I am a digital security coach. I help technical leaders gain clarity and understanding on complex identity, information security and privacy practices, so they can enable secure, trustworthy digital services.
If you work on enabling digital services that handle high value information, conduct sensitive transactions, and need to be secure and privacy respecting in the way it operates, you've come to the right place.
Like you, I live in that world where we need to cut through confusing terminology and concepts, motivate multiple, often competing stakeholders, mitigate risk and fraud, and make choices which balance user experience, security and privacy to deliver digital services people actually trust and use.
Here I seek to provide clarity on complicated stuff such as research and development, failures, solution architecture, authentication, identity federation, identity assurance, attributes, access control and privacy in order to make service delivery happen.
On occasion, I also write about topics that do not fit neatly into one of these categories, such as travel, hiking and backpacking! (Because this is my personal web site and I enjoy those things).
If you are new to my site, you might want to start with my top posts. Here are the top five.
You can also check my blog’s archive for a list of every post I have written or use the search function to find other posts that might be of interest to you.
Anil John is a digital security coach. He helps technical leaders gain clarity and understanding on complex identity, information security and privacy practices, so they can enable secure, trustworthy digital services.
He manages the Identity Management R&D and Data Privacy R&D Programs in the Cyber Security Division for the Homeland Security Advanced Research Projects Agency at the U.S. Department of Homeland Security Science and Technology Directorate. The Identity and Data Privacy Programs help government program managers with the public and private sector R&D expertise and resources needed to enhance the security and trustworthiness of their programs.
In cases where such technologies do not exist or are immature, the programs make the necessary investments in applied research, advanced development, and technology transition to ensure their availability to the Homeland Security Enterprise.
After finishing graduate school I discovered that the life of an Electrical Engineer was not as interesting as I thought it would be! I was at that time employed by the nation’s first gas utility (Baltimore Gas and Electric Company) which fortunately had a diverse technical portfolio. So I found myself jumping into software development on power flow simulation programs and, like many before me, discovered that an EE education was a great foundation for moving into the computer and information management field.
I remember having to download a TCP/IP stack for your operating system, the excitement of browsing the web with NSCA Mosaic, and the first piece of spam that was sent. The possibilities were exciting and I taught myself internet protocols, “HTML Programming”, web server setup/configuration/hosting and some modicum of graphic design skills. I also started a web consulting company to service the needs of small businesses. This allowed me to have the skills to make the formal transition to IT when BGE started an in-house “Web Team”.
During a career that spanned more than a decade, I gained extensive hands-on experience at the network, host and application levels as well as the breadth and depth from architecture to implementation. I have been a system administrator and infrastructure architect who built and secured scalable, fault-tolerant, load balanced, multi-tiered web farms, to a software engineer who has developed everything from shell scripts to complex, distributed, internet facing systems and services.
I was then a successful independent consultant providing technical expertise on enterprise architecture, service orientation and secure software development.
The inflection point in my professional career was a question posed to me by my, then seven year old, daughter:
“Daddy, what do you do?”
The only answer that I could think of (which I did not share with her) was “Daddy makes money”.
It was a sobering wakeup call for me. It resulted in a serious reflection on who I was, how I wanted to live my life, how I wanted to be known by my family, and what I could contribute to leave the world a bit better than I found it.
That man is successful who has lived well, laughed often, and loved much; who has gained the respect of the intelligent men and the love of children; who has filled his niche and accomplished his task; who leaves the world better than he found it, whether by an improved poppy, a perfect poem, or a rescued soul; who never lacked appreciation of earth's beauty or failed to express it; who looked for the best in others and gave the best he had.Ralph Waldo Emerson
After much thought, I joined the staff of the Johns Hopkins University Applied Physics Laboratory (JHU/APL), a non-profit university affiliated research center, who offered me the opportunity to contribute to public service. I worked in a variety of roles and eventually became a member of their Principal Professional Staff with a specialty in identity, credential and access management, service oriented architecture and digital security.
I worked on multiple projects for a variety of U.S. Government sponsors including the U.S. Department of Defense, the U.S. Intelligence Community and the U.S. Department of Homeland Security (DHS). In particular, I was the Technical Lead for the Department of Homeland Security Science & Technology Directorate's Identity Management Testbed.
During this time, I was also on the adjunct faculty of the Johns Hopkins University Whiting School of Engineering, and taught a graduate-level course on Service Oriented Architecture in the University's computer science program.
I was then offered the opportunity to join U.S. Federal Government Service, and spent three years at the General Service Administration's Office of Governmentwide Policy working on government-wide identity, credential and access management initiatives that impact the security and privacy of Citizen-to-Government, Business-to-Government and Government-to-Government digital interactions.
I have since moved on from that role, and now manage three programs at the U.S. Department of Homeland Security Science and Technology Directorate - The Identity and Data Privacy Research, Development & Transition Programs in the Cyber Security Division, as well as the Identity and Access Management Engine (IDAM-E) in the Homeland Security Advanced Research Projects Agency (HSARPA).
All three programs have a common goal -- Help government program managers within DHS and across the U.S. Government, easily connect with the public and private sector U.S. and international research and development expertise and resources, needed to enhance the security and trustworthiness of their programs.
In cases where such technologies do not exist or are immature, my role is to make the necessary investments in applied research, advanced development, and technology transition to ensure their availability to the Homeland Security Enterprise.
I continue to struggle with answering the question my daughter asked me back then, but it keeps getting easier every day!
The information that you will find here are solely my opinions and do not represent my employer’s view in any way. Nobody typically sees any of the information here before it is published, and neither my employer nor any other party necessarily agree with them.
Needless to say, the information here is a snapshot in time. As I interact with the community at large, and learn more about various topics, my thoughts and opinions are subject to change. As such you should not consider out of date information and blog posts to reflect my current thoughts and opinions.