David Sheidlower, CISSP, CISM is the Chief Information Security Officer for Turner Construction, one of the largest construction management companies in the United States. Previously he was CISO at BBDO, the world's most awarded advertising agency. Previousy he was (CISO) for Health Quest, the Mid-Hudson Valley's largest healthcare system. David also serves as a member of the State of New York Health Information Network Policy Committee. Prior to Health Quest, he was the Division Information Security Officer within the small business lending division of Wells Fargo Bank—the largest small business lender in the country. David writes and blogs on security with a focus on the intersection of cyber security and humanism, something he is uniquely qualified to write on. His past activities include presenting at the MIS Institute’s Big Data Security Conference, working with the World Health Organization on Functional Health Status Measures and teaching letterpress printing at the Naropa Institute’s Jack Kerouac School for Disembodied Poetics in Boulder, Colorado. David also blogs at www.cybersecrighthere.com . He holds a Bachelor’s degree from the University of California, Berkeley and a Master’s degree in Health Service Administration from St. Mary’s College of California.
At the Privacy & Security Forum: What I Said
Posted on: 16 Nov 2015
Focus is over-rated when you’re starting out. The original idea for my presentation at The Privacy & Security Forum in Washington, D.C. was to talk exclusively on how security controls…
At the Privacy & Security Forum: What I Saw
Posted on: 28 Oct 2015
Privacy folks and security folks were finally intermingling by design and not by accident or through one or the other being adventurous. I’m a huge proponent of the two being…
Afterthoughts: Big Data and Us Little People
Posted on: 07 Jul 2015
The original series was written in a frenzy. Aggregating is the inverse of broadcasting. Aggregation is biased towards anonymity. Being the subject of a data point is a matter of…
Compliance Beyond Black and White
Posted on: 28 May 2015
It’s now commonplace to read that security means more than checking off boxes on a compliance checklist. A robust approach to security includes trying to fill the gaps between the…
Falsely Negative About False Positives
Posted on: 22 Apr 2015
Distributed Denial of Service (DDoS) attacks are very inefficient but very effective. Auditors are careful to be sure their findings are accurate so that they are not accused of being…
No Book to Be By
Posted on: 17 Mar 2015
In some cases, hiring a project manager is the most sensible thing you can do. A seemingly can’t miss action that preserves the status quo while getting the organization where…
Risk Averse. Rule Averse.
Posted on: 17 Feb 2015
It’s 2 in the morning. You are stopped at a well-lit, completely empty intersection looking up at a red light. If you’re like me, you will wait till that light…
Risk Based vs. Rule Based
Posted on: 27 Jan 2015
I have always found that information security professionals tend to fall into three categories: SWAT Teams, Power Rangers or Nerds with an edge (see a blog post of that name…
The Question of the Questions
Posted on: 13 Jan 2015
Incessant questioning can reduce the best thinking to no more than a background chorus of “Are we there yet?” But there are still some things that have to be asked.…
GRC Debunker
Posted on: 11 Dec 2014
(UPDATED) CISO’s and their teams are not just producers of risk analyses and assessments. We are also consumers of them. They come from many sources. The main four are: Responses from…