Dr. Gene Schultz Introduction
Hi. My name is Dr. Eugene Schultz and I am the Chief Technology Officer as well as the Chief Information Security Officer of High Tower Software. High Tower produces an appliance that aggregates the output of various computing systems and devices on the network and applies powerful event correlation algorithms to determine whether security breaches and/or policy violations have occurred and if so, their nature and the details surrounding the incident. Equally importantly, the High Tower appliance provides assurance that organizations that deploy this tool are in compliance with security monitoring-related provisions of laws and regulations such as Sarbanes-Oxley.
I have been in information security space for nearly 25 years, having been involved in both academia and the business world. I have done things such as teach courses and conduct research in various areas of information security, but particularly firewalls, incident response, intrusion detection, and human factors in information security. I have also founded and managed the US government’s first incident response team (CIAC) and have consulted for a variety of commercial and non-commercial organizations. I’ve also been the editor-in-chief of information security journals such as Computers and Security (2002 – this year) and Information Security Bulletin (2000 – 2001) as well as the associate editor of or contributor to a number of others. Finally, I have written or co-written five books; I hope that you have had the time to read at least one of them.
I am launching a blog to share my experiences and lessons learned with you as well as my perspectives concerning a wide range of issues that you and I as information security professionals face or will likely face sometime in the future. I am interested in a wide range of issues—information security governance, security program progress indicators, security training and awareness, security convergence issues, identity management, computer crime-related legislation, intrusion detection and intrusion prevention, insider attack detection and deterrence, incident response, professional certification, usability considerations related to information security, and more. If you have ever read my editorial comments in the SANS NewsBites (for which I serve as a member of the editorial board), you can be confident that I will fully speak my mind. Certain developments, such as known attackers of computer systems escaping punishment for their computer crime-related activities, incite me to express strong objections. Other, less controversial issues may not stir me up as much, but trust me, I fully intend to always have something interesting to say concerning them. Any opinions I express will, of course, be purely my own; they will not necessarily represent those of High Tower.
So hang on to your seat, so to speak, and enjoy the ride. And if you don’t like or agree with what I write, please feel free to let me know by emailing me at email@example.com. I cannot guarantee that I will answer every message that I receive, but I assure you that I will try to do so.