http://www.fastcompany.com/3016156/the-code-war/data-triage-for-the-boston-bombing-how-beth-israel-deaconess-protected-patient- By Neal Ungerleider Fast Company August 21, 2013 When bombs went off at the Boston Marathon on April 15, Beth Israel Deaconess Medical Center (BIDMC) CIO John Halamka found himself dealing with the kind of the emergency few drills could ever prepare you for. As bombing victims were brought into his downtown hospital and the city went into lockdown, Halamka and his team began to parse a nightmare situation. Then it got worse. Suspect Dzhokhar Tsarnaev was bought to Beth Israel… and Halamka, a prominent figure in the bioinformatics world, had to deal with a very unique challenge: How to make sure the Boston bombers’ medical records were not stolen by journalists, leaked by hospital employees looking for a payday, or made catch of the day by hackers or foreign intelligence services. (Some of these records, it’s worth noting, have recently been released by court order.) Halamka came to his position at BIDMC with a unique resume. A practicing emergency room physician, he previously worked as a research assistant to Edward Teller and Milton Friedman. Outside of medicine, Halamka founded a software development firm and is a professor at Harvard Medical School. These days, he maintains the popular Geek Doctor blog and lives on an alpaca-breeding farm in rural Massachusetts. BIDMC explained their tech challenges following the marathon bombing at the United Summit in Boston, an annual security event sponsored by Metasploit creators Rapid7. It was a unique situation for everyone at the hospital, and IT workers had to jump into crisis mode much like the surgeons and nurses. After all, what happens to the hospital if their computers crash? After his presentation, Halamka explained to Fast Company how nobody accounted for the possibility that BIDMC’s engineers could be detained in the hospital’s off-site data center as Boston entered lockdown. […]
http://www.wired.com/dangerroom/2012/12/dia-devices/ By Spencer Ackerman Danger Room Wired.com 12.13.12 The Pentagon wants to upgrade its spy corps. And one of its first jobs will be finding out what’s on your iPhone. If the Defense Intelligence Agency (DIA) gets its way, it’ll send an expanded cadre of spies around the world to scope out threats to the U.S. military. And it won’t just be a larger spy team, it’ll be a geekier one. The DIA wants “technical exploitation” tools that can efficiently access the data of people the military believes to be dangerous once their spies collect it. That’s according to a request for information the DIA sent to industry on Wednesday. The agency wants better gear for “triage and automation, advanced technical exploitation of digital media, advanced areas of mobile forensics, software reverse engineering, and hardware exploitation, reverse engineering, and mobile applications development & engineering.” If the DIA runs across digitized information, in other words, it wants to make rapid use of it. One of the emphasized cases here is “captured/seized media.” Think, for instance, of all the flash drives, hard drives and CDs that Navy SEALs seized during the raid that killed Osama bin Laden. Flynn wants to understand both the text they’d contain, through “automation support to enable rapid triage,” and their subtexts or metadata, using “steganography” tools to decipher coded messages and “deep analysis of malicious code/executables.” And that’s on top of “deep hardware exploitation of complex media with storage capacity” and reverse-engineering tools “to discover firmware artifacts.” […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org
Security Engineers often do not have the time to perform the in depth study of a system in order to determine if malware, Trojans and bot software has been installed on a PC. Given the limited amount of time we all have, we must find creative ways to determine if a breach of security on our systems have occurred. I suggest that one way to quickly determine if a system is actively compromised is through the use of the procmon.exe package included in Sysinternals.
Many corporations in the world are now mandated by PCI to perform at least quarterly scans against their PCI in-scope computing systems. The main goal of this activity is to ensure vulnerabilities in systems are identified and fixed on a regular basis. I myself think this is one of the more important provisions of PCI and one that I believe is tantamount to maintaining a secure environment.
What most corporations initially do is start by using simple scanning tools such as nessus, Gfi languard, ISS scanner etc and perform on-demand scans. While this is all well and good and provides an immediate snapshot of a particular point in time. There are several major flaws that must be addressed through richer tools.
