Careers Information Security Podcast

Interview with Allan Bachman of the Association of Certified Fraud Examiners The magnitude of fraud schemes has grown - the scale and the losses. But the basics of fraud investigation remain sound. And if there's one thing people should know up front, says Allan Bachman of the Association of Certified Fraud Examiners (ACFE), it's this: "In their initial stages, fraud and stupidity look an awful lot alike." In other words, an investigator who stumbles upon what appears to be just a stupid mistake might want to dig further. Stupidity often ends up being cleverly disguised fraud, Bachman says. In an interview with Editorial Director Tom Field, Bachman discusses: Current fraud trends; When a breach becomes an actual investigation; What it takes to be a fraud examiner today. Bachman, CFE, MBA, is responsible for seminar development and the educational content of all ACFE conferences and online learning. Most recently he worked in Higher Education as director of an audit unit and was project manager on severa

Interview with Prof. Sree Sreenivasan of the Columbia Graduate School of Journalism Social media aren't just coming - they're here. And senior leaders need to understand how to maximize Facebook, LinkedIn, Twitter and other popular sites, as well as how to protect their organizations from very real security risks. In an exclusive interview, Prof. Sree Sreenivasan, Dean of Student Affairs at the Columbia Graduate School of Journalism, discusses: What's most misunderstood about social media; How organizations can benefit most; Ways senior leaders can improve their own professional lives. Sreenivasan is a technology expert and dean of student affairs at the Journalism School, where he teaches in the digital journalism program. He specializes in explaining technology to consumers/readers/viewers/users. For more than eight years, he served as technology reporter for WABC-TV and WNBC-TV in NYC and now occasionally appears on various TV shows to talk tech. For more than six years, he wrote a Web Tips column fo

Genie Laborde and Robert Nolan on How to Help Prevent First Party Fraud Want to know if a prospective loan customer is lying? Watch their eyes. And their breathing. And especially whether they move their lower lip. These are the tips from Robert Nolan, a former mortgage banker, and Genie Laborde, an author and speaker, who have teamed up to offer training for banking institutions looking to reduce first party fraud. In an exclusive interview, Laborde and Nolan discuss: Trends in first party fraud; Why facial expressions are key; What organizations can do now to reduce fraud. Laborde is the author of several books, Influencing with Integrity: Management Skills for Communication and Negotiation(170,000 sold); the follow-up book, Fine Tune Your Brain: When Everything's Going Right and What To Do When It Isn't, and the workbook 90 Days to Communication Excellence. Influencing with Integrity has been translated into French, Spanish, German, and Polish. Her latest is Influencing with Integrity on the Internet

Interview with Gartner's Roberta Witty Organizations have made strides in business continuity/disaster recovery (BC/DR) planning. But BC/DR professionals need to sharpen their business skills to truly protect their organizations. This is the stance taken by Roberta Witty, research VP at Gartner. In an exclusive interview, Witty offers candid insight on: Today's top BC/DR challenges; Where organizations are most vulnerable; What BC/DR professionals need to do to be more effective. Witty is part of the Compliance, Risk and Leadership group within Gartner. Her primary area of focus is business continuity management and disaster recovery. She is the role specialty lead for the Gartner for IT Leaders (GITL) business continuity manager role. She is also a GITL Premier coach for Security and Risk. Prior to joining Gartner, Witty managed the global technology risk management function for the corporate trust business of The Chase Manhattan Bank. In this role, she was responsible for awareness, advisory and compli

Interview with H. Peet Rapp of ISACA's Cloud Work Group Everyone is talking about cloud computing these days - but are they having the right conversations? H. Peet Rapp is an information security auditor who sits on ISACA's Cloud Computing Work Group, and he's co-author of the white paper Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives. In an exclusive interview, Rapp discusses: Cloud computing trends; What's most misunderstood about the cloud; How organizations should proceed with their own cloud deployments. Rapp entered the IT audit/compliance profession in 2003, after publishing the widely read paper "An IT Executive's Overview of the Sarbanes-Oxley Act of 2002." With his firm, Rapp Consulting, he has audited, provided risk assessments and developed IT control frameworks for more than 70 organizations and developed a reduced IT control set for non-accelerated filers.

Interview with Peter Spier of Fortrex Technologies Over the past year or so, since the Heartland Payment Systems breach, we've heard a lot about the Payment Card Industry Data Security Standard (PCI DSS). What does 'PCI compliant' mean? Can a PCI compliant organization be breached? What's the role of the Qualified Security Assessor (QSA)? Peter Spier, Senior Risk Management Consultant with Fortrex Technologies, has written a recent guest blog on PCI compliance, and in an exclusive interview offers insight on: The QSA's role; What's most misunderstood about PCI compliance; How organizations can maximize their compliance efforts. Spier is President of the ISACA Western New York Chapter and a Senior Risk Management Consultant at Fortrex Technologies based in Frederick, Maryland. Peter attained his graduate degree from Syracuse University's School of Information Studies and over the course of 12 years of experience, has earned Certified Information Security Manager (CISM), Certified Information Systems S

