Careers Information Security Podcast

Career Insights from Srinvivas Mukkamala of New Mexico Tech. Education, skills, experience - what exactly does it take to make it in an information security career today? Srinivas Mukkamala, an educator and practitioner, offers unique insight on: The necessary mindset for an information security professional; What are the baseline skills? How to keep skills sharp. Mukkamala, one of CAaNES' owners and its interim-Director of Operations, is a senior research scientist with ICASA (Institute for Complex Additive Systems Analysis, a statutory research division of New Mexico Tech performing work on information technology, information assurance, and analysis and protection of critical infrastructures as complex interdependent systems) and Adjunct Faculty of the Computer Science Department of New Mexico Tech. He leads a team of information assurance (IA) "first responders" who are deployed at the request of various government agencies and financial institutions around the state of New Mexico to perform vulnerab

With Howard Schmidt's appointment as national cybersecurity coordinator, his role as president of the Information Systems Security Association (ISSA) has been filled by Kevin Richards, a risk management advisor with Crowe Horwath. In an exclusive interview, Richards discusses: Top agenda items for ISSA in 2010; Biggest information security threats; Best opportunities for information security professionals. Richards has served on the ISSA International Board since 2003, initially in a global chapter relations capacity and then as the international vice president since 2007. A past president of the Chicago ISSA Chapter, Richards is an information security and risk management advisor for Crowe Horwath with more than 18 years of experience in information security, business continuity and enterprise risk management. His expertise ranges from risk analysis and program design to information security and business continuity program development and leading practices.

Risk management today - it's less about pure technology, more about business acumen and pure communication skills. This is the position of Kenneth Newman, VP & Information Security Manager at Central Pacific Bank. In an interview about top risk management trends, Newman discusses: Scope of the risk management job in banking institutions today; Biggest challenges to getting the job done right; Necessarily skills for successful risk managers. Newman joined Central Pacific Bank as Vice President & Information Security Manager in February 2009. He oversees the bank's information security program and the protection of its information assets. Prior to joining CPB, Mr. Newman served as First Vice President & Online Risk Manager for Washington Mutual (WaMu) and has managed various global and regional security and risk functions for Deutsche Bank and Citigroup in New York. Central Pacific Bank is the main subsidiary of Central Pacific Financial Corp., a Hawaii based financial institution with $5.2 billion in ass

Credit reports, social networks and international background checks - these are three of the hottest topics in employment background screening, according to Employment Screening Resources (ESR), a CA-based firm. In an exclusive interview, Lester Rosen, President and CEO of ESR, discusses: The top 10 trends in background screening in 2010; Specific challenges for information security leaders; How to improve your organization's background screening process. Rosen, a retired attorney, founded ESR in 1996. In 2003, that firm was rated as the top screening firm in the US in the first independent study of the industry in research report prepared by the Intellectual Capital Group, a division of HR.com. He is a consultant, writer and frequent presenter nationwide on pre-employment screening and safe hiring issues. His speaking appearances have included numerous national and statewide conferences. He has qualified and testified in the California, Florida and Arkansas Superior Court as an employment screening e

Interview with Lydia Parnes, Former Director of the FTC's Bureau of Consumer Protection Privacy, data security and consumer protection - three of the top concerns to organizations everywhere. And they are three of the topics nearest and dearest to Lydia Parnes, former director of the Federal Trade Commission's (FTC) Bureau of Consumer Protection. Now a partner in the Washington, D.C. office of Wilson Sonsini Goodrich & Rosati, Parnes works with organizations to ensure their privacy and security policies. In an exclusive interview, Parnes discusses: Current trends in privacy, data security and consumer protection; The greatest challenges to organizations entrusted with ensuring these protective measures; How the public and private sectors are likely to work together to tackle these challenges this year. Parnes' current practice focuses on privacy, data security, Internet advertising, and general advertising and marketing practices. The former director of the Bureau of Consumer Protection (BCP) at the

