In the wake of high-profile breaches and data leaks, the government will pay a lot more attention to information security. Are security pros ready for this scrutiny? Professor Eugene Spafford has his doubts.

His biggest concern: Security pros are prepared to talk about technology, but they aren't equipped to discuss policy.

"I have a worry that over the longer term, we're going to have more and more intrusion by governments, more policymakers scrutinizing what we do, trying to set mandatory standards ... where we don't have quite sufficient data to justify them," says Spafford, or Spaf, a professor of computer science at Purdue University. "As technologists, we can't simply say: 'This is a bad idea because ...' - and then talk about computing. We have to understand the nuances [of policymaking]."

In an interview conducted at RSA 2014, Spaf discusses:

The dangerous intersection of information security and government; The plight of women entering IT security; How to grow the profession.

Besides being a computer science professor, Spafford serves as executive director at Purdue University's Center for Education and Research in Information Assurance and Security. Widely considered a leading expert in information security, Spafford has served on the Purdue computer science faculty since 1987. His research focuses on information security, computer crime investigation and information ethics.