My name is David Holmes. I’ve been a software engineer at F5 since 2001. I specialize in network and software security, specifically with SSL and authentication systems. I’ve been doing software security for 14 years.
In addition to writing security features and generally keeping our QA department busy (joke), I also coordinate Seattle’s “Security-Review” group.
We are a cross-team matrix of security professionals from development, engineering services and IT. Our membership is about a dozen in Seattle and we’re encouraging a similar model in other F5 regional offices where there’s a critical mass of security people.
From time to time, we also
Present research to each other
Have guest speakers
Present to the company at large
One service that we have been performing since the inception of the group is that of the Threat Model Assessment. Our style of TMAs are pretty light-weight, typically less than an hour and we don’t do mitigations. We’ve done, for this year, over three dozens threat model assessments for various features, products and web-services.
More about Me
When I’m not at F5 I’m usually doing something on behalf of the Snoqualmie United Methodist Church. I am a youth leader and we have a very active youth group with kids from all over the Snoqualmie Valley. Occasionally I blog about your doings here: http://snoqualmieumcyouth.blogspot.com.
In the summer, my favorite thing to do is to hike to alpine lakes and fish them from little boats. I write about that here, on a long-lived blog that has a surprising (to me) number of visitors. http://www.flyfishsnoqualmie.com
Blog, blog, blog
THIS particular blog will be a place where I can repost stuff we talk about at Security-Review. Feel free to mail me any questions you might have about computer and network security and there's a chance you'll get an answer.