Information security is the hot career option for professionals in 2010 and beyond. This is the prediction of David Foote of Foote Partners, the FL-based consultancy that tracks IT skills and competencies. In a look ahead at 2010 and beyond, Foote discusses: the security careers "bubble" and how it began; the wave that has driven the surge in security jobs; predictions for 2010-2012. Foote has long been one of the nation's leading industry analysts tracking, analyzing and reporting on IT workforce management and compensation practices, trends and issues. His columns, articles and contributions appear regularly in dozens of publications. As Foote Partners' CEO and Chief Research Officer since 1997, David leads a senior team of experienced former McKinsey & Company, Gartner, META Group, and Towers Perrin analysts and consultants, and former HR, IT, and business executives, in advising governments and corporations worldwide on increasing performance and managing IT's impact on their businesses and custome

Marcus Ranum has a unique take on the biggest information security threats to organizations and individuals. A renowned expert in secure systems and design, Ranum, currently the CSO of Tenable Network Security, offers a new look at topics such as the risks of cloud computing and what he calls the myth of cyber warfare. In an exclusive interview, Ranum discusses: The biggest security concerns of 2010; Which threats get the least attention; Why penetration testing is often a waste. Ranum, since the late 1980s, has designed a number of groundbreaking security products including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall and NFR's Network Flight Recorder intrusion detection system. He has been involved in every level of operations of a security product business, from developer, to founder and CEO of NFR. Marcus has served as a consultant to many FORTUNE 500 firms and national governments, as well as serving as a guest lecturer and instructor at numerous high-tech conferences. In 2001, h

What's ahead for information security professionals in 2010? Barbara Massa, VP of Global Talent Acquisition at McAfee, Inc. speaks to the results of the new Information Security Today Career Trends Survey, discussing: How the results speak to the maturity of the information security profession; The survey's message to CISOs; The value of recruitment and retention in the year ahead. Massa joined McAfee in June, 2009. For the 10 years prior to joining McAfee, Barbara led the Talent Acquisition function at EMC and Documentum respectively (Documentum was acquired by EMC in December of 2003.) Barbara's prior work includes leadership positions in the recruiting organization at Cadence Design Systems and at an external recruiting firm.

Business risks have grown in size and complexity in 2009. How, then, must risk management evolve to meet the challenges of 2010? James Pajakowski, EVP of Global Risk Solutions with Protiviti, shares his insight on: The risk management trends for 2010; How information security professionals must meet the new challenges; What's most misunderstood about risk management today. Pajakowski oversees the delivery of Protiviti's services in the areas of finance and transactions, operations, technology, litigation, governance, risk, and compliance. He previously served as managing director and head of the Business Risk practice. He also was one of five founding members of the Protiviti Operating Committee, which was responsible for establishing Protiviti's vision and strategy and overseeing financial and administrative matters during the company's first five years. Prior to Protiviti, Pajakowski was a partner with Arthur Andersen, where he started his career in 1982. He has more than 25 years of professional serv

In terms of information security, what is the state of auditing as we end 2009 - and what are the trends foreseen for 2010? Warren Stippich Jr., Practice Leader of the Chicago Business Advisory Services Group of Grant Thornton LLP, discusses: Audit trends; Where organizations are most vulnerable; How audit practices can be improved. Stippich has over 18 years experience working with multi-national, entrepreneurial, and high-growth companies. He brings experience to the business risk consulting and internal audit services areas from both the public accounting firm and industry perspectives. He leads many Sarbanes- Oxley consulting and internal audit services projects for a wide-array of publicly traded businesses with international operations. He has worked extensively with international internal audit, Sarbanes-Oxley and business consulting assignments in Europe, China, Southeast Asia, Central and South America and Canada

