I drink a lot of coffee and write. These are sometimes done together, which makes strange magic happen. I also play lots of games on computers and tabletops. I do information security to pay the bills. Most of those bills are coffee and game-related. Professionally, I've been in the information security field since 1999 with a focus on higher education. I have held a CISSP certification since 2000. Recently, my work has focused on compliance efforts, privacy topics, assessments, and consulting. I have presented on various topics at numerous conferences, sit on the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) Technical Advisory Group, and am a member of the Computer Security Incidents - Internet2 (CSI2) Working Group.