Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.


Ponemon Institute Fellows: A-B-C

< Back to Ponemon Fellows

Linda Ackerman

Linda Ackerman is an attorney who works on health information privacy issues. Most recently, she wrote a report titled "Mobile Health and Fitness Applications and Information Privacy" for Privacy Rights Clearinghouse and helped develop the content for the World Privacy Forum's online guide to health information exchanges in California.

She was a principle contributor to the development of the California Attorney General's as yet unpublished guide to medical identity theft. She is currently working on a project with the Electronic Frontier Foundation, developing content for an educational website on electronic health information exchange and privacy. She has also written a number privacy and security policies and data sharing agreements for health information exchanges.

Alessandro Acquisti, Ph.D.

Alessandro Acquisti is an associate professor at the Heinz College, Carnegie Mellon University (CMU) and the co-director of CMU Center for Behavioral and Decision Research.  He investigates the economics of privacy. His studies have spearheaded the application of behavioral economics to the analysis of privacy and information security decision making, and the analysis of privacy and disclosure behavior in online social networks.

Alessandro has been the recipient of the PET Award for Outstanding Research in Privacy Enhancing Technologies, the IBM Best Academic Privacy Faculty Award, multiple Best Paper awards, and the Heinz College School of Information's Teaching Excellence Award. He has testified before the U.S. Senate and House committees on issues related to privacy policy and consumer behavior. Alessandro's findings have been featured in national and international media outlets, including the Economist, the New York Times, the Wall Street Journal, the Washington Post, the Financial Times,, NPR, and CNN. His 2009 study on the predictability of Social Security numbers was featured in the “Year in Ideas” issue of the NYT Magazine (the SSNs assignment scheme was changed by the US Social Security Administration in 2011).

Alessandro holds a PhD from UC Berkeley, and Master degrees from UC Berkeley, the London School of Economics, and Trinity College Dublin. He has held visiting positions at the Universities of Rome, Paris, and Freiburg (visiting professor); Harvard University (visiting scholar); University of Chicago (visiting fellow); Microsoft Research (visiting researcher); and Google (visiting scientist). He has been a member of the National Academies' Committee on public response to alerts and warnings using social media.

Ed Adams

Ed Adams is a software executive with successful leadership experience in various-sized organizations that serve the IT security and quality assurance industries. As President of Security Innovation, Mr. Adams applies his security and business skills, as well as his pervasive industry experience in the software quality space, to direct software security experts to help organizations understand the risks in their systems and develop programs to mitigate those risks. The company has delivered high-quality risk solutions to the most recognizable companies in the world including Microsoft, IBM, Fedex, ING, Nationwide and HP. Prior to Security Innovation, Mr. Adams held executive management positions at Ipswitch, Lionbridge, Rational Software, and MathSoft. He also spent several years working for the US Army and Foster-Miller (now QinetiQ).

Mr. Adams is on the Board of Directors for the National Association of Information Security Groups (NAISG) and the International Secure Software Engineering Council (ISSECO.) In 2004, Mr. Adams founded the Application Security Industry Consortium, Inc. (AppSIC), a non-profit association of industry analysts, enterprise technologists, and security leaders established to define cross-industry application security metrics and best practices. The non-profit eventually morphed into SAFECode at which point Mr. Adams got more engaged with other industry initiatives, including OWASP.

No stranger to the podium, Mr. Adams has presented to thousands at numerous seminars, software industry conferences, and private companies. He has contributed written and oral commentary for business and technology media outlets such as New England Cable News, CSO Magazine, SC Magazine, CIO Update, Investor's Business Daily, Optimize and CFO Magazine.  Mr. Adams earned his MBA degree with honors from Boston College and has B.A. degrees in Mechanical Engineering and English Literature from the University of Massachusetts.

Joe Adams

Dr. Joe Adams is the Vice President for Research and Cybersecurity at Merit Network, Inc. In this role, he is the director of the Michigan Cyber Range, an internationally recognized platform for education, exercises, and testing in cyber security. Recently retired from the US Army as a Colonel in the Signal Corps, he served as an Associate Professor at the US Military Academy before becoming the Chief Information Officer at the National Defense University.

Joe earned a B.Sc. in Computer Engineering from Syracuse University and a M.Sc. in Computer Systems Engineering from the University of Arkansas. His Ph.D. is in Computer Engineering from Virginia Polytechnic Institute and State University, where his research focused on network security and access control in mobile ad-hoc networks.

Philip Agcaoili

Phil Agcaoili is the Chief Information Security Officer at Elavon, a U.S. Bank subsidiary and the 4th largest payment processing company in the world. He has been an influential leader in the Information Security industry for almost 25 years and has established industry-leading security organizations from start-ups to the Fortune 25.  He was previously the CISO at Cox Communications and VeriSign, and led successful global security teams at Dell, Scientific-Atlanta, and General Electric.  He influenced the development of the NIST Framework for Improving Critical Infrastructure Cybersecurity, shaped cyber security for US Telecoms as committee co-chair of the FCC CSRIC and the Communications Sector Coordinating Council, and Communications ISAC, and is a member of the Financial Services Information Sharing & Analysis Center (FS-ISAC) and Payments Processing Information Sharing Council (PPISC).  He is a privacy and trust leader as a Ponemon Institute Distinguished Fellow and as the Chairman of the Fellows.  

Phil has served on the Board of Directors and Advisory Boards for several start-ups, Information Security Magazine, CSO Magazine, CIO Magazine and CISO Executive Network. He won the inaugural Information Security Executive of the Decade Award, 2013 Evanta Global Top 25 Breakaway Leader Award, 2012 RSA Conference Award for Excellence in the Field of Security Practices, 2010 Information Security Magazine Security 7 Award, 2009 Information Security Executive of the Year Award, and was inducted into the East Greenbush Education Foundation Hall of Fame. Phil's teams have been recognized for their achievements and teamwork.

Mike Ahmadi

Mike Ahmadi is the Global Director of IoT Security Solutions for DigiCert, a leader in digital security. In this role, Mike drives the company's Internet of Things (IoT) strategic market development for the various critical infrastructure industries including healthcare, transportation, industrial operations, smart grid and smart city.

Mike is a thought leader in the cybersecurity field and frequently consults with organizations, contributes to media reports, participates in industry standards bodies, and speaks at industry conferences about how technology can be used to improve cybersecurity for critical systems and the people who rely on them. 
Before joining DigiCert, Mike was the Global Director of critical systems security for Synopsys Software Integrity Group.  He currently serves on the technical steering committee for the ISASecure certification program and is also serving as Chairman of the Trust Anchors and Authentication Task Force under the Society for Automotive Engineering (SAE).

