|David R. Matthews
Deputy Chief Information Security Officer
City of Seattle
David Matthews is currently the Deputy Chief Information Security Officer for the City of Seattle. He has worked in the Information Technology field since 1992. He began his IT career as a Network Administrator and all around IT support for a small public relations firm. He began working for the City of Seattle as the Technology Manager for the Legislative Department (City Council) in 1998. In early 2005 he was selected to be the first Deputy CISO for the City. In May, 2005, the City’s CISO was hired by the University of Washington and David was made Acting CISO. He worked in that capacity until April, 2006 when the City hired a new CISO.
In his work for the City he has developed and created a NIMS/ICS compliant incident response plan; updated and extensively re-written the City’s Information Security Policy; and created and taught training courses on information security electronic evidence and forensics. He has also created an IT primer for the City’s Law department as part of his collaboration with them on eDiscovery issues.
He is a participant and leader in regional information security organizations. He is the chair of the US-Cert/DHS sponsored North West Alliance for Cyber Security (NWACS). With NWACS he has worked with the Pacific Northwest Economic Region non-profit (PNWER) to sponsor information security training for SCADA operators and managers; five Blue Cascades disaster scenario exercises, and facilitated a large regional cross-sector cyber event exercise which was completed in May, 2010 and will be repeated regularly.
David is also an active participant in the Agora, Pacific CISO forum (PACISSO), Computer Technology Investigators Network (CTIN), ISSA, ISACA, InfraGuard and ISC2. He is the 2nd Vice President of the Washington HTCIA. He is the current chair of the local Critical Infrastructure Protection workgroup of the Regional Homeland Security Emergency Management Advisory Committee. He has published an article on Active Defense in the ISSA journal, and a recent article on the difference between eDiscovery and forensics published in the Information Security Journal: A Global Perspective by ISC2. He has presented at many emergency management and information security conferences, and does regular webcasts as a guest speaker or panel moderator. His most recent presentation on eDiscovery called “New Issues in Electronic Evidence” has been presented to records managers, information technology and security audiences and was given as a continuing legal education course for the U.S. Attorney’s office in Seattle as well as the City of Seattle Law Department.
David was the recipient of the 2008 Information Security Executive of the Year - West award.
David is a native of the Seattle area whose interests spread much further than IT or even Information Security. He is an avid reader, writer, hiker, biker, gardener, and a black belt in Shitoryu karate. He and his wife live with their three children north of Seattle.