Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

CISO Leadership Skills written by Todd Fitzgerald

Todd Fitzgerald

Todd Fitzgerald, CISSP, CISA, CISM serves as a Medicare Systems Security Officer for National Government Services, LLC (NGS), Milwaukee, WI which is the nation’s largest processor of Medicare claims, and subsidiary of WellPoint, Inc. (NYSE:WLP) the nation’s largest health insurer.

Todd co-authored the 2008 ISC2 Press Book Entitled CISO Leadership: Essential Principles For Success. Todd was named as a finalist for the 2005 Midwest Information Security Executive (ISE) of the Year Award, nominee for the national award, Judge for the 2006/08 central region awards, Master of Ceremonies for the 2006 West awards, and has moderated several Executive Alliance Information Security Executive Roundtables. Todd has authored articles on Information Security for The 2007 Official ISC2 Guide to the CISSP Exam, The Information Security Handbook Series (2003-2008), The HIPAA Program Reference Book, Managing an Information Security and Privacy Awareness and Training Program, and several other security-related publications. Todd is also a member of the Editorial Board for ISC2 Journal/Information Systems Security Magazine and Darkreading.com security publication and is frequently called upon to present at international, national, and local conferences such as the Computer Security Institute (CSI) and Management Information Systems Training Institute (MISTI). Todd serves on the Board of Directors for the HIPAA Collaborative of Wisconsin, and is an active leader, participant and presenter in multiple industry associations such as Information Systems Security Association (ISSA), Blue Cross Blue Shield Information Security Advisory Group, CMS/Gartner Security Best Practices Group, Workgroup for Electronic Data Interchange (WEDI), Information Systems Audit and Control Association (ISACA), and others.

Todd has 29 years of Information Technology experience, including 20 years of management. Prior to joining NGS, Todd held various broad-based senior Information Technology management positions for Fortune 500 organizations such as American Airlines, IMS Health, Zeneca (subsidiary of AstraZeneca Pharmaceuticals), Syngenta, as well as prior positions with Blue Cross Blue Shield of Wisconsin.

Todd holds a B.S. in Business Administration from the University of Wisconsin-Lacrosse, serves as an advisor to the College of Business Administration, and holds a MBA with highest honors from Oklahoma State University.

Forget The IT Security Strategy, Just Get R Done!

– In recessionary times, how many organizations say, “We need to send more people to training, increase our travel budgets, and hire some strategy people? ” These activities just don’t happen. Why is that? Let’s say that you are nearing retirement and have put in place a 10…

Business Drivers For Information Security: Who Needs Them Anyway?

– Security needs to be done to protect the information assets from all the hackers, thieves, criminals and people waiting to steal laptops and data as well as those disgruntled employees that are trying to sabotage the networks, right? Everyone knows that, we need to invest much more money to solve…

Being a Government Security CISO: Life in the Fishbowl

– Information Security is Information Security, Right? It shouldn’t matter if the organization needing protection is a government agency operating in the public sector or a private enterprise, should it ? Well, technically, no. Essential security practices should be delivered for whichever…

10 Insights for Playing “Follow the (Security) Leader”

– Many books talk about various dimensions of leadership extracted from the experiences of fortunate individuals that have managed to work their way into the executive ranks of their respective organizations. There are many good security managers in this field, as this is a field that attracts those…

The Evolving Information Security Landscape

– In today’s environment of common nomenclature such as anti-virus, anti-spyware, phishing scams, and identity theft, it would be understandable that a newcomer to the information security profession would believe that the information security profession as it exists today has always been…