A little bit about me, starting with the present, followed by a short summary of my journey to the present.
A Cybersecurity Practitioner, First & Foremost
Over the last two decades, while I have worked as a consultant for a number of cybersecurity advisory firms and consultatively as a customer-facing, senior technical advisor for a number of cybersecurity vendors, I am a bona fide Cybersecurity Practitioner, first and foremost. This means I care about actual security and risk, that lens dictating how I see and consider everything.
This is why my “day job” has always been completely aligned with the hands-down industry leader in whatever domain I am representing. While my early cybersecurity expertise was in Ethical Hacking and Secure Development, the majority of the last 20 years have been spent in the Identity Management, Identity Governance, and Data Security cybersecurity domains.
When I walk into any organization, my desire is to walk in as “the undisputed nuclear arms dealer” of whatever cybersecurity domain I’m currently working in. This serves purpose in a number of important ways, namely… I can be completely honest and upfront without using “smoke and mirrors” to “try and sell you something.” It also means I’m extremely likely to solve pretty much any use case in my current specialty domain. That’s intensely satisfying.
I’m highly motivated to represent capabilities and solutions that actually solve complex cybersecurity use cases (or to solve the most important, highest percentage than anyone else playing in the same domain.) Whatever company I am representing, they will by far provide the absolute best, fullest, most robust technical solutions to address your organization’s cybersecurity needs in that domain. I purposefully align myself this way, my employment being well-chosen. I am not out to “sell”; I am internally motivated and out to consultatively solve.
Intensely Customer-Centric
I’m intensely customer-centric, customer-focused, and customer-driven. If I’m assigned to you in any way, you can be sure I am representing you internally to my employer. I’m also obligated to the truth. You may not like the truth. But you deserve to hear the truth. Then you can decide for yourself with all of facts on the table. I completely understand all the pressures and factors that organizations have to go through to make decisions: politics, alignments, budgets, risk acceptance, compliance, etc. But I am for the customer.
Summary: The Last 25+ Years
I discovered computers well before the world was filled with the technology it is filled with today and I’ve been hooked ever since. My early days were filled with hacking every computer and computer-related scenario I could get my hands on from hardware, software, personnel, and people, penetrating barriers, protections, permissions, protocols, and buildings (now actually called red teaming)… you name it. Not long after beginning my journey, my ethics radically changed, but the lessons I learned have carried forward to today.
A lot of cybersecurity “solutions” unfortunately look like the parking control gate you see to the right of this paragraph. That’s the perspective I bring. Most of the adversarial world (“the Dark Web”) sees our “attempts” pretty much as in the picture. Hence… the landscape we see today and my insistence on actual, well-thought-out security.
I began my career right out of the gate, hyper-security-focused and security-minded because of the “cat and mouse games” I played in my early years. I was also fortunate that my first job was with the US Department of Defense. This position placed me on the Internet before most people knew what the Internet was. I programmed and administrated a system that was touched by the Robert Morris worm (but was not penetrated). The Department of Defense saw (and still sees) a lot of threats, both domestic and nation-state, that I had to think about and architect against from Day 1.
Before focusing in the last two decades on technical advisory and solutions selling, I alternated between administration and development (coding, using a plethora of languages) of large systems, computer estates, and networks for Fortune 500 companies and the US Government.
My career has taken me all over the world, from North America to Europe, Asia, and Australia.
Companies I’ve Worked For / Consulted For / Otherwise Represented
I’ve contracted with, represented, or otherwise consulted for 25-30 of the Fortune 500 and several international companies. Often I have been privileged to work on-site for many of these companies. It’s been a privilege to have been asked to consult with and/or train and enable employees of these companies all over the world.
(Click here for a breakout specifying which of these were Identity Governance Engagements.)
None of the above companies or governments count the almost 100 other Fortune 500 companies I have sold into utilizing a strategic, consultative, customer-centric approach through Vormetric, Thales Cloud Security, RSA Security, and SailPoint Technologies. See TechnologEase LLC for a few other companies not listed here but noted for personally-contracted development, consulting, and advisory work.