R. Troy Pollett
Director – Security Audit & Risk Management
Sector: Information Technology, Law, Public Safety, Corrections, and Security
Type: Career Profile
Computer Science, Guidance & Careers, Science, Technology & Engineering
This job is exciting because you are always learning new technologies and processes. This job is interesting because you get a good sense of how the entire business works; from end-to-end. Often, new technologies and new projects bring higher risks. Because of this, it is important to keep learning about the latest technology trends so you can better help the organization. The more you learn the more valuable you are to the business. Having expert knowledge lets you help co-workers and assist leaders in making business decisions and solving problems. This career has been right for me because it allows me to combine technical skills with business knowledge. It also allows me to interact with many different people across my business.
This is not the job I expected to have when I was in high school. In fact, I had no idea what this career was about back then or even that it existed. I was always interested in science and technology, but I didn’t want to be just programming or coding all day. I was more interested in how technology worked and how it was used for practical purposes or business goals. After high school I decided to do a Physics degree. This was great fun but I wanted to work in more applied science, so I completed a degree in electrical engineering. The work terms were great and I got to work with a lot of different tools and technologies in industry.
When I graduated, I went to work with a telecommunications company. Here I started doing detailed technical system support and design. As I got more involved with business technology management, I decided to complete a master’s degree in business administration focusing in Finance and Strategic Management. I found the decision making and problem solving involved with the management of technology much more rewarding than the task-oriented system design and support. This led into completing professional certifications in information management and a large part of that is security, risk management, privacy, and audit, which I work on today.
For a young person interested in information security management I would recommend first building a strong technical skill set. Learn about traditional operating systems. Add a little bit of development / coding / scripting, some networking, and as much cloud technologies if possible. Perhaps look at becoming familiar with some technology toys such as Arduino or Raspberry Pi. I would also get involved with organizations such as ISC2 or ISACA at an early age. These organizations have frameworks that can be understood at a high school age and certifications from these are great resume builders. After building technical skills, I would recommend becoming familiar with as many different industries as possible such as finance, health care, food management, critical infrastructure systems (e.g., power grid systems) to determine which ones you are most interested in.
I find it important to have a variety of mental and physical outlets to clear my mind and relax. Besides reading a lot of industry articles, I love music and play guitar and saxophone. I love a variety of music such as jazz, hard rock, and progressive metal. I also like a variety of sports but mostly focus on mountain biking and downhill skiing. Volunteering has been important to me the past few years and I have been involved with Junior Achievement and Science Fair judging.
My day-to-day tasks at Verafin are mostly related to security audits and planning. An audit is a organized review that helps us decide how secure our information systems are. Audits take place regularly and can be based on risks we know about or they just part regular part of a security policy.
When we plan an audit, we follow a logical, scientific process. First, we look at the controls we have in place related to people, technology, or processes that we need to check. Then we decide the method we will use to test it. Many of the controls are technical in nature. To check these you need a broad understanding of how technical systems work. This includes the on-site physical equipment as well as different cloud environments.
My team has people who are experts in technical systems, audit controls, and risk management. Sometimes technical auditors will work as “white hat hackers” and try to break into systems. They try to “break things” or demonstrate how technologies can be broken. For example, if a web site is not designed properly, specific inputs to a web page could completely break the site! And if people are not trained correctly to handle sensitive information, they can be tricked, often through phishing emails, to give up information or to give access to information.
The most difficult part with performing this job is figuring out what the real business problems are and what level of risk they present; low, medium, or high. Once we know the risks we share this with the senior business leaders and provide some recommendations on possible ways to fix the problems. As a result, this job also involves working with people across the business to figure out what is working and helping other leaders fix problems.
I was born/grew up in: I was born in Corner Brook NL.
I now live in: St. John's, NL
I completed my training/education at:
I studied sciences and math in high school and then completed a Bachelor of Science degree in Physics, a Bachelor of Engineering (Electrical) and then a Masters in Business Administration all at Memorial University. After university, I completed several professional certifications from ISACA, ISC2, and BSI Group.
When I was
- Computer Science
- Literature & Language Arts
- Enjoyed doing things on my own
- Always wanted to be outside
- Liked helping people
- Enjoyed working with my hands
- Wanted to be in charge
- Liked being given free range to explore my ideas
- Liked reading
- Felt great satisfaction in getting good grades
- Wasn’t sure what I wanted to do
- Liked to take things apart to see how they worked
- Liked to design or build things
- Engaged in activities such as fishing, berry picking and hunting