He also acts as a US Expert for IEC TC65 Working Group10 in developing the IEC 62443 series of industrial Process Control cyber security standards. He served on the California Office of Health Information Integrity Security Steering Committee in drafting the state level policies on HIPAA HITECH, and is an active member of the Medical Device Innovation Safety and Security Consortium (MDISS), where he introduced the Vendor Security Practices Project, and is also an active member of the Association for the Advancement of Medical Instrumentation (AAMI) Medical Device Security Working Group, where he has contributed to technical industry reports. Mike has also worked closely with the U.S. Food and Drug Administration in assisting them with developing their cyber security testing capabilities.

Mike also currently serves as an active member of the US Department of Homeland Security Industrial Control Systems Joint Working Group, and as a part of the advisory board for the US Secret Service Electronic Crimes Task Force. Mike has been a co-author in several publications, including the American Bar Association Security and Privacy guide, AAMI Journals, and serves on the editorial board of ISSA journal. He regularly makes appearances as a subject matter expert and speaker in various cyber security, including industrial control systems and medical devices and networks.

James J. Allen, CIPP

Jim Allen is a well-known and highly respected privacy and risk management expert with over 25 years experience. In his most recent position as Chief Privacy Officer for Agilent Technologies, headquartered in Silicon Valley, he led the development and implementation of a comprehensive worldwide customer and employee privacy program. Mr. Allen was instrumental in making privacy a company value. As a result, privacy has been included in the company's annual Social Responsibility report.

Mr. Allen has a reputation for a practical and cost effective approach to very complicated issues. Many of his outcomes have been recognized as best practices and Mr. Allen is often requested to share his expertise at meetings, conferences and educational seminars. This has included presentations at the annual IAPP conferences and the Practicing Law Institute. He has a passion for the topic of privacy and looks forward to making significant contributions in the future.

Darin Andersen

Darin Andersen is an Internet of Things and cybersecurity professional and the Founder & Chairman of CyberTECH (CyberHive San Diego and iHive Incubators), a global cybersecurity and Internet of Things network ecosystem. Darin is also President & CEO of CyberUnited, INC., a cybersecurity and analysis firm focused on big data and predictive analytics. Before founding CyberUnited, Darin was the General Manager, North America for Norman Shark, a global leader and pioneer in proactive security solutions and forensics malware tools, recently acquired by Blue Coat Systems.

In 2011, Darin received an “Exemplary Performance Award” for Cyber Security by San Diego Business Journal and in 2010 he was named a “Top Influential” by The San Diego Daily Transcript. Darin created the “Securing Our eCity” initiative (now a private Foundation) in his former employer at ESET, where he was Chief Operating Officer. The initiative (which is now an independent Foundation) was recognized by The White House as the “Best Local/Community Plan” DHS National Cybersecurity Awareness Challenge. Darin has an MBA in Finance and Operations Management and 2nd Masters in Information Systems and Operations Systems both from University of Southern California.

Jerry L. Archer, CISSP

Jerry Archer is senior vice president and chief security officer for Sallie Mae. Mr. Archer's responsibilities include securing and protecting consumer privacy and for information security initiatives across the enterprise. Prior to this position, Mr. Archer was the chief information security officer for Intuit's global operations.

Prior to Intuit, Archer was managing director at Global Competitive Strategies, LLC, where he provided insight and validation in the areas of policy, technology, products and strategy to a broad array of firms and government. Previously, Mr. Archer was senior vice president for Global Interoperability at Visa International, where his team codified the policies, standards and best practices for Visa systems and networks globally. Before Visa, at the Fidelity Brokerage Company, he was senior vice president of information security and technical risk providing leadership for the brokerage company's operational and strategic security and risk programs.

Earlier his work in the U.S. Intelligence Community earned Mr. Archer the National Performance Review Hammer Award, a Distinguished Service Award from the Central Intelligence Agency and a Meritorious Unit Citation from the National Security Agency. Mr. Archer is a member of many professional and industry groups such as the ACM, IEEE, ISAC, ISC2, and ISSAC.

Chirag Arora

Chirag Arora is an alien of extraordinary ability in the field of IT, specifically Cyber Security.  He is among a small percentage of individuals who have risen to the very top of the field of endeavor.  Mr. Arora currently holds the most critical and highest-ranked role as a Chief Information Security Officer (CISO) at Crum and Forster. Over his career, Mr. Arora has acquired a thorough understanding of all aspects of Cyber Security, using technology to create a secure Cyber environment.  Along with the role of CISO, Mr. Arora has previously held several leadership positions, helping the companies maintain a strong security posture by implementing various security tools. Mr. Arora has a stellar industry reputation and is recognized by his peers on many occasions who try to learn and understand from him on how to implement and execute strong Cyber Security Programs. By speaking in several high-impact summits including industry-leading Chief Information Officers (CIOs), CISOs from the world’s top companies, Mr. Arora is making a difference in Cyber Security in most industries. Not only does Mr. Arora educate his peers through meetings, seminars and conferences, Mr. Arora developed a one-of-a-kind Computer Security Fundamentals course for the Gifted Education Program at Johns Hopkins University. The course was visionary in the way it addressed an unmet need: it was developed in 2011, when security just begun to be recognized as the world’s biggest challenge. The Gifted Education Program at the Johns Hopkins University has alumni such as the founders of Facebook and Google, Intel Science Talent Search winners, Rhodes Scholars, and MacArthur Fellows.

Mr. Arora has not only excelled at his paid work: he has extended himself to deliver several high-impact non-profit Cyber Security initiatives. He contributed to the World Wide Cyber Security Community by creating the Control Self-Assessment Tool and donating it to the Center for Internet Security, one of the world’s most impactful non-profit Cyber Security Organizations, with the intention of taking all industry, profit and non-profit verticals to the most secure and mature state.

Eric Ashdown

Eric Ashdown is Asia Chief Security Advisor at Microsoft and is headquartered in Singapore. Mr. Ashdown is a risk management, strategy, security and privacy senior leader with a track record of success in demanding large corporate and entrepreneurial environments. Previously, he was Senior Director and Partner, Global Security Strategy & Risk Management at Accenture and Senior Director of Business Online Services, Risk Management at Microsoft Corporation.

