Andrew Stewart

I am an information security professional employed as an officer at a global investment bank. I am also a part-time PhD student in the School of Security Studies at King's College London.

I received my M.Sc. in Information Security from Royal Holloway, University of London. My book A Vulnerable System: The History of Information Security in the Computer Age was published by Cornell University Press in September, 2021.

This page lists my academic work.

Email: andrewinfosec@gmail.com / andrew.james.stewart@kcl.ac.uk
Google Scholar: https://scholar.google.com/citations?user=EFFU4wsAAAAJ

Academic Work

Books

A. J. Stewart, A Vulnerable System: The History of Information Security in the Computer Age, Cornell University Press, 2021. This book was reviewed in Technology & Culture, in IEEE Cipher - the newsletter of the IEEE Technical Committee on Security & Privacy, and in Login - a publication of The Advanced Computing Systems Association. It was also inducted into the Cybersecurity Canon Hall of Fame at The Ohio State University, and translated into Japanese. [JSTOR; Project MUSE; Oxford University Press; Cornell University Press blog post].
A. Shostack & A. Stewart, The New School of Information Security, Addison-Wesley, 2008. This book was used at Harvard Kennedy School, Drexel University, the Heinz School of Public Policy and Management at Carnegie Mellon University, and was reviewed in IEEE Cipher.

Refereed Journal Articles

A. Stewart, A Utilitarian Re-Examination of Enterprise-Scale Information Security Management, Information and Computer Security 26, no. 1 (2018): 39-57.
A. Stewart, Can Spending on Information Security be Justified? Evaluating the Security Spending Decision from the Perspective of a Rational Actor, Information Management & Computer Security 20, no. 4 (2012): 312-326.
A. Stewart, A Contemporary Approach to Network Vulnerability Assessment, Network Security 2005, no. 4 (2005): 7-10.
A. Stewart, Information Security Technologies as a Commodity Input, Information Management & Computer Security 13, no. 1 (2005): 5-15.
A. Stewart, On Risk: Perception and Direction, Computers & Security 23, no. 5 (2004): 362-370.
A. Stewart, No Illusions: Rethinking Information Security Policies and Standards, Information Security Bulletin 8, (2003): 229-234.

Conference Papers

A. Stewart, Efficient Visualization of Change Events in Enterprise Networks, IEEE Workshop On Enterprise Network Security, Baltimore MD, August 28, 2006.

Technical Reports

A. Stewart, A Utilitarian Re-Examination of Enterprise-Scale Information Security Management, Department of Mathematics, Royal Holloway, University of London, 2014. This M.Sc. thesis was subsequently published in Information and Computer Security 26, no. 1 (2018): 39-57.

Other Papers

Sasha & Beetle, A Strict Anomaly Detection Model for IDS, Phrack Magazine, 10, no. 56 (2000).
A. J. Stewart, Distributed Metastasis: A Computer Network Penetration Methodology, Phrack Magazine 9, no. 55 (1999).

Academic Service

Editorial Advisory Board Member and Referee, Information and Computer Security (formerly Information Management & Computer Security), 2009-present; 47 reviews completed.
Referee, Computers & Security, 2009-present; 40 reviews completed.

Education

M.Sc. Information Security, with Distinction, Royal Holloway, University of London, 2013.
MBA, Emory University, 2009.
B.Sc. Computing, with Honors, Oxford Brookes University, 1997.

Sun Oct 1 12:28:19 PDT 2023