Ponemon Institute Fellows
Linda Ackerman is an attorney who works on health information privacy issues. Most recently, she wrote a report titled "Mobile Health and Fitness Applications and Information Privacy" for Privacy Rights Clearinghouse and helped develop the content for the World Privacy Forum's online guide to health information exchanges in California.
She was a principle contributor to the development of the California Attorney General's as yet unpublished guide to medical identity theft. She is currently working on a project with the Electronic Frontier Foundation, developing content for an educational website on electronic health information exchange and privacy. She has also written a number privacy and security policies and data sharing agreements for health information exchanges.
Alessandro Acquisti is an associate professor at the Heinz College, Carnegie Mellon University (CMU) and the co-director of CMU Center for Behavioral and Decision Research. He investigates the economics of privacy. His studies have spearheaded the application of behavioral economics to the analysis of privacy and information security decision making, and the analysis of privacy and disclosure behavior in online social networks.
Alessandro holds a PhD from UC Berkeley, and Master degrees from UC Berkeley, the London School of Economics, and Trinity College Dublin. He has held visiting positions at the Universities of Rome, Paris, and Freiburg (visiting professor); Harvard University (visiting scholar); University of Chicago (visiting fellow); Microsoft Research (visiting researcher); and Google (visiting scientist). He has been a member of the National Academies' Committee on public response to alerts and warnings using social media.
Ed Adams is a software executive with successful leadership experience in various-sized organizations that serve the IT security and quality assurance industries. As President of Security Innovation, Mr. Adams applies his security and business skills, as well as his pervasive industry experience in the software quality space, to direct software security experts to help organizations understand the risks in their systems and develop programs to mitigate those risks. The company has delivered high-quality risk solutions to the most recognizable companies in the world including Microsoft, IBM, Fedex, ING, Nationwide and HP. Prior to Security Innovation, Mr. Adams held executive management positions at Ipswitch, Lionbridge, Rational Software, and MathSoft. He also spent several years working for the US Army and Foster-Miller (now QinetiQ).
Mr. Adams is on the Board of Directors for the National Association of Information Security Groups (NAISG) and the International Secure Software Engineering Council (ISSECO.) In 2004, Mr. Adams founded the Application Security Industry Consortium, Inc. (AppSIC), a non-profit association of industry analysts, enterprise technologists, and security leaders established to define cross-industry application security metrics and best practices. The non-profit eventually morphed into SAFECode at which point Mr. Adams got more engaged with other industry initiatives, including OWASP.
No stranger to the podium, Mr. Adams has presented to thousands at numerous seminars, software industry conferences, and private companies. He has contributed written and oral commentary for business and technology media outlets such as New England Cable News, CSO Magazine, SC Magazine, CIO Update, Investor's Business Daily, Optimize and CFO Magazine. Mr. Adams earned his MBA degree with honors from Boston College and has B.A. degrees in Mechanical Engineering and English Literature from the University of Massachusetts.
Dr. Joe Adams is the Vice President for Research and Cybersecurity at Merit Network, Inc. In this role, he is the director of the Michigan Cyber Range, an internationally recognized platform for education, exercises, and testing in cyber security. Recently retired from the US Army as a Colonel in the Signal Corps, he served as an Associate Professor at the US Military Academy before becoming the Chief Information Officer at the National Defense University.
Joe earned a B.Sc. in Computer Engineering from Syracuse University and a M.Sc. in Computer Systems Engineering from the University of Arkansas. His Ph.D. is in Computer Engineering from Virginia Polytechnic Institute and State University, where his research focused on network security and access control in mobile ad-hoc networks.
Phil Agcaoili is the Chief Information Security Officer at Elavon, a U.S. Bank subsidiary and the 4th largest payment processing company in the world. He has been an influential leader in the Information Security industry for almost 25 years and has established industry-leading security organizations from start-ups to the Fortune 25. He was previously the CISO at Cox Communications and VeriSign, and led successful global security teams at Dell, Scientific-Atlanta, and General Electric. He influenced the development of the NIST Framework for Improving Critical Infrastructure Cybersecurity, shaped cyber security for US Telecoms as committee co-chair of the FCC CSRIC and the Communications Sector Coordinating Council, and Communications ISAC, and is a member of the Financial Services Information Sharing & Analysis Center (FS-ISAC) and Payments Processing Information Sharing Council (PPISC). He is a privacy and trust leader as a Ponemon Institute Distinguished Fellow and as the Chairman of the Fellows.
Phil has served on the Board of Directors and Advisory Boards for several start-ups, Information Security Magazine, CSO Magazine, CIO Magazine and CISO Executive Network. He won the inaugural Information Security Executive of the Decade Award, 2013 Evanta Global Top 25 Breakaway Leader Award, 2012 RSA Conference Award for Excellence in the Field of Security Practices, 2010 Information Security Magazine Security 7 Award, 2009 Information Security Executive of the Year Award, and was inducted into the East Greenbush Education Foundation Hall of Fame. Phil's teams have been recognized for their achievements and teamwork.
James J. Allen, CIPP
Jim Allen is a well-known and highly respected privacy and risk management expert with over 25 years experience. In his most recent position as Chief Privacy Officer for Agilent Technologies, headquartered in Silicon Valley, he led the development and implementation of a comprehensive worldwide customer and employee privacy program. Mr. Allen was instrumental in making privacy a company value. As a result, privacy has been included in the company's annual Social Responsibility report.
Mr. Allen has a reputation for a practical and cost effective approach to very complicated issues. Many of his outcomes have been recognized as best practices and Mr. Allen is often requested to share his expertise at meetings, conferences and educational seminars. This has included presentations at the annual IAPP conferences and the Practicing Law Institute. He has a passion for the topic of privacy and looks forward to making significant contributions in the future.
Yariv Alpher is a seasoned strategist and market researcher whose work has focused on business strategy, innovation and product development, and brand positioning and architecture. He's experienced in a variety of industries, including IT, financial services, media and CPG, and has a wealth of international experience, having led research initiatives in the U.S., Europe, Japan, India, China, Latin America and the Middle East.
Yariv is currently the Chief Research and Customer Insights Officer at Lodestar Research, a boutique consultancy that focuses on b2b clients in the IT, financial services, healthcare and Federal/Gov sectors. Previously Yariv was Vice President of Marketing Research at CA Technologies (formerly Computer Associates), where he established the market research function, supporting all business units globally. Here, Yariv was closely involved with CA's turnaround, rebranding and the increased focus on cloud computing, virtualization and security. Prior, Yariv held senior positions in both the research and financial services sectors.
Over the years Yariv has conducted dozens of studies that focus on IT security, information management and risk management. These have spanned a gamut of issues, from understanding perceptions of vendors in the categories, gauging specific needs and trends, and informing on the relationship between security/risk and strategic business and IT initiatives (such as the adoption of cloud platforms and solutions).
Yariv earned a BA in History and Philosophy from Tel Aviv University, and holds an MA in the social sciences from the University of Chicago (focus on the evolution of consumer communities). Yariv earned a second MA in sociology from New School University (focus on workplace dynamics), where he also completed his doctoral coursework.
Yariv lives with his wife and two children in Westchester County, New York.
Darin Andersen is an Internet of Things and cybersecurity professional and the Founder & Chairman of CyberTECH (CyberHive San Diego and iHive Incubators), a global cybersecurity and Internet of Things network ecosystem. Darin is also President & CEO of CyberUnited, INC., a cybersecurity and analysis firm focused on big data and predictive analytics. Before founding CyberUnited, Darin was the General Manager, North America for Norman Shark, a global leader and pioneer in proactive security solutions and forensics malware tools, recently acquired by Blue Coat Systems.
In 2011, Darin received an “Exemplary Performance Award” for Cyber Security by San Diego Business Journal and in 2010 he was named a “Top Influential” by The San Diego Daily Transcript. Darin created the “Securing Our eCity” initiative (now a private Foundation) in his former employer at ESET, where he was Chief Operating Officer. The initiative (which is now an independent Foundation) was recognized by The White House as the “Best Local/Community Plan” DHS National Cybersecurity Awareness Challenge. Darin has an MBA in Finance and Operations Management and 2nd Masters in Information Systems and Operations Systems both from University of Southern California.
Jerry L. Archer, CISSP
Jerry Archer is senior vice president and chief security officer for Sallie Mae. Mr. Archer's responsibilities include securing and protecting consumer privacy and for information security initiatives across the enterprise. Prior to this position, Mr. Archer was the chief information security officer for Intuit's global operations.
Prior to Intuit, Archer was managing director at Global Competitive Strategies, LLC, where he provided insight and validation in the areas of policy, technology, products and strategy to a broad array of firms and government. Previously, Mr. Archer was senior vice president for Global Interoperability at Visa International, where his team codified the policies, standards and best practices for Visa systems and networks globally. Before Visa, at the Fidelity Brokerage Company, he was senior vice president of information security and technical risk providing leadership for the brokerage company's operational and strategic security and risk programs.
Earlier his work in the U.S. Intelligence Community earned Mr. Archer the National Performance Review Hammer Award, a Distinguished Service Award from the Central Intelligence Agency and a Meritorious Unit Citation from the National Security Agency. Mr. Archer is a member of many professional and industry groups such as the ACM, IEEE, ISAC, ISC2, and ISSAC.
Eric Ashdown is Asia Chief Security Advisor at Microsoft and is headquartered in Singapore. Mr. Ashdown is a risk management, strategy, security and privacy senior leader with a track record of success in demanding large corporate and entrepreneurial environments. Previously, he was Senior Director and Partner, Global Security Strategy & Risk Management at Accenture and Senior Director of Business Online Services, Risk Management at Microsoft Corporation.
According to Mr. Ashdown, he has taken an entrepreneur's attitude toward new businesses, new projects, business turnarounds, consulting and positions held. This has honed an ability to look holistically at problems and challenges, across cultures, while operating in an increasingly borderless world. The range of geographies where Mr. Ashdown has used these skills includes China, Hong Kong, Taiwan, Hungary, the US, UK, Canada, Malaysia, Jordan, Singapore, Germany, Macau and Brunei.
Tom Bain, Vice President, Sales and Marketing, CounterTack
Bain leads the strategic go-to-market, analyst and research efforts at CounterTack with over 13+ years of experience with leading IT Security organizations. He also serves as a key security evangelist for CounterTack.
Bain’s responsibilities include management of Global Marketing, North American Inside Sales, and Analyst, Public and Investor Relations. His strategic experience in cyber spans endpoint, database, network and application security, security services and security training. Prior to CounterTack, he spent time with Security Innovation, Q1 Labs (an IBM Company) and Application Security, Inc. (a Trustwave company), and has worked with leading security brands including AffirmTrust, Wave Systems, Sophos, CA and Red Hat.
Bain is a frequent presenter at conferences including Hacker Halted, Global CISO Summit, SecureWorld Expos, OWASP, Strata + Hadoop World, GoSec, The Rocky Mountain Information Security Conference, Terrapin Cyber Security Conference, America’s Growth Capital, The Montgomery Summit, Camp IT and Boston Security Conference. He has been published in Channelnomics, VentureFizz, Security Week, Health Data Management and Digital Forensics.
He earned an MS degree in International Relations and Public Affairs from UMASS and holds a BA in Communications from Rhode Island College. Bain sits on the advisory board for multiple emerging technology organizations.
Ken Battista is an information technology professional whose career has spanned more than 35 years. Ken has worked in the telecom industry for the past 25 years with Alltel Wireless and Verizon Wireless. He had responsibility for privacy office operational management which included: privacy incident management, business partners’ privacy risk and security assessments and analysis, including corrective action mitigation in order to protect sensitive and personal information. He also had responsibility for developing and implementing privacy and information security policies and standards in large enterprise organizations. In addition, he has been a privacy advocate and provided privacy and information security best practices awareness corporate-wide. During his career he also has had responsibility for software development, systems support, disaster recovery and business continuity, client relationship management, as well as privacy office management.
Ken is a member of the International Association of Privacy Professionals and has earned the Certified Information Privacy Professional (CIPP/US) certificate. He retired from Verizon Wireless in 2013.
Ken is a graduate of King's College, Pennsylvania.
Mr. Blackwell has worked across a broad spectrum of industries including eCommerce, digital and analog gaming, telecommunication, aerospace/defense, financial services, and pharmaceuticals, a few of which include Hasbro/Wizards of the Coast, DNA Response, Bell Core, NASA, Dept of Defense, Goldman Sachs, Liberty Mutual, Washington Mutual, Johnson & Johnson. He has served as Consultant, a Senior Vice President in a 65,000 employee bank as well as a Company Founder, a CTO, and a Chief Architect.
He has technical expertise in expert systems, cloud computing, data privacy/security and eCommerce for which has developed products, filed patents, spoken at conferences, served on advisory boards and participated in industry standards bodies. His data privacy/security background includes the development of anti-virus software, key based authentication mechanisms, eXensible Access Control Markup Language, and globally distributed customer data management systems as well as dealing with the regulatory processes in the industries he has served.
Simon Blackwell is currently a consultant focused on leading edge technologies for eCommerce and digital gaming.
Christopher Budd is a communications manager with Trend Micro. His focus is on communications around online security and privacy threats to help people understand in plain English the risks they face and what they can do about them. In addition, he focuses on managing crisis communications utilizing a framework and processes he helped put in place.
Prior to Trend Micro, Christopher worked as an independent consultant focused on helping clients build crisis communications frameworks for online security and privacy incidents. Christopher draws on his experience as a ten-year veteran of the Microsoft Corporation, where he oversaw and managed worldwide internal and external communications around security and privacy incidents affecting Microsoft customers. During his tenure at Microsoft, he pioneered new strategies and tactics embracing new media technologies that dramatically improved the handling of communications around incidents and helped, as he likes to say, “make awful news just bad”.
Christopher is a seasoned spokesperson and speaker and presenter. He has been an expert on television and radio numerous times. At Microsoft he led a live monthly security webcast for over six years. He has also given numerous presentations on communications and technology at a variety of technology and non-technology conferences.
Christopher is a widely published author on technology and other topics. He currently contributes a monthly column on Social Media and Online Security to the Windmilll Networking blog as well as regular contributions to Geekwire and Betanews. He is a regular presence on Trend Micro’s blogs for security experts and consumers. He has been a monthly columnist for TechTarget on Microsoft security issues. He is also co-author of two books. Outside of technology topics, he has authored numerous articles on topics ranging from history to philosophy and gaming and is a contributing author to a book on the history of philosophy.
He earned a Bachelor of Arts in Comparative Religion from Oberlin College and a Master of Arts in Philosophy with honors from St. John’s College.
His interests include music, history, psychology, mythology, and comparative religion. You can read his personal blogs at christopherbudd.com, Andante, and Taklamakan. He lives outside of Seattle with his family, including four cats and a dog.
Dan Burks is an operations risk management executive with over 30 years of experience developing and sustaining risk oversight for major financial institutions in privacy, data protection, information security, incident response management, enterprise assessments and third party risk management. Dan has successfully led teams to design and integrate oversight of process and risk indicators into an enterprise governance, risk and compliance framework leveraging privacy by design principles, a three layered risk governance and security risk model and automated risk governance tools.
Dan most recently served as Senior Vice President and Enterprise Privacy Officer with U.S. Bank where he championed customer focused solutions across the company in compliance with multi-country regulatory requirements and industry control frameworks requiring a pragmatic and collaborative approach with business partners and industry regulators.
Dr. Ann Cavoukian is recognized as one of the leading privacy experts in the world. Noted for her seminal work on Privacy Enhancing Technologies (PETs) in 1995, her concept of Privacy by Design seeks to proactively embed privacy into the design specifications of information technology and accountable business practices, thereby achieving the strongest protection possible. In October, 2010, regulators from around the world gathered at the annual assembly of International Data Protection and Privacy Commissioners in Jerusalem, Israel, and unanimously passed a landmark Resolution recognizing Privacy by Design as an essential component of fundamental privacy protection. This was followed by the U.S. Federal Trade Commission’s inclusion of Privacy by Design as one of its three recommended practices for protecting online privacy – a major validation of its significance.
An avowed believer in the role that technology can play in the protection of privacy, Dr. Cavoukian’s leadership has seen her office develop a number of tools and procedures to ensure that privacy is strongly protected, not only in Canada, but around the world. She has been involved in numerous international committees focused on privacy, security, technology and business, and endeavours to focus on strengthening consumer confidence and trust in emerging technology applications.
Dr. Cavoukian serves as the Chair of the Identity, Privacy and Security Institute at the University of Toronto, Canada. She is also a member of several Boards including, the European Biometrics Forum, Future of Privacy Forum, RIM Council, and has been conferred as a Distinguished Fellow of the Ponemon Institute. Dr. Cavoukian was honoured with the prestigious Kristian Beckman Award in 2011 for her pioneering work on Privacy by Design and privacy protection in modern international environments. In the same year, Dr. Cavoukian was also named by Intelligent Utility Magazine as one of the Top 11 Movers and Shakers for the Global Smart Grid industry, received the SC Canada Privacy Professional of the Year Award, was honoured by the University of Alberta Information Access and Protection of Privacy Program for her positive contribution to the field of privacy, and was ranked by Women of Influence Inc. as one of the top 25 Women of Influence recognizing her contribution to the Canadian and global economy. This award follows her recognition in 2007 from the Women’s Executive Network as one of the Top 100 Most Powerful Women in Canada.
Jeffrey Carr is the principal consultant for the 20K League, and has been an internationally known author and consultant on cybersecurity and cyber warfare since 2008. He was the founder and principal investigator of Project Grey Goose (an investigation into the Russian government’s role in cyber attacks against the Georgian government during the 2008 war), the author of Inside Cyber Warfare (2009 and 2011 editions), and the founder of the Suits and Spooks security collision (a two day event held in Washington D.C., London, New York, and other cities since 2011).
During his career as a cybersecurity consultant, Jeff has acted as a trusted third-party advisor for the in-house security teams at multinational corporations in the defense, telecommunications, and media sectors and has provided post-breach remediation advice and vulnerability assessments for many Fortune 1000 companies.
He has worked as a contract subject matter expert for the Central Intelligence Agency’s Open Source Center; provided day-long workshops at the U.S. Army War College, Chief of Naval Operations Strategic Study Group, Defense Intelligence Agency; and participated as one of the experts interviewed by Dr. David Bray and his team for the National Commission for the Review of the Research and Development Programs of the U.S. Intelligence Community.
Ms. Uma Chandrashekhar leads the Global Information Security program at Edwards Lifesciences. Previously she was a senior executive in Information Security, Reliability, and Privacy leading the design and implementation of global information programs resulting in increased customer satisfaction, increased revenue, and cost savings. As Vice President, Chief Technical Office, Security, Reliability, Eco-Environmental Group at ALCATEL-LUCENT, BELL LABS, she established the corporate strategic vision for security, reliability, privacy, and designed the roadmap for successful implementation across all business units worldwide.