According to Mr. Ashdown, he has taken an entrepreneur's attitude toward new businesses, new projects, business turnarounds, consulting and positions held. This has honed an ability to look holistically at problems and challenges, across cultures, while operating in an increasingly borderless world. The range of geographies where Mr. Ashdown has used these skills includes China, Hong Kong, Taiwan, Hungary, the US, UK, Canada, Malaysia, Jordan, Singapore, Germany, Macau and Brunei.

Tom Bain

Tom Bain, Vice President, Sales and Marketing, CounterTack
Bain leads the strategic go-to-market, analyst and research efforts at CounterTack with over 13+ years of experience with leading IT Security organizations. He also serves as a key security evangelist for CounterTack.

Bain’s responsibilities include management of Global Marketing, North American Inside Sales, and Analyst, Public and Investor Relations. His strategic experience in cyber spans endpoint, database, network and application security, security services and security training. Prior to CounterTack, he spent time with Security Innovation, Q1 Labs (an IBM Company) and Application Security, Inc. (a Trustwave company), and has worked with leading security brands including AffirmTrust, Wave Systems, Sophos, CA and Red Hat.

Bain is a frequent presenter at conferences including Hacker Halted, Global CISO Summit, SecureWorld Expos, OWASP, Strata + Hadoop World, GoSec, The Rocky Mountain Information Security Conference, Terrapin Cyber Security Conference, America’s Growth Capital, The Montgomery Summit, Camp IT and Boston Security Conference. He has been published in Channelnomics, VentureFizz, Security Week, Health Data Management and Digital Forensics.

He earned an MS degree in International Relations and Public Affairs from UMASS and holds a BA in Communications from Rhode Island College. Bain sits on the advisory board for multiple emerging technology organizations.

Ken Battista, CIPP

Ken Battista is an information technology professional whose career has spanned more than 35 years. Ken has worked in the telecom industry for the past 25 years with Alltel Wireless and Verizon Wireless. He had responsibility for privacy office operational management which included: privacy incident management, business partners’ privacy risk and security assessments and analysis, including corrective action mitigation in order to protect sensitive and personal information. He also had responsibility for developing and implementing privacy and information security policies and standards in large enterprise organizations. In addition, he has been a privacy advocate and provided privacy and information security best practices awareness corporate-wide. During his career he also has had responsibility for software development, systems support, disaster recovery and business continuity, client relationship management, as well as privacy office management.

Ken is a member of the International Association of Privacy Professionals and has earned the  Certified Information Privacy Professional (CIPP/US) certificate. He retired from Verizon Wireless in 2013.

Ken is a graduate of King's College, Pennsylvania.

David Bender

David Bender is Special Counsel, Data Privacy, at GTC Law Group, and is an adjunct professor at the University of Houston Law Center, and at Pace University Law School.  He is also the author of Bender on Privacy and of Computer Law, both published by LexisNexis.  Dave was a co-founder of the Privacy practice at White & Case LLP and formerly headed that practice; he also founded White & Case’s Intellectual Property practice.  He specializes in implementing cross-border transfers of personal data, handling data security breach notification matters, advising clients on diverse privacy issues under various federal and state laws, and developing privacy compliance plans for multinational corporations.  For several years, he headed the IP Litigation Department at AT&T, where he was responsible for all IP litigation brought by or against any Bell System company.  He is a frequent speaker at conferences, and has delivered over 300 presentations on Privacy and IP issues across the United States and in 19 other countries.  He is a past president of the International Technology Law Association.  Dave is admitted to practice law in New York, and to practice before the US Patent and Trademark Office.

Before turning to the law, Dave served as an engineer with the aerospace division of the Ford Motor Company, and as a mathematician with Hughes Aircraft.  He has an Sc.B. in Applied Mathematics from Brown University, an LL.B. from the University of Pennsylvania Law School, an LL.M. in Patent Law from George Washington University Law School, and an S.J.D. from George Washington.  

Shaun Bertrand

Shaun Bertrand has over 20 years of experience in the information security field with a core focus of providing penetration testing and vulnerability assessment services to enterprise organizations. He has been CISSP certified since 2004 and is proficient in several technical services including AV obfuscation, social engineering, exploit development, critical systems protection, endpoint security, event management, incident response, intrusion detection, ICS/SCADA, and malware prevention. 

Mr. Bertrand currently leads the red team at CBI Secure, managing a team of skilled penetration testers focused on enterprise level engagements across all industry verticals. Mr. Bertrand is responsible for developing custom attack frameworks that better evaluate the effectiveness of various controls and countermeasures. 

Mr. Bertrand has experience teaching cyber security classes at various universities, including the University of Michigan and Eastern Michigan University. Mr. Bertrand has also maintained a seat on graduate advisory boards and councils for similar universities. He is a frequent speaker at security conferences and local hacking groups. Mr. Bertrand is a member of the Hacker Hall of Fame for Constant Contact, Evernote, and Symantec. He is a member of the Michigan Cyber Civilian Corp (MiC3) in addition to being the founder and president of the Grand Traverse Michigan ISSA chapter.

Simon Blackwell

Mr. Blackwell has worked across a broad spectrum of industries including eCommerce, digital and analog gaming, telecommunication, aerospace/defense, financial services, and pharmaceuticals, a few of which include Hasbro/Wizards of the Coast, DNA Response, Bell Core, NASA, Dept of Defense, Goldman Sachs, Liberty Mutual, Washington Mutual, Johnson & Johnson. He has served as Consultant, a Senior Vice President in a 65,000 employee bank as well as a Company Founder, a CTO, and a Chief Architect.

He has technical expertise in expert systems, cloud computing, data privacy/security and eCommerce for which has developed products, filed patents, spoken at conferences, served on advisory boards and participated in industry standards bodies. His data privacy/security background includes the development of anti-virus software, key based authentication mechanisms, eXensible Access Control Markup Language, and globally distributed customer data management systems as well as dealing with the regulatory processes in the industries he has served.

Simon Blackwell is currently a consultant focused on leading edge technologies for eCommerce and digital gaming.

William M. Blake

Bill Blake is the Senior Vice President of Fasoo, Inc. with headquarters in Bethesda, Maryland.  Bill has over 30 years experience in business process re-engineering, IT Management and data security.  Following a successful career with IBM, Bill founded and managed a systems integration firm focused on IT infrastructure design and support, document management, Microsoft and Novell training and network security.  IKON Office Solutions acquired his company in 1997 as a part of its efforts to meet growing demand for comprehensive document lifecycle applications.
In 2008 Bill founded eDocument Sciences, LLC a consulting firm focused on data security, cloud computing and IT management. 