First, it is great to get vulnerability and patch data, however providing a systems engineer or administrator with only one single report with many if not hundreds of things to fix this method becomes quickly unreasonable for them to track and respond to. We often forget that this systems engineer is often tasked with many other duties they must prioritize including new installs, troubleshooting, bug patching, administration, configuration etc that demands most of their time. These activities are often far more time sensitive in their eyes as projects etc have people bugging them regularly for completion. It is also important to note that the business is pushing them for ever greater functionality/features.
Given this fact, a simple scan report is just not viable for them to prioritize and track against existing workload. this has givrn rise to vulnerability management a.k.a. the process of managing vulnerabilities to remediation through the use of ticketing/reporting to management.
Secondly, another important flaw that exists with just simple scanning is the lack of overall metrics with regard to measuring risk. Measuring risk is hard is hard to do in security, but if you have an automated scanning process that is scheduled on a regularly occuring basis (i.e. more than once every 3 months) your vulnerability data over that time can be measured as systems become either more exposed or less exposed as they are patched or new vulnerabilities are found. This is one way you can effectively measure the effectiveness of your patch management and your security program.
Thirdly, this ensures your company clearly see’s that security is a process and not just a one time effort. This distinction is important because you as a security practitioner will need data to prove you need a consistent and ongoing supply of money to maintain security. Security is continuous and ever changing, stagnation is a guarentee of breach.
Moral of this story… manage security, don’t just triage it and forget it.
Great tools for managing vulnerabilities are:
-McAfee Vulnerability Manager
Lawrence Pingree – CISSP
View my video resume by clicking here.
Lawrence , has many years of experience within organizations of varying sizes with an extensive background in engineering, technical architecture, networking, security policies, procedures, systems analysis and auditing. Throughout his career, Lawrence has engaged in extensive consulting efforts for organizations of all sizes, he and is an active member of multiple non-profit organizations. Lawrence was a founding board member of the Digital Forensics Association where he served as Vice President and he is currently working as a Research Director and Market Analyst at Gartner, Inc. At Gartner, Lawrence continues to engage daily as a strategic advisor for literally hundreds of organizations worldwide and enjoys helping individuals become more successful with their businesses.
• Served as Vice President of the Digital Forensics Association
• Member of the Silicon Valley chapter of the ISSA (Information Systems Security Association).
• Member of the Open Web Application Security Project (OWASP)
• Served as Vice President of the Springtown Association Board of Directors
Book: “The Manager’s Guide to Becoming Great” by iUniverse Publishing – Author
Book: “CCSA Study Guide” by Syngress Media/McGraw Hill – Author and Technical Editor
White Paper: Analysis of VRRP v2 Issues and Solutions
Blog: LawrencePingree.com “Pingree on Security”
Vendor Negotiations, Contract Negotiations, Budget Management, Program Management, Goal development, Technology Roadmap Planning and Business Strategy.
CISSP CCSA CCSE
CCSI NSA ICE
NSS NCSA NCSP
CISA – Pending
BGP OSPF IGRP EIGRP
RIP v1 & v2, and PIM 802.11 PKI
RADIUS AAA IKE 802.1x
GLBA Sarbanes Oxley (SOX) Common Criteria
SB1386 COBIT ISO 17799 ISO 27001 FISMA
Research Vice President – Security Technologies at Gartner, Inc.
