Mano Paul is the Software Assurance Advisor for (ISC)2, the global leader in information security education and certification, representing and advising the organization on software assurance strategy, training, education and certification. He is also a member of the Application Security Advisory Board. He is the winner of the first Information Security Leadership Awards (ISLA) as a practitioner in the Americas region in 2011. His information security and software assurance experience includes designing and developing security programs from compliance-to-coding, security in the SDLC, writing secure code, risk management, security strategy, and security awareness training and education. Mr. Paul started his career as a shark researcher in the Bimini Biological Field Station, Bahamas. His educational pursuit took him to the University of Oklahoma where he received his Business Administration degree in Management Information Systems (MIS) with various accolades and the coveted 4.0 GPA. Following his entrepreneurial acumen, he founded and serves as the CEO & President of Express Certifications, a professional certification assessment and training company that developed studISCope, (ISC)2’s official self-assessment offering for their certifications. Express Certifications is also the self-assessment testing company behind the US Department of Defense certification education program as mandated by the 8570.1 directive. He also founded SecuRisk Solutions, a company that specializes in security product development and consulting. Before Express Certifications and SecuRisk Solutions, Mano played several roles from software developer, quality assurance engineer, logistics manager, technical architect, IT strategist and security engineer/program manager/strategist at Dell Inc.
Brian Albrecht - Read all posts by Brian Albrecht
Brian Albrecht, MIS, CISSP, has over 10 years of experience in the field of information technology and network security with the majority of his experience coming with several Fortune 500 financial institutions. Brian has an MIS degree from the University of Denver, emphasizing in Information Systems Security. He is currently a Knowledge Engineer providing professional services for his organization's enterprise class log and security event management solution.
Otto Aulicino- Read all posts by Otto Aulicino
Otto Aulicino, CISSP, CISM,is an experienced Information Security consultant with more than six years in the Information Technology and Information Security areas. Besides the experience iin Informationn Security business development, he has experiences ranging mainly from the development, implementation, maintenance and support of large network security projects to the Information Security Management System management and implementation, based on the ISO/IEC 27001:2005 standard. Otto holds several certifications, including CISSP, CISM, CCNA, CCSP and ITIL foundation.
Tim Bass - Read all posts by Tim Bass
Tim Bass, CISSP, was featured in Popular Science Magazine (WAR.COM, July 1999) in an article related to his work on Internet security and cyberattack countermeasures for the USAF. He is internationally recognized as a thought leader in complex event processing (CEP), Internet security, next-generation intrusion detection and distributed multi-sensor data fusion architectures. He served as Principal Consultant for Network-Centric Architecture and Security, HQ USAF, Office of the CIO, and the Principal Consultant for Net-Centric Operations, United States Department of Defense (DOD), Office of the Secretary of Defense, and Principal Consultant for Networks and Network Security, United States Air Force (USAF), Air Combat Command (ACC). He also served as the Principal Consultant for Network Security, Y2K Turnover, the United States Department of Energy (DoE) and a Principal Consultant for Information Dissemination Management (IDM), Defense Information Systems Agency (DISA) as well as a Principal Internet Security Consultant for SWIFT, Chase Manhattan Bank and the Swiss Bank Corporation. He is currently working on IT security projects in Thailand.
Sarah E. Bohne - Read all posts by Sarah Bohne
Sarah E. Bohne, Director of Communications & Member Services, has been a member of the (ISC)² executive management team since 2004. She is responsible for global public relations, addressing concerns of (ISC)²'s nearly 66,000 members worldwide and managing programs that support them and raise the profile of the information security profession. Ms. Bohne has over 10 years of experience in corporate communications and marketing, including investor, public, analyst relations and internal communications. Prior to joining (ISC)², Ms. Bohne served as Director of Investor and Public Relations for Z-Tel Communications. She holds a bachelor's degree in English from Auburn University in Auburn, Alabama, USA and is a former officer of the Central Florida Chapter of the National Investor Relations Institute (NIRI).
Alexandre Cezar - Read all posts by Alexandre Cezar
Alexandre S. Cezar, CISSP is an experienced Information Security Consultant and Project Manager with more than fifteen years in the Information Security and Network areas; most of them working for the telecom and financial markets on projects worldwide. Alexandre is a specialist on several technologies like firewalls, DPI, IPS, Anti-Spam, DDOS Protection, SIEM tools, operational systems and routing/switching equipments.
