As many of you have already heard from Hoff (industry cyber-herald and the Michael Buffer to my Wladimir Klitschko) I am actively transitioning out of my role at CloudPassage, Inc. and am looking for my next “leap”.

The problem with moving on is that the first thing everyone asks you is “what do you want to do?” and “change the world” is never the answer the they’re looking for. But it’s true. I want to go somewhere that I can make a difference for the company, its customers/stakeholders/employees, and society as a whole.

What is often the showstopper, however, is when the topic of “work eligibility” inevitably comes up. Fear not, as the US Government has qualified me as an “alien of extraordinary ability” (nanoo, nanoo!):

Alien of extraordinary ability is an alien classification by United States Citizenship and Immigration Services. The United States may grant a priority visa to an alien who is able to demonstrate “extraordinary ability in the sciences, arts, education, business, or athletics”, or through some other extraordinary career achievements. This type of visa is also known as “genius visa”.

That’s right, “genius visa”. My mom was very proud and told all of her friends 🙂

I guess the easiest thing to do is list what I love doing at a company to give people a sense of where my head is at:

Driving Change
I bring a wealth of strategic and tactical insight about the security industry to the table. As an industry analyst I provided technology vendors, private equity firms, venture capitalists, and end users with strategic advisory services – including competitive research, new product and go-to-market positioning, investment due diligence and tactical partnership, and M&A strategy. Through this work at 451 Research, I helped several organizations secure tens of millions of dollars in equity investment.

I am a tool (in the helpful sense). Use me to build something to delight and drive your business, customers, employees, products, services, and position.

I Like To Lead and Manage
I love helping a team succeed. I love removing roadblocks (as mentioned above) to success. You can only execute on so many good ideas yourself. Building the right team to help a team turn ideas into brand awareness and revenue is something that I’ve excelled at in the past…and love!

Applied Research
I love to find solutions to complex problems. I love to look at things in new ways that I believe will help society. I’m not a “hacker” in the traditional sense but rather a “problem hacker”. That’s not to say that I just think up crazy-cool stuff. I learn programming languages to develop tools to address problems.

To channel Vanilla Ice, if there is a problem, yo, I’ll solve it.

Helping Others
Ask anyone. I love to help people solve problems, address challenges, and remove roadblocks to success. It makes me feel good to know that I’m helping someone else succeed.

Public Speaking
I love to talk, present, educate, and learn from others. Some say I’m a pretty good public speaker. I’ve certainly presented at my share of international security conferences including the SOURCE Conference, ISC2 Congress, Infosecurity Europe, SANS What Works in Forensics and Incident Response Summit, SANS Network Security, Security BSides (a bunch of them), RSA Security Conference, Americas Growth Capital, and the joint iTrust and PST Conferences on Privacy, Trust Management and Security.

I like to present and (apparently) people like to listen to what I have to say.

I Right Gooder Than Most
I’ve written 2 books and contributed on 2 others. I’ve been told that I’m a “prolific writer” but I see myself as someone who can type fast, distill information easily, and dump what’s in my head to “paper” in a short amount of time. I can write marketing material, technical blogs, books, and more.

So that’s what I love to do. Let’s just highlight some of the things that I am not so that we’re all on the same page:

I Am Not A Corporate ‘Yes Man’
I’m a strategic thinker (sometimes to a fault) and should I see ways to optimize a process, increase productivity, or drive excellence I’m going to provide my input as an additional data point. If I see something, I’ll say something. I am not a blind-follower of orders. I also don’t expect that my input is “the only way” to address an issue. I provide data.

I Am Not A 9-5er
I look at 9am to 5pm as “core meeting hours” not “core working hours”. If I need to work long hours to address an issue I do it. It’s not uncommon for me to work 60+ hour weeks if I believe what I’m doing is important. I don’t watch the clock. There are problems to be solved. I realize that people have family and personal commitments. I try to work around them as best I can.

I Am Not A “Single-Serving Friend”
There was a time that I loved to fly all over the globe. Visit new cities, drive around them in my rental car, and sleep in a different hotel room each week. I actually don’t enjoy traveling that much anymore. It keeps me away from my wife, my dogs, and my comfortable couch. Travel, like everything, should be done in moderation. Living on a plane is no life for me.

I Am Not A “Hired Gun”
I do not want to be a consultant. In fact, my visa disqualifies me from operating in such a capacity. Short term projects just won’t work. My visa requires that the role I am filling is one that is as exceptional as the visa designation. I want to join a company that has strategic objectives that I can help them achieve and I want to feel like without me and my team, this cannot be accomplished.

There it is. I may come back and modify the above lists but for now, let’s run with it as is.

If you want to reach out to me, please do so via email at andrewsmhay [at] gmail [dot] com or reach out via Twitter at @andrewsmhay.

Please, no consulting/contracting opportunities or recruitment firms.

Here is the latest (and hopefully last) update on the Openssl.org breach that I covered here and here.

Roughly 5 hours ago Mark Cox, Senior Director, Product Security at Red Hat and Founder/Core Team Member at The OpenSSL Group, commented on one of my earlier blog posts. In his comment, Mark pointed me to the updated version of the Openssl.org breach disclosure which now reads:

Website defacement: final details.
==================================

Last updated: 3rd January 2014

On Sun 29th December 2013 at around 1am GMT the home page of www.openssl.org was defaced. We restored the home page just after 3am GMT and started forensics, investigation, and recovery.

The OpenSSL server is a virtual server which shares a hypervisor with other customers of the same ISP. Our investigation found that the attack was made through insecure passwords at the hosting provider, leading to control of the hypervisor management console, which then was used to manipulate our virtual server.

The source repositories were audited and they were not affected.

Other than the modification to the index.html page no changes to the website were made. No vulnerability in the OS or OpenSSL applications was used to perform this defacement.

Steps have been taken to protect against this means of attack in future.

As I suspected, insecure passwords at the hosting provider were to blame and not some crazy 0day.

Summary: Better access control and clear breach details required.

Case closed.