Yin meets yang
Blog Authors: Valerie Skinner 060000VKGS is part of the IBM developerWorks team, getting to know the real developers who make up the My developerWorks community and exploring the world of social networking. I'm enjoying learning what makes developers tick! I'm very interested in exploring online communities and social media and understanding real world application - how they can help people solve problems and work together.
This week, get to know Paul Ionescu, who's working on making applications more secure every day. Learn more about Paul in the interview below and find him at:
Paul Ionescu's profile on My developerWorks - add him to your network
Blog: Rational Security Stories
Tell me about yourself and what you're currently working on...
I have been working in the Rational Security Practice for 3 years now, coming from Watchfire in 2007 together with the AppScan security products.
In my primary role I help IBM customers resolve security issues and improve their development processes but I am also responsible for enabling our practitioners in the application security space, create training material, participate in the management of our internal community site and in general take part in any activity that can make IBMers and IBM customers successful with our products.
Part of my mission is to influence our product direction based on our customers' needs so I work a lot with our product development teams and our security research team. I have participated in several research projects and have created several product tools and integrations that help us in our day to day work.
For example last year I have created an AppScan extension called Login Expert which was intended to make the configuration of our product an easier process. You can read more about the extension here.
The extension achieved its goal and as a result was integrated with AppScan in the 7.9 release.
What first attracted you to working in Information Technology?
Well it might be a bit cheesy but I was fascinated by the fact that you can inspire thought process into a machine. Even today nothing makes me happier than the opportunity to write a computer program.
Are there any reasons the topic of security is especially interesting to you?
Security is a very exciting field. There's a lot of intelligence that goes into hacks, there's always something happening, there's always new challenges, hackers are getting smarter. Knowing that, imagine that working with an automated tool that is intended to act like a hacker is even more interesting.
What's the biggest misconception about security?
There are many misconceptions and is hard to say which is the biggest one but one that comes to mind is that the network layer is the main target of attackers and that as long as you are protecting that layer well, you are secure: we are behind a firewall, nothing can touch us...Well guess what? That firewall has to be opened on ports 80/443 so you can have an internet presence. The web site is in fact the main target of hackers nowadays, not the network.
What are the biggest security challenges related to software development?
The adoption of security practices is the biggest challenge. Without a proper process and management buy-in security bugs will continue to come in. There's always communication challenges & animosity between security auditors and developers, the security team cannot scale becomes a bottleneck often delaying the release of the product. Development organizations need to adopt secure coding practices and security testing tools allowing less security issues to reach the security team, thus improving the release process and the overall security posture of the organization.
How do you use developerWorks?
I use it as an avenue to express my thoughts in the application security space but also to see what other people have to say in many other different domains of application development.
Do you use social networking related to your work?
I use our internal Lotus Connections website heavily but also use LinkedIn and Facebook to keep in touch with work contacts.
What are some of your favorite websites/feeds/twitter accounts to follow?
One of the blogs that I read more often is the IBM Rational Application Security Insider.
What other passions or interests do you enjoy in your off hours?
I play classical guitar. Look me up on YouTube :)
- Thanks Paul!
This week get to know Darrel Rader and learn about the new Rational Community of Practice group he's pioneering on My developerWorks.
Describe a "normal" day for you...
In the 18 years that I've been with Rational, I don't think I've had a "normal" day. That's one of the things that I love about my job ... the variety of opportunities to learn and work with great people. Lately, one of my focus areas has been to find ways to better connect with our clients by establishing these sponsored communities of practice on My developerWorks. Since social networking in a business environment is not well understood, I spend a lot of my time helping people see the value of this new paradigm of learning ... using social and informal learning to leverage expertise without the geographic and time constraints.
How did you come up with the idea to start the new Rational Application Security Community of Practice group on My developerWorks?
We've been looking for ways to connect with our clients in communities for the last 5 or 6 years. Rational and IBM have been using communities of practice as a foundational component of our own internal learning practices. In the last 2 years, social networking technology (like Lotus Connections) has allowed us to build smarter communities that use technology and best practices to break down some of the collaboration challenges.
Can you tell me more about your vision and your plans for the Rational Application Security Community of Practice?
Our vision is to establish an environment where people interested in a specific domain can come together to establish and cultivate learning relationships ... that allow them to learn from each other. This applies to both experts that thrive from connecting with other experts ... and people that are looking to learn from the experts. In a way, it would be like having a user conference like Innovate 2010 all year long.
How are you using social networking today?
I use social networking to stay connected with people that I want and need to connect with ... whether that's for my personal relationships or for my business relationships. I'm really excited about how online groups, blogs, shared bookmarks, feeds, tags, etc allow people to connect with people and build learning relationships in ways that were extremely difficult 5 years ago.
What's your biggest inspiration lately?
Great question. I've read some great books lately that inspire me ... like Crowdsourcing by Jeff Howe and Drive by Daniel Pink. The latest inspiration that I had was while attending Innovate ... Dean Kamen's keynote on how our technical community can make a real difference in the world. He is founder for FIRST ( For Inspiration and Recognition of Science and Technology).
- Thanks Darrel!