On Identity Management Day, we wanted to talk to one of our people who’s most passionate about identity security, Twane Boettinger, Director of Information Security and IT Risk.
Tracing back to his school days, Twane has always been motivated to keep the peace and fix unbalanced or unfair situations. He started his career in civil law enforcement, as a natural fit for his personality, and progressed to use technology in law enforcement. Twane eventually joined the private sector, where the two sides of his law enforcement experience (technology and lawfulness) blended together and became beacons that directed his career choices.
Outside of work, Twane is an avid runner and cyclist. He has participated in tri-sport competitions, including a number of Olympic distance triathlons, reaching the half Ironman distance as a crowning accomplishment! He’s also a member of the team that brought parkrun, an international movement that operates free, 5k events every week, to Oakville. His community involvement goes beyond athletics and he has been involved in, or helped to organize many initiatives, like Relay for Life in support of the Canadian Cancer Society, the Ride to Conquer Cancer in support of the Princess Margaret Hospital, and Hockey Helps the Homeless.
There are a couple of aspects to this question. First, “why is your persona on the internet important?” This focuses on the social aspect of who you are which establishes your personality in a virtual world, which is a reflection of your real identity. For example, when you see a caustic post on a social site, that impression often forms a lasting impression of the identity behind that post. When you’re looking to hire a candidate, their online identity may be a window into the person being considered for hire.
On the other hand, your online identity is crucial to protecting access to the virtual services you rely on. Everything, from your bank account to the vacation pictures you share, are linked to that online identity. Lose your identity, or worse have someone criminally assume that identity, and you may not only lose access to those services, but also the protections that prevent those services from being used criminally. Everything from theft and fraud to impersonation can be exploited. Your identity becomes a tool for a criminal to wield against your family, friends, work associates and your workplace.
I guess I have always been a peacemaker, from my younger days and through the course of my career. At this stage, I now see myself protecting the people that FCT serves. A real person is behind every data point that FCT transmits, processes or stores. If we fail in our responsibility to protect that data, then we fail that person. In a worst case scenario, if the data falls into the hands of criminal parties, this could result in unfortunate outcomes for the people behind that data. That’s why I’m passionate about security. I enjoy technology and the puzzle of making it work, but I do it every day to protect the people represented by the data we protect.
I’ve had two career paths–competition law investigator and IT management. Both careers converge when it comes to technology as I have been involved in many IT projects including the introduction of electronic filing for court documents in Ontario back in the 90s. As an investigator, I was a certified computer forensic examiner, which started me down the path of security. I’ve been an advocate of working within the ITIL (IT infrastructure Library) framework since 2000 having been a trainer, examiner, consultant and certified master. I’ve lead IT teams responsible for delivering services, providing technical support and delivering transitional projects. In 2016, I made the transition to IT security fulltime where my responsibilities include compliance, continuity and disaster recovery, security operations and vendor assessment.
Currently the information security team reports to me. I’m responsible for setting the strategic direction of our security programs and ensuring that our current day-to-day activities ensure the secure protection of all the sensitive data entrusted to, or generated by, FCT.
I can’t really say I can point to one thing. I would say I am most proud of being a part of the multi-dimensional team that has nurtured the IT infrastructure over the years taking it from an in-house data center delivering network and application services to the current complex hybrid state with an expanding array of service delivery. We have seen astounding growth in the requirements and controls that dictate the parameters of our IT operations, which FCT confidently delivers to our customers every day. From my perspective, FCT has transitioned into a technology company that provides real estate and insurance services across the country.
Where to start? The field of security is constantly transforming. That suits my personality perfectly as I am energized by continuous improvement. Within security every emerging threat is an opportunity to do better and as a security professional you have to adapt. You have to look at ways to automate, weaknesses that need to be strengthened and capabilities that need to be developed. Currently, we are revamping our entire Identity Access program even though our auditors agree we do a very good job with our current programs. But in a world where passwords are a weakness and zero trust is the emerging standard, the capabilities and tools of yesterday very rarely meet the challenges of tomorrow.
®Registered Trademark of First American Financial Corporation.