Sondra J. Schneider
Founder & CEO
Full Time Professor, Lead PKI Instructor, CISSP, CEH/ Q/EH, ESCA/ Q/SA, Q/PTL, CHFI/ Q/FE, Q/ND, ISO 27001 Lead Auditor, Grant Officer.
A 20-year information security industry veteran, Sondra Schneider is the CEO of Security University, a Tactical Hands-on CyberSecurity Warrior training company providing both SU and Industry's Information Security & Assurance Certifications. For the past 20 years Sondra has been traveling around the world training network professionals to be network and security professionals as a full time professor/CEO. In 2006-2007 Sondra worked tirelessly to update the Security University 2000 AIS certifications (Advanced Information Security Cert) to the new performance based Q/ISP “hands-on” security certifications for the information & assurance community. The new “Qualified” Q/ISP certification, and related Q/EH, Q/SA-Q/PTL, Q/FE & Q/ND Certifications have been selected to be approved by the DoD 8570 proposal committee in early 2011.
In 2005 Ms. Schneider was awarded “Entrepreneur of the year” for the First Annual Woman of Innovation Awards from the CT Technology Council. She is an active advisor for the CT Technology Counsel, and advisers 3 computer security internet (start-up) technology companies and a frequent speaker at computer security and wireless industry events. She is a founding member of the NYC HTCIA and IETF, and works closely with the vendor community to provide information security certification training to comply with the 8570 DoDM mandate.
Ms. Schneider specializes in password and identity management – access, authentication and PKI systems, biometrics, wireless networks and wireless security, network perimeter architecture and security, vulnerability auditing, intrusion detection, and broad band networks. Prior to founding Security University, she was a founding partner of the first information security consulting practice located in New York City ( since acquired by Price Waterhouse/True Secure) where she developed information security consulting, training & certifications processes for Fortune 500 customers and developed and managed Federal IA/IS consulting projects. Ms. Schneider has been a pioneer in information security technologies since 1992 when she began her career delivering 45 mega bit broadband services along the eastern seaboard for first implementation of the “internet” with MFS DataNet. While with MFS DataNet she was part of the team that built the first “downstream ISP provider” market - AOL, PSI Net & Earthlink etc.
After MFS DataNet was acquired in 1993, she left to pursue a new Internet role at ATT as the first ATT Internet Specialist where she used her MFS Datanet internet skills to create and deliver the first internet sites for ATT. Ms Schneider was tasked with educating large (10M+) ATT client accounts about internet access as a business process tool. And in 1995 she was involved with the first ATT branded firewall (Site Patrol) from BBN to protect corporate networks as they deployed Internet access across closed networks. In 1996, she accepted the Director of Business Development position in the Northeast for the WheelGroup Corporation ( since acquired by CISC O in 1997) , where she was responsible for the “introduction and implementation” of the CISC O/ WheelGroup NetRanger intrusion detection and NetSonar network auditing tools product line with large customers and VARs . Capitalizing on her earlier product experience with ATT, she brought real-time intrusion detection systems and tools to financial institutions telcos, healthcare, and Fortune 500 customers.
Niamh Harte - Qualification/ Certification Compliance Program Officer
Wanted Sr. QISP Instructor(s) -
Qualified Instructors wanted in:
Sr. Instructors Qualified/ Information Security Professional QISP
This personw would be is a full time contract/ employee working in the Northern VA area. Responsibilities are teaching Q/EH Qualified/ Ethical Hacking classes, Q/SA Qualified Security Analyst Penetration Testing, Q/NA Qualified/ Network Defender, and Q/FE Qualified/ Forensic Expertwith a Forensic & incident response background.
Ken Cutler CISSP, CISM, CISA Dir. Professional Certification Programs
Sr. Security Instructor & CISSP® Curriculum Manager, Security+
Senior Security Evangelist and Professional Certification Curriculum Manager Security University
Ken Cutler is Director Professional Certification Programs @ Security University (SU). His responsibilities include CyberSecurity and Professional Certification curriculum development and senior lead instructor for SU. He is an internationally recognized consultant, lecturer, and hands-on trainer in the Information Security and IT audit fields. Previously, Ken founded the Information Security curriculum for MIS Training Institute in 1993 and served as training department head, conference/symposium chair, and lead instructor for over 18 years. He has delivered a wide array of lecture and hands-on courses throughout the United States , including numerous US government agencies, as well as, in Russia , United Kingdom , Netherlands , Finland , Nigeria , Ghana , Tunisia , South Africa , Serbia , Mexico , United Arab Emirates , Oman , Greece , Singapore , and Hong Kong .
