Careers Information Security Podcast

Risk management is a common theme across and within businesses, and at North Carolina State University the Enterprise Risk Management (ERM) program is attracting notice from prospective employers and students alike. Mark Beasley, head of the school's ERM initiative, discusses: What makes the program unique; The types of students entering and graduated from the initiative; How to approach a career in ERM. Beasley is the Deloitte Professor of Enterprise Risk Management at the College of Management at North Carolina State University in Raleigh, North Carolina. The Enterprise Risk Management (ERM) Initiative at NC State provides thought leadership about ERM practices and their integration with strategy and corporate governance. As founding director, Dr. Beasley leads the ERM Initiative's efforts to help pioneer the development of this emergent discipline through outreach to business professionals, with its ongoing ERM Roundtable Series and ERM Executive Education for boards and senior executives; research, a

Audit and enterprise risk - they're inextricably linked. As cyber threats grow - from the inside and out - require organizations and their regulators to pay closer attention to technology and information security. What are some of the key audit and risk trends to track? David Melnick of Deloitte answers that question in an interview focusing on: Top challenges for financial institutions and government agencies; Successful strategies being deployed to mitigate threats; Trends organizations should track as they eye 2010. Melnick is a principal in security and privacy services within the audit and enterprise risk services practice in the Los Angeles office of Deloitte and brings more than 17 years of experience designing, developing, managing and auditing large scale secure technology infrastructure. Melnick has authored several technology books and is a frequent speaker on the topics of security and electronic commerce.

With the Obama administration's focus on cybersecurity, this is a good time to start or move into an information security career. And Regis University in Colorado is one institution offering state-of-the-art education for undergraduates and graduates alike. In an exclusive interview, Daniel Likarish, faculty of the Regis University School of Computer & Info Sciences, discusses: The information security programs at Regis University; The unique types of students enrolled in these programs; Job placement and opportunities in business and government. Regis University, with nearly 16,000 students, comprises Regis College, College for Professional Studies and Rueckert-Hartman College for Health Professions. The University is recognized by U. S. News & World Report as a Top School in the West and is one of 28 Catholic Jesuit colleges and universities throughout the United States. Regis University is located at 3333 Lowell Blvd. at 50th Street in north Denver. In addition to its north Denver Lowell campus, the U

On Thursday, the World Health Organization declared the H1N1 virus to be the first global pandemic in over 40 years. In an exclusive interview, pandemic expert Regina Phelps explains exactly what this means, discussing: How organizations should respond to this announcement; Lessons learned so far from the H1N1 experience; What to expect - and how to respond - in the coming weeks. Phelps is an internationally recognized expert in the field of emergency management and continuity planning. With over 26 years of experience, she has provided consultation and educational speaking services to clients in four continents. She is founder of Emergency Management & Safety Solutions, a consulting company specializing in emergency management, continuity planning and safety.

From the president on down, the nation has a renewed focus on cybersecurity. Nadia Short of General Dynamics, a major government/defense contractor, discusses: The types of cybersecurity positions GD is filling; Requirements for qualified personnel; Potential career paths in cybersecurity. Nadia D. Short is vice president of strategy & business development at General Dynamics Advanced Information Systems. In this role, she is responsible for strategic planning, business development, international business, marketing and public relations, and customer and corporate relations.

Steve Katz was the world's first CISO, and he has unique insight on the information security profession - how it's developed and where it's headed. In an exclusive interview, Katz discusses: How the information security role has evolved; Which trends are changing the role; The skillsets necessary for today's security professionals to succeed tomorrow. Katz is a prominent figure in the network security discipline. Since 1985, he has served as the senior security executive for Citibank/Citigroup, JP Morgan, and most recently Merrill Lynch - and has been a force in raising the visibility and shaping the direction of the security industry at industry and government levels. Deeply respected within both the financial services and security industries, Katz has testified to Congress on information security issues and was appointed as the Financial Services Sector Coordinator for Critical Infrastructure Protection by the Secretary of the Treasury. Other credentials include: Founder and Chairman of the Financial

Hard times have taken a toll everywhere - even when it comes to internal audit practices at financial institutions. Yet, in the wake of security breaches and questionable business practices at some financial institutions, federal regulators are cracking down on auditors. In an exclusive interview, Holly Kidder, a director of the Institute if Internal Auditors, discusses: The state of internal auditing at banking institutions; How the practices has been impacted by the recession; Programs/services offered by the IIA to help member organizations. Kidder has almost 15 years of experience within the field of internal auditing as well as practical knowledge in the financial services industry, having worked in various roles from teller to Vice President. She is currently a Technical Director within Standards and Guidance at The Institute of Internal Auditors (IIA) Global Headquarters. The IIA, established in 1941, is an international professional association of more than 160,000 members in 165 countries with