Jan 2017 – Present
Lawrence Pingree’s responsibilities include providing critical insights to both end users and technology providers. He closely tracks the information security markets, technologies, technology and adoption trends, and competitive market dynamics. His inquiry and research goals focus on providing Gartner clients with in-depth technical and strategic analysis and research deliverables pertaining to the latest security market technologies, trends, technology alignments and competitive security market dynamics. Mr. Pingree regularly reviews security technologies, technology provider businesses and their go-to market strategies and focuses on helping clients plan, choose and evolve as market dynamics shift and change. For technology providers, his analysis includes a close examination of market messaging, go-to-market strategies for both current and future road-mapped product or service offerings, end-user buying behaviors, provider technology development plans, and various other business attributes to identify the key competitive differentiation and competitive strategies. For end users, he is focused on identifying best-practice technologies to address strategic customer risk management requirements and to provide insights into the best strategies and technologies clients must employ to successfully combat advancing threats and their threat and risk management goals. Sampling of Market Coverage: – Advanced Threat Detection and Defense Strategies – Emerging Security Technologies and Markets – Network and Cloud Malware Sandboxes – Malware Analysis Tools – Network Traffic Analysis – Network Forensics – Network Firewalls – Threat Intelligence Platforms – Threat intelligence Services and Feeds
Research Director – Security Technologies at Gartner, Inc.
Nov 2010 – Present
(Research Available here)
Responsibilities include the coverage of information security technologies and markets, security program execution, advanced threats, network-based security technologies, mobile device security and cloud-related security issues. The emphasis of his research is on providing insights to the security vendor community. His inquiry and research goals are to provide technology providers with critical insights on the latest security market trends, technology alignments and potential partnerships and to aid technology providers competing in the security markets. He achieves these goals for technology and service providers by reviewing their businesses. This includes examination of their marketing efforts, go-to-market strategy, currently employed technologies, technology development plans and various other business attributes to identify the key competitive differentiation and competitive strategies that providers should use to navigate the market. On inquiry with end users, Mr. Pingree is focused on identifying the best opportunities and technologies to address strategic customer requirements and providing insights into the strategies they may need to employ in order to successfully combat the advancing threat landscape by leveraging security technologies.
Sr. Security Engineer at Williams-Sonoma, Inc.
June 2009 – August 30th 2010
• Responsible for the review of security alerts originating from our MSSP security monitoring service including triage, investigation and root cause analysis
• Instrumental in coordinating compliance remediation efforts effectively raising our systems configuration compliance levels from approximately 40% compliant to over 98% compliance in just 6 months for over 200 systems.
• Participated in the prioritization and planning for our $1.6 million capital expense budget aligning it to both business and information security program goals.
• Responsible for Corporate Security Policy development
• Developed Security Operations procedures to maintain regulatory compliance in accordance with prescriptive PCI controls
• Assisted in the internal review of corporate information security policies in cooperation with key systems administration departments in alignment with PCI, SOX and future regulatory frameworks utilizing CIS as a guideline for their provisions
• Participated extensively with external PCI and SOX audits by developing audit evidence and coordinating with internal compliance teams
• Actively Participated in corporate PCI Compliance initiatives and assessment
• Responsible for managing the corporate Tripwire Enterprise file integrity management product
• Responsible for RSA Envision SIEM monitoring and configuration aligned to internal PCI and SOX controls
• Evaluated the selection of Managed Security Services for key IT security systems
• Responsible for corporate Cryptographic tools (Safenet Appliances) and key management processes/procedures.
• Acted as Sr. Security Engineer, Security Analyst and Security Architect for IT projects
• Managed extensive PCI remediation efforts across IT
• Deployed corporate Intrusion Prevention systems for all corporate and ecommerce DMZ environments.
• Evaluated data loss prevention technology for future deployment and budget needs
• Responsible for review/monitoring of corporate Symantec (SEP11) virus/malware remediation efforts
Vice President at Digital Forensics Association (DFA)
July 2007 – Present
- Responsible for the development of internal policies and procedures for chapter startup
- Responsible for Member Services
- Responsible for Member Recruitment
- Member Collateral & Promotion
- Advertising and Evangelizing the Organization
Chief Information Officer (CIO) at BuddyFetch, Inc.
August 2007 – July 2009
- Currently serving in an advisory capacity while the company looks for funding sources.
- Provides strategic and tactical planning, development, evaluation, and
- coordination of the information and technology systems for the network.
