About Us er…. Well Me, since it’s Just Me

TL;DR This has nothiwwcng to do with woodworking…it’s all about me!

I love old Science Fiction movies.  One of my favorites is “When Worlds Collide“.  It’s a pretty dire parable of how we react as a species when confronted with total annihilation. Of course it’s a 1950’s era movie so it has that Cold War influence that affected many movies of that period. It’s also Hollywood so there has to be some romance.  In the end, and I hope I’m not spoiling it for anyone, we find a new world and seemingly live happily ever after.

As someone who recently switched jobs I find it fascinating to compare my previous views regarding my identity with my evolving post-hire world; sort of my own version of “When Worlds Collide”.  I wanted to make this post and share my personal experience as I am exposed to this new world that has opened to me.  More specifically how my view of “Identity” is evolving and how my previous experience, both personally and professionally, was somewhat insulated.

In my case I had worked for the same IT software company for over 18 years!  I know that’s a pretty crazy idea in the software business but in my case it’s true. You might imagine how myopic one can become when exposed to a limited number of viewpoints.  In that time the Kool-Aid flavor may change slightly but overall your viewpoint tends to evolve more slowly than it might otherwise.  Most certainly and at least in my case it is shaped by the environment you live in.  This only became apparent to me during the time I was investigating places where I would like to work; Perhaps more correctly areas of technology that I found interesting and compelling enough to change jobs.

While at my previous employer I was focused on solving Identity, Access, Security and Governance issues within the U.S. Federal government.  As you might imagine the Federal government has many regulations, policies, mandates, directives, compliance requirements, ad nauseam that it needs to adhere to.  Recent security breaches in the Federal government such as the OPM breach, have only heightened the level of sensitivity and awareness of the need for better controls around Identity, Access, Security and Governance.

FBI Director James Comey testifying before congress with regard to the recent OPM breach stated:comey

“I’m sure the adversary has my SF-86 now,” Mr. Comey said. “My SF-86 lists every place I’ve ever lived since I was 18, every foreign travel I’ve ever taken, all of my family, their addresses. So it’s not just my identity that’s affected. I’ve got siblings. I’ve got five kids. All of that is in there.”

This poignantly illustrates how securing identities is not only affecting Federal agencies but it extends to the private sector and more intimately, the individual.  You can certainly look at Presidential Policy Directive 21 alone as an indication of how both private and public sectors are inter-dependent and critically important to the security of our nation.

“This directive establishes national policy on critical infrastructure security and resilience. This endeavor is a shared responsibility among the Federal, state, local, tribal, and territorial (SLTT) entities, and public and private owners and operators of critical infrastructure (herein referred to as “critical infrastructure owners and operators”).”

Tom Kemp, Centrify’s CEO, talks in his blog post “Identity is the New Perimeter” from June 4th, 2015 about how our “Identity” is ultimately where we really start to define identity as the security perimeter and how the recent security breaches were mostly a result of compromised identities.  When reading this I reflected on my two daughters who are now 19 and 21 and their experiences with their own “identities”.  What is their “identity”?  More and more their “identity” is defined by who they are within social media.  They grew up in the generation where identity or personality is expressed and perceived more often online than face to face; Facebook, Twitter, Instagram etc. This has presented many challenges for my daughters and for me as their father, with regard to guarding their online reputation.  They’ve often shared with me examples of how their social identities were compromised which affected how people perceived and treated them. Often a very painful process.  As a result, we took steps to better control their digital identities and social presence by reducing the footprint and minimizing the points of entry.  Tom refers to this in his article when he talks about how ensuring you are who you say you are when accessing resources.

“In other words, users’ identity is what the bad guys are after, and stolen digital identities are the means by which the vast majority of data breaches occur.”

With my daughters’ situation it would be eminently helpful if there had been a way to ensure it was really they who made that unfavorable post or comment and not someone who had compromised their identity.  In the case of the recent OPM breach the root cause is believed to have been a compromised identity.  I am sure all of the people affected (over 20M as of last count) would agree that a better manner of securing their identities would have been a prudent measure… to put it mildly.


First sunrise on the new planet, from the movie “When Worlds Collide”wwcsunrise

With our personal and professional worlds colliding it is blurring the lines that separate them.  Perhaps less dramatic than in “When Worlds Collide” but nevertheless quite significant in its impact to our lives.  As we attempt to allow for more freedom when navigating between our corporate resources and our personal resources our identities become intertwined and ultimately the most important asset to secure and manage is the “ME” or “YOU” in your case…