Follow @zcobb on Twitter

Stephen Cobb, CISSP

Stephen Cobb on Facebook

Stephen Cobb, CISSP

Professionally speaking, I'm a technology evangelist with subject matter expertise in information security, data privacy, email, online marketing, and publishing. I work for ESET, a global Internet security company dedicated to making the world's best antivirus products.

Career Details

As someone who has experienced being recruited by an employer that found me via LinkedIn, I always point people to my profile on LinkedIn whenever I am asked for a quick snapshot of my career. 

View Stephen Cobb's profile on LinkedIn

What I'm Working on These Days

I am based in San Diego where ESET has its North America headquarters. My title is Security Evangelist which means, among other things, I do a lot of work on the ESET Threat Blog.

ESET logo and Android

I do some traveling to represent ESET at conferences and other events, but most of the time you will find me in Little Italy, where I live with my partner, Chey Cobb, author of Network Security for Dummies and a former Technical Security Officer for the National Reconnaissance Office, one of America's largest and most secretive intelligence agencies. Chey and I worked together to create much of the curriculum for the Master of Science in Information Assurance program at Norwich University, Vermont, an NSA-designated Center of Excellence in Information Assurance Education.

Over the years I've been a 'serial entrepreneur' with a track record of successful business development in several sectors. My main focus has been maximizing the benefits of information technology to businesses, governments and communities, through innovation and the reduction of IT-related fraud and risk. I've been an active participant in, and founder of, a number of successful startups. For example, I helped create email authentication technology that was beta-tested by Microsoft in 2002 and anti-spam technology that bought by Symantec in 2004 and is now widely deployed in Symantec enterprise network security appliances. 

In the last ten years I have worked on several different projects. Along with Mike Cobb, Pete Hayes of Quadrant, and Michael Miora of ContingenZ, I did an information security strategy review for one of largest companies in Europe. I also produced an independent documentary by director Jeremy Dean which was nominated for the NAACP Image Award for best documentary film of 2009 (now available online at Amazon).

Somehow I found time to work on IMCD, the innovative business backup program developed by Michael Miora and Mike Cobb. Some of that work was to write and voice the incident management and response training section. So it was pretty cool that Mike has since  which should be coming to your local office supply store soon.

Prior to that I served as Chief Security Executive for a leading provider of wired and wireless broadband to hotels and conferences that was named as the third fastest-growing technology company in North America on the 2004 Deloitte Technology Fast 500 list (iBAHN/STSN). Also, I am an Adjunct Professor of Information Assurance at Norwich and a few years ago created a graduate course on Business Continuity Management in partnership with noted incident management expert, Michael Miora.

From 1995 to 1997, I served as Director of Special Projects for the National Computer Security Association where I was involved in advancing the testing and certification of anti-virus and firewall products (NCSA later became ICSA Labs and TruSecure). While at NCSA, I played a key role in the widespread adoption and advancement of firewall technology, producing the widely-distributed NCSA Firewall Policy Guide and the NCSA Firewall Buyer's Guide.

In 1997, I co-founded InfoSec Labs, an information security consultancy, with Michael Miora, David Brussin, and Vincent Schiavone. InfoSec Labs was acquired in 1999 by Rainbow Technologies (now Safenet).

In 2001, I co-founded ePrivacy Group where I helped develop ground-breaking email technology such as Trusted Sender and SpamSquelcher, the world's first anti-spam router (which later became the TurnTide Anti-spam Router acquired by Symantec and incorporated into its email security appliances). I was also lead author of the widely read Trusted Email Open Standard white paper, which was downloaded over 20,000 times in its first few months of publication.

I'm a semi-regular contributor to industry publications and often speak at or chair conferences around the world. I've been interviewed and quoted by print and broadcast media in the US, the UK, Denmark, Iceland, Malaysia, Australia, and Hong Kong, including the Wall Street Journal and BBC News.


McMaster University, Graduate Teaching Assistant, Hamilton, Ontario.
University of Leeds, U.K. BA, Double Honours, First.
King Henry VIII School, Coventry, U.K. School pri
ze in English.

