Yesterday was my one-year anniversary at Akamai, and it's been a great learning experience. To measure the journey, I took a look at posts written in the past year.
The following compilation captures the lessons that have made the biggest impression so far.
1.) Akamai's security passion can be traced to the beginning
Post: "Internet Security Central To Danny Lewin's Legacy"
Summary: To me, the story of InfoSec is human to the core, even though we talk a lot about the technology and spend much of our time on that part of it. I've seen some of humanity's worst in the story. But far more often, I've seen the best. Akamai Co-Founder Danny Lewin's story captures the latter.
2.) Training starts on the first day and doesn't end there
Post: "Lessons From Akamai InfoSec Training"
Summary: Security training in the business world isn't something you can do with a one-size-fits-all mindset. Different companies have different needs, and Akamai is no exception. We dealt with specifics I won't discuss here. But a lot of the directions were pretty basic and applicable in any company and industry.
3.) Akamai's security team handles a crisis with grace and tenacity
Post: "Podcast: CSO Andy Ellis on Heartbleed"
Summary: By now, most of you are aware of the Heartbleed vulnerability that sent shockwaves through the tech industry. Like many of you, Akamai had to work overtime to ensure our customers were protected. We did that, but as is the case with any large security threat, we continue to be vigilant and, while letting everyone know what we did to keep them secure, we're looking back at the lessons learned and how to turn it into even better security going forward.
4.) Did I mention that the security training never stops?
Post: "Two Embarrassing Security Lessons"
Summary: Good news: I got another look at how well Akamai's security procedures work. Bad news: It's because I made two simple mistakes. And I knew better.
5.) Compliance requires real security, not imagined security
Post: "Akamai Security Compliance: The Story So Far"
Summary: A compilation of posts that study Akamai's security and compliance efforts in depth.
For all I've learned this past year, I know the education is just beginning.