Featured Subject Matter Expert: Andrea Di Fabio

Andrea Di Fabio

Andrea Di Fabio
Information Security Officer, Norfolk State University

Which exams have you helped develop?
CompTIA Security+, CompTIA Advanced Security Practitioner, CompTIA Network+, CompTIA Linux+, CompTIA Strata IT Fundamentals, CompTIA Green IT.

Why did you become a subject matter expert?
It is an incredible opportunity to work in unison with remarkably talented IT experts from different backgrounds, and share our knowledge to improve the state of IT 

You’ve helped develop the CompTIA Advanced Security Practitioner exam. How are the objectives for this test different from CompTIA Security+?
If CompTIA Security+ is aimed at certifying that the candidate has a general knowledge of IT security, the CASP exam is geared toward certifying that the candidate has extensive knowledge of IT security and is able to make informed decisions. The CASP takes the CompTIA Security+ objectives to the next level with real-world complex technical scenarios and challenges the candidate to make management decisions in enterprise environments. Like the exam development team says: The buck stops with the CASP candidate.

How did you get into IT?
This will give away my age: I started as a young child with a Commodore VIC-20 and a computer book on the BASIC language. I always wanted to see what I could make the computer do; I was never interested in what the computer could make me do (i.e. play video games). I quickly realized that I had to learn the assembly language to get into the nuts and bolts of my Commodore. Back in the days, I was also a ham radio operator, tinkering with tube radio amplifiers and transistors. When the two passions found a way to combine, there I was broadcasting packets over the air. The rest is history. I earned my bachelor’s in computer engineering and my masters in computer science at Old Dominion University in Norfolk, VA, while working for the University Information System Group focusing on IT security. After college, I dove straight into the corporate world. 

What do you do for your day job?
As the Information Security Officer, I am responsible for the security well-being of the University IT infrastructure. As such, I develop the University IT security plan, help develop University IT and security policies, conduct IT risk assessment, and develop and test the university continuity of operation plan and disaster recovery plan. When I am not writing and planning, I am in the data center installing and configuring firewalls, intrusion detection and prevention systems, and pulling cables. I am fortunate to be surrounded by a great team of individuals who work long and hard, and by a supporting boss and a president who take information security very seriously. 

What are you doing when you're not working?
I am always working in someone's eyes since my hobbies are IT-related. When my 8-5 day is over, I use my spare time to teach evening, hands-on, IT security classes at a nearby college, prepare for class and grade assignments. I prepare and make presentations on Internet safety and other IT security topics for local schools, and national security-focused conferences such as Educause. I was recently appointed to serve on the Commonwealth Information Security Council and I spend some of my spare time researching and advising the Chief Information Security Officer on matters pertaining to State security and State IT policies. On the weekends, I relax and spend time with my beautiful wife and my stepson, sometimes I exercise, and when my wife allows me in the kitchen I cook some good Italian food. Lately, we have been working on getting things ready for the arrival of our son Alessandro.