Skip to content


flyingpenguin, a security consultancy, designs and assesses risk mitigation, compliance and response solutions, as well as delivers strategic and competitive knowledge to security software and hardware vendors.

Innovation, integrity and transparency are hallmarks of our services.

Davi Ottenheimer is a strategist, consultant and author focused on cultural disruption with emerging technology and ethics of intervention. For more than twenty years’ he has led global teams to ensure safety and freedom for billions of people. He is a noted expert on global security operations and assessments, including digital forensics and incident response, having worked within most industries and more than 70 countries. Formerly he was global head of Trust for EMC, the world’s sixth largest software company and largest provider of data storage systems. Prior he was responsible for security at Barclay’s Global Investors, the world’s largest investment fund manager. He also served as the “dedicated paranoid” at Yahoo! where he was responsible for managing the security of hundreds of millions of mobile, broadband and digital home products.

Davi founded in 1995 to safely bridge emerging novel technology with the universal historic importance of literature. He serves on the technical advisory board for several information security start-ups trying to address the challenge of protecting assets and values through science. His current areas of research include ethics of machine learning, defense economics of massively distributed “things”, safety communication protocol with automation/drones, privacy within free open source systems, and building trusted cloud/virtual environments. He is co-author of the book “Securing the Virtual Environment: How to Defend the Enterprise Against Attack,” published in May 2012 by Wiley, and author of the upcoming book “Realities of Securing Big Data”. Davi is a frequent top-rated public speaker and has been quoted or written articles on security, risk management and compliance for publications including National Public Radio, Reuters, Compliance Week, Search Security, Bank Info Security, Network World, Red Herring, Chain Store Age, Inc and SC Magazine.

A widely recognized expert in compliance, for over seven years Davi served as a qualified PCI DSS and PA-DSS assessor (QSA and PA-QSA) with one of the world’s largest payment industry security firms K3DES. He was elected to the Board of the Payment Card Industry (PCI) Security Alliance and also to the board of Silicon Valley chapters of ISACA and OWASP. Davi received his postgraduate academic Master of Science degree in International History from the London School of Economics, where he focused on the ethics of foreign intervention.

David Willson, a licensed attorney in CO, NY, and CT, served 20 years in the U.S. Army. He provided legal and policy advice to the Dept of Defense and the Army in the areas of cyberspace operations, computer network attack, defense and exploitation, international law, operational law and criminal law. He worked at NSA as the legal advisor for what is now CYBERCOM and Army Space Command. He possesses extensive courtroom experience having tried many cases in both military and US District courts.

David’s publications include: “An Army View of Neutrality in Space: Legal Options for Space Negation”, 2001 Air Force Law Review; “A Global Problem: Cyberspace Threats Demand an International Approach”, July 2009, Armed Forces Journal and August 2009 ISSA Journal; and “When Does Electronic Espionage Become an “Act of War?”, CyberPro magazine, May 6, 2010. He was the 2009 CSI Security Conference keynote speaker and also a presenter at the 2010 RSA Security Conference. His work was featured on the KUCI Privacy Piracy radio program Mar. 5, 2010. David is a certified CISSP and Security+. He holds a JD degree from Touro College of Law, an LLM in International law from The Army Judge Advocate Generals School, and an LLM in Intellectual Property w/ emphasis in Information Technology Law from The George Washington University Law School. He is a member of ISSA, InfraGard, IAPP, and ISC2, and teaches Business Continuity and Disaster Recovery as an Adjunct Professor at Colorado Technical University, a NSA Center of Academic Excellence in Information Assurance Education.

Matthew Wallace is a seasoned Internet technology veteran currently bringing next-generation cloud services to life at ViaWest. He is co-author of the book “Securing the Virtual Environment: How to Defend the Enterprise Against Attack,” published in May 2012 by Wiley. His prior work was as a Cloud Solutions Architect at VMware. Before that he worked in devops as a Lead Web Application Architect for a major 3d content firm and also was the founding engineer of Exodus Communications’ Managed Security Services practice (now part of SAVVIS, Inc.) and Principal Security Engineer. He has been tinkering with technology his entire life, and has been interested in security since he defeated a parallel port control dongle for his father’s accounting software at the ripe age of 11.

