ISACA Journal - 2012 Volume 6

Five Questions With...

Brian Schaeffer, CISA, CISSP
Brian Schaeffer, CISA, CISSP, is senior vice president and chief
information officer (CIO) at Liberty Bell Bank. Schaeffer has 17
years of experience in IT and information security within financial
services, health care, publishing and the public sector. Schaeffer
has served as CIO for Liberty Bell Bank since 2002, building the
bank from its inception to a US $170 million asset-size community
bank supporting a four-branch operation in southern New Jersey,
USA. He is currently the president of the Philadelphia Chapter of
InfraGard, an information-sharing and analysis effort between
the US government and an association of businesses, academic
institutions, and state and local law enforcement agencies.

Q you are an active member of both ISACA and Infragard Member Alliance (IMA) ( www.infragardmembers.org). As an ISACA member, what particular value do you find in IMA? How do you see the two organizations correlating, and how does IMA provide value to you as an ISACA member?

Q As an entrepreneur and founding officer of a bank, what unique challenges have you
encountered in your role as chief technology/
information/security officer?

A As an ISACA member, I think InfraGard provides me an opportunity to broaden my professional horizons. Besides having access to law enforcement professionals, the knowledge I gain from attending InfraGard meetings has helped me to round out what I have learned through ISACA. Certain events, especially those that are cyberrelated, transcend both groups. Being able to hear two perspectives really helps to round out the important aspects of a given issue. Beyond that, what I find helpful in being a member of both organizations is having access to smart people with diverse knowledge. In my experience, it is generally who you know, not what you know, that gets you out of a tough situation.

A Well, in the beginning, you are doing everything. One moment you are drawing out the network on a white board, the next you are unboxing and configuring servers and routers. It is both extremely exciting and tremendously stressful. You have to be able to stomach the ups and downs of entrepreneurial life. You also find yourself working on things outside your realm of expertise. There were many regulatory things I had to do as well as help the chief financial officer (CFO) with some of the public accounting reporting. One thing is sure, there is never a dull moment.

Do you have something to say about this article?

Visit the Journal pages of the ISACA web site ( www.isaca. org/journal), find the article, and choose the Comments tab to share your thoughts.

Go directly to the article:

Q How do you believe the certifications you have attained have advanced or enhanced your
career? What certifications do you look for
when hiring new members of your team?
Q After having served as a systems administrator and chief technology officer (CTO) for many
years, you expanded into security. Did you find
this to be a natural progression and do you find
your administrator background of value?

A Information security is woven into a large part of systems administration. Each operations system or application has its own set of permissions and controls that need to be configured. You also have to be knowledgeable about how networks work and how business functions. All of this knowledge served as a foundation for building and evaluating information security in the enterprise. So, the transition was natural and extremely useful.

A I believe my certifications have enhanced my career. Their biggest value was in dealing with the bank regulators. Regulators are always trying to ensure that the person leading the project is appropriately qualified.

My certifications, in conjunction with my work experience, have helped me to build confidence with bank regulators. When looking for candidates I like to see certain certifications, such as Certified Information Systems Auditor® (CISA®) and Certified Information Systems Security Professional (CISSP). With certifications that require continuing education credits, it is easy to verify whether someone is staying current in the profession. This also shows some initiative, a trait all employers like to see in a candidate.