Drew Williams
Want to Join?
Opinions expressed by ICN authors are their own.
U.S. Navy Veteran Drew Williams has a core philosophy about life and work: "Keep busy, stay engaged, and always be productive." Whether as a writer, video producer, lecturer or educator, Drew has been involved in information risk management since the mid-80s. He has developed and published Information Security standards and guidelines.
During the late 1990s, Drew contributed to re-tooling security policies for some of the largest financial institutions in the world, and worked on early adoption of GRC standards and frameworks (SOX, ITIL, ISO27799, CObIT). An original contributor to the HIPAA Security Policy (1995-1996), Drew wrote one of the early security policy guides, "HIPAA Code Blue."
As former product manager for what was the world's top Host Intrusion Detection System (AXENT/Intruder Alert), Drew also contributed to IT security initiatives (IETF / NIST), and worked with MITRE to build the Common Vulnerabilities Enumeration (CVE) framework. Drew served on the President's Council on Critical Infrastructure Security (precursor to DHS), and worked on the NIST's "Common Criteria" directives.
Drew co-authored some of the industry’s first Incident Response & Information Security Risk Assessment Services while head of the SWAT Team at AXENT/Symantec (1997-2002), and from 2006 to 2011, Drew hosted Asia's "Hacker Halted" security symposium.
As founder of Condition Zebra (2011) Drew developed information security readiness programs & mission-critical risk assessments for ministries of defense throughout Asia. He also co-developed post-graduate programs on cybersecurity at Utah Valley University and Southern Utah University, the latter where he also serves as a member of the faculty in the Graduate Program.
Drew also initiated the first "Gold" funding opportunities for the annual Black Hat Briefings in Las Vegas in 2000. A former speaker at CSI/FBI and N+i events during the 1990s-2000's, Drew is also a member of the “Founder’s Circle” at the annual RSA Security Conference, and has been a contributing source in broadcast media, including MSNBC, CNN, and NPR, and has been featured in USA Today, The Washington Post and publications throughout the US and Europe.
The opinions expressed in this blog are those of Drew Williams and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.
Back to school, part 2: no whaling allowed!
5 security safeguards to keep the CEO out of hot water.
What I learned about risk on my summer vacation
10 homework assignments CSOs can give their teams to keep their bosses safe (and stay out of the principal's office!)
Keep the change: 9 steps to adapting to IT security
Changing the way we look at "security" could make the difference in how successful we are. Here's a step-by-step process CSOs and their teams can implement to integrate any type of GRC or Infrastructure Security change initiative into...
Keeping security (and alerts) in context
Complexity is the primary security problem, demonstrated by the degree to which misconfiguration and misalignment of protection are leveraged in cyber attacks. One way to change the game is via context. We need to know more about 1)...
How to gain the trust of the board
One of the keys that can make a good CSO presentation a great one is by ensuring the data being reported actually has relevance on specific business risks the organization is most likely to encounter (rather than assembling a...
How to present security to the board
Part of the DNA of any CEO is in how well he or she can deliver quarterly reports (good and bad) to a Board of Directors, with the usual flair of just enough excitement to keep everybody upstairs interested, all the while keeping them...
It’s hunting season but who’s the prey?
There’s a trend in security operations to work to close the gap between discovering a breach after the damage has been inflicted, and delving deeper into the infrastructure to evaluate the “What/Where/When/How” in an effort to advance...
How to make mergers and acquistions work
When tech companies "Merge and Purge" their IP, organizations on both sides of the trades can get nervous. Here's one recent deal that could actually mean a better set of solutions for everybody concerned.
Black Hat basics: Ruminations on 19 years of Black Hat Briefings
As this is my first venture into the world of blogs for CSO, the timing coincides with one of my favorite summer activities—traveling each August to the American desert, to roast in the Nevada sun, and attend the Black Hat Briefings....