Contributors

Ted Claypoole is a Member of the law firm Womble Carlyle Sandridge and Rice, in Charlotte, North Carolina, in the Intellectual Property Transaction group, and a senior member of its Privacy and Data Management Team. He has long concentrated on the business and legal implications of information security and computer crime, first as in-house corporate counsel for CompuServe, Inc. and as assistant general counsel for Bank of America. He now advises business clients and information security companies on contracting for data protection, allocating risk in digital certificate infrastructures and reacting to electronic threats. He has served on a U.S. Justice Department computer crimes task force and the Information Protection Committee for the Banking Industry Technology Secretariat. He has presented talks at the RSA Security Conferences in 2007 and 2008, including a talk on the ethics of pervasive biometrics.

Ted wrote Chapter 8, “Biometric Authentication for SCADA Security.”

Phil Drake is Communications Manager for the Charlotte Observer in Charlotte, N. C. The Observer is a daily newspaper that serves readers throughout North and South Carolina. In addition to the newspaper, the Charlotte Observer produces specialty magazines, voice information, and Internet services.

Phil is responsible for all aspects of communications at Observer operations in both Carolinas, including telephone and data communications, wireless systems, conventional and trunked two-way radio, and satellite systems. He is also responsible for business continuity and disaster response planning and related budgeting. He is responsible for providing emergency communications facilities for reporters and photographers covering breaking news stories.

His background includes photojournalism, mainframe computer support, network management, telecommunications planning and management, and business continuity planning. Phil is a former chairman of the Contingency Planning Association of the Carolinas and currently serves as a Board Advisor of the organization. He is a Certified Business Continuity Professional with the Disaster Recovery Institute International.

Phil speaks to public and private sector groups and has been interviewed by and written for a number of national publications on a wide range of emergency communication issues, and business/homeland defense planning. He leads business continuity training seminars for both the public and private sectors, and he has provided project management in business continuity. He has advised major national clients in emergency planning, workforce protection, threat assessment, and incident response for a number of large national corporations.

He enjoys backpacking and spending time in the outdoors. He also has taught outdoor living skills to youth group leaders. He was appointed by the North Carolina Secretary of the Department of Environment and Natural Resources as a voting member of the NC Geological Survey Advisory Committee.

Phil wrote the Appendix, “Personal, Workforce, and Family Preparedness.”

Paul A. Henry, (MCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP, ISSAP, CISM, CISA, CIFI) is the Vice President of Technology Evangelism at Secure Computing®.

Paul is one of the world’s foremost global information security experts, with more than 20 years experience managing security initiatives for Global 2000 enterprises and government organizations worldwide.

At Secure Computing, Paul plays a key strategic role in launching new products and re-tooling existing product lines. In his role as Vice President Technology Evangelism, Paul also advises and consults on some of the world’s most challenging and high-risk information security projects, including the National Banking System in Saudi Arabia, Department of Defense’s Satellite Data Project, USA, and both Government as well as Telecommunications projects throughout Japan.

Paul is frequently cited by major and trade print publications as an expert on both technical security topics and general security trends, and serves as an expert commentator for network broadcast outlets such as NBC and CNBC. In addition, Paul regularly authors thought leadership articles on technical security issues, and his expertise and insight help shape the editorial direction of key security publications such as the Information Security Management Handbook, where he is a consistent contributor.

Paul serves as a featured and keynote speaker at network security seminars and conferences worldwide, delivering presentations on diverse topics including network access control, Cyber crime, DDoS attack risk mitigation, firewall architectures, computer and network forensics, Enterprise security architectures and managed security services.

Paul wrote Chapter 2, “Supervisory Control and Data Acquisition.”

Lester J. “Chip” Johnson Jr. is employed by the SCANA Corporation, a $ 9 Billion, Fortune 500, energy–based holding company, headquartered in Columbia, South Carolina. Mr. Johnson serves in the Corporate Security and Claims Department as a Manager with responsibility for Investigations and Crisis Management. Mr. Johnson leads a staff of professional investigators who conduct investigations of internal corporate compliance issues, criminal violations against the corporation’s property and personnel, executive protection, background investigations and risk reduction efforts on behalf of the Corporation. The Crisis Management Department is responsible for the development and continual assessment of security risk management and reduction plans for the critical infrastructure operated by the Corporation. These risk management and reduction plans include the assurance of compliance with the various governmental agencies with oversight responsibilities for the critical infrastructure. Business continuity and emergency procedure planning are also a major component of the crisis management group.

Mr. Johnson is a retired Deputy to the Assistant Director of Investigative Services for the South Carolina Law Enforcement Division. He was responsible for the delivery of all investigative services, which included general investigations, bomb and arson, tactical, computer crimes, special victims, executive protection, behavioral science, public corruption, and insurance fraud.

During his twenty–eight year career Mr. Johnson received numerous awards and commendations, including the Strom Thurmond Award of Excellence in 2004. Mr. Johnson is a graduate of the FBI National Academy and has served as an adjunct instructor for numerous organizations.

Mr. Johnson is married to the former Laura Whelchel of Cordele, Georgia and resides in Lexington, South Carolina with his two children.

Lester wrote Chapter 5, “Working with Law Enforcement on SCADA Incidents.”

Sean Lowther is the President and Founder of Stealth Awareness, Inc., www.stealthawareness.com.

Sean is an independent consultant who brings years of experience designing and implementing information security awareness programs at the highest level. He founded Stealth Awareness, Inc. in 2007.

