About Me

October 29th, 2013

I am passionate about information security as a discipline. Although a technician, I think my true love of infosec is more psychological in nature – computer crime pays well, and it attracts incredibly smart people. Thus, a continually advancing field that still has a lot to learn. Perfect. I like smart people, and I don’t waver or discriminate in that regard. I loathe and eschew paper pushers – those who wait for people to tell them what to do, and how to do it.

My particular areas of interest in the realm of information technology, especially security, include the following (in no real order):

  • Malware, particularly bots
  • Virtualization Security
  • Intrusion Detection and Packet Analysis
  • Auditing and Compliance
  • Penetration Testing and Vulnerability Assessment
  • Honeypots
  • Log Management

I am currently a security consultant, and own my own company called Voodoo Security. I am also the lead faculty (formerly CTO) for IANS. I previously worked as Chief Security Strategist, Ionix at EMC (formerly CSO @ Configuresoft, acquired), and prior to that was Vice President and CTO at the Center for Internet Security. Before that I was the CTO of a security consulting company in Atlanta. I have also been a Security Manager for AirTran Airways, a Security Architect for Norfolk Southern, a consultant, and many other various titles and roles over the years. In addition to this, I am a SANS Certified Instructor and course author, a member of the Board of Directors at SANS.edu as well as a GIAC Technical Director. I have Bachelors degrees in Psychology/Microbiology and Computer Information Systems, and a Masters in Business Administration (MBA). I have also written a book on virtualization security, co-authored a textbook, written a chapter in another, and written a fair number of articles and courses (see the Publications page, which is likely very out-of-date at any given time).

Certifications
I possess a number of security and IT-related certifications, including:

  • Certified Information Systems Security Professional (CISSP)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified ISO-17799 Specialist (G7799)
  • GIAC Security Essentials Certification (GSEC)
  • Microsoft Certified Systems Engineer (MCSE)
  • Cisco Certified Network Associate (CCNA)
  • Master Certified Internet Webmaster Administrator (MCIWA)
  • CIW Security Analyst
  • PCI Qualified Security Assessor (QSA) – FORMER
Comments are closed.