2013: A Roller Coaster

Or, as my wife put it, Random Ramblings of a Security Executive.

Yes, it’s that time. Writing a blog post to wrap up the year, just all the rest of you do. I decided I’d cover my personal and professional life and the infosec world too. And I realized that it’s been a pretty crazy year on all 3 fronts. It’s been up and it’s been a stomach churning drop as well. With a couple barrel rolls, a loop de loop or two and some high speed turns thrown in.

Personal Life

My personal life is all about planes, trains and automobiles this year. Well, okay, no trains. So, all about planes and automobiles. But the first is funnier. Anyhow, probably the two big personal life stories involve planes and cars.

First, my 16 year old stepson has his driver’s license. And a car. And he got in his first (not at fault) accident, too. Yep, that was a heck of a ride right there. He’s a good kid. Very conscientious and careful about driving. But still the accident. Within less than a mile of the house. Stacy went and rescued him and did a great job at it.

With my professional life really ramping up, I spent a ton of time traveling. Lots of time on airplanes. I mean LOTS …. From Aug 1 to Dec 20 I flew 63,862 air miles. That includes going to just about every major airport in the US. That includes Atlanta, Dulles, National, Boston, Pittsburg, Detroit, Columbus, Minneapolis-St. Paul, O’Hare, Dallas, Houston, Phoenix, Los Angeles, San Francisco, Portland and Seattle.

That’s a lot of freaking air travel and airports in less than 5 months. And that doesn’t include the fact that I flew to Sydney, Australia. That’s 16,882 miles for a 6 day trip. An average of 2,813 miles per day. LAX to Sydney is 14 hours on an airplane.

Yes, my personal life involves a lot of flying. And more importantly, being away from my family a lot. They support what I do, and they agree with the choices. But I’m not sure any of us were quite prepared for what this was going to look and be like.

20 weeks. 63,862 miles. 3193 miles a week. My wife is a saint.

On a side note, in the middle of that I got to meet a guy I’ve been corresponding with since 2003. For 10 years I have written to, and interacted with, Glenn Reynolds. Most of you know him as Instapundit. Well, he was the keynote speaker at the ISSA International Conference this year. And he and I spent two hours having a drink and a bite to eat. What a strange world when you can know someone for a decade BEFORE you actually meet them.

Professional Life

My professional life this year can be summed up in one easy statement: Continuous change.

Seriously, this year has been one of change. In January I was the CISO and head of Enterprise Risk Management for Providence Health & Services. Today I am the Vice President of Security & Strategy for Core Security. In the middle of that Providence had a new CEO, first time that changed in over a decade. And healthcare is going through massive and immense change, as we all know. What it will look like in a year or two is anybody’s guess. But certainly not the same.

So I left being the CISO of a large corporation …. A company that would be about #208 on the Fortune 500 list, about comparable to Starbucks …. Something that my friend Dave Estlick and I always tease each other about. But no longer. I now work for a company with 185 employees and revenue of about $25 million a year. For someone whose professional life has been the US Army, EDS and the Providence, this is a massive change. Huge. And fun. I love this company.

And I changed what I do, as well. In the Army I was a small unit leader, a tank commander. At EDS I led teams in business process outsourcing, professional services and consulting environments. At Providence I led an information security department for 7 years. Now? I lead strategy for Core. I have no direct reports. I have no direct team (at least for now). So, my whole professional life I have led teams and been measured by how well I did that. And now, I will be measured by my personal impact to a company. Not by what my team does or how good at leading a team I am.

That’s a big change at age 46.

The InfoSec World

A year of turbulence and change. We found out that the NSA couldn’t keep a contract employee from stealing all their secrets. We found out that we were right about Adobe and their ability to do good security. And it turned out that traditional mechanisms of securing payment systems just wasn’t going to work well if you were a retailer the size of Target.

The bad guys are so capable and have so many resources that they were hacking in to media companies like the NY Times and Washington Post just to find out what was being written about them.

The head of the NSA got heckled at Blackhat.

This was the year that social activist and revolutionary attacks came into their own. Think about Anonymous and the Syrian Electronic Army. Think about all the Twitter and LinkedIn attacks and phishing and spoofing.

This was the year that the whole world discovered that China was cyber enemy #1 … and then wondered if the NSA had surpassed that.

This was the year that it became obvious that traditional information security was not the solution to stop cyber attacks. And now we wonder what to do.

Frankly, my personal and professional life were driven by my realization that information security had to change. It’s been a roller coaster. It’s been crazy. But really, life is better than ever. I have a great wife, great kids and a great job. I get to make a difference, to some small extent, in the world around me every day.

I haven’t even talked about food I’ve eaten, some of the great wines I’ve had, cigars I’ve smoked. Not a word about the good times my wife and I have had. Or the various trials and tribulations of the family. But I figured you guys were bored by now. So, here’s the end.

2013 has been wild and crazy and good.

I wonder what 2014 will bring.