MEASURING TRUST IN PRIVACY AND SECURITY
Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.

...more

Ponemon Institute Fellows: G-H-I

< Back to Ponemon Fellows

Daniel B. Garrie

Daniel Garrie is the current Managing Director of Alternative Resolution Center's (ARC) E-Discovery Dispute Resolution in Los Angeles and Senior Managing Partner at FSRDG LLC in New York. He regularly consults with attorneys and technologists on Electronic Discovery and Discovery Management issues related to litigation, commercial disputes, business claims, and enterprise information archiving implementation. Mr. Garrie is admitted to practice law in New York and New Jersey and is editor-in-chief of the Journal of Legal Technology Risk Management.

Mr. Garrie specializes in the synchronization of policies with information technologies and related best practices to ensure legal compliance for enterprises worldwide. Mr. Garrie counsels both domestic and international corporations in the domains of E-Discovery, data privacy, enterprise archiving, IT vendor selection, litigation risk management, and cost management. In addition, he leverages his legal and IT expertise to deliver enterprise application architecture, design, deployment, and integration of enterprise record and information management platforms.

Mr. Garrie has published more than 80 articles and books on E-Discovery, Cloud Computing, software, intellectual property, compliance, technology, legal, telecommunications, US and EU privacy policies, and a range of other E-Law issues. Recent publications include a three-part article on the risks and financial issues involved in Cloud Computing published in the Los Angeles Daily Journal, including, “Haste Makes Waste: Charging for Cloud Computing” (7/30/10), “Jurisdiction and Cloud Computing: How Does it Work?” (8/19/10), and “Do the Benefits of Being in the Cloud Outweigh the Risks?” (11/2/10).

Mr. Garrie is a seasoned Electronic Discovery Special Master, and was recently appointed to the E-Discovery Special Master Pilot Program for the U.S. District Court of Western Pennsylvania. He is a frequently sought after presenter at legal and technology seminars and has been invited to symposiums around the world, most recently the 2011 AIIM 360 Conference in Washington D.C., where he presented E-Discovery in the Cloud.

Mr. Garrie is the current Managing Director of Alternative Resolution Center's (ARC) E-Discovery Dispute Resolution in Los Angeles and Senior Managing Partner at FSRDG LLC in New York.

Stanton G. Gatewood

Stanton Gatewood is recognized worldwide as one of the leading experts in information security, strategic planning and privacy. Mr. Gatewood is Chief Information Security Officer for the State of Georgia. He leads GTA’s Office of Information Security Program Management, which unifies information security responsibilities for the state’s IT enterprise, the Georgia Enterprise Technology Services program, and GTA.

He has more than 33 years of experience in cyber security programs for the U.S. military, state and federal governments, higher education, and global corporations. Prior to joining GTA, Mr. Gatewood served as Director of Cyber Workforce Development for Dell Secureworks. He was also Chief Information Security Officer for the University of Georgia, Interim Vice President for Information Technology and Chief Information Officer for Albany State University, and Chief Information Security Officer for the Board of Regents of the University System of Georgia.

A much sought-after speaker and strategist, Gatewood is a tri-lingual author, teacher, and lecturer. Gatewood has traveled extensively transferring his knowledge of Information Security & ePrivacy in Latin America, Middle East, Africa, Asia, and Europe. He is a contributing writer and editor for security journals including Information Security Magazine, SecurityFocus, SC Magazine, Federal Times, Computerworld and CSO magazines. Gatewood has had a long distinguished career in the military, state and federal government, higher education and corporate security spanning more than 33 years. During his distinguished career, Gatewood has built "highly successful" information security and privacy programs, two centers of excellence; one for cryptography and one for awareness, training and education. He has served as the former president of the founding chapter of the Information Systems Security Association (ISSA) in Los Angeles, Calif. and continues to serve on several industry boards. Most recently, Gatewood was named one of SC Magazine's - IT security luminaries and one of the Top 5 influential IT security thinkers in the world.