In May 2013 Bill joined the management staff of Fasoo as Senior Vice President of Fasoo, Inc.  Fasoo is expanding the broad range of client installations throughout North America by providing technical and sales support to our customers and partner network.

Bill holds a Bachelor of Science degree in Business Management from Canisius College and currently resides in Amherst, New York.

Naheed Bleecker
Naheed Bleecker is the Privacy Program Manager for Pivotal Software, where she is responsible for the Privacy Office. Previously, she was a privacy consultant, with a focus on compliance with the GDPR and other regulations. She has assisted small startups to Fortune 500 corporations with their privacy programs. Naheed has been Vice President of Information Technology at Cielo where she oversaw the Global Infrastructure team, and acted as the CISO. Prior to that she was a Senior IT Security Manager at CUNA Mutual Group, where she was responsible for the security awareness program, impacting over 4000 employees at multiple locations.  Ms. Bleecker realizes the importance of securing the most critical endpoint in the organization:  the human.

Ms. Bleecker graduated from the University of Kentucky with a BA in English.  She has over 25 years of experience in privacy and information technology, and has worked in a variety of industries.  Her certifications include CIPM, CISA, CISM, PMP, Six Sigma Black Belt and ISO 27001 Lead Implementer. Her volunteer work includes presentations regarding internet safety for young people.


Stu Bradley

As the Vice President of Cybersecurity Solutions, Stu Bradley is responsible for driving overall go-to-market strategy, solution direction, and delivery of SAS’ cybersecurity capabilities.  He leads a global business unit covering sales, pre-sales, product management, product marketing, and delivery for the cybersecurity portfolio.  His team of industry domain experts engages with clients, prospects, and partners to advise on strategy, set customer specific roadmaps, and ensure operational success.  Prior to his role in cybersecurity, Stu lead SAS’ fraud & compliance initiatives globally for 7 years, growing the portfolio from infancy to an industry leader.

Stu has 20 years of experience delivering solutions across industries to address client’s most difficult financial crime and security problems.  He has been an industry thought leader, bringing innovative fraud, compliance, and security solutions to market for SAS, including Security Analytics, Fraud Network Analytics, Customer Due Diligence, and industry specific fraud solutions in Banking, Insurance, Government, and Health Care.  As part of SAS’ fraud and compliance initiative, he also incubated an advisory services offering focused on operationalizing SAS solutions and managing change programs.

Prior to SAS, Stu was an Executive Manager for a global consultancy in the risk and regulatory space where he led implementations of cutting edge fraud solutions and enterprise AML regulatory compliance initiatives.

Bruce Brody

Bruce A. Brody is a highly experienced, executive-level Chief Information Security Officer and
subject matter expert on information security. He has served as the Chief Information Security Officer (CISO) at the U.S. Department of Veterans Affairs, where he was the first Cabinet-level CISO in the Federal Government. He has also served as the CISO at the U.S. Department of Energy, DRS
Technologies and Cubic Corporation; a member of the Federal Senior Executive Service; a
distinguished manager in the national security community; and a decorated officer in the U.S. Air
Force. He is currently a Director Guidehouse’s Cybersecurity Practice, formerly known as PricewaterhouseCoopers LLP.

Mr. Brody has over 25 years of demonstrated expertise and success in all aspects of implementing, operating, managing and continuously improving security in complex enterprises. His proactive risk management accomplishments include implementing continuous risk management and mitigation approaches and metrics, enterprise security architectures, vulnerability reduction programs, security operations centers, identity management systems, cloud security, forensics, threat intelligence, infrastructure resilience capabilities and workforce professionalization programs. He is a frequent speaker on cyber security and risk management at professional conferences, and he has published numerous articles relating to managing information security programs. Mr. Brody holds a master’s degree with an emphasis on information security from Eastern Michigan
University. He is also a Certified Information Systems Security Professional (CISSP), and a Certified Authorization Professional (CAP), both of which are granted by (ISC)2; and a Certified Information Security Manager (CISM), which is granted by the Information Systems Audit and Control Association (ISACA). He serves on the Advisory Board of the Certified FISMA Compliance Professional (CFCP), a credential that he also holds. Mr. Brody also earned a Level III Advanced Program Management certification from the Defense Systems Management College.

His career also includes 10 years at the Defense Intelligence Agency, where he distinguished himself as the Chief of the Counterterrorism Section, and an additional seven years with the Defense Information Systems Agency, where he directed the global Defense-wide Multilevel Security Program. An Air Force veteran, Mr. Brody received the Air Force Commendation Medal and the Defense Meritorious Service Medal during his service.

Benjamin D. Brooks

Benjamin D. Brooks is the Vice President of Beryllium Information Security Collaborative and Director of Curriculum Development at Cyber Warrior Foundation. A 20-year information security veteran, Benjamin cut his teeth on information security and cyber security for the Department of Defense. Working primarily with the National Institute of Standards and Technology frameworks as guidance, his work focuses on behavioral and administrative controls for organizations to prevent information security breaches and optimize security practice within the organization. He is also a Cybersecurity architect and Red Team member specializing in social engineering, and physical penetration testing.

Benjamin is an 18-year Chief Cryptologic Technician (Technical) veteran of Naval Special Warfare, Special Intelligence and Electronic Warfare teams and a drilling Navy Reservist. During his time in the service, Benjamin quickly distinguished himself in as an expert in electronic signals exploitation and was assigned to special units for duty with the Navy SEALs and other government organizations. He currently serves as the Navy Information Operations Command TX – Minneapolis Branch Training Officer.

Some of Benjamin’s previous client engagements include Proctor and Gamble, AXA insurance, State of New Jersey Judiciary, Massachusetts Department of Transportation, Pennsylvania Department of Transportation, and The Ohio State University, amongst others where he has performed PCI, HITRUST, and NIST Information Security Engagements. Benjamin recently finished his Executive Master of Business Administration degree at Case-Western Reserve Weatherhead School of Management, where he serves as adjunct professor for executive education in Cybersecurity and Information security. He also provides subject matter and exam writing expertise for (ISC)2.

Christopher Budd

Christopher Budd is a communications manager with Trend Micro. His focus is on communications around online security and privacy threats to help people understand in plain English the risks they face and what they can do about them. In addition, he focuses on managing crisis communications utilizing a framework and processes he helped put in place.

