Frank Groneman, a network-security engineer at Gtech Corp., a Rhode Island firm that provides high-tech services for approximately 70% of the world's lotteries, says that Security University courses gave him the hands-on experience that he was looking for. "I learn by doing," he says. "I can watch people put up slides all day, but it doesn't really sink in." Like many other firms with high-level security needs, Gtech encourages staffers to keep up to speed on the latest advancements -- or risks -- in the field. "We need to have absolute security," Groneman says. "One transaction could be worth $200 million to $300 million."

One year after launching the university, Schneider tried to sell it to a New York firm (she won't reveal the name). When that deal didn't work out, she took back ownership and relaunched this past March. Now, she says, her goals are to expand her course offerings, recruit more instructors, and roll out the first AIS Certification test by mid-2003. But her one driving concern, she says, is to spread the word about the urgent need for enhanced information security. "If somebody said, 'Here's $100 million, what do you want to do with it?' I would offer 10 times more programs, decrease the cost of classes, and make sure that millions of people get trained."

Tell that to Congress, says Philip, our secretive friend from the INS, whose agency has come under attack for its failures before and after September 11. "Until recently, we've had antiquated network procedures because improvements didn't get funded," he says. "Faulting folks at the INS or the Border Patrol for security lapses is totally misplaced."

Contact Sondra Schneider by email (s0ndra@securityuniversity.net).

Sidebar: The Case of the Phony Fingerprint

As the furor over missed signals by the FBI and the CIA demonstrates, there's no shortage of ways in which humans can screw up security. And even the most sophisticated security system can't always defend against human foibles. Take the latest favorite gizmo of Sondra Schneider, the founder and CEO of Security University. A handheld biometric fingerprint-sensor and smart-card device, this gadget allows you to program your fingerprint in, keeping your system secure from access by anyone but you. Or does it?

Last fall, Schneider hooked up the gadget to her computer and scanned in her fingerprint. On her hard drive was a presentation that she was scheduled to deliver at Comdex, the big computer show in Las Vegas. But 20 hours before leaving, she accidentally grabbed the handle of a hot pot on her stove, searing her fingers down to the bone -- and destroying her fingerprint.

As luck would have it, Schneider has an identical twin. So she called her sister, who lives in San Diego, told her to hop on the next plane to Las Vegas, and hoped for the best. At the convention, her sister was able to log on to Schneider's computer, and the presentation was saved.

Her obvious take-away?

"Companies should be sure to ask employees who have high access to knowledge inside an enterprise if they have an identical twin," she warns. Otherwise, they're a security risk."