Drew Williams

U.S. Navy Veteran Drew Williams has a core philosophy about life and work: "Keep busy, stay engaged, and always be productive." Whether as a writer, video producer, lecturer or educator, Drew has been involved in information risk management since the mid-80s. He has developed and published Information Security standards and guidelines.

During the late 1990s, Drew contributed to re-tooling security policies for some of the largest financial institutions in the world, and worked on early adoption of GRC standards and frameworks (SOX, ITIL, ISO27799, CObIT). An original contributor to the HIPAA Security Policy (1995-1996), Drew wrote one of the early security policy guides, "HIPAA Code Blue."

As former product manager for what was the world's top Host Intrusion Detection System (AXENT/Intruder Alert), Drew also contributed to IT security initiatives (IETF / NIST), and worked with MITRE to build the Common Vulnerabilities Enumeration (CVE) framework. Drew served on the President's Council on Critical Infrastructure Security (precursor to DHS), and worked on the NIST's "Common Criteria" directives.

Drew co-authored some of the industry’s first Incident Response & Information Security Risk Assessment Services while head of the SWAT Team at AXENT/Symantec (1997-2002), and from 2006 to 2011, Drew hosted Asia's "Hacker Halted" security symposium.

As founder of Condition Zebra (2011) Drew developed information security readiness programs & mission-critical risk assessments for ministries of defense throughout Asia. He also co-developed post-graduate programs on cybersecurity at Utah Valley University and Southern Utah University, the latter where he also serves as a member of the faculty in the Graduate Program.

Drew also initiated the first "Gold" funding opportunities for the annual Black Hat Briefings in Las Vegas in 2000. A former speaker at CSI/FBI and N+i events during the 1990s-2000's, Drew is also a member of the “Founder’s Circle” at the annual RSA Security Conference, and has been a contributing source in broadcast media, including MSNBC, CNN, and NPR, and has been featured in USA Today, The Washington Post and publications throughout the US and Europe.

Drew is now a principal security engineer for Leidos, formerly Lockheed Martin (“Where I hope to retire and buy my own private F35!”).

The opinions expressed in this blog are those of Drew Williams and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

How to gain the trust of the board

How to present security to the board

How to present security to the board

Part of the DNA of any CEO is in how well he or she can deliver quarterly reports (good and bad) to a Board of Directors, with the usual flair of just enough excitement to keep everybody upstairs interested, all the while keeping them...

It’s hunting season but who’s the prey?

It’s hunting season but who’s the prey?

There’s a trend in security operations to work to close the gap between discovering a breach after the damage has been inflicted, and delving deeper into the infrastructure to evaluate the “What/Where/When/How” in an effort to advance...

How to make mergers and acquistions work

How to make mergers and acquistions work

When tech companies "Merge and Purge" their IP, organizations on both sides of the trades can get nervous. Here's one recent deal that could actually mean a better set of solutions for everybody concerned.

Black Hat basics: Ruminations on 19 years of Black Hat Briefings

Black Hat basics: Ruminations on 19 years of Black Hat Briefings

As this is my first venture into the world of blogs for CSO, the timing coincides with one of my favorite summer activities—traveling each August to the American desert, to roast in the Nevada sun, and attend the Black Hat Briefings....

Load More