Wednesday Aug 06, 2008

2008 SIA Award: Sun Systemic Security

I was a little hesitant to write about this as I did not want it to come across as self-promotion, but in the end I felt that it was important for me to say something on behalf of my team. In July 2008, my team and I were awarded with one of the highest honors that Sun can bestow on its technical professionals - the Sun Innovation Award (formerly known as the Chairman's Award for Innovation) for our contributions to the Sun Systemic Security framework. Collectively, these achievements enabled Sun to improve its products to better comply with our customers' security policies and requirements, develop new architectures and best practices that solve key customer security challenges, and position Sun as an architectural and security thought leader across industry and government.

For those unfamiliar with this award, here is a brief summary:

Sun's Innovation Award recognizes those individuals and teams who have made a significant contribution to Sun through innovation. Innovation is a starting point for the Sun Strategy and is key to helping differentiate Sun and attract communities to Sun. Product, process, and project innovations have increased Sun's ability to grow, make money, build our communities, enlist champions, and accelerate our business. The purpose is to reinforce and recognize exceptional performance related to a key pillar of Sun's strategy and one of our key values: Innovation.
The award ceremony was on July 16, 2008 at the Sun Leadership Conferece held in San Jose, CA. The award was presented to the team by both Greg Papadopolous and Jonathan Schwartz.

Pictured (left to right): Greg Papadopoulos, Rafat Alvi, Bart Blanquart, Glenn Brunette, Joel Weise, and Jonathan Schwartz

I would like to publicly congratulate my team on winning this award and thank them for all of their hard work, focus, and dedication. Through all of the ups and downs, you never failed to deliver innovative and highly impactful work that has helped customers and partners around the world and teams across this fine company. I could not be more proud of you all. This is a team award and it belongs to each and every one of you, and while we have been able to accomplish quite a lot, I have no doubt there are greater things yet to come. Thank you! Now get back to work! :-)

On behalf of the team, I think that it is important to thank both Jim Baty and Hal Stern for their coaching, leadership, and unwavering support over the years. They have helped to build and sustain an environment where we all can be challenged, where innovation can flourish, and where we can make a difference for Sun and our customers. You have both been invaluable to our success - thank you!

Saturday Nov 04, 2006

New Presentations: Sun Systemic Security

Way back in February, I made a posting about Sun Systemic Security. Since it has been a while since that posting, and since I had developed some fresh material for our Customer Engineering Conference, I wanted to do a follow up so that I could share this new material with you.

I have posted two new presentations on the topic of Sun Systemic Security. The first is a general overview that is intended for use in executive settings or to provide a very high level introduction to the material. The second presentation is a deeper dive into architectural security patterns. This second talk was the basis for my presentation at CEC and provides a more in-depth treatment of various security patterns and how they can be instantiated with Sun products and solutions.

What I like about the second presentation is that it demonstrates, in I believe a very compelling way, the security value proposition for Sun by illustrating how Sun can help support customer security and assurance goals at every level of the stack and how using a pattern-based approach, a reinforcing architecture can be constructed (or an existing one adapted) to better embody a variety of security principles such as self-preservation, compartmentalization, least privilege, defense in depth and others.

The Sun Systemic Security program is always growing and evolving and so we are always looking for feedback from our customers and partners. Be sure to let us know what you think!

Take care,


Technorati Tag:

Saturday Feb 11, 2006

Sun Systemic Security

In advance of the RSA Security Conference, I wanted to give everyone a heads-up regarding the updated Sun BluePrint article and presentation just posted on the Sun Systemic Security Program. Some may remember that I have talked about systemically secure architectures previously. This new content is more comprehensive and includes more specifics about the overall program and several architectural design building blocks and patterns.

You can find even more information on Sun Systemic Security at Sun's Security Homepage.

If you are going to be at the RSA conference, be sure to stop by the Sun booth and look me up!

Take care!


Technorati Tag:

Wednesday Apr 06, 2005

Systemically Secure Architectures

On Monday - 04/04/2005, I presented at the EDUCAUSE 2005 Security Professional Conference. The goal of this event was to bring together IT security officers and practitioners from across the higher education landscape. My talk was titled Systemically Secure Architectures: Lessons from the Trenches. The talk approached the subject of secure architecture design using a building block metaphor with a focus on automation, optimization and continuous improvement.

This talk did touch briefly on policy, process and people issues, however its primary focus was on technology standardization, automation and optimization to promote greater levels of security, strategic flexibility and of course RAS. Using a building block approach, this talk featured a vision for constructing secure IT architectures using a variety of techniques including defense in depth, compartmentalization, least privilege, and others while still providing the flexibility that is demanded in a university environment. To provide a more concrete example of how to apply the concepts, a strategy was put forth showing how to integrate a variety of Sun technologies and services to achieve these goals.

The Sun technologies that were dicussed included Solaris 10, Secure Application Switch, the Identity Management product set, the Portal Server, Sun Ray thin-clients, as well as methodologies such as Sun's Service Delivery Network (SDN) architecture. It should be noted however that nothing in this talk forces an organization to be homogeneous. In fact, the elegance of this approach is founded in its ability to adapt to heterogenous environments as well as those with different security, risk or assurance needs. In fact, this foundation of this approach could be applied (with some modification) to other verticals such as financial services, government, health care, and others.

This presentation concluded with a vision illustrating how these different technologies and services could be successfully integrated resulting in an architecture that is very strong, agile and resilient to attack. If you would like more information on this approach or any of Sun's other secure technologies or services, please let me know.

Take care!

Technorati Tag:


This area of cyberspace is dedicated the goal of raising cybersecurity awareness. This blog will discuss cybersecurity risks, trends, news and best practices with a focus on improving mission assurance.


« June 2016