Andrew Stewart - Information Security Professional, Author

Andrew Stewart
Information Security Professional, Author

Email:
andrewinfosec@gmail.com

Google+:
http://goo.gl/PxiB8

Linkedin:
http://linkedin.com/in/andrewinfosec

GitHub:
https://github.com/andrewinfosec

By considering economic factors and questioning conventional wisdom, my work describes how organizations can make better security decisions. Past research topics include the ontology of security spending strategies, visualization in network security, vulnerability assessment, commoditization of information security technologies, perception of security risks, and security policies.

Books ~

A. Shostack and A. Stewart, The New School of Information Security, Addison-Wesley Professional, 238 pp., March 2008.

      - The book contains 50 pages of references and a 15 page bibliography.

      - Reviewed in IEEE Cipher, the newsletter of the IEEE Technical Committee on Security & Privacy.

      - Achieved an Amazon.com sales rank of #312 (#1 in Internet, Network Security, Information Systems, Encryption, and Privacy categories).

      - Used as a course text at Syracuse University, City University of Seattle, and at The Heinz School of Public Policy and Management at Carnegie Mellon University.

      - Translated into Korean and Portuguese.

      - Reprinted three times, including a softback edition.

Refereed Conference Papers ~

A. Stewart, 'Efficient visualization of change events in enterprise networks,' Proc. IEEE Workshop on Enterprise Network Security, Baltimore, MD, August 28, 2006. The Perl source code for the tool described in the paper is available here.

Refereed Journal Publications ~

A. Stewart, 'A contemporary approach to network vulnerability assessment,' Network Security, Vol. 2005, Issue 8, pp. 7-10, April 2005.
A. Stewart, 'Information security technologies as a commodity input,' Information Management & Computer Security, Vol. 13, No. 1, pp. 5-15, March 2005.
A. Stewart, 'On risk: perception and direction,' Computers & Security, Vol. 23, No. 5, pp. 362-370, July 2004. This paper is referenced in the book Security Metrics (2007), the book Decision-making in Complex Environments (2007), and is cited in several research articles.
A. Stewart, 'No illusions: rethinking information security policies and standards,' Information Security Bulletin, Vol. 8, Issue 6, pp. 229-234, July 2003.

Thesis ~

A. Stewart, 'Can spending on information security be justified? Evaluating the security spending decision from the perspective of a rational actor,' submitted in partial fulfillment of the requirements for the degree of Master of Business Administration, February 2009.

Invited Talks ~

I have spoken at GCHQ (UK Government Communications Headquarters) for their Communications-Electronics Security Group, and to the UK Payments Administration.

Journal Service ~

Member of the editorial advisory board for Information Management & Computer Security. Reviewer for Computers & Security and The Computer Journal (all 2009-present).

Academic Qualifications ~

MBA from the Goizueta Business School at Emory University (2009). The advisor for my MBA independent study project was Prof. Benn Konsynski.
B.Sc (Hons.) in Computer Science from Oxford Brookes University (1998).
Additionally, I have achieved five professional certifications in information security, security architecture, security management, and IT audit (the CISSP, ISSAP, ISSMP, CISM, and CISA).

Professional Experience ~

My professional focus is investment banking. Currently a Vice President at Morgan Stanley (2007-present), I have also held full-time positions at Deutsche Bank and Barclays Capital.

Avocations ~

In 2011 I ran 500 miles. My current pastimes are snowboarding and programming in Ruby.