For the past 2+ years I've been running the Secure Development Program at PayPal. This involves rolling out secure development methodology, tools, training, etc. I've also been doing a fair bit of internal product management for application security features. This was needless to say more than a fulltime job.
In my spare time (yeah right) I've been doing some work on internet governance. Things like working on web browser security policies and frameworks (Strict-Transport-Security was part of that work) as well as broader internet-governance things like working with ICANN, advocating through multiple forums for DNSSEC deployment, etc.
I recently decided that I needed to focus more and despite loving the SDL work I was doing, my overall plans and interests align even more with the internet standards and governance work than they do with SDL work.
So, as of this April I'm now heading up a team responsible for internet standards (mostly security) and internet governance. We'll be focusing a lot on the same types of things above, along with some other things. When asked what my job is I say - "I'm trying to make the internet safer."
As I wrote the other day - I wouldn't have taken on this new role if I weren't at heart either an optimist, hopelessly naive, or crazy. Only time will tell.
I'll be doing most of my posting either here on this blog, or on the one for our broader team over at http://www.thesecuritypractice.com.