Volunteer Spotlight: David Lingenfelter

David Lingenfelter is a seasoned security professional with nearly 20 years of experience in risk management, information security, compliance and policy development. He is responsible for oversight of all security and compliance aspects of Fiberlink, an IBM company, including physical, application, network and data security. David successfully managed Fiberlink through the FISMA certification process, including proposed FedRAMP controls. David helped design Fiberlink’s cloud architecture model, and is an active member of the Cloud Security Alliance including being a co-chair for their Mobile Working Group and contributor to the development of the CSA Cloud Controls Matrix as well as being active in several other working groups. A noted expert and thought leader in mobile security, David frequently gives presentations on Cloud and Mobile technologies and has presented for ISACA, ISSA, Cloud Security Alliance, InfraGard and GTRA among others. David has also been quoted as a subject matter expert in a number of different publications.

How did you become involved in the CSA?
I learned about CSA when doing some research around cloud computing. I was running security for Fiberlink, a Software as a Service vendor, and was looking for new standards or approaches to security in the cloud. When I got involved the CSA was working on v2.1 of their Security Guidance for Critical Areas of Focus in Cloud Computing. My intention originally was to learn how others were building and securing cloud, but I quickly realized that everyone was in the same place I was with wanting to understand more.

I helped review the Guidance document and later took part of the 3.0 version as well. I also quickly became involved in reviewing and giving input to the Cloud Controls Matrix. As a SaaS cloud provider focused on mobile security, my perspective proved to be someone unique compared to others looking at IaaS or even other SaaS environments. When the opportunity presented itself to help spin up a new research group focused on mobile, I jumped at the opportunity.

What type of knowledge or skills have you gained by your involvement in the CSA that otherwise you would not have in your current role?
My outlook in life is that you need to learn something new every day so I’m always looking for new places to gather fresh ideas. My best opportunity to learn is to talk with people outside of my everyday life at Fiberlink and get perspectives that can sometimes be quite different than my own. I have met a lot of very smart, very dedicated people through working with the CCM, SME and being a co-chair of the Mobile Working Group. All of these people have different ideas and different perspectives and in several cases, while their situation may be quite different than mine, the ideas can be easily adopted to work in different environments. I’ve found this to be very useful in that I am not struggling to explain how to adapt a traditional security model to a SaaS model, but rather taking the learnings of others and working them into our overall strategy.

How do you think your involvement has impacted cloud security?
The Mobile Working Group has helped define what it means to be mobile in a cloud world. From policies and practices around BYOD to defining what consumers should look for in a mobile management solution, we’ve helped introduce a level of understanding of mobile and how it is an integral part of the entire cloud ecosystem that otherwise was not being addressed.

We’ve added a section around mobile to the CCM helping many organizations better understand the significance of securing mobile environments.

How has it impacted your career path?
While I’ve been participating and contributing to the CSA I have also remained focused on learning from the CSA and have been able to take a lot of different information back to my job to help make it easier for people to understand how we function. The networking aspect of my involvement with the CSA cannot be ignored either. I have met and worked with a large number of very smart people around the globe.

What is next for David with the CSA?
I look forward to continuing my work with the Mobile Working Group as well as other groups within the CSA. The mobile space continues to mature and change at an extremely rapid pace making it difficult for people to understand where they should focus when it comes to mobile security. We’re currently working on expanding the definition of mobile to include aspects of the Internet of Things as well as new approaches to handling BYOD and the constantly changing mobile platforms.