About the Author
Lance Hayden is a Solutions Architect and Information Scientist with Cisco System’s World Wide Security Practice. Lance’s insights into security measurement and operations grow out of a unique 20-year professional experience that spans the public, private, and academic sectors. He began his career as a HUMINT officer with the Central Intelligence Agency (CIA) before successfully transitioning from government to the private sector as an information security expert. For more than a decade, Lance has helped Cisco’s customers make more informed decisions about their security operations, reducing risk and uncertainty through consulting and empirical assessment of threats and controls. He has spoken at a variety of security industry events and has written articles for security trade magazines. He holds CISSP and CISM professional certifications.
Lance is also a trained social scientist, holding a Ph.D. in Information Science from the University of Texas, where he teaches courses on Information Security and Surveillance in Society. Lance’s research has explored surveillance and security technologies in social and organizational contexts, and he combines quantitative and qualitative data and analysis to understand these challenging research issues holistically. As an academic, Lance has published articles in conference proceedings and peer-reviewed journals. When he is not working, writing, or teaching, Lance enjoys hanging out at home and riding bikes with his son Wyatt.
About the Case Study Authors
Doug Dexter has been with the Cisco Systems Corporate Information Security Department since 1989. During his tenure, he has done everything from maintain the internal firewalls to lead architecture development for a variety of enterprise-wide solutions. As the Team Lead for Cisco’s internal PKI deployment, he built a team of people and solutions to provide certificates and sign the production code for IP phones, call managers, and cable modems. Since 2005, Doug has been Cisco’s internal Audit Team Lead, responsible for a global team of auditors who handle Cisco’s acquisitions, vulnerability assessments, and site assessments. Prior to working at Cisco, Doug was active duty in the U.S. Army for 11 years and is currently a Major in an Army Reserve Information Assurance unit. He holds an MBA from the University of Texas at Austin with a concentration in Information Systems, Controls, and Assurance, and he is a CISM, CISA, and CISSP-ISSMP.
Mike Burg is a Senior Solutions Architect in the Cisco World Wide Security Practice. He has nearly 20 years of experience in the network security field across many different verticals (health care, education, distribution, aeronautical, environmental). Since 2004, Mike has worked for Cisco Systems helping customers assess, measure, and improve their security architectures and operations. Mike has given many presentations on security-related topics at industry events, partner summits, and Cisco Networkers. Mike is currently the Cisco Technical Lead for Identity Services and for Cisco’s IT Governance Risk, and Compliance (IT GRC) Practice. He is also a senior advisor with Cisco’s Security Posture Assessment Team. Mike graduated from California State University San Bernardino. He is a Cisco Certified Internetwork Expert (CCIE No. 19965).
Caroline Wong manages Strategic Security at Zynga Game Network. She was formerly the Chief of Staff for the Global Information Security Team at eBay, where she built the security metrics program from the ground up. She is well known for her expertise in the area of security metrics and has been a featured speaker at numerous industry conferences, including RSA, Metricon, the Executive Women’s Forum, Archer Summits, and the Information Security Forum. Caroline has contributed as a technical reviewer to the Center for Information Security Consensus Metrics Definitions and is actively working with the Cloud Security Alliance to define metrics for the cloud computing space. She has a B.S. in Electrical Engineering and Computer Sciences from U.C. Berkeley, a Certificate in Finance and Accounting from Stanford’s Executive Education Program, and is CISSP certified.
Craig Blaha is an IT professional with 15 years of experience in education and information technology, including more than a decade in leadership roles for security-related operations and projects. Craig has managed and coordinated special IT and security projects for most of his professional life, focusing on stakeholder involvement and outreach in support of large-scale IT operations. Currently completing his Ph.D. in Information Science at the University of Texas, his professional expertise has also informed his academic career in that he researches and teaches on security, privacy, and information policy. Craig regularly presents his research and experiences in technology program strategy at academic and industry conferences. He holds a variety of certifications, including credentials for ITIL, Project Management, IT and IT Security Leadership, and Incident Response.