Recently in work-jobs Category

It's Time For (A) New Context

I'm not completely sure why, but I've been holding off writing this post for a couple months now. Maybe, in part, I didn't want to jinx myself. Maybe, in part, I didn't want to open myself up to criticism or ridicule for Yet Another Job Change in such a short period of time. But... I think the time is now right to more publicly announce and talk about this transition, so here goes...

In mid-June I left Ellucian, where I'd been slamming my head against the wall for several months, and joined New Context as a "security architect" (or, as I put it on LinkedIn, "person of interest"). The title itself is somewhat irrelevant as it's not overly representative of my current responsibilities, which include biz dev, research / thought leadership, product management, and yes, likely, some consulting.

I plan to provide more updates in the coming months about some of the things I'm working on, such as around our Lean Security business management model, but I'll hold back on that for now.

In the meantime, if anybody wants to catch-up, or if there's interesting in bringing us in, please feel free to reach out! New Context has a very senior team that's very deep in areas like agile software development, DevOps engineering and infrastructure, as well as - of course - security. We have several awesome partners, too (a list that's constantly growing). If we can't help you out directly, then it's very likely we can connect you with someone who can.

I'm pleased to announce the formation of Falcon's View Consulting! This new business will initially be available on a part-time basis to provide security architecture advisory, "consulting CISO," and cybersecurity product marketing and strategy services.

More details will provided in the near future, but until then I wanted to get the official word out there. Feel free to ping me on Twitter (@falconsview) or email me (tomhave-at-secureconsulting-dot-net) for more information. I look forward to hearing from you!

Leaving Gartner, Joining K12

Today, Friday the 13th, is my last day with Gartner. I've been onboard for almost exactly 21 months now and have learned quite a few things about how the analyst world works. But... it's time for a change. It's time to get back to more of a field role where I can feel like I'm making a difference, seeing the needle move little by little. This is something you don't typically get to see as an analyst because, out of the hundreds of interactions you have each year, /maybe/ 10% result in some form of feedback, and only a small portion of that feedback is particularly meaningful.

On Monday I start my new role as security architect with a local, public company - K12. They're a leading provider of online education services, which I find interesting and exciting. In many ways, this will be a green field opportunity for me, working as part of an enterprise architecture (EA) team as they pivot into more of a DevOps style approach. More than anything I'm greatly looking forward to getting back to more hands-on work where I can see the fruits of my labors.

I'll be reviving this blog in the coming weeks as I start to get my feet wet with various projects. I'll also be putting up a couple retrospective posts about my time as an analyst. I've received a handful of queries from folks interested in working for the company, and so one of these posts will specifically target that audience.

Overall, I'm very much looking forward to the new opportunity! I can't wait to see how well my theories play in the real world. There are lots of exciting options to be pursued here, ranging from security analytics to risk analytics to SecDevOps automation. :) Now to see what sticks and what doesn't!! :)

Job Opportunity: Secure Mentem

Hey folks! Secure Mentem is hiring! If you have any interest in working in a top-notch org doing security awareness as a service, then this is it! Details below:

Secure Mentem is looking for skilled security awareness practitioners to help serve our growing customer base from the Fortune 500 and beyond. The people will be expected to implement our patent-pending methodology of creating awareness programs, and providing the required level of support in implementing and maintaining the resulting programs.
You will use our proprietary assessment tools to determine the organizational culture and business driver, and then working with our team, design the customized program. Should there be a security awareness manager (SAM) in place, you will work to make that person look brilliant. If there is no SAM, then you will provide the defined level of support to help implement and maintain the program. You may also be called on to help clients with independent awareness efforts such as program design, implementation, internationalization, metrics, phishing program implementation, creating and/or staffing events, social engineering, content development, and other tasks associated with security awareness programs. Experience in multiple organizations and multiple industry sectors preferred.
Secure Mentem focuses on the human aspects of security. We pride ourselves on providing comprehensive security awareness solutions that are tailored to our clients' culture and the organization.
To apply, please send your resume, with a cover letter, to

GBN: Join Us! SRMS has an opening!

Join Us! SRMS has an opening!
We're hiring for the Security & Risk Management Strategies (SRMS) team within Gartner for Technical Professionals. Full details here.

