Please tell us a bit about yourself, your background, and your multiple endeavors, including your role as a Research Category Lead for Security and Risk at GigaOm
I’ve spent much of the last two decades working in, on, and around the internet and the networks that make it up. I’ve helped build a couple of ISPs (internet service providers), as well as many other data center (public and private cloud) and campus (including multi-site regional WAN) networks. Of course, building great networks requires a solid understanding of the applications and data that traverse them, and how to secure all of it.
In addition to building and operating networks and broader IT infrastructure, I’ve spent time working with folks who hold multiple PhDs in an R&D think tank. In fact, I won “Inventor of the Year” while in that role for my prolific idea generation and now hold 8 patents. After that, I spent a couple of years flying around the world educating folks about technology, and also about community organization and how the internet economy works. I’ve given public talks in 34 countries, across 5 continents. Along the way, I wrote a couple of short books on deploying IPv6.
I founded my first non-profit organization just a few years after my first for-profit company, back in the early noughts. I have since helped launch numerous operator groups, community conferences, educational committees, and other public benefit organizations. I believe that technology has the power to benefit all of humanity and that it is our responsibility to ensure it does.
These days I am expressing that belief as the Managing Director at Grundemann Technology Solutions, co-founder and CSO (Chief Strategy Officer) at FullCtl, the practice lead research analyst for all networking and security topics at GigaOm, the creator and co-host of The Imposter Syndrome Network Podcast (where we tell technology professional’s origin stories to inspire and inform the next generation of digital infrastructure engineers), the co-founder and Chair Emeritus of IX-Denver, and a Board Director for OIX.
In short, I’m busy making the internet more accessible, resilient, and secure!
What drew you into working for GigaOm and what does your current role entail?
GigaOm is disrupting the IT Analyst market by leveraging practical real-world expertise in all of our analyses. Almost all of our analysts have worked in Enterprise IT and gotten our hands dirty deploying the technologies that we now evaluate and write about for other engineers.
Many of us are actually still today independent contractors doing this hands-on work in the field. This is invaluable as it lends a perspective to our work that is simply impossible to capture without direct experience designing, deploying, and operating real IT estates. And that’s why I joined GigaOm, because we have the unique ability among analyst firms to really advocate and write for the users. I repeat this to my analysts all the time; we write for the users. That’s simply not true of many of the larger analyst shops.
My role as a 2x practice lead is really focused on three things. I ensure that within both Network & Edge and Security & Privacy that GigaOm identifies, explains, and evaluates the technologies that matter, now. In practice, that means lots of conversations with my analysts and my colleagues across the industry, plus lots of reading and watching videos, etc. to find those useful trends in networking and cybersecurity.
The second thing I spend time doing is finding and training analysts. It’s my responsibility to make sure that GigaOm has a team of subject matter experts ready and willing to cover these meaningful technologies, with that practitioner perspective.
And finally, being a practice lead entails ensuring the quality and accuracy of everything we publish in my areas. This really means I get to read all of the great reports before anyone else does, with the expectation that I weigh in wherever I think they can be improved in any way.
From the many things that have crossed your desk, what technologies and trends are you currently most excited about and/or most worried about, and why?
That’s really tough to answer because I believe that everything we cover is timely, relevant, and important. Of course, some trends do stand out, especially the ones that cut across multiple technologies.
Focusing on the security space I’d say that Zero-Trust and all of its enabling technologies are most exciting to me. Mostly because it seems to finally be being accepted on a much larger scale than it has before. It’s something we’ve talked about for a long time inside of the cybersecurity world, but that received a lot of push-back from enterprise executives and others previously. Perhaps because it’s an architecture and a mindset more than a technology, and because there are many moving parts in practice.
Things like IDaaS (Identity as a service), UEBA (user & entity behavior analytics), MFA (multi-factor authentication), and of course ZTNA (Zero-Trust network access), plus so many more all play a part.
Maybe it’s due to my networking roots, but I’m also very interested in the convergence of networking and security. We cover this space at GigaOm primarily in our SSA (secure service access) set of reports.
What are your thoughts about the future of 3rd party risk management?
I didn’t include risk management above because I knew you would ask about it!
At GigaOm, we cover this space in our GRC (Governance, Risk, and Compliance) series of reports. What I think has been the most striking revelation has been that even though the GRC market has been around long enough to be mature and well-established, unlike many other cybersecurity markets, it is currently in the throws of change.
In the past, only the largest organizations would (or could) invest in GRC. That’s changing rapidly, and so I’d say the biggest thing I see in the future of risk management in general, is the ongoing increase in adoption across the board; and that’s especially true for 3rd party risk management (TPRM). While it’s true that only a fraction of all organizations operate in highly regulated industries, all of us face cyber threats, and more and more of us are realizing the benefits of adopting a cyber risk framework.
This realization and increasing adoption of GRC specifically focused on cybersecurity elements is, I think, driving the future of GRC as a whole, and TPRM in particular. The result is easier to use, often cloud-based solutions.
It’s also leading to increased automation across areas such as information gathering, cyber risk analysis and mitigation, and third-party supplier analysis. We just can’t move fast enough anymore without automation helping us along. We also need to be able to peer deeper and deeper into our supply chains as they grow more complex. And I believe that business resilience will become more integrated into more solutions moving forward as well.
On a more personal note, what is something surprising about you that not a lot of people in your work environment know about you?
That’s the hardest question yet! Just because I tend to be a pretty open book with the folks I work with. But I’m pretty sure most folks don’t know that I’m a backyard mechanic. It’s the main thing my Dad and I did together while he was still with us and it’s stuck with me. I really love the physical aspect of it, as a counterpoint to my very digital working life. Putting a motor together and hearing it fire up for the first time is a pretty amazing experience.
In the past I built a replica of the A-Team van, I rebuilt an old AMC Eagle as a “shred sled” to get up to the mountains for snowboarding, and a Lexus IS300 that had over 500hp at the rear wheels when I was done with it. My current project is a 2013 Land Rover Range Rover Sport that I swapped in a new motor, lifted, and set up as an over-lander; the best four-by-four by far!