Uma has represented the U.S. delegation in the ISO 27000 Information Security Standards Series and served as co-editor for the ISO/IEC 27003, ITU standards. She holds several patents in information security, privacy, and reliability. Her credentials include guest editor for Bell Labs Technical Journal special issue on security; invited council member of the U.S. Federal Communications Commission’s Security, Reliability, and Interoperability Council (CSRIC); distinguished fellow of the Ponemon Institute; and board member of Journal of Law and Forensics. Uma is CISSP, CISA, CISM, CRISC, and PMP certified.
Alan Chapell, CIPP
Alan Chapell is the founder of Chapell & Associates, a premier research and consulting firm focusing on consumer privacy.
He established the privacy program at Jupiter Research, which targets the consumer Internet economy. Chapell created and implemented DoubleClick's research product suite, which produced advertising effectiveness products that measure the brand impact of online advertising. He also worked with e-mail marketing firms, including Yesmail (now a division of Experian), where he assisted clients with privacy issues.
He is a regular contributor to the iMedia Connection, the DMNews, and the International Association of Privacy Professionals' Privacy Officer Advisor.
Harry C. Chapman, CMC
Harry Chapman is a founder and principal of the San Francisco-based Bay Area Consulting Group LLC. His work with a division of Wells Fargo Bank in developing and implementing a balanced scorecard is now taught at the Harvard Business School. Chapman has helped large organizations develop balanced scorecards in the United States, Canada, and South Africa. He leads a two-day seminar on the Balanced Scorecard every six months in Rome.
Chapman has developed a balanced scorecard framework tailored to privacy. He is an expert in developing practical and effective performance measurement programs directed toward improving organizational performance.
He is a founder of the Bay Area Consultants Network, a non-profit organization dedicated to enabling consultants to become more effective.
Keith A. Cheresko is a Principal of Privacy Associates International LLC. Privacy Associates International is a Michigan-based privacy consultancy delivering experienced-based, practical guidance in assisting its clients address all aspects of privacy. Mr. Cheresko spent the majority of his career at Ford Motor Company as a member of the Office of the General Counsel. During his 26 year tenure at Ford, he held an assortment of legal assignments supporting Ford’s diverse business activities, including time with Ford Motor Credit Company, Ford’s finance subsidiary, where he played a role in the development of financial privacy policies and practices designed to meet the federal Gramm Leach Bliley Act’s financial privacy requirements. He also served as counsel to the Corporate Privacy Office and advised or chaired working groups addressing an assortment of privacy matters, from marketing-related activities to development of corporate-wide policies. In his last assignment before deciding to leave Ford, Mr. Cheresko was the primary privacy counsel and de facto privacy leader.
After leaving Ford and prior to joining Privacy Associates International LLC, Mr. Cheresko served briefly as general counsel to the Ponemon Institute, and continues serving as a long time member of the Ponemon Institute's Responsible Information Management Council’s Advisory Board. He is a member of the International Association of Privacy Professionals and a Certified Information Privacy Professional (CIPP/US/IT). Mr. Cheresko received a BA from the University of Michigan-Dearborn, a J.D. from Wayne State University, and is a member of the State Bar of Michigan and the American Bar Association.
James Christiansen is Chief Information Security and Risk Officer of RiskyData, an information security and privacy solutions corporation focused providing clients scalable and cost effective tools and services to manage their Information Risk. Prior to joining RiskyData, James was Chief Information Risk Officer for Evantix and CSO for Experian Americas. James had the overall responsibility for information security providing strategic direction and vision across Experian business units.
James joined Experian after serving as Chief Information Security Officer for General Motors where his responsibilities included worldwide implementation of security plan for the largest financial (GMAC) and the largest manufacturing corporation in the world. Prior to joining GM he was SVP and Division Head of Information Security for Visa International, responsible for their worldwide information security program.
James has been featured in the New York Times as one of the leaders in information security and has won three innovation awards in Cybersecurity, GRC, and Cloud Computing. He has an MBA in International Management, BS in Business Management and is the author of the “Internet Survival Series”, contributing author of “CISO Essentials” and numerous industry papers. James has been chair for the IT Fraud Summit, and co-chair of the ANSI study of the impact of security breaches on healthcare, a prominent speaker for prestigious events such as the Business Round Table, Research Board, American Bar Association, American Banker, RSA, BankInfoSecurity, ISSA and MIS Training Institute.
Jason Clark is fueled by a great passion – the desire to create a united and supportive CISO community. In his position as chief security and strategy officer for Accuvant, Clark has the opportunity to bring the CISO community together to discuss concerns, share ideas, innovate and help each other overcome challenges. It allows him to help organizations go beyond technology to resolve their struggles, and to work with business executives to deliver solutions that create real value for organizations.
Clark brings to his role at Accuvant more than 20 years of experience building and executing successful strategic security programs. He is responsible for developing and delivering a comprehensive suite of strategic services and solutions that help CXO executives change their security strategies through innovation to ensure success while aligning to business goals; and creating the Office of the CISO to bring value to the security executive community.
Prior to joining Accuvant, Clark was the chief security and strategy officer for Websense, where he was a driving force behind the company’s transformation into a strategic player and provider of critical technology for chief security officers (CSOs). In his previous role as chief information security officer (CISO) and vice president of infrastructure for Emerson Electric, Clark significantly decreased the company’s risk by developing and executing on a successful security program for 140,000 employees across 1,500 locations. He has served as CISO for The New York Times, senior manager of security and infrastructure architecture for EverBank, and has held technical leadership positions of increasing responsibility for BB&T and the U.S. Army.
Clark, a well-known thought leader and highly requested speaker, hosts 20 CISO roundtables per year and has been ranked as a top 10 Global Security Leader by ExecRank. He has been quoted in and published by multiple media outlets and has presented at or keynoted more than 40 conferences worldwide, including RSA, Gartner Security Summit, CSO Perspectives, CSO Security Standard, Evanta CISO Summit and ISSA events. Clark earned his master’s degree from Olin Business School at Washington University and his bachelor’s degree in business management from the University of Florida.
Mark Coderre is an Information Security Executive with over 25 years of experience protecting information in Healthcare and Insurance. He is currently a National Practice Lead for OpenSky Corporation, a professional services firm focused on Information Technology and Risk Management services. Mark’s expertise is on CISO Office functions, Advanced Authentication, IT Risk Management and GRC (Governance, Risk and Compliance). Previously, Mark was employed by Aetna in Hartford, Connecticut where he moved from a network analyst to an Engineering Manager to “Director of Security Architecture” and finally “Executive Director of Security Strategy and Risk Management”. Mark has experience building teams and relationships with IT and functions running the gamut of business analysis, architecture, planning, reporting, program management, portfolio management, project and technology assessments, research & development, infrastructure, development and business continuity. Notable in his career are single sign-on, consumer-minded identity and access management and the organization’s governance, risk and compliance program
Mark’s approach to information security is seasoned through a balance of engineering and architecture experience. Mark interfaces with officers representing compliance, risk, privacy and physical security. Mark has recently directed the fusion of best practices from the financial sector into a healthcare oriented security program.
Mark’s greatest strengths are his creativity, drive and leadership. He thrives on challenges, particularly those that directly align with organizational strategy. Mark is sought after as a mentor and invests time in identifying and growing talent.
Mark’s leadership supports the company brand. Aetna was named a winner of the inaugural CSO40 Awards in 2013 for its international governance, risk and compliance program, Aetna was also named the top leader in Operational Risk Management during the 2014 EMC/RSA Archer summit. In 2008 Aetna earned an Identity Deployment of the Year award from the Liberty Alliance and was featured in Healthcare IT News. Mark was a finalist for Information Security Executive of the year in 2009 sponsored by Technology Executive Networks. Mark subsequently served as a judge for event in both 2010 and 2012.
Mark is a Fellow at the Ponemon Institute and a member of the Institute’s Responsible Information Management (RIM) Council. Mark has served on customer advisory boards for innovative security vendors like Stonesoft and Netegrity and large organizations such as CA and IBM/Tivoli. Mark was asked to participate in several consumer identity and authentication workgroups and was voted to represent regulated industries for the Identity Ecosystem Steering Group created through Presidential Directive in 2011. He has been asked to speak on panels during industry conferences as well as at the White House. Mark has volunteered his time for local schools in the communities surrounding Aetna.
Mark holds a bachelor’s degree in Computer Science from Central Connecticut State University and is certified in both security management (CISM) and risk management (CRISC). He lives in Connecticut where he is raising three daughters. In his free time, Mark likes to boat on Long Island Sound, work on his classic sports car and perform in a local music group.
Brian Contos is a published author and proven business leader. Over the last two decades Brian helped build some of the most successful and disruptive security companies in the world. He is a published author, proven business leader and blogger. Brian has worked as a security expert with Global 2000 companies and government organizations in over 50 countries across six continents. He is frequently interviewed by NPR, Fox, CNBC, CBS News, Bloomberg, Forbes, NY Times, USA Today and the London Times.
After getting his start in security with the Defense Information Systems Agency (DISA) and later Bell Labs, Brian began the process of building security startups and taking multiple companies through successful IPOs and acquisitions including: Riptech, ArcSight, Imperva, McAfee and Solera Networks. He is currently the Chief Security Strategist with Securonix.
Dr. Don Lloyd Cook is currently AVP for Data Privacy at Scottrade, where he is focused on building an enterprise-wide privacy program. He has previously served as Counsel in the Privacy and Technology practice at the law firm of Gill Ragon Owen, and as a Director of Privacy at Lunarline, Inc. and at Walmart Stores, Inc. Additionally, he served as the Chief Privacy Officer and General Counsel of Feeva Technology, Inc., an online advertising firm and as a Senior Consultant for Acxiom Corporation, specializing in global privacy and regulatory issues. He is a member of the International Association of Privacy Professionals, the Arkansas Bar Association and the American Bar Association.
Dr. Cook regularly speaks on privacy issues and has authored academic publications relating to marketing, privacy and intellectual property. Dr. Cook has practiced general and appellate law in Arkansas, where he received his JD and MBA degrees from the University of Arkansas. He is licensed in state courts in Arkansas, federal district courts in Arkansas and the Northern District of Oklahoma, the Eighth Circuit Court of Appeals and the US Supreme Court, where he successfully opposed a Petition for Writ of Certiorari by the State of Arkansas.
Professional certifications include the CIPP (Certified Information Privacy Professional), CIPP/C (CIPP Canada) CHP (Certified HIPAA Professional) and CHSS (Certified HIPAA Security Specialist. He received his Ph.D. in Marketing from Virginia Tech where his dissertation focused on privacy regulation. While at Virginia Tech he was selected as the first Virginia Tech Congressional Fellow and was a Legislative Assistant in the office of Congressman Rick Boucher, a co-founder of the Internet Caucus. He has taught Consumer Behavior, Internet Law and eCommerce courses at universities in Virginia, Louisiana, Georgia and New Mexico.
Nick Copping, Ph.D.
Nick Copping is a technologist who began his career as a physicist at Cal Tech, later becoming a senior research director at JPL. Copping is a former director of corporate engineering for Hewlett-Packard and served as CEO of Atherton Technology and CRI. Copping started ZOOM Marketing with Ellie Victor in 1996. In 2004 he took a sabbatical from ZOOM to become a partner at Microsoft, where he developed the Microsoft Global SI strategy.
In his spare time, Copping builds and plays acoustic guitars, turns wild bowls in his woodshop, and sees just how long he can stay at the bottom chasing turtles in funny-looking scuba gear.
Mr. Corcoran joined IBM in the United States in 1977. Early in his career he held numerous operational and management positions associated with large scale application maintenance and development projects for IBM in North America. In 1987, he became a member of IBM’s market intelligence organization and led numerous efforts to create many new services, one being Business Continuity & Resiliency Services. Over the past 25 years, Mr. Corcoran has been on the senior leadership team for IBM Business Continuity and Resiliency Services as the Director of business strategy, marketing and business development. During this time, Mr. Corcoran also led IBM’s support efforts for numerous regional crisis events (i.e. aftermath of the terrorist attack on September 11, 2001, Hurricane Katrina, Haiti Earthquake, Japan Earthquake, Hurricane Sandy, etc.).
In his current position, Mr. Corcoran is the executive responsible for leading IBM teams in the development of integrated business continuity solutions for clients who require solutions across multiple countries.
He has been quoted in numerous publications, such as ComputerWorld, New York Times, Washington Post, Internet World, Contingency Planning & Management, Disaster Recovery Journal, among others. He has previously spoken on the topic of risk, crisis management, business continuity and disaster recovery at conferences such as IBM Summit, Disaster Recovery Journal Conference, Contingency, Planning & Management, Continuity Insights, SHARE, COMMON and many other events. Pat was on the advisory boards for Continuity Planning & Management and Continuity Insights. He currently is a Special Advisor to the Disaster Recovery Journal Editorial Advisory Board and on the Advisory Board of Continuity Insights.
Mr. Corcoran has over thirty-seven years of professional IT, services and management experience in diverse technology projects and international market segments. He holds a Bachelor’s degree in Mathematics from the State University of New York at Potsdam, and has participated in several leadership, consulting methodology and project management courses. He has also completed a variety of courses in the area of management development, including effective communications, managing change, and personal development. Mr. Corcoran currently resides in Warwick, New York with his family.
On a personal note, Mr. Corcoran is actively involved in many community activities, having been the president of Warwick Little League, president of Warwick School Parent Teachers Associations (PTA), member of the Warwick School Growth Planning Board, board member of Orange Country United Way … and is currently on the boards of Otto Mills Hunting & Fishing Club (President) and the Brian Ahearn Children’s Fund. His hobbies include cycling (road and mountain), music (drummer), hunting and golfing.
Joshua Corman is the Chief Technology Officer for Sonatype. Previously, Corman served as a security researcher and strategist at Akamai Technologies, The 451 Group, and IBM Internet Security Systems. A respected innovator, he co-founded Rugged Software and IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. Josh's unique approach to security in the context of human factors, adversary motivations and social impact has helped position him as one of the most trusted names in security. He is also an adjunct faculty for Carnegie Mellon’s Heinze College, IANS Research, and a Fellow at the Ponemon Institute.
Josh received his bachelor's degree in philosophy, graduating summa cum laude, from the University of New Hampshire.
Malcolm Crompton is Managing Director of Information Integrity Solutions Pty Ltd (IIS), a global consultancy specialising in data protection and privacy strategies. IIS assists companies increase business value and customer trust and ensures government meets the high standards expected in the handling of personal information.
Malcolm is a Director of the International Association of Privacy Professionals Australia New Zealand (iappANZ), an affiliate of the International Association of Privacy Professionals (IAPP). He was founding President of iappANZ in 2008, a Director of IAPP from 2007 to 2011 and is an IAPP Certified Information Privacy Professional. Malcolm's global reputation and expertise in privacy was recognised when IAPP honoured Malcolm with the 2012 Privacy Leadership Award.
As Australia's Privacy Commissioner from 1999 to 2004, Malcolm led the implementation of private sector privacy law. He hosted the 25th International Conference of Data Protection and Privacy Commissioners in Sydney in 2003. Malcolm's global reputation is built on his forward thinking on the handling and governance of personal information and he has consequently been invited to speak at many events in the Americas, Europe and Asia Pacific.
Through IIS, Malcolm has advised the Asia-Pacific Economic Cooperation forum (APEC) regularly on implementation of the APEC privacy framework, including leading seminars held in Hong Kong, Korea and Australia. He has also consulted to the Organisation for Economic Cooperation and Development (OECD) and a wide range of industry sectors, including, technology and telecommunications, health, banking, finance, credit reporting and insurance, education, professional services, transport and parcel services, mining and manufacturing, travel and retail and government.
He is a member of the Microsoft Trustworthy Computing Academic Advisory Board and a number of Reference Groups for research projects on trust in the Internet funded through the European Commission. Malcolm is also a Director of Bellberry Limited, a private not-for-profit company which provides privacy and health ethics advisory services and is a Fellow of the Australian Institute of Company Directors.
Between 1996 and 1999, Malcolm was Manager of Government Affairs for AMP Ltd. In the previous 20 years, Malcolm held senior executive positions in the Federal Department of Finance, served as both a superannuation scheme trustee and scheme founder and worked in the Transport and Health portfolios. Malcolm has degrees in Chemistry and Economics and was awarded the inaugural Chancellor's Medal for distinguished contribution to the Australian National University.
Tom Cross is Director of Security Research at Lancope, where he works on advancing the state of the art in network behavioral anomaly detection with netflow. He has over a decade of experience as a computer security researcher and thought leader. He is credited with discovering a number of critical security vulnerabilities in enterprise-class software and has published papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in internet routers, encrypting open wireless networks, and protecting Wikipedia from vandalism.
Prior to Lancope, Tom served as Manager of Threat Intelligence and Strategy in IBM's X-Force Research organization. One of Tom's contributions at IBM was serving as the technical editor of the X-Force Trend Report, a biannual report that analyzes data about computer security vulnerability disclosures, trends in Internet attack activity, and other data sources that shed light on the state of the Internet threat landscape.
Tom has operated online social communities almost continuously since 1991. In 1996, Tom cofounded Electronic Frontiers Georgia, where he worked to protect the Constitutional rights of Internet users in the US State of Georgia. In 2001, Tom cofounded MemeStreams, an innovative collaborative blogging system that combined online social networking with reputation systems technology.
Tom frequently speaks on information security and technology policy issues at conferences around the world. He holds a Bachelor of Science in Computer Engineering from the Georgia Institute of Technology.
Jack Danahy is the Worldwide Security Executive for the Rational division of IBM, and is an international speaker and writer on topics of software, system, and data security. Jack is the original founder and CEO of two successful security software companies: Ounce Labs, sold to IBM in July of 2009, and Qiave Technologies, sold to Watchguard Technologies in 2000.
Mr. Danahy holds five patents in a variety of security technologies including secure distributed computing, software analysis, and secure system management. He is a contributor to industry and national security groups in the areas of data privacy, cybersecurity, critical infrastructure protection, and has contributed to legislation on computer security in both the US House and Senate.
Dennis Dayman has more than 20 years of experience combating spam, security/privacy issues, data governance issues, and improving email delivery through industry policy, ISP relations and technical solutions. As Return Path’s chief privacy and security officer, Dayman leverages his experience and key relationships to provide best practices to Return Path, its customers, and ensures the compliance of their communications data flows. He is also responsible for coordinating and managing Return Path’s international electronic commerce, privacy and Internet related policy issues.
Previously to Return Path, he was Eloqua’s chief privacy and security officer. Eloqua was acquired by Oracle for $871 Million dollars in 2012 and is now the centerpiece of Oracle’s marketing cloud. Prior to Eloqua, Dayman worked at StrongMail Systems as the Director of Deliverability, Privacy, and Standards. In that role, he handled all deliverability and privacy issues related to StrongMail customers and made best practice recommendations as StrongMail’s representative to a cross-industry alliance of ESPs, ISPs, online marketers and spam-filtering companies. He was also charged with ensuring that new email standards were created and instituted for the protection of legitimate email delivery. He was also charged with ensuring the product met and exceed data governance regulations.
