Careers Information Security Podcast

The Information Security Media Group podcast series continues with insights from Stephen Northcutt, CEO of the SANS Technology Institute, a postgraduate level IT security college, and an acknowledged expert in training and certification. He founded the Global Information Assurance Certification (GIAC) in 1999 to validate the real-world skills of IT security professionals. GIAC provides assurance that a certified individual has practical awareness, knowledge and skills in key areas of computer and network and software security. Northcutt is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection 3rd edition. He was the original author of the Shadow Intrusion Detection system before accepting the position of Chief for Information Warfare at the Ballistic Missile Defense Organization. Stephen founded the GIAC certification and currently serves as CEO of the SANS Institute. Listen as Northcutt describes the state of information security training today, and why colleges and universities still need to bring more technical focus to their information security curriculum, why there is still a real need for more technically-trained information security professionals to fight the influx of malware and Eastern European, Russian and Brazilian hackers who are coming to invade your institution. He explains the need for more technically-trained professionals versus "policy" professionals; and where he sees the industry growth heading, finally he gives some words of advice to those starting out in information security.

Information Security Media Group hears from Joyce Brocaglia, a leading information security recruiter and her thoughts on how the role of the CISO is evolving in companies and how corporate culture is shifting focus to the "risk strategic" role. Brocaglia discusses the differences between a technically focused CISO and a CISO with a holistic focus; What's driving change in information security; her advice to current and aspiring CISOs; and how to get your seat at the board table. With her 20 years of experience, Brocaglia shares her ideas on developing business understanding and how to learn leadership skills; why it's important to get out of your "comfort zone" and extend yourself to learn presentation skills; why CISOs must develop relationships and have the "soft skills" and not just technical skills in order to succeed. She also talks about what are some of the "must have" skills for information security officers; the convergence of physical and cyber security departments and why creating alliances between the two is needed; and why women are getting into information security field and are becoming leaders. Joyce Brocaglia is president and CEO of Alta Associates, Inc., a leading executive recruitment firm in the information security industry. Since 1986, the firm has served as a trusted advisor for organizations seeking top industry talent and has played a key role in building corporate information security organizations, developing professional services practices and growing security product start-ups. In 2003, Information Security magazine honored Brocaglia with a "Women of Vision" award naming her one of the 25 most influential women in the information security industry. Also in 2003, Brocaglia founded the Executive Women's Forum on Information Security, Privacy and Risk Management. The EWF is a venue where the most senior women in the security industry gather to share ideas and develop trust-based relationships. In 2005 Brocaglia authored "The Information Security Officer: A New Role for New Threats" in Larstans's "The Black Book on Corporate Security". In 2006 Brocaglia and the Executive Women's Forum partnered with Carnegie Mellon's Cylab to create scholarships for outstanding women to enroll in CMU's Master of Science in Information Security Technology and Management program.

Information Security Media Group hears from Joyce Brocaglia, a leading information security recruiter and her thoughts on how the role of the CISO is evolving in companies and how corporate culture is shifting focus to the "risk strategic" role. Brocaglia discusses the differences between a technically focused CISO and a CISO with a holistic focus; What's driving change in information security; her advice to current and aspiring CISOs; and how to get your seat at the board table. With her 20 years of experience, Brocaglia shares her ideas on developing business understanding and how to learn leadership skills; why it's important to get out of your "comfort zone" and extend yourself to learn presentation skills; why CISOs must develop relationships and have the "soft skills" and not just technical skills in order to succeed. She also talks about what are some of the "must have" skills for information security officers; the convergence of physical and cyber security departments and why creating alliances between the two is needed; and why women are getting into information security field and are becoming leaders. Joyce Brocaglia is president and CEO of Alta Associates, Inc., a leading executive recruitment firm in the information security industry. Since 1986, the firm has served as a trusted advisor for organizations seeking top industry talent and has played a key role in building corporate information security organizations, developing professional services practices and growing security product start-ups. In 2003, Information Security magazine honored Brocaglia with a "Women of Vision" award naming her one of the 25 most influential women in the information security industry. Also in 2003, Brocaglia founded the Executive Women's Forum on Information Security, Privacy and Risk Management. The EWF is a venue where the most senior women in the security industry gather to share ideas and develop trust-based relationships. In 2005 Brocaglia authored "The Information Security Officer: A New Role for New Threats" in Larstans's "The Black Book on Corporate Security". In 2006 Brocaglia and the Executive Women's Forum partnered with Carnegie Mellon's Cylab to create scholarships for outstanding women to enroll in CMU's Master of Science in Information Security Technology and Management program.

