President & Acting CEO
ISAG
Mr. Winkler is recognized as one of the world's experts in Internet security, information warfare, information-related crime investigation, and industrial espionage. He is a specialist in penetration testing, where he infiltrates companies, both technically and physically, to find and repair an organization's weaknesses.
Prior to becoming founder and president of the Internet Security Advisors Group (ISAG), Mr. Winkler was Director of Technology at the International Computer Security Association (ICSA). ICSA (www.icsa.net) is a leading provider of security assurance, product certification, training, and information services, also functioning as an industry association with several thousand members. At the ICSA, Mr. Winkler was responsible for managing the Association's laboratories and led the team establishing certification criteria for Internet firewalls.
Mr. Winkler began his career at the National Security Agency (NSA), where he performed cryptanalysis and was responsible for systems design and implementing security elements in intelligence collection and analysis systems. Subsequent to his work at the NSA, he served as a consultant with government contractors, designing and implementing security systems throughout the intelligence community. While working with the government, he realized how vulnerable large computer systems are to unauthorized entry and alteration, and that this problem could cost businesses billions of dollars annually.
Mr. Winkler is the author of Corporate Espionage, (Prima Publishing, 1997), which describes the challenges of doing business in the digital age. He is the co-author of a new bestseller, Through the Eyes of the Enemy, which details the intelligence aspect of the cold war and the emergence of the Russian mafia as a national security threat. He has also written more than 70 articles and white papers on corporate security issues.
Topic:
Zen and the Art of Information Security
The biggest problem in corporate information security is the people performing the work. I have found that there are people outside the security field, and even many people inside the field, who think they know what they need to know about security but clearly don’t. Additionally, some people know a great deal about one aspect of security, but are woefully weak in other aspects and don’t know it (or want to know it). Because of this phenomenon, most organizations have a very false sense of security. Using entertaining analogies from martial arts and psychology, this presentation discusses this critical security failing. Attendees will learn how to tell if they are dealing with people who are properly skilled, and how to plan their security programs accordingly.