Michael is an information security/risk executive and consultant, with a 20-year track record as a Chief Information Security Officer (CISO), advisory Information Security practice leader, and information security/risk consultant. He writes, blogs, presents, speaks, and provides interviews on a wide variety of information security topics, primarily concerning what it takes to develop and run effective information security programs, and why so many companies continue to suffer security breaches due to ineffective programs.