Dayman has also served in the Internet Security and Legal compliance division for Verizon Online, as a senior consultant at Mail Abuse Prevention Systems (MAPS), and started his career as Director of Policy and Legal External Affairs for Southwestern Bell Global, now AT&T. In the ISP roles, Dayman investigated complaints of network abuse, managed discoveries and litigation, worked with the federal task force on e-crimes, and represented the company in relation to new federal and state legislation.
As a longstanding member of several boards and advisory committees within the messaging industry, including helping found and server on the Board of Director’s for the Messaging Anti-Abuse Working Group (MAAWG), serve on the Coalition Against Unsolicited Commercial Email (CAUCE) board, serve on the International Association of Privacy Professional (IAPP) advisory boards, server on the Email Sender and Provider Coalition (ESPC) board, Direct Marketing Association (DMA) Ethics committee, Email Experience Council (EEC) MAC, and appointed a Ponemon Institute Fellow. Dayman is actively involved in creating current Internet and digital communication regulations, privacy/security policies and anti-spam legislation laws for state and federal governments. He also sits on several advisory boards for Internet companies and is also a partner, mentor, and frequent investor in start-ups and Tech Wildcatters http://techwildcatters.com/ which is a mentorship-driven microseed fund and startup accelerator in Dallas, Texas.
Dayman holds a B.A. in Criminal Justice from Stephen F. Austin State University in Texas.
Benjamin Dean is currently a Fellow for Cyber-security and Internet Governance at Columbia University’s School of International and Pubic Affairs (SIPA). A political economist by training, Benjamin currently researches topics surrounding the economics of information and information security.
Previously, Benjamin worked in Paris, France, at the Organisation for Economic Co-operation and Development's (OECD) Center for Entrepreneurship, SMEs and Local Development. During this time he contributed to research covering topics such as innovation policy, financing of start-ups and intellectual property rights. He also took part in reviews of the entrepreneurship policy frameworks of Mexico and Thailand.
An Australian national, he has lived and worked in 7 countries over the past decade. Covering organisations large and small, public and private, his projects have included: setting up Bhutan's first business incubator while in Thimphu in 2011; researching his thesis on public-private partnerships while in Bangalore, India in 2008; writing a white paper on sustainable development, while in Shanghai, China in 2007; and, most recently, he worked with the municipality of Sucre in Caracas, Venezuela, on the development and deployment of a mobile platform for identifying the public good needs of the municipality's residents.
Benjamin earned a Bachelor of Economic and Social Sciences with honours from the University of Sydney in 2008 and with a Master of International Affairs from Columbia SIPA.
Dennis Devlin is CISO, CPO and SVP of Privacy Practice for SAVANTURE, where he oversees information security and privacy strategy, as well as the professional services practice that SAVANTURE offers to its clients. He has over four decades of information technology and risk management leadership experience in both private industry and higher education. During his career Dennis has strategized and led both enterprise wide technology and business initiatives in information security, digital privacy, identity management, wide area networking, electronic messaging, disaster recovery and business continuity, emergency notification, and data center, server and network operations.
Prior to his current role at SAVANTURE Dennis served as Assistant Vice President of Information Security and Compliance Services at George Washington University, Chief Information Security Officer for Brandeis University, Vice President and Chief Security Officer for The Thomson Corporation (now Thomson-Reuters), a member of the senior IT leadership team at Harvard University, and began his career as a software developer, analyst, and IT manager in the pharmaceutical industry at American Hoechst Corporation (now Aventis).
Dennis is a graduate of the University of Pennsylvania and has completed extensive continuing education in IT management. He has lectured at the UCLA Anderson School of Management, Babson College Center for Information Management Studies, University of Massachusetts Strategic Information Technology Center, Center for Advancing Business through Information Technology at Arizona State University and Boston University Metropolitan College. Dennis is a frequent presenter at professional meetings and conferences including the RSA Security Conference, Qualys Security Conference, SC Magazine US Forum, MIS Training Institute, Gartner IT Security Summit, EDUCAUSE, NERCOMP, Institute for Computer Policy and Law at Cornell University, the CSO Magazine Security Confab, the APPNATION Conference, and the Privacy and Information Management Forum at The George Washington University.
Dennis has been featured in numerous articles on security and written for CSO Magazine, SC Magazine and Secure Business Quarterly. He was a contributing author to Security 2020: Reduce Security Risks This Decade. Dennis has served on CSO advisory boards for RSA Security, Qualys, Verdasys, GeoTrust, ChosenSecurity, LogMatrix and the CSO Editorial Advisory Board for SC Magazine. He is also a faculty member of the Institute for Applied Network Security (IANS) and a former adjunct faculty member in the Information Assurance program at the Rabb School of Continuing Professional Studies at Brandeis University
Margaret P. (“Peggy”) Eisenhauer is the founder of Privacy & Information Management Services – Margaret P. Eisenhauer, P.C., an Atlanta, Georgia based law firm. She has extensive experience with U.S. and international privacy laws and industry best practices for managing consumer, customer and employee information.
Ms. Eisenhauer has been named one of the Top 25 American Privacy Law Consultants by COMPUTERWORLD in each of its biannual surveys (2006, 2008, and 2010). She is recognized by Chambers Global: Guide to Leading Business Lawyers in the area of privacy and data security.
In addition to a J.D. with honors from the University of Georgia School of Law (1989), she holds a Master of Science in Information & Computer Science from the Georgia Institute of Technology (1992). She is a member of the International Association of Privacy Professionals, a Certified Information Privacy Professional (CIPP/US), Chair Emeritus of the CIPP Advisory Board, a Fellow of the Ponemon Institute, and a member of the Nymity Advisory Council, the BNA Privacy Law Advisory Board, and the 501st Legion. She is the author of the case book, A Global Survey of Privacy & Security Enforcement Actions with Recommendations for Reducing Risk (International Association of Privacy Professionals, May 2008).
Steve Elefant is currently the Chief Strategy Officer at GoPago, which provides a cloud based Android tablet solution for Point of Sale to merchants around the country. Prior to GoPago, Steve was a Sr. Strategic Consultant at Google, focused on commerce, wallet and Point of Sale.
Steve joined Heartland Payment Systems in November 2008, Steve was a ‘non traditional’ CIO also providing strategic focus for delivering the company's solutions, M&A, Business Development, Strategy and Mobile. Steve led Heartlands Software as a Service (SaaS) applications to its merchant base. In January 2009, he ran and developed Heartlands new end-to-end encryption team focusing on developing point-of-sale products and executing Heartland's E3™ security platform that encrypts cardholder data from the point of swipe/entry at a merchant location through the Heartland processing networks and to the card brands, after Heartland’s massive security breach exposing 100M cards.
Steve was the founder of several successful Silicon Valley startup and venture capital firms. He is co-founder and former chief executive officer of ICVerify, Inc., a leader in payments processing integration of PC-based POS software. The company merged with CyberCash, Inc. where he was Vice- Chairman in 1998 to form an Internet and physical service provider for electronic payments software (which was ultimately sold to FirstData and is still in production today). After leaving CyberCash, Steve was involved in several other startups including a company called Price Radar in the online auction space (technology sold to eBay), a digital content management and micro payments company called Yaga (ultimately sold to Digital River) and then venture capital with Claremont Creek Ventures and Soaring Ventures for the five years before joining Heartland.
Steve has been an active member of the US Secret Service Electronic Crimes Task Force for more than six years, as well as the Federal Bureau of Investigation's Infragard Electronic Crimes Task Force for the past five years.
In his 'spare time' Steve is a passionate Multi Engine Instrument rated pilot, is a Special Deputy doing search and rescue flying for the San Francisco Sherriff's Department and is on the board of the USS Hornet, space, science and discovery museum. Steve holds a Bachelor of Arts, Political Science, University of California, Los Angeles (UCLA).
Mr. Evans is a Vice President and General Manager within the Office of the CTO at Unisys. One of Consulting Magazine’s “Top 25 Consultants”, and one of ComputerWorld’s Premier 100 IT Leaders, he presently leads Portfolio Innovation for the corporate-wide portfolio of service offerings and oversees global thought leadership with respect to the company’s focus on Disruptive Technologies – including Cloud Computing, Big Data / Smart Computing, Mobile Computing, Social Computing and CyberSecurity.
Mr. Evans has over twenty years of consulting experience in all aspects of business innovation and emerging technology practice leadership and solution delivery in a wide variety of industries. He is the author of several business-oriented books on emerging technology and IT strategy including titles from Financial Times Prentice Hall ("Business Innovation & Disruptive Technology: Harnessing the Power of Breakthrough Technology…for Competitive Advantage" and "Business Agility: Strategies for Gaining Competitive Advantage through Mobile Business Solutions"), Tech TV, Microsoft Press, and Powersoft Press.
As an industry luminary, he has shared his thought leadership in leading publications such as Fortune, Time Magazine, Financial Times, CIO Magazine, ComputerWorld, Optimize, Internet Week, RFID Journal, and Washington Technology, as well as broadcast media such as CNBC Squawk Box, History Channel, Discovery Channel and Business Talk Radio.
Prior to his strategy and innovation role, Mr. Evans ran the Enterprise Security practice at Unisys – a worldwide consulting and integration practice covering security of people, goods & assets, and information systems.
Prior to Unisys, Mr. Evans was Global Lead, Emerging Technology at BearingPoint, Inc. (formerly KPMG Consulting). In this role, he focused on the delivery of emerging technology strategies and solutions, including Radio Frequency Identification (RFID), wireless/mobility, web services, business process management, real-time infrastructure, and security, having strategic enterprise value to BearingPoint clients.
Prior to BearingPoint, Mr. Evans was the National Technical Director for E-Business at PricewaterhouseCoopers within their Global Software Solutions Center. He co-founded the National Internet Consulting Practice for Coopers & Lybrand in 1997.
Mr. Evans holds a B.Sc.(Hons) in Geophysical Sciences and an M.Sc. in Oceanography from Southampton University in England. He serves as a frequent advisor to the venture capital community and has served on numerous boards including the Dallas Museum of Art (Technical Advisory Board), TechAmerica, the Software and Information Industry Association (SIIA), and the Service Research & Innovation Initiative (SRII).
He is a guest author and blogger for Computerworld and writes about "Managing Innovation & Disruptive Technology".
Mr. Thomas R Finneran is a principal consultant for the IDennedy Project. He has proposed an approach to use the Organization for the Advancement of Structured Information Standards (OASIS) UML Standard for privacy analysis. He was a consultant for over 25 years for CIBER, Inc. He has acquired over twenty-five years of experience in the field of information technology. His strengths include Enterprise (including data, information, knowledge, business, and application) Architecture, business and data analysis, UML Object Analysis and Design, logical data modeling, database systems design and analysis, Information Resource Management Methodologies, CASE and metadata repository tools, project management and Computer Law. Mr. Finneran is experienced in almost all application system areas, including real-time data collection systems, inventory control, sales and order processing, personnel, all types of financial systems, the use of expert systems, and project management systems. He has developed and taught training courses in the areas of Use Cases, Relational Concepts, Strategic Data Planning, Logical Data Modeling and the Utilization of CASE Tools, among others He is also an experienced intellectual property patent lawyer. For various companies, Mr. Finneran has held such titles as Director, MIS; Manager, Corporate Data Strategy; Manager, Data Administration; Managing Consultant; Manager, Standards and Education; and Systems Designer. These companies include The Standard Oil Company, Corning Glass Works, ITT, ADR, and the U.S. Navy. In addition, he was Vice President and General Counsel of TOMARK, Inc., the developer of the highly successful ABEND-AID software package. He has a Bachelor of Arts, Ohio State University, a Master of Business Administration, Roosevelt University, and a Juris Doctor Degree, Cleveland State. He is a member of the Bar of the U.S. Supreme Court and of Ohio, New Jersey, and Connecticut. Member of Patent Bar.
SVP, Chief Administrative Officer (CAO) Information Security and Technology Risk, Northern Trust
Todd is SVP and Chief Administrative Officer – Information Security and Technology Risk, Northern Trust. He led multiple Fortune 500/large company information security programs for 19 years, was named 2016 Chicago CISO of the Year by AITP, ISSA, ISACA, Infragard and SIM, ranked Top 50 Information Security Executive and authored 3 books-Information Security Governance Simplified: From the Boardroom to the Keyboard, CISO Leadership: Essential Principles for Success (ISC2) and E-C Council Certified Chief Information Security Officer Body of Knowledge. Prior senior leadership includes Grant Thornton International, Ltd, ManpowerGroup, WellPoint (now Anthem) Blue Cross Blue Shield-National Government Services, Zeneca/Syngenta, IMS Health, and American Airlines. Todd earned a B.S. in Business Administration from the University of Wisconsin-La Crosse and Master Business Administration from Oklahoma State University.
Michael Fitzpatrick is the founder/CEO and President of NCX Group, Inc. Michael has over 30 years of information technology experience where he began addressing the technical needs and security concerns of businesses embracing the internet. Today, he leads a team of highly skilled engineers and professional consultants who are dedicated to providing security assessments that protect critical data and ensure a business environment remains operational.
Michael has extensive knowledge in the areas of privacy legislation and regulatory compliance that impact how a business operates. As a recognized leader in business risk management and mitigation, Michael was asked to advise Senator Dianne Feinstein’s office in the development of the NORPDA (Notification of Risk to Personal Data Act) legislation. He has also given advice and guidance to Senator Mary Bono's office in which she is a co-sponsor of H.R. 4127, the Data Accountability and Trust Act (DATA).
As an extension of his passion in data security, Michael hosts a weekly broadcast called The Watchdog Report, where information risk management, business continuity and regulatory compliance are main topics.
Michael is a respected articulate presenter and has appeared as a featured speaker at caworld, OracleWorld, CCIA, Fox News and other national forums.
Patrick Florer has worked in information technology for 33 years. During 17 of those 33 years, he also worked a parallel track in medical outcomes research, analysis, and the creation of evidence-based guidelines for medical treatment. His IT roles have included operations, programming, database design, systems analysis, security, and risk analysis. From 1986 until now, he has worked as an independent consultant, helping customers with strategic development, analytics, risk analysis, and decision analysis. In 2011, he cofounded Risk Centric Security and currently serves as Chief Technology Officer. Risk Centric Security provides training and consulting services in the quantitative analysis of risk and market opportunity.
Mr. Florer received a B.A in Classical Greek, with highest honors, from the University of Texas at Austin in 1972. He was elected to the scholastic honor society Phi Beta Kappa in 1971.
After his wife became a victim of identity theft, he helped her to found the Identity Theft Resource Center in 1999. Jay’s computer and investigative talents lead him to specialize in cybercrime and criminal identity theft. However, he also shared his wife’s passion about all types of all types of identity theft. In partnership with Linda, they have undertaken the fight to bring child identity theft to the forefront – believing that even one case of child identity theft is one too many. He has also been working with the California Office of Privacy Protection regarding identity theft and foster children. Jay is also nationally respected for all of work in the field of identity theft and cybercrime. Along with his wife, Linda, they recently founded a new company that will focus on the major issues of this evolving crime, ID Theft Info Source.
Together they have been interviewed by hundreds of print, radio, and television media about various topics regarding identity theft. In 2004, they received the 2004 National Crime Victim’s Assistance Award presented by the US Attorney General. They have also received numerous commendations and awards for their work in the field of identity theft, victim’s rights, and had served on taskforces ranging from the California Department of Motor Vehicles to the US Attorney General’s task force on identity theft. In 2010, they were honored to accept the Congressional Victims’ Rights Caucus Suzanne McDaniel Public Awareness award on behalf of the ITRC and the Foley's work in helping the public understand the issues of identity theft. The Foley's have served as subject matter experts for various state and federal legislative committees and testified in hearings across the country.
An identity theft survivor herself, Linda has spent the last 14 years studying the crime of identity theft. In 1999 she founded the Identity Theft Resource Center and began to work with victims trying to clear their names and restore their lives. In the early 2000's she began to receive more and more calls from parents whose minor children had become victims of identity theft and by young adults who discovered their identities had been stolen before they turned 18. Some perpetrators were family members, often parents, and others were unknown criminals. Linda has spent the last 14 years researching this particular crime as well as other identity theft crimes. She is nationally respected for the depth of her knowledge of identity crimes and has received numerous awards and commendations for her work. She is currently one of the principal partners of the ID Theft Info Source. Www. IDTheftInfoSource.com
Along with her husband and business partner, Jay Foley, they have been interviewed by hundreds of print, radio, and television media about various topics regarding identity theft. In 2004, they received the 2004 National Crime Victim’s Assistance Award presented by the US Attorney General. They have also received numerous commendations and awards for their work in the field of identity theft, victim’s rights, and had served on taskforces ranging from the California Department of Motor Vehicles to the US Attorney General’s task force on identity theft. In 2010, they were honored to accept the Congressional Victims’ Rights Caucus Suzanne McDaniel Public Awareness award on behalf of the ITRC and the Foley's work in helping the public understand the issues of identity theft. The Foley's have served as subject matter experts for various state and federal legislative committees and testified in hearings across the country.
Mr. Fountain currently serves as senior vice president of Kratos Defense & Security Solutions, following Kratos’ acquisition of SecureInfo Corporation in November 2011. Prior to the Kratos acquisition, he was the president and chief executive officer of the company. SecureInfo is a leading provider of cybersecurity solutions to federal and commercial customers, including large cloud service providers. As senior vice president, Mr. Fountain provides direction to SecureInfo and is responsible for leading operations and strategy across the business. He is focused on expanding upon SecureInfo’s success by maintaining a customer-centric, results-oriented culture.
Mr. Fountain is recognized for his expertise and passion across a spectrum of cybersecurity issues and technologies. He has testified before Congress regarding pending cybersecurity legislation, appeared on radio shows to discuss cybersecurity risks and spoken publically about securing cloud computing solutions. He leads SecureInfo customer strategies to effectively protect information assets used across the federal government and critical infrastructure industries.
Mr. Fountain has extensive experience leading and growing companies in the information technology industry. During his career, he has significantly grown shareholder value culminating in successful liquidity events. He is well versed in raising capital and leading merger and acquisition processes. His experience includes work with security, enterprise resource planning, supply chain, content management and infrastructure software and services companies, serving customers across many industries. He has held senior executive leadership and board positions over the past 18 years. Mr. Fountain has led global operations for companies headquartered in the United States and the United Kingdom, where he lived in 2004 and 2005.
Mr. Fountain also serves on the board of directors of Notable Solutions, Inc.
Mr. Fountain graduated cum laude from the University of Michigan with a B.S. degree in Industrial & Operations Engineering.
