Security professional by day, Insidious Doktor Mayhem by night

I am a senior security professional with more than 16 years of experience in information security working with audit, risk, compliance and governance teams; business leaders; regulators; and technical divisions.

I am also the Insidious Doktor Mayhem when I play lead guitar for Metaltech, a rock band that has been nominated for three Scottish Music Awards, been seen by more than 9 million people, played at huge rock festivals and shown a penchant for pyrotechnics, lasers, audience participation, confetti and bubbles.

This may seem a slightly strange juxtaposition of activities. I’d like to explain why it fits perfectly.

IT governance and IT risk are understood by certified professionals. Security guidelines, advisories, research, etc., constitute an incredibly strong field, with skilled practitioners who are well-respected. Penetration testing is a mature industry, as is the antivirus/antimalware industry.

In any organisation, the challenge to successfully deliver information security is not technical. Where security usually fails is in communication with senior management, risk functions, audit, governance and the board. Business leaders see security professionals as the scary technical wizards who use complex jargon that is unintelligible to the rest of the world.

So what do I do to avoid this communication failure? I connect with people.

I link business with security. I can talk rulebases with a firewall manager and operational risk with a COO. I can interpret the meaning of CVS, OWASP Top Ten, OSAMM, the real-world risk of a 16-year-old hacker destroying systems and other interesting topics in a way that business heads can use.

In my free time, I am an active moderator on security.stackexchange.com a Q&A site dedicated to helping security professionals pass along their experiences and training, where I focus on simplifying my industry and its terminology.

And on weekends, I put on some leather, plug in my 7-string Ibanez to a Marshall amp and deliver some classic rock, interpreted for more modern times using techno and industrial beats, delivered with tongue firmly in cheek.

Judging by our album sales to folks in the information security industry in the UK, Europe, US and further afield, it appears to go down quite well. Having been asked to support Alec Empire, KMFDM and other big acts popular in this space, we’re doing something right, despite not being likely to show up on The X Factor anytime soon.

Oh, and as a stress reliever, you can’t beat headlining a festival, watching thousands of people jumping around lit by the fire coming from my guitar and my head-mounted lasers! 

Come to think of it, we might go down pretty well at a security conference.

Rory Alsop, CISM, CISSP
Security Lead for PwC, Scotland
President of ISACA Scotland Chapter
Chairman of the Scottish branch of the Institute of Information Security Professionals
Lead guitarist with Metaltech

We welcome your comments! Please log in using the Sign In link at the top right of this page and then leave your comment in the box at the end of the post. To view all blog posts, please click on the ISACA Now link in the blue box on the left.