Prior to his specialization in information security governance, David spent over ten years as a UNIX and TCP/IP systems programmer and systems administrator in the university/research sector. Some of the software he developed during that time is still in use today. He also spent five years in the professional security services field, where he worked with many cutting-edge security technologies and applications that are taken for granted today. He was a founding member of the world’s first commercial computer security incident response service, and the principal designer of the world’s first commercial real-time intrusion detection monitoring service. He is also the author of three successful technical books: two on the topic of UNIX systems programming, and one on UNIX system security.
David’s varied background gives him a unique ability to examine problems from both the “business” and “technical” perspectives and devise an appropriate solution that meets the requirements of all stakeholders—business and information technology. He believes that one of the most important characteristics of any information security program is that it must support the business goals of the company and enable work to get done in a time- and cost-effective manner. David’s background has also allowed him to develop oral and written presentation skills suitable for any audience—technical, non-technical, or executive—an ability which is demonstrated by his selection as one of the top-five presenters at the Information Security Forum’s worldwide conference four years in a row.
David holds a Bachelor’s degree in Computer Science from Purdue University and is a Certified Information Systems Security Professional (CISSP).