Meet the information security experts...
The following information security professionals serve on our Ask the Experts panel:
Charles Cresson Wood, CISSP, CISA, CISM - Infosecurity Infrastructure Incorporated
Charles Cresson Wood is an author and independent information security consultant based in Mendocino, California. Mr. Wood has over 30 years of information security experience, and has consulted with over 120 organizations, many of them Fortune 500 companies, including a large number of financial institutions and high-tech companies. He has published over 375 technical articles and five books in the information security field, including Information Security Policies Made Easy and Information Security Roles and Responsibilities Made Easy. Mr. Wood has been Senior North American Editor for the journals "Computers & Security" and "Computer Fraud & Security Bulletin", as well as a monthly columnist for "Computer Security Alert". In November 1996 he received the Lifetime Achievement Award from the Computer Security Institute for "sincere dedication to the computer security profession."
Rebecca Herold, CISSP, CISA, CISM, FLMI - Independent Information Security Consultant and Author
Rebecca Herold is an independent information privacy, security and compliance consultant, author and instructor. Rebecca has over 15 years of privacy and information security experience, and assists organizations of all sizes with their information privacy, security and regulatory compliance programs. She specializes in risk assessment, gap analysis, policy content development, awareness training, strategy development and implementation. She has been a monthly information privacy columnist for the CSI Alert newsletter since 2001 and contributes articles to other publications regularly. In addition to her dozens of published articles, Rebecca authored The Privacy Papers (Auerbach) in 2001, co-authored The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach) in 2003, Managing an Information Security and Privacy Awareness and Training Program in (Auerbach) 2005, and The Privacy Management Toolkit (Information Shield) in 2006.
Barry Fergus Jones, CISM, CISSP - Independent Information Security Consultant, Teacher and Writer
Barry has over 27 years of experience with information technologies spanning a number of diverse areas, such as: Project management, SDLC Methodology, Standards, Policies and Procedures, QA, BPI, Integrated Problem, Change, Inventory and Configuration Management. Barry is a principal contributor to the PolicyShield information security policy subscription service. For the last 12 years he has specialized in Information Protection, focusing on Awareness and Education, Policies and Procedures, Qualitative Risk Assessments, Security Architectures and Strategies, Business Continuity, Incident Response, Investigation and Forensics. Barry has spoken to the CTAC/PERF National Conference on Technology and Policy, CIS's Annual Conference, the IIA's annual Information Technology Conference, Florida Telecommunications Association, and the Tampa Bay CIO Council. He is a long-time member of the Florida Association of Computer Crime Investigators (FACCI), and teaches digital forensics in an NSA-certified information security program. With a Masterís belt in Tang Soo Do, belts in a number of other martial arts, he is also a long time martial arts teacher.
Scott Hayden, CISM, CISSP, CISM, CISA is an accomplished Information Security professional with over 25 years of practical experience. His specialties include security management, policy development, security assessments, governance, and awareness training. Scott has an extensive background as both a consultant with Fortune 500 companies and as a senior information security officer for Armco Inc. and Mellon Bank. He has done a variety of consulting, policy development and compliance assessment work for Solutionary, NetIQ/Attachmate, and Ernst & Young LLP. At NetIQ/Attachmate, Scott was the lead content specialist for the VigilEnt Policy Center (VPC). Scott is a Certified Information Systems Security Professional (CISSP), a Certified Information Security Manager (CISM) and a Certified Information Systems Auditor (CISA).
Scott has extensive knowledge of regulations and frameworks pertaining to information technology across industry verticals including CobiT, FDIC IT-RMP, FFIEC, GLBA, HIPAA, ISO 27001, NCUA, NIST 800-53, PCI-DSS and many others. In addition to his direct work experience, Scott has contributed to the professional certification of thousands of other practitioners as a member of the CISSP exam committee of the International Information Systems Security Certification Consortium, Inc., (ISC)≤. He has administered CISSP exams to thousands of professionals, has chaired the Exam Administration Committee and is currently a member of the Product Development Committee. For his efforts Scott received the (ISC)2 President's award in 2003 and 2004, and was honored with a Founders Award during the 20th anniversary celebration in 2009.
Stephen Northcutt - SANS Institute
Stephen currently serves as Director of Training and Certification for the SANS Institute. Stephen is a graduate of Mary Washington College. Before entering the field of computer security, he worked as a Navy helicopter search and rescue crewman, white water raft guide, chef, martial arts instructor, cartographer, and network designer. Stephen is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security, SANS Security Essentials and Network Intrusion Detection 3rd edition. He was the original author of the Shadow Intrusion Detection system before accepting the position of Chief for Information Warfare at the Ballistic Missile Defense Organization.
Ben Rothke, CISSP, CISM
Ben Rothke is a New York City based security consultant with BT INS and has over 15 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, PKI, security and privacy regulatory issues, design & implementation of systems security, encryption, cryptography and security policy development. Prior to joining BT INS, Ben was with AXA, Baltimore Technologies, Ernst & Young, and Citicorp, and has provided security solutions to many Fortune 500 companies.
Ben is the author of Computer Security - 20 Things Every Employee Should Know (McGraw-Hill, 2006), and a contributing author to Network Security: The Complete Reference (Osborne) and The Handbook of Information Security Management (Auerbach). He writes a monthly security book review for Security Management and is a former columnist for Information Security, Unix Review and Solutions Integrator magazines.
Ben is also a frequent speaker at industry conferences, such as CSI, RSA, MISTI, NetSec and ISACA and is a Certified Information Systems Security Professional (CISSP) & Certified Information Security Manager (CISM), and a member of HTCIA, ISSA, ISACA, ASIS, CSI and InfraGard.
Mark T. Edmead - MBA, CISA, CISSP
Mark Edmead has over 25 years of experience in computer systems architecture, information security, and project management. Mark has extensive knowledge and experience in IT and application audits, risk and IT governance, including Sarbanes-Oxley compliance auditing. His expertise includes access controls, cryptography, security management practices, network and Internet security, computer security law and investigations, and physical security. Mark has consulted with various Fortune 1000 companies in the areas of information systems and Internet security, including Intel, Capital One, Bridgemark/BDO Siedman, Maxwell Technologies, Wells Fargo Bank, Sempra Energy, IBM Corporation, World Health Organization, and Booz-Allen Hamilton.
Mark has extensive educational experience and currently teaches audit and IT security courses for the Institute of Internal Auditors (IIA) and Learning Tree International. Mark has also taught information security courses for the SANS Institute, MIS Institute and the University of California San Diego. He holds both MBA and BSIT degrees and is currently pursuing his PhD in Management. He is currently an adjunct professor at Keller Graduate School of Management.
David J. Lineman - Information Shield, Inc.
David Lineman is president and CEO of Information Shield, Inc. a global provider of information security leading practices. He has 20 years of software, security and information technology management experience, and holds 3 patents on software technology. He is author of Information Protection Made Easy - A Guide for Employees and Contractors, and has written on technology and security issues for diverse publications such as SC Magazine, Windows Security, CRM Magazine, Houston Business Journal, Dell Solutions Magazine, Software Management News, and Harts Oil & Gas Journal. He has also spoken about information security topics on KHOU TV in Houston. Mr. Lineman has both a Masters and Bachelor of Science from the Massachusetts Institute of Technology.