What is your role within SGCI and what do you do?
As part of the Incubator service area, my primary role within SGCI is to provide cybersecurity guidance and advice to science gateways that SGCI engages with. That role has recently expanded to also provide cybersecurity operational assistance to SGCI itself.
How did you come to be a part of SGCI, and why were you intrigued by the opportunity?
I am a strong believer in the scientific process and recognize the important role that gateways play improving access to scientific data and services. My first interest came about through learning how a colleague of mine was involved in SGCI. “What is a science gateway?” was my first question. I quickly discovered that the answer to this question can be as varied as asking someone for their favorite food. Although most gateways share a commonality of being a service provided over the internet, I found a substantial variance in their setups. With the variance brings new challenges with every gateway and that keeps the job interesting. Working with the SGCI group also allows me to work with a more broadly focused group to help provide perspective on cybersecurity’s role and limitations within an organization.
What is the most challenging part of your work for SGCI?
As usually seems to be the case, time and resources are always a challenge. There is usually a limited amount of time on both sides of the table. Given enough time and resources, we could mitigate nearly all the security risks to a project, however, given the constraint of time and resources we must focus the efforts on the critical and unique risks facing a gateway.
How else are you involved in the technology or gateway community?
My position at CACR provides me with the opportunity to participate in a number of other academic and research projects involving cybersecurity. Highlights include the Trusted CI project (https://trustedci.org/). Trusted CI is the NSF Cybersecurity Center of Excellence and works mostly with NSF funded projects to improve their cybersecurity. Another project I’m involved with is the Software Assurance Marketplace (SWAMP) (https://www.continuousassurance.org/), which is a DHS funded project to develop an open and freely available system for performing software analysis in order to help find weaknesses in code that may turn out to be vulnerabilities. Twice a year I organize a multi-day cybersecurity camp for students to expose them to the security risks involved in information technology and ways to protect themselves.
What do you most like to do in your free time?
Mostly spending time with my wife, two kids and being involved in their activities. I’m also into music, reading, bicycling, construction projects, circuit electronics and playing way too much Legend of Zelda Breath of the Wild. Perhaps the most interesting thing for others to read about is that since 2009 I’ve run a widely recognized Twitter account in the tech geek community. Called Command Line Magic, @climagic, (https://twitter.com/climagic), it’s mostly focused on inspiring people to use and learn more about using the command line interface under Linux, Mac and other Unix based like operating systems. It also provides a lot of humor, inspiration, and insight into technology in general. The account is one of the largest in terms of followers with over 162,000 followers and on average makes around three million impressions a month. The content for the account often is drawn from the commands I use in my job and life, but with the specific details generalized for privacy reasons.
If you were a superhero, what superpower would you have?
Well, I’m not supposed to tell anybody about it. ;)
Let’s turn the question around to what power I would want. I always thought it would be neat to have the ability to repeat a day many times such as in the movie Groundhog Day, getting the opportunity to explore the various aspects of life to their fullest. Of course, the lesson there is, just do that with your life anyway.