Blogs I'm Writing These Days

  • Scobb’s Security Blog: This was my first blog, I started it in June of 2005 as “Scobb’s Blog” but changed the name as my posts focused on information security more than anything else. It was named a 2006 “Blog of Note!” which makes me an award-winning blogger.
  • The Dare Not Walk Alone Blog: Created to support the movie. The movie won an award. That makes me an award winning producer.
  • Cobb on the Road: This is where I post stuff about travel and mechanical travel-enabling devices.
  • The Rural Broadband Blog: Written to try and spread awareness of the plight of rural Americans who lack free and open access to affordable broadband that many of their city-dwelling cousins take for granted.
  • Cobb on Arts and Entertainment: Posts about things I see, hear, and read that are worth mentioning.
  • Monetate Marketing Optimization Blog: Written to educate the market for software that can test and target website content, without IT, supported by a great product: Monetate. Wrote an average of one blog per week for three years.
  • Celtic Curse Hemochromatosis Blog: An effort to raise awareness of hemochromatosis, the most common genetic killer in America, about which most American doctors know diddly.
Conferences and Papers (Partial List):
  • Need to add dates from 2004 through 2007.
  • Third Annual Privacy and Data Security Summit, Washington, DC, February 26-28, 2003
    • Track Chair: Security Track
    • Preconference Session: Security for Privacy Professionals (with Chey Cobb and Chris Apgar, CPO Providence Health Plan)
    • Conference Session: The Impact of Emerging Security Standards on Compliance, Litigation, and Privacy (with Joseph Alhadeff, CPO, Oracle)
  • IAPO Privacy & Security Academy & Expo, October 16-18, 2002
    • Track Chair: Security Track
  • Security 2002, Immigration and Naturalization Annual Security Conference, July 9, 2002, New Orleans, Presentation: Privacy Versus Security
  • Federal Trade Commission Consumer Information Security Workshop, May 20 - 21, 2002, panelist and paper: What Business Models Help Consumers Maintain Security?
  • HIPAA Summit IV, Washington, DC, April 24, 2002, Seminar Leader: Basic Privacy and HIPAA Compliance Training for Privacy and Security Officers--A Preconference Symposium Sponsored by the International Association of Privacy Officers
  • Medical Research Summit, Washington, DC, Seminar Leader: Privacy and Security in Medical Research
  • HIPPA Summit West, San Francisco, Seminar Leader: Basic Training for Healthcare Privacy and Security Officers
  • Second Annual Privacy and Data Security Summit, Washington, DC, January 30 - February 1, 2002, Faculty: Preconference Symposium I: Privacy Officer Training
  • e-Learning - Investing in the Digital Workforce: An e-Gov Conference, Washington, D.C., December 18-19, 2001, Presentation: Private Sector e-Learning Experience: Profit From It.
  • Cyber Banking and Cyber Security Conference, Singapore, April 25-26, 2001, Singapore, Chairperson
  • Healthcare Informatics & Conference: McGraw-Hill, Chicago, April 18-19, 2001, Presentation: Securing Medical Web Sites
  • Employers' Summit on Health Care, March 21-22, 2001, Crystal City Marriott Hotel, Arlington. VA, Presentation: HIPAA Security Implications
  • Anti-Money Laundering Conference, New York, January 2001, Presentation: Information Technology Approaches to Combating Money Laundering
  • Cyber-Sabotage Conference, Alexandria, Virginia, November, 2000, Presentation: Security Through Strong Authentication [review speaker evaluations]