Nikk Gilbert

Nikk Gilbert is the Director of Information Security for ConocoPhillips, the world’s largest independent exploration and production company. ConocoPhillips explores for, develops and produces crude oil and natural gas globally.
 
With 20 years of executive-level experience in Information technology roles, Nikk is a respected thought leader within the government & private sectors. Experienced in multiple verticals, (financial services, manufacturing, oil & energy, government & military), He’s focused on building success by understanding the needs of the customer, by enabling the business through a deep understanding of the corporate strategy and its culture & by using technology as a true enabler to achieve this synthesis. 

Nikk’s experience includes working as an information security executive (CISO, CSO) & information technology leader (CIO) for large multinational organizations such as the American Department of Defense, NATO, Alstom, ConocoPhillips and the U.S. Navy. 

Nikk is a recipient of the US Navy’s Meritorious Civilian Service Medal, holds the CISSP and CISM security certifications and has been a keynote speaker at technology events throughout the world.

Ben Goodman

Ben Goodman is the founder and CEO of 4A Security & Compliance, a firm that helps clients understand and manage cyber risk and meet their information security and compliance requirements. Ben has over 25 years of experience in information technology, technology strategy and risk management.  He is a member of the faculty at Drexel University, LeBow School of Business where he has lectured on cyber risk management and he has conducted research on stolen PHI and dark net markets. Ben is a member of the Casualty Actuarial Society’s Cyber Risk Task Force and served as a member of the Society of Actuaries Project Oversight Group on “Cybersecurity Insurance: Modeling and Pricing.” He is also the recipient of ISACA's worldwide achievement award for risk and information systems controls. He is also a member of the Pace University, Seidenberg School of Computer Science Cybersecurity Advisory Board, and a member of the Philadelphia Chapter of Infragard. He has served as an expert witness on legal matters concerning data breaches, security, privacy and HIPAA compliance. He is the author of “The Cyber Risk Ecosystem,” which won the Joint Casualty Actuarial Society/Canadian Institute of Actuaries/Society of Actuaries Risk Management Section, Best Paper Award for Practical Risk Management Applications. Mr. Goodman received his Bachelors of Arts Degree from Columbia College, Columbia University. 
 

F. Paul Greene

F. Paul Greene is Chair of the Privacy and Data Security Practice Group at Harter Secrest & Emery LLP. Paul represents entities of all sizes and in various industries in relation to cyber-security issues. From pre-breach counseling to breach response coaching, Paul has been involved in all aspects of the breach preparation, response, and remediation process.  His background as a commercial litigator serves him well having an eye toward potential litigation/regulatory risk, and preservation of evidence and the attorney-client privilege, in all of his cyber security matters. 

Paul received a J.D. magna cum laude from Fordham University; a Ph.D. from New York University in Germanic Language and Literatures; a B.A. in German from University of Rochester; and a Certificate in Management Studies from University of Rochester Simon School of Business.

Michael Gregg

Mr. Michael Gregg is the CEO of Superior Solutions, Inc. (www.thesolutionfirm.com), a Houston based IT security consulting firm.  His organization performs security assessments and penetration testing for fortune 1000 firms. He has consulted and led assessment activities for many organizations.  He has more than 20 years experience in the IT field.  He holds two associate’s degrees, a bachelor’s degree, and a master’s degree and some of the certifications he maintains include: CISSP, CISA, CISM, MCSE, CEH, CHFI, CGEIT, and SSCP.  Michael has authored/co-authored more than 15 books; some include: CISSP Exam Cram 2, Que; Inside Network Security Assessment, SAMS; CEH Exam Prep 2, Que; Hack the Stack, Syngress; Security Administrators Street Smarts, Sybex; Emerging Threat Analysis 2006, Syngress; CHFI Study Guide, Syngress; Que CISA Exam Prep 2, Que; Security+ Study Guide, Syngress; How to Build Your Own Network Security Lab, Wiley.

