Ponemon Institute Fellows
Alessandro Acquisti, Ph.D.
Alessandro Acquisti is an assistant professor of information technology and public policy at the H. John Heinz III School of Public Policy and Management, Carnegie Mellon University, and a member of Carnegie Mellon Cylab.
He investigates the economic and social impact of information technology, particularly the interaction and interconnection of human and artificial agents in highly networked information economies. His current research focuses primarily on the economics of privacy and information security, but also on the economics of computers and artificial intelligence, agent's economics, computational economics, e-commerce, cryptography, anonymity, and electronic voting.
Acquisti co-founded PGuardian Technologies, Inc., a provider of Internet security and privacy services.
He has received national and international awards, including a PET Award (privacy enhancing technologies) for Outstanding Research in Privacy Enhancing Technologies and an IBM Best Academic Privacy Faculty Award.
Ed Adams is a software executive with successful leadership experience in various-sized organizations that serve the IT security and quality assurance industries. As CEO, Mr. Adams applies his security and business skills, as well as his pervasive industry experience in the software quality space, to direct application security experts to help organizations understand the risks in their software systems and develop programs to mitigate those risks. The company has delivered high-quality risk solutions to the most recognizable companies in the world including Microsoft, IBM, Fedex, ING, Nationwide and HP.
Mr. Adams founded the Application Security Industry Consortium, Inc. (AppSIC), a non-profit association of industry analysts, enterprise technologists, and security leaders established to define cross-industry application security metrics and best practices. The non-profit eventually morphed into SAFECode at which point Mr. Adams got more engaged with other industry initiatives, including OWASP. Mr. Adams is on the board of the National Association of Information Security Groups (NAISG) as well as the Massachusetts North Shore Technology Council (NSTC).
No stranger to the podium, Mr. Adams has presented to thousands at numerous seminars, software industry conferences, and private companies. He has contributed written and oral commentary for business and technology media outlets such as New England Cable News, CSO Magazine, SC Magazine, CIO Update, Investor's Business Daily, Optimize and CFO Magazine. Mr. Adams is in the process of co-writing a book titled "Winning Cyber War", which will be published by Jones & Bartlett, and is authoring his own title, "Application Security Maturity" – both due out in 2012. He maintains a blog with CSO Magazine, is a columnist for CIO Update and can be followed on Twitter.
Mr. Adams earned his MBA degree with honors from Boston College and has B.A. degrees in Mechanical Engineering and English Literature from the University of Massachusetts.
Philip Agcaoili has been a change agent and transformation leader in the Technology and Information Security industries for over 20 years and is responsible for security and information risk management at Cox Communications. Phil was responsible for maturing Dell's Global Information Security Assurance and Consulting organization where he built one of the largest and most successful application Security Development Lifecycle (SDL) and supply chain security programs in the world. As the Chief Security Architect at Scientific-Atlanta, he matured Enterprise Information Protection to be externally recognized as a world-class security organization before they were acquired by Cisco for $6.9B.
Phil was a member of the Chief Technology Office at Alcatel after Internet Devices (a start-up where he was a foundation member) was acquired for $181M, and was VeriSign's first Chief Information Security Officer after SecureIT (a company he co-founded and sold) was acquired for $70M.
He has been a trusted advisor in securely connecting many of the largest global companies to the Internet, in identifying their vulnerabilities, and in safeguarding the privacy and credit card data for hundreds of millions of customers worldwide. He is helping shape the direction of cyber security best practices for US Telecoms as the committee co-chair of the FCC CSRIC work group 2A and setting security standards for Cloud Computing as a founding member of the Cloud Security Alliance and as a co-founder and co-author of the CSA Cloud Controls Matrix (CCM) and GRC Stack.
Phil won the 2010 Information Security Magazine Security 7 Award in Telecommunications. He won the 2009 Information Security Executive of the Year Award (Central) and was awarded the Microsoft MVP in Security and in Enterprise Security. He was a 2008 ISE National Award nominee and a 2007 and a 2008 CSO Magazine Compass Award nominee. Dell was awarded the 2008 Microsoft CSO Summit Excellence in Data Protection Award and was nominated for the 2008 Information Security Project of the Year Award.
Phil has represented GE, VeriSign, Alcatel, Scientific-Atlanta, Dell, and Cox in their respective Corporate Security, Privacy, Governance, Risk, and Compliance councils and committees. He is a co-founder of the Southern CISO Security Council, co-chairs the Atlanta CISO Executive Summit Governing Body for the CIO Leadership Network, serves on the Executive Steering Council for SecureWorld Expo, serves on the Advisory Council for the CISO Executive Network, CSO Breakfast Club, and Information Security Magazine, served 8 times as a judge for the Information Security Executive of the Year Award, and participates in the Goldman Sachs CISO Council and PwC CISO Council.
Phil holds a B.S. in mechanical engineering from Rensselaer Polytechnic Institute and has attended Georgia State University for an MBA in computer information systems. Phil is in the East Greenbush Education Foundation Hall of Fame, is a Pi Tau Sigma (a National Engineering Honor Society), a Theta Xi, is a Certified Information Security Manager (CISM), is a Certified Information Systems Security Professional (CISSP), is a Holistic Information Security Practitioner (HISP), and serves on the boards of several companies.
James J. Allen, CIPP
Jim Allen is a well-known and highly respected privacy and risk management expert with over 25 years experience. In his most recent position as Chief Privacy Officer for Agilent Technologies, headquartered in Silicon Valley, he led the development and implementation of a comprehensive worldwide customer and employee privacy program. Mr. Allen was instrumental in making privacy a company value. As a result, privacy has been included in the company's annual Social Responsibility report.
Mr. Allen has a reputation for a practical and cost effective approach to very complicated issues. Many of his outcomes have been recognized as best practices and Mr. Allen is often requested to share his expertise at meetings, conferences and educational seminars. This has included presentations at the annual IAPP conferences and the Practicing Law Institute. He has a passion for the topic of privacy and looks forward to making significant contributions in the future.
Yariv Alpher is a seasoned strategist and market researcher whose work has focused on business strategy, innovation and product development, and brand positioning and architecture. He's experienced in a variety of industries, including IT, financial services, media and CPG, and has a wealth of international experience, having led research initiatives in the U.S., Europe, Japan, India, China, Latin America and the Middle East.
Yariv is currently the Chief Research and Customer Insights Officer at Lodestar Research, a boutique consultancy that focuses on b2b clients in the IT, financial services, healthcare and Federal/Gov sectors. Previously Yariv was Vice President of Marketing Research at CA Technologies (formerly Computer Associates), where he established the market research function, supporting all business units globally. Here, Yariv was closely involved with CA's turnaround, rebranding and the increased focus on cloud computing, virtualization and security. Prior, Yariv held senior positions in both the research and financial services sectors.
Over the years Yariv has conducted dozens of studies that focus on IT security, information management and risk management. These have spanned a gamut of issues, from understanding perceptions of vendors in the categories, gauging specific needs and trends, and informing on the relationship between security/risk and strategic business and IT initiatives (such as the adoption of cloud platforms and solutions).
Yariv earned a BA in History and Philosophy from Tel Aviv University, and holds an MA in the social sciences from the University of Chicago (focus on the evolution of consumer communities). Yariv earned a second MA in sociology from New School University (focus on workplace dynamics), where he also completed his doctoral coursework.
Yariv lives with his wife and two children in Westchester County, New York.
Jerry L. Archer, CISSP
Jerry Archer is senior vice president and chief security officer for Sally Mae. Mr. Archer's responsibilities include securing and protecting consumer privacy and for information security initiatives across the enterprise. Prior to this position, Mr. Archer was the chief information security officer for Intuit's global operations.
Prior to Intuit, Archer was managing director at Global Competitive Strategies, LLC, where he provided insight and validation in the areas of policy, technology, products and strategy to a broad array of firms and government. Previously, Mr. Archer was senior vice president for Global Interoperability at Visa International, where his team codified the policies, standards and best practices for Visa systems and networks globally. Before Visa, at the Fidelity Brokerage Company, he was senior vice president of information security and technical risk providing leadership for the brokerage company's operational and strategic security and risk programs.
Earlier his work in the U.S. Intelligence Community earned Mr. Archer the National Performance Review Hammer Award, a Distinguished Service Award from the Central Intelligence Agency and a Meritorious Unit Citation from the National Security Agency. Mr. Archer is a member of many professional and industry groups such as the ACM, IEEE, ISAC, ISC2, and ISSAC.
Eric Ashdown is Asia Chief Security Advisor at Microsoft and is headquartered in Singapore. Mr. Ashdown is a risk management, strategy, security and privacy senior leader with a track record of success in demanding large corporate and entrepreneurial environments. Previously, he was Senior Director and Partner, Global Security Strategy & Risk Management at Accenture and Senior Director of Business Online Services, Risk Management at Microsoft Corporation.
According to Mr. Ashdown, he has taken an entrepreneur's attitude toward new businesses, new projects, business turnarounds, consulting and positions held. This has honed an ability to look holistically at problems and challenges, across cultures, while operating in an increasingly borderless world. The range of geographies where Mr. Ashdown has used these skills includes China, Hong Kong, Taiwan, Hungary, the US, UK, Canada, Malaysia, Jordan, Singapore, Germany, Macau and Brunei.
Christopher Budd is a communications manager with Trend Micro. His focus is on communications around online security and privacy threats to help people understand in plain English the risks they face and what they can do about them. In addition, he focuses on managing crisis communications utilizing a framework and processes he helped put in place.
Prior to Trend Micro, Christopher worked as an independent consultant focused on helping clients build crisis communications frameworks for online security and privacy incidents. Christopher draws on his experience as a ten-year veteran of the Microsoft Corporation, where he oversaw and managed worldwide internal and external communications around security and privacy incidents affecting Microsoft customers. During his tenure at Microsoft, he pioneered new strategies and tactics embracing new media technologies that dramatically improved the handling of communications around incidents and helped, as he likes to say, “make awful news just bad”.
Christopher is a seasoned spokesperson and speaker and presenter. He has been an expert on television and radio numerous times. At Microsoft he led a live monthly security webcast for over six years. He has also given numerous presentations on communications and technology at a variety of technology and non-technology conferences.
Christopher is a widely published author on technology and other topics. He currently contributes a monthly column on Social Media and Online Security to the Windmilll Networking blog as well as regular contributions to Geekwire and Betanews. He is a regular presence on Trend Micro’s blogs for security experts and consumers. He has been a monthly columnist for TechTarget on Microsoft security issues. He is also co-author of two books. Outside of technology topics, he has authored numerous articles on topics ranging from history to philosophy and gaming and is a contributing author to a book on the history of philosophy.
He earned a Bachelor of Arts in Comparative Religion from Oberlin College and a Master of Arts in Philosophy with honors from St. John’s College.
