I'm passionate about making cybersecurity practical - both for
people and for organizations. Over the last 25 years in my career
in information security, I've worked as a developer specializing in
creating cryptographic modules, researched vulnerabilities (e.g.
CVE-2002-0082), worked as a penetration tester, auditor, assessor,
researcher, architect, and consultant. I've worked as information
security officer to large financial institutions (e.g. Merrill Lynch),
vCISO to numerous organizations, ran research and thought
leadership for the global professional association ISACA, and
managed professional application and identity consulting services for
a large (Tier 1) Internet provider.
My journey in information security started right out of school when
I took a job with a small startup to help create a Java single signon
product. As I grew in my career, I realized that my technical and
interpersonal skills can be used in tandem to help others understand
the importance of security, to help other practitioners do their jobs
better, and to make the world a better place by helping organizations
do what they do safely and reliably.
This led me to co-write books on cybersecurity (including
"Cryptographic Libraries for Developers" as well as "Practical
Cybersecurity Architecture"), to contribute frequently to the trade
press, to volunteer with events like RSA Conference and InfoSec
World on making their programs as useful as can be, to participate
as mentor to individual security practitioners and early stage security
startups, and to help educate practitioners on both the technical
areas of security and the "human element."
I'm passionate about open source (both as a user and sometimes
as a developer), application containerization, and the "shift left"
movement. In my spare time I enjoy historical and science fiction
novels, dead languages, video games, and behavioral psychology. I
also still enjoy writing software from time to time.
-
Drake Software
Chief Information Security Officer
March 2022 - Present (1 year 11 months)
-
Salt Cybersecurity
vCISO Chief
March 2018 - March 2022 (4 years 1 month)
Rye, NH
-
SecurityCurve
Founding Partner
July 2004 - March 2022 (17 years 9 months)
-
Competitive Analysis – Provide competitive analysis, product improvement recommendations, and sales-related guidance to security vendors.
-
Book Authorship – Authored a book (“Cryptographic Libraries for Developers”). Materials for inclusion in the work include strategies for secure software development, techniques for rapid development using the commonly-available cryptographic libraries (e.g. JCE, OpenSSL, CAPI, B/SAFE.)
-
Industry Analysis – Conduct discussions with press on security trends and industry events; frequently quoted in industry publications such as TechNewsWorld, CIO Today, TechTarget, Information Security, and numerous others.
-
Adaptive Biotechnologies Corp.
Software Security Principal
October 2020 - February 2022 (1 year 5 months)
Seattle, Washington, United States
-
Cienaga Systems
Advisor
July 2020 - November 2021 (1 year 5 months)
