Security News > 2022 > January > Behind the scenes: A day in the life of a security auditing manager
Now, Hornung is CEO at Xact IT Solutions and has 15 years of security auditing and other IT services under his belt.
In the pharmaceutical industry, Hornung said, there's an incentive to deal with regulations-beyond the FDA-to avoid "Dealing with the PR nightmare of a breach on their company."
Hornung started out helping big companies like Pfizer, Merck and Bristol Myers Squibb, doing audits.
Some companies are hesitant to engage a company like Hornung's, if they have a previous relationship with an IT provider.
"From a technical perspective, it's a security assessor's or auditor's job to find the needle in the haystack and then determine if the needle is something that is actionable or not. Depending on what you're monitoring, and what you're trying to determine has a problem, if it's a running computer, or machine, a piece of hardware, that thing is going to be generating hundreds and hundreds of logs every minute, if not thousands, depending on the size of the company," Hornung said.
"In our business, the communication between us and the client in a situation where a company has an internal IT means we want to see the communication between the internal IT people and whoever the security officer or manager is," he explained.