Information Security Media Group hears from Joyce Brocaglia, a leading information security recruiter and her thoughts on how the role of the CISO is evolving in companies and how corporate culture is shifting focus to the "risk strategic" role. Brocaglia discusses the differences between a technically focused CISO and a CISO with a holistic focus; What's driving change in information security; her advice to current and aspiring CISOs; and how to get your seat at the board table. With her 20 years of experience, Brocaglia shares her ideas on developing business understanding and how to learn leadership skills; why it's important to get out of your "comfort zone" and extend yourself to learn presentation skills; why CISOs must develop relationships and have the "soft skills" and not just technical skills in order to succeed. She also talks about what are some of the "must have" skills for information security officers; the convergence of physical and cyber security departments and why creating alliances between the two is needed; and why women are getting into information security field and are becoming leaders. Joyce Brocaglia is president and CEO of Alta Associates, Inc., a leading executive recruitment firm in the information security industry. Since 1986, the firm has served as a trusted advisor for organizations seeking top industry talent and has played a key role in building corporate information security organizations, developing professional services practices and growing security product start-ups. In 2003, Information Security magazine honored Brocaglia with a "Women of Vision" award naming her one of the 25 most influential women in the information security industry. Also in 2003, Brocaglia founded the Executive Women's Forum on Information Security, Privacy and Risk Management. The EWF is a venue where the most senior women in the security industry gather to share ideas and develop trust-based relationships. In 2005 Brocaglia authored "The Information Security Officer: A New Role for New Threats" in Larstans's "The Black Book on Corporate Security". In 2006 Brocaglia and the Executive Women's Forum partnered with Carnegie Mellon's Cylab to create scholarships for outstanding women to enroll in CMU's Master of Science in Information Security Technology and Management program.

Information Security Media Group's podcast series hosts Thomas Smedinghoff, a well known lawyer in the information security and privacy arena. Listen to him explain recent developments in the patchwork of information security laws. Some of the issues Smedinghoff covers include: the general duty of companies to protect data and how it goes beyond personal data; how basic definition of legal standard in regards to information security are beginning to come in focus; laws that impose duty to warn others (including customers) of a data breach. He explains while regulations such as Gramm-Leach Bliley Act and Sarbanes Oxley may catch the headlines, there are many others that include information security duties, including state laws and laws specific to certain industry sectors that you need to know. Smedinghoff also discusses why when making a representation about your data security practices, "Only say what you do, and do what you say" is a good rule to follow. Smedinghoff offers insight into the definition of "reasonable" information security and why risk assessments required under GLBA and FFIEC guidelines are so important to financial institutions. Thomas Smedinghoff is a partner at Chicago's Wildman Harrold law firm. His practice focuses on the new legal issues relating to the developing field of information law and electronic business activities. He is internationally recognized for his leadership in addressing emerging legal issues regarding electronic transactions, information security, and digital signature authentication issues from both a transactional and public policy perspective. He has been retained to structure and implement e-commerce and information security legal infrastructures for the federal government, numerous state governments, and national and international businesses including banks, insurance companies, investment companies, and certification authorities. He also frequently counsels clients on the law relating to first-of-their-kind electronic transactions, information security legal matters, and e-commerce initiatives. At the same time, he has been actively involved in developing legislation and public policy in the area of electronic business at the state, national, and international levels.