His interests include music, history, psychology, mythology, and comparative religion.
You can read his personal blogs at christopherbudd.com, Andante, and Taklamakan.
He lives outside of Seattle with his family, including four cats and a dog.
Ann Cavoukian, Ph.D.
Dr. Ann Cavoukian is recognized as one of the leading privacy experts in the world and is an avowed believer in the role technology can play in protecting privacy. Under her leadership, the Office of the Information and Privacy Commissioner of Ontario developed a number of tools and procedures to ensure privacy is protected in Ontario – and around the world.
Cavoukian was appointed Ontario's Information and Privacy Commissioner in 1997 and is the only person to hold that position for two terms.
Noted for her seminal work on Privacy Enhancing Technologies in 1995, her mantra of “privacy by design” seeks to embed privacy into the design specifications of technology, thereby achieving the strongest protections.
Cavoukian's published works include Who Knows: Safeguarding Your Privacy in a Networked World (1997), written with Don Tapscott, and The Privacy Payoff: How Successful Businesses Build Customer Trust (2002), written with Tyler Hamilton.
Uma is Vice President of Security, Reliability, and Eco-Environmental Engineering Group in Bell Labs, Alcatel-Lucent. She leads a global team focused on realizing key secure and reliable transformations in information communications technologies networks. She brings extensive global experience and leadership in the field of security, reliability, interoperability, information security standards management, operations systems, software development, and quality assurance.
She has the distinction of having worked directly for an operator (Bell Canada), supplier (Lucent and then Alcatel-Lucent), R&D (Bell Labs/Bellcore/Bell Northern Research), and operating as a start-up producing new software-based products (Bellcore).
Uma has leveraged her experiences to positively impact the relationship between ICT systems and Critical National Infrastructure Segments. She has held various industry positions, including representing the US delegation in the SC27 ISO/IEC 27000 series standards, co-editor for ISO/IEC 27003 series standard, and editor/co-editor for ITU global standards, and a council member on the CSRIC FCC.
Uma has published papers, editor of a special issue on security Bell Labs Technical Journal, contributed to Web 2.0+ Security textbook, and holds patents in the network security and reliability. She is currently an executive contributor of the QuEST forum representing TL9000 quality metric standards, Advisory Board member of the School of Business at Montclair State University, and serves on the Federal Communications Commission's Security, Reliability, and Interoperability Council
(CSRIC) council. Uma is also CISSP, CISA, CISM, CRISC, and PMP certified. Uma has a BS, MS in Electrical Engineering, graduate of Advanced Technology Innovations program at Carnegie Mellon and is a graduate of the Executive Program at Kelloggs School of Management.
Alan Chapell, CIPP
Alan Chapell is the founder of Chapell & Associates, a premier research and consulting firm focusing on consumer privacy.
He established the privacy program at Jupiter Research, which targets the consumer Internet economy. Chapell created and implemented DoubleClick's research product suite, which produced advertising effectiveness products that measure the brand impact of online advertising. He also worked with e-mail marketing firms, including Yesmail (now a division of Experian), where he assisted clients with privacy issues.
He is a regular contributor to the iMedia Connection, the DMNews, and the International Association of Privacy Professionals' Privacy Officer Advisor.
Harry C. Chapman, CMC
Harry Chapman is a founder and principal of the San Francisco-based Bay Area Consulting Group LLC. His work with a division of Wells Fargo Bank in developing and implementing a balanced scorecard is now taught at the Harvard Business School. Chapman has helped large organizations develop balanced scorecards in the United States, Canada, and South Africa. He leads a two-day seminar on the Balanced Scorecard every six months in Rome.
Chapman has developed a balanced scorecard framework tailored to privacy. He is an expert in developing practical and effective performance measurement programs directed toward improving organizational performance.
He is a founder of the Bay Area Consultants Network, a non-profit organization dedicated to enabling consultants to become more effective.
Keith A. Cheresko is a Principal of Privacy Associates International LLC. Privacy Associates International is a Michigan-based privacy consultancy delivering experienced-based, practical guidance in assisting its clients address all aspects of privacy. Mr. Cheresko spent the majority of his career at Ford Motor Company as a member of the Office of the General Counsel. During his 26 year tenure at Ford, he held an assortment of legal assignments supporting Ford’s diverse business activities, including time with Ford Motor Credit Company, Ford’s finance subsidiary, where he played a role in the development of financial privacy policies and practices designed to meet the federal Gramm Leach Bliley Act’s financial privacy requirements. He also served as counsel to the Corporate Privacy Office and advised or chaired working groups addressing an assortment of privacy matters, from marketing-related activities to development of corporate-wide policies. In his last assignment before deciding to leave Ford, Mr. Cheresko was the primary privacy counsel and de facto privacy leader.
After leaving Ford and prior to joining Privacy Associates International LLC, Mr. Cheresko served briefly as general counsel to the Ponemon Institute, and continues serving as a long time member of the Ponemon Institute's Responsible Information Management Council’s Advisory Board. He is a member of the International Association of Privacy Professionals and a Certified Information Privacy Professional (CIPP/US/IT). Mr. Cheresko received a BA from the University of Michigan-Dearborn, a J.D. from Wayne State University, and is a member of the State Bar of Michigan and the American Bar Association.
James Christiansen is Chief Information Risk Officer of Evantix, a Business Risk Management corporation focused providing clients scalable and cost effective tools and services to manage their Information Risk. Prior to joining Evantix, James was Chief Information Security Officer for Experian Americas. James had the overall responsibility for information security providing strategic direction and vision across Experian business units.
James joined Experian after serving as Chief Information Security Officer for General Motors where his responsibilities included worldwide implementation of security plan for the largest financial (GMAC) and the largest manufacturing corporation in the world. Prior to joining GM he was SVP and Division Head of Information Security for Visa International, responsible for their worldwide information security program.
James has been featured in the New York Times as one of the leaders in information security. He has an MBA in International Management, BS in Business Management and is the author of the “Internet Survival Series”, contributing author of “CISO Essentials” and numerous industry papers. James has been chair for the IT Fraud Summit, and co-chair of the ANSI study of the impact of security breaches on healthcare, a prominent speaker for prestigious events such as the Business Round Table, Research Board, American Bar Association, American Banker, RSA, BankInfoSecurity, ISSA and MIS Training Institute.
James has more than 25 years of experience in information security, systems management, including network and operating systems management, application development and design and now meeting the significant challenge of providing risk management solutions for Evantix.
Mark Coderre is the Head of Enterprise Security Architecture for Aetna. His responsibilities include design, risk management, planning and governance of Aetna’s strategic security program. This comprehensive program balances Aetna’s compliance, asset protection and business enablement needs. Aetna has been recognized numerous times for security leadership in Identity Management and Enterprise Governance, Risk and Compliance. Mr. Coderre is active in the identity assurance space as it applies to the healthcare sector through the Kantara Initiative and the US National Strategy for Trusted Identities in Cyberspace (NSTIC).
In his 23 year career with Aetna, Mr. Coderre has provided continuous leadership in the evolution from distributed system security to centralized federated capabilities for information access and cyber threat management. His efforts and designs have allowed Aetna to effectively provide safe and seamless access for millions of Aetna’s Customers, Employees, Brokers and Providers.
A long-standing evangelist for the business value of “built-in security”, Mark has represented Aetna on a variety of industry forums, interviews, standards committees, customer meetings and advisory boards.
Mark Coderre earned a Bachelor of Science degree in Computer Science at Central Connecticut State University in 1989. Mark has received Certifications from the Information Systems Audit and Control Association (ISACA) in both Security Management and Risk Management.
Brian Contos, CISSP, is the Worldwide VP Sales Engineering and Professional Services at Solera Networks. Mr. Contos is a recognized security expert with nearly two decades of security engineering and management experience. He is the author of several books, including Enemy at the Water Cooler—Real-Life Stories of Insider Threats and Physical and Logical Security Convergence, which he co-authored with former NSA Deputy Director William Crowell.
Mr. Contos has worked with government organizations and Forbes Global 2000 companies in over 40 countries throughout North, Central and South America, the Caribbean, Europe, Africa, the Middle East, and Asia. He is an invited speaker at leading industry events like RSA, Interop, GFIRST, SANS, and OWASP and has written for and been interviewed by industry and business press such as CBS News, Bloomberg, Forbes, NY Times, and the London Times. He also helped build several successful security companies.
Mr. Contos was formerly senior director for emerging markets at McAfee, chief security strategist at Imperva, chief security officer at ArcSight, and director of engineering at Riptech. In addition, he has held security positions at Bell Laboratories, Tandem Computers, and the Defense Information Systems Agency (DISA). Brian is a graduate of the University of Arizona.
Dr. Don Lloyd Cook is currently counsel at Gill Ragon Owen, P.A. where he is focused on privacy and technology law, in particular working with new technology companies. He has previously served as a Director of Privacy at Lunarline, Inc. and at Walmart Stores, Inc. Additionally, he served as the Chief Privacy Officer and General Counsel of Feeva Technology, Inc., an online advertising firm and as a Senior Consultant for Acxiom Corporation, specializing in global privacy and regulatory issues. He is a member of the International Association of Privacy Professionals, the Arkansas Bar Association and the American Bar Association.
Dr. Cook regularly speaks on privacy issues and has authored academic publications relating to marketing, privacy and intellectual property. Dr. Cook has practiced general and appellate law in Arkansas, where he received his JD and MBA degrees from the University of Arkansas. He is licensed in state courts in Arkansas, federal district courts in Arkansas and the Northern District of Oklahoma, the Eighth Circuit Court of Appeals and the US Supreme Court, where he successfully opposed a Petition for Writ of Certiorari by the State of Arkansas.
Professional certifications include the CIPP (Certified Information Privacy Professional), CIPP/C (CIPP Canada) CHP (Certified HIPAA Professional) and CHSS (Certified HIPAA Security Specialist. He received his Ph.D. in Marketing from Virginia Tech where his dissertation focused on privacy regulation. While at Virginia Tech he was selected as the first Virginia Tech Congressional Fellow and was a Legislative Assistant in the office of Congressman Rick Boucher, a co-founder of the Internet Caucus. He has taught Consumer Behavior, Internet Law and eCommerce courses at universities in Virginia, Louisiana, Georgia and New Mexico.
Nick Copping, Ph.D.
Nick Copping is a technologist who began his career as a physicist at Cal Tech, later becoming a senior research director at JPL. Copping is a former director of corporate engineering for Hewlett-Packard and served as CEO of Atherton Technology and CRI. Copping started ZOOM Marketing with Ellie Victor in 1996. In 2004 he took a sabbatical from ZOOM to become a partner at Microsoft, where he developed the Microsoft Global SI strategy.
In his spare time, Copping builds and plays acoustic guitars, turns wild bowls in his woodshop, and sees just how long he can stay at the bottom chasing turtles in funny-looking scuba gear.
Joshua Corman is the Director of Security Intelligence for Akamai Technologies and has more than a decade of experience with security and networking software. Most recently he served as Research Director for Enterprise Security at The 451 Group following his time as Principal Security Strategist for IBM Internet Security Systems. Mr. Corman’s cross-domain research highlights adversaries, game theory and motivational structures. His analysis cuts across sectors to the core security challenges plaguing the IT industry, and helps to drive evolutionary strategies toward emerging technologies and shifting incentives.
Mr. Corman is a candid and highly-coveted speaker with engagements at leading industry events such as RSA, DEFCON, Interop, ISACA, and SANS. As a staunch advocate for CISOs, Corman also serves as a Fellow with the Ponemon Institute, on the Faculty for IANS, and co-founded Rugged Software – a value-based initiative to raise awareness and usher in an era of secure digital infrastructure. His passion for challenging the status quo won him the title of Top Influencer of IT by NetworkWold magazine in 2009. Corman received his bachelor’s degree in philosophy, graduating Phi Beta Kappa and summa cum laude, from the University of New Hampshire. He resides with his wife and two daughters in New Hampshire.
Malcolm Crompton is Managing Director of Information Integrity Solutions P/L. He is also the Asia Pacific based Director of the International Association of Privacy Professionals (IAPP). Mr. Crompton was the Foundation President of the Australia New Zealand affiliate of IAPP.
IIS has advised Australian Government departments and agencies, Australian financial services institutions and many leading global ICT companies on developing trust and delivering privacy to customers. Malcolm has advised APEC on the APEC privacy framework.
He was Australia's Privacy Commissioner for five years until April 2004 and led the implementation of Australia's private sector privacy law. Between 1996 and 1999 he was manager of Government Affairs in Canberra for AMP, Ltd.
He is also a member of the Microsoft Trustworthy Computing Academic Advisory Board, the global External Advisory Board of the IBM Privacy Institute, the Reference Group for the PrimeLife project and has sat on international privacy award judging panels.
In the previous 20 years, Mr. Crompton held senior executive positions in the Australian Public Service. He has degrees in Chemistry and Economics. He was awarded the inaugural Chancellor's Medal in 2004 for distinguished contribution to the Australian National University.
Jack Danahy is the Worldwide Security Executive for the Rational division of IBM, and is an international speaker and writer on topics of software, system, and data security. Jack is the original founder and CEO of two successful security software companies: Ounce Labs, sold to IBM in July of 2009, and Qiave Technologies, sold to Watchguard Technologies in 2000.
Mr. Danahy holds five patents in a variety of security technologies including secure distributed computing, software analysis, and secure system management. He is a contributor to industry and national security groups in the areas of data privacy, cybersecurity, critical infrastructure protection, and has contributed to legislation on computer security in both the US House and Senate.
Dennis Dayman has more than 20 years of experience combating spam, security/privacy issues, data governance issues, and improving email delivery through industry policy, ISP relations and technical solutions. As Eloqua’s Chief Privacy and Security Officer, Dayman leverages his experience and key relationships to provide best practices to Eloqua, its customers, and ensures the compliance of their communications data flows. He is also responsible for coordinating and managing Eloqua’s international electronic commerce, privacy and Internet related policy issues.
Prior to Eloqua, Dayman worked at StrongMail Systems as the Director of Deliverability, Privacy, and Standards. In that role, he handled all deliverability and privacy issues related to StrongMail customers and made best practice recommendations as StrongMail’s representative to a cross-industry alliance of ESPs, ISPs, online marketers and spam-filtering companies. He was also charged with ensuring that new email standards were created and instituted for the protection of legitimate email delivery. He was also charged with ensuring the product met and exceed data governance regulations.
Dayman has also served in the Internet Security and Legal compliance division for Verizon Online, as a senior consultant at Mail Abuse Prevention Systems (MAPS), and started his career as Director of Policy and Legal External Affairs for Southwestern Bell Global, now AT&T. In the ISP roles, Dayman investigated complaints of network abuse, managed discoveries and litigation, worked with the federal task force on e-crimes, and represented the company in relation to new federal and state legislation.
As a longstanding member of several boards and advisory committees within the messaging industry, including helping found and server on the Board of Director’s for the Messaging Anti-Abuse Working Group (MAAWG), serve on the Coalition Against Unsolicited Commercial Email (CAUCE) board, serve on the International Association of Privacy Professional (IAPP) advisory boards, server on the Email Sender and Provider Coalition (ESPC) board, Direct Marketing Association (DMA) Ethics committee, Email Experience Council (EEC) MAC, and appointed a Ponemon Institute Fellow. Dayman is actively involved in creating current Internet and digital communication regulations, privacy/security policies and anti-spam legislation laws for state and federal governments. He also sits on several advisory boards for Internet companies and is also a partner, mentor, and frequent investor in start-ups and Tech Wildcatters http://techwildcatters.com/ which is a mentorship-driven microseed fund and startup accelerator in Dallas, Texas.
Dayman holds a B.A. in Criminal Justice from Stephen F. Austin State University in Texas.
Dennis Devlin is Assistant Vice President, Information Security and Compliance Services for the George Washington University. He has over four decades of information technology leadership experience in both private industry and higher education. During his career Dennis has strategized and led multiple enterprise-class initiatives in information security, digital privacy, identity management, wide area networking, electronic messaging, disaster recovery and business continuity, emergency notification, and data center, server and network operations.
In his current role, Dennis oversees information risk management, compliance and information security operations for The George Washington University. He leads a team that maintains the integrity and sustainability of the University's mission-critical systems, communicates security and compliance policies to stakeholders and implements process and technology that protects the confidentiality, integrity and availability of University information assets and infrastructure.
Prior to his current role Dennis served as Chief Information Security Officer for Brandeis University, Vice President and Chief Security Officer for The Thomson Corporation (now Thomson-Reuters), a member of the senior IT leadership team at Harvard University, and began his career as a software developer, analyst, and IT manager in the pharmaceutical industry at American Hoechst Corporation (now Aventis).
Dennis is a graduate of the University of Pennsylvania and has completed extensive continuing education in IT management. He has lectured at the UCLA Anderson School of Management, Babson College Center for Information Management Studies, University of Massachusetts Strategic Information Technology Center, Center for Advancing Business through Information Technology at Arizona State University and Boston University Metropolitan College. Dennis is a frequent presenter at professional meetings and conferences including the RSA Security Conference, Qualys Security Conference, SC Magazine US Forum, MIS Training Institute, Gartner IT Security Summit, EDUCAUSE, NERCOMP, Institute for Computer Policy and Law at Cornell University, the CSO Magazine Security Confab, the APPNATION Conference, and the Privacy and Information Management Forum at The George Washington University.
Dennis has been featured in numerous articles on security and written for CSO Magazine, SC Magazine and Secure Business Quarterly. He was a contributing author to Security 2020: Reduce Security Risks This Decade. Dennis has served on CSO advisory boards for RSA Security, Qualys, Verdasys, GeoTrust, ChosenSecurity, LogMatrix and the CSO Editorial Advisory Board for SC Magazine. He is also a faculty member of the Institute for Applied Network Security (IANS) and a former adjunct faculty member in the Information Assurance program at the Rabb School of Continuing Professional Studies at Brandeis University
Margaret P. (Peggy) Eisenhauer, CIPP
Ms. Peggy Eisenhauer, Esq. is the founder of Privacy and Information Management Services – Margaret P. Eisenhauer P.C., an internationally recognized law firm. She helps companies develop and document privacy, security, and fair information programs, including policies and procedures governing the collection, use, and distribution of all types of personal information. Eisenhauer has extensive experience with U.S. and international privacy laws, as well as industry best practices for managing customer and employee information.
In addition to receiving a J.D. with honors from the University of Georgia School of Law, Eisenhauer holds a master's of science in information and computer science from the Georgia Institute of Technology. She is a member of the International Association of Privacy Professionals and a member of the Certified Information Privacy Professional Advisory Board.
Steve Elefant joined Heartland in November 2008 as a consultant, helping Heartland bring its Software as a Service (SaaS) applications to its merchant base. In January 2009, he became the executive director of the new end-to-end encryption team focusing on developing point-of-sale products and executing Heartland's E3™ security platform that encrypts cardholder data from the point of swipe/entry at a merchant location through the Heartland processing networks and to the card brands. He was then named chief information officer in August 2009.
Steve provided strategic focus for new opportunities and enhancement of existing products and services. He also provided technology vision and leadership for developing and delivering the company's solutions, M&A, Business Development, Strategy and Mobile.
Steve was the founder of several successful Silicon Valley startup and venture capital firms. He is co-founder and former chief executive officer of ICVerify, Inc., a leader in payments processing integration of PC-based POS software. The company merged with CyberCash, Inc. where he was Vice- Chairman in 1998 to form an Internet and physical service provider for electronic payments software (which was ultimately sold to FirstData and is still in production today). After leaving CyberCash, Steve was involved in several other startups including a company called Price Radar in the online auction space (technology sold to eBay), a digital content management and micro payments company called Yaga (ultimately sold to Digital River) and then venture capital with Claremont Creek Ventures and Soaring Ventures for the five years before joining Heartland.
Steve has been an active member of the US Secret Service Electronic Crimes Task Force for more than six years, as well as the Federal Bureau of Investigation's Infragard Electronic Crimes Task Force for the past five years.
In his 'spare time' Steve is a passionate Multi Engine Instrument rated pilot, is a Special Deputy doing search and rescue flying for the San Francisco Sherriff's Department and is on the board of the USS Hornet, space, science and discovery museum. Steve holds a Bachelor of Arts, Political Science, University of California, Los Angeles (UCLA).
Todd Fitzgerald, is the Director, Global Information Security for ManpowerGroup, the world leader in innovative workforce solutions, and is responsible for providing strategic information security leadership, policy, direction and working closely with local country security teams supporting 4,000 offices in 82 countries and territories to ensure information asset protection and compliance with global laws and regulations.
Fitzgerald recently authored the 2012 book, Information Security Governance Simplified: From the Boardroom to the Keyboard”, and co-authored the 2008 ISC2 Press Book Entitled CISO Leadership: Essential Principles for Success, along with numerous other chapters for security publications, including the Official ISC2 Guide to the CISSP CBK. Todd has spoken frequently and chaired national/international conferences for ISACA, CSI, ISSA, MISTI, COSAC, HIMSS, HIPAACOW, WHIMA, CMS and others.
He earned a MBA degree from Oklahoma State University, a BS degree from University of Wisconsin-LaCrosse (current advisor to the College of Business Administration) and has previously held senior information technology leadership positions with Fortune 500 organizations such as WellPoint (National Government Services), AstraZeneca (Zeneca), Syngenta, IMS Health, American Airlines and Blue Cross Blue Shield United of Wisconsin.
Michael Fitzpatrick is the founder/CEO and President of NCX Group, Inc. Michael has over 30 years of information technology experience where he began addressing the technical needs and security concerns of businesses embracing the internet. Today, he leads a team of highly skilled engineers and professional consultants who are dedicated to providing security assessments that protect critical data and ensure a business environment remains operational.
Michael has extensive knowledge in the areas of privacy legislation and regulatory compliance that impact how a business operates. As a recognized leader in business risk management and mitigation, Michael was asked to advise Senator Dianne Feinstein’s office in the development of the NORPDA (Notification of Risk to Personal Data Act) legislation. He has also given advice and guidance to Senator Mary Bono's office in which she is a co-sponsor of H.R. 4127, the Data Accountability and Trust Act (DATA).
As an extension of his passion in data security, Michael hosts a weekly broadcast called The Watchdog Report, where information risk management, business continuity and regulatory compliance are main topics.
Michael is a respected articulate presenter and has appeared as a featured speaker at caworld, OracleWorld, CCIA, Fox News and other national forums.
Patrick Florer has worked in information technology for 33 years. During 17 of those 33 years, he also worked a parallel track in medical outcomes research, analysis, and the creation of evidence-based guidelines for medical treatment. His IT roles have included operations, programming, database design, systems analysis, security, and risk analysis. From 1986 until now, he has worked as an independent consultant, helping customers with strategic development, analytics, risk analysis, and decision analysis. In 2011, he cofounded Risk Centric Security and currently serves as Chief Technology Officer. Risk Centric Security provides training and consulting services in the quantitative analysis of risk and market opportunity.
Mr. Florer received a B.A in Classical Greek, with highest honors, from the University of Texas at Austin in 1972. He was elected to the scholastic honor society Phi Beta Kappa in 1971.
After his wife became a victim of identity theft, he helped her to found the Identity Theft Resource Center in 1999. Jay’s computer and investigative talents lead him to specialize in cybercrime and criminal identity theft. However, he also shared his wife’s passion about all types of all types of identity theft. In partnership with Linda, they have undertaken the fight to bring child identity theft to the forefront – believing that even one case of child identity theft is one too many. He has also been working with the California Office of Privacy Protection regarding identity theft and foster children. Jay is also nationally respected for all of work in the field of identity theft and cybercrime. Along with his wife, Linda, they recently founded a new company that will focus on the major issues of this evolving crime, ID Theft Info Source.
Together they have been interviewed by hundreds of print, radio, and television media about various topics regarding identity theft. In 2004, they received the 2004 National Crime Victim’s Assistance Award presented by the US Attorney General. They have also received numerous commendations and awards for their work in the field of identity theft, victim’s rights, and had served on taskforces ranging from the California Department of Motor Vehicles to the US Attorney General’s task force on identity theft. In 2010, they were honored to accept the Congressional Victims’ Rights Caucus Suzanne McDaniel Public Awareness award on behalf of the ITRC and the Foley's work in helping the public understand the issues of identity theft. The Foley's have served as subject matter experts for various state and federal legislative committees and testified in hearings across the country.
An identity theft survivor herself, Linda has spent the last 14 years studying the crime of identity theft. In 1999 she founded the Identity Theft Resource Center and began to work with victims trying to clear their names and restore their lives. In the early 2000's she began to receive more and more calls from parents whose minor children had become victims of identity theft and by young adults who discovered their identities had been stolen before they turned 18. Some perpetrators were family members, often parents, and others were unknown criminals. Linda has spent the last 14 years researching this particular crime as well as other identity theft crimes. She is nationally respected for the depth of her knowledge of identity crimes and has received numerous awards and commendations for her work. She is currently one of the principal partners of the ID Theft Info Source. Www. IDTheftInfoSource.com
Along with her husband and business partner, Jay Foley, they have been interviewed by hundreds of print, radio, and television media about various topics regarding identity theft. In 2004, they received the 2004 National Crime Victim’s Assistance Award presented by the US Attorney General. They have also received numerous commendations and awards for their work in the field of identity theft, victim’s rights, and had served on taskforces ranging from the California Department of Motor Vehicles to the US Attorney General’s task force on identity theft. In 2010, they were honored to accept the Congressional Victims’ Rights Caucus Suzanne McDaniel Public Awareness award on behalf of the ITRC and the Foley's work in helping the public understand the issues of identity theft. The Foley's have served as subject matter experts for various state and federal legislative committees and testified in hearings across the country.
Steven F. Fox, CISSP is a Security Architecture and Engineering Advisor with the U.S. Department of the Treasury. He advises multiple teams, offering security guidance on system architecture and engineering to ensure compliance with Federal standards and requirements. He also contributes to multiple working groups including the IPv6 transition team, Developer Security Testing workgroup, and the Security and Privacy workgroup. Mr. Fox brings a cross-disciplinary perspective to the practice of information security; combining his experience as a security consultant, a Sr. IT Auditor and a systems engineer with principles from behavioral/organizational psychology to address security challenges. He has performed security services including risk/vulnerability/penetration testing assessments, incident response planning, PCI DSS services, and social engineering.
Steven is a syndicated blogger covering IT Governance, Risk Management, and IT-Business fusion topics. His speaking engagements include Hacker Halted, ISSA and ISACA events, SecureWorld Dallas/Detroit, Security B-Sides Chicago/Detroit/Vegas, and GrrCon. He also served on the Board of the ISSA Detroit chapter from 2008 through 2012.
Mr. Fox holds an MS in Business Information Technology from Walsh College, an NSA recognized Center of Excellence. He has a BS in Psychology from Eastern Michigan University where he studied industrial applications of behavioral theory. He is also Six Sigma Specialist certified.
Ms. Mari J. Frank, Esq. serves as an attorney- mediator on privacy and other civil matters, and provides testimony as a privacy expert witness for state and federal court cases and governmental hearings. She is the author of several books including the Identity Theft Survival Kit, Identity Theft Prevention and Survival; From Victim to Victor: A Step by Step Guide for Ending the Nightmare of Identity Theft; Safeguard Your Identity: Protect Yourself with a Personal Privacy Audit and the Complete Idiot’s Guide To Recovering From Identity Theft. Since 2005 Mari has hosted the radio show Privacy Piracy on 88.9 FM in Irvine, California. This award winning show (Privacy Innovation Award in 2005 and BE REAL BROADCASTING AWARD in 2011) airs on Monday mornings at 8:00 AM, streams on kuci.org and podcasts on ITunes. (www.kuci.org/privacypiracy).
Ms. Frank consults with businesses and government agencies and provides professional training programs on privacy, conflict resolution, and identity theft issues. She is on the Board of the Privacy Rights Clearinghouse and has served for many years on the Advisory Board of California's Office of Privacy Protection, the Identity Theft Task Force of the L.A. County District Attorney, California's Department of Motor Vehicles Task Force on Privacy, and the Consumer Federation of America ID Task force on identity theft services. Ms. Frank is a member of the Orange County, California Sheriff's Reserve, a certified trainer for the State Bar of California, a law professor, and she teaches conflict management at the University of California, Irvine. She is a member of the International Association of Privacy Professionals, and sits on the Executive Committee of the State Bar of California Law Practice Management and Technology Section.
Ms. Frank has testified many times on privacy and identity theft issues in the California legislature and in the US Congress. In May 1999, she was summoned to the White House to a press conference with President Clinton to speak on Consumer Privacy. Her speech was broadcast on C-SPAN TV. Mari’s 90 minute PBS Television special, “Identity Theft: Protecting Yourself in the Information Age,” aired nationwide. Two of her books and the DVD of the show were featured gifts for viewers who pledged support for local PBS stations across the country.
Mari has appeared on dozens of national TV programs including Dateline, 48 Hours, the O'Reilly Factor, Investigative Reports, NBC and ABC Nightly News, CNN, Geraldo, CNBC, Montel, the Hugh Thompson Show, Lifetime, Crime Stoppers and many other shows. She has been interviewed on more than 300 radio shows and featured or quoted myriad times in major national newspapers and magazines including: US News and World Report, Your Money Magazine, Money, Parade Magazine, The New York Times, The Wall St. Journal, USA Today, PC Magazine, The Chicago Tribune, The Los Angeles Times, Good Housekeeping; The California Bar Journal, The American Bar Journal, The Washington Post, The New York Daily News, Modern Physician, The Philadelphia Inquirer, and many more national publications. Her many articles have been published in legal journals and numerous magazines.
D. Reed Freeman, Jr. CIPP
Reed Freeman is a partner. Mr. D. Reed Freeman, Esq. is a partner in the Washington, D.C. office of Morrison & Foerster. He focuses his practice on all aspects of consumer protection law, including online and offline privacy issues, data security and breach notification, online and offline advertising review and competitor challenges, and direct marketing. Prior to joining Morrison & Forester, Mr. Freeman was a partner in the Kelley Drye Collier Shannon's Advertising and Marketing Practice Group.
Mr. Freeman served as chief privacy officer and vice president for Legislative and Regulatory Affairs at Claria Corporation. He has also served as staff attorney in the Federal Trade Commission's Bureau of Consumer Protection. Mr. Freeman is a former appointed member of the Department of Homeland Security's Data Privacy and Integrity Advisory Committee and is an adjunct professor for advertising and privacy law at George Mason University School of Law. He is also a an author and a frequent speaker on issues related to advertising and marketing law.
Daniel B. Garrie
Daniel Garrie is the current Managing Director of Alternative Resolution Center's (ARC) E-Discovery Dispute Resolution in Los Angeles and Senior Managing Partner at FSRDG LLC in New York. He regularly consults with attorneys and technologists on Electronic Discovery and Discovery Management issues related to litigation, commercial disputes, business claims, and enterprise information archiving implementation. Mr. Garrie is admitted to practice law in New York and New Jersey and is editor-in-chief of the Journal of Legal Technology Risk Management.
Mr. Garrie specializes in the synchronization of policies with information technologies and related best practices to ensure legal compliance for enterprises worldwide. Mr. Garrie counsels both domestic and international corporations in the domains of E-Discovery, data privacy, enterprise archiving, IT vendor selection, litigation risk management, and cost management. In addition, he leverages his legal and IT expertise to deliver enterprise application architecture, design, deployment, and integration of enterprise record and information management platforms.
Mr. Garrie has published more than 80 articles and books on E-Discovery, Cloud Computing, software, intellectual property, compliance, technology, legal, telecommunications, US and EU privacy policies, and a range of other E-Law issues. Recent publications include a three-part article on the risks and financial issues involved in Cloud Computing published in the Los Angeles Daily Journal, including, “Haste Makes Waste: Charging for Cloud Computing” (7/30/10), “Jurisdiction and Cloud Computing: How Does it Work?” (8/19/10), and “Do the Benefits of Being in the Cloud Outweigh the Risks?” (11/2/10).
Mr. Garrie is a seasoned Electronic Discovery Special Master, and was recently appointed to the E-Discovery Special Master Pilot Program for the U.S. District Court of Western Pennsylvania. He is a frequently sought after presenter at legal and technology seminars and has been invited to symposiums around the world, most recently the 2011 AIIM 360 Conference in Washington D.C., where he presented E-Discovery in the Cloud.
Mr. Garrie is the current Managing Director of Alternative Resolution Center's (ARC) E-Discovery Dispute Resolution in Los Angeles and Senior Managing Partner at FSRDG LLC in New York.
Stanton G. Gatewood
Stanton Gatewood is recognized worldwide as one of the leading experts on information security, strategic planning and electronic privacy. As the Chief Information Security & ePrivacy Officer for the Board of Regents of the University System of Georgia, Gatewood is the principal advisor to USG senior executives and security officers on matters related to cyberspace security and privacy issues. He balances his time between securing and protecting the 35 colleges and universities and more than 200 public libraries that comprise the University System of Georgia.
A much sought-after speaker and strategist, Gatewood is a tri-lingual author, teacher, and lecturer. Gatewood has traveled extensively transferring his knowledge of Information Security & ePrivacy in Latin America, Middle East, Africa, Asia, and Europe. He is a contributing writer and editor for security journals including Information Security Magazine, SecurityFocus, SC Magazine, Federal Times, Computerworld and CSO magazines.
Gatewood has had a long distinguished career in the military, state and federal government, higher education and corporate security spanning more than 33 years. During his distinguished career, Gatewood has built "highly successful" information security and privacy programs, two centers of excellence; one for cryptography and one for awareness, training and education. He has served as the former president of the founding chapter of the Information Systems Security Association (ISSA) in Los Angeles, Calif. and continues to serve on several industry boards. Most recently, Gatewood was named one of SC Magazine's - IT security luminaries and one of the Top 5 influential IT security thinkers in the world.
Jean-Paul Hepp, Ph.D., CIPP
Dr. Jean-Paul Hepp is an accomplished business executive, strategist, and change agent. He has more than 24 years leadership experience working across multiple verticals in the highly regulated pharmaceutical industry.
Hepp engages global organizations with bold initiatives that transform the entire culture. At Pharmacia, he became the first in the industry to implement a corporate Internet strategy. His activities propelled Pharmacia to a leadership position. At Pharmacia, Hepp was again the first in the industry (along with Merck) to serve in the full-time Privacy Director/Corporate Privacy Officer position. He continued in this role with Pfizer after it acquired Pharmacia.
Priscilla Hill-Ardoin retired from her position as chief privacy officer of AT&T, Inc., in 2007 after a distinguished career with the corporation and several of its subsidiaries. Hill-Ardoin founded the organization responsible for ensuring AT&T has policies and procedures in place to maintain full compliance with state and federal regulatory requirements governing telecommunications. She served as associate vice president-corporate services, chairman of the board for the AT&T Foundation, and the company's director of diversity. She also held positions in strategic planning, marketing, and network operations.
A recognized leader in the communications industry, Hill-Ardoin supported the advancement of women and minorities in all areas of the business. In 2003, she was appointed by FCC Chairman Michael Powell to the Chairman's Advisory Commission on Diversity in Communications in the Digital Age.
Chris Jay Hoofnagle
Mr. Chris Jay Hoofnagle, Esq. is senior staff attorney with the Samuelson Law, Technology and Public Policy Clinic and senior fellow with the Berkeley Center for Law and Technology. His focus is consumer privacy law. Previously, he was senior counsel to the Electronic Privacy Information Center and director of the organization's West Coast office. He was also a non-residential fellow with Stanford University's Center for Internet and Society for the 2005 academic year.
Among his recent academic publications are Identity Theft: Making the Unknown Knowns Known, in the Harvard Journal on Law and Technology; Putting Identity Theft on Ice: Freezing Credit Reports to Prevent Lending to Impostors, Stanford University Press; A Model Regime of Privacy Protection, in the University of Illinois Law Review (with J. Solove); and Big Brother's Little Helpers: How ChoicePoint and Other Commercial Data Brokers Collect, Process, and Package Your Data for Law Enforcement, in the North Carolina Journal of International Law & Commercial Regulation.
James M. (Jim) Jordan III, CIPP
Mr. Jim Jordan III, Esq. is the founder of Jordan Legal Counsel, P.C., which assists companies with global compliance programs with particular emphasis on laws pertaining to personal data protection, information technology, and e-commerce. Previously, he spent six years as an in-house lawyer for General Electric, where he held the title of chief privacy leader and senior counsel for E-Commerce and Information Technology, was responsible for global privacy law compliance, and led the implementation of a pioneering Binding Corporate Rules program that has been formally approved by Data Protection Authorities in a number of EU member states as a basis for international transfers of employment data.
Prior to joining G.E., Jordan was a partner in the Intellectual Property Transactions Group of the law firm Alston & Bird, LLP. He is a member of the International Association of Privacy Professionals, a member of the IAPP's Certified Information Privacy Professional Advisory Board, and teaches the Workplace Privacy module of the CIPP examination preparation program.
Ondrej Krehel is the Chief Information Security Officer for Identity Theft 911, the nation’s premier identity theft and data breach management, resolution and education service. He has managed information security departments and launched digital forensic investigations across a wide swath of industry and government.
He managed and conducted a wide range of investigations, including computer intrusions, theft of intellectual property, massive deletions, defragmentation, file carvings, anti-money laundering, financial fraud, mathematical modeling and computer hacking.
He holds an M.S. degree in Mathematical Physics from Comenius University in Bratislava and an Engineering Diploma from Technical University in Zvolen, Slovakia.
An international conference speaker and educator, he’s presented at RSA, among other notable security summits, and is an adjunct professor at St. John ’s University. His work has been featured by CNN, Reuters, The Wall Street Journal and The New York Times.
Matt Leonard, CIPP
Mr. Matt Leonard is a privacy and strategic marketing executive. His more than 25 years of experience managing direct marketing operations along with his experience developing and implementing privacy and information strategies, policies, and practices in complex organizations gives him a unique perspective on the issues surrounding responsible information practices.
Leonard directed privacy and information policy at Harte-Hanks, a major end-to-end direct marketing service organization. He spent ten years at IBM in Direct Marketing, Customer Information, and Privacy. He is an industry-recognized expert in all aspects of marketing, from Database Analytics to Product Development.
Leonard brings a depth of experience in marketing as well as specific expertise regarding privacy practices in marketing oriented organizations. He speaks frequently to organizations about privacy and marketing. He is an advocate of effective privacy and information practices as a basic business requirement.
Thornton A. May
Mr. Thornton May is one of the premier communicators in the information technology industry. He combines a scholar's passion for empirical research, an entrepreneur's capacity for opportunity identification, and a stand-up comic's gift for storytelling in working with executives to figure out what comes after what comes next.
May is responsible for sculpting executive education information technology curricula at four major business schools: UCLA, UC-Berkeley, Arizona State, and Ohio State. He designed and delivered the information technology portion of the curriculum at the University of Amsterdam's Controller's Institute (special program for multinational chief financial officers). May co-founded the Director's Institute, a program to improve board level technology decision-making.
May's insights have appeared in the Harvard Business Review, the Financial Times, and the Wall Street Journal, among other publications. He also debated the future practice of strategy on National Public Radio.
Joanne McNabb, CIPP/G
Ms. Joanne McNabb is chief of the California Office of Privacy Protection. The organization is a resource and advocate on identity theft and other privacy issues. In addition to providing information and education for consumers, it publishes privacy practice recommendations for business and organizations.
McNabb is co-chair of the International Association of Privacy Professionals' Government Working Group. She also serves on the Privacy Advisory Committee of the Department of Homeland Security. She is a frequent speaker at privacy conferences and seminars.
McNabb has more than 20 years experience in public affairs and marketing in both the public and private sectors, including five years with an international marketing company in France. Her marketing background contributes to her understanding of the commercial uses of personal information that have become a significant privacy concern.
Mr. Peter Milla is a noted expert and consultant to the global research industry. He was the former Chief Information Officer for Survey Sampling International, a leading supplier of Internet, telephone, postal, and personal interview samples to market and survey research agencies in the United States, Canada, Europe, Latin America, Australia, and Asia. Milla has more than 25 years of experience in a wide range of information technology, market/survey research and data privacy and security activities, applying expertise in information technology and market/survey research methods. He has extensive experience with all computer assisted survey information collection technologies, specializing in Internet-based market/survey research.
Prior to joining SSI, Milla was executive vice president and chief information officer at Harris Interactive and senior vice president and chief information officer at Roper Starch Worldwide.
Milla is a member of the board of directors of the Council of American Survey Research Organizations, co-chair of its Internet Research Task Force and chair of its Technology Committee.
Stuart Noad is Director of Marketing (Northern Europe) for Appsense, the global leader in User Virtualisation. Previously Mr. Noad served as Marketing Director, and as a member of the operational board, for HP Information Security, successfully overseeing its brand transition from Vistorm.
During this time, and with Ponemon Institute, Mr. Noad has delivered many new security initiatives including the Security Effectiveness Rating and the Cyber Security Benchmark. He is a Chartered Marketer with more than 12 years experience across a wide range of leading security, software and IT services businesses.
Stuart L. Pardau
Stuart L. Pardau is an attorney, corporate executive, and scholar with expertise in data security and privacy, which is complemented by his experience in the intellectual property and corporate law areas. Currently, Stuart is an Assistant Professor (tenure-track) at the College of Business and Economics at California State University Northridge and is also a member of the Leadership Council at the Rand Corporation in Santa Monica.
In addition, to his academic pursuits, Stuart has his own private law and consulting practice, The Law Offices of Stuart L. Pardau Associates, where he advises clients on intellectual property, data security/privacy, and corporate law issues. Prior to that, Stuart was, for close to 10 years, the Chief Legal Counsel, at the leading market research firm, J.D. Power and Associates, where he became a thought leader in technology, data security and privacy issues concerning the market research industry, including through his work as a member of the Council on American Survey Research ("CASRO") Legislative Affairs Committee.
A former Managing Director and Regional Counsel of FedEx Corporation, based in Tokyo, Japan, Stuart also has over 10 years of experience living and working in East Asia, with particular expertise in Japan, China and the Republic of Korea. Stuart is conversational in Japanese and has a J.D. from Stanford Law School and a Masters degree from Cambridge University in the U.K.
Deborah C. Peel, M.D.
Deborah C. Peel, MD is the leading national and international advocate for restoring patients' rights to control the use of sensitive personal health information in electronic systems. She also has practiced as a physician and psychoanalyst for over thirty-five years.
She was named one of the "100 Most Influential in Healthcare" in the US by ModernHealthcare magazine four times since 2007-the first privacy expert and consumer advocate on the list.
She learned about the lack of health privacy from her patients. Many feared seeking treatment unless their records were private. They had lost jobs or reputations using health insurance to pay for care. They realized physicians disclose medical records to get insurance payments, and insurers share health information with employers, so they offered cash for privacy.
In 2004, she formed Patient Privacy Rights (PPR), www.patientprivacyrights.org, which has become the world's leading consumer health privacy advocacy organization. PPR has over 12,000 members in all 50 states.
In 2006, Dr. Peel founded the bipartisan Coalition for Patient Privacy, representing 10.3 million Americans. The Coalition is responsible for the historic privacy protections in the stimulus bill: a ban on sales of PHI, audit trails, segmentation, breach notice, the right to prevent disclosure of PHI for payment and HCO if payment is out-of-pocket, and encryption. Microsoft joined the Coalition in 2007.
In 2011 PPR and the University of Texas LBJ School of Public Affairs created the 1st International Summit on the Future of Health Privacy. The summits are the only place where both threats to health privacy and solutions are thoughtfully debated by national and international experts from advocacy, academia, government, and industry.
In 2012, PPR expanded the summit and partnered with the O'Neill Institute at Georgetown Law Center, the University of Cambridge Computer lab, the Harvard Data Privacy Lab, and The University of Texas School of Information. Sponsors included Microsoft, FairWarning, Jericho Systems, Accenture, Dell, CA Technologies, PwC, IDExperts, e-MDs, Meditology, and TATRC. See: http://www.healthprivacysummit.org.
Dr. Peel was the First Tocker Fellow at the University of Texas School of Information. See:http://www.ischool.utexas.edu/about/news/view_news_item.php?ID=363
Dr. Christopher Pierson is the EVP, Chief Security Officer and Chief Compliance Officer for LSQ Holdings where he oversees its cybersecurity and compliance program. Prior to joining LSQ, Chris was the SVP and first Chief Privacy Officer for the Royal Bank of Scotland's U.S. banking operations leading its privacy and data protection program.
Chris also served as a corporate attorney for Lewis and Roca where he established its Cybersecurity Practice and advised on information security and data breaches. Chris also serves as an appointed member for the Department of Homeland Security Data Privacy and Integrity Advisory Committee and Cybersecurity Subcommittee providing advice and guidance to the Secretary and Chief Privacy Officer on policy, operational, strategy, and technological issues. Chris is a graduate of Boston College (B.A., M.A.) and The University of Iowa (Ph.D., J.D.) and speaks at national events and is frequently quoted on cybersecurity.
Nils is a Co-Founder and member of the Board of the Cloud Security Alliance, a community of over 50,000 security professionals in over 50 chapters worldwide with the goal to promote the use of best practices for providing security assurance within Cloud Computing. The Alliance also educates on the uses of Cloud Computing to help secure all other forms of computing.
Nils Puhlmann was the Chief Security Officer of Zynga and led the converged security department, managing all security risks for the company and chairing the Security Risk Committee. He oversaw the company’s security domains of product & application security, security engineering & architecture, investigations & incident response, security intelligence & threat assessments, physical security, executive protection, ecrime and security compliance & audit.
Before joining Zynga, he served as Chief Security Officer of Qualys, where he was responsible for security, risk management and business continuity planning. His responsibilities included the security of the cloud-based QualysGuard SaaS platform. He also led the Qualys CSO Advisory Board and evangelized at various international industry events in areas of security management and cloud security.
Prior to Qualys, Puhlmann was the Chief Information Security Officer for Electronic Arts, with global responsibility for information security, intellectual property protection, risk management, compliance, physical security, forensics & investigations and business continuity management/disaster recovery. He was also previously the Chief Information Security Officer at Robert Half International, where he had global responsibility for managing information security, risk management, privacy, forensics & investigations, CERT and Business Continuity Management enterprise wide.
Prior to that, he was Director Global IT & Security and Chief Privacy Officer at Mindjet Corp, where he managed Mindjet's global information security, physical security and privacy programs. He was also a Senior Manager of Product Security at Adobe Systems, responsible for creating and managing Adobe's product vulnerability program, overseeing security assessments of Adobe applications, driving product security certifications, and promoting secure development practices. He created Adobe's product security incident response team, chaired Adobe's Security Task Force and managed Adobe's first Common Criteria Certification.
Puhlmann also held senior positions at Nortel Networks and START Amadeus, and was an independent security consultant with clients such as the State of California and other foreign States. He maintains numerous security certifications, including CISSP-ISSMP and CISM. He has held Board of Directors positions in the past (ISACA Silicon Valley) and is currently a Director on the Board of the Cloud Security Alliance, a Director on the International Board of Directors of ISSA, a Board member of OVAL (Open Vulnerability and Assessment Language), an Advisory Board member for several Security Companies and has been called as a subject matter expert by ISACA and ISC2. He was also a member of the Advisory Council for the CISO Forum of ISSA.
In 2012, Puhlmann was a finalist for the “CSO of the Year” award by SC Magazine. Puhlmann was invited in 2009 by the Dept. of Defense and the Executive Office of the President to speak at the National Cyber Leap Year Summit in Washington, DC. and is a frequent speaker and keynote presenter at global security and technology conferences. He is considered a visionary in the field of converged security risk management and information security and his advice is frequently sought after by corporations and government entities.
Richard Purcell, CIPP
Mr. Richard Purcell is the chief executive officer of Corporate Privacy Group, an independent privacy consulting firm focused on establishing sustainable, affordable privacy programs in corporations, agencies, and institutions.
He was Microsoft's first chief privacy officer and developed one of the earliest global privacy programs while at Microsoft.
Mr. Purcell is formerly the chairman of the board of directors of TRUSTe, and is chairman of the Department of Homeland Security's Privacy Advisory Committee and of the International Association of Privacy Professionals Advisory Board for Privacy Certification.
He co-founded and sat on the Conference Board's Council of Chief Privacy Officers, served on the IAPP Board of Directors, and was a member of the Federal Trade Commission's Advisory Committee on Online Access and Security.
James Ransome, Ph.D., CISSP, CISM
James Ransome, is Senior Director and Chief Security Officer of Cisco Collaborative Software Group (WebEx) Corporate Security Programs and Global Government Solutions Cisco Systems, Inc. Mr. Ransome is responsible for operational and strategic direction for the organization and its customer security. He oversees, coordinates, and manages security and compliance efforts across multiple functions, including information technology, operations, product development, human resources, communications, legal, facilities management, and other groups with a particular focus on Software as a Service (SaaS) and WebEx service delivery.
Prior to his current role in the Cisco Collaboration Software Group, Dr. Ransome spent two years as the senior director for Security Engineering with the Corporate Security Programs Organization (CSPO) and Global Government Solutions (GGSG) with a particular focus on enterprise- and infrastructure-level security solutions and unified data, voice, and video wireless security for fixed and mobile IP solutions. Before joining Cisco, he served as senior vice president of Commercial Managed and Professional Security Services at SecureInfo Inc., headquartered in San Antonio, Texas.
Dr. Ransome has held various senior executive information systems and physical security management positions, including vice president of Integrated Security at CH2M HILL, vice president of Corporate Security at Exodus and at Cable and Wireless, vice president of Security Operations and Services at Pilot Network Services, director of Global Information Systems Security for Applied Materials, director of Information Systems Security for Autodesk, and director of IT Security, Directory Services and Email at Qwest Communications.
Dr. Ransome spent 23 years in government service before entering private industry. This includes ten years as a computer scientist, national security and geo-spatial imagery intelligence analyst, and threat credibility assessment analyst for Lawrence Livermore National Laboratory (LLNL) in support of the national intelligence community, DOE NEST Team, DoD, and federal law enforcement.
He was a NCIS Civilian Federal Special Agent (1811) assigned to the Foreign Counterintelligence (FCI) Squad / San Francisco with responsibilities for FCI investigations and operations, regional law enforcement agency liaison officer, special projects OPSEC, counterterrorism support and analysis, as well as protective service details for national and foreign dignitaries.
Ransome is a retired U.S. Naval Reserve Intelligence Officer (O-5, Commander) and a former U.S. Marine Corps Weapons Platoon Sergeant and interrogator-translator. He has completed 23 years combined active-duty and reserve service, including duty in Operation Desert Shield/Storm (field operations), Operation Joint Endeavor (counter-terrorism), and Vietnam-Era service specializing in weapons systems and intelligence operations. During this time, he worked in more than 15 countries with U.S. Navy Task Force 168 and received personal commendations from the Chief of Naval Operations and the Department of Army for his work as the Officer in Charge of a team operating on the border of Saudi Arabia and Iraq during Operations Desert Shield and Desert Storm.
Dr. Ransome holds a Ph.D. in Information Systems specializing in Information Security, a Master of Science Degree in Information Systems, and graduate certificates in International Business and International Affairs. He developed and tested a security model, architecture, and leading practices for converged, wired-wireless network security for his doctoral dissertation. This work became the baseline for the Getronics Wireless Integrated Security, Design, Operations & Management (WISDOM) Solution which Ransome co-architected.
Dr. Ransome is an Adjunct Professor for Nova Southeastern University's Graduate School of Computer and Information Sciences (SCIS) Information Security Program, designated a National Center of Academic Excellence in Information Assurance Education by the U.S. National Security Agency and Department of Homeland Security where he teaches Applied Cryptography, Advanced Network Security, and Information Security Management. He received the 2005 Nova Southeastern University Distinguished Alumni Achievement Award. He is a member of Upsilon Pi Epsilon, the International Honor Society for the Computing and Information Disciplines, a Certified Information Security Manager (CISM), and a Certified Information Systems Security Professional (CISSP).
Ransome is the author of several published books, including Wireless Operational Security, VoIP Security, Instant Messaging (IM) Security, Business Continuity Planning and Disaster Recovery Guide for Information Security Managers, Wireless Security: Know It All, and recently completed Cloud Computing: Implementation, Management, and Security published by CRC Press. He also developed the initial wireless, network architecture, SCADA, and VoIP security leading practices for the Federal Communications Commission Network Reliability and Interoperability Council Focus Group on Cybersecurity Homeland Defense.
Steve Ransom-Jones has worked in the field of information security for over twenty-five years where he has developed a passion for adapting methodologies to assess and solve unstructured problems. He is currently responsible for establishing and managing the IT security and privacy function for Hollister Incorporated, a medical device manufacturer.
He started his information security career working for the UK Government Communications Headquarters and has been heavily involved in deploying secure solutions globally using some of the practices that emerged from Europe in the 80's and 90's, including ITSEC and BS7799. Mr. Ransom-Jones moved to the US in 1998 to join IBM as a security consultant where he contributed to developing the practice's privacy methodology and performed or managed engagements on behalf of a wide variety of clients. He also experienced the thrills and issues of security and compliance challenges in outsourcing environments as he managed the delivery of security services for several of IBM's Fortune 100 outsource customers.
In his own time he enjoys “applied risk management” as an aviator by constructing and acting as a test pilot for experimental aircraft. He has designed and developed his own avionics hardware, software and firmware. He finds this a relaxing blend of practical construction, design and sound decision making activities.
John C. Reece
John C. Reece is chairman and CEO of John C. Reece & Associates, LLC, the firm he founded to provide personal leadership assistance to corporate and government executives in resolving issues having high impact on their enterprises' value creation performance. The firm assists private and public sector clients and enjoys a strong mix of new and repeat relationships.
Previously, Reece served as deputy commissioner for Modernization and chief information officer at the IRS. He was also vice president of Information Technology at Time Warner Inc., functioning as that company's first CIO. Before moving to Time Warner, Reece created a CIO role at Alexander and Alexander Services, Inc., a global insurance broker.
He is a board member of Unysis' Security Leadership Institute and InfraSi, Inc. and serves on Applied Identity and CloudShield, Inc.'s advisory boards. He has also served on advisory boards at AT&T, Oracle, Sun Microsystems and Bristol Myers-Squibb. Reece is a principal member of the Council for Excellence in Government and a participating member of the Industry Advisory Council.
Steve Riley is an evangelist and strategist for cloud computing at Amazon Web Services, working to help organizations understand how to integrate their environments with the cloud to extend reach, increase utilization, and respond to rapid business changes. His work includes helping organizations understand and address security, privacy, and compliance concerns that arise when information processing and storage occurs in multi-tenant and shared environments. Previously he worked in the Trustworthy Computing Group at Microsoft where he helped thousands of customers improve their security awareness, raise their technical abilities, and strengthen their security strategies. He was a member of the team that established Microsoft's highly successful Chief Security Officer Council program, which provided a forum for CSOs to directly influence product direction and development.
Steve's specialties include network and host security, compliance, reliability, privacy, and policy. Steve has spoken at hundreds of events around the world, including RSA, SANS, Black Hat Windows, InfoSec US, (ISC)2, IANS, TechEd, and Connections. He co-authored a book about Windows network security and has published numerous articles. Born with an Ethernet cable attached to his belly button, Steve grew up in networking and telecommunications. Besides lurking in the Internet's dark alleys and secret passages, he enjoys freely sharing his opinions about the intersection of technology and culture. He writes at http://stvrly.wordpress.com, tweets as @steveriley, and emails from firstname.lastname@example.org.
Greg Schaffer is the Assistant Secretary for Cybersecurity and Communication for the United States Department of Homeland Security. Formerly, Mr. Schaffer was the Chief Information Security Officer, Chief Security Officer and ultimately Chief Risk Officer for ALLTEL Communications, LLC., responsible for enterprise wide security and privacy strategy and policy development, implementation and execution as well as regulatory oversight and compliance process improvement.
Mr. Schaffer joined ALLTEL after serving as a Director in PricewaterhouseCoopers, LLP Cybercrime Prevention and Response (CPR) Practice for four years where he was responsible for managing a wide range of computer security, forensic, investigative and litigation support electronic discovery related projects for PwC clients. Prior to joining PwC Mr. Schaffer was a computer crime prosecutor at the United States Department of Justice Computer Crime and Intellectual Property Section. At the Justice Department Mr. Schaffer was responsible for day-to-day management of domestic and international investigations involving various crimes including computer hacking, illegal wiretaps and economic espionage.
Prior to joining DOJ Mr. Schaffer was a partner with the law firm of Manatt, Phelps & Phillips specializing in civil litigation related to computer technology issues. From 2001 to 2004, Mr. Schaffer also served as an adjunct professor at Georgetown University teaching a course on information security for international business.
Howard A. Schmidt
Mr. Howard A. Schmidt is president and CEO of R & H Security Consulting, LLC.
He served as vice president and chief information security officer and chief security strategist for eBay. Most recently, Schmidt was chief security strategist for the U.S. CERT Partners Program for the National Cyber Security Division in the Department of Homeland Security.
He retired from the White House after 31 years of public service in local and federal governments, including the Air Force Office of Special Investigations and the FBI National Drug Intelligence Center. He was appointed by President Bush as the vice chair (later becoming chair) of the President's Critical Infrastructure Protection Board and as the special adviser for Cyberspace Security for the White House. Prior to the White House, Schmidt was chief security officer for Microsoft.
Schmidt is the international president of the Information Systems Security Association and was the first president of the Information Technology Information Sharing and Analysis Center. Schmidt has been appointed to the Information Security Privacy Advisory Board to advise the National Institute of Standards and Technology, the secretary of Commerce and the director of the Office of Management and Budget on information security and privacy issues.
Winn Schwartau is one of the world's top experts on security, privacy, infowar, cyber-terrorism and related topics. He coined the terms Electronic Pearl Harbor while trstifying before Congress in 1991. Winn Schwartau thinks asymmetrically and has been “Security” for 30 years. If you want originality in thought, writing, presentations or any aspect of Security, call Winn. In addition to being called, “The Civilian Architect of Information Warfare,” he is one of the country's most sought after experts on information security, infrastructure protection and electronic privacy.
Provocative, informed, challenging, he's on the leading edge of thinking, writing and speaking. Highly technical security subjects are made understandable, entertaining, engaging and thought-provoking. Audiences find themselves challenged with original ideas which are related through historical analogy and metaphor and made relevant to the present and future world.
He was named one of the Top-20 security industry pioneers by SC Magazine, one of the Top 25 Most Influential People for 2008 by Security Magazine, one of the Top 5 Security Thinkers for 2007 by SC Magazine and In 2002, honored as a “Power Thinker” and one of the 50 most powerful people by Network World.
A prolific writer, his seminal works on Information Warfare in the late 80s and 90s defined cyber conflict. His novel, Pearl Harbor Dot Com begat Die Hard IV and more than 3,000 articles and speeches later, Winn is still the ‘go to guy’ when people want straight shooting, no-BS originality, interpretation and prognostication. His predictions began in 1988 and have been alarmingly accurate. “I would rather people listened and acted then be right.”
Eddie Schwartz is Chief Security Officer of NetWitness and has 25 years experience in the information security and privacy fields. Previously, he was CTO of ManTech Security Technologies Corporation, EVP and General Manager for Global Integrity, SVP of Operations at Guardent, CISO for Nationwide Insurance and as a Senior Computer Scientist at CSC.
Mr. Schwartz has advised a number of public and privately held security companies and served on the Executive Committee for the Banking Information Technology Secretariat (BITS). Mr. Schwartz has a B.I.S. in Information Security Management and an M.S. in Information Technology Management from the George Mason University School of Management.
Amichai Shulman is Co-Founder and CTO of Imperva, where he heads the Application Defense Center (ADC), Imperva's internationally recognized research organization focused on security and compliance. Mr. Shulman regularly lectures at trade conferences such as RSA and Infosec and delivers monthly eSeminars. He is also tutoring undergraduate students in Information Security projects in the Technicon, Israel's leading academic institute.
The press draws on Mr. Shulman's expertise to comment on breaking news, including security breaches, mitigation techniques and related technologies. Under his direction, the ADC has been credited with the discovery of serious vulnerabilities in commercial Web application and database products, including Oracle, IBM and Microsoft.
Prior to Imperva, Mr. Shulman was founder and CTO of Edvice Security Services Ltd., a consulting group that provided application and database security services to major financial institutions, including Web and database penetration testing and security strategy, design and implementation.
Mr. Shulman served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques. He has a B.Sc and Master Degree in Computer Science from the Technion, Israel Institute of Technology.
Daniel Solove is the John Marshall Harlan Research Professor of Law at George Washington University Law School. He began teaching law at Seton Hall Law School in 2000. He joined the George Washington University Law School faculty in 2004.
Professor Solove writes in the areas of information privacy law, cyberspace law, law and literature, jurisprudence, legal pragmatism and constitutional theory. He teaches information privacy law, criminal procedure, criminal law and law and literature.
An internationally known expert in privacy law, Professor Solove has been interviewed and quoted by the media in several hundred articles and broadcasts, including the New York Times, Washington Post, Wall Street Journal, USA Today, Chicago Tribune, the Associated Press, ABC, CBS, NBC, CNN and NPR.
Professor Solove has consulted in high-profile privacy law cases, contributed to amicus briefs before the US Supreme Court and testified before Congress. He serves on the advisory boards of the Electronic Frontier Foundation and the Future of Privacy Forum and he is on the board of the Law and Humanities Institute. Professor Solove blogs at Concurring Opinions, which covers issues of law, culture and current events. ABA Journal selected it as among the 100 best law blogs.
Dan Swartwood is the Director, Information Safeguarding,T he Walt Disney Company. Dan has focused his career on data protection, privacy and intellectual property protection issues. Dan is the Director, Information Safeguarding, for the Walt Disney Company, one of the largest media and entertainment companies in the world. In this role he helps business leaders understand and manage the risk to intellectual property; supports content protection efforts; and manages the global content vendor security program.
Prior to Disney, Dan provided leadership to all aspects of Motorola's global Data Protection efforts as the Deputy CISO. Before Motorola, he was the Data Privacy Officer at HP and the first ever Corporate Privacy Manager at Compaq Computer. While at Compaq, he also served as the Corporate Information Security Manager. In that role he developed an industry leading data protection effort. Prior to Compaq and after retiring as an US Army Counterintelligence Officer, Dan participated in an independent review of the White House security program at the request of the Director US Secret Service.
He was the first and only Chairperson of the International Association of Privacy Professionals Certification Panel, which created the first privacy certification program. Dan is one of the original Certified Information Privacy Professionals. In Oct 2007, He was identified as one of the top 25 privacy professionals in America. He is the co-author of five bi-annual proprietary information loss surveys sponsored by the American Society for Industrial Security, International, and has authored articles and speaks at national and international conferences. He holds a Master of Science degree in Strategic Intelligence from the US Defense Intelligence College.
Patricia Titus is the vice president and chief information security officer at Symantec, responsible for IT information security risk management, threat response and governance functions. Titus plays a strategic role in protecting Symantec's IT resources, infrastructure and information assets, as well as drives internal security initiatives.
Prior to joining Symantec, Titus was vice president and global chief information security officer for Unisys Corporation, a global information technology company. At Unisys, she was responsible for enhancing the existing network security and policies supporting Unisys global employees, while ensuring the continued protection of sensitive corporate and customer data.
Prior to joining Unisys, Titus was the chief information security officer at the Transportation Security Administration within the Department of Homeland Security, where she focused on creating, implementing and maintaining a robust IT security program. Titus also worked overseas for several years in various positions within the U.S. Department of Defense, the U.S. State Department and various private sector firms. She has more than 22 years of security management experience in the high technology industry.
Titus is an active member in multiple TechAmerica (formerly ITAA) committees and is on the Women's Advisory Board for the Girl Scouts Council of the Nation's Capital, where she mentors young women in the IT field.
Bryant G. Tow has over 20 years of experience in the IT industry both as an entrepreneur and senior executive. Bryant has held responsibilities within all aspects of the security industry including: thought leadership in the area of cyber security, award winning development of security solutions, go-to-market and business development strategies, managing large global cyber and physical security teams. Bryant currently works as a thought leader in the security industry and a trusted advisor by regularly meeting with clients, speaking at industry events, working with industry analyst, media outlets and law enforcement.
As the recent Chief Security Officer for CSC‘s Financial Services Group (FSG), Bryant enhanced the security posture of the FSG solutions and quantifiably reduced risk by developing the global security strategy and executing necessary programs to ensure the confidentiality, integrity and availability of FSG’s intellectual property. Bryant has held several leadership positions in the security industry including the Department of Homeland Security and the FBI and is currently serving as a Vice President of the InfraGard National Members Alliance an FBI public/private alliance program boasting over forty-five thousand members. Bryant has published several books and articles on cyber security topics and has received several awards including "Governor's Office of Homeland Security Award for Exceptional Contribution in Recognition of Outstanding Support of Tennessee's Counter Terrorism Program.
Mr. MacDonnell Ulsch is President and Chief Risk Analyst of ZeroPoint Risk Research, LLC and the author of the book THREAT! Managing Risk in a Hostile World. His area of expertise is in privacy and counter-economic espionage. Mr. Ulsch has conducted many research studies in the subject area and advises a wide range of clients. He is widely published and has been quoted in the Wall Street Journal, the New York Times, ForbesBusinessWeek, the Boston Globe, CNN.com, and many other publications. Mr. Ulsch has appeared on radio and television as a national security and risk analyst. Previously, he was Trusted Advisor to the United Secrecy Commission under Senators Jesse Helms and Daniel Patrick Moynihan and co-authored an information security policy paper with U.S. Senator Sam Nunn. He worked at the National Security Institute, focusing on economic and industrial espionage and advised the office of counter-intelligence of a U.S. President.
Mr. Ulsch currently serves on the board of the National Security Institute, and is a Distinguished Fellow of the Ponemon Institute. Mr. Ulsch is closely associated with The Institute of Internal Auditors Research Foundation. He has held executive positions at Pricewaterhouse Coopers, Gartner, Computer Intelligence, and Dun & Bradstreet. A frequent keynote speaker at industry events and for client seminars, he has also lectured at several universities, including Boston University and Boston College. Mr. Ulsch is the author of several learned books on cyber security and cyber terrorism.
David A. VanderNaalt
Mr. David A. VanderNaalt is a noted expert and consultant in the security industry. He is the former chief information security officer for the state of Arizona, leading the Statewide Information Security and Privacy Office. SISPO serves as the strategic planning, facilitation and coordination office for information technology security, privacy protection, and the protection of the technology critical infrastructure in the state.
Prior to assuming that position, VanderNaalt served the city of New York as director of the Department of Investigation, as director; Digital Forensic Investigations and director, NYC Citywide Information Security Program. VanderNaalt served for one year as the director of Citywide Continuance Planning at the Department of Information Technology in a cooperative role with the Office of Emergency Management. He served in several capacities at American Express, including director of worldwide network change and problem management; and led the creation of the worldwide Information Security group. VanderNaalt was the first corporate information security officer for AMEX worldwide operations.
Joseph Weiss, PE, CISM, CRISC, ISA Fellow, IEEE Senior Member, is an industry expert on control systems and electronic security of control systems, with more than 35 years of experience in the energy industry. He spent more than 14 years at the Electric Power Research Institute (EPRI) where he led a variety of programs including the Nuclear Plant Instrumentation and Diagnostics Program, the Fossil Plant Instrumentation & Controls Program, the Y2K Embedded Systems Program and, the cyber security for digital control systems. As Technical Manager, Enterprise Infrastructure Security (EIS) Program, he provided technical and outreach leadership for the energy industry's critical infrastructure protection (CIP) program.
Mr. Weiss was responsible for developing many utility industry security primers and implementation guidelines. He was also the EPRI Exploratory Research lead on instrumentation, controls, and communications. He serves as a member of numerous organizations related to control system security. These include the North American Electric Reliability Corporation (NERC) Control Systems Security Working Group (CSSWG), the International Electrotechnical Commission (IEC) Technical Committee (TC) 57 Working Group 15 - Data and Communication Security, the Process Controls Security Requirements Forum, CIGRÉ WG D2.22 - Treatment of Information Security for Electric Power Utilities (EPUs), IEEE P2030 Smart Grid Standards, and other industry working groups. He served as the Task Force Lead for review of information security impacts on IEEE standards.
Mr. Weiss was involved in the development of, and participated in, the April 2002 White House Conference on CIP - “Developing Secure Digital/Electronic Process Control Systems for the Nation's Critical Infrastructures.” He was an invited speaker at the NIST/NSA Information Security Summit. He has provided oral and written testimony to three House subcommittees, one Senate Committee, and a formal statement for the record to another House Committee. He has also responded to numerous Government Accountability Office (GAO) information requests on cyber security and Smart Grid issues. He has published over 60 papers on instrumentation, controls, and diagnostics including a chapter on cyber security for Electric Power Substations Engineering and the book Protecting Industrial Control Systems from Electronic Threats (ISBN 978-1-60650-197-9).
Mr. Weiss supported MITRE and NIST in extending NIST SP800-53 to include control systems and the development of NIST SP800-82. He was tasked to write the White Paper on Industrial Control Systems Security for the Center for Strategic and International Studies Blue Ribbon Panel preparing cyber security recommendations for the Obama administration. He was an invited participant to the 2009 NITRD Leap Year Summit and the 2009 NERC High Impact-Low Frequency (HILF) Task Force. He has conducted SCADA, substation, plant control system, and water systems vulnerability and risk assessments and conducted short courses on control system security. He has also been asked to participate in an advisory committee being established by the Transportation Safety Board on Cyber Security for Mass Transit. He has been asked to participate in the 2011 NERC Cyber Attack Task Force. He also established and chairs the annual Control System Cyber Security Conference and established the International Standards Coordination Meeting on Control System Cyber Security.
Mr. Weiss has received numerous industry awards, including EPRI Presidents Award (2002) and is an IEEE Senior Member, an ISA Fellow, and a member of the ISA Standards and Practices Board. He has two patents on instrumentation and control systems, is a registered professional engineer in the State of California, a Certified Information Security Manager (CISM), and Certified in Risk and Information Systems Control (CRISC).
Mr. Wernick's professional activities include his serving on Advisory Boards for several publications, and as a member of the Alumni Board for the Fisher College of Business at The Ohio State University.
Alan S. Wernick
ALAN S. WERNICK is a partner in the Chicago office of FSB FisherBroyles, LLP – a 60 lawyer law firm that started in 2002 and has been recognized by U.S. News & World Report Best Law Firms for Information Technology Law. His practice since 1982 focuses on providing sensible and tactical legal advice to clients on significant information technology, electronic commerce, intellectual property, data privacy/security transactions, and dispute management. Mr. Wernick's experience includes drafting and/or negotiating practically every type of information technology contract and transaction. He serves as a counselor and advocate for his clients in the management and resolution of a wide range of legal disputes, including analysis of potential risks, dispute avoidance, negotiation of settlements, and guidance through litigation, appeals, and the arbitration/mediation processes.
Mr. Wernick, admitted in IL, NY, OH, and DC, has extensive contract negotiating and drafting experience, and has served as an arbitrator/mediator of information technology and intellectual property disputes for more than 26 years. That experience, coupled with a background in computer programming, technology, and accounting, enables him to provide practical strategic advice and realistic risk assessments. A frequent lecturer and writer (whose publications include an Info Tech Law column for Chicago Lawyer magazine), he has been selected as a Leading Lawyer in Computer & Technology Law, International Who's Who of Internet & e-Commerce Lawyers, and is a Martindale-Hubbell® AV rated attorney.
Mr. Wernick's professional activities include serving on Advisory Boards for publications by BNA and Wolters Kluwer, and as a member of the Alumni Board for the Fisher College of Business at The Ohio State University. For details about his firm see WWW.FSBLEGAL.COM. Additional details concerning Mr. Wernick's practice, his published writings and public lectures are available at WWW.WERNICK.COM. His direct phone number is 847.786.1005 and email is Wernick@fsblegal.com.
Ashley Winton is Global Data Privacy Chair at White & Case LLP. Formerly a computer designer, Mr. Winton is a partner of and leads the Intellectual Property & Technology Group in London and is chair of the White & Case LLP global data protection and privacy group. He advises on outsourcing, technology, intellectual property and antitrust matters with particular emphasis on European regulatory issues such as data protection and privacy, electronic money, encryption and export control, technology transfer and e-commerce.
Most of his time is spent advising corporations on effective data protection law, privacy and information security compliance, particularly for global enterprises and businesses with international reach and has a particular interest in global compliance matters such as international data transfer, data breach and online behavioural advertising. He also advises on e-discovery procedures in the context of international litigation or investigations, and on efficient document retention strategies as an effective mitigant of risk.
Mr. Winton's clients include a number of global financial institutions, one of the world's most well known computer manufacturers, a number of well known consumer electronics multinationals, one of the world's largest electronic component distributors, a Fortune 50 retailer, as well as many other multinational corporations.
Mr. Winton is recognized as a leading practitioner in the IT and data protection areas by independent legal directories.
Martin Wülfert is a founding partner of Your Business Lab, a consulting firm that specializes in product, go-to-market and M&A strategy with a particular focus on the IT Security industry. Your Business Lab has customers in North America, Europe as well as Israel and assists multiple private equity funds to acquire, re-position or divest portfolio companies.
Before founding YBL, Martin managed the public firm Utimaco Safeware AG as CEO for over seven years until the company was acquired by and integrated into Sophos. Utimaco developed leading technologies in the areas of disk and file encryption as well as hardware security modules and lawful interception solutions.
Prior to Utimaco, Martin served at various management positions in the Novartis group, including being a division CIO for many years, integration manager in Australia & New Zealand and general manager of Novartis Animal Health in Germany.
Martin holds a diploma in Theoretical Physics from the University of Basel, Switzerland.