Today is a day of mixed feelings for me as I publicly announce my resignation from Foundstone Professional Services after nearly five years of employment.
The past years with Foundstone have truly been great to me. I’ve had the opportunity to travel the world, grow as an information security practitioner and project manager and work on interesting information security projects with long-reaching consequences. None of which I can talk about, of course. I have had the opportunity to work with some of the smartest security folks in the industry today. We worked hard and played hard. The past five years have been an awesome experience, however, all things must come to an end.
Let’s rewind…
Nearly five years ago I fell into this position. I was happily serving as the Web Application Security Manager for Digital Insight’s (DI) corporate banking unit. Two Foundstone consultants were training the development team at DI and, thanks to the insistence of their boss, Mark Curphey, we shared dinner and drinks at Fogo de Chao. Dave Raphael, Rudolph Araujo and I met that night in January 2005 and my life changed for the better.
We ate. We drank. (Probably a bit too much!) One thing lead to another and I began enquiring about their work consulting, the work environment, the travel, etc. I had no interest in taking a job, yet I found myself engaged in a conversation that was clearly leading in that direction. Rudy and Dave were emailing Mark through the evening. The next thing I knew I had an interview with Foundstone set up for the following week.
I told myself I didn’t want to be a “conslutant”. I didn’t want to travel. I wouldn’t like being on the road. An offer was made. I still couldn’t envision making such a drastic change from my desk jockey job at DI. Steph and I talked it over repeatedly. We decided that I would only consult for one year. I could take the opportunity to learn, grow my skills, mature as an information security professional and then head back into a “normal” position with my new skills. On February 18, 2005 I became the newest member of Foundstone Professional Services consulting team. One year turned into two, then three. Steph and I had conversations about why I couldn’t see doing anything other than consulting. Sure, I worked hard, often seven days a week, and the travel was tough on us when I was on the road week after week. But the projects were interesting and I was still learning on the job every day.
Maya was born April 2, 2008, shortly after my three year anniversary with Foundstone. My outlook on consulting and traveling for work began to change; I wanted to be home more and on the road less.
Since Maya’s birth, my travel schedule did change. Sometimes it was less hectic, I spent months on end working from my home office. Unfortunately, that was lonely; I lacked the intellectual stimulation of being around other type A alpha geeks. On the other hand, I spent more time traveling overseas and doing extended engagements at client sites. In Q2 2009 I spent approximately 11 weeks on the road. At the end of Q3 and beginning of Q4 2009, I spent 8 weeks straight on the road.
In September I made the decision that it was time to look for new employment in order to reduce my travel to 25% or less. Our home was on the market, we were getting ready to move to Seattle after more than three years of planning. Buyers began showing interest in our home; the pieces began to fall into place. I started sending around resumes to companies, primarily located in Seattle, as well as companies that entertained hiring employees for 100% telecommute positions.
Immediately after I started sending out resumes, we accepted an offer on our home! My stress level went through the roof! I am working my tail off all day and every evening I’m doing phone interviews for jobs and working with Steph to manage the process of selling our home, packing and moving 2700 miles across the country. I’m on the road through this process, working every Monday through Friday in suburban Washington, DC! This goes on for about three weeks before I caught a break.
I finagled 3 weekdays when I could work off-site, and parlayed that into a trip to Seattle to look for a rental home. During a quick trip we found a rental in Ballard, had great meals with family and friends, continued phone interviews and had an in-person interview with potential employers, all while working remotely from a hotel during Maya’s nap times. An offer was made and accepted later that same week…
When we decided to move to Seattle it was to be a major lifestyle change. The job fits directly into that lifestyle change. I won’t be traveling, for the most part, and I’ll be home with Steph and Maya for dinner every night. I’m looking forward to spending time at the local farmer’s markets and getting back into the kitchen to cook great food for my family. I’m also excited to get back to my hobbies, homebrewing, running and hiking, and maybe picking up a few new ones. Snow skiing or snow boarding, perhaps? Without traveling for work, I suddenly find myself with the potential for a lot of free time. What a novel concept!
The past few weeks have been an absolute whirlwind! Ten days ago we closed on the sale of our house in Atlanta and I started driving west. After four days of driving I landed in Seattle and was joined by Steph and Maya the next day. Last week we moved into a rental home in Ballard, this is just a temporary place to land, we’re going to look to buy a home once we get settled and determine where we want to live. We’re still buried in boxes, though each day there are fewer to navigate around. We’re getting used to living in Seattle, catching up with some of our local friends and family and starting what feels like a brand new life here in the Pacific NW. It will be a challenge leaving behind everything we knew in Atlanta, but we’re both up for it. Today I am back to work at Foundstone as I wrap up the loose ends on my projects over the next 2 weeks.
