||Rebecca Herold, CISM, CISSP, CISA, CIPP, FLMI
Rebecca is an information privacy, security and compliance consultant, author and instructor who has provided
assistance, advice, services, tools and products to organizations in a wide range of industries during the past two
decades. Rebecca is a widely recognized and respected information security, privacy and compliance expert. Some of
her awards and recognitions include the following:
- Rebecca has been named one of the “Best Privacy Advisers In The World” multiple times in recent years by
- In 2008 Rebecca’s blog was named one of the “Top 50 Internet Security Blogs” by the Daily Netizen.
- Rebecca was named one of the "Top 59 Influencers in IT Security" for 2007 by IT Security magazine.
- The information security program Rebecca created for Principal Financial Group, where she worked for 12 years,
received the 1998 CSI Information Security Program of the Year Award.
- Rebecca is a member of several Advisory Boards, including the prestigious Editorial Advisory Board for Elsevier’s
“Computers & Security” journal
Rebecca was one of the first practitioners to be responsible for both information security and privacy within a large
organization, in 1994 in a multi-national insurance and financial organization. In 2008 Rebecca helped the European
ENISA to create their well received “Obtaining support and funding from senior management,” which used much of her
“Managing and Information Security and Privacy Awareness and Training Program” information. In 2009, Rebecca was
asked to lead the NIST Smart Grid privacy subgroup, where she also led the Privacy Impact Assessment (PIA) for the
home to utility activity, the very first performed in the electric utilities industry. Rebecca recently launched the
Compliance Helper service (http://www.ComplianceHelper.com) to help healthcare organizations and their business
associates to meet their HIPAA, HITECH and other information security and privacy compliance and risk mitigation
requirements. In September 2010 Rebecca was asked to provide a 1-day Smart Grid privacy briefing to the California
Public Utilities Commission.
Rebecca assists organizations of all sizes and industries throughout the world with their information privacy, security
and regulatory compliance programs, content development, and strategy development and implementation through a
large variety of tools and services. She offers a range of standard and customized one and two-day workshops
including one addressing how individuals across disciplines can work together to most effectively assure privacy and
regulatory compliance while efficiently implementing security controls. Rebecca has also been an Adjunct Professor for
the Norwich University Master of Science in Information Assurance (MSIA) program since 2004.
Rebecca has created customized 1- and 2-day training for the specific needs of many different organizations. Rebecca
is the creator and editor of the “Protecting Information” multi-media security and awareness quarterly publication
(http://www.privacyguidance.com/piqa_newsletter.html), an effective training event
(http://www.privacyguidance.com/security_search.html) and is releasing a series of information security and privacy
training modules in 2009.
Rebecca currently serves on the advisory boards for Alvenda (an ecommerce technology company), Subroshare (a
subrogation technology tools company), Wombat Security Technologies (an online information security training
company), was invited to be on the prestigious IEEE ISTAS10 programme committee, and is on the Norwich University
Journal of Information Assurance Board of Review. Rebecca has served as a board and council member of various
other organizations, such as MaxMD and I’D Check. Rebecca is also currently participating in the NIST standards
committee to help create information security and privacy standards and practices for the U.S. Smart Grid. Rebecca
also is often invited to participate in unique activities, such as serving as a preliminary judge for the 2009 American
Rebecca is frequently interviewed and quoted in diverse publications such as IAPP Privacy Advisor, BNA Privacy &
Security Law Report, Wired, Popular Science, CUinfosecurity, Bankinfosecurity, SearchWinIT, Consumer Financial
Services Law Report, Computerworld, hcPro Briefings on HIPAA, SC Magazine, SearchSecurity, Information Security,
Business 2.0, Disaster Resource Guide, The Boston Herald, Pharmaceutical Formulation and Quality, IT Business
Edge, Fortifying Network Security, IT Architect, CIO Strategy Center, Physicians Weekly, IEEE’s Intelligent Systems,
IEEE’s Security and Privacy Journal; Cutter IT Journal, Health Information Compliance Insider, Baseline, Western
Michigan Business Review and others, including several radio interviews and broadcasts including on
MyTechnologyLawyer.com, the “Privacy Piracy” California radio broadcast and the “Michigan Technology News”