Steven F. Fox, CISSP is a Senior Security Architecture and Engineering Advisor with the U.S. Department of the Treasury. He advises multiple teams, offering security guidance on system architecture and engineering to ensure compliance with Federal standards and requirements. He also contributes to multiple working groups including the IPv6 transition team, Developer Security Testing workgroup, and the Security and Privacy workgroup. Mr. Fox brings a cross-disciplinary perspective to the practice of information security; combining his experience as a security consultant, a Sr. IT Auditor and a systems engineer with principles from behavioral/organizational psychology to address security challenges. He has performed security services including risk/vulnerability/penetration testing assessments, incident response planning, PCI DSS services, and social engineering.
Steven is a syndicated blogger covering IT Governance, Risk Management, and IT-Business fusion topics. His speaking engagements include Hacker Halted, ISSA and ISACA events, SecureWorld Dallas/Detroit, Security B-Sides Chicago/Detroit/Vegas, and GrrCon. He also served on the Board of the ISSA Detroit chapter from 2008 through 2012.
Mr. Fox holds an MS in Business Information Technology from Walsh College, an NSA recognized Center of Excellence. He has a BS in Psychology from Eastern Michigan University where he studied industrial applications of behavioral theory. He is also Six Sigma Specialist certified.
Ms. Mari J. Frank, Esq. serves as an attorney- mediator on privacy and other civil matters, and provides testimony as a privacy expert witness for state and federal court cases and governmental hearings. She is the author of several books including the Identity Theft Survival Kit, Identity Theft Prevention and Survival; From Victim to Victor: A Step by Step Guide for Ending the Nightmare of Identity Theft; Safeguard Your Identity: Protect Yourself with a Personal Privacy Audit and the Complete Idiot’s Guide To Recovering From Identity Theft. Since 2005 Mari has hosted the radio show Privacy Piracy on 88.9 FM in Irvine, California. This award winning show (Privacy Innovation Award in 2005 and BE REAL BROADCASTING AWARD in 2011) airs on Monday mornings at 8:00 AM, streams on kuci.org and podcasts on ITunes. (www.kuci.org/privacypiracy).
Ms. Frank consults with businesses and government agencies and provides professional training programs on privacy, conflict resolution, and identity theft issues. She is on the Board of the Privacy Rights Clearinghouse and had served for many years on the Advisory Board of California's Office of Privacy Protection, the Identity Theft Task Force of the L.A. County District Attorney, California's Department of Motor Vehicles Task Force on Privacy, and the Consumer Federation of America ID Task force on identity theft services. Ms. Frank is an Orange County, California Sheriff's Reserve since 2000, she’s a certified trainer for the State Bar of California, a law professor, and she teaches conflict management at the University of California, Irvine and Brandman University. In 2012 the Office of the Information and Privacy Commissioner of Ontario designated Mari a Privacy By Design Ambassador. She is a member of the International Association of Privacy Professionals, and serves as the Privacy Chair of the Executive Committee of the State Bar of California Law Practice Management and Technology Section. In August 2013, she was the editor of the State Bar of California “Bottom Line Journal entitled “Privacy at Risk”.
Ms. Frank has testified many times on privacy and identity theft issues in the California legislature and in the US Congress. In May 1999, she was summoned to the White House to a press conference with President Clinton to speak on Consumer Privacy. Her speech was broadcast on C-SPAN TV. Mari’s 90 minute PBS Television special, “Identity Theft: Protecting Yourself in the Information Age,” aired nationwide. Two of her books and the DVD of the show were featured gifts for viewers who pledged support for local PBS stations across the country. Mari was honored in 2012 by Money Magazine as one of its “Money Heroes.”
Mari has appeared on dozens of national TV programs including Dateline, 48 Hours, the O'Reilly Factor, Investigative Reports, NBC and ABC Nightly News, CNN, Geraldo, CNBC, Montel, the Hugh Thompson Show, Lifetime, Crime Stoppers and many other shows. She has been interviewed on more than 300 radio shows and featured or quoted myriad times in major national newspapers and magazines including: US News and World Report, Your Money Magazine, Money, Parade Magazine, The New York Times, The Wall St. Journal, USA Today, PC Magazine, The Chicago Tribune, The Los Angeles Times, Good Housekeeping; The California Bar Journal, The American Bar Journal, The Washington Post, The New York Daily News, Modern Physician, The Philadelphia Inquirer, and many more national publications. Her many articles have been published in legal journals and numerous magazines.
D. Reed Freeman, Jr. CIPP
Mr. D. Reed Freeman, Esq. is a partner in the Washington, D.C. office of Morrison & Foerster. He focuses his practice on all aspects of consumer protection law, including online and offline privacy issues, data security and breach notification, online and offline advertising review and competitor challenges, and direct marketing. Prior to joining Morrison & Forester, Mr. Freeman was a partner in the Kelley Drye Collier Shannon's Advertising and Marketing Practice Group.
Mr. Freeman served as chief privacy officer and vice president for Legislative and Regulatory Affairs at Claria Corporation. He has also served as staff attorney in the Federal Trade Commission's Bureau of Consumer Protection. Mr. Freeman is a former appointed member of the Department of Homeland Security's Data Privacy and Integrity Advisory Committee and is an adjunct professor for advertising and privacy law at George Mason University School of Law. He is also a an author and a frequent speaker on issues related to advertising and marketing law.
Daniel B. Garrie
Daniel Garrie is the current Managing Director of Alternative Resolution Center's (ARC) E-Discovery Dispute Resolution in Los Angeles and Senior Managing Partner at FSRDG LLC in New York. He regularly consults with attorneys and technologists on Electronic Discovery and Discovery Management issues related to litigation, commercial disputes, business claims, and enterprise information archiving implementation. Mr. Garrie is admitted to practice law in New York and New Jersey and is editor-in-chief of the Journal of Legal Technology Risk Management.
Mr. Garrie specializes in the synchronization of policies with information technologies and related best practices to ensure legal compliance for enterprises worldwide. Mr. Garrie counsels both domestic and international corporations in the domains of E-Discovery, data privacy, enterprise archiving, IT vendor selection, litigation risk management, and cost management. In addition, he leverages his legal and IT expertise to deliver enterprise application architecture, design, deployment, and integration of enterprise record and information management platforms.
Mr. Garrie has published more than 80 articles and books on E-Discovery, Cloud Computing, software, intellectual property, compliance, technology, legal, telecommunications, US and EU privacy policies, and a range of other E-Law issues. Recent publications include a three-part article on the risks and financial issues involved in Cloud Computing published in the Los Angeles Daily Journal, including, “Haste Makes Waste: Charging for Cloud Computing” (7/30/10), “Jurisdiction and Cloud Computing: How Does it Work?” (8/19/10), and “Do the Benefits of Being in the Cloud Outweigh the Risks?” (11/2/10).
Mr. Garrie is a seasoned Electronic Discovery Special Master, and was recently appointed to the E-Discovery Special Master Pilot Program for the U.S. District Court of Western Pennsylvania. He is a frequently sought after presenter at legal and technology seminars and has been invited to symposiums around the world, most recently the 2011 AIIM 360 Conference in Washington D.C., where he presented E-Discovery in the Cloud.
Mr. Garrie is the current Managing Director of Alternative Resolution Center's (ARC) E-Discovery Dispute Resolution in Los Angeles and Senior Managing Partner at FSRDG LLC in New York.
Stanton G. Gatewood
Stanton Gatewood is recognized worldwide as one of the leading experts in information security, strategic planning and privacy. Mr. Gatewood is Chief Information Security Officer for the State of Georgia. He leads GTA’s Office of Information Security Program Management, which unifies information security responsibilities for the state’s IT enterprise, the Georgia Enterprise Technology Services program, and GTA.
He has more than 33 years of experience in cyber security programs for the U.S. military, state and federal governments, higher education, and global corporations. Prior to joining GTA, Mr. Gatewood served as Director of Cyber Workforce Development for Dell Secureworks. He was also Chief Information Security Officer for the University of Georgia, Interim Vice President for Information Technology and Chief Information Officer for Albany State University, and Chief Information Security Officer for the Board of Regents of the University System of Georgia.
A much sought-after speaker and strategist, Gatewood is a tri-lingual author, teacher, and lecturer. Gatewood has traveled extensively transferring his knowledge of Information Security & ePrivacy in Latin America, Middle East, Africa, Asia, and Europe. He is a contributing writer and editor for security journals including Information Security Magazine, SecurityFocus, SC Magazine, Federal Times, Computerworld and CSO magazines.â¨â¨Gatewood has had a long distinguished career in the military, state and federal government, higher education and corporate security spanning more than 33 years. During his distinguished career, Gatewood has built "highly successful" information security and privacy programs, two centers of excellence; one for cryptography and one for awareness, training and education. He has served as the former president of the founding chapter of the Information Systems Security Association (ISSA) in Los Angeles, Calif. and continues to serve on several industry boards. Most recently, Gatewood was named one of SC Magazine's - IT security luminaries and one of the Top 5 influential IT security thinkers in the world.
Nikk Gilbert (CISSP, CISM) is Vice President of Corporate Security & Safety and CSO/CISO for CUNA Mutual Group; a diversified financial services firm with over 4,000 employees worldwide and $16.5 billion in Assets.
Part business strategist, customers advocate and enterprise risk leader, Nikk is able to modernize global organizations by using executive management skills, deep business knowledge and technical credibility. Nikks experience includes working as a CISO and CIO for the American Department of Defense, as well as being a CIO and CISO for NATO and the US Navy where he was awarded the Meritorious Civilian Service Medal.
Nikk is originally from the US and lived in and been to numerous countries throughout the world. Nikk is a frequent speaker at technology events throughout the world. He has been featured in several articles and interviews to include Network World, SANS, Baseline Magazine, Computer World, Computer Weekly, CIO Insight, SC Magazine and others.
Mr. Michael Gregg is the CEO of Superior Solutions, Inc. (www.thesolutionfirm.com), a Houston based IT security consulting firm. His organization performs security assessments and penetration testing for fortune 1000 firms. He has consulted and led assessment activities for many organizations. He has more than 20 years experience in the IT field. He holds two associate’s degrees, a bachelor’s degree, and a master’s degree and some of the certifications he maintains include: CISSP, CISA, CISM, MCSE, CEH, CHFI, CGEIT, and SSCP. Michael has authored/co-authored more than 15 books; some include: CISSP Exam Cram 2, Que; Inside Network Security Assessment, SAMS; CEH Exam Prep 2, Que; Hack the Stack, Syngress; Security Administrators Street Smarts, Sybex; Emerging Threat Analysis 2006, Syngress; CHFI Study Guide, Syngress; Que CISA Exam Prep 2, Que; Security+ Study Guide, Syngress; How to Build Your Own Network Security Lab, Wiley.
Michael is frequently cited by major and trade print publications as a cyber security expert and has appeared as an expert commentator for network broadcast outlets and print publications such as FOX, CBS, NBC, ABC, CNBC, CNN, local broadcast television, The New York Times, Kiplinger’s, and The Huffington Post. He has also spoken at major security conferences. Michael is an adjunct instructor for a leading University and has led the development of 20 training classes, courses, and programs used by training vendors, developers, colleges, and universities. He focuses on presenting topics in ways that people can understand the complex issues surrounding IT security. He is also an Expert Q&A for TechTarget.com and also serves on the TechTarget Editorial Board of Advisors.
Chief Executive Officer, DataGuidance
Lindsey Greig is the CEO of DataGuidance, the global data protection and privacy service that gives professionals the confidence to make the right decision about compliance; saving time, minimising costs and mitigating risks. DataGuidance is a division of Cecile Park Publishing Ltd, also home to sister publication Data Protection Law & Policy.
Lindsey has developed extensive experience in the data protection and privacy field, establishing both services and regularly speaking at national and international privacy conferences and webinars. He has demonstrated that he is an expert commentator on the role of data privacy in building brand value in global markets.
A former journalist turned entrepreneur, Lindsey founded and edited the Lawyer magazine, the weekly magazine for the UK legal profession.
Rocco Grillo is Stroz Friedberg’s Cyber Resilience Leader and a member of the firm’s executive management team. His cyber resilience team, which includes the company’s incident responders and security scientists who deliver the firm’s proactive and reactive cybersecurity capabilities, has successfully triaged some of the largest data breaches recorded in the last decade. Previously in his career, Mr. Grillo led Protiviti’s Global Incident Response and Forensics Investigations, helped develop RedSiren Technologies (a leading managed security service provider and full services security firm that evolved out of Carnegie Mellon), and held management positions with Lucent Technologies and Bell Atlantic.
Mr. Grillo is a CISSP, CRMA, PCI-QSA, and a Certified Third Party Risk Assessor. He is an affiliate board advisor for FS-ISAC and NH-ISAC, a member of the Shared Assessments Program Steering Committee board, the CLM Cyber Liability Council, and has also served on the board of directors of the NY Metro ISSA Chapter, the IT Policy Compliance Group, and the (i-4) International Information Integrity Institute Research Steering Committee.
Peter is a partner at Pierce Atwood LLP and heads the firm's Privacy & Data Security practice. He has extensive experience in the areas of intellectual property, information technology, privacy and cyber security. Before joining Pierce Atwood in February 2000, Peter served as Intellectual Property and Technology Counsel in the Legal Division of Unum Group (NYSE: UNM), a Fortune 500 company and the world's leading disability insurer. Early in his career, Peter practiced law with the Wall Street firm Chadbourne & Parke LLP in New York.
Peter is listed in The Best Lawyers in America® for Copyright Law, Trademark Law, and Litigation-Intellectual Property. He is a Certified Information Privacy Professional/United States (CIPP/US), International Association of Privacy Professionals (IAPP). He has been an adjunct professor at the University of Maine Law School for many years and recently joined the faculty (part time) as a Visiting Professor of Practice, teaching information privacy law and cyber security and assisting with building out the Law School’s information privacy law program. Peter serves as Co-chair of the IAPP’s Northern New England KnowledgeNet.
Peter recently authored the chapter on the Electronic Communications and Privacy Act in the book entitled Data Security and Privacy in Massachusetts. Published by the MCLE Press, the book was honored in July 2016 with a top award by the Association for Continuing Legal Education (ACLEA). Called “outstanding” by ACLEA’s judges, and praised for its comprehensive coverage and substantive excellence, the book is being recognized as among ACLEA’s best publications for 2016.
Peter received his J.D. from the University of Pennsylvania Law School and his B.A. from Rutgers College, magna cum laude, Phi Beta Kappa.
Renee Guttmann is the Chief Information Security Officer at the Coca-Cola Company. Renee is responsible for the Information Risk Management program at The Coca-Cola Company. Previously, she was VP of Information Security and Privacy at Time Warner and Senior Director of Information Security at Time Inc. She has also held information security roles at Capital One, Glaxo Wellcome, Inc. and Gartner.
Renee received the 2008 Compass Award from CSO Magazine and in 2007 was named a “Woman of Influence” by the Executive Women’s Forum.
Sam Harris leads the GE Digital cybersecurity solution architect team. GE Digital is focused on driving new value for industrial organizations by offering them advanced software capabilities based on the Internet of Things that increase productivity. Sam joined GE after having a nineteen year tenure in the computer software industry working with solutions for big data, advanced analytics and security.
Before joining GE, Sam led Teradata’s cybersecurity program including information security offerings to secure analytical environments and joint partner offerings using capabilities to support network forensics and security solutions. He is an expert on information security systems and has worked with business and government decision-makers on critical issues such as security, trust, privacy and compliance.
Prior to Teradata, Sam worked for Microsoft Corporation leading an enterprise risk management & compliance program. In this role he supported sales opportunities including, security for document management and record retention, programmatic application of audit and controls, and risk analytics & reporting. Sam has also worked for SAS Institute with focus on risk and compliance business issues. He served in Product Management, Product Marketing, Sales-support & Sales roles. Sam led product management for Risk Dimensions, a calculation engine used to measure changes in value in for capital markets and energy firms trading gas, power and oil.
Sam is based in North Carolina and is an alumnus of the University of North Carolina at Chapel Hill.
Faith M. Heikkila
Faith M. Heikkila, Ph.D., CISM, FIP, CIPM, CIPP-US, ABCP is an accomplished information security and privacy professional. Dr. Heikkila earned her Ph.D. in Information Systems from Nova Southeastern University specializing in Information Assurance. Her Ph.D. Dissertation – “An Analysis of the Impact of Information Security Policies on Computer Security Breaches in Law Firms” was selected as the Distinguished Ph.D. Dissertation in Information Systems. In December 2010, Dr. Heikkila received the Grand Valley State University Distinguished Alumna Award.
Dr. Heikkila is the InfraGard National Members Alliance, Inc. Secretary Emeritus, an FBI public/private critical infrastructure protection program. Dr. Heikkila previously served as the InfraGard Michigan Members Alliance, Inc. President and subsequently the Chairman of the Board. Dr. Heikkila is the author of information security and e-discovery published articles. Dr. Heikkila is widely recognized as a subject matter expert in e-discovery, data privacy, information security, information security policies and procedures, computer security breaches, vendor management, HIPAA, HITECH Act regulatory compliance, financial regulatory compliance laws, PCI DSS compliance, state data breach notification laws, and vendor management. In recognition of her authority in this burgeoning field, Dr. Heikkila’s expertise is globally sought through publications, invited lectures/presentations, and in organizing regional conferences.
Jean-Paul Hepp, Ph.D., CIPP
Dr. Jean-Paul Hepp is an accomplished business executive, strategist, and change agent. He has more than 24 years leadership experience working across multiple verticals in the highly regulated pharmaceutical industry.
Hepp engages global organizations with bold initiatives that transform the entire culture. At Pharmacia, he became the first in the industry to implement a corporate Internet strategy. His activities propelled Pharmacia to a leadership position. At Pharmacia, Hepp was again the first in the industry (along with Merck) to serve in the full-time Privacy Director/Corporate Privacy Officer position. He continued in this role with Pfizer after it acquired Pharmacia.
Priscilla Hill-Ardoin retired from her position as chief privacy officer of AT&T, Inc., in 2007 after a distinguished career with the corporation and several of its subsidiaries. Hill-Ardoin founded the organization responsible for ensuring AT&T has policies and procedures in place to maintain full compliance with state and federal regulatory requirements governing telecommunications. She served as associate vice president-corporate services, chairman of the board for the AT&T Foundation, and the company's director of diversity. She also held positions in strategic planning, marketing, and network operations.
A recognized leader in the communications industry, Hill-Ardoin supported the advancement of women and minorities in all areas of the business. In 2003, she was appointed by FCC Chairman Michael Powell to the Chairman's Advisory Commission on Diversity in Communications in the Digital Age.
Chris Jay Hoofnagle
Mr. Chris Jay Hoofnagle, Esq. is senior staff attorney with the Samuelson Law, Technology and Public Policy Clinic and senior fellow with the Berkeley Center for Law and Technology. His focus is consumer privacy law. Previously, he was senior counsel to the Electronic Privacy Information Center and director of the organization's West Coast office. He was also a non-residential fellow with Stanford University's Center for Internet and Society for the 2005 academic year.
Among his recent academic publications are Identity Theft: Making the Unknown Knowns Known, in the Harvard Journal on Law and Technology; Putting Identity Theft on Ice: Freezing Credit Reports to Prevent Lending to Impostors, Stanford University Press; A Model Regime of Privacy Protection, in the University of Illinois Law Review (with J. Solove); and Big Brother's Little Helpers: How ChoicePoint and Other Commercial Data Brokers Collect, Process, and Package Your Data for Law Enforcement, in the North Carolina Journal of International Law & Commercial Regulation.
Larry Jaffee is a contributing writer to SC Magazine for IT Security Professionals, for which he’s written feature articles and ebooks focusing on crisis response to data breaches, insider threats and preparation to ward off attacks. A business journalist and public relations professional for more than three decades, Jaffee teaches as an adjunct faculty member at the New York Institute of Technology a graduate-level course in crisis communications, as well as undergraduate courses in journalism and TV news reporting. He occasionally provides business consulting services as a council member of the Gerson Lehrman Group. His writing has been published in publications including The New York Times, Rolling Stone, and Parade, as well as currently Huffington Post.
Much of his career has been focused on media, entertainment and marketing. He served as the top editor of several business magazines and websites covering those industries. His current PR practice includes strategically advising technology companies and global trade associations in the solar energy and optical media fields. He has a master’s degree in journalism from Pennsylvania State University and a bachelor’s degree in communication arts from Hofstra University. He also taught writing at both schools.
Ondrej Krehel is the founder and chief executive of LIFARS LLC, an international cyber security and digital forensics firm. He’s the former Chief Information Security Officer of Identity Theft 911, the nation’s premier identity theft recovery and data breach management service. He previously conducted forensics investigations and managed the cyber security department at Stroz Friedberg and the Loews Corporation.
With two decades of experience in computer security and digital forensics, he has launched investigations into a broad range of IT security matters—from hacker attacks to data breaches to intellectual property theft. Matters also included corporate espionage, financial fraud and mathematical modeling.
He holds an M.S. degree in Mathematical Physics from Comenius University in Bratislava and an Engineering Diploma from Technical University in Zvolen, Slovakia. He is one of the few that hold Certified Ethical Hacker Instructor (CEI) accreditation, and being authorized to lecture Ethical Hacking course to government and private sector.
An international conference speaker and educator, he’s presented at RSA, among other notable security summits, and is an adjunct professor at St. John ’s University. His work has been featured by CNN, Reuters, The Wall Street Journal and The New York Times.
Bob Kellner is the Senior Vice President, Director of Operational Risk Management Corporate Control Programs. Bob leads the ORM Corporate Control Programs division of the Risk Management & Compliance group at U.S. Bank. His group consists of the Enterprise Privacy Office, which is responsible for managing risks and controls around information privacy and accessibility banking, as well as the Service Provider Response Team; Enterprise Fraud Risk Management (EFRM) which is responsible for leading the federated model fraud across the enterprise, and includes activities for event escalation, fraud reporting and tools and technology. Bob’s group also consists of a Business Change Risk Assessment program, which assesses and approves consumer facing business changes, specifically new products and services, significant changes to existing products and services, as well as entering new markets. Bob owns the Third Party Risk Assessment program, which sets policy, provides guidance and standards, and oversees the risk and compliance management of third parties enterprise-wide. Lastly, the Enterprise Governance Risk and Compliance (eGRC) technology platform and eGRC discipline are managed within Bob’s group. Bob has implemented Sarbanes-Oxley, GLBA Secure Customer Information, and Identity & Access Management programs while at U.S. Bank. In his tenure at U.S. Bank, Bob also ran Business Continuity Planning, the Office of Enterprise Security, Enterprise Security Services, and Basel II Operational Risk function.
Bob is an officer of U.S. Bank and is a member of the Compliance & Operational Risk Committee, the IT Governance Council, and is on the internal Development Network Corporate Board. He has over 20 years experience in large corporations in finance, accounting, and risk management practices. Bob is a member of the Institute of Management Accountants and ISACA. He holds Certified Public Accountant (inactive) and Certified Management Accountant professional certifications and has his Master’s degree in Finance from the University of St. Thomas. He has built a career on relationship & rapport building, and lives by a collaborative style.
Before joining DHS, Kropf worked for 10 years as an international lawyer with the U.S. Department of State in the Office of the Legal Adviser. He also served two years with the American Embassy in Turkmenistan as country director for USAID. Kropf began his federal career as an attorney with the U.S. Department of Justice Honors Program. He earned his law degree and a master’s degree in public and international affairs from the University of Pittsburgh.
He is also a graduate of Denison University with a B.A. in Philosophy. John is a member of the bars of Pennsylvania and the District of Columbia. He is also a member of the International Association of Privacy Professionals (IAPP) and serves as a member of its Certification Advisory Board and has earned the CIPP/US and CIPP/G certificates. He is the author of the Guide to U.S. Government Practice on Global Sharing of Personal Information as well as numerous articles on global and strategic privacy issues.
Ron LaPedis is a global enablement specialist for security and host connectivity products with Micro Focus. He is co-inventor on two storage and two virtualization patents, and is named on one encryption patent. He is an Associate Fellow of the Business Continuity Institute (AFBCI), a Master Business Continuity Professional (MBCP), and a Certified Information Systems Security Professional (CISSP) with ISSAP and ISSMP endorsements.
In his free time, he is a communications volunteer with the Emergency Services Bureau of the San Mateo County Office of Emergency Services.
Ryan is the Managing Director of the Cyber Lab, part of Accenture’s cross-industry research and development Technology Labs. During his 16 years with Accenture, he has worked with customers in Public Service, Retail, Financial Services, Utilities, Pharmaceuticals, Media & Entertainment, and Communications & High Tech to find emerging technology solutions to their business needs. As the lead for Accenture's Cyber Lab, Ryan’s current role focuses on research that brings together the areas of analytics, knowledge discovery, and cyber-security, with the goal of developing first-of-a-kind approaches to sharpening threat assessment methodologies and enhancing knowledge of successful responses.
He holds patents in human resource management, knowledge discovery and establishing trust between entities online. Ryan is a graduate of Princeton University, with a B.S. degree in Electrical Engineering.
Barbara Lawler is a globally recognized data and privacy leader, who has been an active member of the data policy landscape since 1999. She is the CPO at Intuit, makers of TurboTax®, QuickBooks®, and Mint® and leads global implementation of data stewardship, privacy by design and ethical data innovation directly benefiting consumers. She leads a team that works with product developers and data scientists to deliver practical, innovative data governance decision-making tools. Intuit has finished in the top 10 “Most Trusted Company for Privacy” since 2006.
Before Intuit, Ms. Lawler spent over 20 years in data management, marketing and privacy roles at Hewlett Packard, and was their first CPO. She is Chair of the Ponemon Institute RIM Council Advisory Board and is a member of the Executive Committee of the Information Accountability Foundation (IAF) Advisory Board. She is a previous member of the IAPP Board of Directors, speaks frequently on privacy and information ethics, participates in policymaker discussions, and has testified four times before the U.S. Congress.
Beyond the office Barb supports youth arts programs and recently launched a small Foundation to support young peoples’ participation. She is on the Board of Directors of the Children’s Council of San Francisco.
Matt Leonard, CIPP
Mr. Matt Leonard is a privacy and strategic marketing executive. His more than 25 years of experience managing direct marketing operations along with his experience developing and implementing privacy and information strategies, policies, and practices in complex organizations gives him a unique perspective on the issues surrounding responsible information practices.
Leonard directed privacy and information policy at Harte-Hanks, a major end-to-end direct marketing service organization. He spent ten years at IBM in Direct Marketing, Customer Information, and Privacy. He is an industry-recognized expert in all aspects of marketing, from Database Analytics to Product Development.
Leonard brings a depth of experience in marketing as well as specific expertise regarding privacy practices in marketing oriented organizations. He speaks frequently to organizations about privacy and marketing. He is an advocate of effective privacy and information practices as a basic business requirement.
As the acting Director of Business Enablement for SertintyONE, Bradley Lide brings to the table over 35 years of experience that stems from a diverse background. Having spent time in both information technology and physical security industries, he finds himself at ease in managerial roles and comfortable as being a part of the team troubleshooting in the field. While in these areas he developed a strong understanding of how these industries operate effectively in not only retail settings, but in enterprise environments as well.
Currently his primary role at SertintyONE consists of meeting with a wide range of clientele to learn their specific critical data requirements along with their security concerns and needs. After listening and assessing, Bradley provides innovative and workable solutions for maintaining control of their important information along with the integrity of its contents.
For 13 years Bradley served as President of CyberAngel Security Solutions, a company focusing on data protection and technology surrounding hardware tracking and recovery. During his tenure he earned accolades in a variety of areas including authentication, mobile device security, data encryption, and device tracking methodologies.
Prior to his work at CyberAngel, Bradley held the corporate position of Physical Loss Prevention Director at the Lowe’s Home Improvement. His responsibilities focused on maintaining security systems ranging from video surveillance, fire prevention and anti theft methodologies throughout all retail stores in operation. With his knowledge he also designed and coordinated the security installations for all new store structures, distribution centers and millworks facilities.
Additional noteworthy attributes include strategic planning, product implementation and quality assurance, client/vendor relationship management and matters concerning privacy polices.
Beyond his work, Bradley is a founding member of the Middle Tennessee InfraGard Members Alliance where he has held the positions of Secretary, Vice President and four consecutive terms as President since 2002. He recently finished a three-year term on the InfraGard National Board and continues to participate in the national organization through by-laws, awards and fundraising committees.
Today his accomplishments and experience reflect in his commitment to his work and his ability to communicate with others to achieve the optimal solution for the greater good.
Jeff Lowder is president of the Society of Information Risk Analysts (SIRA) and director of global information security and privacy at OpenMarket (a subsidiary of Amdocs).
Jeff previously served as CISO at Disney Interactive, director of information security at The Walt Disney Company and the US Air Force Academy, as well as other senior security positions at United Online and PricewaterhouseCoopers.
Gordon MacKay, CISSP, serves as Executive Vice President and Chief Technology Officer (CTO) for Digital Defense, Inc. (DDI), a national managed security risk assessment provider. He leads the technology roadmap, as well as the Cloud Platform Development and Vulnerability Research teams.
As CTO, MacKay applies mathematical modeling and engineering principles in investigating novel solutions to many of the technological challenges within the automated vulnerability management space. In 2013, MacKay’s solution to matching network discovered hosts within independent vulnerability assessments across time resulted in achieving patent-pending status for the company’s scanning technology host reconciliation process.
Prior to joining DDI, MacKay held several research and development leadership positions at Alcatel USA and led the Call Server Database Team with the inception and design of a real time in-memory database used in the Alcatel Softswitch.
MacKay has presented at numerous security related conferences, including RSA, and his expertise has been featured by top national and international media outlets such as FOX Business, Softpedia, IT World Canada and others. He enjoys using creative real world analogies, as well as using Star Trek references in the content of his presentations and communications.
He holds a Bachelor's degree in Electrical Engineering, Computer Engineering from McGill University, Montreal Canada.
Former Global Managing Partner Security Practice, Accenture
Dr. Alastair MacWillson is the Global Managing Partner of Accenture’s global security practice, which comprises of over 3,000 security and risk professionals, and works with business and government leaders around the world on critical issues relating to technology strategy and risk, operational performance and management, cyber and information security, and critical infrastructure protection. He also serves on the leadership council of Accenture’s global technology consulting business.
Prior to joining Accenture in 2002, Dr. MacWillson was the global leader of the technology consulting practice in PricewaterhouseCoopers. During his time with PwC he also had responsibility for the PwC technology venture fund, which had $50m invested in new business activities, and was also the founder and interim global CEO for beTRUSTed, a managed service e-security business of PwC. Having successfully established the beTRUSTed business, he handed over responsibilities to a full-time CEO in early 2002.
Dr. MacWillson was appointed as Chair of the Institute of Information Security Professionals in 2011, having previously been the Chair of the IISP Accreditation Committee for 5 years. In his role with the IISP, he aspires to help shape the security industry through greater awareness and recognition, and improving the standards of professionalism.
Over the past 22 years Dr. MacWillson has lead technology transformation and security projects for major organizations such as World Bank, SWIFT, DTC, CBT, LSE, Boeing, Northrop Grumman, NASA, QinetiQ, BP, Shell, Barclays, Goldman Sachs, Bank of America, , Ericsson, BT, as well as intelligence, security and defense departments of the UK, US, European, Australian and Indian Governments. He has advised clients on information and cyber security in the nuclear research and nuclear energy sector and has worked on projects for the UKAEA and Lawrence Livermore National Laboratory.
Dr MacWillson has acted as an adviser to a number of governments on technology strategy critical infrastructure protection, cyber security and counter terrorism and has sat on related committees for the US and UK governments, the European Commission and the United Nations.
Prior to moving into consultancy in 1990, Dr. MacWillson worked in government service and held senior advisory positions on security and risk related strategy with the UK Foreign Office and, through secondment, with the US State Department. During his government career, Dr. MacWillson completed tours of duty in the Middle East, Moscow and Washington DC as well as working for shorter periods in a variety of other countries.
With over 22 years of experience in information technology, security and applied cryptography, Dr. MacWillson is internationally recognised as an expert in the field. As such, he is a frequent speaker and commentator on technology and security issues and his insights have been featured by some of the top media outlets such as the BBC, CNN, The Wall Street Journal and the Financial Times. He is also a visiting lecturer on security and technology and has presented on many programmes with MIT, Georgetown, RHUL, Stanford, Surrey universities and the LBS. During his career Dr. MacWillson has published many articles and papers on technology and risk and has authored journals on cyber and information security, risk, cryptography and cyber terrorism, as well as a widely selling textbook on Hostage Taking Terrorism (McMillan 1992).
Dr. MacWillson has a B.Sc. in Physics, Postgraduate Diplomas in Computer Science and Digital Imaging, a Ph.D. in Theoretical Physics, a D.Phil. in Cryptographic Science and a Management Diploma from IMD in Lausanne.
Gail Magnuson, a bright and innovative Global Security, Privacy and Information Policy Executive and Consultant with over fifteen years of experience in creating and delivering effective and streamlined policy solutions and programs that achieve business goals as well as regulatory compliance. Gail is known for expeditiously implementing such policies & programs that bring global teams together, drive consensus, creatively meet the needs and stand the test of time.
She is also known for establishing ongoing compliance & governance disciplines as well. She has done this effectively as an as international chief privacy officer, security and privacy consultant, security and privacy portfolio manager, information management and process design executive and business ethics global eLearning leader.
Recognized as a global expert in the security and privacy communities and in the financial services, business services, tele-communications, government, and health care communities. Serves in leadership roles in research and global matters through active participation in leadings associations such as:
- Nymity, as author of Nymity’s Risks & Controls modules and strategic white papers. Built Nymity’s global research contributor program to over 350 contributors
- Member of OASIS PMRM (Privacy Management Reference Model and Methodology) Technical Committee, its goal to advance open standards for privacy in the information community
- Regular attendee at National, Regional and International Conferences for Privacy Commissioners and professionals
- Executive Research Fellow at Zeropoint Risk Research, LLC
- Center for Information Policy Leadership (CIPL) at Hunton & Williams and IAPP
- Responsible Information Management group at the Ponemon Institute and Ponemon Distinguished Fellow
- BITS at the Financial Services Round Table and the Santa Fe Group’s Shared Assessments
Gail has spent her fifteen year data protection career at Bank of America, IBM, Fiderus, EDS, Manpower and Gail Magnuson, LLC.
Her background also includes more than 30 years of facilitating organizational change in information, business processes, systems and operations innovations, strategic planning and systems architecture, primarily in finance industry, working directly with both established and entrepreneurial companies.
Over a 30 year career, Greg Mancusi-Ungaro has successfully identified market opportunities, and matched them with invention and new technologies to create business transformations. A strategic visionary and marketing pioneer, he has been a prolific evangelist, writer, and technology and business strategy driver. While at Lotus Development Corporation, helped to pioneer concepts and technologies, such as the automated slide layouts, programmatic designs, portable color palettes and intelligent chart formatting, the backbone of modern business graphics. At HR innovator Webhire, Mancusi-Ungaro worked to transform traditional enterprise product delivery into web-based services creating an early entry into the then nascent SaaS industry. Mancusi-Ungaro led marketing at Linux and open source pioneer Ximian and later directed global Linux Marketing efforts at Novell.
Now, at cyber threat detection and intelligence leader BrandProtect, Mancusi-Ungaro is helping to bring new technology and services solutions to the market to fill a fast-developing gap in enterprise security requirements – intelligent threat detection, analysis and mitigation of external cyber security threats and attacks. Mancusi-Ungaro and the BrandProtect team are inventing unique technology-based services which combine innovative technical achievement with human intuition, directly supporting CISOs and enterprise security teams trying to meet fast-changing security requirements and best practices in a world that has become dominated -- and threatened – by malicious digital activity.
Mr. Mattice is President and founder of the National Economic Security Grid (NESG). The NESG is a non-partisan grassroots-based non-profit initiative that is a resource to metropolitan area public and private sector entities and is dedicated to educating public and private sector enterprises relative to the broad range of risks, threats and hazards they face.
He is also Managing Director of Mattice & Associates, a management consulting firm specializing in conducting enterprise risk assessments, implementing IP and brand protection measures and establishing broad-based risk intelligence programs. Mr. Mattice has a strong track record as a senior executive for three major U.S. based global corporations (Northrop Corporation, Whirlpool Corporation and Boston Scientific) and one mid-cap company (Wescom, Inc.) in dramatically different business sectors. His experience base traverses the defense & intelligence, electronics, life sciences, consumer products and service industries.
Mr. Mattice has been certified as an Expert Witness at both the Federal and State Court levels. He is also board certified in the disciplines of risk and information system controls. Mr. Mattice is a past Chairman of the Board of Directors for the National Intellectual Property Law Institute (NIPLI) in Washington, D.C., where he remains Chairman Emeritus and counselor to the President of the Institute. Mr. Mattice also served as an industry advisor to the U.S. Intelligence Communities National Counterintelligence Center and as a member of the U.S. State Department’s Overseas Security Advisory Council.
He was one of eleven industry representatives appointed to a joint government and industry task force established by Presidential Directive under President George H.W. Bush’s administration, focused at developing a new National Industrial Security Program (NISP) to replace the myriad of duplicative government security regulations. Mr. Mattice was recognized for his efforts as one of the principal architects of the NISP by way of a special joint commendation signed by the three Cabinet Officials who led the Presidential Task Force - Secretary Cheney of Defense, Director Kerr of Central Intelligence and Secretary Watkins of Energy.
Mr. Mattice was selected by Security Magazine as one of the “Most Influential People in Security for 2009”. He was designated in 2007 by Security Technology & Design magazine as one of the “Top 10 Movers and Shakers” in the Security Industry. He also was honored by CSO Magazine when they presented him with their 2007 Compass Award for his visionary leadership in the security field. He is a charter member of the Board of Directors for the International NGO Safety and Security Association, and was elected to three terms on the Board of Directors for the International Security Management Association (ISMA). Mr. Mattice also co-chairs the newly established Private Sector Liaison Committee within the Major County Sheriff’s Association.