So where am I going? What will I be doing? I have accepted a job with the Bill & Melinda Gates Foundation as a Senior Information Security Analyst, where I will be taking the skills I have honed over the past years and applying them within the Foundation. That’s all I can really say for now, though I may have more to add after I start with the Foundation on 12/7/2009.
Showing posts with label Foundstone. Show all posts
Showing posts with label Foundstone. Show all posts
Monday, November 23, 2009
Saturday, May 31, 2008
Coming home...
5/30 8 PM EDT
Its now 9 AM (5/31) local time in Korea. I got here this morning at 6 AM on the red-eye from Singapore. I hardly slept. I'm exhausted and just trying to stay awake at the moment. I'm sitting at Incheon Airport waiting to find out if I managed to get a standby seat on the 10 AM flight to Atlanta. If not, I'll be here — Korea, not the airport I hope — until 6 PM tonight. I'm hoping like crazy that I'm not here all day, it will make an already long trip that much longer. I should know in 20 minutes whether or not luck is working in my favor today. If not, I can't complain. I accepted the 12 hour layover here originally because it was the least expensive business class fare I could get ($6000 round trip), fitting within my budget for this engagement. Now I'm thinking about what a fool I was. Ooops. Lesson learned. I should have spent the night in Singapore instead.
(A cute, but strange, Japanese girl just sat next to me to practice her English. We exchange pleasantries and she asks me where I am from, so I tell her the US. Then she tells me she is some kind of student, something unintelligible, followed by "peace student". I flashed her a peace sign and asked her if that's what she means and she says yes. She then shows me something god oriented and starts explaining... I shooed her away. She didn't get the concept of atheism, but I didn't try that hard to explain. Perhaps now that I am alone again the deaf gentleman will come back and pester me for money for the third time...)
In the airport there is paid WiFi. But you have to have a Windows machine since the online purchasing requires an ActiveX control that won't run without Internet Explorer. Unfortunately, it doesn't seem to run with Internet Explorer all that well either! I did find an open AP and I have been using it off and on to check email and call Steph to let her know of my progress. Obviously, its how I managed to write this, as well. For a world class airport, one ranked best in the world along with Singapore's Changi, this is pretty pathetic. Come to think of it, I had the same issue last night at Changi, but I wasn't sitting there for innumerable hours, bored to tears. *sigh*
Off to check and see if I got on the flight...
5/30 9 PM EDT
W00t! I got on the flight. Its Korean Air, which has less comfy business class seats the the Delta flight I took to Shanghai, but it gets me home at 10 AM today (i.e. I leave here at 10 AM 5/31 local time, arrive in ATL at around 10 AM 5/31 local time) instead of 7 PM on Saturday. 14 hours of flying, no puking. At least one can hope. ;-)
5/31 6:21 AM
En route to Atlanta right now, we're just coming off of the Pacific ocean near the British Columbia/Washington border. Almost home.
Earlier in the flight I watched the season finale of Desperate Housewives, an episode of Everest: Beyond The Limit, ate a bowl of bibimbap and passed out (chemically enhanced by Ambien, but no alcohol and no puking). 5 hours of relaxing sleep later, we just had "breakfast", some kind of beef soup, noodles, rice and Korean pickles. They make pretty decent food on Korean Air, I'd fly them again. Now I am watching The Bucket List and staring at the monitor watching the plane creep ever so slowly across North America. I'll be seeing my Maya Papaya in a few hours! I think she's been a bit of a pain in the butt to Steph lately, their drive to and from Florida was apparently less than stellar. Maybe she just needs some daddy time. I certainly need some of that myself.
The past few weeks have been really hard. Everyone told me that I would stop traveling after Maya arrived. I didn't, and I don't wish I had. But when it rains, it pours, and the travel has been crazy lately. Since Maya's birth I have done trips to NJ, TX, central GA, and Singapore. In the next few weeks I will be in Boston, NYC, Baltimore and Chicago. And that's just before the end of June! So I clearly have not stopped traveling, but the trips are different now. I'm traveling too much, and feeling guilty that I am missing Maya as she "grows up". I know that she has a long way to grow, but she changes every time I see her. When I call or come home after I a trip I find out that she is making new noises, smiling more, etc. Will I miss her first time crawling? First word? On the other hand, I work from home when I am not on the road. So I get to spend more time with Maya during those weeks than most of the dads I know who don't travel, but spend their lives at work.
