Why did you get into IT security?
I had a summer project at a computer science school, and I noticed how easy it was to compromise the systems. After college and some years at Cisco, I got into security start-ups. At my first start-up, we secured funding when we hacked the VoIP phones that were the same model used by the VCs we were pitching.
How do you describe your job to average people?
I'm helping companies win the war against hackers. The world's systems and processes are increasingly digitized and important data is easier to steal or compromise. So I help build products to protect our critical digital assets.
What was one of your biggest challenges?
Helping our industry understand that the common approach to security is structurally broken and must change. There is a constant parade of breaches with the same attack vector used in Target, the compromise of a single low privilege user resulting in compromise of the entire enterprise and millions of our records and no meaningful segmentation of applications to block lateral hacker movement which could have prevented this. Product vendors selling the same old security architecture wish the Target talk would go away. We need to keep talking about it until the security architecture is re-invented in the way we do business today.
And it's starting to happen.
What keeps you up at night?
Knowing the security architecture protecting our critical and valuable digitized assets is antiquated.
Of what are you most proud?
Being able to contribute to a better security architecture, so that technology can continue to deliver on its promise of a better world.
For what would you use a magic IT security wand?
Reduce influence of vendors who sell obsolete security products that force their customers to roll the dice every day.