No question, the information security professional's role has evolved in recent years. How, then, has the need for ongoing professional education also changed? And what role must risk management play in today's security organization? In an exclusive interview, Mark Lobel of PricewaterhouseCoopers and ISACA, discusses: The role of professional education in information security; The evolution of risk management; How organizations and professionals must respond to the challenges of 2010. Lobel, CISA, CISM, CISSP, is a member of ISACA's Security Management Committee. He has over 25 years business experience, with the first eight in the Entertainment and Media industry and then, after his MBA, with PricewaterhouseCoopers. He is an internationally recognized security and controls professional with experience designing, benchmarking and assessing organizational security strategies and technologies. He is experienced at designing, assessing, implementing and penetration testing enterprise security. Lobel

We've experienced two waves of the H1N1 pandemic. What lessons have we learned? Sue Kerr, President of Continuity First, a business continuity/disaster recovery consultancy, talks about how organizations have handled H1N1. She also discusses: the state of BC/DR; Challenges facing organizations today; 2010 trends and career opportunities. Kerr is also the president of the Old Dominion Association of Contingency Planners, Education Director for the National Association of Contingency Planners and a previous member of the Disaster Recovery Journal Editorial Advisory Board. She has been active in setting standards for the industry as well as training others. She has spoken at various conferences and has done training for corporations, governmental organizations as well as the community. She has been published in industry journals and has been interviewed multiple occasions as a subject matter expert. She is a Certified Business Continuity Professional through the Disaster Recovery Institute. In addition

Interview with Kent Anderson of Encurve LLC Cybersecurity, forensics, risk management -- what will be the core security skills needed in organizations in 2010? In an exclusive interview, Kent Anderson, founder and managing director of Encurve LLC, as well as a member of ISACA's Security Management Committee, discusses: The core security skills now needed by organizations; How these skills are acquired today; Ways security professionals can take charge of their own development. Anderson is considered a leading authority on security, with more than 22 years of experience in the field. He has held positions as SVP of IT Security and Investigations with an international business risk consultancy, as Director in the Dispute Analysis & Investigations group of PricewaterhouseCoopers, and as the European Information Security Manager for Digital Equipment Corp.

What have been the biggest privacy issues of 2009, and what emerging trends should you watch heading into 2010? We posed these questions to J. Trevor Hughes, Executive Director of the International Association of Privacy Professionals (IAPP). In an exclusive interview, Hughes discusses: The role of the IAPP; Key legislation in the U.S. and internationally; Where organizations need to improve privacy protection. Hughes is an attorney specializing in e-commerce, privacy and technology law. In his role as Executive Director of the IAPP, Hughes leads the world's largest association of privacy professionals. Hughes has provided testimony before the U.S. Congress Commerce Committee, the U.S. Senate Commerce Committee, the U.S. Federal Trade Commission, and the EU Parliament on issues of privacy and data protection, spam prevention and privacy-sensitive technologies. He is a member of the first class of Certified Information Privacy Professionals (CIPPs) and is co-author (with D. Reed Freeman, Jr.) of "Pri

It's time for information security professionals to give back to their communities - to reach out and educate businesses, schools and citizens about cybersecurity and other relevant issues. This is the message from John Rossi, professor of systems management/information assurance at National Defense University. In an exclusive interview, Rossi discusses: Why security professionals should practice outreach; Potential venues for public speaking How to get started. Rossi is a Professor of Systems Management/Information Assurance in the Information Operations and Assurance Department at the National Defense University (NDU) Information Resources Management College (IRMC). Prior to joining the NDU/IRMC faculty, he was a computer scientist for information security, research, and training with the U.S. Federal Aviation Administration Headquarters. He was Security Division Manager of the U.S. Department of Energy's Nuclear Weapons Production Security Assessments Program and National Program Manager for Computer

