I left my previous job at a big 4 consultancy after 7 years as I saw opportunities for a better lifestyle outside of the firm for myself and my family.
Currently I am working two days a week assisting a colleague at a government agency who is acting as a CISO. I'm looking for another two days a week of work, preferably supporting infosec management although I can work with enterprise security architecture or perform infrastructure or
Web application penetration testing.
I'm really keen to work closely with CISOs and people who have held that position as I am interested in learning the fine arts of diplomacy, engagement and the martial discipline of corporate survival. One day I would like to act as a true CSO leveraging my experience in physical, electronic and information security.
Currently I'm interested in working with the following "sexy" areas of infosec:
- DLP implementation
- Security design for SaaS offerings (my business is 95% in the "cloud")
I'm launching a web application security assessment with business intelligence (WASABI) supported by a web application called KATANA (that doesn't stand for anything as yet, suggestions welcome) and am writing a sample enterprise security architecture called SHIRO (that's japanese for castle in case you were guessing)
Some of the things I am looking forward to work wise are:
-Going to blackhat in las vegas next year and RSA in san francisco the following year. Looking forward to catching up with many colleagues I have only worked with virtually.
-working in perth, my hometown for stints
- learning more python maybe some ruby
- doing some training with immunity inc.
- doing more with the Australian Information Security Association
- developing my start up, the Centre for Application Security http://www.appsecratings.com
- bringing the unique services of overseas consultancies to the Australian market
Some of the things I am enjoying about contracting are:
- running linux as an OS and open source applications such as open office (they sure are quicker and don't crash)
-using webmail exclusively with a massive storage limit
- carrying an eeepc rather than an IBM T41
4 comments:
I really admire your goals and commitment to leaving your past employer. Thats a big leap but I think you've got all the skills to achieve everything you've identified and then some.
It's said people overestimate what they can achieve in a year but underestimate what can be done in ten.
Have you thought of specifically *targeting* those businesses or individuals in organisations you would like to learn from or work with?
I will be tracking your progress mate, as I think you're an incredible asset to the profession and your approach to security and consulting has been inspiring for me.
Best of luck to you Matthew!
I don't think you should make KATANA an acronym. Let it stand on it's own IMO!
All the best with it Matthew. Sorry for the slow response. Have been away.
DD
I've just taken a look at the appsecratings.com site. I'm not sure what your goal is there.
It looks like your trying to set a strong baseline for COTS software but it is impossibly high and requires vendors to pay you money. More over you have to be a paid assessor to make a recognised assessment and you have to pay for training.
I don't see the value proposition of the service. Why would anyone - an assessor or a vendor - pay you money for this service?
Happy to float/brainstorm some ideas with you if you want to email me.
Cheers
- J.
Post a Comment