Sean worked at Bank of America for over seven years, managing the enterprise information security awareness program. The program received the highest rating from its regulators and was consistently rated “world class” by industry peer groups.

Sean has worked with BITS, the Financial Services Roundtable Task Force on Privacy, prior to the enactment of the Gramm-Leach-Bliley Act. He produced the video “It’s Not If, But When” for the Financial Services Sector Coordinating Council in partnership with the U.S. Treasury Department with the goal to improve critical Infrastructure protection and Homeland Security. Sean was recognized by senior government officials and business executives for his “work to defend our nation’s critical infrastructure.”

Sean is a sought after speaker for a variety of events and meetings. Most recently he spoke at the Computer Security Institute’s annual 2007 conference in Washington, D.C., the Contingency Planning Association of the Carolinas, and the 2008 Charlotte ISSA annual conference.

Sean lives in the Charlotte, North Carolina area.

Sean wrote Chapter 4, “Developing an Effective Security Awareness Program.”

Greg Miles, (Ph.D., CISSP#24431, CISM#0300338, IAM, IEM) co-author of Security Assessment: Case Studies for implementing the NSA IAM (Syngress Publishing, ISBN 1-932266-96-8), Network Security Evaluation: Using the NSA IEM (Syngress Publishing, ISBN: 1-597490-35-0), and Security Interviews Exposed: Secrets to Landing your Next Information Security Job (Wiley Publishing, ISBN-10: 0471779873) is the President, and Chief Financial Officer of Security Horizon, Inc. Security Horizon is a Global, Veteran-Owned Small Business headquartered in Colorado Springs, Colorado. Security Horizon provides global information security professional services, training, and publishes The Security Journal, a quarterly online publication. Greg is a U.S. Air Force Veteran and has been supporting the technology and security community for the last 22+ years. Greg’s background includes work with NSA, NASA, and DISA. Greg has supported efforts covering security assessments, evaluations, policy, penetration testing, incident response, and computer forensics.

Greg holds a Ph.D. in Engineering Management from Kennedy Western University, a master’s degree in Management Administration from Central Michigan University, and a bachelor’s degree in Electrical Engineering (with a concentration in Control Systems and Power Systems) from the University of Cincinnati. Greg is a member of the Information System Security Association (ISSA) and the Information System Audit and Control Association (ISACA). He is also Adjunct Faculty for the University of Advancing Technology (www.uat.edu).

Greg would like to thank his family and friends for the incredible support provided to him. Greg has two incredible, loving children, Kirstin and Justin, that provide a great deal of enjoyment. Also at home is another incredible kid that just adds to the fun, Brennon. He would also like to thank his soul mate, Tania, for teaching him what it means to love once again.

Greg wrote Chapter 3, “SCADA Security Assessment Methodology.”

Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. As part of his practice, he represents and consults with lock manufacturers, government agencies and corporations in the U.S. and overseas regarding the design and bypass of locks and security systems. He has authored six police textbooks, including Locks, Safes, and Security, (ISBN 978-0398070793), which is recognized as the primary reference for law enforcement and security professionals worldwide. The second edition, a 1400 page two-volume work, is utilized by criminal investigators, crime labs, locksmiths and those responsible for physical security. A fourteen-volume multimedia edition of his book is also available online. His website is security.org.

As a former prosecutor and Chief of the Organized Crime Unit for the Office of Attorney General, state of South Dakota, Marc supervised many major investigations and prosecutions. He continues to work investigations for government and private clients, mainly involving technical fraud issues.

Marc is a member of a number of professional security organizations, including the American Society of Industrial Security (ASIS), Association of Firearms and Tool Marks Examiners (AFTE), American Polygraph Association (APA) and American Association of Police Polygraphists (AAPP).

Marc has lectured extensively in the United States and Europe on physical security and certain aspects of criminal investigations and interrogation techniques. He holds several patents involving the bypass of locks and security systems. Marc contributes a column to engadget.com and has been featured in many publications as well as radio and television stories around the world.

Marc wrote Chapter 6, “Locked but Not Secure: An Overview of Conventional and High Security Locks.”

James H. Windle is employed as a Police Sergeant in Charlotte, North Carolina, where he serves as a certified bomb technician and is assigned as the Bomb Squad Commander and Arson Supervisor. He is certified as a North Carolina Law Enforcement Instructor and has advanced instructor training in Specialized Police Driving, Firearms and Hazardous Materials. He is an instructor of the United States National Domestic Terrorism Preparedness Program and delivered terrorism training to numerous governmental agencies both police and military as well as private security.

Jim began his experience in explosives from his service as a member of the United States Marine Corps providing training in mines and booby traps domestically and with NATO forces overseas. As a police bomb technician he graduated from the F.B.I.’s Hazardous Devices School at Redstone Arsenal and ATF’s Advanced Explosives Destruction Techniques, Advanced Post Blast Investigation and Home Land Security Live Agent WMD School. He is also crossed trained as a Hazardous Materials Technician. He has worked site security and threat assessment in conjunction with the U.S. Secret Service and U.S. State Department for domestic and foreign dignitary protection missions. He was sent to Israel to train with Israeli bomb technicians on countermeasures for suicide bombers and vehicle bombs and this year was sent to England to work with London Met Police and Royal Navy EOD squads.

He is an active member of the International Association of Bomb Technicians and Investigators (IABTI) and also a member of the High Technology Crime Investigation Association (HTCIA). Both groups are highly respected international organizations whose primary mission is to share information, train, and help in the prevention and prosecution of high technology and terrorist crimes.

Jim wrote Chapter 7, “Bombs, Bad Guys and your Business.”