I began blogging in 2002 when I was the Vice President of Quanta Enterprises.
Quanta's core competencies were thin compute and high performance compute. We built distributed web applications and delivered traditional apps over highly available Citrix farms. We designed and implemented high speed processing, clustering, data and storage area networks. Others did, as well, and so we looked for ways to distinguished ourselves from the competition.
The two areas I highlighted were project management and information security. Many organizations were failing to deliver on time and on budget. (The fact is, it was this problem that led Quanta to bring me aboard to build a PMO.) When projects did go in, the systems often lacked basic security controls and the code often was riddled with vulnerabilities. Both were weak spots in the competition, and thus we emphasized both PM and InfoSec.
My blog began as a way to educate the market about security decisions in technology. This was the focus for the next three years, before the blog and my career took another turn.
I left consulting behind in late 2005 and joined Munder Capital Management.
Munder offered a unique opportunity to both create and maintain. In consulting, most engagements are point-in-time tactical work. Deploy a cluster here, write some software there, harden the systems and ruggedize the code. Munder offered the opportunity to think strategically over the longer term. The firm also put me into the business side of information security: risk management, business continuity, regulatory compliance, and engaging third-party auditors. I found it incredibly rewarding to manage the entire lifecycle.
Then a strange thing happened. It worked. At Munder, I led both network operations and software development in a lean DevOps team. Together, we maintained the data center and remote offices using private cloud concepts. Everyone on the team was highly skilled, highly motivated, and trained to the teeth. Everything in the infrastructure was designed with security and maintainability in mind. We drove down technical debt, and accelerated our delivery of new services. And everything simply worked.
This past year, I developed what a good friend calls the caged tiger syndrome. Restless. Pacing. A need to tackle a big problem, to run down game, to move. This need could no longer be met with in-house IT.
I am joining VioPoint as the Vice President of Consulting Services. Today is my first day. Today, I am getting back in the game.
VioPoint is a dedicated InfoSec consultancy firm with the best reputation of any vendor I worked with at Munder. I began working with VioPoint in 2007 on a risk management engagement, and today they run Munder’s vulnerability management and pentest program. I have six years' experience with the organization as a client. The organization combines business acumen with technical skill like few others. When VioPoint says they have a results-oriented culture, they mean it, and have a long track record to prove it.
VioPoint meshes well with my approach. Moreover, they have some of the best known names in the Michigan security community. I am excited and honored to be working with them. My focus will be on accelerating growth, facilitating community outreach, recruiting and strengthening the team.
I will continue blogging on this site now that I am the Vice President of VioPoint. This blog will contain my personal views and observations about the technical and business aspects of InfoSec. I will also be blogging professionally at VioPoint's blog.
Thank you for joining me on this ride, and I look forward to continuing with you down this new path.