I don't want to miss these one time events in Maya's life, but this is my job. I love the job, and the opportunities it provides and my wife and daughter. Can one be put above the other? My job allows us the very nice and comfortable life that we live, both in material things like houses, and experiences like traveling around the world (vacation, not work), putting money away for Maya to attend the school of her choice someday and (hopefully) early retirement for Steph and I. We have no needs that go unfulfilled and want for nothing. (Well, I'd love a convertible, but I hardly drive any miles these days, so its a total waste of money.)
Are the tradeoffs worthwhile? Will I some day look back and wish I had made a different choice? I just don't know. I do know I am greatly looking forward to giving her a big kiss when I see her soon. I'm not quite looking forward to cleaning a poopy diaper, but I have to take the good with the bad and relieve Steph of her duties (doodies?) with Maya.
1:10 PM 5/31
I am finally in the house with Steph, Maya and the dogs. It is good to be home!
Its now 9 AM (5/31) local time in Korea. I got here this morning at 6 AM on the red-eye from Singapore. I hardly slept. I'm exhausted and just trying to stay awake at the moment. I'm sitting at Incheon Airport waiting to find out if I managed to get a standby seat on the 10 AM flight to Atlanta. If not, I'll be here — Korea, not the airport I hope — until 6 PM tonight. I'm hoping like crazy that I'm not here all day, it will make an already long trip that much longer. I should know in 20 minutes whether or not luck is working in my favor today. If not, I can't complain. I accepted the 12 hour layover here originally because it was the least expensive business class fare I could get ($6000 round trip), fitting within my budget for this engagement. Now I'm thinking about what a fool I was. Ooops. Lesson learned. I should have spent the night in Singapore instead.
(A cute, but strange, Japanese girl just sat next to me to practice her English. We exchange pleasantries and she asks me where I am from, so I tell her the US. Then she tells me she is some kind of student, something unintelligible, followed by "peace student". I flashed her a peace sign and asked her if that's what she means and she says yes. She then shows me something god oriented and starts explaining... I shooed her away. She didn't get the concept of atheism, but I didn't try that hard to explain. Perhaps now that I am alone again the deaf gentleman will come back and pester me for money for the third time...)
In the airport there is paid WiFi. But you have to have a Windows machine since the online purchasing requires an ActiveX control that won't run without Internet Explorer. Unfortunately, it doesn't seem to run with Internet Explorer all that well either! I did find an open AP and I have been using it off and on to check email and call Steph to let her know of my progress. Obviously, its how I managed to write this, as well. For a world class airport, one ranked best in the world along with Singapore's Changi, this is pretty pathetic. Come to think of it, I had the same issue last night at Changi, but I wasn't sitting there for innumerable hours, bored to tears. *sigh*
Off to check and see if I got on the flight...
5/30 9 PM EDT
W00t! I got on the flight. Its Korean Air, which has less comfy business class seats the the Delta flight I took to Shanghai, but it gets me home at 10 AM today (i.e. I leave here at 10 AM 5/31 local time, arrive in ATL at around 10 AM 5/31 local time) instead of 7 PM on Saturday. 14 hours of flying, no puking. At least one can hope. ;-)
5/31 6:21 AM
En route to Atlanta right now, we're just coming off of the Pacific ocean near the British Columbia/Washington border. Almost home.
Earlier in the flight I watched the season finale of Desperate Housewives, an episode of Everest: Beyond The Limit, ate a bowl of bibimbap and passed out (chemically enhanced by Ambien, but no alcohol and no puking). 5 hours of relaxing sleep later, we just had "breakfast", some kind of beef soup, noodles, rice and Korean pickles. They make pretty decent food on Korean Air, I'd fly them again. Now I am watching The Bucket List and staring at the monitor watching the plane creep ever so slowly across North America. I'll be seeing my Maya Papaya in a few hours! I think she's been a bit of a pain in the butt to Steph lately, their drive to and from Florida was apparently less than stellar. Maybe she just needs some daddy time. I certainly need some of that myself.
The past few weeks have been really hard. Everyone told me that I would stop traveling after Maya arrived. I didn't, and I don't wish I had. But when it rains, it pours, and the travel has been crazy lately. Since Maya's birth I have done trips to NJ, TX, central GA, and Singapore. In the next few weeks I will be in Boston, NYC, Baltimore and Chicago. And that's just before the end of June! So I clearly have not stopped traveling, but the trips are different now. I'm traveling too much, and feeling guilty that I am missing Maya as she "grows up". I know that she has a long way to grow, but she changes every time I see her. When I call or come home after I a trip I find out that she is making new noises, smiling more, etc. Will I miss her first time crawling? First word? On the other hand, I work from home when I am not on the road. So I get to spend more time with Maya during those weeks than most of the dads I know who don't travel, but spend their lives at work.