Prior to Trend Micro, Christopher worked as an independent consultant focused on helping clients build crisis communications frameworks for online security and privacy incidents.  Christopher draws on his experience as a ten-year veteran of the Microsoft Corporation, where he oversaw and managed worldwide internal and external communications around security and privacy incidents affecting Microsoft customers. During his tenure at Microsoft, he pioneered new strategies and tactics embracing new media technologies that dramatically improved the handling of communications around incidents and helped, as he likes to say, “make awful news just bad”.

Christopher is a seasoned spokesperson and speaker and presenter. He has been an expert on television and radio numerous times. At Microsoft he led a live monthly security webcast for over six years. He has also given numerous presentations on communications and technology at a variety of technology and non-technology conferences.

Christopher is a widely published author on technology and other topics. He currently contributes a monthly column on Social Media and Online Security to the Windmilll Networking blog as well as regular contributions to Geekwire and Betanews. He is a regular presence on Trend Micro’s blogs for security experts and consumers. He has been a monthly columnist for TechTarget on Microsoft security issues. He is also co-author of two books. Outside of technology topics, he has  authored numerous articles on topics ranging from history to philosophy and gaming and is a contributing author to a book on the history of philosophy.
He earned a Bachelor of Arts in Comparative Religion from Oberlin College and a Master of Arts in Philosophy with honors from St. John’s College.

His interests include music, history, psychology, mythology, and comparative religion. You can read his personal blogs at, Andante, and Taklamakan. He lives outside of Seattle with his family, including four cats and a dog.

Dan Burks

Dan Burks is an operations risk management executive with over 30 years of experience developing and sustaining risk oversight for major financial institutions in privacy, data protection, information security, incident response management, enterprise assessments and third party risk management.  Dan has successfully led teams to design and integrate oversight of process and risk indicators into an enterprise governance, risk and compliance framework leveraging privacy by design principles, a three layered risk governance and security risk model and automated risk governance tools. 

Dan most recently served as Senior Vice President and Enterprise Privacy Officer with U.S. Bank where he championed customer focused solutions across the company in compliance with multi-country regulatory requirements and industry control frameworks requiring a pragmatic and collaborative approach with business partners and industry regulators.

Ann Cavoukian, Ph.D.

Dr. Ann Cavoukian is recognized as one of the leading privacy experts in the world. Noted for her seminal work on Privacy Enhancing Technologies (PETs) in 1995, her concept of Privacy by Design seeks to proactively embed privacy into the design specifications of information technology and accountable business practices, thereby achieving the strongest protection possible. In October, 2010, regulators from around the world gathered at the annual assembly of International Data Protection and Privacy Commissioners in Jerusalem, Israel, and unanimously passed a landmark Resolution recognizing Privacy by Design as an essential component of fundamental privacy protection. This was followed by the U.S. Federal Trade Commission’s inclusion of Privacy by Design as one of its three recommended practices for protecting online privacy – a major validation of its significance.

An avowed believer in the role that technology can play in the protection of privacy, Dr. Cavoukian’s leadership has seen her office develop a number of tools and procedures to ensure that privacy is strongly protected, not only in Canada, but around the world. She has been involved in numerous international committees focused on privacy, security, technology and business, and endeavours to focus on strengthening consumer confidence and trust in emerging technology applications.

Dr. Cavoukian serves as the Chair of the Identity, Privacy and Security Institute at the University of Toronto, Canada. She is also a member of several Boards including, the European Biometrics Forum, Future of Privacy Forum, RIM Council, and has been conferred as a Distinguished Fellow of the Ponemon Institute. Dr. Cavoukian was honoured with the prestigious Kristian Beckman Award in 2011 for her pioneering work on Privacy by Design and privacy protection in modern international environments. In the same year, Dr. Cavoukian was also named by Intelligent Utility Magazine as one of the Top 11 Movers and Shakers for the Global Smart Grid industry, received the SC Canada Privacy Professional of the Year Award, was honoured by the University of Alberta Information Access and Protection of Privacy Program for her positive contribution to the field of privacy, and was ranked by Women of Influence Inc. as one of the top 25 Women of Influence recognizing her contribution to the Canadian and global economy.  This award follows her recognition in 2007 from the Women’s Executive Network as one of the Top 100 Most Powerful Women in Canada.

Jeffrey Carr

Jeffrey Carr is the principal consultant for the 20K League, and has been an internationally known author and consultant on cybersecurity and cyber warfare since 2008. He was the founder and principal investigator of Project Grey Goose (an investigation into the Russian government’s role in cyber attacks against the Georgian government during the 2008 war), the author of Inside Cyber Warfare (2009 and 2011 editions), and the founder of the Suits and Spooks security collision (a two day event held in Washington D.C., London, New York, and other cities since 2011). 

During his career as a cybersecurity consultant, Jeff has acted as a trusted third-party advisor for the in-house security teams at multinational corporations in the defense, telecommunications, and media sectors and has provided post-breach remediation advice and vulnerability assessments for many Fortune 1000 companies. 

He has worked as a contract subject matter expert for the Central Intelligence Agency’s Open Source Center; provided day-long workshops at the U.S. Army War College, Chief of Naval Operations Strategic Study Group, Defense Intelligence Agency; and participated as one of the experts interviewed by Dr. David Bray and his team for the National Commission for the Review of the Research and Development Programs of the U.S. Intelligence Community. 

Uma Chandrashekhar

Ms. Uma Chandrashekhar leads the Global Information Security program  at Edwards Lifesciences. Previously she was a senior executive in Information Security, Reliability, and Privacy leading the design and implementation of global information programs resulting in increased customer satisfaction, increased revenue, and cost savings.  As Vice President, Chief Technical Office, Security, Reliability, Eco-Environmental Group at ALCATEL-LUCENT, BELL LABS, she established the corporate strategic vision for security, reliability, privacy, and designed the roadmap for successful implementation across all business units worldwide.  

Uma has represented the U.S. delegation in the ISO 27000 Information Security Standards Series and served as co-editor for the ISO/IEC 27003, ITU standards. She holds several patents in information security, privacy, and reliability. Her credentials include guest editor for Bell Labs Technical Journal special issue on security; invited council member of the U.S. Federal Communications Commission’s Security, Reliability, and Interoperability Council (CSRIC); distinguished fellow of the Ponemon Institute; and board member of Journal of Law and Forensics. Uma is CISSP, CISA, CISM, CRISC, and PMP certified.

Alan Chapell, CIPP

Alan Chapell is the founder of Chapell & Associates, a premier research and consulting firm focusing on consumer privacy.

