As CSO-in-Residence, David Mortman is responsible for Echelon One's research and analysis program. Formerly the Chief Information Security Officer for Siebel Systems, Inc., David and his team were responsible for Siebel's worldwide IT security infrastructure, both internal and external. He also worked closely with Siebel's product groups and the company's physical security team and led up Siebel's product security and privacy efforts.
Previously, Mr. Mortman was Manager of IT Security at Network Associates, where, in addition to managing data security, he deployed and tested all of NAI's security products before they were released to customers. Before that, Mortman was a Security Engineer for Swiss Bank. A CISSP, member of USENIX/SAGE and ISSA, and an invited speaker at RSA 2002 and 2005 security conferences, Mr. Mortman has also been a panelist and speaker at RSA 2007 and 2008, InfoSecurity 2003, Blackhats 2005-2008, Defcon 2005-2008 and Information Security Decisions 2007 and 2008. Mr. Mortman sits on a variety of advisory boards including Qualys, Applied Identity and Reflective, amongst others. He holds a BS in Chemistry from the University of Chicago.
Do you have a question for our experts?
Contributions from David Mortman, featured expert
- Test a security architecture design without an IT security consultancy
- How to reduce PCI DSS security scope for an audit
- How to talk to executives about an information security team hire
- HIPAA and Social Security numbers in a hospital computer network
- Who is in charge of the Massachusetts data protection law audit?
- FERPA regulation guidelines to email student personal data unencrypted
- How to destroy data on a hard drive to comply with HIPAA regulations
- Technology to automate SOX compliance according to COBIT frameworks
- Disaster recovery risk assessment for cyberterrorism attacks
- How to protect employee information in email paystubs
- How to talk to executives after a data breach
- Where to find HIPAA resources for employee compliance training
- How to find HIPAA transaction code sets and HITECH resources
- Is Word document-comparison software SOX compliant?
- Verifying the security of software with static and dynamic verification
- A recovery point objective (RPO) vs. a recovery time objective (RTO)
- HHS HIPAA guidance on encryption requirements and data destruction
- Writing a patient identifier policy to prevent common HIPAA violations
- How to write technology outsourcing contracts
- The requirements for being a PCI DSS-compliant service provider