David has 9 years of information security experience in the public and private sectors, working to change senior viewpoints on security from a focus on “compliance” into conversations about the management of information risk. His experience ranges from security functions within small businesses to representing a government department in national policy discussions, and he contributed to the ongoing transformation of the UK government’s protective marking scheme by delivering plain-English risk management scenarios which are now embedded within government-wide technical risk guidance.
He holds an MSc in Computer Security and Forensics and won an award for outstanding academic achievement for his thesis, which contained an information security management framework tailored for small to medium businesses. At the core of the framework is a risk assessment methodology with no dependence of knowledge of security or of specific security threats, and a series of straightforward security controls for each identified risk. The framework is being considered for use by the Information Systems Security Association (ISSA) in support of their published SME security strategy, ISSA-5173. David believes that engagement with small businesses on information security management is one of the key “missing links” in the modern security industry, undermining the security of the global supply chain.
Why I Joined The Analogies Project
“I believe that the only way to make security ‘work’ in the long term is to build trust, and that starts with security professionals using language which people understand and find authentic. Every business owner or manager should have at least a basic understanding of risk, and information risk can be measured and managed in the same way as any other. I see The Analogies Project as a great opportunity for the industry to start expressing security risks and issues in a more accessible and consistent form, and I believe that this project will support the long-term movement towards an industry which can be sold on the benefits of risk management rather than the FUD of the security breach.”
My AnalogiesPopulation Immunity: Administering Security Vaccines Global Security – Lessons from the Industry Treat Your Staff Like Dogs Be The Quarterback 3 Little Pigs: A Modern Perspective