He established the privacy program at Jupiter Research, which targets the consumer Internet economy. Chapell created and implemented DoubleClick's research product suite, which produced advertising effectiveness products that measure the brand impact of online advertising. He also worked with e-mail marketing firms, including Yesmail (now a division of Experian), where he assisted clients with privacy issues.

He is a regular contributor to the iMedia Connection, the DMNews, and the International Association of Privacy Professionals' Privacy Officer Advisor.

Harry C. Chapman, CMC

Harry Chapman is a founder and principal of the San Francisco-based Bay Area Consulting Group LLC. His work with a division of Wells Fargo Bank in developing and implementing a balanced scorecard is now taught at the Harvard Business School. Chapman has helped large organizations develop balanced scorecards in the United States, Canada, and South Africa. He leads a two-day seminar on the Balanced Scorecard every six months in Rome.

Chapman has developed a balanced scorecard framework tailored to privacy. He is an expert in developing practical and effective performance measurement programs directed toward improving organizational performance.

He is a founder of the Bay Area Consultants Network, a non-profit organization dedicated to enabling consultants to become more effective.

Raj Chaudhary

Raj retired as a Crowe Partner after 28 years of serving clients across multiple industries. Prior to retirement he played a dual role for Crowe. He was the global leader of cybersecurity solutions for the Crowe Consulting Business Unit and served as an SVP of Technology Risk at Crowe Healthcare Risk Consulting – a subsidiary of Crowe. He has published thought leadership on the topic of cybersecurity and has presented to boards of directors and senior management of entities across Crowe’s client base.

During his consulting career of 40 years he has authored numerous publications on digital risk/cybersecurity, and is frequently sought after for conference workshops and as a facilitator of webinars for global audiences. He focused on adaptive governance and regulatory compliance, constantly educating his clients on emphasizing the importance of laying the foundation for effective management of risks. He helped numerous clients with scrutinizing their business to uncover disruptive digital risks and related cybersecurity risks; helping draft and deploy strategies and processes to manage security of critical information assets. He has assisted clients with creation of unique processes and practices to build the regulatory compliance infrastructure and streamline management/board activities. His style is very participative and he provides rational thoughts behind the decision process to facilitate decision-making while igniting motivation and team spirit and setting a ferocious pace to complete demanding mandates. Analytical and patient, Raj unravels and resolves complexity, hindrances, and skepticism steering the business through challenges to achieve excellence in all environments.  As a shrewd business strategist and tactician, Raj builds and presents fact-based and compelling business cases with precision through due diligence. Assertive, sincere and clear communicator, Raj has always acted with integrity and trust while serving as an eloquent and confident corporate ambassador interacting effectively with all internal and external stakeholders.

Prior to Crowe Raj worked for IBM in sales and implementation of computer-aided-design and manufacturing systems. He has a Bachelor’s and Master’s in Civil Engineering and practiced engineering for 7 years before reinventing himself to join IBM. On the personal front he volunteers for multiple health-related not-for-profit organizations.

Keith Cheresko

Keith A. Cheresko is a Principal of Privacy Associates International LLC.  Privacy Associates International is a Michigan-based privacy consultancy delivering experienced-based, practical guidance in assisting its clients address all aspects of privacy.   Mr. Cheresko spent the majority of his career at Ford Motor Company as a member of the Office of the General Counsel.  During his 26 year tenure at Ford, he held an assortment of legal assignments supporting Ford’s diverse business activities, including time with Ford Motor Credit Company, Ford’s finance subsidiary, where he played a role in the development of financial privacy policies and practices designed to meet the federal Gramm Leach Bliley Act’s financial privacy requirements.  He also served as counsel to the Corporate Privacy Office and advised or chaired working groups addressing an assortment of privacy matters, from marketing-related activities to development of corporate-wide policies.  In his last assignment before deciding to leave Ford, Mr. Cheresko was the primary privacy counsel and de facto privacy leader.  

After leaving Ford and prior to joining Privacy Associates International LLC, Mr. Cheresko served briefly as general counsel to the Ponemon Institute, and continues serving as a long time member of the Ponemon Institute's Responsible Information Management Council’s Advisory Board.   He is a member of the International Association of Privacy Professionals and a Certified Information Privacy Professional (CIPP/US/IT).  Mr. Cheresko received a BA from the University of Michigan-Dearborn, a J.D. from Wayne State University, and is a member of the State Bar of Michigan and the American Bar Association.

James Christiansen

James Christiansen is vice president and global chief information security officer (CISO) for Teradata. Responsible for developing and leading Teradata’s Global Cyber Security discipline, James focuses on delivering a comprehensive suite of services and solutions to advance and innovate Teradata’s security program.

James brings extensive expertise as a global leader in information security. Prior to joining Teradata, he was vice president of information risk management at Optiv, where he advised executives (CXOs) on their security strategies. Previously, James was chief information risk officer for Evantix, and CISO at Experian Americas, General Motors, and Visa International.

As a sought-after expert speaker on security, James has been featured at numerous prestigious events, including the Business Round Table, Research Board, American Bar Association, American Banker, the RSA Conference, BankInfoSecurity, ISSA, ISACA, HIMSS and MIS Training Institute. He has also been featured in The New York Times and quoted in USA Today, The Wall Street Journal, Reuters, United States Cyber Security Magazine, Bloomberg and Healthcare.IT.

James is a patent inventor having received three innovation awards in cyber security, GRC and cloud computing. He is the author of the Internet Survival Series and contributing author of CISO Essentials, as well as numerous industry papers.

He earned his master’s degree in business administration with a focus on international management and his bachelor’s degree in business management from Westminster College.

Jason Clark

Jason Clark is fueled by a great passion – the desire to create a united and supportive CISO community. In his position as chief security and strategy officer for Accuvant, Clark has the opportunity to bring the CISO community together to discuss concerns, share ideas, innovate and help each other overcome challenges. It allows him to help organizations go beyond technology to resolve their struggles, and to work with business executives to deliver solutions that create real value for organizations.

Clark brings to his role at Accuvant more than 20 years of experience building and executing successful strategic security programs. He is responsible for developing and delivering a comprehensive suite of strategic services and solutions that help CXO executives change their security strategies through innovation to ensure success while aligning to business goals; and creating the Office of the CISO to bring value to the security executive community.

