Here we are; the first blog post. I've thought about starting a blog for a while now. Recently, I committed to writing a book about two topics I really enjoy: Identity Management and Security Architecture. After finally saying "ok, it's time to do this!" and building the outline of the book, I thought it would make sense to start to flesh out all these thoughts rolling around upstairs by testing them out in a Blog.
So, let's talk about this blog. The focus will be on information security, specializing in the two topics mentioned above - Identity Management and Security Architecture. For credibility (hah!), it might help to know a little about me and my experience (or lack thereof). Therefore, this first blog post will be all about me. :-)
I've been in Information Technology for a little over a decade; I started as a PC tech at a small construction company while going to school at a local community college, and ended up landing a well-paying full-time job in desktop support in Chicago, IL working at a large law firm. After a few short months on the phones, I was promoted to the hardware support group, fixing laser printers and taking apart laptops to replace LCDs and whatnot.
This experience carried me away from my home city and downstate to a very large insurance company, working with a team that supported their people in the field that did estimates on car accidents and ensured the hardware/software they used was reliable and played nicely with each other. I did that for a few years, specializing in wireless WAN communications (those folks needed to be able to communicate back 'home' from the middle-of-nowhere) before it became cool and commonplace like it is today. After a while, I was up for a change. The application security team was a growing field in a growing area at that company and had plenty of smart, young talent to corrupt, so off I went.
What a difference. I quickly found myself. Information Security ignited passion in me that I didn't realize was there. I consumed it. Quickly, I became SANS G-SEC certified and started working on large efforts that were re-designing home-grown software and changing platforms (from VB/COM to Java/J2EE) to be more flexible and integrate more cleanly. Eventually I was asked and accepted a spot on a future-facing team that was looking at bringing in some of the first web services into the organization. This team was building a new framework, developing software iteratively, and I was on the team to help secure it. Awesome!
It was my tenure over these few years in Application Security that I learned the most about web services, XML, WS-Security, ID Federation. I was introduced to Role Engineering and the concept of RBAC. I learned about Kerberos, security tokens, and security as a service. I was hooked.Around this time, my wife and I decided to try to move back home, so I accepted a position at another large insurance company on their Identity Strategy team. The team has their fingers in alot of pies, but ultimately it's responsible for ensuring the products at the company all integrate nice and neatly with the home-grown Identity Management (IDM) solution. I've been able to touch various parts of the organization, and get involved with all sorts of interesting projects and spoken to all sorts of interesting people in my quest to ensure new products integrate with the company's application framework.
Not too long ago, a partner with Solstice Consulting, Kelly Manthey, gave me my first public speaking opportunity at the Illinois Institute of Technology's NetSecure '09, which I enjoyed a great deal. Recently, Kelly has asked to collaborate on a presentation for TechTarget's Financial Information Security Decisions '09 conference in New York City, which is even more exciting! We're going to talk about how Identity Management can save your company money! So, in addition to helping organize thoughts for the book, this blog will serve to organize thoughts about our presentation.
That's me in just under 700 words. Don't worry; the next few posts will be much more exciting.
Enjoy your day!
No comments:
Post a Comment