In 2007, Winn was voted one of the Top 5 Security Thinkers by SC Magazine.

WINN SCHWARTAU
Age: 55
Occupation: Author; founder, SCIPP International; also founder of InfowarCon, NiceKids.Net and Interpact, Inc.
Personal: Married, two children
Recent accomplishments: Completing three separate books; still skiing
Awards: “Have a whole bunch in boxes. I don't hang them on the walls because I prefer pictures of the mountains to looking at awards.”

Ask Winn Schwartau what first made him interested in end-user education and he'll immediately list two reasons — his children.

“It started back in the early 1990s, I guess Windows 3.1 more than anything, and then my kids were on it,” he says. “My daughter was six years older than my son, and [they were using] the dial-up [connection]. And I wrote a book back then that morphed into Internet and Computer Ethics for Kids.”

About 15 years — and numerous operating systems — later, the concept of user education, championed by author and consultant Schwartau, has given birth to a nonprofit organization providing cybersecurity certification to ordinary PC users.

SCIPP International (the acronym's meaning is unavailable) was formed by Schwartau with the help of an all-star roster of prominent IT security minds and uses the organization's SCIPP General Accepted Practices and an annual certification program to bring end-users up to date on threats and best practices.

The program is another instance of Schwartau, who gained acclaim in the 1990s for his books on cyber-warfare and future threats, playing a lead role in public advocacy of security issues, says Howard Schmidt, former White House cybersecurity adviser and (ISC)2 security strategist.

“[End-user education] is one of the three legs of the stool. You have the hardware and software vendors building better products, the enterprise operators, and that third leg is the user and consumer space,” Schmidt says. “He's looking for ways to solve the problems. A lot of people talk about the problems and complain, but he's been proactive in coming up with ways to solve the problems.”
SCIPP International's genesis occurred at a trade show, Schwartau recalls.

“My career has been about awareness and getting people to think about things that they don't have to think about. And I was at a trade show in Washington, D.C. and I remember talking to a bunch of folks at (ISC)2 about how security awareness is getting to be important, and what we really need to do is to get a certification going,” he says. “Everybody said it was a great idea, but the question was, ‘Who is going to take the lead?”

The organization faces daunting challenges. Schwartau, who fondly recalls arguing web addiction with Bill Gates and internet militarization and social dangers with Al Gore in the 1990s, says education also needs to reach hardware and software vendors, which are giving home and office end-users more technology than they need.

“Vendors provide them with an environment that will launch a space shuttle, so hopefully education will be two-fold over time,” he says.

SCIPP has assembled an impressive list of officials and advisers from both the private and public sectors to create smarter, more security-savvy end-users.  Sitting on  the group's advisory board are Schmidt; Rob Pate, deputy director of outreach and awareness at the Department of Homeland Security's National Cyber Security Division; Stephen Carrick-Davies, CEO of Childnet International; and Stephen Katz, founder and president of Security Risk Solutions.

And that diversity of experience will come in handy. The group plans to issue distinct certifications for corporate and government employees and customers, as well as the self-employed and educators.
Schwartau, who compares IT security awareness in some schools to Lord of the Flies, envisions a world where training will make companies safer and help their bottom lines.

“I'll tell you what my hope is, and maybe it's fairly unrealistic considering how long things take in the real world. It's where employees can get certifications that would be able to reduce risk cost, insurance costs and, from a real dollars and cents perspective, the losses are much less internal than external,” he says.