Prior to joining Accuvant, Clark was the chief security and strategy officer for Websense, where he was a driving force behind the company’s transformation into a strategic player and provider of critical technology for chief security officers (CSOs). In his previous role as chief information security officer (CISO) and vice president of infrastructure for Emerson Electric, Clark significantly decreased the company’s risk by developing and executing on a successful security program for 140,000 employees across 1,500 locations. He has served as CISO for The New York Times, senior manager of security and infrastructure architecture for EverBank, and has held technical leadership positions of increasing responsibility for BB&T and the U.S. Army.

Clark, a well-known thought leader and highly requested speaker, hosts 20 CISO roundtables per year and has been ranked as a top 10 Global Security Leader by ExecRank. He has been quoted in and published by multiple media outlets and has presented at or keynoted more than 40 conferences worldwide, including RSA, Gartner Security Summit, CSO Perspectives, CSO Security Standard, Evanta CISO Summit and ISSA events. Clark earned his master’s degree from Olin Business School at Washington University and his bachelor’s degree in business management from the University of Florida.

Mark Coderre

Mark Coderre is an Information Security Executive with over 25 years of experience protecting information in Healthcare and Insurance. He is currently a National Practice Lead for OpenSky Corporation, a professional services firm focused on Information Technology and Risk Management services. Mark’s expertise is on CISO Office functions, Advanced Authentication, IT Risk Management and GRC (Governance, Risk and Compliance). Previously, Mark was employed by Aetna in Hartford, Connecticut where he moved from a network analyst to an Engineering Manager to “Director of Security Architecture” and finally “Executive Director of Security Strategy and Risk Management”. Mark has experience building teams and relationships with IT and functions running the gamut of business analysis, architecture, planning, reporting, program management, portfolio management, project and technology assessments, research & development, infrastructure, development and business continuity. Notable in his career are single sign-on, consumer-minded identity and access management and the organization’s governance, risk and compliance program

Mark’s approach to information security is seasoned through a balance of engineering and architecture experience. Mark interfaces with officers representing compliance, risk, privacy and physical security. Mark has recently directed the fusion of best practices from the financial sector into a healthcare oriented security program.

Mark’s greatest strengths are his creativity, drive and leadership. He thrives on challenges, particularly those that directly align with organizational strategy. Mark is sought after as a mentor and invests time in identifying and growing talent.

Mark’s leadership supports the company brand. Aetna was named a winner of the inaugural CSO40 Awards in 2013 for its international governance, risk and compliance program, Aetna was also named the top leader in Operational Risk Management during the 2014 EMC/RSA Archer summit. In 2008 Aetna earned an Identity Deployment of the Year award from the Liberty Alliance and was featured in Healthcare IT News.  Mark was a finalist for Information Security Executive of the year in 2009 sponsored by Technology Executive Networks. Mark subsequently served as a judge for event in both 2010 and 2012.

Mark is a Fellow at the Ponemon Institute and a member of the Institute’s Responsible Information Management (RIM) Council. Mark has served on customer advisory boards for innovative security vendors like Stonesoft and Netegrity and large organizations such as CA and IBM/Tivoli. Mark was asked to participate in several consumer identity and authentication workgroups and was voted to represent regulated industries for the Identity Ecosystem Steering Group created through Presidential Directive in 2011. He has been asked to speak on panels during industry conferences as well as at the White House. Mark has volunteered his time for local schools in the communities surrounding Aetna.

Mark holds a bachelor’s degree in Computer Science from Central Connecticut State University and is certified in both security management (CISM) and risk management (CRISC). He lives in Connecticut where he is raising three daughters. In his free time, Mark likes to boat on Long Island Sound, work on his classic sports car and perform in a local music group. 

Brian Contos, CISSP

Brian Contos is a published author and proven business leader. Over the last two decades Brian helped build some of the most successful and disruptive security companies in the world. He is a published author, proven business leader and blogger. Brian has worked as a security expert with Global 2000 companies and government organizations in over 50 countries across six continents. He is frequently interviewed by NPR, Fox, CNBC, CBS News, Bloomberg, Forbes, NY Times, USA Today and the London Times.

After getting his start in security with the Defense Information Systems Agency (DISA) and later Bell Labs, Brian began the process of building security startups and taking multiple companies through successful IPOs and acquisitions including:  Riptech, ArcSight, Imperva, McAfee and Solera Networks. He is currently the Chief Security Strategist with Securonix.

Don Lloyd Cook, Ph.D.

Dr. Don Lloyd Cook is currently AVP for Data Privacy at Scottrade,  where he is focused on building an enterprise-wide privacy program.  He has previously served as Counsel in the Privacy and Technology practice at the law firm of Gill Ragon Owen,  and as a Director of Privacy at Lunarline, Inc. and at Walmart Stores, Inc.   Additionally, he served as the Chief Privacy Officer and General Counsel of Feeva Technology, Inc., an online advertising firm and as a Senior Consultant for Acxiom Corporation, specializing in global privacy and regulatory issues. He is a member of the International Association of Privacy Professionals, the Arkansas Bar Association and the American Bar Association. 

Dr. Cook regularly speaks on privacy issues and has authored academic publications relating to marketing, privacy and intellectual property.  Dr. Cook has practiced general and appellate law in Arkansas, where he received his JD and MBA degrees from the University of Arkansas. He is licensed in state courts in Arkansas, federal district courts in Arkansas and the Northern District of Oklahoma, the Eighth Circuit Court of Appeals and the US Supreme Court, where he successfully opposed a Petition for Writ of Certiorari by the State of Arkansas.

Professional certifications include the CIPP (Certified Information Privacy Professional), CIPP/C (CIPP Canada) CHP (Certified HIPAA Professional) and CHSS (Certified HIPAA Security Specialist.   He received his Ph.D. in Marketing from Virginia Tech where his dissertation focused on privacy regulation.  While at Virginia Tech he was selected as the first Virginia Tech Congressional Fellow and was a Legislative Assistant in the office of Congressman Rick Boucher, a co-founder of the Internet Caucus.  He has taught Consumer Behavior, Internet Law and eCommerce courses at universities in Virginia, Louisiana, Georgia and New Mexico.

Nick Copping, Ph.D.

Nick Copping is a technologist who began his career as a physicist at Cal Tech, later becoming a senior research director at JPL. Copping is a former director of corporate engineering for Hewlett-Packard and served as CEO of Atherton Technology and CRI. Copping started ZOOM Marketing with Ellie Victor in 1996. In 2004 he took a sabbatical from ZOOM to become a partner at Microsoft, where he developed the Microsoft Global SI strategy.