- Facilitates communication between staff, management, vendors, and other technology resources within the organization.
- Oversees the back office computer operations of the affiliate management information system, including local area networks and wide-area networks.
- Responsible for the management of multiple information and communications systems and projects, including voice, data, imaging, and office automation.
- Designs, implements, and evaluates the systems that support end users in the productive use of computer hardware and software.
- Develops and implements user-training programs.
- Oversees and evaluates system security and back up procedures.
Sr. Security Engineer at McAfee, Inc.
October 2007 – April 2009
- Responsible for McAfee Competitive Analysis for Enterprise Products
- Act as liaison to Internal and External Sales staff
- Responsible for Evangelizing Enterprise Security Products & Services
Sr. Security Architect at Safeway, Inc.
August 2004 – October 2007
- Served as Security Evangelist for Safeway Information Security program
- Managed over $1 Million in budget for Application Security Program, Information Security Lab and Forensics/Investigations
- Managed complete eDiscovery Process for IT and Legal
- Responsible for over 52 Safeway Information Security policies for the Overall Safeway Security Program
- Responsible for risk assessment and remediation recommendations of all IT applications assessed by risk assessment process
- Responsible for SOX Compliance Audit and Assessment
- Liaison to the Business to promote security within Safeway
- Responsible for Training Classes for IT to ensure Information Security Standards are communicated and adopted
- Responsible for developing Safeway’s Vulnerability Assessment Program
- Responsible for Safeway’s Intellectual Property Monitoring Program
- Safeway Forensics & Investigations team lead
- Responsible for assessing application security and compliance
Chief Security Architect at Netscreen Technologies
2003 – 2004
- Managed over $600,000+ budget for the Information Security Program
- Responsible for Information Security Program
- Responsible for Creation of Information security policies
- Responsible for Security assessment and audit of IT Projects
- Responsible for the Security Awareness training program
- Responsible for New Hire Training
- Completed the rollout of a SSL VPN Solution
- Successfully deployed TWO-Factor authentication system.
- Successfully deployed corporate wide intrusion detection and prevention devices
- Successfully deployed vulnerability assessment software
- Responsible for the creation and implementation of the IT Change Management plan, schedule.
- Participated extensively in the review of the companies Sarbanes/Oxley audit.
- Reduced overall corporate systems patch level non-compliance from 70% to 10%
- Implemented processes to provide investigatory services to other departments.
- General Network troubleshooting and support across global architecture.
Chief Network Security Architect at PeopleSoft, Inc.
October 2001 – June 2003
- Lead for PeopleSoft Network Infrastructure Security Group.
- Provided enterprise networking experience to troubleshoot network and security related events.
- Designed implemented and maintain the PeopleSoft worldwide firewall security and Network
- Provided design and support for customer and internal IT related security solutions.
- Provided top-level support in the creation of company-wide security policies and procedures.
- Developed Unix Security standards
- Participated in the forensics, tracking and assessment of threats to PeopleSoft’s global network.
- Provided security auditing services
- Multiple Installations of Cisco PIX firewall for internal access controls.
- PIX VPN integration with Checkpoint firewall-1
- Responsible for Perimeter access controls
- SecureID strong authentication controls with Cisco routers and layer 3 switches.
Sr. Security Consultant at Siegeworks, Inc
January 2001 – October 2001
- Responsible for Training Room Setup and maintenance at the main corporate campus
- Customer Firewall Deployment
- Provided essential Pre and Post sales customer support for security products
- Network Vulnerability Assessments
- Physical security evaluations
- Taught certification courses in Check Point Firewall-1 and the Nokia Security Administrator for many large scale customers
Sr. Network/Security Engineer at Avantgo, Inc
June 2000 – January 2001
- Designed and supported the Avantgo corporate Network infrastructure on Cisco 7206 and 2621 routers
- Wide Area Network planning and support of DS3 Circuits for national infrastructure.
- Installation of corporate security infrastructure using Check Point Firewall-1(Nokia Ipsolon platform).
