Why Virtual Sweater Vest?
A wise man whose opinion I trust suggested that a good IT security practitioner should strive to be the best security resource in his or her community. He should share what he has learned and work to help others protect themselves from identity theft, fraud, virus and malware infection, and other computer-based security incidents. This website is my attempt to give back, to collaborate with other IT professionals, and to have a little fun.
I am known as a lover of the sweater vest. As I have gotten older and a little heavier, the sweater vest has proven to be a great tool for hiding a few extra pounds and saving me a few extra minutes at the ironing board each morning. That said, the sweater vest has another important and somewhat ironic meaning to me and my co-workers. A few years ago, an issue came up at work concerning the need to secure an important network device. The work was going to take quite a bit of both time and money, neither of which had been budgeted. So a colleague looked to me for help because I had a reputation for creative diplomacy when it came to dealing with our upper management. I was fairly good at explaining and solving problems in a way that kept management’s wrath at a minimum. My co-workers had a few other names for my skill, often beginning with the letters “BS” or the phrase “full of *stuff* “. During the conversation, another co-worker came in to my office and overheard the dilemma. He looked at my other colleague and said, “You’ve got this. Just put on your virtual sweater vest," referring to my frequent attire. After a good laugh, I realized I liked the phrase and could have a little fun with it, so a few hours later, virtualsweatervest.com was born.
The Data Centric Security Model
Several years ago, I made a conscious decision to stop focusing exclusively on technical security controls (which was my comfort zone) and I began to develop a personal security strategy or methodology based on the input of my peers in the industry. I quickly realized that IT security begins and ends with data in one form or another. As such, I adopted a data centric security model. The following diagram is a good representation of the fundamental questions and related access controls:
I am an IT professional with roughly 26 years of experience at one level or another. I began my career in Desktop Support and have held positions in Network Administration & Engineering, Network Management, and IT Security & Compliance Management. I now find myself in the exciting world of IT Security Consulting. Along the way I have picked up some experience and a few certifications including the Microsoft MCP (back in the MS Workstation and Server 4.0 days), Cisco CCNA (2001-2004), and CompTia Network +. I am a former PMI Project Management Professional and I am currently GIAC GSLC and (ISC)2 CISSP Certified.
My formal education was extremely helpful in my current career path. I am a Magna Cum Laude graduate of Emory & Henry College with a B.A. in Philosophy and Political Science and minor focuses in Religion and East Asian Studies. Clearly I knew way back then that I was destined for a long career in Information Technology. All joking aside, I consider my time at E&H invaluable and credit my alma mater with helping me to develop a keen sense of logic and sound verbal and written skills.
When I am not working or waxing nostalgic on the web, I am at home with my wonderfully patient wife and two remarkable sons. I try to steal away occasionally for a round of golf or two, or tinker with a new recipe on my Big Green Egg. I am blessed to be a member of the Walnut Hill Church family and try to spend as much time as I can serving my church and my God.