Previously, Ken has headed major Information Security and Quality Assurance programs at American Express Travel Related Services and Lockheed-Martin (Martin Marietta) and has been a Fortune 500 company Chief Technology Officer (Moore McCormack Resources). His industry experience includes: insurance, banking, financial services, healthcare, natural resources, manufacturing, government contracting, security and audit software product design and utilization, consulting and training.
Mr. Cutler has been a long-time active participant and advisor in US federal, international government, and industry security standards initiatives and co-authored NIST SP 800-41, “Guidelines on Firewalls and Firewall Policy”. Ken has also published works on the intricacies of Information Security, security architecture, disaster recovery planning, wireless security, vulnerability testing, firewalls, and single sign-on. In addition, he has been frequently quoted in popular trade publications such as Healthcare Information Security Newsletter, Computerworld , Information Security Magazine , Infoworld, InformationWeek, CIO Bulletin, and MIS TransMISsion. Mr. Cutler was featured in a special TV program entitled, “The Electronic Battlefield” , on Abu Dhabi , UAE Public TV.
Mr. Cutler is also the Founder and Principal Consultant of KCA InfoSec Assurance, an independent consulting firm delivering a wide array of Information Security and IT Audit management and technical professional services. His input on vulnerability and risk assessment tools has been frequently sought out by major software vendors.
Ken served as a Certified Weather Forecaster in the US Air Force and was decorated for his exemplary performance during his overseas duty assignment in Alaska.
H. Morrow Long, CISSP, CEH, CHFI ( Resume)
Instructor - Qualified/ Information Security Professional Program (Q/ISP)
H. Morrow Long is Director Qualified/ Information Security Professional (Q/ISP) Programs @ SU. Morrow has been a presenter at (and organizer of) several conferences as well as an instructor at Yale University, Fairfield University, the University of New Haven, Gateway Community Technical College and a number of private training institutes.
H. Morrow Long (CISSP, CISM, CEH, Q/EH, Q/SA - Q/PTL, Q/FE, Q/ND) is the Yale University Information Security Officer, Director of the Information Security Office and DMCA Notification Agent for Yale University. He has been with Yale University for the past 23 years, participating in many campus and IT projects (Y2K Planning, Business Continuity/DR, Oracle Financials/HR Business Modernization Project, Yale's Windows NT to Windows 2000 Active Directory Migration Project, HIPAA Security).
Morrow Long is also a Visiting Scientist with the Carnegie Mellon University Software Engineering Institute's in the CERT/Networked Systems Survivability group.
Mr. Long is a UNIX, NT and TCP/IP security expert, an author, consultant and educator with more than 26 years of experience with the IP (Internet Protocol) networking protocols and over 13 years of experience designing Internet/Intranet firewalls and information security solutions.
Morrow has written and released several information security software programs into the public domain (including one of the first TCP portscanners and the first audio Web server CGI cited in Wired magazine).
Morrow has taught computer science, networking and information security courses at several Universities (including Yale, the University of New Haven and Fairfield University) and private seminar institutes (including SecurityUniversity).
Mr. Long was one of the original participants in the Infragard program in Connecticut. Morrow was on the executive board of CUISP (Campus University & Information Security Professionals) and also participates in the EDUCAUSE/I2 Computer/Network Security Task Force (a founder of the annual Educause Security Professionals Conference), CISDG (CT InfoSec Discussion Group) and is President of the Connecticut ISSA Chapter.
Prior to working at Yale University Mr. Long was a Member Technical Staff at the ITT Advanced Technology Labs in Stratford and Shelton (1984-6) Connecticut and a Lead Programmer Analyst developing INVESTWARE(TM) at New England Management Systems (NEMS 1982-84).Mr. Long holds a B.S. in Communications from the Boston University School of Communication (1981) and a M.S. C.I.S. (Computing and Information Systems) from the University of New Haven (1986).
