Recently in work-jobs Category

A Change In Context

Today marks the end of my first week in a new job. As of this past Monday, I am now a Manager, Security Engineering, with Pearson. I'll be handling a variety of responsibilities, initially mixed between security architecture and team management. I view this opportunity as a chance to reset my career after the myriad challenges experienced over the past decade. In particular, I will now finally be able to say I've had administrative responsibility for personnel, lack of which having held me back from career progression these past few years.

This change is a welcome one, and it will also be momentous in that it will see us leaving the NoVA/DC area next Summer. The destination is not finalized, but it seems likely to be Denver. While it's not the same as being in Montana, it's the Rockies and at elevation, which sounds good to me. Not to mention I know several people in the area and, in general, like it. Which is not to say that we dislike where we live today (despite the high price tag). It's just time for a change of scenery.

I plan to continue writing on the side here (and on LinkedIn), but the pace of writing may slow again in the short-term while I dedicate most of my energy to ramping up the day job. The good news, however, is this will afford me the opportunity to continue getting "real world" experience that can be translated and related in a hopefully meaningful manner.

Until next time, thanks and good luck!

Confessions of an InfoSec Burnout

Soul-crushing failure.

If asked, that is how I would describe the last 10 years of my career, since leaving AOL.

I made one mistake, one bad decision, and it's completely and thoroughly derailed my entire career. Worse, it's unclear if there's any path to recovery as failure piles on failure piles on failure.

Folks: Please stop calling every soup-to-nuts, everything-but-the-kitchen-sink security job a "security architect" role. It's harmful to the industry and it's doing you no favors trying to find the right resources. In fact, please stop posting these "one role does everything security under the sun" positions altogether. It's hurting your recruitment efforts, and it makes it incredibly difficult to find positions that are a good fit. Let me explain...

For starters, there are generally three classes of security people, management and pentesters aside:
- Analysts
- Engineers
- Architects

(Note that these terms tend to be loaded due to their use in other industries. In fact, in some states you might even have to come up with a different equivalent term for positions due to legal definitions (or licensing) of roles. Try to bear with me and just go with the flow, eh?)

It's Time For (A) New Context

I'm not completely sure why, but I've been holding off writing this post for a couple months now. Maybe, in part, I didn't want to jinx myself. Maybe, in part, I didn't want to open myself up to criticism or ridicule for Yet Another Job Change in such a short period of time. But... I think the time is now right to more publicly announce and talk about this transition, so here goes...

In mid-June I left Ellucian, where I'd been slamming my head against the wall for several months, and joined New Context as a "security architect" (or, as I put it on LinkedIn, "person of interest"). The title itself is somewhat irrelevant as it's not overly representative of my current responsibilities, which include biz dev, research / thought leadership, product management, and yes, likely, some consulting.

I plan to provide more updates in the coming months about some of the things I'm working on, such as around our Lean Security business management model, but I'll hold back on that for now.

In the meantime, if anybody wants to catch-up, or if there's interesting in bringing us in, please feel free to reach out! New Context has a very senior team that's very deep in areas like agile software development, DevOps engineering and infrastructure, as well as - of course - security. We have several awesome partners, too (a list that's constantly growing). If we can't help you out directly, then it's very likely we can connect you with someone who can.

I'm pleased to announce the formation of Falcon's View Consulting! This new business will initially be available on a part-time basis to provide security architecture advisory, "consulting CISO," and cybersecurity product marketing and strategy services.

More details will provided in the near future, but until then I wanted to get the official word out there. Feel free to ping me on Twitter (@falconsview) or email me (tomhave-at-secureconsulting-dot-net) for more information. I look forward to hearing from you!

Leaving Gartner, Joining K12

Today, Friday the 13th, is my last day with Gartner. I've been onboard for almost exactly 21 months now and have learned quite a few things about how the analyst world works. But... it's time for a change. It's time to get back to more of a field role where I can feel like I'm making a difference, seeing the needle move little by little. This is something you don't typically get to see as an analyst because, out of the hundreds of interactions you have each year, /maybe/ 10% result in some form of feedback, and only a small portion of that feedback is particularly meaningful.

