Who's Who in Infosec is an ongoing series featuring profiles of security professionals and their contributions to the industry. SearchSecurity.com will recognize one of these individuals with the SearchSecurity.com Trailblazer Leadership Award at Security Decisions 2003. SearchSecurity.com members are invited to submit nominations for the award through Aug. 1, 2003.
Charles Cresson Wood, CISA, CISSP, is an independent information security consultant based in Sausalito, Calif. In the information security field since 1978, he specializes in the development of information security infrastructure documents including policies, standards, guidelines, procedures, architectures and responsibility statements. He also performs risk assessments for a wide variety of computing environments. Charles has done information security work with over 125 organizations, primarily Fortune 500 companies, high-tech startups and banks.
Working with Donn B. Parker at SRI International (Stanford Research Institute), Charles helped develop the first manual dealing with the investigation and prosecution of computer crime. Later, he was lead network security officer at the Bank of America. Since 1984 he has provided independent consulting services that are uniquely responsive to client needs.
Charles has written more than 275 technical articles and six books about information security. His books include the best selling Information Security Policies Made Easy, now used by more than 70% of Fortune 500 companies. Also included in his list of books is Information Security Roles & Responsibilities Made Easy, a ready-to-go compendium of information security job descriptions, mission statements and reporting relationship diagrams.
In his career, Charles has focused on the interface between management and information security. For example, he is one of the founders of the Human Firewall Council, an organization devoted to increased management attention to the human factors' side of information security. He holds an MBA in financial information systems, an MSE in computer science and a BSE in accounting from the Wharton School of Business at the University of Pennsylvania.
He is Senior North American Editor for the technical journals Computers & Security and Computer Fraud & Security Bulletin, and serves on the editorial board of Inside Fraud. For the last 11 years he has written a monthly information security policy column for Computer Security Alert. In 1996 he received the Lifetime Achievement Award from the Computer Security Institute. He can be reached at email@example.com.