About the Contributors
Wendy Adams Carr currently works for the U.S. Army Corps of Engineers as a member of the Computer Incident Response Team (CIRT). Prior to this she performed as an Information Assurance Security Engineer with Booz Allen & Hamilton, where she supported a Department of Defense client in developing and maintaining DITSCAP and DIACAP-based certification and accreditation of complex, large-scale Information Systems. She is retired from the U.S. Army. She is also an active member of Infragard.
Mani Akella, a director (technology), has been actively working with information-security architectures and identity protection for Consultantgurus and its clients. An industry professional for 20 years, he has worked with hardware, software, networking, and all the associated technologies that service information in all of its incarnations and aspects. Over the years, he has developed a particular affinity for international data law and understanding people and why they do what they do (or do not). He firmly believes that the best law and policy is that which understands and accounts for cross-cultural differences, and works with an understanding of culture and societal influences. To that end, he has been actively working with all his clients and business acquaintances to improve security policies and make them more people-friendly: His experience has been that the best policy is that which works with, instead of being antagonistic to, the end user.
Rebecca Gurley Bace is the president/CEO of Infidel, Inc., a strategic consulting practice headquartered in Scotts Valley, California. She is also a venture consultant for Palo Alto--based Trident Capital, where she is credited with building Trident's investment portfolio of security product and service firms. Her areas of expertise include intrusion detection and prevention, vulnerability analysis and mitigation, and the technical transfer of information-security research results to the commercial product realm. Prior to transitioning to the commercial world, she worked in the public sector, first at the National Security Agency, where she led the Intrusion Detection research program, then at the Computing Division of the Los Alamos National Laboratory, where she served as deputy security officer. Her publishing credits include two books, an NIST Special Publication on intrusion detection and prevention, and numerous articles on information-security technology topics.
Susan Baumes, MS, CISSP, is an information-security professional working in the financial services industry. In her current role, she works across the enterprise to develop information-security awareness and is responsible for application security. Her role also extends to policy development, compliance, and audit. She has 11 years' experience in application development, systems and network administration, database management, and information security. Previously, she worked in a number of different sectors, including government (federal and state), academia, and retail.
Kurt Baumgarten, CISA, is vice president of information security and a partner at Peritus Security Partners, LLC, a leader in providing compliance-driven information security solutions. He is also a lecturer, consultant, and the developer of the DDIPS intrusion prevention technology as well as a pioneer in using best practices frameworks for the improvement of information technology security programs and management systems. He has authored multiple articles about the business benefits of sound information technology and information assurance practices, and assists businesses and government agencies in defining strategic plans that enhance IT and IA as positive value chain modifiers. He holds both a master's of science in information assurance and an M.B.A. with a concentration in e-commerce, and serves as an adjunct professor of information assurance. He has more than 20 years of experience in IT infrastructure and information security and is an active member of ISSA, ISACA, ISSSP, and the MIT Enterprise Forum. He periodically acts as an interim Director within external organizations in order to facilitate strategic operational changes in IT and information security.
Kevin Beets has been a research scientist with McAfee for over nine years. His work has concentrated on vulnerability, exploit and malware analysis, and documentation for the Foundstone and McAfee Labs teams. Prior to working with McAfee, he architected private LANS as well as built, monitored, and supported CheckPoint and PIX firewalls and RealSecure IDS systems.
Matt Bishop is a professor in the Department of Computer Science at the University of California at Davis and a codirector of the Computer Security Laboratory. His main research area is the analysis of vulnerabilities in computer systems, especially their origin, detection, and remediation. He also studies network security, policy modeling, and electronic voting. His textbook, Computer Security: Art and Science, is used widely in advanced undergraduate and graduate courses. He received his Ph.D. in computer science from Purdue University, where he specialized in computer security, in 1984.
Kip Boyle the chief information-security officer of PEMCO Insurance, a $350~million property, casualty, and life insurance company serving the Pacific Northwest. Prior to joining PEMCO Insurance, he held such positions as chief security officer for a $50~million national credit card transaction processor and technology service provider; authentication and encryption product manager for Cable & Wireless America; senior security architect for Digital Island, Inc.; and a senior consultant in the Information Security Group at Stanford Research Institute (SRI) Consulting. He has also held director-level positions in information systems and network security for the U.S. Air Force. He is a Certified Information System Security Professional and Certified Information Security Manager. He holds a bachelor's of science in computer information systems from the University of Tampa (where he was an Air Force ROTC Distinguished Graduate) and a master's of science in management from Troy State University.
Jennifer Bradley is a member of the first Master of Science in Information Assurance graduating class at Norwich University. She is the primary Systems and Security Consultant for Indiana Networking in Lafayette, Indiana, and has served as both a network and systems administrator in higher education and private consulting. She has almost 15 years' experience as a programmer and instructor of Web technologies, with additional interests in data backup, virtualization, authentication/identification, monitoring, desktop and server deployment, and incident response. At present she serves as an independent consultant. She has previously worked as a tester for quality and performance projects for Google, Inc., and as a collegiate adjunct instructor in computer technologies. She received a bachelor's of science in Industrial and Computer Technology from Purdue University.
Timothy Braithwaite has more than 30 years of hands-on experience in all aspects of automated information processing and communications. He is currently the deputy director of strategic programs at the Center for Information Assurance of Titan Corporation. Before joining Titan, he managed most aspects of information technology, including data and communications centers, software development projects, strategic planning and budget organizations, system security programs, and quality improvement initiatives. His pioneering work in computer systems and communications security while with the Department of Defense resulted in his selection to be the first systems security officer for the Social Security Administration (SSA) in 1980. After developing security policy and establishing a nationwide network of regional security officers, he directed the risk assessment of all payment systems for the agency. In 1982, he assumed the duties of deputy director, systems planning and control of the SSA, where he performed substantive reviews of all major acquisitions for the associate commissioner for systems and, through a facilitation process, personally led the development of the first Strategic Systems Plan for the administration. In 1984, he became director of information and communication services for the Bureau of Alcohol, Tobacco, and Firearms at the Department of Treasury. In the private sector, he worked in senior technical and business development positions for SAGE Federal Systems, a software development company; Validity Corporation, a testing and independent validation and verification company; and J.G. Van Dyke & Associates, where he was director, Y2K testing services. He was recruited to join Titan Corporation in December 1999 to assist in establishing and growing the company's Information Assurance practice.
Dr. Paul Brusil founded Strategic Management Directions, a security and enterprise management consultancy in Beverly, Massachusetts. He has been working with various industry and government sectors, including healthcare, telecommunications, and middleware to improve the specification, implementation, and use of trustworthy, quality, security-related products and systems. He supported strategic planning that led to the National Information Assurance Partnership and other industry forums created to understand, promote, and use the Common Criteria to develop security and assurance requirements and to evaluate products. He has organized, convened, and chaired several national workshops, conferences, and international symposia pertinent to management and security. Through these and other efforts to stimulate awareness and...
