Andrew Stewart - Information Security Professional

Andrew Stewart
Information Security Professional

Email:
andrew_j_stewart@mac.com

Homepage:
http://homepage.mac.com/andrew_j_stewart

Linkedin:
http://linkedin.com/in/andrewstewart

By considering economic factors and questioning conventional wisdom, my work describes how organizations can make better security decisions. My current personal research interests are enterprise-scale security engineering and the ontology of security spending strategies. Past research topics include the commoditization of information security technologies, perception of security risks, visualization in network security, and security policies.

Books ~

A. Shostack and A. Stewart, The New School of Information Security, Addison-Wesley Professional, 238 pp., March 2008.

      - The book contains 50 pages of references and a 15 page bibliography.

      - Reviewed in IEEE Cipher, the newsletter of the IEEE Technical Committee on Security & Privacy.

      - Achieved an Amazon.com sales rank of #312 (#1 in Internet, Network Security, Information Systems, Encryption, and Privacy categories).

      - Used as a course text at Syracuse University, City University of Seattle, and at The Heinz School of Public Policy and Management at Carnegie Mellon University.

Refereed Conference Papers ~

A. Stewart, "Efficient visualization of change events in enterprise networks," Proc. IEEE Workshop on Enterprise Network Security, Baltimore, MD, August 28, 2006.

Refereed Journal Publications ~

A. Stewart, "A contemporary approach to network vulnerability assessment," Network Security, Vol. 2005, Issue 8, pp. 7-10, April 2005.
A. Stewart, "Information security technologies as a commodity input," Information Management & Computer Security, Vol. 13, No. 1, pp. 5-15, March 2005.
A. Stewart, "On risk: perception and direction," Computers & Security, Vol. 23, No. 5, pp. 362-370, July 2004. This paper is referenced in the book Security Metrics (2007), the book Decision-making in Complex Environments (2007) and is cited in several research articles including "Incentives and Perceptions of Information Security Risks" by Konsynski et al. (2008).
A. Stewart, "No illusions: rethinking information security policies and standards," Information Security Bulletin, Vol. 8, Issue 6, pp. 229-234, July 2003.

Invited Lectures ~

I have spoken at GCHQ (UK Government Communications Headquarters) for their Communications-Electronics Security Group, and to the UK Payments Administration.

Journal Service ~

Member of the editorial advisory board for Information Management & Computer Security. Reviewer for Computers & Security and The Computer Journal (all 2009-present).

Qualifications ~

I earned a B.Sc. (with Honors) in Computer Science from Oxford Brookes University and an MBA from the Goizueta Business School at Emory University. The advisor for my MBA was Prof. Benn Konsynski. Additionally, I have achieved five professional certifications in information security, security architecture, security management, and IT audit.

Work Experience ~

Vice President at Morgan Stanley. Previously Assistant Vice President at Equifax. I have also held full-time positions at Barclays Capital and Deutsche Bank.