Government and business must think creatively to help safeguard America's digital assets, says Melissa Hathaway, the former White House acting senior director for cybersecurity who led President Obama's 60-day cybersecurity policy review. Hathaway, an interview with GovInfoSecurity.com, cited the innovative coupling of cell phone and global positioning technologies to authenticate a user withdrawing money from an ATM or making a credit card purchase. With the cell phone turned on, a GPS can verify that the consumer is where the transaction takes place. "That's not what cell phones were originally designed for, but I thought it was a creative solution on how to defeat the fraud or at least make it much more complicated for the criminal or thieves to take our information or take our personal data," Hathaway said in a conversation with Eric Chabrow, GovInfoSecurity.com managing editor. In the first of the two-part interview, Hathaway also discussed: The critical posture of cybersecurity in the United States

Tough times require "softer" leaders. This is the perspective of careers coach Heidi Kraft, who says that today's senior leaders need to focus more on emotional intelligence and other "soft" qualities to be able to better recruit and retain quality employees. In an exclusive interview, Kraft discusses: Which "soft" skills are most important; How managers and employees alike can change a culture to embrace these skills; Where to start to develop and nurture "softer" leaders. Kraft is a Leadership and Career coach and founder of Kraft Your Success Coaching and Consulting. Prior to launching her business, she spent 17 years on the agency side of the advertising industry, including a stint as SVP Media Director at Boston-based Hill Holliday, developing and implementing media strategies for high-profile clients such as Microsoft, Intel, Intuit, Siebel Systems, 24 Hour Fitness and Harley-Davidson. She holds a CPCC (Certified Professional Coactive Coach) and is a graduate of the Coaches Training Institute

Interview with Kevin Sanchez-Cherry, IT Security Specialist What does it take for an information security professional to make it into the United States Secret Service? We asked Kevin Sanchez-Cherry, IT Security Specialist within the agency's Information Security Operations. In this exclusive interview, Sanchez-Cherry discusses: Types of Secret Service careers available to security professionals; What to expect during the hiring process; Myths and realities of a job in the Secret Service. Sanchez-Cherry is an IT Security Specialist for the United States Secret Service's Information Security Operations sub-division and is responsible for leading the Secret Service's Certification and Accreditation (C&A) Program and Information Systems Security Officer (ISSO) Program. He also assists in the management of the enterprise Information Assurance (IA) Program for the Secret Service. Prior to joining the Secret Service in 2006, Mr. Sanchez-Cherry served two years as Principal Security Specialist with the Dep

Malware, Consumer Technology, Social Networks Head the List of Vulnerabilities Know what scares security expert John Pescatore the most? The image of a remote employee sitting at a home office or public setting, plugging into an unsecured network, accessing critical business data via a personal laptop or PDA. Organizations have never had so many security risks in so many remote locations, says Pescatore, VP and Distinguished Analyst with Gartner, Inc. Mitigating these risks will be among the primary challenges for information security leaders in 2010. In a discussion of security trends, Pescatore offers insight on: Emerging threats; Emerging solutions; The role of education and training to help meet security needs. Pescatore has 31 years of experience in computer, network and information security. Prior to joining Gartner, he was senior consultant for Entrust Technologies and Trusted Information Systems, where he started and managed security consulting groups. His previous experience includes 11 year

Interview with Pete Fahrenthold of Continental Airlines, RIMS Enterprise Risk Management (ERM) is a topic of interest throughout an organization - and increasingly at the board of director level. But how does a security leader engage the board on ERM - and keep it engaged? Pete Fahrenthold of Continental Airlines and RIMS discusses: The top current ERM issues; How to engage the board - what works, what doesn't? How to measure the ongoing engagement of the board. Fahrenthold is the Managing Director of Risk Management and the ERM Team Leader for Continental Airlines. He has over 20 years of risk management experience. Prior to entering the risk management field, he worked in public accounting and in various corporate functions including financial reporting, treasury operations, and employee benefits management. He is currently the Vice Chair of the RIMS ERM Development Committee, and he is the Chair of the AFP Risk Newsletter Editorial Advisory Board.