I’m delighted to be announcing that I’ve joined Imperva as the CTO for Application Security. Many of you readers know me as the Forrester analyst covering Zero Trust, SASE, and network security since before the pandemic. But what you might not have known is prior to that, I was in application security from the beginning!
Like many GenX teenagers, I taught myself how to program on the fledgling excuses for computers that we had in that era. For me, it was BASIC on Commodore 64 at age 13. In high school I taught myself Pascal and C, and had my first paying programming job at 17. At the University of Colorado Boulder, I studied engineering physics and computer science under the legendary Evi Nemeth, who later tragically disappeared off the coast of New Zealand. At night, I wrote C and x86 assembler for a high-performance database (a FoxPro competitor) and, later, an offline client for the global consumer networks of the day (CompuServe and Prodigy, the precursors to AOL).
At CU boulder, I learned about this new academic network they called “the internet” and marveled at how you could just read these text documents called RFCs to see how all the protocols worked. One thing that struck me was how none of the protocols had any security built-in! So, I made the decision to focus my career on cybersecurity at age 22. I figured “if this Internet thing ever gets big, they’re going to need security people FOREVER!” and I made the decision to get into the field. TBH it was the only good decision that decade. Over the next 15 years I wrote code (C and C++) for authentication systems like GSSAPI and Kerberos and then later the asymmetric encryption we called SSL (now TLS). I spent what seemed like a decade staring at pcaps, stack traces, memory dumps, and the OpenSSL code.
Around this time, my then employer figured out that I could communicate with humans better than I could with computers; and I traded in my vi editor for a suit and a briefcase, and I went all over the world, talking with customers and prospects, talking application security by day and doing cyber research at night. We sold a Web Application Firewall and DDoS appliances and through these I came to know the OWASP Top 10. Later, I moved to a bot protection company and became enthralled by the difficulty of the problem space there.
Finally, as a Forrester analyst from 2019 to 2024, I had just about every conversation you could imagine (and some you couldn’t) with CISOs and network directors in the global 2000.
Hopefully, if you’ve read this far, I have established for you, my bona fides for the role and market.
I am particularly excited to be joining Imperva at this pivotal time. The foundations of software development are shifting. Delivery models keep changing; from on-premises, to private cloud, to public cloud, to mobile, to microservices. We in the tech community have incredible generative AI models to help us code, but they also represent a threat surface so large we can’t even measure it yet. And since the pandemic, programmers all around the world want to work remotely, which presents its own set of IP challenges.
In this turbulent time the world needs an application security specialist like Imperva that can secure applications on-premises, in the cloud, and SaaS from both attackers and automation. The global 2000 needs a specialist that isn’t tied to a particular load balancer, hyperscaler, or container orchestrator. When they’re ready for the best, the specialist they need is Imperva.
Look for me coming to your region; I can’t wait to talk to existing customers, prospects, skeptics, and developers. I want to catch up with you all.
Try Imperva for Free
Protect your business for 30 days on Imperva.