Continue reading here...

Joining Gartner

Greetings! Today I bring you news of a job change.

As of this morning, I am officially onboard at Gartner. I'll be a Research Director within Gartner for Technical Professionals (the former Burton Group). I'll be reporting to Phil Schacter, and working with friends Anton Chuvakin and Erik Heidt.

Overall, I am incredibly excited for this move! It will mean less blogging here on this site (not that I've been able to post much lately anyway), but I will be getting a blog setup over in Gartnerland soon enough, and will do my best to post references back to that page as appropriate.

In answer to the question everybody asks: No, I don't know what coverage area(s) yet. Soon, though! :)

TekSystems: Egregious Headhunting

| 1 Comment

A short post, to relate a story... just as I was about to hop onto a con-call this morning, my phone rang with a call from my Mom... given that it was first thing in the morning and that I still have a couple elderly grandparents, I answered fearing the worst... boy was I ever unprepared for the news!

Mom played for me a voice message left on her home answering machine. It was a recruiter from TekSystems, in a strong accent that I could barely understand, calling for me regarding an opening he was trying to fill. Yes, you read that correctly... a headhunter from TekSystems literally dug into the way-back machine and tried to reach me at my parents' home!

In case we've never met, let me baseline it for you: I'm well into my 30s, haven't lived at home since I was 19 (first Summer home from college), and haven't used their address as my "permanent" address since I was 22. Suffice to say, there is ABSOLUTELY POSITIVELY NO REASON that they should be calling for me there.

So, here's my reaction:
a) Tweeted my discontent.
b) Blogged my discontent.
c) Setup a gmail filter that will delete all mail from, skipping my inbox completely.

What a galling way to start the day...

LockPath Is Hiring


Interested in working for a strong up-n-comer in the GRC space? LockPath officially launched 1.0 of it's product on 10/10/10 and is now up to 2.0. We're growing quickly, and we need some top-notch folks to help us on our journey. Specifically, we're looking for:

  • Support (2 people - based in KC)

  • .net Devs (3 people - based in KC)

  • Infrastructure/Data Center (1 person - flex location, KC might be helpful)

  • Sales (1 regional sales, 1 international sales, 1 federal sales, 1 sales engineer - remote is possible)

  • LPS (2 consultant/training people - remote is possible)

If you're interested, then please feel free to email me, leave a comment to follow-up, hit me up on Twitter, or hit the LockPath Careers page.


Turning to the Dark Side ;)

| 1 Comment

Well, it's finally happened. I've finally given in to the dark side of the force. As of Monday (8/1), I'll be working for a vendor! :)

I've decided to leave Gemini Security Solutions to join LockPath - a next-generation GRC startup - as Principal Consultant, where I'll get to do all sorts of cool stuff. My responsibilities will vary widely, but will include writing, training, consulting, working with our professional services partners, and generally helping out with whatever is needed.

I've been friendly with LockPath for a couple years now. You might remember my blog post about them last October, titled "Not Your Mama's GRC." I am convinced that LockPath is the real deal. They've worked very diligently to address major deficiencies in the GRC platform space. And, best of all, they've come up with a great, flexible framework that provides a degree of extensibility that I've not seen in other products.

All told, this is a very exciting opportunity for me, and one that I hope to see through to tremendous growth and success. It's an opportunity to help redefine the GRC product space, while also furthering the development of and support for the imperative for organizations to have formal GRC programs. If pending legislation is any indicator, then the need for a formal GRC program is only going to increase, while downward pressures continue to contain costs. LockPath is well positioned to meet those needs.

Why I Failed As Highwinds SecDir


I started writing this post a few weeks ago, but am only now getting back to it. After getting a good outline going, I simply couldn't bring myself to write it. Part of my resistance, I think, comes in the pain of self-realization. At the same time, I'm sometimes loathe to share these personal revelations as I'm never sure how people will take them. My hope is that you'll read this and think "lessons learned" and not "what a dope." Anyway...

My Other Pages

Support Me

Support EFF

Bloggers' Rights at EFF

Creative Commons License
This blog is licensed under a Creative Commons License.
Powered by Movable Type 5.2.10