Tuesday, April 06, 2010

New Role - Internet Standards and Governance

Not that I expect everyone to watch my job title changes, but I recently made one and figured I'd go ahead and blog about what I'm working on these days.

For the past 2+ years I've been running the Secure Development Program at PayPal. This involves rolling out secure development methodology, tools, training, etc. I've also been doing a fair bit of internal product management for application security features. This was needless to say more than a fulltime job.

In my spare time (yeah right) I've been doing some work on internet governance. Things like working on web browser security policies and frameworks (Strict-Transport-Security was part of that work) as well as broader internet-governance things like working with ICANN, advocating through multiple forums for DNSSEC deployment, etc.

I recently decided that I needed to focus more and despite loving the SDL work I was doing, my overall plans and interests align even more with the internet standards and governance work than they do with SDL work.

So, as of this April I'm now heading up a team responsible for internet standards (mostly security) and internet governance. We'll be focusing a lot on the same types of things above, along with some other things. When asked what my job is I say - "I'm trying to make the internet safer."

As I wrote the other day - I wouldn't have taken on this new role if I weren't at heart either an optimist, hopelessly naive, or crazy. Only time will tell.

I'll be doing most of my posting either here on this blog, or on the one for our broader team over at http://www.thesecuritypractice.com.

Friday, April 02, 2010

More on - freedom to tinker

Ben Adida has an interesting blog post up about freedom to tinker and the iPad. I wrote a comment there in response that I'll post here in case I want to update it further.

Ben laments some of the lack of tinkering/hacking capability in the iPad. I said:

Cars are an interesting comparison technology. It used to be that *everyone* had to be a car tinkerer because they just didn't run right and keep running by themselves. You learned how to do maintenance, how to tweak, adjust, etc. And then we put in catalytic converters and to make sure you guaranteed emissions we stopped you from mucking around with timing, etc. We got rid of carburetors and replaced them with fuel injectors. We got rid of timing belts and camshafts and went to electronic valves. We removed a lot of the tinkerable parts. We killed a lot of the innovation in that space. We also reduced auto pollution a ton and made cars safer.

Was it a good tradeoff? Are there fewer auto mechanics than there used to be because of this? Have we lost something fundamental to our culture and society?

I don't know the answer.