On Monday I start my new role as security architect with a local, public company - K12. They're a leading provider of online education services, which I find interesting and exciting. In many ways, this will be a green field opportunity for me, working as part of an enterprise architecture (EA) team as they pivot into more of a DevOps style approach. More than anything I'm greatly looking forward to getting back to more hands-on work where I can see the fruits of my labors.

I'll be reviving this blog in the coming weeks as I start to get my feet wet with various projects. I'll also be putting up a couple retrospective posts about my time as an analyst. I've received a handful of queries from folks interested in working for the company, and so one of these posts will specifically target that audience.

Overall, I'm very much looking forward to the new opportunity! I can't wait to see how well my theories play in the real world. There are lots of exciting options to be pursued here, ranging from security analytics to risk analytics to SecDevOps automation. :) Now to see what sticks and what doesn't!! :)

Job Opportunity: Secure Mentem

Hey folks! Secure Mentem is hiring! If you have any interest in working in a top-notch org doing security awareness as a service, then this is it! Details below:

Secure Mentem is looking for skilled security awareness practitioners to help serve our growing customer base from the Fortune 500 and beyond. The people will be expected to implement our patent-pending methodology of creating awareness programs, and providing the required level of support in implementing and maintaining the resulting programs.
You will use our proprietary assessment tools to determine the organizational culture and business driver, and then working with our team, design the customized program. Should there be a security awareness manager (SAM) in place, you will work to make that person look brilliant. If there is no SAM, then you will provide the defined level of support to help implement and maintain the program. You may also be called on to help clients with independent awareness efforts such as program design, implementation, internationalization, metrics, phishing program implementation, creating and/or staffing events, social engineering, content development, and other tasks associated with security awareness programs. Experience in multiple organizations and multiple industry sectors preferred.
Secure Mentem focuses on the human aspects of security. We pride ourselves on providing comprehensive security awareness solutions that are tailored to our clients' culture and the organization.
To apply, please send your resume, with a cover letter, to [email protected]

GBN: Join Us! SRMS has an opening!

Join Us! SRMS has an opening!
We're hiring for the Security & Risk Management Strategies (SRMS) team within Gartner for Technical Professionals. Full details here.

Continue reading here...

Joining Gartner

Greetings! Today I bring you news of a job change.

As of this morning, I am officially onboard at Gartner. I'll be a Research Director within Gartner for Technical Professionals (the former Burton Group). I'll be reporting to Phil Schacter, and working with friends Anton Chuvakin and Erik Heidt.

Overall, I am incredibly excited for this move! It will mean less blogging here on this site (not that I've been able to post much lately anyway), but I will be getting a blog setup over in Gartnerland soon enough, and will do my best to post references back to that page as appropriate.

In answer to the question everybody asks: No, I don't know what coverage area(s) yet. Soon, though! :)

TekSystems: Egregious Headhunting

| 1 Comment

A short post, to relate a story... just as I was about to hop onto a con-call this morning, my phone rang with a call from my Mom... given that it was first thing in the morning and that I still have a couple elderly grandparents, I answered fearing the worst... boy was I ever unprepared for the news!

Mom played for me a voice message left on her home answering machine. It was a recruiter from TekSystems, in a strong accent that I could barely understand, calling for me regarding an opening he was trying to fill. Yes, you read that correctly... a headhunter from TekSystems literally dug into the way-back machine and tried to reach me at my parents' home!

In case we've never met, let me baseline it for you: I'm well into my 30s, haven't lived at home since I was 19 (first Summer home from college), and haven't used their address as my "permanent" address since I was 22. Suffice to say, there is ABSOLUTELY POSITIVELY NO REASON that they should be calling for me there.

So, here's my reaction:
a) Tweeted my discontent.
b) Blogged my discontent.
c) Setup a gmail filter that will delete all mail from @teksystems.com, skipping my inbox completely.

What a galling way to start the day...

My Other Pages

[ Disclaimer ]
[ Bio & Resume ]
[ Papers & Publications ]
[ Public Speaking ]
[ TEAM Model ]
[ Old Pages ]

rss.gif Subscribe


twitter_logo_header.jpg

View Ben Tomhave's profile on LinkedIn


Lijit Search

Support Me

Support EFF


Bloggers' Rights at EFF

Creative Commons License
This blog is licensed under a Creative Commons License.
Powered by Movable Type 5.2.10