  • IT/Cyber Security, Singapore and Kuala Lumpur, November, 2000, Conference Chair, Presentations: Strong Authentication - Tokens & Biometrics; PKI Technologies &
  • Digital Certificates
  • Asia Pacific Conference on Internet Payment Systems, September, Singapore, 2000, Conference Chair, Presentation: Internet Security Doubts and Fears
  • Software Council of Southern California, Orange County Chapter, October, 1999, Presentation: Information Security, the Human Element
  • Internet Commerce Payment Systems, The Asia Business Forum, Singapore, June, 1999, Presentation: Multiple Payment Systems in a Secure Environment
  • Internet Commerce Payment Systems, The Asia Business Forum, Singapore, June, 1999, Workshop: Risks Versus Rewards: Assessing & Offsetting Threats to Your Internet Commerce Payment System
  • Internet Banking Technologies: Strategies for success in the retail banking market, London, February, 1999, Presentation: Innovations in Internet Security
  • 11th Hour Y2K Contingency Planning & Strategies, Miami, February, 1999, Presentation: Security Implications of Y2K
  • Information Security in the Age of the Internet, London, December, 1999, 1-Day Workshop: Information Security: Threats and Defenses
  • Attaining World Class Process Excellence Through Business Process Outsourcing for the Financial Services Industry, New York, December, 1998, Seminar: Outsourcing Internet Security
  • Successfully Creating, Positioning and Acquiring the On-Line Brokerage Company, New York, November, 1998, Seminar: Information Security and On-line Stock Trading
  • PC Expo, New York, June, 1998, Seminar: Firewalls 101
  • PC Expo, New York, June, 1998, Seminar: Cryptography 101
  • CyberSecurity @ Asia 98, Hong Kong, June, 1998, 1-Day Workshop: Maximizing Internet Benefits by Minimizing Internet Risks
  • Cyberpayments @ Asia 98, Hong Kong, June, 1998, Presentation: State of the Art: Internet Security
  • Cyberpayments @ Europe 98, London, May 1998, State of the Art: Internet Security
  • International Electronic Commerce Conference, New York, May, Gartner Group Seminar: Cryptography 101
  • International Security Expo, Las Vegas, April, 1998, Seminar: What you don't know about the Internet can hurt you
  • Insurance Industry and the Internet, New York, December, 1997, Presentation: Internet Risks
  • CyberSecurity 97, Sydney, Australia, July, 1997, Conference Chairperson and Keynote Speaker: Internet security in the corporate environment: what's in store for the future
  • CyberSecurity 97, Tokyo, Japan, July, 1997, Conference Chairperson and Keynote Speaker: Internet security in the corporate environment: what's in store for the future
  • CyberSecurity 97, Hong Kong, May, 1997, Conference Chairperson and Keynote Speaker: Internet security in the corporate environment: what's in store for the future
  • National Association of Federal Credit Unions Conference, Miami, May 1997, Presentation: Security Risks in Internet Banking
  • Network 97 Conference, Copenhagen, April, 1997, Guest speaker: What Firewalls Do and Don't Do
  • Financial Securities Marketing Seminar, New York, April, 1997, Seminar: Internet Risks
  • Firewalls West Conference, July, 1996, Presentation: Firewall Policy Guidelines
  • Insurance Industry and the Internet Seminar, New York, June, 1996, Seminar: Internet Security Risks
  • National institute of Health, February, 1996, Seminar: Security Risks of Internet Commerce
  • Internet Technology Conference, Hong Kong, January, 1996, Seminar: Security Implications of Internet Commerce
  • Firewalls and Internet Security Conference, January, 1996: Introduction to Firewall Security Policies

