Charles Cresson Wood is an independent information security consultant based in Sausalito, California. In the information security field on a full-time basis since 1979, he has worked as an information security management consultant at SRI International (formerly Stanford Research Institute) as well as lead network security consultant at the Bank of America. He has done information security work with over 120 organizations — many of them Fortune 500 companies — including a large number of financial institutions and high-tech companies. His consulting work has taken him to over twenty different countries around the world.
He is noted for his ability to integrate competing objectives (like ease-of-use, speed, flexibility and security) in customized and practical compromises that are acceptable to all parties involved. Acknowledging that information security is multi-disciplinary, multi- departmental, and often multi-organizational, he is additionally noted for his ability to synthesize a large number of complex considerations and then to document these in security architectures, system security requirements, risk assessments, project plans, policy statements, and other clear and action-oriented documents.
He has published over 275 technical articles and six books in the information security field. In addition to TV and radio appearances, he has been quoted as an expert in publications such as Business Week, Christian Science Monitor, Computerworld, IEEE Spectrum, Infoworld, LA Times, Network Computing, Network World, PC Week, The Wall Street Journal, and Time. He has also presented cutting-edge information security ideas at over 125 technical and professional conferences around the globe.
Mr. Wood is Senior North American Editor for the journals Computers & Security and Computer Fraud & Security Bulletin, as well as a monthly columnist for Computer Security Alert. He holds an MBA in financial information systems, an MSE in computer science, and a BSE in accounting from the Wharton School of Business at the University of Pennsylvania. He has passed the Certified Public Accountant (CPA) examination and is both a Certified Information Systems Auditor (CISA) and a Certified Information Systems Security Professional (CISSP). In November 1996 he received the Lifetime Achievement Award from the Computer Security Institute for "sincere dedication to the computer security profession."