- Management, configuration, installation and maintenance of National and International Virtual Private Network.
- Responsible for the management and monitoring of the Avantgo National Intrusion Detection deployment.
- Created project management plans for national Intrusion detection deployment.
Sr Security Engineer at Nokia, Inc
May 1999 – June 2000
- Supported Value added resellers and end customers of the Checkpoint firewall-1 Nokia Security Appliance.
- Supporting all Network components of the Nokia product family, which included supporting OSPF,
- RIPv1, RIPv2, DVMRP, T-1 Serial Lines, Frame-Relay, CSU/DSU, Fast Ethernet and other complex environments.
- Installed 150+ Check Point firewalls across the country on Solaris, NT, and Nokia Platforms.
- Team lead for USinternetworking upgrade project. The project consisted of coordinating and assisting the upgrade of approximately 120 firewalls nationwide.
- Trained Customer Support engineers for the Nokia UK and Singapore Support centers
- This included interviewing potential candidates for each site and helping the launch of each support center.
- Developed in-house documentation and lab testing for Ipsolon integration with other security products (e.g. Cisco PIX and Axent Raptor.
Sr. Security Consultant at Verisign, Inc
December 1997 – March 1999
- Responsible for Management of San Diego Office location
- Duties included, firewall installations, technical support, pre-sales, network vulnerability assessment and physical security evaluations.
- Network and Security architecture, design and implementation for customers.
- Taught certification courses in Firewall-1, Internet Security Systems ISS product and a course in advanced hacking techniques and methodology.
- Consulted for the National Security Agency, Federal Bureau Of Investigation, Department of Defense – Defense Information Systems Agency, and other related agencies and companies about hacker attack scenarios and abilities and methods.
- Certified and taught Check Point Firewall-1 to over 400 people across the country including many large banks, Government Agencies, and fortune 500 and 100 companies.
Sr. Security Consultant at Websense, Inc
November 1996 – November 1997
- Duties included design, implementation and installation of 3 different Firewall Software packages for customers
- Responsible for troubleshooting and support for existing customers.
- Consulted in the implementation of the following technologies: Checkpoint’s Firewall-1,Borderware, and Raptor.
- Responsible for the maintenance of all NetPartners# Internal Workstations, Servers, and Internet connections using Cisco 2501 routers.
- Responsible for internal NetPartners# machines including Windows 95, Windows NT Workstation and Server.
- Responsible for implementing a clear and concise backup policy for our networked machines.
- Responsible for implementing a standard WinNT Login and Drive mapping policy, and administration our Corporate SQL Server.
- Final duty included the management of our corporate computer security policy and our corporate Firewalls.
Las Positas Community College, Criminal Investigations, 2007 – 2007
Las Positas Community College, Criminal Evidence, 2006 – 2006
El Capitan 1990 – 1994
Honors and Awards
2009 – Participated in ISACA 26th Anniversary Winter Conference PCI Panel Discussion with other industry leaders
2007 – Presented at SecureWorld Expo – eDiscovery and Forensics
2007 – Presented at ISACA 25th Anniversary – Penetration testing panel
2006 – Presented at Cornerstones of Trust Conference on Emerging Firewall Technologies
Computers, Electronics, Hiking, Biking & Exploring the Wilderness
23 people have recommended Lawrence
“Lawrence is a highly technical, highly motivated individual who gets the job done. His passion for information security is second to none and his knowledge in the space is incredible. Lawrence would be a great addition to any security marketing or technical team.”
— Scott Emo at McAfee, Inc., Group Product Mkting Manager, Network Security, McAfee, worked with Lawrence
“Lawrence is an excellent professional with a breadth of knowledge of the Security Industry and its players that is second to none. While working with him at McAfee, I saw him bring a level of exposure and credibility to the company that I know would not have had been possible without him.”
— Afonso Infante worked with Lawrence at McAfee, Inc.
