Lance Hayden

Opinions expressed by ICN authors are their own.

Dr. Lance Hayden, the Chief Privacy and Security Officer for ePatientFinder, is also an author, speaker, and researcher with over 25 years experience in the field of information security. A leading expert on security behavior and culture, Dr. Hayden is the author of People-Centric Security: Transforming Your Enterprise Security Culture and IT Security Metrics: A Practical Framework for Measuring Security and Protecting Data.

Dr. Hayden began his career as a human intelligence (HUMINT) officer with the CIA, which contributed to a philosophy emphasizing human behavior, organizational psychology, and strategic leadership as central to a successful InfoSec program. Dr. Hayden's career includes security roles at KPMG, FedEx, Cisco, and the Berkeley Research Group before joining ePatientFinder, where he has executive responsibility for all enterprise data protection and security-related regulatory compliance.

Dr. Hayden received his Ph.D. in Information Science from the University of Texas at Austin. As a professor at the UT iSchool, Dr. Hayden develops and teaches graduate and undergraduate courses on subjects including information security, privacy, surveillance and the intelligence community. His industry credentials include CISSP, CISM, CRISC and ISO 27001 Certified Lead Auditor certifications.

The opinions expressed in this blog are those of Lance Hayden and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

Healthy security cultures eat lots of phish

FCC privacy ruling could leave enterprises' data vulnerable

FCC privacy ruling could leave enterprises' data vulnerable

The recent repeal of new FCC rules designed to strengthen personal privacy among consumers by limiting the uses ISPs can make of their personal data also has implications for companies who use these services. Security and privacy...

How to get employees security engaged

Employee engagement is a major concern for organizations, especially since studies show that most people are not committed to or enthusiastic about their jobs. This has implications for companies in general and for security teams...

Three ways to align security programs to enterprise strategy

Security teams often struggle with how best to articulate security value in business terms, and with aligning security priorities with enterprise strategy. All security programs depend on business owners for success, so it is...

How long is a piece of string? The challenges and benefits of benchmarking security culture

Measuring security culture is challenging, but increasingly important to information security as we seek to maximize the value of people as well as technology to protect organizations. Asking how a security culture stacks up is like...

Seven security cultures that can help or hurt your organization

Some organizational cultures are good for security, while some make protecting information assets and infrastructure harder. There's no one best security culture to aim for, but these three good, three bad, and one ugly examples of...

What's your cybersecurity whistleblower strategy?

What's your cybersecurity whistleblower strategy?

Cybersecurity whistleblowers present a growing risk to organizations, but not for the reasons people may think. Most whistleblowers are not disgruntled rogues, but rather good people trying to get companies to address harmful or...

Security is more than a process… It’s a proficiency

For 15 years, Bruce Schneier's maxim that security is a process and not a product has been very influential within the security community. But the Schneier Maxim is no longer enough to describe the challenges faced by security...

Load More