Year One

It’s the end of Year One at Core Security. Time really flies when you’re having fun. I’ve been here for 12 months now, and a couple days, and I guess I should do the “looking back after the first year” blog post. A year ago I wrote about my new adventure:

Most people in the information security field … know that I am firmly convinced that the bad guys are currently winning the war we are engaged in. This move is, in many ways, because I want to do even more to change the situation. One key area where we can do that is by providing security professionals with tools that allow them to reduce the attack surface they have to worry about. Right now, organizations have to defend everything. CORE Security can help with how to defend what is critical in ways that are meaningful. Frederick the Great said, “he who defends everything defends nothing” … and that applies now in information security as much as it did in the 1700’s during Frederick’s military campaigns.

And that has really turned out to be my focus for the last 12 months. Providing tools and methods to Information Security and Information Technology organizations that enable them to be more effective, to focus on what’s critical and to improve the maturity and capability of their information security programs. I have had an opportunity to create the Threat and Vulnerability Management Maturity Model, which is already seeing adoption by organizations as a means of improving a critical component of their information security program. It’s so obvious that it is being adopted ahead of us officially releasing the Model for comment and improvement.

This adventure has been broader than that, though. My family has adjusted to me travelling to every corner of the US and a bunch of places globally, too. Not to mention that this job is a passion that consumes me. On the other hand, I think I am much happier, in general, than I was in the last couple years at Providence.

Over all, it’s been a great year. In a great company. And doing some really cool stuff. There have been, as there will be in small companies, some really high points and some really low points, amazing success and incredible challenge. But that sure makes life far more exciting and interesting.

Shall we see what next year brings?

This entry was posted in Career, Cigars, InfoSec, Security, Vulnerability Management. Bookmark the permalink.