Mr. Long holds a B.S. in Communications from the Boston University School of Communication (1981) and a M.S. C.I.S. (Computing and Information Systems) from the University of New Haven (1986) as well as CISSP®, CISM® and CEH™ certification. Morrow has contributed to several papers and books on computer security, computer crime, digital forensics, network survivability and information assurance.
Kevin Cardwell ( Resume)
Instructor, CEH/QEH, ECSA/QSA, CHFI/QFE
Kevin Cardwell spent 22 years in the U.S. Navy, during this time he tested and evaluated Surveillance and Weapon system software, some of this work was on projects like the Multi-Sensor Torpedo Alertment Processor (MSTRAP), Tactical Decision Support System (TDSS), Computer Aided Dead Reckoning Tracer (CADRT), Advanced Radar Periscope Discrimination and Detection (ARPDD), and the Remote Mine Hunting System (RMHS). He has worked as both software and
systems engineer on a variety of Department of Defense projects and was selected to head the team that built a Network Operations Center (NOC) that provided services to the command ashore and ships at sea in the Norwegian Sea and Atlantic Ocean . He served as the Leading Chief of Information Security at the NOC for six years prior to retiring from the U.S. Navy. During this time he was the leader of a 5 person Red Team that had a 100% success rate at compromising systems and networks.
He currently works as a free-lance consultant and provides consulting services for companies throughout the US , UK and Europe . He is an Adjunct Associate Professor for the University of Maryland University College where he participated in the team that developed the Information Assurance program for Graduate Students which is recognized as a Center of Excellence program by the National Security Agency (NSA). He is an Instructor and Technical Editor for Computer Forensics, and Hacking courses. He has presented at the Blackhat USA Conference. He is a Certified Ethical Hacker (CEH), and holds a BS in Computer Science from National University in California and a MS in Software Engineering from the Southern Methodist University (SMU) in Texas. His current research projects are in Computer Forensic evidence collection on "live" systems, Professional Security Testing and Advanced Rootkit technologies.
Char Sample - Advisor
Dr. Char Sample is has over 19 years of experience in the information security industry, and presently works for CERT at Carnegie Mellon University where she supports various cyber efforts. Dr. Sample recently defended her dissertation on “Culture and Computer Network Attack Behaviors” at Capitol College in Laurel, Maryland.“ Other areas of research interest include: Cloud Computing, Anomaly Detection methods, Big Data, and DNS.
Gale Pomper- Advisor
Gale Pomper has over 25 years of experience installing and designing computer networks. She holds numerous certifications from Microsoft, Novell, and CompTIA, including Server+, MCT, MCSE, MCTS for SharePoint , and MCTS and EMA for Exchange 2007. She is the principal author for an exam guide for Windows 2000 Active Directory published in December 2001, and a contributing author for Windows XP Power Pack published in March 2003. For the past 15 years, Gale has been an independent consultant providing network design services, customized training, and SharePoint implementation services. In 2007, Ms. Pomper took a position working for the Department of Defense as a Global Exploitation and Vulnerability Analyst and is currently a Program Director for her office. She is a CISSP.
Dan Conroy - Advisor Head of Strategy, Planning and Governance Citi
Daniel Conroy was MD & Chief Information Security Officer at The Bank of New York Mellon for four years. In 2009 he received the ‘Best in Class' BNYM award which recognizes individuals/teams who demonstrate a spirit of dedication & ingenuity.
Daniel enhanced monitoring, identification & control within the information security environment through the procurement & implementation of additional software & toolsets. Daniel focused on the increased involvement of organized crime in this arena:* State sponsored cyber threats* Growing insider threats* Legislative initiatives
Daniel's group had responsibility for threat & vulnerability assessments, incident response, security architecture, network monitoring, data loss prevention, policies & standards, security awareness, client assessment/communications, information classification & database monitoring.
In 2010, he was a speaker at the RSA Conference & delivered a presentation on integrating SEIM with network access control. Daniel's project regarding the governance & control of Internal Social Media was awarded a national honor, Best Project in the Information Security category, at Technology Managers Forum in 2010.
