As a security professional, I've developed a number of opinions that some may consider controversial. I believe that the present risk based methodology by itself is a flawed approach. It may work for the finance industry where a few billion dollars a year in losses is acceptable, but there are some industries where large scale losses hurt too many people. Like healthcare. I have developed an architecture based upon closed loop process control that I believe will solve many of the day-to-day problems. Coupled with an effective software assurance program, and I believe that many of the issues suffered in today's large scale enterprises will become a thing of the past.

My blog can be found here.

I am presently an independent contractor working on assignments with Emagined Security and Viciniti Technologies.

As a security professional, for the past 25 years, I have worked in the security community, building knowledge, and contributing solutions. My strengths are in architecture level design, solution design, policy generation, endpoint security, and risk management. I hold degrees in Management Information Systems, Computer Engineering and Electrical Engineering. I have been a contributing author in publications such as TCP Unleashed, ISSA Journal, Publish Magazine, Planet IT, RSA, CSI, SANS and The Black Hat Briefings. I am a well-known speaker and evangelist on network security matters at technical conferences and security events.

Most recently, I have been working with my colleagues at Emagined Security filling a position as an Executive Security Consultant on a world-class cryptographic services gateway project. My role is to ensure that the technical architecture is integrated with the host customer’s enterprise services. The solution provides cryptographic services (HSM based code signing, encryption, decryption, and signature verification) services to development, staging, and production engineering environments in a fault tolerant manner across 3 continents. Additionally, I am responsible for crafting new policy and procedures regarding installation, use, testing, and compliance for the entire customer’s cryptographic solution.

I am also the technical and creative inspiration for Viciniti Technologies, a company that believes that security should be simple, reliable, transparent and close to you, your information and the people you choose to share it with.

Here is a copy of my most recent resume.
I am of course on LinkedIn!