today. It's a long story, but it started. I started in general management. I'm just doing general business management, managing some contracts. And then while I was in college, I discovered there's great world of I t. Security and I'm looking applying to pursue a career in information, security and risk management. And that's why do today, which is data security. All right, I'm a data security officer toe in a medium sized company. There has been many incidents and things that have shaped my career path. Early on, I really just didn't know what to do. But like I said, a big a motivation for me and a life changing event with when I was in college and just had a course on networks and servers and then, of course, on information security. And from there it just lead from one thing to the next. I enjoyed it, I took to it and I grew from it. So that's that's in a nutshell. That's the story

so the responsibilities that I handle in my role really is understanding information, and I t risks that we have in our organization. So the types of things that we handle is trying to understand where our biggest pain points are or where our largest risks are. That may include data or legacy systems or a variety of technologies. We have to understand where our risks air at and then implement appropriate control to confront those risks in that we kind of have to manage, you know, cost the complexity of solutions to manage risks. Andan even manage acceptance of risks because there's times where we just have to say it's gonna be too difficult gonna be too hard to implement something. We're gonna have to accept this risk. I'm so those are some of the fundamental things I do in my role. My weekly work hours. I usually work between 40 and 50 hours a week. I work for a medium sized company with a lot of flexibility. Um, and then I I actually commute into work from a little bit. Distant location is not that bad. It's about 50 minutes. Were there 50 minutes out of Salt Lake city where my work is actually located. So I commute into work it. But right now, with coverted, I get a work from home, which is just an extra plus. I've been working from home since March, so

all right. Something to challenge is really one of the big things is managing. Resource is any company has got limited. Resource is you can only have so much staff. You can have so much technology, um, that you could, you know, manage and that that in my role is one of the biggest challenges. There's always something mawr there's there's a common quote and security coined by somewhere here Center for Internet Security. But he called it the fog of more. There's always more solutions that are available to you are or technologies that are available. Teoh. So managing what really appropriate, what's really necessary. I'm is something that becomes really critical in this type of role, right? Is understanding. What makes sense to implement with limited resource is I mean, it's some of the approaches that we dio. Um, managing these challenges really is is trying to do our best to quantify or do the job qualifying or risk that the better that we can quantify or qualify a risk. The more like we are to prioritize correctly and say these resources need to be spent on particular events or initiatives that are really gonna move the dial and protecting organization. Some examples of that on, for instance, way we may want Teoh have a, um a, uh a gay on malware solution, right and endpoint security solution. This is something we've gone through quite a bit. There's a lot of great features in these tools that can be leveraged by security professionals, but we have to come back to the business and say K for each cool feature we have, it comes with this cost. And so at that point, we really have to say what is reasonable for us to push for business and mortar business case.