Also in 2010, Daniel was a finalist for Information Security Executive of the Year (Northeast Sector) for 2010 at T.E.N. In 2011 Daniel presented at numerous high-profile conferences & events across the United Sates such as the FS-ISAC conference in Miami, FL, IT-GRC summit in Boston, MA & IT Roadmap conferences nationwide & is recognized as an expert in his field. Once again, Daniel & his team were finalists in the ISE North America competition. Daniel has been guest lecturer at the Institute of Technology, Tallaght for several years.In April '11, Daniel featured in CIO Digest magazine with an article titled "Preparing & Adapting".
SU Instructor Metka Dragos, CWNE, CWNA, CWSP, CWAP, CWNE, CISSP, Q/SA- Q/PTL, Q/EH, Instructor / Wireless Advisor
Metka is a highly repected Wireless instructor who is a gifted presenter, She is known for her wit and broad wireless & security technical expertise. She holds over multiple technical certifications including a CISSP, Q/SA CWNE.
Metka Dragos has more than twenty years of experience in IT industry and delivering training programs. Her corporate career included positions in Application Programming, Database Administration, System Administration and Network Engineering. Experience gained from these positions, years of mentoring and certifications from Microsoft, Cisco and CWNP give her unique blend of real life and classroom scenarios that she passionately shares with her students. As a consultant, Metka works with clients in greater Bay Area with a specialty in LAN/WLAN security and analysis.
She holds a B.S. degree in Information Technology, Microsoft MCSE and MCT, Planet3 Wireless CWNE and CWNT and Cisco certifications.
Her outside of technology life is catching up with her family and the rest of the world.
Instructor David Spivey CISCO Security CSE Q/AAP
David brings over 20 years of security related experience with the last 15 with Cisco in a multitude of different security roles. David bring's real-world deployment, implementation, root cause analysis, security posture assessments, and architectures for some of the largest global organizations
Some security engagements that David has been involved with include Microsoft, Intel, GM, Ford, Best Buy, Target, CAT, State Farm, Eli Lilly, Cummins, Wellpoint, United Healthcare and the largest financial institutions. These engagements have included but not limited to IPS, DDoS, PKI, 802.1x/Radius Control Planes, Firewall, Botnet Filtering, Security Posture Audit & Assessments.
David has been instructing for clients, internal Cisco and at external conferences like Secure360 for the last 10 years. He brings real-world examples and experiences to the classroom often discussing what he can in detail for your information analysis.
David graduated from WKU with a Bachelor of Science in Mathematics/Computer Science and has extensive Graduate work within Mathematics Topology and Group Theory disciplines.
SU Instructor Amy Pflug Instructor Q/AAP
Ms. Pflug has over 18 years of experience in the development and implementation of specialized software. Ms. Pflug was a member of the Key Management Infrastructure (KMI) Working Group. This working group had the task of reexamining DOD existing and evolving approaches for provisioning cryptographic key products and services for military, intelligence, governments, allied, contracting and business customers. This Working Group provided an integrated and focused activity to define the KMI architecture and drive future investment. Ms. Pflug conducts Operational Test and Evaluations (OT&E) based on a OT&E Plan and Procedures document that are written to test the each new version of the Certification Authority software for class 4 Public Key Infrastructure (PKI) certificates. This test demonstrated the operational readiness of the Motorola NSM software. NSM software is currently using FORTEZZA® algorithms
Wanted Experienced Ethical Hacker/ Pen Tester Instructor!
SU Instructor Chris Pugrud Instructor Q/CA
Chris is an information security professional with over fifteen years of progressive experience working for Fortune 500 companies and the Federal Government. Chris has expertise in Certification and Accreditation (C&A) work, specifically C&A based on National Institute of Standards and Technology (NIST) guidelines and has taught on this subject matter. Some of the other projects he has completed include Gap Analysis of security infrastructure, security baseline development, firewall/intrusion detection system (IDS) deployment, security assessments, and security awareness training. Chris has supported a wide range of clients that have spanned the globe as well as business sectors including Energy/Power, Healthcare, and Finance/Banking. Most recently, Chris has focused on information security program development, providing this service to his clients as well as internally within his own organization. Mr. Alward also has experience developing security policies for large organizations.
