By Audrie Ramirez, information security intern, UCOP. Sam Horowitz’s passion for information technology developed in his early teens. His father taught data processing and he found himself picking up books to learn more. A Texas native, he earned an undergraduate degree in computing science from Texas A&M University, with a minor in business. Although math was not his specialty, he excelled in cryptography, which involves mathematics and computer science to create patterns of characters.
Horowitz worked in technical sales support at the start of his career. He later landed a position with Hewlett Packard (HP) where he focused more on information security in data architecture, security authentication, and security client services. At HP Horowitz faced one of his biggest IT security challenges while working with Netscape on its Internet browser security. He had the chance to work on a team with Taher Elgamal, the “Father of SSL.” The team’s collaboration led to Netscape’s success in implementing authorization based on client certificates in their web server.
As chief information security officer at UC Santa Barbara, Horowitz said, “CIA (Confidentiality-Integrity-Availability) is the heart of it all.” He must understand the campus risk posture, threshold for risk, need for security, and implementation status of IT staff controls and technologies, such as authentication and logs, cryptographic keys, and anti-virus. Horowitz emphasizes additional training for IT staff and app developers, such as the Security Plus certification.
When asked what makes him laugh when reflecting on his career, Horowitz said, “Irony is always something that makes me laugh. When something doesn’t quite go right or the opposite of what you expect happens. Like when you try to train and coach people but they do something that they shouldn’t do. Although when something damaging happens it’s no laughing matter.”
Early in his career, Horowitz served on a volunteer fire department as an emergency medical technician. “It helps me to this day to respond to incidents better. To some extent, managing cybersecurity incidents has a lot in common with managing an accident scene. You’ve got to determine who’s injured (or affected), who isn’t, and how to keep the environment safe to stop further damage. After all that, recovery!”
Horowitz’s tips for protecting yourself against cyber-crime:
- Take updates when available.
- Run anti-virus software on all your devices, including Macs and Androids.
- Be careful about clicking links and attachments.
- Back up data twice. Automated backup and a separate backup to something that isn’t online, which you can lock up safely.