Dr. Pramod Damle - Read all posts by Dr. Pramod Damle
Dr. Pramod Damle SSCP, CISSP, CISA, CISM, PhD (Info Security) is currently the Head of Education Services for MIEL e-Security Pvt. Ltd., Mumbai, India. Dr. Damle has been balancing his IT profession between consulting and academics for over two decades. He assumed various roles like Info security consultant, IT manager, IS Auditor, Professor & Head of Dept, Author, Speaker, etc. and his teaching includes a cross section of society viz. students, professors, auditors, executives, scientists, police & army officers, civil servants and judges. He has been teaching CISA, CISM classes of ISACA and SSCP, CISSP on behalf of (ISC)² as an authorized instructor. With many articles/books/PC-based educational games on info security to his credit, Dr. Damle has led the MIEL team in developing a full curriculum/contents for a post-graduate program in info security management (PRISM). He welcomes readers' views and reflections at firstname.lastname@example.org.
John Dittmer, CISSP-ISSMP, PMP - Read all posts by John Dittmer
John is a proud veteran who retired from the Navy Reserve. During his Navy career, he was stationed in Denmark, Cuba, Italy, Bosnia, San Diego & the DC area. John has an MA in Info Resources Management from Webster University and BA degrees in Political Science and History from Marquette University. In addition, John is a graduate of the Naval War College. Currently, he is an Associate of Booz Allen Hamilton, a leading strategy and technology consulting firm based in McLean,Virginia. John holds a CISSP-ISSMP and recently received his PMP certification. As a contractor, John has worked for the Department of the Navy, the FBI, DHS (both the office of Security and CBP), the TRICARE Management Activity and DISA. In those jobs, John has served an Information Assurance Officer, Information Systems Security Officer (ISSO), Security Manager, Physical Security Officer, COMSEC Manager & Auditor, and as an evaluator of Computer Network Defense Service Providers (CNDSPs). Currently, John is supporting the Assistant Security of Defense for Networks and Information Integration (ASD NII). His focus is on Computer Network Defense (CND) and NetOps. Combined, these experiences have given him a unique perspective on developments within the IA arena.
Don Franke - Read all posts by Don Franke
Don Franke is a security professional and software developer with over 13 years of experience, working on contracts for the Army and USAF, and for several Tech 100 companies. During that time he has held titles ranging from Information Specialist to Senior Software Engineer to Information Assurance Security Officer. He holds a CISSP certification and received a Master of Science degree in Information Technology (Infrastructure Assurance concentration) from the University of Texas in San Antonio (UTSA). Interests include system analysis and design, process improvement, programming, and writing.
David Harley - Read all posts by David Harley
David Harley BA CISSP FBCS CITP has been researching and writing about malicious software and other security issues since the end of the 1980s. From 2001 to 2006 he worked in the UK's National Health Service as a National Infrastructure Security Manager, where he specialized in the management of malicious software and all forms of email abuse, as well as running the Threat Assessment Centre, and has worked since as an independent author and consultant. He was co-author of "Viruses Revealed" and lead author and technical editor of "The AVIEN Malware Defense Guide for the Enterprise". He has contributed chapters to many other books on security and education for major publishers such as Syngress, Wiley and Osborne, as well as a multitude of specialist articles and conference papers. He joined ESET's Research team in January 2008 as Research Author, and was appointed Director of Malware Intelligence in August 2008.
Dr. Gary Hinson - Read all posts by Dr. Gary Hinson
Dr Gary Hinson PhD MBA CISSP CISM CISA is an IT governance specialist, working for over two decades in information security, risk management and IT audit. Having been employed by multinationals in a variety of industries (pharmaceuticals, utilities, IT, engineering, defense and financial services), he has been consulting since 2000. Gary is passionate about information security awareness and the ISO/IEC 27000-series information security management standards. He contributes to the continued development of the standards through JTC1/SC27, the ISO/IEC committee responsible for them. Gary is the Chief Executive of IsecT Ltd., supplier of creative information security awareness materials and promoter of the ISO/IEC 27000-series information security standards.
Dan Houser, CISSP-ISSAP, CISM, CISA, CGEIT- Read all posts by Dan Houser
Dan Houser is Sr Security & Identity Architect for a Global 100 healthcare organization, based in Columbus, Ohio. In addition to providing Information Security Architecture and Risk Management subject matter expertise, he drives the organization's Identity and Access Management strategy. Mr. Houser is a published author, with primary research and many papers in security, holds the CISSP-ISSAP, CISM, CISA and CGEIT designations, and is an often sought after instructor and speaker.
