Rebecca Herold

Rebecca Herold, CISM, CISSP, CISA, CIPP, FLMI

Rebecca is an information privacy, security and compliance consultant, author and instructor who has provided assistance, advice, services, tools and products to organizations in a wide range of industries during the past two decades. Rebecca is a widely recognized and respected information security, privacy and compliance expert. Some of her awards and recognitions include the following:

• InformationSecurityBuzz named Rebecca Top 2 Female Infosec Leaders to Follow on Twitter in 2014
• Peerlyst named Rebecca Top 5 female Infosec leaders to follow on Twitter in 2014
• Tripwire name me a Top InfoSec Rising Star in 2013
• Rebecca was named to the Medical Devices Group Advisory Board in 2013
• Rebecca named to the ISACA International Privacy Task Force in 2013
• Rebecca was named on Tripwire’s list of InfoSec’s Rising Stars and Hidden Gems: The Top 15 Educators in July, 2013
• Rebecca was ranked at #2 in July, 2013 on Information Security Buzz’s list of Top 25 Female Infosec Leaders to Follow on Twitter
• Rebecca was named a Privacy by Design (PbD) Ambassador by Ontario Privacy Commissioner Dr. Anne Cavoukian in 2012
• Rebecca has been named one of the “Best Privacy Advisers in the World” multiple times in recent years by Computerworld magazine, most recently ranking #3 in the world in the last rankings provided.
• In 2012 Rebecca was named one of the most influential people and groups in online privacy by Techopedia.com
• In 2011 Rebecca’s blog was named in the “Top 50 HIPAA Blogs” by Medicine E-Learning
• In 2008 Rebecca’s blog was named one of the “Top 50 Internet Security Blogs” by the Daily Netizen.
• Rebecca was named one of the “Top 59 Influencers in IT Security” for 2007 by IT Security magazine.
• The information security program Rebecca created for Principal Financial Group, where she worked for 12 years, received the 1998 CSI Information Security Program of the Year Award.
• Rebecca is a member of several Advisory Boards, including the prestigious Editorial Advisory Board for Elsevier’s “Computers & Security” journal
• Rebecca has been named one of the “Best Privacy Advisers In The World” multiple times in recent years by Computerworld magazine.
• In 2008 Rebecca’s blog was named one of the “Top 50 Internet Security Blogs” by the Daily Netizen.
• Rebecca was named one of the “Top 59 Influencers in IT Security” for 2007 by IT Security magazine.
• The information security program Rebecca created for Principal Financial Group, where she worked for 12 years, received the 1998 CSI Information Security Program of the Year Award.
• Rebecca is a member of several Advisory Boards, including the prestigious Editorial Advisory Board for Elsevier’s “Computers & Security” journal

Rebecca’s Most Recent Book

Rebecca was one of the first practitioners to be responsible for both information security and privacy within a large organization, in 1994 in a multi-national insurance and financial organization.

In 2008 Rebecca helped the European ENISA to create their well received “Obtaining support and funding from senior management,” which used much of her “Managing and Information Security and Privacy Awareness and Training Program” information.

In 2009, Rebecca was asked to lead the NIST Smart Grid privacy subgroup, where she also led the Privacy Impact Assessment (PIA) for the home to utility activity, the very first performed in the electric utilities industry. Rebecca recently launched the Compliance Helper service http://www.ComplianceHelper.com) to help healthcare organizations and their business associates to meet their HIPAA, HITECH and other information security and privacy compliance and risk mitigation requirements. In September 2010 Rebecca was asked to provide a 1-day Smart Grid privacy briefing to the California Public Utilities Commission.

Rebecca assists organizations of all sizes and industries throughout the world with their information privacy, security and regulatory compliance programs, content development, and strategy development and implementation through a large variety of tools and services. She offers a range of standard and customized one and two-day workshops including one addressing how individuals across disciplines can work together to most effectively assure privacy and regulatory compliance while efficiently implementing security controls.

Rebecca was an Adjunct Professor for the Norwich University Master of Science in Information Security and Assurance (MSISA) program for 9 years, and also created curriculum for some of the classes within the Norwich MSISA program.

Rebecca has created customized 1- and 2-day training for the specific needs of many different organizations. Rebecca is the creator and editor of the “Protecting Information” multi-media security and awareness quarterly publication.

Rebecca currently serves on the advisory boards for Alvenda (an ecommerce technology company), Subroshare (a subrogation technology tools company), Wombat Security Technologies (an online information security training company), was invited to be on the prestigious IEEE ISTAS10 program committee, and was on the Norwich University Journal of Information Assurance Board of Review. Rebecca has served as a board and council member of various other organizations, such as MaxMD and I’D Check. Rebecca is also currently participating in the NIST standards committee to help create information security and privacy standards and practices for the U.S. Smart Grid. Rebecca also is often invited to participate in unique activities, such as serving as a preliminary judge for the 2009 American Business Awards.

Rebecca is frequently interviewed and quoted in diverse publications such as IAPP Privacy Advisor, BNA Privacy & Security Law Report, Wired, Popular Science, CUinfosecurity, Bankinfosecurity, SearchWinIT, Consumer Financial Services Law Report, Computerworld, hcPro Briefings on HIPAA, SC Magazine, SearchSecurity, Information Security, Business 2.0, Disaster Resource Guide, The Boston Herald, Pharmaceutical Formulation and Quality, IT Business Edge, Fortifying Network Security, IT Architect, CIO Strategy Center, Physicians Weekly, IEEE’s Intelligent Systems, IEEE’s Security and Privacy Journal; Cutter IT Journal, Health Information Compliance Insider, Baseline, Western Michigan Business Review and others, including several radio interviews and broadcasts including on MyTechnologyLawyer.com, the “Privacy Piracy” California radio broadcast and the “Michigan Technology News” radio broadcast