The Securosis Team
Rich Mogull, Analyst & CEO
Rich has twenty years experience in information security, physical security, and risk management. He specializes in data security, application security, emerging security technologies, and security management. Prior to founding Securosis, Rich was a Research Vice President at Gartner on the security team where he also served as research co-chair for the Gartner Security Summit. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator. Rich is the Security Editor of TidBITS, a monthly columnist for Dark Reading, and a frequent contributor to publications ranging from Information Security Magazine to Macworld. He is a frequent industry speaker at events including the RSA Security Conference and DefCon, and has spoken on every continent except Antarctica (where he’s happy to speak for free – assuming travel is covered).
Prior to his technology career, Rich also worked as a security director for major events such as football games and concerts. He was a bouncer at the age of 19, weighing about 135 lbs (wet). Rich has worked or volunteered as a paramedic, firefighter, and ski patroller at a major resort (on a snowboard); and spent over a decade with Rocky Mountain Rescue. He currently serves as a responder on a federal disaster medicine and terrorism response team, where he mostly drives a truck and lifts heavy objects. He has a black belt, but does not play golf. Rich can be reached at rmogull (at) securosis (dot) com.
Mike Rothman, Analyst & President
Mike’s bold perspectives and irreverent style are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and compliance. Mike is one of the most sought after speakers and commentators in the security business and brings a deep background in information security. After 20 years in and around security, he’s one of the guys who “knows where the bodies are buried” in the space.
Starting his career as a programmer and a networking consultant, Mike joined META Group in 1993 and spearheaded META’s initial foray into information security research. Mike left META in 1998 to found SHYM Technology, a pioneer in the PKI software market, and then held VP Marketing roles at CipherTrust and TruSecure – providing experience in marketing, business development, and channel operations for both product and services companies.
After getting fed up with vendor life, he started Security Incite in 2006 to provide the voice of reason in an over-hyped yet underwhelming security industry. After taking a short detour as Senior VP, Strategy and CMO at eIQnetworks to chase shiny objects in security and compliance management, Mike joins Securosis with a rejuvenated cynicism about the state of security and what it takes to survive as a security professional.
Mike published “The Pragmatic CSO” in 2007 to introduce technically oriented security professionals to the nuances of what is required to be a senior security professional. He also possesses a very expensive engineering degree in Operations Research and Industrial Engineering from Cornell University. His folks are overjoyed that he uses literally zero percent of his education on a daily basis. He can be reached at mrothman (at) securosis (dot) com.
Adrian Lane, Analyst & CTO
Adrian is a Security Strategist and brings over 22 years of industry experience to the Securosis team, much of it at the executive level. Adrian specializes in database security, data security, and software development. With experience at Ingres, Oracle, and Unisys, he has extensive experience in the vendor community, but brings a pragmatic perspective to selecting and deploying technologies having worked on “the other side” as CIO in the finance vertical. Prior to joining Securosis, Adrian served as the CTO/VP at companies such as IPLocks, Touchpoint, CPMi and Transactor/Brodia. He has been invited to present at dozens of security conferences, contributed articles to many major publications, and is easily recognizable by his “network hair” and propensity to wear loud colors. Once you get past his windy rants on data security and incessant coffee consumption, he is quite entertaining.
Adrian is a Computer Science graduate of the University of California at Berkeley with post-graduate work in operating systems at Stanford University. He can be reached at alane (at) securosis (dot) com.
Chris Pepper, Editor
Chris has worked as a Systems Administrator in New York City for the past 12 years, at a variety of non-profit and startup organizations, as well as a brief stint in the financial field. Chris is particularly interested in Linux (and more generally in open source), networking, and security. As a writer (particularly for TidBITS), Chris seeks to make complex subjects – such as OpenSSH and SSL – approachable to a wider audience. He blogs at Extra Pepperoni.