Ionut Ionescu - Read all posts by Ionut Ionescu
Ionut Ionescu is currently the Director of Security Services, EMEA for Nortel Global Services. Ionut has 15 years of ICT industry experience including roles in programming, system administration and system management, software integration testing and more recently in consultancy and practice management. Ionut holds a BSc in Computer Science and Electrical Engineering from the University "Politehnica" of Bucharest, Romania and an Executive MBA from London Business School, UK. Ionut is a Certified Information Systems Security Professional (CISSP), a Certified Information Security Manager (CISM) and has a GSEC (GIAC Security Essentials Certification) certification from the SANS Institute. Ionut us also an elected member of the British Computer Society and a Chartered IT Professional, as well as a BS7799 Lead Auditor and a member of the (ISC)² European Advisory Board. At Nortel, Ionut specialises in Information Security and Technology Risk and his work involves designing, implementing and auditing secure enterprise, carrier and e-business infrastructures.
Bob Johnston - Read all posts by Bob Johnston
Bob Johnston, CISSP, is a U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and has taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions. Motto: "When entrusted to process, you are obligated to safeguard." Bob welcomes reader comments, questions or insight at rjohnstn at gmail dot com.
Praveen Karunakaran - Read all posts by Praveen Karunakaran
Praveen Karunakaran, CISSP-ISSAP, CISM, MCSE, MCDBA, CCNA is an Information Security Professional with over 8 years experience in managing, securing, and supporting IT Infrastructure. He is an expert in Identity and Access Management, Endpoint Threat Management, Intrusion Detection and Prevention, Vulnerability Management and Data Loss Prevention Solutions in Heterogeneous Environments. Praveen is currently working with Mphasis, an HP Company, as Manager - Specialization. Praveen holds a bachelor's degree from University of Calicut and a Post Graduate Diploma in Computer Application from the State Board of Technical Education, Kerala, India. He is currently researching in Virtualization and Cloud Security. He welcomes readers' views and comments at email@example.com.
John Kinsella - Read all posts by John Kinsella
Adam Kuncewich - Read all posts by Adam Kuncewich
Matthew Metheny - Read all posts by Matthew Metheny
Matthew Metheny has held senior-level program management and executive level positions with various consulting firms that support the Federal Government. His primary focus is on compliance and standards development to achieve a cost-optimization of multilateral and multilayer security and risk management processes. In addition, he founded and maintains FedRAMP.net, which is designed to build and share information and resources relating to meeting compliance with the Federal Risk and Authorization Management Program. Mr. Metheny is PMP, CISSP, CAP, CISA, CSSLP, CRISC, CCSK certified, and holds MS in Information Assurance from the University of Maryland University College (UMUC). You can reach him at firstname.lastname@example.org.
Sorin Mustaca - Read all posts by Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since 2000 in the IT Security industry and since 2003 for Avira. In his current role as Product Manager his is responsible for the known products used by over 100 million users world-wide. Graduated as Software Engineer at the Politechnic Institute in Bucharest, he complements his academic know-how with product and project management skills in order to create new concepts and solutions for the security software industry.
Lester E. Nichols III - Read all posts by Lester Nichols
Lester Nichols III, MSIA, CISSP, MCSA, CompTIA Security+, received his Bachelors of Science from the University of Phoenix and his Masters of Science in Information Assurance from Norwich University. Lester is currently working on his doctoral degree in Information Security at Capella University. Nichols holds the (ISC)2 – Certified Information Systems Security Professional (CISSP®), Microsoft Certified Systems Administrator 2003 – MCSA, Microsoft Certified Professional – MCP, and CompTIA Security+ certifications. Nichols has over ten years experience in computer technology in the medical, non-profit, financial, and local and federal government sectors, ranging from project management, application development and system support to network engineering and information security roles. He is a contributing author for Chapter 38, Writing Secure Code, to the Computer Security Handbook 5th Edition (http://www.wiley.com/WileyCDA/WileyTitle/productCd-0471716529,descCd-tableOfContents.html). Lester is currently employed by Knowledge Consulting Group as a Senior Security Engineer providing consulting services to the federal government. Prior to this he was with Prolific Solutions, LLC as a Senior Information Assurance Manager. This role includes Risk Management, Certification & Accreditation, vulnerability testing and assessment, policy development, and anything else that may be thrown in along the way. In addition, Lester is an adjunct faculty at the University of Phoenix.
