About David A. Curry

David A. Curry is a technically sophisticated, business-savvy information security professional with over 25 years of cross-industry experience in diverse security, privacy, and systems roles including security and privacy governance, risk management and analysis, legal and regulatory compliance, security incident response, professional services, software design, systems programming, and systems administration. He has held multiple senior-level positions with responsibility for envisioning, implementing, and maintaining the major components of information security programs, including policies and standards, risk management methodologies, training and awareness programs, legal and regulatory compliance, third party vendor security management, and security incident management. Prior to his specialization in information security governance, David spent over ten years as a UNIX and TCP/IP systems programmer and systems administrator in the university/research sector. Some of the software he developed during that time is still in use today. He also spent five years in the professional security services field, where he worked with many cutting-edge security technologies and applications that are taken for granted today. He was a founding member of the world’s first commercial computer security incident response service, and the principal designer of the world’s first commercial real-time intrusion detection monitoring service. He is also the author of three successful technical books: two on the topic of UNIX systems programming, and one on UNIX system security.

David’s varied background gives him a unique ability to examine problems from both the “business” and “technical” perspectives and devise an appropriate solution that meets the requirements of all stakeholders—business and information technology. He believes that one of the most important characteristics of any information security program is that it must support the business goals of the company and enable work to get done in a time- and cost-effective manner. David’s background has also allowed him to develop oral and written presentation skills suitable for any audience—technical, non-technical, or executive—an ability which is demonstrated by his selection as one of the top-five presenters at the Information Security Forum’s worldwide conference four years in a row.

David holds a Bachelor’s degree in Computer Science from Purdue University and is a Certified Information Systems Security Professional (CISSP).

More Information From This Site

Information From Other Sites