TAP Laision/ Dir of Business Development & Client Success
SU Advisor Forensics
Frederick Haggerty, Security+, CEH, CHFI, Q/FE
Frederick Haggerty is an accomplished Senior Java/J2EE Developer with 15+ years of experience in providing technical solutions that improve scalability, performance, and productivity for a variety of organizations.
As a Senior Java/J2EE Developer, Frederick h as extensive experience in building mission critical web-based systems — providing enterprise application integration, designing and implementing solutions using SOA and Web Services, and integrating technologies like JAAS and JSF, Spring and Hibernate, and a variety of other Java frameworks. He has also been involved in all phases of Software Development Life Cycle (SDLC) for small and large scale projects.
Frederick's areas of technical expertise include designing and implementing secure web-based systems, using middleware technologies, implementing the Role Based Access Control (RBAC) security model using Java Authentication and Authorization Service (JAAS) to secure Java applications, and building Enterprise Service Bus (ESB) applications. His experience also includes designing, developing, and building secure web services with JAX-WS/JAXB and SAML authentication (X509 Certificates, LDAP), which allows for logging, monitoring and alerting, and ensuring strict compliance to the Privacy Act for PII data.
Throughout his career, Frederick has supported a wide range of clients that have spanned many areas such as DOD, law enforcement (FBI/NCIS), and DOI, as well as non-profit organizations.
Most recently, Frederick has focused primarily on digital forensics and information security program development, to include security policy development for small and medium organizations. He has combined his expert knowledge in building complex systems and his technical proficiency in information security to help companies achieve an overall better security posture.
SU Instructor Glen Sturtz Instructor Q/CA, CISSP Navy Validator
Mr. Strutz is an information security professional with over ten years of progressive experience working for Fortune 500 companies and the Federal Government. In addition to experience and has continually pursued technical and non-technical industry certifications as appropriate including the CISSP (ISC2), Throughout his career, Glen has supported a wide range of clients that have spanned the globe as well as business sectors including , Healthcare, and Finance/Banking, Energy/Power. Most recently, has focused on information security program development, providing this service to his clients. Glen has expertise in Certification and Accreditation (C&A) work, specifically C&A based on National Institute of Standards and Technology (NIST) guidelines and has taught on this subject matter. Some of the other projects he has completed include Gap Analysis of security infrastructure, security baseline development, firewall/intrusion detection system (IDS) deployment, security assessments, and security awareness training. Glen also has experience developing security policies for large organizations.
SU Instructor Michael Penders ISO 27001 Lead Auditor/ Lead Implementer
Michael J. Penders Esq. Michael Penders is Chairman of Environmental Security International (ESI) L3C. He has managed advanced investigations, developed standards for integrated Security Management Systems (SMS), and tested their application in numerous critical infrastructure sectors. Mr. Penders led assessment teams at Critical Infrastructure facilities in the private and public sectors. He has directed investigations into acts of terrorism, organized crime, industrial sabotage, and security risks around the world, and facilitated implementation of risk management and compliance programs. Mr. Penders chaired the international group of experts which developed the first standard for integrated Security Management Systems (SMS). This approach has been adopted in several international standards such as ISO 27000, ISO 28000, ISO 31000, and ISO 26000, as well as environmental and security regulations, and guidance for best management practices. Mr. Penders has served on several ISO and ANAB committees and working groups, including the DHS Homeland Security Panel and ANSI’s integrated Management System Strategic Advisory Board. ESI clients have been recognized by the American National Accreditation Board (ANAB) for Best Practices in Cyber Security by certification to the international standard: ISO 27001:2005. Mr. Penders has worked with organizations such as DOD, DOE, NATO, EPA the United Nations, the American Chemistry Council, corporations, ports, and public utilities on environmental, security and risk management, related legal and policy issues, including cyber security and deployment of appropriate technologies. Mr. Penders served as Chair of the American Bar Association (ABA) Committee on Homeland Security in the Section of Environment, Energy and Resources (SEER). Previously, he worked as a Prosecutor, Director of Legal Counsel for US EPA’s Criminal Enforcement, and Chairman of the G8 Nations’ Project on international organized crime. Michael has published numerous articles, testified before Congress on National Security and Criminal Justice matters, and spoken at dozens of major conferences around the world. Mr. Penders is a certified Lead Auditor and Implementer for the ISO 27000 series of standards for Best Practices in Implementing Information Security Management Systems (ISMS). He currently works as a consultant for organizations in the financial services, data management, insurance, and public sectors to facilitate implementation of integrated risk management systems which may be certified to ISO standards, designed to assure compliance with applicable laws, Executive Orders, and government programs such as PS Prep, CFATS and CTPAT.
WANTED - Interns
Looking for an internship in the information security industry? Security University is the place for you! Security University is a small company looking for help in Herndon, VA area.
Security University specializes exclusively in information assurance (IA) security certification training. We're passionate about security. Our internship program allows talented college students to learn our business by supporting customers by supporting the administration of our internal systems, and public relations to the Security University community of users.
As an Security University Intern you will be given a real project to work with Security University attendees that are interested in persuing their Qualified Information Security Professional (QISP) Credential. You'll attend one of our computer security classes and will receive mentoring from the team management at Security University. You'll learn about computer security and writing secure code from the experts.
Security University internships frequently start as part time employment during the school year and are full time over the summer. Summer only internships are also available.
Absolutely non-negotiable requirements:
Excellent command of written and spoken English
Top grades or a track record of success
Permanent legal right to work in the United States. student visas (J1, F1, etc) cannot be considered.
Currently enrolled in a 4 year academic institution or Master's program having at least completed your sophomore year.
Significant coursework in Computer Science (major not required)
Knowledge of Java or .NET and at least one other common programming language
Top notch computer programming and testing skills.
Position is in our office in Reston VA location telecommuting optional
To apply for any of these positions, please email us at careers (at) securityuniversity.(dot) net , attaching a current resume in HTML, Word, Plain Text or PDF format. In the body of the email, indicate the position you are interested in and explain why you would be a good fit for this job. If you have a website, send us the URL.
Security University does not discriminate in employment matters on the basis of race, color, religion, gender, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, disability, or any other protected class. We support workplace diversity.
Stephen Gantz, CISSP
Stephen Gantz, CISSP, is the senior architect for Roundarch, a systems integrator specializing in the development and delivery of enterprise portal and integration solutions. He also leads Roundarch's security practice, which focuses on application security, security architecture, and compliance with civilian and DoD security policies. Steve has 12 years' experience in technology-related professional services and software development, primarily as an IT architect designing e-commerce, enterprise application integration, customer relationship management, and security systems and infrastructures.
Steve's industry expertise includes federal civilian and state government, financial services, insurance, retail, telecommunications, and higher education. His areas of technical expertise include customer relationship management (CRM) and enterprise resource planning (ERP) applications, middleware technologies, security and e-commerce systems architecture, and data transport and exchange using EDI and XML. He is a regular speaker at industry events on enterprise application integration, e-Commerce, and XML. He holds a Masters Degree in technology policy from the John F. Kennedy School of Government at Harvard University, as well as a Bachelors degree in applied mathematics and statistics from Harvard.
Jeremy Alward CISSP, CISM, PMP, Q/EH ( on Sabbatical)
Mr. Alward is an information security professional with over ten years of progressive experience working for Fortune 500 companies and the Federal Government. In addition to experience, Mr. Alward has achieved a Masters of Science in Information Systems from Drexel University, and has continually pursued technical and non-technical industry certifications as appropriate including the CISSP (ISC2), CISM (ISACA), CGEIT (ISACA), ITIL Foundations, and the RHCE (Red Hat). Throughout his career, Mr. Alward has supported a wide range of clients that have spanned the globe as well as business sectors including Energy/Power, Healthcare, and Finance/Banking. Most recently, Mr. Alward has focused on information security program development, providing this service to his clients as well as internally within his own organization. Mr. Alward has expertise in Certification and Accreditation (C&A) work, specifically C&A based on National Institute of Standards and Technology (NIST) guidelines and has taught on this subject matter. Some of the other projects he has completed include Gap Analysis of security infrastructure, security baseline development, firewall/intrusion detection system (IDS) deployment, security assessments, and security awareness training. Mr. Alward also has experience developing security policies for large organizations.
CND Instructors WANTED Must have
CISSP, Security+, Q/EH, Q/SA -Q/PTL, Q/FE, Q/ND
James Keegan - Future Q/EH Instructor.