About Me

I’ve spent the better part of twenty-five years in technology. I came up through the internet boom and stayed through the bust. I found my way into financial services, which was a world I knew nothing about, and discovered that the technology mattered just as much but for entirely different reasons. That path eventually led me into cybersecurity, which turned out to be the decade everything changed. And now AI is rewriting the rules the same way the internet did twenty-five years ago. This is the longer version of that story.

Sometime in the mid-eighties, our family got a Tandy 1000. Radio Shack was a destination then, and home computing was new enough that the community gathered around magazines and weekend shows where hobbyists traded software floppies and parts. Compute! was one of those magazines, and published code you could enter line by line, and if you got the transcription right, it would execute without error. That’s how I got into programming. I was around ten years old, spending afternoons entering BASIC code I barely understood, but the feeling when it finally worked was enough to keep me coming back.

A few years later I had my own Mac and a 2400 baud modem, and that opened up a whole new online world of information. Before the web existed as most people know it, getting online meant firing up ZTerm and dialing into BBSes, text-based communities organized around whatever their creator cared about. CompuServe was the bigger on-ramp; you’d find a startup disk in the back of a computer magazine and dial in. Before search engines existed, Gopher was how you found things, a protocol for browsing documents and files across internet servers. Computer Chronicles on public television. And then there was IRC, real-time chat with people from everywhere. Between all of it, I spent more time staring at a screen than I should have. The irony of telling my kids to put their phones down is not lost on me.

I then got my hands on Linux. A coworker had a stack of Slackware floppies, and I installed it on a laptop I’d picked up through work. It was not a casual experience. I’d spend evenings after work and into the early morning reinstalling, recompiling the kernel for whatever hardware I was trying to get working, and building applications from source with GCC because that’s how software was distributed. ./configure, make, make install, and hope nothing broke along the way. You partitioned the drive by hand, fed it floppy after floppy, and if something went wrong you went back to the beginning or found someone on IRC who had seen the same error. I was instantly hooked.

Linux in the mid-nineties felt less like software and more like a movement. There was no Google to search, no Stack Overflow to reference. If you were stuck, you found someone in an IRC channel or you showed up to a local user group in person. I became a Linux expert almost by accident, and it shaped the rest of my career in ways I didn’t see coming. Linux forced you to understand kernels, storage, and networking from the inside out. You couldn’t just use the system without understanding how it worked. Nobody at the time could have predicted that this open source project would go on to power most of the internet, and I’d end up building on top of it for the next two decades.

By the late nineties I was in Chicago, working on what would become a strange footnote in computing history. Y2K was a real problem because every system that stored years as two digits was a potential failure point when 2000 arrived, and there were a lot of those systems. I spent a year debugging applications and going through other people’s Perl code, finding every place a date was used and making sure it would survive the rollover.

Sticker used by Best Buy in 1999 recommending their customers turn off their computers ahead of January 1, 2000 to avoid any issues which may be caused by the Y2K problem. Sticker used by Best Buy in 1999 recommending their customers turn off their computers ahead of January 1, 2000 to avoid any issues which may be caused by the Y2K problem. Original: Best Buy, Vector: DraftSaturn15Public Domain

When January 1, 2000 came and went quietly, I ended up back in California. San Francisco this time. I remember seeing the Yahoo sign on I-80 for the first time in person and not quite believing I’d made it there. This was the height of the internet boom, and I was right in the middle of it. I also met my wife there, which, it turns out, mattered more than any of it.

The Yahoo! billboard on I-80 in San Francisco. The Yahoo! billboard on I-80 in San Francisco, a Googie “retro hotel-style” freeway billboard that stood from 1999 through 2011. Photo: Daniel SpisakCC BY-SA 2.0

Then the bubble burst. Companies started shutting down, and people were leaving the city so fast you couldn’t find an available moving truck. I was one of them, relocated to Southern California as the industry consolidated around me.

Southern California turned out to be a good place to land. I spent the next several years responsible for the technology operations behind some fast-growing internet companies, building teams and making sure everything scaled. I got married, and our son was born. By 2006 we were ready for a change of pace and moved to the Chicago area hoping to slow things down a bit. I was still in the internet world for a couple of years, but by 2008 I was ready for something different.

Circa 2005, data center buildout at Equinix in downtown Los Angeles. Circa 2005, data center buildout at Equinix in downtown Los Angeles. Personal photo.

I ended up at an insurance company, of all places. I figured it was a step back. I was wrong. Technology wasn’t the product anymore, it was the vehicle. The people I was working alongside were building annuity products and managing long-term financial risk in ways that had nothing to do with shipping software. Learning to make technology serve something other than itself turned out to be the most formative shift of my career.

The business ran on a mainframe, and over time I grew to respect the technology in ways I hadn’t expected. At the time it was common for insurance companies to take on projects to port their COBOL applications to commodity hardware that emulated the mainframe environment. The people who knew the platforms and the code were retiring, mainframe costs weren’t getting cheaper, and the instinct across the industry was to move. But porting didn’t solve the talent problem because you still had the same code, and now you needed people who understood both the old and the new. I went the other way. I kept investing in the mainframe, upgraded it, and built new products on modern platforms alongside it. Life insurance policies can stay on the books for decades, often outliving the people and the systems that created them, and the mainframe had already proven it could carry that kind of commitment.

Our daughter was born a couple of years later, and in 2011 the company relocated us to Houston. I never pictured myself in Texas. The heat, the humidity, the allergies I didn’t know I had. But somewhere between settling in and watching the kids grow up, Houston stopped being the place we moved to and started being the place we were from. We’ve been here since, and it’s home.

A few years later we sold the company. The organization that acquired us had no security program to speak of. I became responsible for building one, not because I had planned it, but because the business moved around me and I adapted. All those years of building platforms, running operations, and understanding what keeps a business running suddenly applied in a way I hadn’t anticipated. I was no longer building the technology. I was protecting it.

At the time, most companies in our industry still treated security as an IT problem. The coming years proved it was much more than that. The threats evolved, the tactics and techniques used against companies grew more sophisticated, and sometimes the landscape shifted faster than organizations could keep pace with. Over the next decade, the world I was building in changed completely:

Every one of those events shaped how I thought about the programs I was building. I didn’t chase headlines or panic-buy tools every time a competitor got breached. I made deliberate choices with limited resources, accepted risk where it was reasonable, and evolved the programs year over year. Early on I committed to a risk framework that most of the industry hadn’t adopted yet, and when the regulatory landscape caught up a few years later, we were already where we needed to be. But plans rarely survived contact with the next threat. Priorities shifted, resources moved, and the programs had to adapt.

The company grew significantly over the next decade, and was eventually acquired by one of the largest private equity firms in the world. The security program held up, and so did the people who helped me build it. Whatever I got right over those years, very little of it was mine alone.

The acquisition eventually brought its own leadership team, and my chapter there came to a close. Now I’m figuring out what the next one looks like. I’ve always been a tinkerer, and that hasn’t changed. I stay on the offensive side of security, keep close to the technology, and write here when something is worth saying. I’m not afraid to share my opinions, and I don’t always take the popular side. I picked up sailing a few years back and haven’t been able to put it down. And I’m a Liverpool supporter, which mostly means I’ve learned to live with heartbreak, though being at Anfield with my son when they lifted the Premier League trophy made up for a lot of it.

What’s next? I’m exploring my next opportunity in technology leadership, whether that’s as a CISO, CTO, CIO, or in an advisory capacity. If you think there might be a fit, let’s talk.