About

flyingpenguin, a security consultancy, designs and assesses risk mitigation, compliance and response solutions, as well as delivers strategic and competitive security knowledge to software and hardware vendors. Innovation, integrity and transparency are hallmarks of our services.


Davi PicDavi Ottenheimer is President of flyingpenguin and helps lead security on Inrupt’s Solid mission to “course-correct the Web”. He serves on the Board of Advisors for Anjuna Security (confidential compute) and Accenture (future technology) and has over three decades’ experience in security engineering, operations and assessments, including incident response and digital forensics. Davi is co-author of the book “Securing the Virtual Environment: How to Defend the Enterprise Against Attack,” published in May 2012 by Wiley. His next book is about the Realities of Securing Big Data.

He has served as the head of security and trust across multiple industries including high-tech data storage and management (ArcSight, EMC, MongoDB, VMware, and Yahoo!), the world’s largest investment fund manager at the time (Barclays Global Investors), international retail/wholesale (West Marine), as well as higher education, healthcare and aerospace (University of Iowa, University of California Santa Cruz, University Advanced Research Center at NASA). His role at Yahoo! was the “dedicated paranoid” responsible for more than two billion users’ safety (hundreds of millions of mobile/cellular, broadband and cable products), where in 2006 he patented “PIN login” with IoT devices. In 2017 he created and led a NoSQL database security team to develop client-side field-level encryption, released in 2019.

An expert in regulations and compliance, he was a qualified Payment Card Industry (PCI) Data Security Standard (DSS) and Payment Application (PA-DSS) Qualified Security Assessor (QSA and PA-QSA) with K3DES. He served as a Board Member for the PCI Security Alliance, as well as the Silicon Valley chapters of ISACA and OWASP.

Davi gives guest university lectures in Europe and North America, is a frequent top-rated public speaker and has been quoted or written articles on security, risk management and compliance for publications including The Washington Post, Financial Times, The Atlantic, Reuters, Wired, Compliance Week, Search Security, Bank Info Security, Network World, Red Herring, Chain Store Age, Inc, and SC Magazine.

He received his postgraduate academic Master of Science (MSc) degree in International History from the London School of Economics.


Why a weblog about information security?

To help spread enthusiasm for efficient and effective security, as well as to document and share some of the tips and tricks picked up along the way.

Why flyingpenguin?

This idea for a penguin-themed website is related to Davi’s work in 1995 when he built and managed control systems for the Automated Telescope Facility (ATF) at the University of Iowa Department of Physics and Astronomy. The ATF, invented by Afan Ottenheimer and then developed under a grant at the Department, was the first Internet automated/robotic telescope in America. All the mission-critical ATF systems ran on Linux (even Slackware kernel v0.9 could be made stable!).

During this time Davi wrote and maintained numerous web sites under various names, usually working with Linux. When Linus Torvalds announced on Usenix News at the start of 1996 that he had chosen a penguin as the official Linux mascot (Torvald’s UniX or TUX) Davi could not help but learn more about these cute and cuddly creatures. He had always liked the birds (who doesn’t?) and was amazed to discover they travel at extremely high speed by flapping their wings…under water. Thus, flyingpenguin was born.

Scientists say flapping wings means penguins are actually “flying” regardless of the fact that it is via a medium of water instead of air. Davi decided this “paradigm shift” is a nice fit for a website on information security:

flying \fly”ing\, a. [From fly, v. i.]

    moving with, or as with, wings; moving lightly or rapidly; intended for rapid movement

penguin \pen”guin\, n.

    short-legged birds of cold southern especially Antarctic regions having webbed feet and wings modified for flying through the water

It’s a subtle reminder to always consider alternative perspectives and methods when hoping to achieve velocity in business or personal goals. Or maybe it’s just some hopeful analysis from 1995 that Linux, the true underdog, would eventually “take-off” and raise the bar for every OS along the way….

Why poetry.org and “poetry of…”?

Davi registered this domain in the same period mentioned above, when he alone conceived and founded poetry.org. He has aimed since 1995 to enable and enhance access to poets on-line, based on the idea that efficient and effective security is to information technology what poetry is to language — the power of access to trusted IT like the power of access to trusted ideas. He grew up reading and listening to poets (thanks to his mom and dad!) and also is a student of history, politics and philosophy, which draw heavily upon poetry.

Poems always fascinated him because they present a unique window into the thoughts and feelings of our predecessors who faced important social challenges. Much of history is taught with an emphasis solely on military events — who fought, who won and why — which Davi found to obscure much of the more fundamental day-by-day decisions and lessons distilled into poetry by people of that period.

As John F. Kennedy published in 1964 (just months after his assassination):

When power leads man towards arrogance, poetry reminds him of his limitations. When power narrows the areas of man’s concern, poetry reminds him of the richness and diversity of his existence. When power corrupts, poetry cleanses, for art establishes the basic human truths which must serve as the touchstones of our judgement.

Any favorite poem?

There are so many, it’s hard to say. Davi would perhaps be attracted most to events where people tried to carve a perfect turn of phrase and express hopes and dreams of that day. For example, soldiers in the US Civil War held poetry competitions as they sat on the line in preparation for the next day’s battle. Political luminaries also sometimes write poetry as a kind of catharsis, such as Dag Hammarskjold, Abraham Lincoln, or Jimmy Carter. Then again, there are always the fun and frivolous examples…