Résumé

Cambridge Infosec Associates, Inc is a consultancy that works with senior business and government leadership to leverage internal resources - across disciplines of information and physical security - and commercially available intelligence products to mitigate risk.

As CEO and co-founder of CIAI, Nick helps large end-user organizations and government entities leverage and combine existing information security and physical security assets and external intelligence sources to have a broad, actionable and horizontal view into information that affects global risk posture.

CIAI helps enterprise and government end users better understand the offerings of information technology and physical security products. It also works on issues related to cyber security policy.

Cambridge Infosec helps enterprise information security vendors understand the competitive environment in which they do business. It does not do marketing or communications, nor does it write white papers. It does help vendor senior management and boards better articulate and differentiate their offerings and focus their strategies and tactics.

Current end user customers are in the banking and manufacturing industries and national governments. Vendor customers include those in the fields of secure mobile transactions, physical security, penetration testing, vulnerability analysis and security assessment, enterprise security information management, log management, and large-scale network access control technologies.

IANS is a research company that focuses exclusively on the fields of information security, regulatory compliance and IT risk management. IANS mission is to deliver technical and business insights that assist our clients in solving their most pressing problems. IANS serves its clients through a unique 'bottom-up' research methodology. The combination of our world-class Faculty and closed community of end-users, drive IANS' insights, curriculum and dialogues.

As an IANS Faculty Member, Nick works (at annual IANS forums in New York, Washington DC, Dallas, Chicago, San Francisco and Boston as well as in one-on-one meetings with security stakeholders) with information security leaders from throughout the Fortune 500, providing thought leadershiup and expertise on a range of practical issues they face each day, specifically including data leakage and classification, penetration testing, intelligence gathering and analysis, security operations and other important issues. Nick also helps IANS delegates by drawing on his growing expertise in the field of security convergence, and benchmarking performance of security organizations within very large enterprises.

From October, 2005, I have been building and now lead the Enterprise Security Practice at independent industry analyst firm, The 451 Group. I engage regularly with vendors, end users and the investment community in 451 Strategic Counsel sessions: interactions focused within the enterprise IT arena covering key market drivers for important emerging market/technology segments, competitive environment dynamics surrounding innovative vendor companies, company/technology positioning factors, feedback on go-to-market strategies for enterprise IT vendor companies, and, for financial community clients, discussion of upside and downside factors related to investing in specific emerging technology segments.

Every week I provide three to six reports, from 1000 to 1500 words in length, of analysis for 451's core syndicated research services - 451 Market Insight Service, which delivers daily insight into emerging enterprise IT markets, and 451 TechDealmaker, a forward-looking weekly analysis service focused on M&A activity within the enterprise IT business.

Additionally, I am the lead author of The 451 Security Quarterly, about 50 to 70 pages in length and covering review and forward-looking trends in IT security plus a deep dive into a topic of intense interest. In 2007 these topics included enterprise security information management, anti-fraud and anti-money-laundering, network access control and mobile device security.

I am responsible for recruitment, hiring and training of new hires, as well as setting out the coverage and focus for The 451 Group. Finally, as part of my responsibilities I engage in training, studying security, hacking, exploits and intrusion detection/prevention, as well as training and building up a team of analysts and associates.

Areas of Coverage
For a complete description of The 451 Group's Enterprise Security Practice, and a graphical taxonomy of our coverage, visit the 451's Security Practice website.

I regularly speak with vendors and analyze business and technology in IT security subsectors including

• anti-malware and messaging hygiene
• intrusion detection (IDS)
• intrusion prevention (IPS)
• enterprise security information management (ESIM), security information management (SEM) and log management
• anti-data leakage
• anti-money laundering (AML) and anti-fraud
• penetration testing and fuzzing
• network behavior anomaly detection (NBAD)
• network access control (NAC), posture checking, endpoint integrity and post-admission NAC
• storage security
• secure remote access, encryption and key management
• vulnerability assessment, network visualization, patch management

and various other areas of information technology security.

Provided consulting services and managed team of security assessment and penetration professionals providing wireless, network and physical plant security assessments and penetration tests for SMB customers in compliance-sensitive verticals in and around the capital district of New York State. Wrote analysis and reports for customers; published extensive article on legal requirements of attorneys running wireless networks in the Albany County Bar Association Newsletter.

Supervised all aspects of security for this internet startup, from physical to IT and application security. Managed contractors and programmers providing penetration testing and application penetration testing services, coded and worked with internal and contracted programmers to secure forward facing applications for this high-traffic website providing aviation and travel information to pilot members.