These words, having been uttered from my lips countless times over my career are what pushed me into starting this consultancy business. Security is not a checkbox, it is not a blanket, a tool, a product, it is not something to objectify. Security is not a thing you can purchase, check a box and say it is done. Small business, Startups, Sole Proprietors, Home users with computers, smartphones, internet things, web security all of it, cyber whatever, doesn’t require anyone with degrees or a list of acronyms next to their name or even years of experience. Degrees, certificates, awards all show something…you read someone’s opinion and took a test, paid for a really expensive piece of paper and continue to listen to other people’s opinions and keep paying to keep those papers “Active”. That whole market, was put together because people were trying to fill jobs by “checking a box” – if this person has this 3 letter acronym, this degree, this many years of experience, well, that must be enough to call them a Security person right? The same goes for security vendors and and what we like to call Security Snake Oil Salespeople.
Security is a mindset, something you do through your choices and knowledge, it is iterative. Tragically, it isn’t at all challenging to learn or apply. But, no one makes any money helping you use what you already have. This is where what I offer is different. I don’t want you to be a victim, I don’t care so much about making ‘bank’ spouting off fancy words of no consequence. I look at what you have and help you build with that, only suggesting adding where really necessary to reduce real risk – not “Henny Penny” risk.
It really bothers me to see people who are afraid of their internet connected device because it might be listening, or who have a general distrust for their computers, phones or are afraid of the internet. There are some people who feel powerless in fear as the internet of things is taking over, they see a ‘robot uprising’ where I see tools I can use to improve my quality of life, I can trust with my story and the secrets I leave out when I share my story with others. I think everyone should feel this way.
This site doesn’t sell anything. I do not have referral links, sponsored endorsements or advertisements nor am I trying to sell you Security-as-a-Thing. I do not work for a security company nor do I receive any compensation from one. I am a reseller/partner for a few security tools that I personally rely on, literally a few I can count on one hand. I am not a salesy person, so, I don’t make “bank” there either. Again, I don’t believe security is something to be sold, it is something you do, iteratively, you do better when you know better…never stop learning and well, I teach what I know. I teach how to fix what is broken, I teach how to make security go from one sized all snake oil to just your size, works for and with you, not against you and most importantly, I teach that it is most certainly not, a checkbox.
Beginning in the late 1980’s with my first Tandy MicroComputer as a hobbyist and moving into systems working from temp IT tech, helpdesk, breakfixing before A+ was a thing and working well through the 1990’s and 2000’s running deployments, patching, antivirus, endpoint protection, critical server protection, firewall management, imaging, auditing, sysadmin, managing technical people, managing risk, working with small “mom and pop” shops up to managing over $150 billion in global infrastructure that I was personally accountable for, no not a team or teams of teams, but a team of one. Over my career I have worked in North American Public Sector, Financial services, Health Insurance, Critical Infrastructure, a little of everywhere, large and small. I am passionate about what I do and can’t get enough of it, in any capacity, no role too big or too small. If I can add value and help, I dive right in. My goal though, is to “Teach people to fish” meaning I do not want to stay too long, I want others to learn how to work with what they have. Through my professional identity I have many direct contacts with senior contributors to several OS and application ecosystems – including security experts, vendor staff, journalists, researchers, people I often solicit for advice and collaboration. I also speak at workshops, conferences, meetups and volunteer to teach to groups in person or virtual settings. I do have a lot of experience under my belt now and a ton of education, not necessarily degrees and acronyms, or at least not the ones people are looking for lately, but I am a lover of learning. Constant curiosity is a requirement for a well rounded security mindset like mine. I read the friendly manual and think about how things could be used differently than intended. In my down time, I am reading, connecting, playing – I am always immersed in tech. I can’t help it. I love this stuff.
I hope when you are faced with a decision to check a box and spend money on Security-as-a-Thing, that you consider instead, to have me in your corner. It has taken me years to learn what I can teach you in a short time, shouldn’t you be in the driver’s seat of your own life and business?
I refuse to add click-bait, ads, flashing banners, referral links and all the same of what everyone else is doing. There is already way too much of that on every website today it seems. I can’t even read an article without being inundated with pop-ups, ads and the like. Several people ask me about sending donations for this site, or for my quick fix help. It costs over $300 a year to host this site, so I have added a donation option. Thanks to contributions from people like you, I almost break even on the hosting costs.
I love getting a small tip in my inbox. Thank you for your appreciation, I read every note I get.