About

Davi Ottenheimer has more than sixteen years experience managing global security operations and assessments, including a decade of leading incident response and digital forensics. He is an expert in compliance and is a qualified PCI DSS and PA-DSS assessor and former Board Member for the Payment Card Security Alliance and the Silicon Valley chapters of ISACA and OWASP. He is an award-winning public speaker and has been quoted or written articles on security, risk management and compliance for publications including Bank Info Security, Network World, Red Herring, Chain Store Age and SC Magazine. He was formerly responsible for security at Barclays Global Investors (BGI), the world’s largest investment fund manager (now BlackRock). Prior to BGI he was a “dedicated paranoid” at Yahoo! and responsible for managing security for hundreds of millions of mobile, broadband and digital home products. He has helped secure industry-leading organizations including Brady Corporation, Cisco, Cypress Semiconductor, Department of Defense University Affiliated Research Center, IBM, Intel, Metavante, Puget Sound Energy, State Farm, University of California Santa Cruz, University of Iowa Hospitals and Clinics, VMware and West Marine.

Davi received his postgraduate academic Master of Science degree in International History from the London School of Economics. He keeps a strong habit of monitoring international relations within a historical context as former student of power and security of the Cold War in Asia, Africa and Europe. This may explain the balance of interest in first person accounts of world events versus system logs and incident response — a “macro” analysis of international cyberwar versus a “micro” analysis of information security or cybersecurity.

David Willson served for twenty years on active duty with the United States Army as an attorney (JAG). He provided legal advice and consultation to high levels of the Department of Defense including the National Security Agency (NSA) for the last ten years in information technology, information security, computer network operations, and international and operational law. He now serves as deputy director of cyber operations for NEKASG.com. He was a trial attorney for the Army for over 8 years for cases in both military and Federal District courtrooms.

David’s publications include: “An Army View of Neutrality in Space: Legal Options for Space Negation”, 2001 Air Force Law Review; “A Global Problem: Cyberspace Threats Demand an International Approach”, July 2009, Armed Forces Journal and August 2009 ISSA Journal; and “When Does Electronic Espionage Become an ‘Act of War’?”, CyberPro magazine, May 6, 2010. He was a keynote speaker at the Oct. 2009 CSI Security Conference and spoke at the Mar. 2010 RSA Security Conference. He also has been interviewed on KUCI Privacy Piracy radio program Mar. 5, 2010. David is licensed to practice law in New York and Connecticut, certified CISSP and Security+. He has a JD degree from Touro College of Law, an LLM in International law from The Army Judge Advocate Generals School, and an LLM in Intellectual Property w/ emphasis in Information Technology Law from The George Washington University Law School. He is a member of ISSA, InfraGard, IAPP, and ISC2, and teaches Business Continuity and Disaster Recovery as an Adjunct Professor at Colorado Technical University.

Why a weblog about information security?

To help spread enthusiasm for efficient and effective security, as well as to document and share some of the tips and tricks picked up along the way.

Why flyingpenguin?

This idea for a penguin-themed website is related to Davi’s work in 1994 when he built and managed the control systems for the Automated Telescope Facility (ATF) at the University of Iowa Department of Physics and Astronomy. Invented by Afan Ottenheimer, the ATF was the first Internet automated/robotic telescope in America.

All the mission-critical ATF systems ran on Linux (even Slackware kernel v0.9 could be made stable!). During this time Davi wrote and maintained numerous web sites under various names, usually working with Linux. When Linus Torvalds announced on Usenix News at the start of 1996 that he had chosen a penguin as the official Linux mascot Davi could not help but learn more about these cute and cuddly creatures. He had always liked the birds (who doesn’t?) and was amazed to discover they travel at extremely high speed by flapping their wings…under water. Thus, flyingpenguin was born.

Scientists say flapping wings means penguins are actually “flying” regardless of the fact that it is via a medium of water instead of air. Davi decided this “paradigm shift” is a nice fit for a website on information security:

flying \fly”ing\, a. [From fly, v. i.]

moving with, or as with, wings; moving lightly or rapidly; intended for rapid movement

penguin \pen”guin\, n.

short-legged flightless birds of cold southern especially Antarctic regions having webbed feet and wings modified for water

It’s a subtle reminder to always consider alternative perspectives and methods when hoping to achieve velocity in business or personal goals. Or maybe it’s just a belief that Linux, the true underdog, would eventually “take-off” and raise the bar for every OS along the way….

Why poetry.org?

The poetry connection is related to the same period mentioned above, when Davi founded poetry.org. He aims to put poetry on-line, based on the idea that efficient and effective security is to information technology what poetry is to language. He grew up reading and listening to poets (thanks to his mom and dad!) and also is a student of history, politics and philosophy, which draw heavily upon poetry. Poems always fascinated him because they present a unique window into the thoughts and feelings of our predecessors who faced important social challenges. Much of history is taught with an emphasis solely on military events — who fought, who won and why — which Davi found to obscure much of the more fundamental day-by-day decisions and lessons distilled into poetry by people of that period.

What is your favorite poem?

There are so many, it’s hard to say. Davi would say he is perhaps most attracted to events where people tried to make a perfect turn of phrase to express their hopes and dreams of the day. For example, soldiers in the US Civil War held poetry competitions as they sat on the line in preparation for the next day’s battle. Political luminaries also sometimes write poetry as a kind of catharsis, such as Pablo Neruda, Dag Hammarskjold, Abraham Lincoln, or Jimmy Carter. Then again, there are always the fun and frivolous examples:

Inigo Montoya: That Vizzini, he can *fuss*.
Fezzik: Fuss, fuss… I think he like to scream at *us*.
Inigo Montoya: Probably he means no *harm*.
Fezzik: He’s really very short on *charm*.
Inigo Montoya: You have a great gift for rhyme.
Fezzik: Yes, yes, some of the time.
Vizzini: Enough of that.
Inigo Montoya: Fezzik, are there rocks ahead?
Fezzik: If there are, we all be dead.
Vizzini: No more rhymes now, I mean it.
Fezzik: Anybody want a peanut?