ISC2® Appoints Advisor to Advocate Secure Software Development

Secure Software Veteran Mano Paul to Shine Light on Software Vulnerabilities and
Solutions


PALM HARBOR, Fla.--(Business Wire)--
(ISC)2® ("ISC-squared"), the not-for-profit global leader in educating and
certifying information security professionals throughout their careers with more
than 66,000 members worldwide, today announced the appointment of Mano Paul,
CISSP, CSSLP as its software assurance advisor. 

In this role, Paul will advise organizations on software assurance strategy,
education and certification, as well as speak on behalf of (ISC)2 at events and
conferences around the world on software assurance topics. His mission is to
heighten awareness regarding the proliferation of security vulnerabilities
resulting from insufficient software lifecycle development processes as well as
solutions. 

Research from Gartner Group indicates that more than 70 percent of security
vulnerabilities exist at the application layer.1 According to the 2008 (ISC)²
Global Information Security Workforce Study, insecure software resulted in an
average loss of $50 to $200 per record, not including reputation damage and loss
of trust. An IBM study found that the gain in `baking in` security early on in
the software development lifecycle is about 100 times more favorable than when
the software product is released.2

Paul has more than 10 years of experience in information security, software
assurance and software development, with responsibilities that include designing
and developing security programs from compliance to coding, security in the
software development lifecycle, and providing risk management, security strategy
and security awareness and education. He is the founder of two companies:
SecuRisk Solutions, which specializes in security product development and
consulting, and Express Certifications, a professional certification assessment
and training company. 

Before founding his two companies, Paul worked for Dell, Inc. in a variety of
security and software positions, including software developer to technical
architect, global application security consultant, senior global security
program manager, and workforce strategist for both IT and the business. He is a
contributing author for the Information Security Management Handbook, writes
periodically for information security and certification magazines, and has
participated in and contributed to several security articles for the Microsoft
Solutions Developer Network (MSDN). 

Additionally, Paul has been featured at numerous security conferences around the
world as an invited speaker and panelist, delivering keynotes and talks to such
conferences as CSI, SC World Congress, Burton Group Catalyst and OWASP. He is
also an appointed faculty member and served as the industry liaison for the
Capitol of Texas Information Systems Security Association (ISSA) chapter. 

Paul is a Certified Secure Software Lifecycle Professional (CSSLPCM) and
Certified Information Systems Security Professional (CISSP®), both (ISC)2
certifications. He also holds the MCAD, MCSD, CompTIA`s Network+ and ECSA
certifications. 

"Although Mano has been advising (ISC)2 informally for the past year, his
contributions have become so invaluable that we wanted to formalize the
relationship by appointing him our software assurance advisor," said W. Hord
Tipton, CISSP-ISSEP, CAP, CISA, executive director of (ISC)2. "We are pleased
that Mano has accepted this role and will continue to raise awareness of the
critical issue of insecure software." 

Paul has already undertaken a number of tasks for (ISC)2, including creating the
online self-assessment tool known as studISCope, authoring the upcoming Official
(ISC)2 Guide to the CSSLP, collaborating on the development of the CSSLP
curriculum, establishing and fostering relationships between (ISC)2 and other
professional security organizations, and writing several white papers
underscoring the need for software assurance. In his software assurance advisor
role, he will continue many of these pursuits in addition to speaking
engagements and other opportunities as they arise. 

"I have been involved with various (ISC)2 initiatives for some time and am proud
of the outstanding work the organization has done and continues to do to further
the cause of software assurance," Paul said. "My role as software assurance
advisor will enable me to provide guidance on critical software security issues
as well as technical expertise for a range of products and services." 

About (ISC)²

(ISC)2® is globally recognized as the largest membership body of and as the Gold
Standard for certifying information security professionals. Celebrating its 20th
anniversary, (ISC)² has over 66,000 certified members in more than 130
countries. Based in Palm Harbor, Florida, USA, with offices in Washington, D.C.,
London, Hong Kong and Tokyo, (ISC)2 issues the Certified Information Systems
Security Professional (CISSP®) and related concentrations, Certified Secure
Software Lifecycle Professional (CSSLPCM), Certification and Accreditation
Professional (CAP®), and Systems Security Certified Practitioner (SSCP®)
credentials to those meeting necessary competency requirements. (ISC)²`s CISSP
and related concentrations, CAP, and the SSCP certifications are among the first
information technology credentials to meet the stringent requirements of
ANSI/ISO/IEC Standard 17024, a global benchmark for assessing and certifying
personnel. (ISC)² also offers a continuing professional education program, a
portfolio of education products and services based upon (ISC)2`s CBK®, a
compendium of information security topics. More information is available at
www.isc2.org. 

© 2009, (ISC)2 Inc. (ISC)², CISSP, ISSAP, ISSMP, ISSEP, and CAP, SSCP and CBK
are registered marks and CSSLP is a service mark of (ISC)², Inc. 

Follow (ISC)2 on Twitter: www.twitter.com/isc2. 

1 John Pescatore, Gartner Group, 2005 

2 Implementing Software Inspections. IBM Systems Sciences Institute

Maples Communications, Inc.
Stephanie Olsen or Mike Kilroy
949-855-3555
solsen@maples.com
mkilroy@maples.com

Copyright Business Wire 2009