David Sheidlower

CISO

Turner Construction

David Sheidlower, CISSP, CISM is the Chief Information Security Officer for Turner Construction, one of the largest construction management companies in the United States. Previously he was CISO at BBDO, the world's most awarded advertising agency. Previousy he was (CISO) for Health Quest, the Mid-Hudson Valley's largest healthcare system. David also serves as a member of the State of New York Health Information Network Policy Committee. Prior to Health Quest, he was the Division Information Security Officer within the small business lending division of Wells Fargo Bank—the largest small business lender in the country. David writes and blogs on security with a focus on the intersection of cyber security and humanism, something he is uniquely qualified to write on. His past activities include presenting at the MIS Institute’s Big Data Security Conference, working with the World Health Organization on Functional Health Status Measures and teaching letterpress printing at the Naropa Institute’s Jack Kerouac School for Disembodied Poetics in Boulder, Colorado. David also blogs at www.cybersecrighthere.com . He holds a Bachelor’s degree from the University of California, Berkeley and a Master’s degree in Health Service Administration from St. Mary’s College of California.


How to Get Everyone Attuned to Cybersecurity: Ways to Raise Security Awareness

Posted on: 10 Apr 2018

Your organization’s security stance must be supported by everyone in the company, every day, in all that they do. However, people are focused on their jobs, not necessarily on security. With attacks increasingly starting at the human level through social media or targeted emails, your organization needs to create and maintain a high level of…

Demote the CISO

Posted on: 13 Dec 2017

For the third straight year, Drs. Daniel Solove and Paul Schwartz held their Privacy and Security Forum at George Washington University Law School. For the third straight year I attended and presented. This year’s forum was the biggest ever and like the previous years, was packed with different sessions on issues ranging from GDPR to…

Rhymes with CISO

Posted on: 06 Sep 2017

In my 10+ years as a CISO, I’ve noticed a trend that appears to only be increasing. What I have observed is a proliferation of job titles that rhyme with CISO. But rather than describing the Chief Information Security Officer, these new titles swap out the word “chief” and come up with something else to describe…

What Is at the Center?

Posted on: 10 Jul 2017

I have gone back and forth for a long time.  Should security be risk-centric or data-centric.  Outside of security professionals, you sometimes meet people who believe security should be compliance-centric and others who believe security should be audit-centric (which is a type of compliance-centrism). Certainly there used to be network-centric views of security but they…

Patch Yours

Posted on: 04 Jul 2017

CISO Security professionals feel no great joy in being right about patching.  The past two months have been a period of “I told you so” moments for anyone who has ever had to have the conversation with a sys  admin about the importance of patching. It’s been a long time for me but the memory…

NIST Cybersecurity Framework, Beyond Version 1.0 – Part 3

Posted on: 24 Jan 2017

In this series I take a close look at the Framework for Improving Critical Infrastructure Cybersecurity which NIST first published in February of 2014. Read Part One ‘All Infrastructure and the NIST Framework’ and Part Two ‘Hackers Are Not Afraid of Frameworks.’ There I was preparing part 3 of my close reading of the 2014 Framework for…

Hackers Are Not Afraid of Frameworks – Part 2

Posted on: 11 Jul 2016

Read Part One All Infrastructure and the NIST Framework. In this series I will take a close look at the Framework for Improving Critical Infrastructure Cybersecurity which NIST first published in February of 2014. Is that news?  No, of course it isn’t.  In fact, deterrence (fear) may seem like an odd concept for cybersecurity. Arguably, except…

All Infrastructure and the NIST Framework

Posted on: 15 Jun 2016

Each infrastructure is critical to someone.  Go ahead: ask a CIO if they are in charge of something other than “critical infrastructure” and see what they say.  In fact, the increasing criticality of all aspects of infrastructure underlies all our assumptions about security and privacy. This article is the first in a series where I…

What Would Harold Do?

Posted on: 29 Mar 2016

I tell users all the time “Forget everything you learned in Kindergarten.”  It always gets a laugh, gets their attention and gets my point across. It’s not nice to share (your password).  Secrets are really ok (your IP address).  Not only should you not take candy from strangers, you should not take strange candy from…

The Sanders-Clinton Data Brouhaha: It is Not About Privacy and All About Identity

Posted on: 11 Jan 2016

In August of 2010, Huping Zhou who had served as a researcher at the UCLA School of Medicine and had since been terminated, was sentenced to jail time for inappropriately looking at the medical records of his immediate supervisor and some notable celebrities including Drew Barrymore, Arnold Schwarzenegger, Tom Hanks, and Leonardo DiCaprio. He had…