I'm an entrepreneur, technologist, author and game designer, focused on improving security outcomes for my customers and the industry as a whole. To solve these problems, I create a wide variety of companies and organizations, software, new analytic frameworks, as well as books, games and other forms of communication. I've built these at tiny startups and at Microsoft.

In my time at Microsoft, I focused on human factors in security, including usable security and measuring how our customers' computers are compromised. I also worked on threat modeling tools and techniques, and have shipped two tools (one software, one a card game) to help software engineers analyze their software designs for security flaws. In that role, I was a key driver for Microsoft's Software Development Lifecycle.

I'm the author of Threat Modeling: Designing for Security (Wiley, 2014) and the co-author of The New School of Information Security (Addison-Wesley, 2008).

Before Microsoft, I was a leader in 3 successful startups, including Netect (vulnerability management), Zero-Knowledge Systems (privacy) and Reflective (software security). I also helped drive the CVE project, launch the International Financial Cryptography Association and the Privacy Enhancing Technologies Symposium.

Specialties: Information security and privacy, especially at the intersection of technology and people. Serious games. Systems design and architecture. User experience design.