“I have not known Larry Pingree all that long, but from what I have seen of him, I would like to learn much more. He demonstrates great professional maturity as well as outstanding communication and people skills. I am amazed at how many information security professionals who work in Silicon Valley know and respect him.”
— Eugene Schultz when working with Lawrence at McAfee, Inc., Chief Technology Officer, Emagined Security, was with another company
“I had the greatest opportunity to work and partner with Larry Pingree at PeopleSoft. A master and intellect in information security practices, Larry was incredible in his ability to quickly analyze a situation and create solutions. In the mist of building our information security organization, Larry immediately stepped-in to plan, architect, and implement a secure network environment and developed key partnerships with critical IT and business organizations. He is an exceptional talent, professional, and a visionary leader. I would consider myself fortunate to have the opportunity to work with him again in the future.”
— Kimberly Trapani – CISO at PeopleSoft, Inc., CISO / Director Information Security, PeopleSoft, managed Lawrence
“Larry is a professional and skilled network and security engineer. He is highly motivated and driven to succeed. He keeps abreast of new technologies and is always evaluating new solutions. I wish Larry all the best in his professional career.”
— Timothy Brush Inc, Web Operations Manager, AvantGo, worked with Lawrence at Avantgo
“Lawrence is a pleasure to work with. He is always professional and comes prepared to his meetings. His competitive intelligence research has been a great asset to me and my team contributing to the success of my product. Lawrence is a keeper.”
— Harold Toomey Inc., Group Product Manager, Governance, Risk & Compliance, McAfee,, worked directly with Lawrence at McAfee, Inc.
“Larry is an asset to any team. He brings energy and a fantastic team approach to challenging situations and is ready to tackle problems. I hope to work with Larry again in the future.”
— Phil Agcaoili SecureIT), Chief Information Security Officer & Co-Founder, VeriSign (formerly, managed Lawrence indirectly at SecureIT, Inc.
“If I had to pick a single word for Larry, it would be this: Focus. Incredibly potent, laser-like focus that cuts right through “to the chase” – in the time it takes most people to realize a chase is even afoot. If that sounds like the sort of person you need (who doesn’t need him?) then you will find him to be among your most valued resources.”
— Gary Arthur Douglas II
Lawrence at PeopleSoft, Inc., Sr. Security Systems Engineer, PeopleSoft, worked directly with Lawrence at Peoplesoft
“Larry is truly an asset to any Information Security organization. His wealth of technical knowledge combined with big business know-how enables him to succeed in any diverse, high impact environment”
— Woody Hughes
Safeway, Inc., Information Security Analyst, Safeway, Inc., worked directly with Lawrence at Safeway
“PeopleSoft was moving to a complete architecture and platform change for our support systems and our customer support website. Larry worked on the project team to design security for our customer facing applications. Larry’s prior experience and understanding of how we wanted to conduct business with our customers was critical to releasing the project and new capabilities on time with minimal impact to our customer base. Larry possessed a business focus and a could relate real risks back during the process, which minimized debate as we planned, configured and communicated.”
— Sean Bingham, PeopleSoft, Inc., Director, Service Readiness, PeopleSoft, Inc., worked with Lawrence at Peoplesoft
“Larry was a highly valued security thought leader at Safeway. He is an extremly well versed computer security professional who provided superior customer service to a wide variety of internal customers.”
— Colin Anderson, Director Information Security, Safeway, managed Lawrence at Safeway, Inc.
“Larry has a great passion about what he does. He is also willing to take the time to teach anyone who will listen. If you go to Larry needing help, he will teach how to solve your problem. He would make a great manager.”
— Benjamin Woodford
Lawrence at Safeway, Inc., Information Security Analyst, Safeway Inc., worked indirectly for Lawrence
“Larry is an incredibly sharp and well rounded information security and technology professional. In working with Larry, no matter what the technology issue was at hand, he always seemed to have a very insightful and visionary perspective. I quickly learned that he is a very valuable resource and his willingness to go above and beyond to help others makes him that much more valuable.”