There are more opportunities than ever for skilled information security professionals. This is the belief of Gerald Masson, Director of Johns Hopkins University Information Security Institute, and in an exclusive interview he discusses: Job prospects for information security professionals in the public and private sectors; Growing opportunities in the healthcare field; What students need to know if they're either starting or re-starting their careers. Masson received his PhD from Northwestern University in 1971. He has developed and taught numerous graduate and undergraduate courses addressing various aspects of the field of computer networking and systems architecture. He has published over 150 technical papers, co-authored two books and is an inventor on six patents. His research addresses a range of issues dealing with the foundations and implementations of distributed systems regarding issues such as survivability, real-time performance monitoring techniques, and security mechanisms used for networ

As the swine flu outbreak triggers new fears of a global pandemic, security organizations must dust off and review their emergency management plans. For insight on how to prepare for swine flu, pandemic expert Regina Phelps offers expert insight on: What you need to know about swine flu; How your organization should respond - internally and with customers; Where and what to watch for updates over the coming days. Regina Phelps is an internationally recognized expert in the field of emergency management and continuity planning. With over 26 years of experience, she has provided consultation and educational speaking services to clients in four continents. She is founder of Emergency Management & Safety Solutions, a consulting company specializing in emergency management, continuity planning and safety. Resources Swine Flu Update Swine Flu FAQ

To this point, information security professionals have been generalists. Going forward, they'll have to be specialists. At least this is the opinion of John Rossi, professor of systems management/information assurance. In an exclusive interview on the future of the information security profession, Rossi discusses: Why information security is headed toward specialization; The new capacities security professionals must develop; How academic institutions and industry groups must change how they educate security pros. Rossi is a Professor of Systems Management/Information Assurance in the Information Operations and Assurance Department at the National Defense University (NDU) Information Resources Management College (IRMC). Prior to joining the NDU/IRMC faculty, he was a computer scientist for information security, research, and training with the U.S. Federal Aviation Administration Headquarters. He was Security Division Manager of the U.S. Department of Energy's Nuclear Weapons Production Security Assess

It's a simple proposition for successful applicants to the Scholarship for Service (SFS) Program: Get your information security education paid for, and then come work for the U.S. government. "It's one of the most generous scholarships I've ever seen," says Victor Piotrowski, Lead Program Director of SFS for the National Science Foundation. In an exclusive interview, Piotrowski discusses: The origins of SFS; How students can apply; Where graduates are finding jobs. Before joining NSF, Piotrowski served as a Professor and Chair of the Computer Science Department at the University of Wisconsin. He previously held faculty positions at the North Dakota State University and at the Institute of Informatics in Poland. He has a 10-year experience in research, teaching and consulting in Information Assurance (IA) and holds several IA certifications including Certified Information Systems Security Professional and SANS Institute GIAC Incident Handler. He also serves on the SANS GIAC advisory board.

From the Heartland data breach to the new Massachusetts data protection law, privacy is the hot topic in business and government. In an exclusive interview, Peter Kosmala, assistant director of the International Association of Privacy Professionals (IAPP), discusses: The top privacy topics in business and government; How organizations are tackling these issues; The potential impact of state and federal privacy legislation; The value of the Certified Information Privacy Professional (CIPP) credential. Kosmala oversees product management for the IAPP with specific oversight of distance learning products, privacy certifications and industry awards programs. He also manages business development efforts between the IAPP and peer organizations in the information security, information auditing and legal compliance arenas as well as organizations based in the Asia-Pacific region. The IAPP, based in York, Maine, was founded in 2000 with a mission to define, promote and improve the privacy profession globally.

Activity at the State Level Points Toward a Federal Data Breach Notification Law Data privacy legislation -- the trend started in California and is being discussed heatedly in Massachusetts today. Data breach notification and privacy laws have now been enacted in 40 separate states, and government observers think we're close to seeing federal legislation proposed. In an exclusive interview, Randy Sabett, a noted privacy/information security attorney, discusses: Trends in state data privacy legislation; What these laws mean to businesses; The Obama Administration's approach to data privacy; Trends to keep an eye on throughout 2009. Randy V. Sabett, CISSP, is a partner in the Washington, D.C. office of Sonnenschein Nath & Rosenthal LLP, where he is a member of the Internet, Communications & Data Protection Practice. He counsels clients on information security, privacy, IT licensing, and patents, dealing with such issues as Public Key Infrastructure (PKI), digital and electronic signatures, federated iden

