BiographyJim has been a leader in security for almost 30 years. During his first 7 years as a programmer, he learned the fundamentals of operating systems, programming languages, and data structures. He also saw a lot of products shipped to meet market windows without full implementation, sufficient testing, and plans for remedying shortcomings. He also saw the effects of when the midset of "never enough resources to do it right, but always enough to do it over."
His background in programming served Jim well in the second phase of his career in systems administration. In trying to remedy systems problems, Jim often conjectured where corners would have been cut. In systems administration, Jim began to realize that security and cost-effective systems administration have synergy. Jim also developed a Sun clonng process that could be argued was the father of Jumpstart. Jim also proposed 2 security controls for the IEEE 1387.2 (Software Management) standard.
He also began to gain a hearing with management when security could be put in terms of cost effectiveness. It was his integrated security focus that transitioned Jim into his 3rd phase of his career, full time information security.
Jim has been blessed to have worked with several security luminaries, including Michael Gerdes, and Linda Stutsman. They have added significantly to his career development.
During his time as a network security architect for Xerox, he wrote the first operating system security standard (for Unix), re-architected their security exception process, architected and lead their first corporate internal computer emergency response team, arranged for their first security posture assessement, drafted the first Windows (NT) security standard, and project managed remote access security. During this time, Jim also contributed to the first SANS Incident Handling Step-By-Step guide.
Jim joined RIT in 2001, and has built the information security program there through the establishment of trust, recognition of teamwork, and fiscal responsibility. Standards have been a key focus to help combat the exponential increases in vulnerabilities and incidents. Jim established standards as another level of partcipative governance, mandated by policy. Jim has endevoured to work with the Educause and the security communities through sharing knowledge, processes, and doumentation. To extend economies of scale, he championed the use of the Creative Commons license for security products. Jim also is a representative in the education sector for the New York state ISAC (NYS-CSCIC). Most recently, he has been looking at the application of systems thinking to information technology and information security.