Perspectives of a Security Maverick written by Kenneth F. Belva

Kenneth F. Belva

Kenneth F. Belva is the Publisher and Editor-in-Chief of He currently works full-time at a multinational conglomerate in the financial services vertical conducting both technical and non-technical risk assessments focusing on web-based application security while helping deliver security solutions to the business units within his division.

Previously he managed an Information Technology Risk Management Program for a state-sponsered foreign bank whose assets are Billions of dollars where he reports directly to the Senior Vice President and Deputy General Manager (CFO). recognized him as one of the top information security influencers in 2007.

In 2009, he was published in the Information Security Management Handbook, Sixth Edition, edited by Hal Tipton and Micki Krause. He also co-authored one of the central chapters in Enterprise Information Security and Privacy, edited by Warren Axelrod, Jennifer L. Bayuk and Daniel Schutzer.

He was previously on the board of the Board of the New York Metro Chapter of the Information Systems Security Association (ISSA) where he served in various capacities over the past 9 years. In 2009 he was Vice President. In 2008, he served as an Advisor to the Board. During 2006-2007 he was the Chair of the Public Relations Committee as an active Board Member. In this role Mr. Belva was in charge of communication between the Chapter and other information security related professional organizations.

He has spoken and moderated at the United Nations as well as presented on AT&T’s Internet Security News Network (ISNN) on discovering unknown web application vulnerabilities as well as being interviewed on security enablement.

He recently co-authored a paper entitled “Creating Business Through Virtual Trust: How to Gain and Sustain a Competitive Advantage Using Information Security” with Sam Dekay of The Bank of New York. In 2005 he authored the contrarian paper: “How It’s Difficult to Ruin A Good Name: An Analysis of Reputation Risk” which was a leading paper on the impact of security breaches on stock prices.

He taught as an Adjunct Professor in the Business Computer Systems Department at the State University of New York at Farmingdale. Mr. Belva is credited by Microsoft and IBM for discovering vulnerabilities in their software. He is the author of the chapter “Encryption in XML” in Hackproofing XML published by Syngress.

Mr. Belva holds the Certified Information Systems Security Professional (CISSP). He previously held the Certified Ethical Hacker (CEH) certification and has passed the Certified Information Security Manager (CISM) exam.

Mr. Belva frequently presents at information security conferences around the US as well as globally. He writes on day-to-day information security experiences in a non-essay format at He can be followed on twitter @infosecmaverick.

CISSP-squared: Passing the Exam a Decade Later

– In February 2003 I took and passed the CISSP exam. As much as the CISSP is the current industry gold standard (as a colleague of mine recently reminded me) it had even more prestige in 2003. Worldwide there were less that 45,000 certification holders in 2003 and it was the hallmark of excellence.…

The CIA Triad: Theory and Practice

– Recently published an article by Warren Axelrod entitled, It’s About Availability and Integrity (not so much Confidentiality). It appears that the article generated a bit of controversy with a response by Jim Bird entitled, It’s About Confidentiality and Integrity (not so much…

H1N1 Threat Overblown? Information Security Relevance? A Logic Proof

– “H1N1 was totally overblown. Nothing really terrible happened. No one suffered a pandemic and the resulting deaths were less in number than the deaths from the regular flu.” That’s a paraphrase of what some colleagues said to me. This sentiment is now echoed in the mainstream…

Cloud Computing Security at Newsweek

– Daniel Lyons will publish an op-ed on the insecurity of cloud computing in Newsweek‘s February 1st, 2010 issue. The  main thrust of the article can be summarized as such: But there is one big, glaring problem with cloud computing, and it just got laid bare in Google’s recent problems…

MISTI: InfoSec World Conference & Expo 2010

– MIS Training Institute Presents… InfoSec World Conference & Expo 2010 April 19-21, 2010, Disney’s Coronado Springs Resort, Orlando, FL The event features over 70 sessions, dozens of case studies, 9 tracks (including a hands-on hacking techniques track), 12 in-depth workshops, 3…