I discovered computers in the 1970s in my first year at the University of Nevada. I was taking a Fortran programming course when computer programs were painstakingly typed in on punch cards. I then got a part-time computer operator job at the University computer center, where I operated the university’s mainframe computer, a Control Data Corporation CDC-6400 (more on the CDC-6000 series here). I also have several years’ experience on DEC PDP-10 mainframes and many other types of modern and ancient computer systems. My insatiable curiosity about computers led me headlong into a career that began when I completed my university education.
I spent thirteen years in the wireless telecommunications industry, in positions where I developed security policy, security architecture, security emergency response teams, and have been a consulting resource to HR, legal, marketing, engineering, and operations divisions; followed by seven years in the Software-as-a-Service business, where I built and managed a company wide information security management program.
Those letters behind my name: C/CISO, CRISC, CISSP, CISA, CCSK, and PCI-QSA, are my professional security certifications: Certified Chief Information Security Officer; Certified in Risk, Information Security, and Control; Certified Information Systems Security Professional; Certified Information Systems Auditor; Certificate in Cloud Security Knowledge; and Payment Card Industry Qualified Security Assessor. The education, experience, and good luck on long written exams has given me a background that goes way beyond technology to include procedures, policies, and human factors associated with computing. You’ll see a lot of this knowledge and experience reflected in my books. I earned the CISSP certification in 2000, the CISA certification in 2002, and the others more recently.
One of my former colleagues got me into the publishing business in 1995. That was the beginning of my being a manuscript reviewer and later the author of thirty-five books, at last count.
Today I am a trusted advisor on matters of information security strategy, risk management, and privacy to organizations in Western U.S. and Canada.
My passion for computers is matched only by my dedication to helping people know how to use information systems – from personal computers to mainframes – more effectively and safely. That’s what my professional mission statement is all about.
Note: I am a member of some, but not all, of the aforementioned organizations.