Duderman.com

Welcome to Duderman.com
Menu: \| Home \| Information Security \| Current Projects \| Old Projects \| Public Keys

David C. Smith

Thanks for visiting my page, although it might be at an all-time low with up-to-date content. I have been busy working many projects and not updating the world on a regular basis. My bad! Feel free to contact me at dcsmith [!at!] duderman.com using my public key as necessary.

News
Not too much regular news going on, been busy with lots of projects. Things have been really moving along at HCP Forensics my forensic - expert witness - consulting company. Hmmm - lately, I have spoken at Defcon 15, Shmoocon, and a bunch of smaller conferences and round tables. I have been nominated for the Information Security Executive Mid-Atlantic award, which is pretty exciting. Keep up with my technical and information security ideas on my blog

My Work
For my big cheese, I work at Georgetown University as the CSO / University Information Security Officer. I am responsible for the creation and implementation of Georgetown University's information security plan to provide information assurance to all levels of the organization. I develop and execute the strategic and tactical initiatives to secure systems, processes, and data throughout the University. I direct the development and enforcement of all university information security and privacy policies to be in compliance with federal, state, and local laws plus all applicable regulations. Additional developed security services are organization-wide risk assessments and awareness programs, law enforcement interactions, eDiscovery / forensic investigations, and a fast response incident response team.

I am also a co-founder of a digital investigation company, HCP Forensic Service http://www.hcp-fs.com. It has been a great opportunity to focus on digital forensics investigations and providing expert witness testimony.

My background is in information technology and I found myself successful in information security from being a very security minded engineer, architect, and manager of technical resources. I dislike the "no" mentality that a lot of CSO's take and have found myself very business-functionality oriented in regards to addressing and mitigating business threats and risks. My advice to future CSOs - go to business school, no one wants someone who says "no" all the time and then "told you so".

My educational background is computer science and I am current working on my masters in Information Technology Management. Some of my bigger certs are Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Certified Computer Examiner (CCE) from The International Society of Forensic Computer Examiners. Once upon a time, I was a rocking tech and some of my older certifications are Oracle Certified Professional (OCP) DBA in 1997, Microsoft Certified System Engineer (MCSE) in 1996, and Cisco Certified Network Professional (CCNP/CCNA/CCDA) in 1998-ish.

My resume is available at Linked In under David C. Smith.