A wise man whose opinion I trust suggested that a good IT security practitioner should strive to be the best security resource in his or her community. He should share what he has learned and work to help others protect themselves from identity theft, fraud, virus and malware infection, and other computer-based security incidents. This website is my attempt to give back, to collaborate with other IT professionals, and to have a little fun.
I am known as a lover of the sweater vest. As I have gotten older and a little heavier, the sweater vest has proven to be a great tool for hiding a few extra pounds and saving me a few extra minutes at the ironing board each morning. That said, the sweater vest has another important and somewhat ironic meaning to me and my co-workers. A few years ago, an issue came up at work concerning the need to secure an important network device. The work was going to take quite a bit of both time and money, neither of which had been budgeted. So a colleague looked to me for help because I had a reputation for creative diplomacy when it came to dealing with our upper management. I was fairly good at explaining and solving problems in a way that kept management’s wrath at a minimum. My co-workers had a few other names for my skill, often beginning with the letters “BS” or the phrase “full of….”. During the conversation, another co-worker came in to my office and overheard the dilemma. He looked at my other colleague and said, “You’ve got this. Just put on your virtual sweater vest,’ referring to my frequent attire. After a good laugh, I realized I liked the phrase and could have a little fun with it, so a few hours later, http://www.virtualsweatervest.com was born.
The Data Centric Security Model
Several years ago, I made a conscious decision to stop focusing exclusively on technical security controls (which was my comfort zone) and I began to develop a personal security strategy or methodology based on the input of my peers in the industry. I quickly realized that IT security begins and ends with data in one form or another. As such, I adopted a data centric security model. The following diagram is a good representation of the fundamental questions and related access controls: