In celebration of this week’s National Cybersecurity Awareness Month theme, The Internet Wants YOU: Consider a Career in Cybersecurity, we asked three of our security and open standards rockstars — Jesper Johansson, Torbjörn Granlund, and John Bradley — to share their career background, and the journey that led them to Yubico.
Jesper Johansson, Chief Security Architect, Yubico
Jesper joins Yubico’s Seattle office to grow and lead the Yubico Security Team. He leaves his post at Google, where he worked in the Security & Privacy team. Prior to that, he spent a decade at Amazon, rising to Chief Security Architect for Amazon's Worldwide Consumer business, and was a security strategist and founding team member of the Trustworthy Computing Team at Microsoft.
When asked to impart some advice to those pursuing a career in cybersecurity, he shared:
“Two things -- first, learn another field as well. You can't be an expert in security without being an expert in some related field. Security is all about protecting something, and you have to have a good understanding of that something else. Second, be pragmatic. The biggest mistake security folks make is trying to secure things to a level that far exceeds the value of the asset you are protecting, or the risk to that asset. We need to focus on security solutions that support the business rather than those that hinder it.”
Jesper is the author of three books, many articles, and blog posts, and has delivered more presentations on security than anyone could remember.
Torbjörn Granlund, Senior Software Engineer, Yubico
Torbjörn recently joined our Stockholm office as an expert in efficient and side channel resilient asymmetric cryptography. He has contributed fundamental functionality to the GNU project, which is used by Linux for file copying, string and memory operations, as well as the GNU compiler.
Torbjörn proves that following your passion and honing your skills can lead to a fulfilling career and significant breakthroughs. “I’ve always been into maths, and in my teens turned into programming. I took a Masters in Science in CS. Far into my career, I realized that my maths skills were lacking, and decided to take a PhD with more maths and more theoretical CS,” said Torbjörn.
Torbjörn developed and authored the GMP arithmetic library, the de facto standard library for arithmetic within the areas of computational number theory — truly a great achievement in the field of mathematics. It is used for asymmetric cryptography in libgcrypt, nettle, GnuTLS, and optionally in OpenSSL.
John Bradley, Senior Technical Architect, Yubico
With more than 15 years of experience, John is an Identity Management subject matter expert and IT professional, whose primary focus at Yubico is on open identity standards. John is treasurer of the openID Foundation and the Open Identity Exchange (OIX), and an active contributor to SAML, OAuth, and other IETF standards. He is also one of the leaders of OSIS and the OpenID Certification, forums that vendors use for industry interoperability testing.
In a previous role, John was asked for a solution that offered the same level of security used for the US Government Service Agency (GSA), but was simple enough for the average user. Meeting the challenge, John co-authored the ICAM protocol profiles at Protiviti Government Services on behalf of GSA, and is currently co-authoring the next version of the openID specification and related standards.
“The standards are all coming together for 2018, as observed by Microsoft at CIS. We also made progress this year by updating NIST SP-800-63 to a third revision to accommodate the new techniques beyond the original smart card model,” he continued. “The goal is to make possible end-to-end proof of possession security from the first authentication through to the last access token.”
With an impressive list of achievements between the three, we are thrilled and proud to welcome them into the Yubico team.
Interested in a career in cybersecurity at Yubico? Check out our open job opportunities here.