About

privacy-security-expert-rebecca-heroldRebecca has been providing information privacy, security and compliance services, tools and products to organizations in a wide range of industries for over two decades. Rebecca is a widely recognized and respected information security, privacy and compliance expert. Some of her awards and recognitions include the following:

  • Rebecca named to the ISACA International Privacy Task Force in 2013
  • Rebecca was named on Tripwire’s list of InfoSec’s Rising Stars and Hidden Gems: The Top 15 Educators in July, 2013
  • Rebecca was ranked at #2 in July, 2013 on Information Security Buzz’s list of Top 25 Female Infosec Leaders to Follow on Twitter
  • Rebecca was named a Privacy by Design (PbD) Ambassador by Ontario Privacy Commissioner Dr. Anne Cavoukian in 2012
  • Rebecca has been named one of the “Best Privacy Advisers in the World” multiple times in recent years by Computerworld magazine, most recently ranking #3 in the world in the last rankings provided.
  • In 2012 Rebecca was named one of the most influential people and groups in online privacy by Techopedia.com
  • In 2011 Rebecca’s blog was named in the “Top 50 HIPAA Blogs” by Medicine E-Learning
  • In 2008 Rebecca’s blog was named one of the “Top 50 Internet Security Blogs” by the Daily Netizen.
  • Rebecca was named one of the “Top 59 Influencers in IT Security” for 2007 by IT Security magazine.
  • The information security program Rebecca created for Principal Financial Group, where she worked for 12 years, received the 1998 CSI Information Security Program of the Year Award.
  • Rebecca is a member of several Advisory Boards, including the prestigious Editorial Advisory Board for Elsevier’s “Computers & Security” journal

Rebecca was one of the first practitioners to be responsible for both information security and privacy starting in 1996 in a multi-national insurance and financial organization. In 2008 Rebecca helped the European ENISA to create their well-received “Obtaining support and funding from senior management,” which used much of her “Managing and Information Security and Privacy Awareness and Training Program” information. Rebecca has led the NIST CSWG Smart Grid Privacy subgroup since June, 2009, where she also led the Privacy Impact Assessment (PIA) for the home to utility activity in July and August, 2009, the very first performed in the electric utilities industry.  In September 2010 Rebecca provided a 1-day Smart Grid privacy briefing to the California Public Utilities Commission.  The 2nd edition of her group’s NISTIR 7628 Volume 2 “Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid” (http://csrc.nist.gov/publications/nistir/ir7628/nistir-7628_vol2.pdf) will be published at the beginning of 2013.

Rebecca is partner for SIMBUS the Compliance Helper and BA Tracker services (http://www.hipaacompliance.org) that assist and guide healthcare organizations and their business associates in meeting and then managing, on an ongoing basis, their HIPAA, HITECH and other information security and privacy legal requirements.

See Rebecca on Channel 13 News Iowa

 

Rebecca assists organizations of all sizes and industries throughout the world with their information privacy, security and regulatory compliance programs, content development, and strategy development and implementation through a large variety of tools and services. She offers a range of standard and customized one and two-day workshops including one addressing how individuals across disciplines can work together to most effectively assure privacy and regulatory compliance while efficiently implementing security controls.  Rebecca was also an Adjunct Professor for the Norwich University Master of Science in Information Security and Assurance (MSISA) program from 2004 through 2014.

Rebecca has created customized 1- and 2-day training for the specific needs of many different organizations. Rebecca is the creator and editor of the “Protecting Information” multi-media security and awareness quarterly publication (http://www.privacyguidance.com/piqa_newsletter.html), an effective training event (http://www.privacyguidance.com/security_search.html) and provides online information security and privacy training modules tailored to fit the needs of small to medium sized businesses.

Rebecca currently serves on the advisory boards for 8th Bridge (an ecommerce technology company), Wombat Security Technologies (an online information security training company), was invited to be on the prestigious IEEE ISTAS10 Programme Committee, and is a member of the Elsevier Computers and Security Journal Editorial Review Board. Rebecca has served as a board and council member of various other organizations, such as MaxMD and I’D Check.  Rebecca also is often invited to participate in unique activities, such as serving as a preliminary judge for the 2009 American Business Awards.

Rebecca is frequently interviewed and quoted in diverse publications such as Bloomberg BNA, Nymity, IAPP Privacy Advisor, Report on Patient Privacy by AIS Health, BNA Privacy & Security Law Report, Wired, Popular Science, CUinfosecurity, Bankinfosecurity, SearchWinIT, Consumer Financial Services Law Report, Computerworld, hcPro Briefings on HIPAA, SC Magazine, SearchSecurity, Information Security, Business 2.0, Disaster Resource Guide, The Boston Herald, Pharmaceutical Formulation and Quality, IT Business Edge, Fortifying Network Security, IT Architect, CIO Strategy Center, Physicians Weekly, IEEE’s Intelligent Systems, IEEE’s Security and Privacy Journal; Cutter IT Journal, Health Information Compliance Insider, Baseline, Western Michigan Business Review, Compliance Week and others, including several radio interviews and broadcasts including on NPR, MyTechnologyLawyer.com, the “Privacy Piracy” California radio broadcast and the “Michigan Technology News” radio broadcast.

In addition to achieving CISSP, CISM, CISA, and FLMI certifications, Rebecca is CIPM, CIPP/US and CIPP/IT certified, resides on IAPP’s Certification Advisory Board, and an instructor for the IAPP’s CIPP/IT, CIPP/US, CIPM and CIPP Foundations classes.  She is an active speaker on a variety of topics ranging from information security and privacy compliance to risk management at privacy and information security conferences.  See more about Rebecca, her work, services and products at www.privacyguidance.com.

Rebecca is frequently interviewed and quoted in diverse publications such as Report on Patient Privacy by AIS Health, IAPP Privacy Advisor, BNA Privacy & Security Law Report, Wired, Popular Science, CUinfosecurity, Bankinfosecurity, SearchWinIT, Consumer Financial Services Law Report, Computerworld, hcPro Briefings on HIPAA, SC Magazine, SearchSecurity, Information Security, Business 2.0, Disaster Resource Guide, The Boston Herald, Pharmaceutical Formulation and Quality, IT Business Edge, Fortifying Network Security, IT Architect, CIO Strategy Center, Physicians Weekly, IEEE’s Intelligent Systems, IEEE’s Security and Privacy Journal; Cutter IT Journal, Health Information Compliance Insider, Baseline, Western Michigan Business Review and others, including several radio interviews and broadcasts including on NPR, MyTechnologyLawyer.com, the “Privacy Piracy” California radio broadcast and the “Michigan Technology News” radio broadcast.

TOP