Employment History:

Published Works:
Ms. Trivisani is an editorial advisor for the magazine CSO – Chief Security Officer, from the publishers of CIO Magazine. She has been profiled by Search Security under their “Who’s Who in Infosec.”

Public Speaking Experience:

Why is an Expert:
A certified information systems security professional, she is responsible for the campus-wide security initiatives that support the academic and administrative use of information technologies in a distributed client/server environment. She brings more than 10 years of information security experience and more than 13 years of control and compliance experience.

Best Advice:
"If you are new to security and an adult in another area, I would advise you to find a mentor. If you are a student, we have internship programs here at GW. These programs are very successful because we’re trying to bridge the gap between what’s taught in classes and what we’re doing as practitioners in the field. We’ll take students with computer sciences degrees, computer forensics degrees, or in engineering management programs. They can come directly work with my team, working with the engineers, as a paid intern for about 20 hours a week, lasting approximately a year – sometimes longer. It’s a great way for people to get into the field. Our interns actually do real work, write new procedures and apply what they’re doing in the class. These are the most sought after new employees in the market and have gone on to work for the government, for Google, Deloitte and Symantec – you name it. If you have that combination of degree and experience, you are golden. This is a hot field right now. We don’t have enough security practitioners. A lot of our interns become engineers here."

Passionate about:
"The human aspect of security. There’s an article written in CSO magazine about me and it was titled The Human Touch. You can have the biggest and baddest technology implemented onto your network, but any person can bypass that by not knowing how it [works]. We focus in on what you can do to reduce people’s reliance on technology, but give folks enough information to be aware of what the dangers are, so they know how to react to certain situations. We see so many compromises occur on systems. I can talk specifically about this country because people get taken in by e-mail scams, or there are vectors out on IM. In the past, the bad guys have gone after weaknesses in systems, when it’s so much easier to take a look at the weaknesses in our social systems. There’s always that people aspect."

Biography Excerpt:
Since 2000, Krizi Trivisani, CISSP has served as the dedicated chief security officer for The George Washington University. Working in conjunction with staff and personnel in other campus departments, she assumes the overall responsibilities for ensuring processes are in place to assess and monitor the security of The George Washington University’s computers, networks and data.

     

Cambridge Who's Who: What is the most rewarding aspect of your career?  
KRIZI TRIVISANI :  I’ll give you the quote I use, [which] best describes me. It’s by Katherine Graham and it’s “To love what you do and feel that it matters, how can anything be more fun?” I feel like what I do and what my team does really makes a difference. We’re [not only] protecting the university, but all of our community members as well. And it’s not just…from identity theft and keeping their information safe. We’re also protecting them from the nuisance type stuff, such as getting viruses or having their computers crash. There’s always going to be some of that. What we do is reduce the reliance on people as much as possible. As security experts, we’re not experts in brain surgery. People need to know who they can come to. But in the meantime, we’re doing things under the radar to protect folks from issues that they don’t need to know about.

What are have goals have you recently accomplished and what are you looking to work on in the future?
At the university, we reached what’s called a NIST [National Institute of Standards and Technology] Level 3 a couple of years ago. Basically, we have brought the security program as a whole to an appropriate NIST level, which is fantastic. We worked really hard on that. Now, we are branching out in application security. We’ve matured what we do when it comes to penetration testing. We’re really involved in the systems development life cycles and where security plugs into all those areas. We’re also pushing on secure coating practices. We’re always trying to keep up with the latest and greatest threats. It’s really important that my team takes the training that they need [and] the networking in. It's also important to really talk to other people and find out what’s out on the field. The exchange of information in higher education is invaluable.