Peter Pearson - Read all posts by Peter Pearson
Sean M. Price - Read all posts by Sean M. Price
Sean M. Price, CISA, CISSP, is an independent security researcher and consultant living in northern Virginia. He specializes in designing and evaluating organizational information assurance programs and system security architectures. Research interests include insider threat, information flows, and applications of artificial intelligence to information assurance problems. Prior publications include the Information Security Management Handbook, Official (ISC)² Guide to the CISSP CBK, IEEE Computer magazine, as well as other journals and conferences. You can reach him at email@example.com.
Jason Rusch - Read all posts by Jason Rusch
Jason Rusch is a certified information security, risk, and compliance professional with over 15 years experience. He currently holds three industry certifications, Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and Certified Information Systems Manager (CISM). Mr. Rusch specializes in I.T. governance framework design, compliance audit management, risk management and assurance reviews, gap analysis, policy content development, and remediation strategy development.Mr. Rusch’s experience includes information security management for Fortune 100 companies Humana Inc. and The Walt Disney Company, as well as Hard Rock International, and Educational Testing Services (ETS). This experience specifically includes management of HIPAA (security rule), Sarbanes-Oxley 404, PCI-DSS, NIST 800-53 compliance, CSF, ISO27002, and COBIT 4.x. I.T. governance.After serving as a Communications and Intelligence Specialist in the US Navy, Mr. Rusch began his career as a network support engineer and quickly progressed into the field of information security and shortly afterwards risk and compliance management. Mr. Rusch is a contributing author on several information security blogs including the International Information Systems Security Certification Consortium (ISC) 2 Blog and Information Systems Audit and Control Association (ISACA) Journal. His accomplishments include the National Defense Service Medal, a Naval Letter of Recommendation and the Southwest Asia Medal (with campaign star) (USN). He also successfully led The Walt Disney Company and Hard Rock Cafe International to their first PCI-DSS “Report on Compliance” (ROC).
Howard A. Schmidt - Read all posts by Howard Schmidt
Howard Schmidt, CISSP, CISM (Hon.) is currently the Security Strategist for (ISC)², the global leader in information security education and certification, commentating on the most pressing information security topics for the organization. A noted speaker and author, Howard Schmidt has had a long and distinguished career in defense, law enforcement and corporate security spanning almost 40 years. He has served as a cyber security advisor to the White House, Vice President and Chief Information Security Officer and Chief Security Strategist for eBay, and Chief Security Officer for Microsoft. He most recently served in the position of Chief Security Strategist for the US CERT Partners Program for the National Cyber Security Division, Department of Homeland Security.
James Scholz - Read all posts by James Scholz
Rob Slade - Read all posts by Rob Slade
Rob Slade's first love is teaching (before research turned him into a virus expert), and he got into computers because of what they could do in the public school system. His research into computer viral programs was eventually published as "Robert Slade's Guide to Computer Viruses." In an attempt to update this material, he co-authored "Viruses Revealed." He prepared the world's first course on forensic programming, which became the first book on "Software Forensics." As a Senior Intructor and course developer for (ISC)² he has published a "Dictionary of Information Security." Thus he has opinions on education, malware, forensics, and infosec terminology. He is best known for gleefully (and regularly) reviewing technical books, since pointing out the errors in literally thousands of books written by other people, is easier and more fun than writing real stuff. More information than anyone would want to know about him is available at http://victoria.tc.ca/techrev/rms.htm or http://en.wikipedia.org/wiki/Robert_Slade . It is next to impossible to get him to take "bio" writing seriously.
Harry Smith - Read all posts by Harry Smith
Harry Smith, CISSP, received his BA in Physics from Rutgers University in 1967, and has done graduate work in applied mathematics at the University of Colorado. He has been involved in infomraiton technology projects since 1977 and has specialized in informaiton security and regulatory compliance for the last fifteen years. Mr. Smith is the founder of Timberline Technologies LLC, a Colorado based information security consulting firm (www.TimberlineTechnologies.com), and is a past president of the ISSA Denver Chapter. Mr. Smith currently teaches an online cryptography course theory through the University of Denver.
