Andrew Stewart - Information Security Professional

Andrew Stewart
Information Security Professional

Email:
andrew_j_stewart@mac.com

Homepage:
http://homepage.mac.com/andrew_j_stewart

Linkedin:
http://linkedin.com/in/andrewstewart

By considering economic factors and questioning conventional wisdom, my work describes how organizations can make better security decisions. My current personal research interests are enterprise-scale security engineering and the ontology of security spending strategies.

Books ~

A. Shostack and A. Stewart, The New School of Information Security, Addison-Wesley Professional, 238 pp., March 2008.

      - The book contains 50 pages of references and a 15 page bibliography.

      - Reviewed in IEEE Cipher, the newsletter of the IEEE Technical Committee on Security & Privacy.

      - Achieved an Amazon.com sales rank of #312 (#1 in Internet, Network Security, Information Systems, Encryption, and Privacy categories).

      - Used as a course text at Syracuse University, City University of Seattle, and at The Heinz School of Public Policy and Management at Carnegie Mellon University.

Refereed Conference Papers ~

A. Stewart, "Efficient visualization of change events in enterprise networks," Proc. IEEE Workshop on Enterprise Network Security, Baltimore, MD, August 28, 2006.

Refereed Journal Publications ~

A. Stewart, "A contemporary approach to network vulnerability assessment," Network Security, Vol. 2005, Issue 8, pp. 7-10, April 2005.
A. Stewart, "Information security technologies as a commodity input," Information Management & Computer Security, Vol. 13, No. 1, pp. 5-15, March 2005.
A. Stewart, "On risk: perception and direction," Computers & Security, Vol. 23, No. 5, pp. 362-370, July 2004. This paper is referenced in the book Security Metrics (2007), the book Decision-making in Complex Environments (2007) and is cited in several research articles including "Incentives and Perceptions of Information Security Risks" by Konsynski et al. (2008).
A. Stewart, "No illusions: rethinking information security policies and standards," Information Security Bulletin, Vol. 8, Issue 6, pp. 229-234, July 2003.

Invited Lectures ~

I have spoken at GCHQ (UK Government Communications Headquarters) for their Communications-Electronics Security Group, and to the UK Payments Administration.

Journal Service ~

Member of the editorial advisory board for Information Management & Computer Security. Reviewer for Computers & Security and The Computer Journal (all 2009-present).

Qualifications ~

I earned a B.Sc. (with Honors) in Computer Science from Oxford Brookes University and an MBA from the Goizueta Business School at Emory University. My MBA advisor was Prof. Benn Konsynski. Additionally, I have achieved five professional certifications in information security, security architecture, security management, and IT audit.

Work Experience ~

Vice President at Morgan Stanley. Previously Assistant Vice President at Equifax. I have also held full-time positions at Barclays Capital and Deutsche Bank.