Dr Gary Hinson PhD MBA CISSP left microbial genetics research in the 1980s for a career in information security and IT audit. Following jobs in the pharmaceuticals, utilities, IT, engineering, defence, banking/financial services,
and government sectors in the UK and Europe, and an MBA in 2000, he emigrated to New Zealand in 2005.
Since 2003, Gary’s main focus has been on information security consultancy and training. His particular focus is on information security awareness, the ISO27000 family and Security Metrics. He is a member of the ISO/IEC JTC1/SC27 committee responsible for the ISO/IEC 27000-series standards, implementing and managing Information Security Management Systems since before BS 7799 was published.
In conjunction with US expert Krag Brotby, Gary wrote PRAGMATIC Security Metrics in 2013, partly it must be said out of sheer frustration with the first version of ISO/IEC 27004! The PRAGMATIC approach promises to revolutionise the selection and use of worthwhile information security metrics supporting business and technical decisions, addressing perhaps the most significant remaining challenge in information security management.