will tell what is in store for me...but I know I will remain an entrepreneur, a public servant and involved in our nation’s security, emergency management and disaster response and recovery efforts.


We began with philosophy and, if it is okay with you Suzanne, I would like to close that way. It looks like we will all be dealing with bigger and bigger events as time unfolds. Since events have played such a part in fashioning the direction of your life, what advice do you have for people that are responding to dramatic events in their own life?

The best advice I can give is to reach out to your network of strength (whether that is family, friends or your community) and don’t be afraid to ask for help. No one person can handle everything on their own but collectively we can all get through anything...one way or another. And perhaps equally as important, keep the faith...things do get better, sometimes it just takes longer than we would hope.