Mr. Mattice was awarded a Senior Fellowship in 2010 at George Washington University’s Homeland Security Policy Institute. He also participates on HSPI’s Counterterrorism and Intelligence Task Force. He served on the Advisory Board for the Graduate and Undergraduate level Leadership and Management Program in Security (LaMPS) at Michigan State University in East Lansing, Michigan. His education in business disciplines has been enhanced through executive development programs from The Center for Creative Leadership, University of Michigan’s School of Business, Harvard Business School and Harvard’s John F. Kennedy School of Government. The focus of his undergraduate work at California State University – Long Beach was in Security Administration.
Thornton A. May
Mr. Thornton May is one of the premier communicators in the information technology industry. He combines a scholar's passion for empirical research, an entrepreneur's capacity for opportunity identification, and a stand-up comic's gift for storytelling in working with executives to figure out what comes after what comes next.
May is responsible for sculpting executive education information technology curricula at four major business schools: UCLA, UC-Berkeley, Arizona State, and Ohio State. He designed and delivered the information technology portion of the curriculum at the University of Amsterdam's Controller's Institute (special program for multinational chief financial officers). May co-founded the Director's Institute, a program to improve board level technology decision-making.
May's insights have appeared in the Harvard Business Review, the Financial Times, and the Wall Street Journal, among other publications. He also debated the future practice of strategy on National Public Radio.
Joanne McNabb, CIPP/G
Ms. Joanne McNabb is chief of the California Office of Privacy Protection. The organization is a resource and advocate on identity theft and other privacy issues. In addition to providing information and education for consumers, it publishes privacy practice recommendations for business and organizations.
McNabb is co-chair of the International Association of Privacy Professionals' Government Working Group. She also serves on the Privacy Advisory Committee of the Department of Homeland Security. She is a frequent speaker at privacy conferences and seminars.
McNabb has more than 20 years experience in public affairs and marketing in both the public and private sectors, including five years with an international marketing company in France. Her marketing background contributes to her understanding of the commercial uses of personal information that have become a significant privacy concern.
Mr. Peter Milla is a noted expert and consultant to the global research industry. Peter has more than 25 years of experience in a wide range of information technology, market/survey research and data privacy and security activities, applying expertise in information technology and market/survey research methods. He has extensive experience with all computer assisted survey information collection technologies, specializing in Internet-based market/survey research.
Prior to becoming a consultant, Peter was Chief Information Officer and Chief Privacy Officer at Survey Sampling International and Harris Interactive.
Peter is very active in market/survey research industry associations, having served on the Board of Directors of CASRO. He currently holds leadership roles in several industry workgroups and committees in the areas of technology, government affairs, ISO (quality standards) and Internet research.
Tammy Moskites is the Chief Information Officer (CIO) and Chief Information Security Officer (CISO) at Venafi. Tammy’s vision is to partner with CIOs and CISOs across the globe to provide guidance for them to be able to fortify their strategies to defend against increasingly complex and damaging cyber-attacks against the trust established by cryptographic keys and digital certificates. Tammy’s professional experience, leadership and recognized domain expertise as the CISO of Global 250 companies helps fellow CISOs defend their organizations.
Tammy has over 25 years of IT experience and is noted by her peers to be a results-driven and passionate executive leader with expertise envisioning and leading IT Security, Technology and Operational Support based organizations. She is a Certified Information Security Manager (CISM) and has held her ITIL Foundation Certification since 2001. She is well known within the security community for her ability to step in and fix broken processes and departments and building amazing teams with exceptionally strong morale, self-confidence and teamwork! Tammy’s professional affiliations include, but are not limited to, ISSA, ISACA, InfraGard, and the Information Risk Security Board. She leads the the Executive Advisory Board for Venafi, Inc., and sits on the advisory board of BOX.com as well as on the CSO Executive Advisory Board for Qualys, Inc. Tammy moderates for security roundtables, panel events and sought after to speak on reengineering information security organizations and how to make them high performing teams. She has spoken at multiple security events globally including, RSA, ISE, ISSA, ISACA, InfoSec UK, and many more. You will also find her leading career seminars including “Navigating your IT Career” to diverse groups throughout the United States. One of her passions is to volunteer her knowledge regarding IT Security, Career Planning and Mentoring/Coaching expertise at non-profit companies, diverse chapters and IT events.
Tammy was recently awarded as a finalist for the 2014 Women in Technology Awards and was also on the cover of CSO Magazine in May 2014, Leap of Faith. Evanta Global CISO Summit recognized her as one of the top 25 breakaway CISO leaders for 2013. She also was recognized as one of the Top Women in Technology for 2013 by CableFax magazine. Tammy is the 2012 and 2010 North American Information Security Executive People's Choice of the Year Winner at the ISE Awards. She was a finalist for Information Security Executive of the Decade in 2012 and Executive of the year for North America in 2012 and 2010.
In her spare time Tammy is an avid cook. She enjoys spending time with her family and friends fishing, golfing, entertaining and attending sporting events.
Richard is Vice President of Strategy and Business Development for Whitewood Encryption Systems and is responsible for all product, development and go-to-market activities. Richard has more than 15 years experience in the commercial security market and specializes in various applications for cryptography spanning mobile, payments, cloud, internet of things and corporate data protection.
Stuart Noad is Director of Marketing (Northern Europe) for Appsense, the global leader in User Virtualisation. Previously Mr. Noad served as Marketing Director, and as a member of the operational board, for HP Information Security, successfully overseeing its brand transition from Vistorm.
During this time, and with Ponemon Institute, Mr. Noad has delivered many new security initiatives including the Security Effectiveness Rating and the Cyber Security Benchmark. He is a Chartered Marketer with more than 12 years experience across a wide range of leading security, software and IT services businesses.
Stanley R. Norman, P.Eng. is the Founder and President of ACK Enterprises – Security Solutions. He is also the President of the FBI’s North Texas InfraGard.
Previous experience includes: Multiple Research and Development executive positions with extensive experience (designer and management) in global product developments from Concept to Market Deployment. Over 30 years of R&D experience in the high tech Critical Infrastructure areas of Communications and Information Technology with a heavy emphasis on utilizing the latest advanced technologies along with Security and Intelligence Analysis. Global R&D product responsibilities included Hardware/Software/System Design, Strategic Planning, R&D Effectiveness, Competitive Analysis, Multi-Site Product Development and Introduction to Market, Network Security, Internet and Intranet Security. Additional focus was provided in the areas of Anatomy of Database Attacks, Protection from Insider Threats, Using Data Analytics in Fraud Investigations and Service Organizations Control.
Currently managing and operating a company that specializes in leveraging leading edge technologies for Security Solutions in the following areas: Internet, Cyber Technologies, Perimeter Security, Surveillance Systems, Intrusion Detection, Monitoring, Electronic Access Control, Private Investigations, Digital Forensics, Cybercrime and Intelligence Analysis.
The following is a list of current security affiliations: North Texas Crime Commission (NTCC), Vice Chair of the NTCC Cyber Crime Research Group, Vice Chair of the NTCC Cybercrime Committee, NTCC Health Care Fraud Committee, FBI Health Care Fraud Working Group, United States Secret Service Electronic Crimes Task Force, United States Coast Guard (Aux)- Eighth Coast Guard District, Fusion Liaison Officer - North Central Texas Fusion Center for intelligence gathering, Department of Homeland Security Cyber forums, FBI Cyber Squad.
Also graduated from the following citizen academies: FBI Academy, District Attorney’s Prosecutor Academy, Dallas County Sheriff’s Academy, Collin County Sheriff’s Academy, Plano Police Academy. Two other academies are being pursued – Texas Department of Public Safety (DPS) and Dallas/Fort Worth International (DFW) Airport Police Department.
Background also includes: Licensed Professional Engineer, Senior member of the Institute of Electrical and Electronic Engineers, Past mentor at the University of Texas for the MBA program, Past Vice president of the TL-9000 Special Interest Group, Member of the Association of Professional Engineers, Licensed Private Investigator specializing in Digital Forensics and Cybercrime, Holder of four United States Patents.
Paul E. Paray
Paul E. Paray, Esq. is a partner with Zimmerman Weiser & Paray LLP in New Jersey.
Stuart L. Pardau
Stuart L. Pardau is an attorney, corporate executive, and scholar with expertise in data security and privacy, which is complemented by his experience in the intellectual property and corporate law areas. Currently, Stuart is an Assistant Professor (tenure-track) at the College of Business and Economics at California State University Northridge and is also a member of the Leadership Council at the Rand Corporation in Santa Monica.
In addition, to his academic pursuits, Stuart has his own private law and consulting practice, The Law Offices of Stuart L. Pardau Associates, where he advises clients on intellectual property, data security/privacy, and corporate law issues. Prior to that, Stuart was, for close to 10 years, the Chief Legal Counsel, at the leading market research firm, J.D. Power and Associates, where he became a thought leader in technology, data security and privacy issues concerning the market research industry, including through his work as a member of the Council on American Survey Research ("CASRO") Legislative Affairs Committee.
A former Managing Director and Regional Counsel of FedEx Corporation, based in Tokyo, Japan, Stuart also has over 10 years of experience living and working in East Asia, with particular expertise in Japan, China and the Republic of Korea. Stuart is conversational in Japanese and has a J.D. from Stanford Law School and a Masters degree from Cambridge University in the U.K.
Phyllis A. Patrick
Phyllis Patrick is Founder and President of Phyllis A. Patrick & Associates LLC, a consulting group specializing in providing strategic planning, security, and privacy services to the health care industry. The company’s practical approach to security and privacy is reflected in its diversity of clients, which include academic medical centers, community hospitals, physician groups, vendors and business associates, health information exchanges, and pharmaceutical companies.
In addition to serving as Vice President, Planning and as Administrator for laboratory services for a health system in California, Ms. Patrick has held senior positions in security, privacy, and compliance at major academic medical centers in New York. She was named the first Information Security Officer at the Mount Sinai Medical Center in Manhattan. As Vice President and Chief Compliance Officer at the Hospital for Special Surgery, she created and directed the organization’s Compliance Program, which included the Privacy and Security Programs.
As a consultant to Strategies for Tomorrow, a company known for its expertise in Health Information Exchange (HIE) development, Ms. Patrick has led Privacy and Security initiatives for HealtHIE Nevada, Indiana Health Information Technology, Inc. (IHIT), and HealthBridge.
She is a member of the Privacy and Security Work Group for the North Carolina Healthcare Information and Communications Alliance, Inc. (NCHICA) and a Board member of the New England Healthcare Internal Auditors (NEHIA). A long-âtime member of the Greater New York Hospital Association (GNYHA), she was a founding member of GNYHA’s Security Work Group and a contributing member of the Compliance Work Group.
A member of the Editorial Advisory Board for HCPro’s Briefings on HIPAA, Ms. Patrick is also member of the GRC Advisory Board for Wolters Kluwer Law & Business. In 2013 she was appointed to the Ponemon Institute’s RIM Council, a select group of privacy, security and information management leaders from multinational corporations who are champions within their various industries on issues involving privacy and data protection. She is a frequent speaker at national and regional conferences and professional associations, including the HIPAA Summit, AMC Privacy and Security conferences, Health Care Financial Management Association (HFMA), the Association of Healthcare Internal Auditors (AHIA), and others. She is frequently quoted in healthcare publications. She is the author of the book, The Complete Guide to Healthcare Privacy and Information Security Governance.
Ms. Patrick received her B.S. in Psychology from the Pennsylvania State University and her M.B.A. in Health Care Administration from Cornell University. She is a Fellow in the American College of Healthcare Executives and is certified in healthcare compliance and information security management.
Deborah C. Peel, M.D.
Deborah C. Peel, MD is the leading national and international advocate for restoring patients' rights to control the use of sensitive personal health information in electronic systems. She also has practiced as a physician and psychoanalyst for over thirty-five years.
She was named one of the "100 Most Influential in Healthcare" in the US by ModernHealthcare magazine four times since 2007-the first privacy expert and consumer advocate on the list.
She learned about the lack of health privacy from her patients. Many feared seeking treatment unless their records were private. They had lost jobs or reputations using health insurance to pay for care. They realized physicians disclose medical records to get insurance payments, and insurers share health information with employers, so they offered cash for privacy.
In 2004, she formed Patient Privacy Rights (PPR), www.patientprivacyrights.org, which has become the world's leading consumer health privacy advocacy organization. PPR has over 12,000 members in all 50 states.
In 2006, Dr. Peel founded the bipartisan Coalition for Patient Privacy, representing 10.3 million Americans. The Coalition is responsible for the historic privacy protections in the stimulus bill: a ban on sales of PHI, audit trails, segmentation, breach notice, the right to prevent disclosure of PHI for payment and HCO if payment is out-of-pocket, and encryption. Microsoft joined the Coalition in 2007.
In 2011 PPR and the University of Texas LBJ School of Public Affairs created the 1st International Summit on the Future of Health Privacy. The summits are the only place where both threats to health privacy and solutions are thoughtfully debated by national and international experts from advocacy, academia, government, and industry.
In 2012, PPR expanded the summit and partnered with the O'Neill Institute at Georgetown Law Center, the University of Cambridge Computer lab, the Harvard Data Privacy Lab, and The University of Texas School of Information. Sponsors included Microsoft, FairWarning, Jericho Systems, Accenture, Dell, CA Technologies, PwC, IDExperts, e-MDs, Meditology, and TATRC. See: http://www.healthprivacysummit.org.
Dr. Peel was the First Tocker Fellow at the University of Texas School of Information. See:http://www.ischool.utexas.edu/about/news/view_news_item.php?ID=363
Edgar Perez is a published author, business consultant for billion-dollar private equity and hedge funds and Council Member at the Gerson Lehrman Group, Guidepoint Global Advisors and Research International, with subject matter expertise in cyber security, investing, trading, financial regulation (Dodd-Frank Act) and market structure. He is author of Knightmare on Wall Street (2013), and The Speed Traders, published in English by McGraw-Hill Inc. (2011), äº¤æå¿«æ, published in Mandarin by China Financial Publishing House (2012), and Investasi Super Kilat, published in Bahasa Indonesia by Kompas Gramedia (2012). Mr. Perez is course director of Cybersecurity Boardroom Workshop and The Speed Traders Workshop; he has presented his workshops in Singapore, Hong Kong, Sao Paulo, Seoul, Kuala Lumpur, Warsaw, Kiev, New York, Singapore, Beijing, Shanghai. He has contributed to The New York Times and China’s International Finance News and Sina Finance.
Mr. Perez has been interviewed on CNN's Quest Means Business, CNBC's Squawk on the Street, Worldwide Exchange, Cash Flow and Squawk Box, FOX BUSINESS's Countdown to the Closing Bell and After the Bell, Bloomberg TV's Market Makers, CNN en Español's Dinero, Petersburg – Channel 5, Sina Finance, BNN's Business Day, CCTV China, Bankier.pl, TheStreet.com, Leaderonomics, GPW Media, Channel NewsAsia's Business Tonight and Cents & Sensibilities. In addition, Mr. Perez has been featured on iMoney Hong Kong, The Wall Street Journal, The New York Times, Dallas Morning News, Valor Econômico, FIXGlobal Trading, TODAY Online, Oriental Daily News and Business Times. Mr. Perez has presented to the Council on Foreign Relations, Vadym Hetman Kyiv National Economic University (Kiev), Quant Investment & HFT Summit APAC (Shanghai), U.S. Securities and Exchange Commission (Washington DC), CFA Singapore, Hong Kong Securities Institute, Courant Institute of Mathematical Sciences at New York University, University of International Business and Economics (Beijing), Hult International Business School (Shanghai) and Pace University (New York), among other public and private institutions. In addition, Mr. Perez has spoken at a number of global conferences, including Fund Selector Summit Miami 2016 (Key Biscayne), Cyber Security World Conference (New York), Inside Market Data (Chicago), CME Group‘s Global Financial Leadership Conference (Naples Beach, FL), Harvard Business School’s Venture Capital & Private Equity Conference (Boston), MIT Sloan Investment Management Conference (Cambridge), Institutional Investor’s Global Growth Markets Forum (London), TradeTech Asia (Singapore), FIXGlobal Face2Face (Seoul) and Private Equity Convention Russia, CIS & Eurasia (London).
Mr. Perez was a vice president at Citigroup, a senior consultant at IBM, and a strategy consultant at McKinsey & Co. in New York City. Previously, he managed Operations and Technology for Peruval Finance. Mr. Perez has an undergraduate degree in Systems Engineering from Universidad Nacional de Ingeniería, Lima, Peru (1994), a Master of Administration from Universidad ESAN, Lima, Peru (1997) and a Master of Business Administration from Columbia Business School, New York, with a dual major in Finance and Management (2002). He belongs to the Beta Gamma Sigma honor society. Mr. Perez is an accomplished salsa and hustle dancer and resides in the New York City area with wife Olga, son Edgar Felipe and daughter Svetlana Sofia.
Dr. Christopher Pierson serves as the EVP, Chief Security Officer and Chief Compliance Officer for LSQ Holdings and a separate start-up payment company. In this role, he is responsible for corporate security and compliance risks including all cybersecurity, fraud, intelligence, audit and its compliance, regulatory, anti-money laundering, information assurance, and privacy programs. He chairs the corporate-wide Executive Risk Management Committee focusing on governance and strategic risks.
Dr. Pierson also serves as an appointed member for the Department of Homeland Security Data Privacy and Integrity Advisory Committee and Cybersecurity Subcommittee providing advice and guidance to the Secretary and Chief Privacy Officer on policy, operational, strategy, and technological issues affecting our country’s national security interests.
Previously, Chris was the SVP and first Chief Privacy Officer for the Royal Bank of Scotland's U.S. banking operations leading its privacy and data protection program. Chris was responsible for the global roll-out of privacy as functional business unit and led RBS on the largest revitalization of its information technology, cybersecurity controls, regulatory framework, and operational efficiency.
Chris also served as a corporate attorney for Lewis and Roca where he established its Cybersecurity Practice and advised on information security, data breaches, privacy, intellectual property, and cyber law matters for Fortune 500 companies across all business sectors. Chris is a graduate of Boston College (B.A., M.A.) and The University of Iowa (Ph.D., J.D.) and speaks at national events and is frequently quoted on cybersecurity.
Paige Poore is the Director of Global Business Continuity Management for IBM. Ms. Poore has world-wide responsibility for governance, guidance and business continuity risk management across the enterprise This includes the integration of business continuity management with crisis management, disaster recovery and cybersecurity teams. Prior to this position, she led world- wide enterprise transformation and risk management initiatives for IBM CHQ.
Ms. Poore has 25+ years of information technology industry experience and has held world-wide leadership roles in Corporate Enterprise Transformation, the CIO organization, Services, Sales, and Research divisions. She specializes in driving corporate- wide technology and business initiatives across a complex, globally integrated enterprise.
