About us
Go home
Gary (left) and Krag

Gary Hinson

Dr Gary Hinson PhD MBA CISSP set out in the 1980s as a geneticist, then became an IT systems/network manager for a pharmaceuticals company. He soon shifted into information security management and IT auditing. He worked and consulted for multinationals in various sectors in the UK and Europe before emigrating to New Zealand in 2005.

Gary now runs NoticeBored, an innovative information security awareness service. He spends his days researching and writing creative security awareness materials for subscribers covering a different information security topic each month. One of the regular monthly NoticeBored products is a management-level awareness briefing proposing and discussing security metrics associated with each month’s awareness topic.

Gary has been a passionate fan and user of the ISO/IEC 27000-series ISO27k information security management standards, starting with the DTI Code of Practice for Information Security Management that pre-dated BS 7799 in the early 1990’s. He remains involved with the ongoing evolution of ISO27k through SC27, the ISO/IEC committee behind the standards, and runs ISO27001security.com. Browse the site to keep up with ISO27k developments and join the ISO27k Forum to swap notes with thousands of information security pros busy putting theory into practice every day.

Gary is a member of the editorial board for EDPACS, a long-running journal for IT audit and information security professionals. He contributes to blogs, journals, email reflectors, conferences, websites and books whenever inspiration coincides with the opportunity to write his passing thoughts down before they evaporate forever in the mists of time.

Krag Brotby

Krag Brotby CISM CGEIT has thirty years’ experience in enterprise computer security architecture, governance, risk and metrics including senior positions at Xerox, SWIFT, RAND Corporation and TransactPlus. As a consultant, he has developed policies and standards for the Australian Post Office and several US banks. As a SANS GSLC and CISM trainer, Krag has developed courses in governance, metrics, GRC and risk, and has trained thousands on five continents during the past decade.

Krag has been extensively involved in current and emerging security architectures, IT and information security metrics and governance. He holds a foundation patent for digital rights management and has published a variety of technical and IT security related articles and books. Krag is the principal author and editor of ISACA’s CISM Review Manual, and researcher and author of the widely circulated Information Security Governance: Guidance for Boards of Directors and Executive Management, and Information Security Governance: Guidance for Information Security Managers. Krag’s previous metrics book Information Security Management Metrics was published in 2009, and Information Security Governance; a practical development and implementation approach was published in the same year.

Krag has served on ISACA’s Security Practice Development and Test Enhancement Committees, plus the committee developing BMIS. He received the 2009 ISACA John W. Lainhart IV Common Body of Knowledge Award. He is a member of the California High Tech Task Force Steering Committee, an advisory board for law enforcement. He is a frequent workshop presenter and speaker at conferences globally and lectures on information security governance, metrics, information security management, GRC and CISM.

Copyright © 2021 Gary Hinson & Krag Brotby