Hi! I’m Patrick.
Currently, I’m the Senior Director of Security and Reliability Engineering at Threat Stack, a Boston-based startup that offers cloud-optimized security observability. We collect system calls1 along with other signals, process them, and alert on them. It is a simple and effective product in the security field, which is rare. I manage a team of folks who do operations-focused work with an emphasis on security. It’s a small team, so I also contribute to the work as well. I also manage AWS spend and tie those costs back to various product features. Leading a team is a art that I enjoy. It’s nice to take my experience to add clarity and lead in a variety of situations. It’s also been great see folks grow over the years as well.
Thoughts on Work
Generally, I find the intersection of security and operations interesting. Fitting all of that into the context of a business is a unique challenge. It’s easy to think that “perfect security” exists; it does not. The best implementation of a security program is the one that is owned by the folks who have the ability to impact production. The worst is the one in a silo.
Done is better than perfect - and I’m a big believer that you can iterate towards perfect over time. It’s fun to build out proof-of-concepts and tools that reduce friction. You can read about some of the tools I’ve built over the years on the Talks and Tools page. I get a lot of joy out of distilling complex work into public deep-dives, which you can read about over on the blog.
I grew up around computers. These days, I try to stick to small fun projects outside of work and leave the majority of things I’d want to build to the work week.
During the pandemic, it’s been hard to want to go outside and do the photography thing, but I enjoy shooting landscapes and scenery. You can see some of that on flickr.
I was an Associate Staff member of the Secure and Resilient Systems Group at MIT Lincoln Laboratory. I did many different things in that group, but mainly I worked on the Lincoln Laboratory Secure and Resilient Cloud (LLSRC) program - along with other modern infrastructure computing initiatives. LLSRC was a little bit of OpenStack, a little bit Joyent’s SmartDataCenter, and we made some neat software that bootstraps trust in cloud environments. Introducing researchers to API-driven compute given some unique security constraints was fun.
Prior to that, I was an IT Staff I/II in the Advanced Lasercom Systems and Operations group at MIT-LL. I helped run a laboratory-wide HPC network used in creating and simulating brand new hardware - think full-custom circuits, sensors, and more. I also built infrastructure for various mission-critical field tests, the coolest one being for the Lunar Laser Communication Demonstration.
Before my time at the Lab, I did a mix of home computer repair, IT work for my high school, and managed my local town hall’s IT needs. I also made a popular website a long time ago.
Much of what I have learned is from trying things out, breaking things, and fixing them over many many years. Additionally, I have a Bachelor of Science in Computer Networking and Information Systems from Wentworth Institute of Technology, and a Masters in Networking and System Administration from Rochester Institute of Technology.
About This Site
System calls are functions that your programs use to ask your operating system to do things like “connect to another computer on the internet” or “read that file from storage.” ↩︎