Information Security Media Group's podcast series hosts Thomas Smedinghoff, a well known lawyer in the information security and privacy arena. Listen to him explain recent developments in the patchwork of information security laws. Some of the issues Smedinghoff covers include: the general duty of companies to protect data and how it goes beyond personal data; how basic definition of legal standard in regards to information security are beginning to come in focus; laws that impose duty to warn others (including customers) of a data breach. He explains while regulations such as Gramm-Leach Bliley Act and Sarbanes Oxley may catch the headlines, there are many others that include information security duties, including state laws and laws specific to certain industry sectors that you need to know. Smedinghoff also discusses why when making a representation about your data security practices, "Only say what you do, and do what you say" is a good rule to follow. Smedinghoff offers insight into the definition of "reasonable" information security and why risk assessments required under GLBA and FFIEC guidelines are so important to financial institutions. Thomas Smedinghoff is a partner at Chicago's Wildman Harrold law firm. His practice focuses on the new legal issues relating to the developing field of information law and electronic business activities. He is internationally recognized for his leadership in addressing emerging legal issues regarding electronic transactions, information security, and digital signature authentication issues from both a transactional and public policy perspective. He has been retained to structure and implement e-commerce and information security legal infrastructures for the federal government, numerous state governments, and national and international businesses including banks, insurance companies, investment companies, and certification authorities. He also frequently counsels clients on the law relating to first-of-their-kind electronic transactions, information security legal matters, and e-commerce initiatives. At the same time, he has been actively involved in developing legislation and public policy in the area of electronic business at the state, national, and international levels.

Information Security Media Group's podcast series hosts Thomas Smedinghoff, a well known lawyer in the information security and privacy arena. Listen to him explain recent developments in the patchwork of information security laws. Some of the issues Smedinghoff covers include: the general duty of companies to protect data and how it goes beyond personal data; how basic definition of legal standard in regards to information security are beginning to come in focus; laws that impose duty to warn others (including customers) of a data breach. He explains while regulations such as Gramm-Leach Bliley Act and Sarbanes Oxley may catch the headlines, there are many others that include information security duties, including state laws and laws specific to certain industry sectors that you need to know. Smedinghoff also discusses why when making a representation about your data security practices, "Only say what you do, and do what you say" is a good rule to follow. Smedinghoff offers insight into the definition of "reasonable" information security and why risk assessments required under GLBA and FFIEC guidelines are so important to financial institutions. Thomas Smedinghoff is a partner at Chicago's Wildman Harrold law firm. His practice focuses on the new legal issues relating to the developing field of information law and electronic business activities. He is internationally recognized for his leadership in addressing emerging legal issues regarding electronic transactions, information security, and digital signature authentication issues from both a transactional and public policy perspective. He has been retained to structure and implement e-commerce and information security legal infrastructures for the federal government, numerous state governments, and national and international businesses including banks, insurance companies, investment companies, and certification authorities. He also frequently counsels clients on the law relating to first-of-their-kind electronic transactions, information security legal matters, and e-commerce initiatives. At the same time, he has been actively involved in developing legislation and public policy in the area of electronic business at the state, national, and international levels.

Listen to this latest podcast on CUInfoSecurity.com. You'll hear Tom Walsh, CISSP, and a business continuity expert give his insights on the following: - Have the lessons learned from 9-11 been retained? - Why FFIEC has a strong emphasis on testing a Business Continuity Plan - Common mistakes and assumptions made by organizations about BCP - Difference between a regular disaster and a pandemic for a financial institution - What scenarios and timetables institutions should plan for to handle a pandemic > Click here to register for the Business Continuity Best Practices webinar.

Listen to this latest podcast on CUInfoSecurity.com. You'll hear Tom Walsh, CISSP, and a business continuity expert give his insights on the following: - Have the lessons learned from 9-11 been retained? - Why FFIEC has a strong emphasis on testing a Business Continuity Plan - Common mistakes and assumptions made by organizations about BCP - Difference between a regular disaster and a pandemic for a financial institution - What scenarios and timetables institutions should plan for to handle a pandemic > Click here to register for the Business Continuity Best Practices webinar.

Listen to this latest podcast on CUInfoSecurity.com. You'll hear Tom Walsh, CISSP, and a business continuity expert give his insights on the following: - Have the lessons learned from 9-11 been retained? - Why FFIEC has a strong emphasis on testing a Business Continuity Plan - Common mistakes and assumptions made by organizations about BCP - Difference between a regular disaster and a pandemic for a financial institution - What scenarios and timetables institutions should plan for to handle a pandemic > Click here to register for the Business Continuity Best Practices webinar.