Interview with Dawn Cappelli of Carnegie Mellon University's Software Engineering Institute Insider crimes are among the biggest threats to public and private sector organizations. And yet too many groups continue to struggle to prevent or even detect these crimes. In an exclusive interview, Dawn Cappelli of Carnegie Mellon University's Software Engineering Institute, discusses: Insider threat trends; Biggest challenges for organizations looking to prevent crimes; Steps organizations can take to reduce risk. Cappelli is Technical Manager for the Threat and Incident Management Team of the CERT Technical Staff at Carnegie Mellon University's Software Engineering Institute (SEI). She has over 25 years experience in software engineering, including programming, technical project management, information security, and research. She is technical lead of CERT's insider threat research, a CyLab-funded project including the Insider Threat Study conducted jointly by the U.S. Secret Service and CERT. Before joinin

C. Warren Axelrod is a veteran banking/security executive and thought-leader, and in an exclusive interview at the RSA Conference 2010 he discusses top security trends and threats, including: Insider fraud; Application security; Cloud computing. Axelrod is currently executive advisor for the Financial Services Technology Consortium. Previously, he was a director of Pershing LLC, a BNY Securities Group Co., where he was responsible for global information security. He has been a senior information technology manager on Wall Street for more than 25 years, has contributed to numerous conferences and seminars, and has published extensively. He holds a Ph.D. in managerial economics from Cornell University, and a B.Sc. in electrical engineering and an M.A. in economics and statistics from Glasgow University. He is certified as a CISSP and CISM.

Education and training are two of the key priorities of information security professionals and organizations in 2010. And professional certifications are at the heart of that training. What's new in information security certifications? In an exclusive interview at RSA Conference 2010, W. Hord Tipton, Executive Director of (ISC)², discusses: Training trends; What's new from (ISC)2; Insight into new research on the profession. Tipton is the executive director for (ISC)², the global leader in educating and certifying information security professionals throughout their careers. Tipton previously served as president and chief executive officer of Ironman Technologies, where his clients included IBM, Perot Systems, EDS, Booz Allen Hamilton, ESRI, and Symantec. Before founding his own business, he served for five years as Chief Information Officer for the U.S. Department of the Interior.

From RSA 2010: Interview with Bob Russo, GM of the PCI Security Standards Council How will the Payment Card Industry Data Security Standard (PCI DSS) be amended, and when? These are the key questions in payments security, and Bob Russo, GM of the PCI Security Standards Council, is prepared to start answering them. In an exclusive interview conducted at RSA Conference 2010, Russo discusses: Key questions about PCI; Potential solutions to enhance payments security; Timeline for the release of the next PCI standard. Russo brings more than 25 years of high-tech business management, operations and security experience to his role as the general manager of the PCI Security Standards Council. Russo guides the organization through its crucial charter, which is focused on improving data security standards for merchants, banks and other key stakeholders involved in the global payment card transaction process. To fulfill this role, Russo works with representatives from American Express, Discover Financial, JCB, Mas

Richard Chambers, President of the Institute of Internal Auditors (IIA) has three words of advice for organizations, executives and auditors looking to improve the role of internal audit: "Follow the risk." In an exclusive interview, Chambers discusses: Impact of the economic recession on internal audit; How the role has evolved because of recent times; Advice for organizations, executive and auditors to further maximize the role. Chambers began his career in 1976 with the U.S. General Accounting Office, where he first became an internal auditor. He firmly established himself in government internal auditing and was named Worldwide Director of Internal Review for the United States Army in 1993. He later served as Deputy Inspector General for the United States Postal Service and Inspector General for The Tennessee Valley Authority. In 2001, Chambers joined The IIA staff as vice president, Learning Center. After a brief tenure as "acting president," he left The IIA in 2004 to join PricewaterhouseCoopers,

Joe Bernik, a banking and security veteran, has recently joined Fifth Third Bank as its new CISO. Among his challenges: preventing external attacks and building better internal relationships with business partners. In an exclusive interview, Bernik discusses: The evolution of information security and risk management in banking; The challenge of intrusion prevention; Strategies for identity access management. Bernik is a risk professional with 15 years of experience in information security. He has developed risk management practices, procedures and standards for several Fortune 100 companies including several global banking organizations. He was formerly Director of Operational Risk at the Royal Bank of Scotland and CISO of ABN AMRO and its subsidiary, LaSalle Bank. He has a bachelor's degree from the University of Mary Washington and completed graduate work at the City University of New York.

From blogs to wikis, Facebook to Twitter, social media have taken over the workplace. But how do security leaders manage social media before all these new tools and technologies become unmanageable? Jerry Mechling is a prominent author and lecturer at the Harvard Kennedy School, and in an exclusive interview he discusses: Social media's impact on public and private entities; The inherent security and risk management challenges; How organizations should begin to unlock social media's potential. Mechling, Lecturer in Public Policy at the Harvard Kennedy School of Government, is Founder of the Leadership for a Networked World Program and the Harvard Policy Group on Network-Enabled Services and Government. He is also a Research Vice President of Gartner. His studies focus on the impacts of information and digital technologies on individual, organizational, and societal issues. He consults on these and other topics with public and private organizations locally and internationally. He is primary author of E

What must financial institutions do to improve security education? Identity theft expert Robert Siciliano shares his thoughts on the need to change the mindset of financial institutions when it comes to educating their customers about identity theft and security issues. Among the topics he discusses: Why "old school" approaches to security education must change; How "Soccer Moms" are now becoming "Security Moms"; Why security education must come from the financial institutions. Siciliano has 29 years of experience in the business world and has been involved in information security, personal security and identity theft issues since the early 1990s. He has presented hundreds of security presentations to businesses including GMAC, the National Association of Realtors, Dominos Pizza, United Bankers Bank, Conference of State Bank Supervisors, along with numerous state banking associations, among others. He is also a certified security instructor for numerous industry associations.

