In this forum, you’ll read my ruminations on the computer security industry, in which I work.
I’ll share anecdotes, strategies, technical directions. Perhaps through your comments, you’ll point me in a better direction? Alternatively, your practice may be shifted for the better from something that I’ve been working through? Let me know what you think.
My Security Work
Currently, I’m a Principal Engineer and the Master Architect for product security architecture. I provide strategic technical leadership for software security at a major technology company.
My Areas of special Interest in Information Security:
- Developer-centric software security
- Architecture Risk Assessment & threat models
- The Practice of Security Architecture as a discipline (always!)
- Web 2.0 Security
- Social Networking Security
- Collaboration Technologies Security
- Application Security
- Application Servers
- Building Security into Web Infrastructures
- Security Assurance and testing
- Service Oriented Architecture
- Trust Models
- Risk Modeling
Standard disclaimer applies in this blog. I speak for my self and no one else.