The Securosis Team
Rich Mogull, Analyst & CEO
Rich has twenty years experience in information security, physical security, and risk management. He specializes in data security, application security, emerging security technologies, and security management. Prior to founding Securosis, Rich was a Research Vice President at Gartner on the security team where he also served as research co-chair for the Gartner Security Summit. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator. Rich is the Security Editor of TidBITS, a monthly columnist for Dark Reading, and a frequent contributor to publications ranging from Information Security Magazine to Macworld. He is a frequent industry speaker at events including the RSA Security Conference and DefCon, and has spoken on every continent except Antarctica (where he's happy to speak for free -- assuming travel is covered).
Prior to his technology career, Rich also worked as a security director for major events such as football games and concerts. He was a bouncer at the age of 19, weighing about 135 lbs (wet). Rich has worked or volunteered as a paramedic, firefighter, and ski patroller at a major resort (on a snowboard); and spent over a decade with Rocky Mountain Rescue. He currently serves as a responder on a federal disaster medicine and terrorism response team, where he mostly drives a truck and lifts heavy objects. He has a black belt, but does not play golf. Rich can be reached at rmogull (at) securosis (dot) com.
Mike Rothman, Analyst & President
Mike's bold perspectives and irreverent style are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and compliance. Mike is one of the most sought after speakers and commentators in the security business and brings a deep background in information security. After 20 years in and around security, he's one of the guys who "knows where the bodies are buried" in the space.
Starting his career as a programmer and a networking consultant, Mike joined META Group in 1993 and spearheaded META's initial foray into information security research. Mike left META in 1998 to found SHYM Technology, a pioneer in the PKI software market, and then held VP Marketing roles at CipherTrust and TruSecure -- providing experience in marketing, business development, and channel operations for both product and services companies.
After getting fed up with vendor life, he started Security Incite in 2006 to provide the voice of reason in an over-hyped yet underwhelming security industry. After taking a short detour as Senior VP, Strategy and CMO at eIQnetworks to chase shiny objects in security and compliance management, Mike joins Securosis with a rejuvenated cynicism about the state of security and what it takes to survive as a security professional.
Mike published "The Pragmatic CSO" in 2007 to introduce technically oriented security professionals to the nuances of what is required to be a senior security professional. He also possesses a very expensive engineering degree in Operations Research and Industrial Engineering from Cornell University. His folks are overjoyed that he uses literally zero percent of his education on a daily basis. He can be reached at mrothman (at) securosis (dot) com.
Financial Disclosure: Mike is a shareholder of eIQnetworks, as a result of his term of employment. As the shares are not publicly traded, and therefore cannot be readily sold, Mike will have no contact with eIQ as long as he maintains a financial interest. To the degree Mike participates in research and/or briefings relating to the markets in which eIQ participates, full disclosures will be made and Mike will not advise end users on vendor selection relating to these markets.
Adrian Lane, Analyst & CTO
Adrian is a Security Strategist and brings over 22 years of industry experience to the Securosis team, much of it at the executive level. Adrian specializes in database security, data security, and software development. With experience at Ingres, Oracle, and Unisys, he has extensive experience in the vendor community, but brings a pragmatic perspective to selecting and deploying technologies having worked on "the other side" as CIO in the finance vertical. Prior to joining Securosis, Adrian served as the CTO/VP at companies such as IPLocks, Touchpoint, CPMi and Transactor/Brodia. He has been invited to present at dozens of security conferences, contributed articles to many major publications, and is easily recognizable by his "network hair" and propensity to wear loud colors. Once you get past his windy rants on data security and incessant coffee consumption, he is quite entertaining.
Adrian is a Computer Science graduate of the University of California at Berkeley with post-graduate work in operating systems at Stanford University. He can be reached at alane (at) securosis (dot) com.
Chris Pepper, Editor
Chris has worked as a Systems Administrator in New York City for the past 12 years, at a variety of non-profit and startup organizations, as well as a brief stint in the financial field. Chris is particularly interested in Linux (and more generally in open source), networking, and security. As a writer (particularly for TidBITS), Chris seeks to make complex subjects -- such as OpenSSH and SSL -- approachable to a wider audience. He blogs at Extra Pepperoni.
David Mortman, Contributing Analyst
David has over 15 years experience in information security, privacy, and compliance. He also has extensive experience in IT operations and management. Currently, David is the sole proprietor of Campbell-Mortman Associates, where he provides consulting services. Additionally, he is an author for emergentchaos.com and newschoolsecurity.com, and regularly contributes to Information Security magazine. Prior to Campbell-Mortman Associates, David was the CISO for Siebel Systems where he ran information security and privacy and was heavily involved in compliance as well.
When he's not working, David plays with his kid and his new puppy, and putters heavily in the kitchen. He can be reached at dmortman (at) securosis (dot) com.
David currently holds Advisory Board positions with Qualys, Reflective, Applied Identity, Debix, and Pareto Networks, and will not be participating in activities with potential conflicts of interests with those organizations.
Gunnar Peterson, Contributing Analyst
Gunnar Peterson is a Managing Principal at Arctec Group. He is focused on distributed systems security for large mission critical financial, financial exchanges, healthcare, manufacturer, and insurance systems, as well as emerging start ups. Mr. Peterson is an internationally recognized software security expert, frequently published, an Associate Editor for IEEE Security & Privacy Journal on Building Security In, a contributor to the SEI and DHS Build Security In portal on software security, a Visiting Scientist at Carnegie Mellon Software Engineering Institute, and an in-demand speaker at security conferences. He maintains a popular informationsecurity blog at http://1raindrop.typepad.com.
Gunnar resides in Minnesota; even in winter.
Gunnar is a technical advisor and has financial interest in Ping Identity, and will not be participating in potential conflicts of interest due to this relationship.
Dave Lewis, Contributing Analyst
Dave has over 15 years industry experience. He has extensive experience in IT operations and management. Currently, Dave is the security lead for a critical infrastructure company where he deals with Smart Meter, Smart Grid and SCADA security. Dave is the founder of the popular security site Liquidmatrix Security Digest which he runs in addition to the fledgling site cloud security site dubcloud.com.
Prior to his current role, Dave worked in the finance, healthcare, entertainment and critical infrastructure verticals. He has worked for a defense contractor as a security consultant to clients such as the FBI, US Navy, Social Security Administration, US Postal Service and the US Department of Defense to name a few.
When not at work Dave can be found spending time with his family, playing bass guitar and polishing his "brick of enlightenment".
He can be reached at dlewis (at) securosis (dot) com.
James Arlen, Contributing Analyst
James Arlen, CISA, is Principal at Push The Stack Consulting providing security consulting services to the utility and financial verticals. He has been involved with implementing a practical level of information security in Fortune 500, TSE 100, and major public-sector corporations for more than 15 years. James has a recurring column on Liquidmatrix Security Digest. Best described as: "Infosec geek, hacker, social activist, author, speaker, and parent." His areas of interest include organizational change, social engineering, blinky lights and shiny things.
James can be reached at jarlen (at) securosis (dot) com