Because of the economic conditions, risks to organizations - from the inside and out - are at a critical high. Risk managers at public and private organizations are forced to make careful decisions on how to invest scarce resources. In an exclusive interview, Joe Restoule, President of the Risk and Insurance Management Society (RIMS), discusses: The top risk management issues of 2009; How risk managers should focus their available resources; Advice for professionals looking to start a career in risk management. Restoule currently serves as RIMS president. He has served on RIMS board since 2001 in various capacities, including vice president and secretary. RIMS is a not-for-profit organization dedicated to advancing the practice of risk management. Founded in 1950, RIMS represents more than 4,000 industrial, service, nonprofit, charitable and governmental entities. The Society serves more than 10,500 risk management professionals around the world.

Despite the recession and record job losses, information security remains a top concern for public and private sector organizations. But what can security professionals do to protect their careers and be considered for these jobs? In an exclusive interview, Pat Myers, chair of (ISC)2, discusses: Top security and risk management issues facing organizations; How security professionals can protect and invest in their careers; Advice for people looking to either start or move into an information security career. An (ISC)² Board member since 1999, Myers has more than 23 years experience in all facets of information security, working extensively in financial services for such companies as Charles Schwab, Inc., Wells Fargo Bank, American Express, and Williams-Sonoma, Inc. She was previously a Director with RedSiren and was "CyberDean" of their Information Security University.

We all know the risk of the insider threat is high, but what are the specific vulnerabilities for which organizations should be particularly vigilant? In an exclusive interview, Randy Trzeciak of Carnegie Mellon's CERT program discusses recent insider threat research, including: Patterns and trends of insider crimes; Motives and means displayed in real insider cases; What employers and staffs can do to prevent and detect crimes. Trzeciak is currently a Senior Member of the Technical Staff for the Threat and Incident Management Team in the CERT Program at Carnegie Mellon University's Software Engineering Institute. He is a member of a team in CERT focusing on insider threat research, including insider threat studies being conducted with the US Secret Service National Threat Assessment Center, DOD's Personnel Security Research Center (PERSEREC), and Carnegie Mellon's CyLab.

Fearful of man-made, natural and pandemic disasters, organizations everywhere are adopting or improving business continuity/disaster recovery programs. And at Norwich University, there now is a Master's of Science in Business Continuity program for mid-career professionals to hone their skills in this in-demand area. In an exclusive interview, John Orlando, MSBC Program Director at Norwich University, talks about the school's Master's of Science in Business Continuity, discussing: What's unique about this program; Requirements for students entering the program; How the MSBC will evolve to meet industry/government needs.

It's become a cliché: Information security professionals need to get closer to the business. Now it's also a Master's degree program in which instructors base their whole curriculum on helping security professionals get closer to - and rise higher in the ranks of - their companies and agencies. In an exclusive interview, John Orlando, MSBC Program Director at Norwich University, talks about the school's Masters of Science in Information Assurance, discussing: What's unique about this program; Requirements for students entering the program; How the MSIA helps security professionals advance their careers.

Higher education hasn't been immune to the ravages of the recession economy. Scholarships and tuition reimbursements are tougher for students to come by, and career opportunities have diminished. That said, job opportunities for information security students abound - in both the private and public sectors. In an exclusive interview, Dr. Peter Stephenson, CISO at Norwich University, discusses: His school's graduate and undergraduate security programs; How Norwich is preparing students for careers in information security; Ways that businesses and government agencies can collaborate with educational institutions to better prepare students for productive careers. Stephenson is a writer, consultant, researcher and lecturer on information assurance and risk, digital investigation and forensics on large-scale computer networks. He has lectured extensively on digital investigation and security and has written or contributed to 14 books and several hundred articles, in major national and international trade,

Regulatory compliance is the backbone of a financial institution's information security program. But compliance alone isn't enough, says John Pironti of ISACA's Education Board, who advises institutions to take a risk-based, not a "checklist-based" approach to security. In an exclusive interview, Pironti discusses: The risks of 'Security by Compliance'; Top risk management/compliance issues of 2009; What will be the most in-demand skills and job opportunities for information security professionals. In addition to his role with ISACA, Pironti is currently the Chief Information Risk Strategist for CompuCom. He has designed and implemented enterprise wide electronic business solutions, information security programs, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, government, hospitality, aerospace and information technology on a global scale. Pironti has a number of industry certifications including Certified in the Governance of Ente