Ms Poore has experience across a broad spectrum of technologies including semiconductor, ecommerce, enterprise systems, data architecture, analytics, and has a wealth of international experience, having led teams in the U.S., Europe, and Asia.
Her thought leadership in technology and innovation has been shared in industry conferences, panel discussions, consulting engagements and she is an author of a number of industry publications. Most recently this includes the thought leadership whitepaper “How IBM is enhancing Business Continuity Management to help address changing business realities – a more business centric approach to help reduce business continuity risk” and “Counting the Cost with Business Continuity” an article published on the Building a Smarter Planet blog. She has been a speaker at numerous industry events.
Ms. Poore holds 4 patents, 2 invention disclosures and is the recipient of IBM’s Bravo Award for technology implementation, IBM Division Leadership Award, the Corporate Innovative Achievement Award, and Invention Plateau Award. She holds a BS in Chemistry from the University of North Carolina at Greensboro, and a MBA from Duke University.
Nils is a Co-Founder and member of the Board of the Cloud Security Alliance, a community of over 50,000 security professionals in over 50 chapters worldwide with the goal to promote the use of best practices for providing security assurance within Cloud Computing. The Alliance also educates on the uses of Cloud Computing to help secure all other forms of computing.
Nils Puhlmann was the Chief Security Officer of Zynga and led the converged security department, managing all security risks for the company and chairing the Security Risk Committee. He oversaw the company’s security domains of product & application security, security engineering & architecture, investigations & incident response, security intelligence & threat assessments, physical security, executive protection, ecrime and security compliance & audit.
Before joining Zynga, he served as Chief Security Officer of Qualys, where he was responsible for security, risk management and business continuity planning. His responsibilities included the security of the cloud-based QualysGuard SaaS platform. He also led the Qualys CSO Advisory Board and evangelized at various international industry events in areas of security management and cloud security.
Prior to Qualys, Puhlmann was the Chief Information Security Officer for Electronic Arts, with global responsibility for information security, intellectual property protection, risk management, compliance, physical security, forensics & investigations and business continuity management/disaster recovery. He was also previously the Chief Information Security Officer at Robert Half International, where he had global responsibility for managing information security, risk management, privacy, forensics & investigations, CERT and Business Continuity Management enterprise wide.
Prior to that, he was Director Global IT & Security and Chief Privacy Officer at Mindjet Corp, where he managed Mindjet's global information security, physical security and privacy programs. He was also a Senior Manager of Product Security at Adobe Systems, responsible for creating and managing Adobe's product vulnerability program, overseeing security assessments of Adobe applications, driving product security certifications, and promoting secure development practices. He created Adobe's product security incident response team, chaired Adobe's Security Task Force and managed Adobe's first Common Criteria Certification.
Puhlmann also held senior positions at Nortel Networks and START Amadeus, and was an independent security consultant with clients such as the State of California and other foreign States. He maintains numerous security certifications, including CISSP-ISSMP and CISM. He has held Board of Directors positions in the past (ISACA Silicon Valley) and is currently a Director on the Board of the Cloud Security Alliance, a Director on the International Board of Directors of ISSA, a Board member of OVAL (Open Vulnerability and Assessment Language), an Advisory Board member for several Security Companies and has been called as a subject matter expert by ISACA and ISC2. He was also a member of the Advisory Council for the CISO Forum of ISSA.
In 2012, Puhlmann was a finalist for the “CSO of the Year” award by SC Magazine. Puhlmann was invited in 2009 by the Dept. of Defense and the Executive Office of the President to speak at the National Cyber Leap Year Summit in Washington, DC. and is a frequent speaker and keynote presenter at global security and technology conferences. He is considered a visionary in the field of converged security risk management and information security and his advice is frequently sought after by corporations and government entities.
Michael L. Puldy
Michael Puldy is the Director of IBM’s Global Business Continuity Management program. In his current capacity, he is responsible for IBM’s business continuity program strategy and working with IBM’s senior executive team and all business units on tactical compliance. He has been with IBM for nineteen years of which thirteen years have been spent working directly in the IBM Resiliency Services business. Throughout his IBM Resiliency Services career, Michael has worked in multiple roles including sales, presales and contracts, solution design, service delivery, operations and general manager.
In his previous assignment, Michael was based in Singapore leading IBM Resiliency Services for Asia Pacific and IBM’s growth markets where he was responsible for both sales and delivery in those theaters.
In 2000, Michael left IBM Resiliency Services for a five-year break to work in IBM’s Systems and Technology Group storage division. During that assignment, Michael had global responsibilities for client support for all storage hardware and software products. He was also responsible for the DS8000 high-end disk storage architecture and IBM’s Global Mirror disk replication technology.
Prior to joining IBM, Michael served as Vice President Technical Systems for a regional bank in the United States. During this 10-year period, Michael was responsible for data center operations as well as technical elements of the bank’s business recovery operation.
Michael can be found on twitter at http://www.twitter.com/blinknbreathe, and he is the author of The Millennial’s Guide to Business Travel, Lessons for the Next Generation of Road Warriors.
He has a BS in computer science from Clemson University, and a MBA from the University of North Florida.
Dr. James Ransome, CISSP, CISM, is the Senior Director of Product Security and responsible for all aspects of McAfee’s Product Security Program to include the Product Security Incident Response Team (PSIRT), a corporate-wide initiative that supports the delivery of secure software products to customers. He is a recognized security practitioner, author, and speaker with a current focus software security. His career is marked by leadership positions in the private and public industries, having served in three chief information security officer (CISO) and four chief security officer (CSO) roles at Applied Materials, Autodesk, Qwest Communications, Pilot Network Services, Exodus Communications, Exodus Communications -Cable and Wireless Company, and Cisco. Ransome was also the vice president of Integrated Security at CH2M HILL and senior vice president of Commercial Managed and Professional Security Services at SecureInfo Inc. While at Exodus Communications and Cable and Wireless, he managed Internet and physical security for hundreds of thousands of users within the world's largest commercial hosting environment, serving more than 4,500 customers from 42 data centers.
Ransome has 23 years of government service, which includes ten years as a computer scientist and geospatial imagery intelligence analyst, weapons of mass destruction threat credibility assessment analyst and senior NEST key leader for DOE/Lawrence Livermore National Laboratory, three years as US Special Agent for the Naval Criminal Investigative Service (NCIS), and is a retired Naval Intelligence Officer (Commander) and former U.S. Marine Corps Weapons Platoon Sergeant and Intelligence Specialist with twenty-three years combined active and reserve service.
He holds a Ph.D. in Information Systems and developed/tested a security model, architecture, and provided leading practices for converged wired-wireless network security for his doctoral dissertation as part of a NSA/DHS Center of Academic Excellence in Information Assurance Education program. He is a member of Upsilon Pi Epsilon, the International Honor Society for the Computing and Information Disciplines, a Certified Information Security Manager (CISM), a Certified Information Systems Security Professional (CISSP), and a Ponemon Institute Distinguished Fellow.
Ransome recently authored his 10th information security book “Core Software Security: Security at the Source.” He also developed the initial wireless, network architecture, SCADA, Cryptography, and VoIP security leading practices for the Federal Communications Commission Network Reliability and Interoperability Council Focus Group on Cybersecurity – Homeland Defense.
Steve Ransom-Jones has worked in the field of information security for over twenty-five years where he has developed a passion for adapting methodologies to assess and solve unstructured problems. He is responsible for leading the evolution of the Privacy, Risk and Advisory services for Neohapsis as well as delivering them to key clients.
He started his information security career working for the UK Government Communications Headquarters and has been heavily involved in deploying secure solutions globally using some of the practices that emerged from Europe in the 80's and 90's, including ITSEC and BS7799. Mr. Ransom-Jones moved to the US in 1998 to join IBM as a security consultant where he contributed to developing the practice's privacy methodology and performed or managed engagements on behalf of a wide variety of clients. He also experienced the thrills and issues of security and compliance challenges in outsourcing environments as he managed the delivery of security services for several of IBM's Fortune 100 outsource customers.
In his own time he enjoys “applied risk management” as an aviator by constructing and acting as a test pilot for experimental aircraft. He has designed and developed his own avionics hardware, software and firmware. He finds this a relaxing blend of practical construction, design and sound decision making activities.
Mark Reardon is the Vice-President of Information Security and CISO for the WellStar Health System, the largest health system in Georgia with over 20,000 employees. Mark oversees the System’s compliance with various information security requirements and the System’s Information Risk Management Program. This includes working with numerous service providers, to insure patient information is protected.
Mark’s background includes a blend of information security and IT governance with IT operations and software development experience. He served as the CISO for the state of Georgia for over ten years, implementing an information security program that followed the risk management framework established by NIST. In this capacity, Mark worked with the Governor’s Office to develop required agency reporting standards, and to develop a statewide risk management process that reports directly to the Governor.
Prior to becoming a CISO, Mark was Director of Security Engineering at CyberTrust Inc. (formerly TruSecure Corp.) and also an information security consultant in the transportation industry with Norfolk Southern Corporation. Additionally, Mark helped build the S1 Corporation from a startup into a leader in the banking and financial services software solutions industry, serving in several roles during his tenure including Director of Technology and Director of Software Development. He also managed S1’s Information Security Consulting Practice and was the Director of Information Security for the first transactional bank on the Internet.
Mark’s early IT experience includes developing data communications equipment and embedded software for Rockwell International, DCA Inc., Racal-Milgo, and AT&T Tridom.
John C. Reece
John C. Reece is chairman and CEO of John C. Reece & Associates, LLC, the firm he founded to provide personal leadership assistance to corporate and government executives in resolving issues having high impact on their enterprises' value creation performance. The firm assists private and public sector clients over nearly 15 years and enjoys a strong mix of new and repeat relationships.
His entire 50 + year professional career has been devoted to applying leading-edge computing, networking, security and privacy technologies to transform businesses—how they earn and add value, serve their stakeholders and win competitively. He has brought thought leadership and success in all of these endeavors across four ascending career stages— manager/practitioner, professional management consultant, corporate CIO and ultimately, as CEO and entrepreneur
Earlier, Reece served as Deputy Commissioner for Modernization and chief information officer at the IRS. He was also vice president of Information Technology at Time Warner Inc., functioning as that company's first CIO. Before moving to Time Warner, Reece created the enterprise CIO role at Alexander and global insurance broker, Alexander Services, Inc.
He was managing partner of Booz, Allen & Hamilton’s IT practice in the Midwest for over a decade and EVP and managing partner of Strategic Planning Associates’ (SPA) IT strategy team until it was sold to Marsh & McLennan. He began his career as a practicing IT professional at IBM, Union Carbide and American Express Card Division. He currently serves on 3M Corporation’s Visual Privacy Security Advisory Board and has been a Ponemon Fellow since that program’s inception. He is a Northwestern University graduate
Ojas Rege is VP Strategy at MobileIron. His perspective on enterprise mobility has been covered by Bloomberg, CIO Magazine, Financial Times, and Forbes. He coined the term “Mobile First” on TechCrunch in 2007, one week after the launch of the first iPhone, to represent a new model of personal and business computing. He is co-inventor on four mobility patents, including the enterprise app store and selective management for BYOD.
Ojas has been with MobileIron for over six years as the company has grown from an idea to a Mobile IT platform with over 6,000 enterprise customers. MobileIron has been in the Leaders Quadrant of the Gartner Magic Quadrant for Enterprise Mobility Management for four consecutive years.
Prior to MobileIron, Ojas was responsible for the mobile product teams at Yahoo! and AvantGo. He started his career in 1988 as product line manager at Oracle and also spent six years at Boston Consulting Group. Ojas has a BS/MS in Computer Engineering from M.I.T. and an MBA from Stanford University. He is also Board Chair for Pact, a non-profit in Oakland California that provides adoption services for children of color and their parents. You can follow him on twitter at @orege.
Jim was born in Michigan, raised in suburban Philadelphia, and resided in New Hampshire and Oregon before moving to West Virginia in 1981.
Jim has 30 years, and a variety of experiences, in the Information Technology field, and assumed the position of the first Chief Information Security Officer for the State of West Virginia in October, 2005. Prior to being hired as the CISO, Jim was with the West Virginia Department of Health and Human Resources, where he began as the Project / Program Manager for the Child Support software system, and was later responsible for all IT related procurement, policy and procedure development, and built the Department’s Information Security Program from the ground up.
Before working for the State of West Virginia, Jim worked for IBM as an Account Executive, supporting multiple major West Virginia state agencies. During this time, Jim was instrumental in the first deployment of personal computers and office automation in West Virginia state government.
Jim graduated from West Virginia University with a degree in Computer Science. Jim earned his CISSP credential in 2003, followed by his CIPP/US/G/IT certifications.
Jim has served as the President of the WV Chapter of InfraGard in 2006 and 2008, and Vice President in 2005 and 2007. Jim was elected to the MS-ISAC Executive Committee in 2013, while serving as a co-chair of the Security Education and Awareness Workgroup of the MS-ISAC.
Paul Rohmeyer has over 20 years of professional experience in Financial Cybersecurity and Management Information Systems, among other areas. Paul is a faculty member at Stevens in the School of Business and has presented and published on information security, decision-making and business resiliency. He has consulted since 2000, delivering executive-level guidance in the areas of risk management, information assurance and network security to premier corporate clients in the financial services, pharmaceutical and energy industries. Prior to his consulting career, Paul served as Director of IT for AXA Financial and Director of IT Architecture Planning for SAIC/Bellcore. Paul holds a MBA in Finance from St. Joseph’s University, M.S. and Ph.D. degrees in Information Management from Stevens Institute of Technology and a B.A. in Economics from Rutgers University. Paul has achieved the CGEIT (Certified in the Governance of Enterprise IT), PMP (Project Management Professional), and NSA-IAM (U.S. National Security Agency Information Assurance Methodology) credentials.
Greg Schaffer is CEO and Founder of First72 Cyber, a cyber security firm created to help enterprises prepare for, respond to and manage the risk of cyber events, with a special focus on the rapidly emerging area of third-âparty risk. He is responsible for all aspects of the enterprise’s development and execution including product development, infrastructure build, service delivery, quality assurance and partnerships.
Greg Schaffer is also Chief Security Strategist for the Circumference Group, an investing team with deep experience in operations, business development, software development, mergers and acquisitions, asset acquisitions, business integration, investment banking, and public and private investing.
Prior to joining Circumference in December 2013, Schaffer served as chief information security officer (CISO) for Fidelity National Information Services, Inc. (FIS) the world’s largest global provider dedicated to banking and payments technologies. In this role, Schaffer had enterprise-âwide oversight of FIS’ information security program, functions and initiatives.
Prior to joining FIS, Schaffer worked for the U.S. Department of Homeland Security, where he served as acting deputy under secretary for the National Protection and Programs Directorate (NPPD) and assistant secretary for Cybersecurity and Communications.
Prior to the Department of Homeland Security, Schaffer developed and implemented an enterprise security and compliance operation for Alltel Communications, serving as its CISO, chief security officer and chief risk officer, as well as establishing its Office of Privacy.
Schaffer holds a juris doctor (JD) degree from the University of Southern California Law Center. He is a member of the District of Columbia Bar and practiced law for over 10 years, including a position as a trial attorney for the U.S. Department of Justice, Criminal Division, Computer Crime and Intellectual Property Section.
In addition to his JD degree, Schaffer also holds a bachelor’s degree in political communications from George Washington University, Washington, D.C.
Howard A. Schmidt
Mr. Howard A. Schmidt is president and CEO of R & H Security Consulting, LLC.
He served as vice president and chief information security officer and chief security strategist for eBay. Most recently, Schmidt was chief security strategist for the U.S. CERT Partners Program for the National Cyber Security Division in the Department of Homeland Security.
He retired from the White House after 31 years of public service in local and federal governments, including the Air Force Office of Special Investigations and the FBI National Drug Intelligence Center. He was appointed by President Bush as the vice chair (later becoming chair) of the President's Critical Infrastructure Protection Board and as the special adviser for Cyberspace Security for the White House. Prior to the White House, Schmidt was chief security officer for Microsoft.
Schmidt is the international president of the Information Systems Security Association and was the first president of the Information Technology Information Sharing and Analysis Center. Schmidt has been appointed to the Information Security Privacy Advisory Board to advise the National Institute of Standards and Technology, the secretary of Commerce and the director of the Office of Management and Budget on information security and privacy issues.
Winn Schwartau is one of the world's top experts on security, privacy, infowar, cyber-terrorism and related topics. He coined the terms Electronic Pearl Harbor while trstifying before Congress in 1991. Winn Schwartau thinks asymmetrically and has been “Security” for 30 years. If you want originality in thought, writing, presentations or any aspect of Security, call Winn. In addition to being called, “The Civilian Architect of Information Warfare,” he is one of the country's most sought after experts on information security, infrastructure protection and electronic privacy.
Provocative, informed, challenging, he's on the leading edge of thinking, writing and speaking. Highly technical security subjects are made understandable, entertaining, engaging and thought-provoking. Audiences find themselves challenged with original ideas which are related through historical analogy and metaphor and made relevant to the present and future world.
He was named one of the Top-20 security industry pioneers by SC Magazine, one of the Top 25 Most Influential People for 2008 by Security Magazine, one of the Top 5 Security Thinkers for 2007 by SC Magazine and In 2002, honored as a “Power Thinker” and one of the 50 most powerful people by Network World.
A prolific writer, his seminal works on Information Warfare in the late 80s and 90s defined cyber conflict. His novel, Pearl Harbor Dot Com begat Die Hard IV and more than 3,000 articles and speeches later, Winn is still the ‘go to guy’ when people want straight shooting, no-BS originality, interpretation and prognostication. His predictions began in 1988 and have been alarmingly accurate. “I would rather people listened and acted then be right.”
Amichai Shulman is Co-Founder and CTO of Imperva, where he heads the Application Defense Center (ADC), Imperva's internationally recognized research organization focused on security and compliance. Mr. Shulman regularly lectures at trade conferences such as RSA and Infosec and delivers monthly eSeminars. He is also tutoring undergraduate students in Information Security projects in the Technicon, Israel's leading academic institute.
The press draws on Mr. Shulman's expertise to comment on breaking news, including security breaches, mitigation techniques and related technologies. Under his direction, the ADC has been credited with the discovery of serious vulnerabilities in commercial Web application and database products, including Oracle, IBM and Microsoft.
Prior to Imperva, Mr. Shulman was founder and CTO of Edvice Security Services Ltd., a consulting group that provided application and database security services to major financial institutions, including Web and database penetration testing and security strategy, design and implementation.
Mr. Shulman served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques. He has a B.Sc and Master Degree in Computer Science from the Technion, Israel Institute of Technology.
