Tell Us About You
I have a background in computer engineering, and over the past 10 years I’ve been in engineering and consulting roles at organizations like MIT and a variety of startups. I live in New York City and love to read, do yoga, and learn new languages. In normal, non-pandemic times, I’m an avid traveler, though that has obviously been put on hold in the past year. Some of my favorite trips have been to Tanzania and the Serengeti, Zanzibar, Egypt, Ukraine, and Finland.
How’d You Get Interested In Security?
My first experience with security was my senior year at Boston University pursuing a degree in computer engineering. I had the opportunity to take one of only two security courses available at the university at that time. I wasn’t expecting much beyond a typical undergrad class, but I was blown away. Everything we did was interactive. For example, for the midterm and final exams, I had to hack a server.
But the part that really convinced me that security was for me was our term project, which was meant to be a replica of existing research or the creation of new security research. Along with a few peers, we hacked the square reader, disabling the encryption through a hardware encryption bypass. This allowed us to gather credit card information of unsuspecting users and, if we had been criminals, sell that information online. This research culminated in a talk at Black Hat USA 2015, which gave me amazing insight into the incredible community and important work taking place in security.
What’s Your Favorite Hacker Movie, And What Drives You Bonkers About The Way Security Pros And Hacking Are Portrayed In Movies/TV?
This isn’t explicitly a hacker movie, but to me it has aspects that relate back to hacking and security: “Ender’s Game” (both the book and the movie). The dynamic in “Ender’s Game” revolves around the games themselves, which in many ways seem to have little meaning until you reach the end of the book. I think a lot of hackers can relate to a love of puzzles and games regardless of the impact of the outcome. With security, we apply that creativity and interest to something as complex and critical as trying to improve the security of computers and the internet.
Obviously, security professionals and particularly hackers are portrayed in a very bizarre light in the media. More universally, I find there is a clear misconception and in some cases demonization of hackers and security professionals. A frustrating example of this is the penetration testers who were arrested last year just for doing their job. It’s important that we humanize security professionals, hackers, and the work they do and make it clear that this work is to improve security and isn’t malicious.
What’s The Most Interesting Cybersecurity Trend You’re Tracking Right Now?
I have to pick two, one in my coverage area and one more generally.
The first trend I’m tracking closely is XDR (extended detection and response). We’ve seen XDR gain significant interest from the vendor community over the past few years as an evolution of EDR (endpoint detection and response). I’m very curious about where XDR will go and how it will affect existing tools in the space, like SIEM (security information and event management) and SOAR (security orchestration, automation, and response) technology. I want to hear from the end users directly as to whether they want to adopt XDR and what may or may not be driving them toward it.
The second trend I’m tracking closely is the impact of cybersecurity on election security and national security. I’m a big politics and history of war buff, and the incredible impact of cybersecurity on these areas cannot be understated. Before joining Forrester, I regularly spoke on election security implications from cybersecurity threats, beyond disinformation, and looked into actual physical impact and historical implications.
What Topics Will You Be Covering At Forrester?
I’m very excited to be covering security operations at Forrester. My coverage includes the people, processes, and tools of the security operations center (SOC), including security analysts, SIEM, security user behavior analytics (SUBA), security analytics (SA), SOAR, EDR, XDR, and SOC metrics. I’m particularly looking forward to bringing the human element to the forefront in security operations, as I mentioned in my first blog post for Forrester.