Vehbi Tasar- Read all posts by Vehbi Tasar
Dr. Vehbi Tasar, CISSP, CSSLP, Director of Professional Programs Development is in charge of all exam development at (ISC)². His responsibilities include exam question and content development, psychometric oversight of the exam questions, and maintenance of the ANSI certification for all (ISC)² credentials. Vehbi has joined (ISC)² in June 2008 to develop a new security credential called Certified Secure Software Lifecycle Professional (CSSLP). Prior to joining (ISC)², Vehbi worked in the software industry for over 30 years. He has a broad spectrum of application development expertise ranging from high performance computing to database application development, and distributed enterprise computing for the IT infrastructure. Vehbi holds a B.S. degree in Electrical Engineering from the Middle East Technical University from his native Ankara, Turkey. He received an M.S. degree in Computer Science from the University of Missouri, Rolla, and a Doctor of Engineering Degree in Electrical Engineering from the University of Detroit, Mercy in Detroit, Michigan.
W. Hord Tipton - Read all posts by Hord Tipton
W. Hord Tipton, CISSP-ISSEP, CAP, is the Executive Director for (ISC)², the global leader in educating and certifying information security professionals throughout their careers. Tipton previously served as president and chief executive officer of Ironman Technologies, where his clients included IBM, Perot Systems, EDS, Booz Allen Hamilton, ESRI, and Symantec. Before founding his own business, he served for five years as Chief Information Officer for the U.S. Department of the Interior.
Tipton holds a bachelor's degree from the University of Morehead and a master's degree from the University of Tennessee, and in 2004, he received the Distinguished Rank Award from the President of the United States.
As Foundation Director, Julie is responsible for building, leading and managing the (ISC)² Foundation to ensure it becomes a vibrant, wide-reaching and effective organization for the benefit of everyone who interacts with data and the Internet in their daily lives. She is an accomplished market researcher and business strategist with nearly three decades of experience in both the for-profit and non-profit arenas. Her experience includes forging strategic partnerships, encouraging corporate social responsibility and employee volunteerism, nonprofit board development, strategic planning and marketing. Julie has worked in senior management positions at Americans for the Arts, Arts & Business Council Inc., and J. Walter Thompson and Foote, Cone & Belding, both major international advertising agencies where she developed growth plans for Fortune 500 clients including S.C. Johnson Wax, Kraft Foods, The Kellogg Co., and The Quaker Oats Co., as well as for the U.S. Olympic Committee. Julie holds a BA in journalism from Loyola University of Chicago and an MBA from the Kellogg Graduate School of Business at Northwestern University.
Staff Sargent with more than 14 years of experience in information technology and Cyber Security. Mr. Bunch has a diverse Information Technology background and is well versed in numerous arenas of the IT spectrum. He is a conscientious cyber security professional that has constantly strived to find ways to innovatively collaborate and improve processes and procedures. He has had a long and distinguished career in Defense, and supporting Public Sector organizations in Network Defense and Cyber operations. Mr. Bunch is currently a Senior Systems Engineer and Information Assurance Security Officer (IASO) at VortechX Applied Technologies supporting the US Army Communications and Electronics Command (CECOM). Prior to his current position Mr. Bunch has served as Senior Systems intelligence Analyst with National Cyber Investigative Joint Task Force - Analytical Group (NCIJTF-AG), Sr. Cyber Security Engineer and LNO at the Department of Energy, Senior Network Security Analyst at the US Army Research Laboratory, and retired as the S-6 Section Chief for the 29th Combat Aviation Brigade (CAB).
Conor Roantree, CISSP, CISA is highly experienced in Information Security with expert knowledge in the areas of Public Key Infrastructure, Windows Security, Symmetric Key Management, compliance, and vulnerability scanning tools. Conor has developed and applied these skills across a range of platforms, and he is currently responsible for the management of the PKI at Ireland’s largest bank.
Gary has been working in the information systems and technology industry for 25 years. He is a member in good standing of (ISC)2 and holds the credential of Certified Information Systems Security Professional (CISSP). Gary is a member in good standing of ISACA and holds the credential of Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC).
Gary is a volunteer for the (ISC)2® Safe and Secure Online Program. This program teaches children 11 - 14 years of age how to keep themselves safe online.
Ravi Mandalia is an ISO 27001:2005 Lead Auditor and Associate – (ISC)2. He has a Masters in Computer Network Security from Liverpool John Moores University, UK and holds a Bachelors degree in Computer Science. His strength areas are Risk Management, Business Continuity Planning and Disaster Recovery, Public Key Infrastructure, Web Application Pen-Testing and Vulnerability assessments. Currently serving as a Dy. Manager - IT Security at (n)Code Solutions - A Licensed Certifying Authority, Ravi is also a sub-editor at a leading UK based Website ITProPortal.com