Security & GRC

I base my approach to Security & GRC in a background of Engineering and IT Ops. I have worn many hats, but the ones that fit me best are the ones that emphasize practicality and pragmatism. We have many options to hardening systems and software practices, but most are useless unless they are based in a desire to enable software delivery at scale.

I wasn't always a security practitioner; my early days were focused on network engineering, IT operations, and getting the darn servers back up when paged at 4 AM! But my start in the technical trenches helped me understand the importance of finding pragmatic solutions to challenging problems. We cannot let the perfect become the enemy of the good.

Every day, you have the opportunity to make the world a slightly better place. For me, that means enabling the teams I lead to set their sights a little higher than yesterday, and empowering the people I work with to treat each other with respect and dignity. We have a choice in how we approach challenging work environments; I don't believe that brilliant jerks are necessary to help high-growth companies reach their impossible objectives. I don't believe that the mythical 10x Engineer can solve every problem. But I do believe that we owe it to ourselves and our colleagues to challenge the status quo. Disruption is uncomfortable, but it can also be beautiful.