David Mortman, Contributing Analyst
David has over 18 years experience in information security, privacy, and compliance. He also has extensive experience in IT operations and management. Currently, David is the Chief Security Architect for Dell/Enstratius. Additionally, he is an author for emergentchaos.com and newschoolsecurity.com, and regularly presents at RSA, Blackhat and Defcon as well as other conferences both foreign and domestic. Prior to Dell, David ran Operations and Security for C3 and before that was the CISO for Siebel Systems where he ran information security and privacy and was heavily involved in compliance as well.
When he’s not working, David plays with his kids, runs swims and putters heavily in the kitchen or with the outdoor pizza oven. He can be reached at dmortman (at) securosis (dot) com.
David currently holds Advisory Board positions with Qualys, Lookout and the Virtuosi Group, and will not be participating in activities with potential conflicts of interests with those organizations.
Gunnar Peterson, Contributing Analyst
Gunnar Peterson is a Managing Principal at Arctec Group. He is focused on distributed systems security for large mission critical financial, financial exchanges, healthcare, manufacturer, and insurance systems, as well as emerging start ups. Mr. Peterson is an internationally recognized software security expert, frequently published, an Associate Editor for IEEE Security & Privacy Journal on Building Security In, a contributor to the SEI and DHS Build Security In portal on software security, a Visiting Scientist at Carnegie Mellon Software Engineering Institute, and an in-demand speaker at security conferences. He maintains a popular informationsecurity blog at http://1raindrop.typepad.com.
Gunnar resides in Minnesota; even in winter.
Gunnar is a technical advisor and has financial interest in Ping Identity, and will not be participating in any activities that could present a potential conflicts of interest due to this relationship.
Dave Lewis, Advisor
Dave has over 15 years industry experience. He has extensive experience in IT operations and management. Currently, Dave is a Senior Security Advocate for Akamai and will not be participating in activities that could present a potential conflicts of interest due to this relationship. Dave is the founder of the popular security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. Dave is also has a blog on CSO
Prior to his current role, Dave worked in the finance, healthcare, entertainment, manufacturing and critical infrastructure verticals. He has worked for a defense contractor as a security consultant to clients such as the FBI, US Navy, Social Security Administration, US Postal Service and the US Department of Defense to name a few.
When not at work Dave can be found spending time with his family, playing bass guitar and polishing his “brick of enlightenment”.
He can be reached at dlewis (at) securosis (dot) com.
James Arlen, Contributing Analyst
James Arlen, CISA, is Principal at Push The Stack Consulting providing security consulting services to the utility and financial verticals. He has been involved with implementing a practical level of information security in Fortune 500, TSE 100, and major public-sector corporations for more than 15 years. James has a recurring column on Liquidmatrix Security Digest. Best described as: “Infosec geek, hacker, social activist, author, speaker, and parent.” His areas of interest include organizational change, social engineering, blinky lights and shiny things.
James can be reached at jarlen (at) securosis (dot) com
Gal Shpantzer has 12 years of experience as an independent security professional and is a trusted advisor to CSOs of large corporations, technology and pharma startups, Ivy League universities and non-profits/NGOs specializing in critical infrastructure protection. Gal has been involved in multiple SANS Institute projects, including co-editing the SANS Newsbites, revising the E-Warfare course and presenting SANS@Night talks on cyberstalking, CAPTCHAs and endpoint security. In 2009, he founded and led the privacy subgroup of the NIST Smart Grid cybersecurity task group, resulting in the privacy chapter of NIST IR 7628. He is a co-author of the Managing Mobile Device Security chapter in the 6th ed. Vol 4 of the Information Security Management Handbook (2010) with the late Dr. Eugene Schultz. Gal collaborated with Dr. Christophe Veltsos to present the ongoing Security Outliers project, focusing on the role of culture in risk management at RSA, CSI, BSides and Baythreat conferences. Most recently, he was involved as a subject matter expert in the development of the U.S. Department of Energy’s Electric Sector Cybersecurity Capability Maturity Model (ESC2M2) in 2012. Gal is currently involved in the Infosec Burnout research project and co-presented on this topic at BSides-Las Vegas (2011) and RSA (2012).
He was completely unable to add humorous tone to his bio, and is thus suffering the editorial consequences. Gal can be reached at gshpantzer (at) securosis (dot) com.