In his spare time, Copping builds and plays acoustic guitars, turns wild bowls in his woodshop, and sees just how long he can stay at the bottom chasing turtles in funny-looking scuba gear.

Patrick Corcoran

Mr. Corcoran joined IBM in the United States in 1977. Early in his career he held numerous operational and management positions associated with large scale application maintenance and development projects for IBM in North America. In 1987, he became a member of IBM’s market intelligence organization and led numerous efforts to create many new services, one being Business Continuity & Resiliency Services. Over the past 25 years, Mr. Corcoran has been on the senior leadership team for IBM Business Continuity and Resiliency Services as the Director of business strategy, marketing and business development. During this time, Mr. Corcoran also led IBM’s support efforts for numerous regional crisis events (i.e. aftermath of the terrorist attack on September 11, 2001, Hurricane Katrina, Haiti Earthquake, Japan Earthquake, Hurricane Sandy, etc.).

In his current position, Mr. Corcoran is the executive responsible for leading IBM teams in the development of integrated business continuity solutions for clients who require solutions across multiple countries.

He has been quoted in numerous publications, such as ComputerWorld, New York Times, Washington Post, Internet World, Contingency Planning & Management, Disaster Recovery Journal, among others. He has previously spoken on the topic of risk, crisis management, business continuity and disaster recovery at conferences such as IBM Summit, Disaster Recovery Journal Conference, Contingency, Planning & Management, Continuity Insights, SHARE, COMMON and many other events. Pat was on the advisory boards for Continuity Planning & Management and Continuity Insights. He currently is a Special Advisor to the Disaster Recovery Journal Editorial Advisory Board and on the Advisory Board of Continuity Insights.

Mr. Corcoran has over thirty-seven years of professional IT, services and management experience in diverse technology projects and international market segments. He holds a Bachelor’s degree in Mathematics from the State University of New York at Potsdam, and has participated in several leadership, consulting methodology and project management courses. He has also completed a variety of courses in the area of management development, including effective communications, managing change, and personal development. Mr. Corcoran currently resides in Warwick, New York with his family.

On a personal note, Mr. Corcoran is actively involved in many community activities, having been the president of Warwick Little League, president of Warwick School Parent Teachers Associations (PTA), member of the Warwick School Growth Planning Board, board member of Orange Country United Way … and is currently on the boards of Otto Mills Hunting & Fishing Club (President) and the Brian Ahearn Children’s Fund. His hobbies include cycling (road and mountain), music (drummer), hunting and golfing.

Joshua Corman

Joshua Corman is the Chief Technology Officer for Sonatype. Previously, Corman served as a security researcher and strategist at Akamai Technologies, The 451 Group, and IBM Internet Security Systems. A respected innovator, he co-founded Rugged Software and IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. Josh's unique approach to security in the context of human factors, adversary motivations and social impact has helped position him as one of the most trusted names in security. He is also an adjunct faculty for Carnegie Mellon’s Heinze College, IANS Research, and a Fellow at the Ponemon Institute.

Josh received his bachelor's degree in philosophy, graduating summa cum laude, from the University of New Hampshire.

Malcolm Crompton

Malcolm Crompton is Managing Director of Information Integrity Solutions Pty Ltd (IIS), a global consultancy specialising in data protection and privacy strategies. IIS assists companies increase business value and customer trust and ensures government meets the high standards expected in the handling of personal information.

Malcolm is a Director of the International Association of Privacy Professionals Australia New Zealand (iappANZ), an affiliate of the International Association of Privacy Professionals (IAPP). He was founding President of iappANZ in 2008, a Director of IAPP from 2007 to 2011 and is an IAPP Certified Information Privacy Professional. Malcolm's global reputation and expertise in privacy was recognised when IAPP honoured Malcolm with the 2012 Privacy Leadership Award.

As Australia's Privacy Commissioner from 1999 to 2004, Malcolm led the implementation of private sector privacy law. He hosted the 25th International Conference of Data Protection and Privacy Commissioners in Sydney in 2003. Malcolm's global reputation is built on his forward thinking on the handling and governance of personal information and he has consequently been invited to speak at many events in the Americas, Europe and Asia Pacific.

Through IIS, Malcolm has advised the Asia-Pacific Economic Cooperation forum (APEC) regularly on implementation of the APEC privacy framework, including leading seminars held in Hong Kong, Korea and Australia. He has also consulted to the Organisation for Economic Cooperation and Development (OECD) and a wide range of industry sectors, including, technology and telecommunications, health, banking, finance, credit reporting and insurance, education, professional services, transport and parcel services, mining and manufacturing, travel and retail and government.

He is a member of the Microsoft Trustworthy Computing Academic Advisory Board and a number of Reference Groups for research projects on trust in the Internet funded through the European Commission. Malcolm is also a Director of Bellberry Limited, a private not-for-profit company which provides privacy and health ethics advisory services and is a Fellow of the Australian Institute of Company Directors.

Between 1996 and 1999, Malcolm was Manager of Government Affairs for AMP Ltd. In the previous 20 years, Malcolm held senior executive positions in the Federal Department of Finance, served as both a superannuation scheme trustee and scheme founder and worked in the Transport and Health portfolios. Malcolm has degrees in Chemistry and Economics and was awarded the inaugural Chancellor's Medal for distinguished contribution to the Australian National University.

Tom Cross

Tom Cross is Director of Security Research at Lancope, where he works on advancing the state of the art in network behavioral anomaly detection with netflow. He has over a decade of experience as a computer security researcher and thought leader. He is credited with discovering a number of critical security vulnerabilities in enterprise-class software and has published papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in internet routers, encrypting open wireless networks, and protecting Wikipedia from vandalism. 

Prior to Lancope, Tom served as Manager of Threat Intelligence and Strategy in IBM's X-Force Research organization. One of Tom's contributions at IBM was serving as the technical editor of the X-Force Trend Report, a biannual report that analyzes data about computer security vulnerability disclosures, trends in Internet attack activity, and other data sources that shed light on the state of the Internet threat landscape. 

Tom has operated online social communities almost continuously since 1991. In 1996, Tom cofounded Electronic Frontiers Georgia, where he worked to protect the Constitutional rights of Internet users in the US State of Georgia. In 2001, Tom cofounded MemeStreams, an innovative collaborative blogging system that combined online social networking with reputation systems technology. 

Tom frequently speaks on information security and technology policy issues at conferences around the world. He holds a Bachelor of Science in Computer Engineering from the Georgia Institute of Technology.