I don't want to miss these one time events in Maya's life, but this is my job. I love the job, and the opportunities it provides and my wife and daughter. Can one be put above the other? My job allows us the very nice and comfortable life that we live, both in material things like houses, and experiences like traveling around the world (vacation, not work), putting money away for Maya to attend the school of her choice someday and (hopefully) early retirement for Steph and I. We have no needs that go unfulfilled and want for nothing. (Well, I'd love a convertible, but I hardly drive any miles these days, so its a total waste of money.)
Are the tradeoffs worthwhile? Will I some day look back and wish I had made a different choice? I just don't know. I do know I am greatly looking forward to giving her a big kiss when I see her soon. I'm not quite looking forward to cleaning a poopy diaper, but I have to take the good with the bad and relieve Steph of her duties (doodies?) with Maya.
1:10 PM 5/31
I am finally in the house with Steph, Maya and the dogs. It is good to be home!
Monday, October 29, 2007
Foundstone Blogging
Wednesday, April 25, 2007
Preview of my Cf.Objective() Talk
Thanks to Charlie Arehart and the guys behind Cf.Objective(), I'll be presenting a 30 minute mini-talk on Friday entitled "Security and the SDLC: Threat Modeling". This will be the first online user group presentation I'll be doing and I'm pretty excited!
"In this 30 minute preview of his CFObjective seminar, Dean will examine how threat modeling can be used as a baseline activity to ensure the security of web applications. Threat modeling is a structured approach for identifying, evaluating and mitigating risks to system security. By modeling a system as an attacker would, development organizations can prioritize the usage of a development/security budget, manage risks to system security and find vulnerabilities earlier than technical testing or code reviews. Applied early in the development lifecycle, threat modeling can be used to drive further secure SDLC activities, such as code reviews and penetration testing to ensure the security of your software throughout its lifetime."
While this is billed as a preview of my Cf.Objective() talk, its more of a parallel track. In this talk I'll be hitting on one of the three high ROI activities that can be added to the SDLC in order to begin addressing the problem of software insecurity. Of course at Cf.Objective() I'll be spending more time on the baseline activities, including code reviews and penetration testing, and how they fit into the overall development lifecycle.
I hope people will RSVP for this online meet-up and then come see me in Minneapolis next week!
"In this 30 minute preview of his CFObjective seminar, Dean will examine how threat modeling can be used as a baseline activity to ensure the security of web applications. Threat modeling is a structured approach for identifying, evaluating and mitigating risks to system security. By modeling a system as an attacker would, development organizations can prioritize the usage of a development/security budget, manage risks to system security and find vulnerabilities earlier than technical testing or code reviews. Applied early in the development lifecycle, threat modeling can be used to drive further secure SDLC activities, such as code reviews and penetration testing to ensure the security of your software throughout its lifetime."
While this is billed as a preview of my Cf.Objective() talk, its more of a parallel track. In this talk I'll be hitting on one of the three high ROI activities that can be added to the SDLC in order to begin addressing the problem of software insecurity. Of course at Cf.Objective() I'll be spending more time on the baseline activities, including code reviews and penetration testing, and how they fit into the overall development lifecycle.
I hope people will RSVP for this online meet-up and then come see me in Minneapolis next week!
Wednesday, March 14, 2007
The drinks got better...
After leaving the Heartland Brewery I met up with Chris Prosise, Will Chan — two of the Foundstone founders — and Eric Heitzman, an old coworker for dinner at OG in the East Village. We had a great dinner and then headed down the road to Burp Castle for some beers. Going to places like OG and Burp Castle remind me why I love NYC. Hearing what my coworkers pay for rent reminds me why I will never, ever live there.
It was great seeing some of the old Foundstone gang again. I miss these guys, their intellectual curiosity and just hanging out with them. Foundstone has changed as the old guard has slowly left and new folks come on board. Its not bad... its just different.
Off to waste 3 hours at Newark International Airport while I wait for my flight...
It was great seeing some of the old Foundstone gang again. I miss these guys, their intellectual curiosity and just hanging out with them. Foundstone has changed as the old guard has slowly left and new folks come on board. Its not bad... its just different.
Off to waste 3 hours at Newark International Airport while I wait for my flight...
Subscribe to:
Posts (Atom)