After waffling and talking about it for a long time, I’ve finally started my security blog.  As with any new adventure, I should pause for a few solemn moments and reflect upon how I reached this point of our story.

I’m a Hoosier born and bred, from the southern part of the state, though I haven’t lived there in 20 years.  I’m a Purdue and later USC grad in computer engineering. I’ve been working in computer security for 19 years and have been lucky to work with lots of interesting people and have interesting opportunities, including:

  • Security engineer doing risk assessments for the Air Force and Orange Book evaluation work for the NSA.
  • Kernel developer at Trusted Information Systems (TIS) working on Trusted Xenix and various Darpa security research projects involving Trusted Mach.
  • A lot of fun work with the TIS Firewall Toolkit (FWTK), an early open source project, including VPN development work (pre-IPSec) and more BSDi installations than anyone should do in a lifetime. This lead to opening a TIS office and working in the UK and Europe for 3 years as well – a great time working with great people
  • Director of Product Management for McAfee corporate anti-virus, where we introduced their central management tool e-Policy Orchestrator, incremental updates, and gateway appliances, among other projects.
  • VP of Product Management at McAfee/NAI, managing PGP Desktop, PGP e-Business Server, Gauntlet Firewall and CyberCop Scanner.

And finally, about 3 years ago, Microsoft persuaded me to come up and work on their security improvement efforts (and that’s a story worth it’s own post) and it has been an interesting time so far.

That’s a wrap for now, but I look forward to future discussions with you about security and the challenges we face as an industry.