Subscribe and get email updates
We won’t share, sell or spam you.
RECENT SPEAKING SCHEDULE

7/30 - BSides Las Vegas- Las Vegas, NV
Mobilizing the PCI Resistance: Lessons Learned from Fighting Prior Wars (SOX-404)

9/20 - itSMF USA Fusion 2010 - Louisville, KY
Avoiding Audit Fatigue: Achieving Compliance In A Multi-Compliance World

9/24 - PCI SSC North American Community Meeting - Orlando, FL
Scoping SIG Update

9/24 - Interop New York - New York, NY
Creating Effective Security Controls: A Ten Year Study of High Performing Security Organizations

10/24 - NACD Corporate Governance Conference - Washington, DC
How IT Can Help (And Hinder) Boards

Twitterstream

You've found the home page of Gene Kim (@realgenekim).  Among other things, I'm the author of The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win and The Visible Ops Handbook, a researcher, and founder and former CTO of Tripwire. I am passionate about IT operations, security and compliance, and how IT organizations successfully transform from “good to great”.

The Phoenix Project

In January 2013, we released our latest book titled "The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win." Closely modeled after "The Goal: A Process of Ongoing Improvement," by Dr. Eliyahu Goldratt, the book shows the downward spiral that happens in almost every IT organization, and how DevOps can help us claw our way out.

You can all our latest writings on this topic at the IT Revolution blog.  See you there! 

My Work with Tripwire

I wrote the original version of Tripwire when I was an undergraduate at Purdue University in 1992, when I was doing an independent study project with the famous Dr. Gene Spafford

One of the most unexpected outcomes is that it rapidly became one of the most widely used intrusion-detection tools for Unix.  So in 1998, I co-founded Tripwire, Inc., and until July 2010, I served as the CTO. You can read more about my departure from this great company to start the next exciting chapter of my life in this blog entry here

My Work Studying High Performing IT Organizations

What fewer people know about me is that one of my areas of passion has been studying high-performing IT organizations.  This journey started in 2000, when I started keeping a list of people that was called “Gene’s list of people with great kung fu.”  These were the people who talked and acted differently than everyone else. More importantly, their organizations all had simultaneously achieved the highest IT service levels, the best information security outcomes, the best posture of compliance, and amazingly, the best IT efficiencies.

I started working with Kevin Behr to understand how these organizations made their “good to great” IT transformations, and codified this transformation in the Visible Ops and Visible Ops Security books, which have sold over 150K copies.

My Work in Audit Standards and Guidance

I’ve also influenced numerous industry standards around regulatory and contractual compliance.  In 2005, I was part of the leadership team of the GAIT task force, which was an effort by the Institute of Internal Auditors to address the problems of the high cost of audits for the IT portions of the Sarbanes-Oxley Act of 2002.  This effort led to defining the four GAIT Principles, which auditors could use to correctly scope the IT portions of SOX-404.  We mobilized over 100K internal auditors, the SEC and PCAOB regulatory and enforcement bodies, as well as the external auditors from the 8 CPA firms.  In short, we made a difference, in a highly political process that involved many constituencies, each with sometimes very different goals.

I’m currently actively trying to replicate the same type of revolution in the state of the information security practice in support of the PCI compliance domain.  I am part of the leadership team of the PCI Scoping Special Interest Group, where we are creating guidance that will help management and assessors correctly define the scope of PCI audits.

My Awards

  • 2009 Purdue University Outstanding Alumnus Award by the Department of Computer Sciences for achievement and leadership in the profession
  • 2007 ComputerWorld “40 Innovative IT People Under The Age Of 40"
  • 2004 InfoWorld “Top Up and Coming CTOs To Watch”
  • 2001 Portland Business Journal "Top 40 Under 40"

 

Subscribe now to get email updates!