I want to start this whole blogging thing with a couple of fundametal thoughts:
1) The contents of this blog of are that of my own, and not intended to speak on behalf of my employer.
2) The corporate logo on my paycheck does not change the tint of my sunglasses. I write with the industry in mind, not focused on my paycheck. This is not an advertising space, and will be a sounding board for thought and discussion to further threat management and information security as an industry.
It seems like everyone and their dog has a blog these days. I was prompted by Jerermiah Grossman and Michael Dahn to get one started- so here I am. Some dude with a great name owns the space I wanted over at blogspot (seriously Trey, I want that url- have your people call my people?)
Blogging protocol requires a brief into into who I am, and what I’m going to be writing about- My objective here will be to raise awareness into some of the issues and opportunities I see in the infosec industry, bring clarity and discussion to various software and security related subject matter I have access to, and bring a degree of spin and humor to the everyday business and technical people I invest my life in.
My name is Trey Ford, today I serve at WhiteHat Security as the Director of Solutions Architecture. I’m not sure how best to explain what I do, as I wear a couple of hats. I enjoy a role of client advocacy in pursuit of new client relationships, exploring new ways to partner, and how to ensure existing subscribers are deriving the maximum benefit of WhiteHat’s Sentinel service. Feature specifications, partnership opportunities, technical sales support, and others. Startups are great for innovation!
Prior to WhiteHat, I served in various roles at FishNet Security. At the end of my tenure there, I was doing business development work as Director of Strategic Solutions by developing customized service offerings and solutions. Prior to that I was primarily tasked with security assessments. As Compliance Practice Lead, I built the PCI and compliance practice for FishNet, and served in a variety of offerings from penetration testing to social engineering, as well as executing standards and risk based assessments with little letters (ISO, COBIT, OCTAVE, HIPAA, etc.) I had the privilege of working with, serving, and studying under some really sharp individuals and organizations.
Prior to pondering InfoSec full time, I spent time in a couple of other IT related roles in the Kansas City and the mid-western United States. I ran a small IT service firm, served in various network engineering and sys-admin roles, and collected a small heap of certifications from Microsoft, Cisco, CompTIA, IBM, HP, Compaq, and others.
Enough of me- I hope you enjoy my rants.
Trey Ford - Security Spin Control 