Assorted Highlights

From July of 2008 to August of 2011 it was my pleasure to work at Monetate doing all of this Philadelphia-based company's marketing, PR, and event management for the first six quarters of product release, that exciting and nerve-wracking stage known as early startup.

Monetate is VC-backed and its product is the brain-child of my good friend David Brussin whose amazing abilities combine the best of engineering and entrepreneurship, and with whom I had helped to found two previous startups that were later acquired by publicly-traded companies.

creates and delivers truly ground-breaking technology that improves revenue and ROI for online retailers and other e-commerce companies by streamlining the process of testing and targeting personalized messaging and promotions on e-commerce websites. Monetate competes directly with Adobe's Omniture Test&Target.
My title at Monetate was "evangelist" which meant that I employed a variety of strategies to increase market awareness and understanding of Monetate's vast superiority to Test&Target. That included writing a lot of the early website content, whitepapers, and case studies, plus scores of blog posts on the Marketing Optimization Blog. I also wrote quite a few posts for SearchEngineWatch, which is a great resource for online marketers.

Subject Matter Expert

Over the last 25 years I've written more than two dozen books, including a complete guide to PC and LAN security (1992), and a comprehensive business primer on privacy (2002). So yes, I wrote all of the books in this picture.
Books written by Stephen Cobb, 1998.

I have been a Certified Information System Security Professional since 1996, and have delivered security and privacy training to thousands of students from Global 100 companies including AT&T, Microsoft, and Royal Mail. I have advised government agencies, including the FTC, on computer security and privacy issues, and spoken at more than 50 conferences in more than 10 countries.

I'm proud to say my writings on security helped form the original Common Body of Knowledge for the CISSP. And I think it is fair to say that my business acumen has helped shape the success of several new companies and products, from software to movies.

Books Authored:
(published by McGraw-Hill, unless otherwise noted)

  • Privacy for Business: Web Sites and Email (Dreva Hill, 2002)
  • Cobb's Guide to PC and LAN Security (April, 2001)
  • The NCSA Guide to PC and LAN Security (1996)
  • Stephen Cobb's Complete Book of PC and LAN Security (1992)
  • Stephen Cobb User's Handbook for Excel for Windows
  • Stephen Cobb's User's Handbook to 1-2-3 Release 3
  • Using 1-2-3 Release 2.2 Ziff-Davis
  • Using Reflex
  • Using Quattro
  • Quattro Power User Guide
  • Using Quattro Pro
  • Using Quattro Pro 2
  • Using Quattro Pro 3
  • Using Quattro Pro 4
  • Pocket Guide to Quattro Pro
  • Working with DisplayWrite (Scott-Foresman)
  • Symphony Made Easy
  • Introduction to Windows (VNU Publications)
  • Getting Started with Windows (VNU Publications)

Books Co-authored:

  • TOPS: The IBM/Mac Network
  • The Stephen Cobb User's Guide to FileMaker
  • Mastering DisplayWrite (Sybex)
  • Hands on Guide to Quattro Pro 1.0 for Windows
  • The Quattro Pro 5 for Windows Book
  • WordPerfect 5.1 for Windows: Complete Reference
  • WordPerfect 6 for Windows: Complete Reference
  • Maximizing Performance for 1-2-3 for Windows

Contributing Author:

  • Information Security Management Handbook, Auerbach, Ed. Krause, Tipton (Chapter on Microcomputer Security)
  • Computer Security Handbook, Wiley, March 2002, Ed. Bosworth, Kabay, (Chapters on Penetration Testing and Hardware Elements of Security)
  • Computer Security Handbook, Fifth Edition, Wiley, October 2008, Ed. Bosworth, Kabay, (Chapters on Penetration Testing, Anti-virus Technologies, Hardware Elements of Security, Encryption, Spam and Trojan Code)
  • Microsoft IIS Security, Osborne McGraw-Hill, July 2002, Michael Cobb & Marty Jost (Chapter on Web Privacy)

Publications Edited:


  • 10 books translated into Spanish.
  • Other translations include Dutch, Portuguese, Greek, Italian, German, Chinese, Indonesian
  • Total worldwide sales: one million+

Articles Published:
(1996 to present, for pre-1996, see this page)

