Bejtlich Joining General Electric as Director of Incident Response

Two years ago this month I left my corporate job to focus on being an independent consultant through TaoSecurity. Today I am pleased to announce a new professional development. Starting next month I will be joining General Electric as Director of Incident Response, based near Manassas, VA, working for GE's Chief Information Security Officer, Grady Summers at GE HQ in Fairfield, CT.

My new boss reads my blog and contacted me after reading my Security Responsibilities post five months ago. He has created the new Director position as a single corporate focal point for incident response, threat assessment, and ediscovery, working with GE's six business units and corporate HQ security staff. Grady reports to GE's Chief Technology Officer, Greg Simpson, and works closely with GE's Chief Security Officer, Brig Gen (USAF, ret) Frank Taylor. I will be building a team and I am pleased to have already met my first team member, a forensic investigator.

I am very excited about this new job. First, the scope of the challenge is enormous. GE is probably just bigger than the Air Force (my closest related employer), with 350,000 users. The company's revenues last year exceeded $160 billion and its market capitalization currently exceeds $380 billion. GE is number 6 on the 2007 Fortune 500. In brief, I don't think there's a way for me to get bored working to address GE's digital security concerns.

Second, I look forward to building and working with a team that has a defined, long-term objective. With few exceptions my consulting work has been short-duration engagements which don't allow me to develop security processes or implement products for the long term. I have been impressed by all of the security staff from GE I've met thus far, and encouraged by articles like Does GE Have the Best IT? and GE's repeated rank as the number one most admired company in America.

Third, I hope this new role will improve my family's quality of life. As an independent consultant I was constantly juggling marketing, public relations, business development, client relationships, accounting, invoicing, and other non-tech tasks while trying to deliver quality services to customers and stay current on threats, vulnerabilities, and assets. Knowing my new "customer" on a continuous basis means I can focus my energy on my corporate work and not consider every waking moment a reason to accomplish another TaoSecurity task. While the financial rewards of working independently probably exceeded those of working for a corporation, the personal cost of maintaining that business cycle is very high. I am also confident my travel requirements will be less for GE than they were for TaoSecurity.

What does this mean for TaoSecurity? Simply put, I will not be accepting any new consulting work or private teaching requests that cannot be accomplished by the end of this month. I am currently fulfilling existing obligations, some of which may extend beyond the end of the month. I am not joining GE because my independent work dried up; in fact, I've had to turn down four large engagements within the last week because they would have to occur after the end of this month.

If you're wondering about public training classes, I recommend you review my TaoSecurity training schedule. You'll see only the following are left:

That's it. I do not have any plans to be teaching again, although I have not ruled out the occasional conference presentation. There will definitely not be any private classes, and I imagine the only public venue for a half-, full-, or two-day class would be USENIX or perhaps Black Hat Training next year, if either are interested. The bottom line is that if you want to take one of these classes before I no longer offer them, please sign up as soon as possible.

What about writing here, or articles, or books? My boss supports my blogging and writing. I have never made a practice of posting "Look what I found at this client!" and he does not expect me to start doing so at GE. You can expect to read more about the sorts of techniques I'm using to address security concerns but never incident specifics or any information which would compromise my relationship with GE. The same goes for articles and books. I plan to continue writing the Snort Report and eventually write the new works listed on my books page.

Finally, I should note that both of my grandfathers retired from GE, so I have some personal history with the company. I'd like to thank Grady Summers and everyone at GE that have helped me join this great organization.

Comments

DavidJBianco said…
Congratulations, Richard! GE is plenty lucky to have you. Sounds like a great opportunity to see and do lots of new, interesting security things. It's a pity that you won't be teaching classes anymore, though. There's a real lack of advanced intrusion anslyst training in the market.
DavidJBianco said…
... not to mention a real lack of good spelling on my part.
Anonymous said…
I had to look to see if it was April first...

Congratulations, Rich.

I'm glad that I signed up for your TCP weapons school @ BH...it will be one of the last.

Wow.

/Hoff
Anonymous said…
Congrats man -- welcome to corporate America! ;) As you know, I went through the same thing last year and made the decision to move to Austin, TX and work for the CSO at Dell. It has made a positive impact on my family life and I hope the same for you. Enjoy the new challenges my friend; I know you will find success. -erik pace birkholz
Anonymous said…
Congratulations Richard, I'm glad I had the opportunity to take a GCIA course from you in San Antonio several years ago.

Hope you get to take some time-off with the family before you start.

Thanks for your contributions to the Infosec community.
Anonymous said…
Congratulations Richard! GE certainly presents a challenge, but I cannot think of a better person to take it on.
Anonymous said…
Congrats Richard! ;)
Anonymous said…
Congrats Richard. Glad I signed up for your class @BH this year. Looking forward to the same type of articles on your blog.
Rocky DeStefano said…
Congratulations Richard! Well respected company and an equally respected professional - great match.

Rocky
Anonymous said…
Congratulations!! I hope you keep blogging your experiences and lessons from GE.
Unknown said…
Wow, a hearty congrats, man!
Anonymous said…
Congrats Richard,
This is a fantastic opportunity for you and your family. I only wish I had the chance to take one of your courses before you jump back into the Corporate world. Best of luck to you!

Nathan Ng
Anonymous said…
Congratulations. They could never find a better person for that post.
May you enjoy your new workplace and hopefully keeps on blogging. Looking forward for your books :D
Clint Laskowski said…
Congrats, Richard. I just decided to accept a position with an employer, too. I've been an independent information security consultant for quite a while. But, at this point, it will be easier for me and my family in my new role as an information risk management systems consultant for a very large company. The dream of being a solo information security consultant is good, but it is a very difficult path.
John Ward said…
Rich,

Even though you told me this a few days ago... I didn't think up a witty remark for it. All that time and I wasted the opportunity, so instead I'll just say congratulations.

I left the corporate world for consulting. It has provided me a wealth of new opportunities that I really am grateful for, but there are things I miss about the office job. First, I miss not having to travel, that was very nice. I miss having more time to blog (on the inverse of that, I do get to work on a wider area of topics so I have a whole lot more to blog about). Plus, its nice having the set schedule of an office job.

Major congrats are in order.
Anonymous said…
Congratulations Richard! Hope you can make as much of a difference there as you did as a consultant/blogger =)
James Voorhees said…
Let me add my congratulations to the mix. I look forward to finding out how you meet the new set of challenges you will face. I expect that GE will soon provide a model for the rest of industry to follow. Be sure to write about it.
Anonymous said…
Richard - Congratz on the move to GE. This sounds like a great job that you'll really enjoy. I home the corporate blogging police don't try and cramp down on your blogging.

Again, congratz. - Mitchell
Richard - Congratulations on your new post. Your timely and well written blog posts will be missed. GE is fortunate to have you.

It has been my pleasure reading your works over the years. Thank you for your contributions and willingness to share your knowledge and experiences.

Anthony L. Williams
Anonymous said…
Congratualtions. We will miss what you can no longer do for the community, but we will appreaciate whatever you are able and willing to do.

Meantime, you may actually be able to have a life now, which is great.

Have fun
Anonymous said…
This comment has been removed by a blog administrator.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics