Shon Harris provides the unique blend of experience, skills and personality needed to communicate with judges and juries. While experience and credentials are important to validate an expert in the field, the ability to communicate the necessary opinions is just as important.

Review Shon Harris’s Course on Law, Investigations, and Ethics

Shon Harris's CURRICULUM VITAE
Download

Shon Harris, CISSP is the founder and CEO of Logical Security, a computer security consultant, a former engineer in the Air Force’s Information Warfare unit, an instructor and an author. She has authored three best selling CISSP books, was a contributing author to the book Hacker’s Challenge, a contributing author to the book Gray Hat Hacking, a contributing author to the Security Information and Event Management (SIEM) Implementation book and is currently working on a Certified Ethical Hacker (CEH) book. Ms. Harris has developed a full digital information security product series for Pearson publishing. Ms. Harris also works with various law firms as an information security expert witness.

Ms. Harris has consulted for several Fortune 500 companies in the U.S., including American Express, Warner Brothers, Bridgestone\Firestone, CitiBank, CitiFinancial, AOL, Cisco and many more. Her competencies range from setting up risk management programs and developing enterprise network security architectures to constructing enterprise-wide security programs that connects computer security and business needs in a synergistic manner.

Ms. Harris has extensive knowledge and practical experience pertaining to legal and regulatory compliance. She has worked with the largest corporations within the U.S. to become compliant with OCC regulations, SOX, GLBA, HIPAA, PCI and SAS70. Ms. Harris specializes in risk management, governance and the development of and implementation of security metrics. She has published a risk management series through Information Security Magazine and is currently working on a book with McGraw-Hill that connects risk management, security metrics and threat profiling for the information security industry.

Ms. Harris has taught information security to a wide range of clients, some of which have included Microsoft, Department of Defense, Department of Energy, National Security Agency, Bank of America, Defense Information Systems Agency, RSA, U.S. Military Academy at West Point, and many financial institutions.

Ms. Harris was recognized as one of the top 25 women in the Information Security field by Information Security Magazine.

CURRENT
2003-Present: Shon Harris is the founder and chief executive of Logical Security, Inc. Logical Security is an information and computer security consulting and training company. In this role Ms. Harris has managed large consulting teams to develop and implement holistic information security programs in the public and private industries. Her responsibilities include implementing enterprise-wide risk management, compliancy and privacy programs, technology-focused solutions, cryptography solutions, internal auditing, BCP\DR, ITIL, and NIST, ISO 27000 and CobiT frameworks.

Ms. Harris has been responsible for influencing, negotiating, supporting and articulating the balance between information security and current company goals and initiatives in many corporations around the U.S. She has the ability to analyze, evaluate, and quantify the financial impact of specific solutions and map them to the best interests of organizations.

EMPLOYMENT HISTORY
Five years: Information security contractor for G2, Inc. in Washington DC. Managed consulting teams, developed and deployed: risk management programs, enterprise security architectures, regulatory and legal compliancy services and solutions, awareness training programs, risk assessments and analysis processes and procedures, security policies and standards.

Two years: Security engineer in the Air Force Information Warfare Unit in Tacoma, WA. Carried out internal and external network assessments for U.S. bases world-wide. Responsibilities included: performing extensive penetration testing and hacking activities to ensure Air Force military bases and U.S. government systems were safe from information warfare attacks. Recalled to active duty for four months after the 9\11 attacks.

Two years: Trainer and curriculum developer and contractor for Intense School in Ft. Lauderdale, FL. Trained security professionals on the following topics; telecommunications and network security, business continuity, physical security, operational security, enterprise networks, law and regulatory compliance, and secure access control technologies.

Three years: Security engineer for Getronics in Spokane, WA. Responsibilities included: securing networks and computers at bank branches for CitiFinancial in the U.S., Canada, and Mexico, operational security management for CitiBank branches, deploying on-line banking software solutions and consulting services to financial institutions world-wide.

Two years: Resource analyst and network engineer for Software Spectrum in Spokane, WA. Responsibilities included: administrating and maintaining a 500 system network, technical support for various Microsoft operating systems and applications.

PROFESSIONAL CERTIFICATION
CISSP from the International Information Systems Security Certifications Consortium, Inc. (ISC2)2.


PROFESSIONAL TRAINING
Ms. Harris has received extensive professional training from nationally certified instructors in such subjects as: Novell networking, Microsoft operating systems and networking, Cisco networking, telecommunications security, network security, business continuity, physical security, operational security, enterprise networks, legal compliance, security management metrics, ITIL, ISO 27000, internal and external auditing, penetrating testing, and vulnerability management.

PROFESSIONAL AFFILIATIONS
Current:
Institute of Electrical and Electronics Engineers (IEEE)
Information Systems Security Association (ISSA)
Information Systems Audit and Control Association (ISACA)
Infragard
CompTIA
San Antonio Chamber of Commerce

AUTHOR
Ms. Harris is a world-wide recognized expert and published author in the information security field. Ms. Harris has published the following books and products:

Certified Information Systems Security Professional (CISSP) All-In-One Exam Guide (5th Edition)
McGraw Hill (ISBN-10: 978-0-07-160217-4)
CISSP Practice Exams
McGraw Hill (ISBN: 978-0-07-170139-6)
Security Information and Event Management (SIEM) Implementation
McGraw Hill (ISBN-10: 0071701095)
Gray Hat Hacking: The Ethical Hacker’s Handbook (3rd Edition)
McGraw Hill (ISBN: 978-0-07-149568-4)
CISSP Passport
McGraw Hill Publishing (ISBN: 0072225785)
Shon Harris CISSP Solution Set
Logical Security (ASIN: B000VAUVOO)
CISSP Computer Based Training Video Seminar
Logical Security (ASIN: B000VAUVRG)
CISSP Video Mentor
Pearson Publishing (ISBN: 0789740281)
CISSP Cert Flash Cards
Pearson Publishing (ISBN: 0789740354)
CISSP My Information Technology Certification Labs
Pearson Publishing (ISBN: 0789744791)
Shon Harris Systems Security Certified Practitioner (SSCP) Solution Set
Logical Security
SSCP Computer Based Training Video Seminar
Pearson Publishing (ISBN: 0789739909)
SSCP Video Mentor
Pearson Publishing (ISBN: 0789739518)
SSCP Flash Cards
Pearson Publishing (ISBN: 0789739615)
SSCP My Information Technology Certification Labs
Pearson Publishing (ISBN: 0789739712)
Security+ Computer Based Training Video Seminar
Pearson Publishing (ISBN: 078973964X)
Security+ Video Mentor
Pearson Publishing (ISBN: 0789740249)
Security+ Flash Cards
Pearson Publishing (ISBN: 0789740281)
Security+ My Information Technology Certification Labs
Pearson Publishing (ISBN: 0789744759)
CEH Video Mentor
Pearson Publishing (ISBN: 078974029X)
CEH Flash Cards
Pearson Publishing (ISBN: 0789740346)
CEH My Information Technology Certification Labs
Pearson Publishing (ISBN: 0789744775)

PUBLICATIONS

Articles:
“802.11 Security Shortcomings,” WindowsITpro.com, October 2001
“Learning from SQL Slammer,” WindowsITpro.com, July 2003
“How 802.11i Addresses WEP’s Core Deficiencies,” WindowsITpro.com, July 2003
“NIPS and HIPS,” WindowsITpro.com, July 2006
“Vulnerability Management,” TechTarget.com, January 2005
“To Catch a Thief,” TechTarget.com, December 2005
“Role-based Access Controls,” TechTarget.com, May 2007
“A Taxonomy of Malicious Software,” Logical Security, January 2008
“DIACAP Workflow Map,” Logical Security, January 2008
“History of Cryptography,” Logical Security, January 2008
“Attaining True Security - The 360 Model,” Logical Security, January 2008
“Vulnerability Management - Let’s Do It Right This Time!” Logical Security, January 2008
“Self Defending Networks - The New Generation of Protection,” Logical Security, January 2008
“SELinux and AppArmor: An Introductory Comparison,” Logical Security, February 2008
“Reinforcing the Security Policy of Linux Systems,” Logical Security, February 2008
“How do Bots and Botnets Work?,” Logical Security, February 2008
“A Family of EAP’s (or Is It a Flock of EAPs?),” Logical Security, March 2008
“How VoIP Really Works,” Logical Security, March 2008
“What the Botnets Are Netting and for Whom,” Logical Security, March 2008
“Access Control Methods,” Logical Security, March 2008
“Introduction to Elliptic Curve Cryptography,” Logical Security, March 2008
“Introduction to Intrusion Detection Systems,” Logical Security, March 2008
“Base-Rate Fallacy Considerations,” Logical Security, March 2008
“What Are the Dangers of Instant Messaging,” Logical Security, March 2008
“GBL Suggestions,” Logical Security, April 2008
“Malicious Software: Viruses,” Logical Security, May 2008
“VOIP,” Logical Security, August 2008
“Network Scanning Techniques,” Logical Security, September 2008
“An Introduction to Security in Software Development,” Logical Security, September 2008
“Fundamentals of Asterisk,” Logical Security, September 2008
“Firewall,” Logical Security, September 2008
“Security Audit,” Logical Security, September 2008
“3 Attack Vectors: Overview,” Logical Security, September 2008
“3 Attack Vectors: Web Code,” Logical Security, September 2008
“3 Attack Vectors: DB, OS, Hardware,” Logical Security, September 2008
“Multi-Protocol Label Switching (MPLS),” Logical Security, November 2008
“TCP Session Hijacking: the Mitnick Attack,” Logical Security, November 2008
“How SSL Works,” Logical Security, December 2008
“Risk Management Guide,” Tech Target, January 2010
“Handbook of Malicious Code” Logical Security, June 2009
“Security Policies” Logical Security, July 2009
“British Standard 7799” Logical Security, July 2009
“Who’s Who” Logical Security, July 2009
“Gramm-Leach-Bliley Act,” Logical Security, July 2009
“Various Networking Components,” Logical Security, July 2009
“OMB Circular A-123,” Logical Security, July 2009
“Regulation Government Agencies,” Logical Security, July 2009
“An Introduction to Firewalling with iptables and pf,” Logical Security, July 2009
“Passing the Audit,” Logical Security, July 2009
“SOX and Internal Controls,” Logical Security, July 2009
“PCI Standards,” Logical Security, July 2009
“GLBA Compliance Challenges,” Logical Security, July 2009
“Steps to Better Secure Your Mac,” Logical Security, January 2010
“E-mail Threats,” Logical Security, January 2010
“Basic Security Development Issues,” Logical Security, January 2010
“Programming Languages,” Logical Security, January 2010
“Web Security Concepts and Attacks,” Logical Security, January 2010
“XML Security,” Logical Security, January 2010
“Cross Site Scripting Attacks,” Logical Security, January 2010
“Mobile Telephony,” Logical Security, January 2010
“Enterprise Methodologies,” Logical Security, January 2010
“Back to School: IT Training Services,” Logical Security, January 2010
“Role Model,” Logical Security, January 2010
“Introduction to Security Governance,” Logical Security, January 2010
“Risks Associated with Outsourcing,” Logical Security, January 2010
“Denying Denial-Of-Service,” Logical Security, January 2010
“Security Strategies for E-Companies – The Science of Secrets,” Logical Security, January 2010
“802.11 Security Shortcomings,” Logical Security, January 2010
“Learning from SQL Slammer,” Logical Security, January 2010
“Vulnerability Management,” Logical Security, January 2010
“To Catch a Thief,” Logical Security, January 2010
“Identity Management,” Logical Security, February 2010
“Basic Footprinting, “Logical Security, March 2010
“IT Security Auditors Roles,” Logical Security, March 2010
“The CISSP Myths,” InformIT, April 2010
“What to CISSPs Really Know?” InformIT, April 2010
“A Satire of the Security Divas of Today” InformIT, April 2010
“Understanding Standards for Risk Management and Compliance,” InformIT, April 2010
“Risk Management and Security Metrics Series,” InformIT, April 2010

PRESENTATIONS
April 2005-LogicalSecurity.com – “Attacks on Information Systems Increase – What to do?”
April 2005-LogicalSecurity.com – “Analysis of Information Systems Attacks”
April 2005-LogicalSecurity.com – “The 360 Security Model – A Holistic approach to Corporate Security”
April 2005-LogicalSecurity.com – “Vulnerability Management – Let’s get it right this time”
April 2005-LogicalSecurity.com – “Information Security – From Chaos to Structure”
September 2008-TechTarget.com – “CISSP Essentials Training: Domain 1, Security Management Practices”
September 2008-TechTarget.com – “CISSP Essentials Training: Domain 2, Access Control”
September 2008-TechTarget.com – “CISSP Essentials Training: Domain 3, Cryptography”
September 2008-TechTarget.com – “CISSP Essentials Training: Domain 4, Security Models and Architecture”
September 2008-TechTarget.com – “CISSP Essentials Training: Domain 5, Telecommunications and networking”
September 2008-TechTarget.com – “CISSP Essentials Training: Domain 6, Application and System Development”
September 2008-TechTarget.com – “CISSP Essentials Training: Domain 7, Business Continuity”
September 2008-TechTarget.com – “CISSP Essentials Training: Domain 8, Law, Investigations and Ethics”
September 2008-TechTarget.com – “CISSP Essentials Training: Domain 9, Physical Security”
September 2008-TechTarget.com – “CISSP Essentials Training: Domain 10, Operations Security”
November 2008-LogicalSecurity.com – “Data Validation Attacks”
May 2009-LogicalSecurity.com – “Kerberos”
July 2009-LogicalSecurity.com – “Law and Investigation”