— James (Jim) Range
Lawrence at Safeway, Inc., Senior Consultant, PwC, was with another company when working with Lawrence
“Larry is a technologist, very personable, creative strategist who can execute and implement the solution meeting the business needs. I know him for long time from his days at Nokia when we were building Global Firewall Management Solution and partners trust model at Applied Materials. He was, always, out there to understand our technical/complex global blue print architecture and surprised us every time with the solution. He was a life saver for my team and highly respected. I am very impressed with his progress over these years and helping companies succeed and expand globally. I highly recommend him for a leadership role in the area of security requiring to bridge the gap between business, IT and spearhead security program/product.”
— Jit Singh, was Lawrence’s client
“Larry is a brilliant Security Architect who I first met while trying to sell him NetScreen security solutions while he worked at PeopleSoft. I recall very clearly how impressed I was with his depth of knowledge, penetrating questions, wit, and engaging personality. I was thrilled when not long after Larry ended up working at NetScreen! When I moved into a Business Development and Solutions Strategy position at NetScreen, Larry became one of my most reliable and effective advisors whom I routinely sought for feedback and counsel on my most important strategic initiatives and projects. I strongly endorse Larry as a top tier player in the security industry.”
— Vince Barboni,Lawrence at Netscreen Technologies, Sr. Solution Architect – Corp Dev Strategist, Juniper / NetScreen, worked with Lawrence at Netscreen
“I worked with Larry for almost 4 years at two different companies. Larry is an extremely intelligent, dedicated, and passionate IT professional. Larry cares about continuously improving the organization and himself. I would hire Larry (and have) in a heartbeat!”
— Joshua Mauk PeopleSoft, Inc., Manager, Information Security, Safeway, Inc., worked directly with Lawrence at Safeway
“Larry was a fantasic coworker–knowledgeable, dependable, and a sincere personal interest in his field of expertise and expanding it. I knew that if I asked him something, he either knew the answer or knew where to find it. Any company would benefit from having Larry on board!”
— Laura Leff, PMP, Safeway, Inc., Director, Vendor Management Office, Safeway, worked with Lawrence at Safeway
“Larry is an excellent engineer whose passion for excellence leads him to deploy the right solution with the right components in the right way. He was a pleasure to manage, both professionally and interpersonally. I look forward to working with him again sometime.”
— Sean Casey, Avantgo, Inc, Manager of Networks and Information Security, Avantgo, managed Lawrence at Avantgo
“Larry has a lot of expertise of information security. He is very dedicated to his work at Safeway. He has contributed to the improvement of enterprise security posture.”
— Lena Shey, Supervisor Sr. IT Auditor, Safeway, worked with Lawrence at Safeway, Inc.
“Larry has been the lead engineer for digital forensics and workplace investigations for our team. His customer focus and dedication have been instrumental in handling many large scale cases. He is a skilled mentor for junior members of the team, as well as an excellent educator for raising security awareness among business groups. He is one of those rare breeds–a person with strong technical knowledge and the soft skills to interface well with all levels of management.”
— Suzanne Widup, Safeway, Inc., Sr. Information Security Analyst, Safeway, worked directly with Lawrence at Safeway
“Larry is a down to earth, very detail oriented, technical person, who knows how to get the job done. He is always ready to go the extra mile to get the job done.”
— Eric Locastro, Account Rep, Netscreen, worked with Lawrence at Safeway, Inc.
“Larry is a strong security expert. Many people know him and respect him in the area. I always heard great things about Larry.”
— Norman Girard with Lawrence at Netscreen, Technical Product Manager, Qualys, was with another company when working
“Larry made an immediate impact when he joined Netscreen. Working in the Legal Department, I soon had my consciousness raised to the significance of security awareness not just for our network but also for every aspect of our information handling. Larry weaves together threads from many disciplines into one comprehensive picture. And he’s fun, too.”
— Alex Rathbone, with Lawrence at Netscreen