Increasingly, digital forensics is an important element of an information security program for organizations of all types and sizes. But where can security leaders find qualified forensics professionals? How can these professionals obtain the skills and expertise they need to be successful? Rob Lee of Mandiant and SANS Institute discusses forensics careers, focusing on: Hot trends of 2010; Questions hiring managers must ask; Growth opportunities for qualified pros. Lee, a director with Mandiant and curriculum lead for digital forensic training at SANS Institute, has more than 13 years experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on Information Operations. Later, he was a member of the Air Force Office of Special Investigations where he

Dena Haritos Tsamitis has an ambitious goal for the year: to improve cyber awareness among 10 million people globally. The Director of Education, Training and Outreach at Carnegie Mellon University's CyLab, Dena discusses: The cyber awareness challenge among people of all ages; Effective techniques for improving awareness; How organizations can improve and maximize their own efforts. Dena oversees education, training and outreach for Carnegie Mellon CyLab, the university's cybersecurity research center. She leads the MySecureCyberspace initiative to raise "cyber awareness" in Internet users of all ages through a portal, game and curriculum. She guides the education initiatives of the NSF Situational Awareness for Everyone center, which explores ways to improve computer defenses by incorporating models of human, computer and attack interactions into the defenses themselves. Also through CyLab, she serves as Principle Investigator on two NSF-funded programs: the Scholarship for Service (SFS) program and t

When it comes to enterprise security, an organization gets its tone from the top - even when the tone is set accidentally. How do you set the right tone? That's the topic of the new book from former CISO Jennifer Bayuk: "Enterprise Security for the Executive: Setting the Tone from the Top." In an interview about her book, Bayuk discusses: The key audience she wants to reach; The main message for enterprise leaders; Today's top enterprise security challenges and how leaders should tackle them. Bayuk is an independent consultant on topics of information confidentiality, integrity and availability. She is engaged in a wide variety of industries with projects ranging from oversight policy and metrics to technical architecture and requirements. She has a wide variety of experience in virtually every aspect of the Information Security. She was a Chief Information Security Officer, a Security Architect, a Manager of Information Systems Internal Audit, a Big 4 Security Principal Consultant and Auditor, and a Se

Career Insights from Srinvivas Mukkamala of New Mexico Tech. Education, skills, experience - what exactly does it take to make it in an information security career today? Srinivas Mukkamala, an educator and practitioner, offers unique insight on: The necessary mindset for an information security professional; What are the baseline skills? How to keep skills sharp. Mukkamala, one of CAaNES' owners and its interim-Director of Operations, is a senior research scientist with ICASA (Institute for Complex Additive Systems Analysis, a statutory research division of New Mexico Tech performing work on information technology, information assurance, and analysis and protection of critical infrastructures as complex interdependent systems) and Adjunct Faculty of the Computer Science Department of New Mexico Tech. He leads a team of information assurance (IA) "first responders" who are deployed at the request of various government agencies and financial institutions around the state of New Mexico to perform vulnerab

With Howard Schmidt's appointment as national cybersecurity coordinator, his role as president of the Information Systems Security Association (ISSA) has been filled by Kevin Richards, a risk management advisor with Crowe Horwath. In an exclusive interview, Richards discusses: Top agenda items for ISSA in 2010; Biggest information security threats; Best opportunities for information security professionals. Richards has served on the ISSA International Board since 2003, initially in a global chapter relations capacity and then as the international vice president since 2007. A past president of the Chicago ISSA Chapter, Richards is an information security and risk management advisor for Crowe Horwath with more than 18 years of experience in information security, business continuity and enterprise risk management. His expertise ranges from risk analysis and program design to information security and business continuity program development and leading practices.

Risk management today - it's less about pure technology, more about business acumen and pure communication skills. This is the position of Kenneth Newman, VP & Information Security Manager at Central Pacific Bank. In an interview about top risk management trends, Newman discusses: Scope of the risk management job in banking institutions today; Biggest challenges to getting the job done right; Necessarily skills for successful risk managers. Newman joined Central Pacific Bank as Vice President & Information Security Manager in February 2009. He oversees the bank's information security program and the protection of its information assets. Prior to joining CPB, Mr. Newman served as First Vice President & Online Risk Manager for Washington Mutual (WaMu) and has managed various global and regional security and risk functions for Deutsche Bank and Citigroup in New York. Central Pacific Bank is the main subsidiary of Central Pacific Financial Corp., a Hawaii based financial institution with $5.2 billion in ass