Experience

• Over 30 years as an IT security professional.

• Most recently: member of 4-person design team to develop a “Discovery Engine” answering the questions:  What is on my network today, how is that different from yesterday, is each device manageable, is each device operating according to security policies, are their “rogue” devices present?.
• Participant in more than 300 IT Security reviews and analyses for the insurance industry, banking, state & federal governments, and various foreign governments and companies.
• Principal Investigator: The RISOS Project (Research In Secured Operating Systems) [1971-1976]. Mission: develop software and methodologies for analyzing and testing security features of computer operating systems; and maintain a posture of readiness to test security strengths of designated Department of Defense computer systems. This was the first funded research project addressing computer security (DOD-ARPA).
• Author of the Privacy and Data Confidentiality Policy for the Professional Service Review Organizations (PSRO) Program, and for the End Stage Renal Disease Program (while serving as the Senior Data Processing Consultant for the Bureau of Quality Assurance, Health Care Finance Administration) [1974].
• Author of Security Analysis and Enhancements for Computer Operating Systems, published by National Bureau of Standards (now NIST).  Withdrawn from publication after being deemed, by peers, as a dangerous document detailing how software could be misused to make unauthorized access.
• Recipient of ISSA New York Chapter 2002 Fitzgerald Award for lifelong and continuing contributions to the field if IT Security.
• Consultant for the movie "SNEAKERS" starring Robert Redford, Dan Ackroyd, Sidney Poitier, and James Earl Jones. The movie addressed computer hackers, encryption, and unauthorized access to computer systems. Contacted because of the RISOS project experience. Character played by James Earl Jones was given the name "Bernard Abbott" in recognition of contribution significance.

Expertise:

• Security policy and procedure creation, assessment, and auditing.
• Asset identification and valuation.
• Risk analysis: vulnerability assessment, threat Analysis, safeguards and compensating controls.
• Disaster recovery: design, assessment, and audit.
• Physical security and systems protection.
• Software security controls.
• Network security controls: network and security architectural design; design of intranet, extranet, and Internet access strategies; backbone and campus network design; secure remote access and VPN.
• Firewalls and web security.
• Anti-virus protection.
• Content protection using encryption, digital signatures and authentication.
• Penetration testing.

Education: BS, Mathematics.  University of California, Berkeley

Speaking:  Invited speaker at of over 20 different professional societies, and numerous professional conferences. Topics are generally IT Security and IT Auditing.