  • Need to add articles from 2000 through 2007.
  • NETWORK WORLD - March, 1996, Review: Encryption for the Enterprise
  • NETWORK WORLD - July 1997, The Need for Encryption
  • JOURNAL of the Hong Kong Industrial Technology Centre - January, 1996, Standards & Security in Internet Commerce
  • EDI JOURNAL - July, 1996, Building Trust and Security for Commerce on the Web
  • DIGITAL NEWS & REVIEW - July, 1997, Trends in Internet Security
  • BYTE - October 1995, Internet Firewalls
  • BYTE - April 1998, Smartcard Invasion Continues
  • BYTE -  June 1998, How To Maximize NT Security, with David Brussin
  • INFORMATION SECURITY MAGAZINE - May, 1998, Denial of Service Attacks, with Chey Cobb
  • INFORMATION SECURITY MAGAZINE - September 1998, Incident Response, with Michael Miora
  • INFORMATION SECURITY MAGAZINE - July 1997, Anti-Virus Strategies
  • INTERNETWORK - January, 1997, Security Column: Outlook for 1997
  • INTERNETWORK - April, 1996, Security Column: Security Issues with Caches
  • INTERNETWORK - July, 1996, Security Column: Security Staff Shortages
  • SECURITY ADVISOR - E-BUSINESS ADVISOR - July 1997, Faster, More Secure Internet Access
  • SECURITY ADVISOR - E-BUSINESS ADVISOR - August 1997, Knowing the Enemy, Security Tips to assessing threats to your security
  • SECURITY ADVISOR - E-BUSINESS ADVISOR - January 1998, Practical Ciphers
  • INTERNET SECURITY - E-BUSINESS ADVISOR - February 1997, Not the Kind of Hit You Were Looking for, Defending you web sites against Internet vandals
  • SECURITY ADVISOR - E-BUSINESS ADVISOR - November 1997, Safe Internet Access,: Security solutions for small office and remote users
  • SECURITY ADVISOR - E-BUSINESS ADVISOR - March 1997, Will the PC Client Stall Data Delivery on the Web?
  • DATABASE SECURITY & INTEGRITY - E-BUSINESS ADVISOR - April 1997, Secure Your Online Data Projects
  • INTERNET SECURITY ADVISOR - March 1998, We Have the Technology! The problem is cost, complexity, and corporate mentality -- It would also help to have more security professionals
  • DATABASE SECURITY & INTEGRITY - E-BUSINESS ADVISOR - May 1997, Data Security for Mobile and Remote Computing
  • SECURITY ADVISOR - E-BUSINESS ADVISOR - December 1997, Secure Predictions for 1998
  • DATA SECURITY & INTEGRITY - E-BUSINESS ADVISOR - January 1997, How Safe is the Internet?
  • SECURITY ADVISOR - E-BUSINESS ADVISOR - April 1997, Java Security Jump-start
  • DATABASED WEB ADVISOR TIPS - E-BUSINESS ADVISOR - October 1997, How to Secure Windows NT
  • SECURITY ADVISOR - E-BUSINESS ADVISOR - October 1997, Beyond Passwords, Passwords just aren't enough to secure your systems
  • INTERNET SECURITY ADVISOR - September 1999, Extensions and improvements in the X.509v3 certificate format
  • SECURITY ADVISOR - E-BUSINESS ADVISOR - November 1997, The Need for Trust and Other Security Theories
  • INTERNET SECURITY ADVISOR - January 2000, How Much Security Is Enough?
  • INTERNET SECURITY ADVISOR - November 1999, Transport Layer Security provides the client-side authentication lacking in SSL
  • INTERNET SECURITY ADVISOR - March 1999, Will the next version of IP (IPv6) make the Net safer?
  • DATABASE SECURITY & INTEGRITY - E-BUSINESS ADVISOR - June 1997, Secure Your Server, Database servers need to be protected physically and configured securely
  • SECURITY ADVISOR - E-BUSINESS ADVISOR - September 1997, 10 Tips for Securing Windows NT
  • DATABASE SECURITY & INTEGRITY - E-BUSINESS ADVISOR - March 1997, Smart Cards: Are We Ready?
  • INTERNET SECURITY ADVISOR - March 2000, Today's Security Drivers
  • INTERNET SECURITY ADVISOR - August 2000, Improve Security with Stronger Authentication, with David Brussin
  • HP CHRONICLE -August 2000, Wireless Security
  • HP CHRONICLE - October, 2000, Access Control Evolves to Enable eCommerce, with Bernie Cowens
  • SUN SERVER - January, 2001, Something in the Air: Wireless Security
  • DIGITRENDS - August 2000, Ecommerce: Security, Speed, Privacy: Pick Three?
  • COMPAQ ENTERPRISE, September, 2000, Windows 2000 Security in the Enterprise
  • UNISYS WORLD, September, 2000, Windows 2000 Security in the Enterprise
  • BUSINESS SECURITY ADVISOR - July/August 2001, The Silent Threat of Outbound Email

This page updated April, 2010 by webbloke at � Copyright, 1996-2008, Stephen Cobb. All Rights Reserved.