I am a hands-on security engineer and lead who has done tours in government, startups, and global financial institutions. Coming up on 25 years in the industry, I’ve learned that humility, curiosity about all the edges of a complex problem, and an understanding of how to Get Things Done are what you need to make amazing things happen.
These days, a lot of my time goes toward:
- Cloud security, especially making AWS effective for enterprises with more legacy code than security-minded developers
- Policy guardrails for developers and end-users that give them freedom to explore, based on the principles behind BeyondCorp and OpenPolicyAgent
- Security/business collaboration by creating teams of dedicated, hands- on, security-minded builders with a diverse mix of technical and non-technical skills, backgrounds, and problem-solving approaches.
- Technical company culture - training, values, process and communication that make engineering teams more effective
I also bake a lot of pies. And in case you’re wondering: strawberry rhubarb.
If those topics are of interest to you, too, I’m always interested in sharing war stories. Find me in Brooklyn, at Hacker Summer Camp, ACoD, or on the Internet.