David Sheidlower, CISSP, CISM is the Chief Information Security Officer for Turner Construction, one of the largest construction management companies in the United States. Previously he was CISO at BBDO, the world's most awarded advertising agency. Previousy he was (CISO) for Health Quest, the Mid-Hudson Valley's largest healthcare system. David also serves as a member of the State of New York Health Information Network Policy Committee. Prior to Health Quest, he was the Division Information Security Officer within the small business lending division of Wells Fargo Bank—the largest small business lender in the country. David writes and blogs on security with a focus on the intersection of cyber security and humanism, something he is uniquely qualified to write on. His past activities include presenting at the MIS Institute’s Big Data Security Conference, working with the World Health Organization on Functional Health Status Measures and teaching letterpress printing at the Naropa Institute’s Jack Kerouac School for Disembodied Poetics in Boulder, Colorado. David also blogs at www.cybersecrighthere.com . He holds a Bachelor’s degree from the University of California, Berkeley and a Master’s degree in Health Service Administration from St. Mary’s College of California.
How to Get Everyone Attuned to Cybersecurity: Ways to Raise Security Awareness
Posted on: 10 Apr 2018
Your organization’s security stance must be supported by everyone in the company, every day, in all that they do. However, people are focused on their jobs, not necessarily on security.…
Demote the CISO
Posted on: 13 Dec 2017
For the third straight year, Drs. Daniel Solove and Paul Schwartz held their Privacy and Security Forum at George Washington University Law School. For the third straight year I attended…
Rhymes with CISO
Posted on: 06 Sep 2017
In my 10+ years as a CISO, I’ve noticed a trend that appears to only be increasing. What I have observed is a proliferation of job titles that rhyme with CISO.…
What Is at the Center?
Posted on: 10 Jul 2017
I have gone back and forth for a long time. Should security be risk-centric or data-centric. Outside of security professionals, you sometimes meet people who believe security should be compliance-centric…
Patch Yours
Posted on: 04 Jul 2017
CISO Security professionals feel no great joy in being right about patching. The past two months have been a period of “I told you so” moments for anyone who has…
NIST Cybersecurity Framework, Beyond Version 1.0 – Part 3
Posted on: 24 Jan 2017
In this series I take a close look at the Framework for Improving Critical Infrastructure Cybersecurity which NIST first published in February of 2014. Read Part One ‘All Infrastructure and the…
Hackers Are Not Afraid of Frameworks – Part 2
Posted on: 11 Jul 2016
Read Part One All Infrastructure and the NIST Framework. In this series I will take a close look at the Framework for Improving Critical Infrastructure Cybersecurity which NIST first published in…
All Infrastructure and the NIST Framework
Posted on: 15 Jun 2016
Each infrastructure is critical to someone. Go ahead: ask a CIO if they are in charge of something other than “critical infrastructure” and see what they say. In fact, the…
What Would Harold Do?
Posted on: 29 Mar 2016
I tell users all the time “Forget everything you learned in Kindergarten.” It always gets a laugh, gets their attention and gets my point across. It’s not nice to share…
The Sanders-Clinton Data Brouhaha: It is Not About Privacy and All About Identity
Posted on: 11 Jan 2016
In August of 2010, Huping Zhou who had served as a researcher at the UCLA School of Medicine and had since been terminated, was sentenced to jail time for inappropriately…