Al Silipigni leads the privacy function at HSBC – one of the largest banking and financial services organization in the world. Mr. Silipigni leads the strategic direction for privacy risk consistent with HSBC’s corporate objectives and risk appetite promoting a strong culture and commitment to customer and employee privacy. Mr. Silipigni believes that privacy is both a regulatory and operational risk - and when done right is a driver of innovation, best in class economics and customer loyalty. Furthermore, it is the consistent execution of core privacy principles that drives trust with regulators, employees and customers – a goal for any Privacy Practitioner.
Prior to HSBC, Mr. Silipigni held positions of increasing responsibility at the American Express Company culminating as Chief Privacy Officer. Consumer research named American Express “the most trusted company for customer privacy” during his tenure.
Prior to American Express, Mr. Silipigni was vice president strategic marketing at JPMorganChase with a focus on introducing new products and services. He was Senior Engagement Leader at Cap Gemini/Ernst & Young where his focus was on embedding emerging technology into the core business practices of established companies. As vice president/client partner for interactive digital marketing within the Omnicom Group – his focus was on translating offline brands into the online space.
Mr. Silipigni is a long term member of the Responsible Information Management Council of the Ponemon Institute. Mr. Silipigni is a founding member of The Future of Privacy Forum Advisory Board (FPF). FPF is a Washington, DC based think tank seeking to advance responsible data practices. Mr. Silipigni sits on the Education Advisory Board of the IAPP and was elected to chair the 2013 IAPP Practical Privacy Series for Financial Services in NYC. Mr. Silipigni is an elected member of the Regulatory Steering Committee of BITS of the Financial Services Roundtable.
In 2013, Mr. Silipigni was recognized as a Privacy by Design (PbD) Ambassador for his commitment and advocacy for the protection of personal information.
Mr. Silipigni recently published his first book “Practioner’s Guide to Financial Institution Privacy” on operationalizing privacy. Published by Thomson Reuters, the book is co-authored by Mr. Andrew Serwin, of Morrison and Foerster.
Mr. Silipigni is a Certified Information Privacy Profession with the IAPP. He has an MBA from the NYU Stern School of Business and BS from Lehigh University.
Daniel Solove is the John Marshall Harlan Research Professor of Law at George Washington University Law School. He began teaching law at Seton Hall Law School in 2000. He joined the George Washington University Law School faculty in 2004.
Professor Solove writes in the areas of information privacy law, cyberspace law, law and literature, jurisprudence, legal pragmatism and constitutional theory. He teaches information privacy law, criminal procedure, criminal law and law and literature.
An internationally known expert in privacy law, Professor Solove has been interviewed and quoted by the media in several hundred articles and broadcasts, including the New York Times, Washington Post, Wall Street Journal, USA Today, Chicago Tribune, the Associated Press, ABC, CBS, NBC, CNN and NPR.
Professor Solove has consulted in high-profile privacy law cases, contributed to amicus briefs before the US Supreme Court and testified before Congress. He serves on the advisory boards of the Electronic Frontier Foundation and the Future of Privacy Forum and he is on the board of the Law and Humanities Institute. Professor Solove blogs at Concurring Opinions, which covers issues of law, culture and current events. ABA Journal selected it as among the 100 best law blogs.
Francesca Spidalieri is the Senior Fellow for Cyber Leadership at the Pell Center for International Relations and Public Policy at Salve Regina University, where she leads the Cyber Leadership Project and the Rhode Island Corporate Cybersecurity Initiative. Her academic research and publications have focused on cyber leadership development, cyber education and awareness, cybersecurity workforce management, and the professionalization of the cybersecurity industry. She regularly speaks at cyber-related events nationwide and lectures on cybersecurity issues at Salve Regina University and other local organizations. Francesca is also part of a team at the Potomac Institute for Policy Studies developing a Cyber Readiness Index, a unique methodology to evaluate countries’ maturity and commitment to cybersecurity. In addition, Francesca serves as subject-matter expert on the Center for Internet Security’s Roles & Controls Panel developing an Executive Guide to a Cyber-Secure Workforce, and was recently appointed by Governor Gina Raimondo to the first-ever Rhode Island Cybersecurity Commission.
She holds a B.A. in Political Science and International Relations from the University of Milan, Italy; an M.A. in International Affairs and Security Studies from the Fletcher School at Tufts University; and has completed additional coursework in cybersecurity at the U.S. Naval War College's Center for Cyber Conflict Studies.
S. Srinivasan (nickname Srini) joined TSU on August 1, 2013 as Associate Dean for Academic Affairs and Research as well as a Distinguished Professor of Business Administration. Prior to coming to TSU, I was the Chairman of the Division of International Business and Technology Studies at Texas A & M International University's A.R. Sanchez School of Business in Laredo, TX. I was there from 2010 to 2013. Before coming to Laredo, I spent 23 years at the University of Louisville (UofL) in Louisville, Kentucky. At UofL I held joint appointments in the Computer Information Systems Department in the College of Business and the Computer Science Department in the Speed School of Engineering. During my time there I started the Information Security Program as a collaborative effort of multiple colleges. I was Director of the InfoSec program until 2010 when I left for Laredo. The program was designated a National Center of Academic Excellence in Information Education by the National Security Agency (NSA) and the Department of Homeland Security (DHS).
I successfully wrote several grant proposals in support of the InfoSec Program. My first book on Cloud Computing titled “Security, Trust, and Regulatory Aspects of Cloud Computing in Business Environments” was published in March 2014 by IGI Global, Hershey, PA. The second book on Cloud Computing titled “Cloud Computing Basics” was published in May 2014 by Springer, NY. My area of research is Information Security. I am now working on a new project on Big Data Analytics. I have taught the Management of Information Systems course at the MBA level in US as well as in our international programs in El Salvador and Greece. I have spent my sabbatical leaves from UofL in Siemens at their R & D facility in Munich, Germany; UPS Air Group in Louisville, KY; and GE Appliance Park in Louisville, KY. Besides these industry experiences, I have done consulting work with US Army, IBM and a major hospital company in Louisville, KY.
Dr. Peter Stephenson is the Associate Director of the Department of Computing in the School of Business and Management at Norwich University. He teaches in the areas of cyber attack/defend, digital forensics and digital investigation. He was awarded the Distinguished Faculty honor in the College of Graduate and Continuing Studies and is the Chief Information Security Officer for the university.
Dr. Stephenson has over 50 years’ experience in various technology and information assurance fields and has written or contributed to 18 books, including his Investigating Computer Related Crime (CRC Press – now in its second edition) and several hundred articles in major national and international trade publications and technical/scientific journals.
Dr. Stephenson’s current research is on hybrid crime assessment. He holds the CCFP, CISSP, CISM and FICAF designations, is a licensed professional investigator (Michigan) and is a member of the American Academy of Forensic Sciences and the Vidocq Society.
Patrick F. Sullivan, Ph.D., Dr. Sullivan has over twenty years experience in helping organizations develop and implement information security and privacy risk management and compliance programs. He specializes in a standards-based approach, and is an expert in implementing and auditing ISO 27001 Information Security Management Systems, and ISO 20000 IT Service Management Systems. His clients have included Fortune 500 companies in financial services, travel, telecommunications, information management, and the pharmaceutical industry. He has also worked with international data protection authorities in Hong Kong and Canada, and with U.S. Federal agencies.
Dr. Sullivan holds a Ph.D. in Philosophy from the University of Kentucky, and M.A. and B.A. degrees in Philosophy from respectively, Southern Illinois University, Carbondale, and Indiana University, Indianapolis (IUPUI). His early career in academic teaching and research led to a focus on ethical issues surrounding information technologies and the practical problems organizations face in managing the balance between protecting critical information assets and using those assets to achieve business goals. This lead to a career transition helping organizations solve those problems with effective information governance, risk management and compliance strategies.
Dr. Sullivan currently is a Principal Consultant with JBW Group International, Inc. Prior to joining JBW Group he was with Synomos, Inc, Guardent, Inc, PricewaterhouseCoopers LLP, and was the founding executive director of the Washington D.C. based Computer Ethics Institute. He is a current board member and past chair of the Indiana Security and Privacy Network (InSPN).
Lee Sustar is a journalist and information technology researcher. As a reporter, Lee has covered a range of issues, including PCI-DSS, IoT security, cyber risk models, cloud security, state, federal and non-U.S. legislation on data breach reporting, consumer privacy, advanced persistent threats, cyber armies, application security, threat intelligence, SIEM technology, BYOD security, incident response, Apple/iOS security, young hackers, insider threats and legal liability in breaches. He has also served as a technical writer for such companies as Microsoft, IBM, Cisco, AT&T, Oracle and Dell.
Lee's research, reports and investigations, undertaken through academia and nonprofit organizations—in the U.S., Russia, Latin America and Africa—concentrate on the changing world economy and its impact on technological innovation, the workplace, education, public health and the environment. He is also a frequent public speaker on economic, political and international affairs.
Dan Swartwood is currently the Information Security Governance Leader for Mars, Inc. Prior to this he was the Director, Information Safeguarding,for the Walt Disney Company. Dan has focused his career on data protection, privacy and intellectual property protection issues.
Prior to Disney, Dan provided leadership to all aspects of Motorola's global Data Protection efforts as the Deputy CISO. Before Motorola, he was the Data Privacy Officer at HP and the first ever Corporate Privacy Manager at Compaq Computer. While at Compaq, he also served as the Corporate Information Security Manager. Prior to Compaq and after retiring as an US Army Counterintelligence Officer, Dan participated in an independent review of the White House security program at the request of the Director US Secret Service.
For the last seven years, Dan has served as the Vice President of the Society for the Policing of Cyber Space (www.polcyb.org). POLCYB is the leading international non-profit organization helping third world countries in developing infrastructure to deal with the growing threat from cyber crime. He has lead efforts to create a global cyber crime survey targeted at international law enforcement, prosecutorial and judicial officials to better understand the challenges they face dealing with international cyber crime. He has also lead an effort to create a certificate program to help train the same groups in managing the international aspects of cyber crime enforcement.
He was the first and only Chairperson of the International Association of Privacy Professionals Certification Panel, which created the first privacy certification program. Dan is one of the original Certified Information Privacy Professionals. In Oct 2007, He was identified as one of the top 25 privacy professionals in America. He is the co-author of five bi-annual proprietary information loss surveys sponsored by the American Society for Industrial Security, International, and has authored articles and speaks at national and international conferences. He holds a Master of Science degree in Strategic Intelligence from the US Defense Intelligence College.
Patricia Titus is the Chief Information Security Officer at Markel Corporation located in Richmond, VA. She will continue serving on the Board of Advisors for Guardant Global a worldwide services company. She is a Distinguished Fellow at the Ponemon Institute and serves on the Visual Privacy Advisory Council focusing on Visual Hacking issues.
Ms. Titus was the Vice President and Chief Information Security Officer at Freddie Mac, Symantec, Unisys Corporation and the Transportation Security Administration within the Department of Homeland Security. She was focused on transforming, implementing and maintaining robust IT security programs.
Ms. Titus also worked overseas for several years in various positions within the U.S. Department of Defense, the U.S. State Department and various private sector firms. She has more than 20 years of security management experience. Ms. Titus is on the Board of Advisors for the Executive Women's forum and was recognized as a 'Woman of Influence' by the Executive Women’s Forum in 2009 and the Silicon Valley Business Journal in 2013. She serves on the Executive Women’s Advisory Board for the Girl Scouts Council of the Nation’s Capital.
Don has more than 30 years of experience in the fields of forensic investigations, cybercrime, national security and information security management. He is in the US Cybercrime & Breach Response practice. Working with many of the most established and well known corporate brands, as well as law enforcement and the intelligence community, he has led many cyber breach investigations and advised executive management on breach management strategy and mitigation execution. Don’s cyber breach investigative work has been across multiple industries, from financial services and defense, to retail, manufacturing and healthcare. These cyber breach cases included the compromise of regulated personal information, as well as intellectual property and trade secret theft and fraud.
Prior to joining PwC, Don was the CEO and Chief Risk Analyst at ZeroPoint Risk Research LLC, a company he founded in 2009. He also served in executive security positions at Dun & Bradstreet/Dataquest, Gartner and Jefferson Wells. He was Trusted Advisor to the US Secrecy Commission, also known as the Moynihan Commission on Protecting and Reducing Government Secrecy, created under Title IX of the Foreign Relations Authorization Act. For more than a decade he worked with the National Security Institute and remains an advisory board member there.
He has been an adjunct lecturer at Boston University and a guest lecturer at the Carroll School of Management at Boston College in the International MBA program. In 2013 he was appointed to the Tech Target Security Media Advisory Board.
A frequent speaker at US domestic and international industry events sponsored by the Institute of Internal Auditors, he has appeared on Fox News as a cybercrime and breach analyst and on other television and radio programs. Cited in books, and academic and military studies on cybersecurity, Don is the author of many articles on the subject and two books: Threat! Managing Risk in a Hostile World (The IIA Research Foundation, July 2008) and CyberThreat! How to Manage the Growing Risk of Cyber Attacks (John Wiley & Sons, July 2014).
David A. VanderNaalt
Mr. David A. VanderNaalt is a noted expert and consultant in the security industry. He is the former Chief Information Security Officer for the state of Arizona, leading the Statewide Information Security and Privacy Office. SISPO serves as the strategic planning, facilitation and coordination office for information technology security, privacy protection, and the protection of the technology critical infrastructure in the state.
Prior to assuming that position, David served the City of New York at the Department of Investigation in a dual role, as Director; Digital Forensic Investigations and Director, NYC Citywide Information Security Program. David served his last year with the City as Director of Citywide Continuance Planning at the Department of Information Technology in a cooperative role with the Office of Emergency Management, creating the baseline model for the City’s Continuity of Operations Plan.
David served in several capacities at American Express, including Director of worldwide network change and problem management; and led the creation of the worldwide Information Security group. David was the first corporate information security officer for AMEX worldwide operations.
In 1983, David created one of the first formal security groups in the US at Central & South West Services in Dallas, TX.
David proudly served in the US Navy from 1968 – 1971. David Studied Behavior Science at Grand Canyon College prior to entering the Navy.
Mark Weatherford is a Principal at The Chertoff Group and advises clients on a broad array of cybersecurity issues. As one of the nation’s leading experts on cybersecurity, Mr. Weatherford works with businesses and organizations around the world by helping create comprehensive and strategic security programs.
Mr. Weatherford is a Distinguished Visiting Fellow at the Homeland Security Studies & Analysis Institute, serves on the Advisory Board of AlertEnterprise, Coalfire Systems and Cylance, is a member of the Bipartisan Policy Center’s Electric Grid Cyber Security Initiative, and serves on the Idaho National Laboratory’s Strategic Advisory Group (SAG) for Electric Grid Resilience.
Prior to joining The Chertoff Group, Mr. Weatherford was appointed by President Obama as the Department of Homeland Security’s first Deputy Under Secretary for Cybersecurity. Before joining DHS, Mr. Weatherford was the Vice President and Chief Security Officer at the North American Electric Reliability Corporation (NERC) where he directed the cybersecurity and critical infrastructure protection program and worked with electric utility companies across North America. Prior to NERC, Mr. Weatherford was appointed by Governor Arnold Schwarzenegger to serve as California’s first Chief Information Security Officer and was also the first Chief Information Security Officer for the State of Colorado, where he was appointed by two successive governors.
As a former U.S. Navy Cryptologic Officer, Mr. Weatherford led the United States Navy’s Computer Network Defense operations and the Naval Computer Incident Response Team (NAVCIRT).
Mr. Weatherford earned a bachelor’s degree from the University of Arizona, a master’s degree from the Naval Postgraduate School and holds the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) certifications. He was awarded SC Magazine’s “CSO of the Year” award in 2010, named one of the “10 Most Influential People in Government Information Security” by GovInfoSecurity in both 2012 and 2013 and was selected for the 2013 CSO Compass Award for leadership achievements in the security community.
Joseph Weiss, PE, CISM, CRISC, ISA Fellow, IEEE Senior Member, is an industry expert on control systems and electronic security of control systems, with more than 35 years of experience in the energy industry. He spent more than 14 years at the Electric Power Research Institute (EPRI) where he led a variety of programs including the Nuclear Plant Instrumentation and Diagnostics Program, the Fossil Plant Instrumentation & Controls Program, the Y2K Embedded Systems Program and, the cyber security for digital control systems. As Technical Manager, Enterprise Infrastructure Security (EIS) Program, he provided technical and outreach leadership for the energy industry's critical infrastructure protection (CIP) program.
Mr. Weiss was responsible for developing many utility industry security primers and implementation guidelines. He was also the EPRI Exploratory Research lead on instrumentation, controls, and communications. He serves as a member of numerous organizations related to control system security. These include the North American Electric Reliability Corporation (NERC) Control Systems Security Working Group (CSSWG), the International Electrotechnical Commission (IEC) Technical Committee (TC) 57 Working Group 15 - Data and Communication Security, the Process Controls Security Requirements Forum, CIGRÉ WG D2.22 - Treatment of Information Security for Electric Power Utilities (EPUs), IEEE P2030 Smart Grid Standards, and other industry working groups. He served as the Task Force Lead for review of information security impacts on IEEE standards. He is also a designated US expert to IEC TC45 Nuclear Plant Cyber Security Standards.
Mr. Weiss was involved in the development of, and participated in, the April 2002 White House Conference on CIP - “Developing Secure Digital/Electronic Process Control Systems for the Nation's Critical Infrastructures.” He was an invited speaker at the NIST/NSA Information Security Summit. He has provided oral and written testimony to three House subcommittees, one Senate Committee, and a formal statement for the record to another House Committee. He has also responded to numerous Government Accountability Office (GAO) information requests on cyber security and Smart Grid issues. He has published over 60 papers on instrumentation, controls, and diagnostics including a chapter on cyber security for Electric Power Substations Engineering and the book Protecting Industrial Control Systems from Electronic Threats (ISBN 978-1-60650-197-9). He was also a co-author of Cyber Security Policy Guidebook (ISBN 978-1-1180-2780-6).
Mr. Weiss supported MITRE and NIST in extending NIST SP800-53 to include control systems and the development of NIST SP800-82. He was tasked to write the White Paper on Industrial Control Systems Security for the Center for Strategic and International Studies Blue Ribbon Panel preparing cyber security recommendations for the Obama administration. He was an invited participant to the 2009 NITRD Leap Year Summit and the 2009 NERC High Impact-Low Frequency (HILF) Task Force. He has conducted SCADA, substation, plant control system, and water systems vulnerability and risk assessments and conducted short courses on control system security. He has also been asked to participate in an advisory committee being established by the Transportation Safety Board on Cyber Security for Mass Transit. He participated in the 2011 NERC Cyber Attack Task Force. He also established and chairs the annual Control System Cyber Security Conference and established the International Standards Coordination Meeting on Control System Cyber Security.
Mr. Weiss has received numerous industry awards, including EPRI Presidents Award (2002) and is an IEEE Senior Member, an ISA Fellow, and a member of the ISA Standards and Practices Board. He has two patents on instrumentation and control systems, is a registered professional engineer in the State of California, a Certified Information Security Manager (CISM), and Certified in Risk and Information Systems Control (CRISC).