Bryan Zimmer is a seasoned security consultant to the Defense, Higher Education and Financial industries. He is an efficiency expert in security solutions, as a colleague once wrote:

Scarily so. He’s one of those guys who will come in on a problem you’ve been working on for two-three hours and solve it in a matter of minutes.

Why a weblog about information security?

To help spread enthusiasm for efficient and effective security, as well as to document and share some of the tips and tricks picked up along the way.

Why flyingpenguin?

This idea for a penguin-themed website is related to Davi’s work in 1995 when he built and managed control systems for the Automated Telescope Facility (ATF) at the University of Iowa Department of Physics and Astronomy. The ATF, invented by Afan Ottenheimer and then developed under a grant at the Department, was the first Internet automated/robotic telescope in America. All the mission-critical ATF systems ran on Linux (even Slackware kernel v0.9 could be made stable!).

During this time Davi wrote and maintained numerous web sites under various names, usually working with Linux. When Linus Torvalds announced on Usenix News at the start of 1996 that he had chosen a penguin as the official Linux mascot (Torvald’s UniX or TUX) Davi could not help but learn more about these cute and cuddly creatures. He had always liked the birds (who doesn’t?) and was amazed to discover they travel at extremely high speed by flapping their wings…under water. Thus, flyingpenguin was born.

Scientists say flapping wings means penguins are actually “flying” regardless of the fact that it is via a medium of water instead of air. Davi decided this “paradigm shift” is a nice fit for a website on information security:

flying \fly”ing\, a. [From fly, v. i.]

    moving with, or as with, wings; moving lightly or rapidly; intended for rapid movement

penguin \pen”guin\, n.

    short-legged flightless birds of cold southern especially Antarctic regions having webbed feet and wings modified for water

It’s a subtle reminder to always consider alternative perspectives and methods when hoping to achieve velocity in business or personal goals. Or maybe it’s just a belief that Linux, the true underdog, would eventually “take-off” and raise the bar for every OS along the way….


The poetry connection is related to the same period mentioned above, when Davi founded He aims to put poetry on-line, based on the idea that efficient and effective security is to information technology what poetry is to language. He grew up reading and listening to poets (thanks to his mom and dad!) and also is a student of history, politics and philosophy, which draw heavily upon poetry. Poems always fascinated him because they present a unique window into the thoughts and feelings of our predecessors who faced important social challenges. Much of history is taught with an emphasis solely on military events — who fought, who won and why — which Davi found to obscure much of the more fundamental day-by-day decisions and lessons distilled into poetry by people of that period. More to the point, poetry is the true record of humans (Al-shi’r diwan al-‘arab). If you want to study and understand a subject, poetry can reveal the keys.

What is your favorite poem?

There are so many, it’s hard to say. Davi would say he is perhaps most attracted to events where people tried to make a perfect turn of phrase to express their hopes and dreams of the day. For example, soldiers in the US Civil War held poetry competitions as they sat on the line in preparation for the next day’s battle. Political luminaries also sometimes write poetry as a kind of catharsis, such as Pablo Neruda, Dag Hammarskjold, Abraham Lincoln, or Jimmy Carter. Then again, there are always the fun and frivolous examples:

Inigo Montoya: That Vizzini, he can *fuss*.
Fezzik: Fuss, fuss… I think he like to scream at *us*.
Inigo Montoya: Probably he means no *harm*.
Fezzik: He’s really very short on *charm*.
Inigo Montoya: You have a great gift for rhyme.
Fezzik: Yes, yes, some of the time.
Vizzini: Enough of that.
Inigo Montoya: Fezzik, are there rocks ahead?
Fezzik: If there are, we all be dead.
Vizzini: No more rhymes now, I mean it.
Fezzik: Anybody want a peanut?