Michael is frequently cited by major and trade print publications as a cyber security expert and has appeared as an expert commentator for network broadcast outlets and print publications such as FOX, CBS, NBC, ABC, CNBC, CNN, local broadcast television, The New York Times, Kiplinger’s, and The Huffington Post.  He has also spoken at major security conferences.  Michael is an adjunct instructor for a leading University and has led the development of 20 training classes, courses, and programs used by training vendors, developers, colleges, and universities.  He focuses on presenting topics in ways that people can understand the complex issues surrounding IT security. He is also an Expert Q&A for TechTarget.com and also serves on the TechTarget Editorial Board of Advisors.
 

Lindsey Greig

Chief Executive Officer, DataGuidance

Lindsey Greig is the CEO of DataGuidance, the global data protection and privacy service that gives professionals the confidence to make the right decision about compliance; saving time, minimising costs and mitigating risks. DataGuidance is a division of Cecile Park Publishing Ltd, also home to sister publication Data Protection Law & Policy.

Lindsey has developed extensive experience in the data protection and privacy field, establishing both services and regularly speaking at national and international privacy conferences and webinars. He has demonstrated that he is an expert commentator on the role of data privacy in building brand value in global markets.

A former journalist turned entrepreneur, Lindsey founded and edited the Lawyer magazine, the weekly magazine for the UK legal profession.

Rocco Grillo
 

Rocco Grillo is Stroz Friedberg’s Cyber Resilience Leader and a member of the firm’s executive management team. His cyber resilience team, which includes the company’s incident responders and security scientists who deliver the firm’s proactive and reactive cybersecurity capabilities, has successfully triaged some of the largest data breaches recorded in the last decade. Previously in his career, Mr. Grillo led Protiviti’s Global Incident Response and Forensics Investigations, helped develop RedSiren Technologies (a leading managed security service provider and full services security firm that evolved out of Carnegie Mellon), and held management positions with Lucent Technologies and Bell Atlantic.

Mr. Grillo is a CISSP, CRMA, PCI-QSA, and a Certified Third Party Risk Assessor. He is an affiliate board advisor for FS-ISAC and NH-ISAC, a member of the Shared Assessments Program Steering Committee board, the CLM Cyber Liability Council, and has also served on the board of directors of the NY Metro ISSA Chapter, the IT Policy Compliance Group, and the (i-4) International Information Integrity Institute Research Steering Committee.

John Grimm

John Grimm is the senior director of security strategy at Thales e-Security, an industry leader in advanced data security solutions that deliver trust wherever information is created, shared or stored.    John is primarily responsible for driving the company’s strategy for the Internet of Things (IoT).

John’s 25 years of experience in the information security field started as a systems and firmware engineer building secure cryptographic key distribution systems for government applications.  Through the years he progressed through product management, solution development, and marketing/strategy leadership roles at companies in multiple areas of cyber security, including identity management, networking, PKI, cloud, encryption and key management. He received his bachelor's degree in electrical engineering from Worcester Polytechnic Institute in Worcester, Massachusetts, and is a member of Tau Beta Pi, the engineering honor society.
 

Peter Guffin

Peter is a partner at Pierce Atwood LLP and heads the firm's Privacy & Data Security practice. He has extensive experience in the areas of intellectual property, information technology, privacy and cyber security. Before joining Pierce Atwood in February 2000, Peter served as Intellectual Property and Technology Counsel in the Legal Division of Unum Group (NYSE: UNM), a Fortune 500 company and the world's leading disability insurer. Early in his career, Peter practiced law with the Wall Street firm Chadbourne & Parke LLP in New York.

Peter is listed in The Best Lawyers in America® for Copyright Law, Trademark Law, and Litigation-Intellectual Property. He is a Certified Information Privacy Professional/United States (CIPP/US), International Association of Privacy Professionals (IAPP). He has been an adjunct professor at the University of Maine Law School for many years and recently joined the faculty (part time) as a Visiting Professor of Practice, teaching information privacy law and cyber security and assisting with building out the Law School’s information privacy law program. Peter serves as Co-chair of the IAPP’s Northern New England KnowledgeNet.

Peter recently authored the chapter on the Electronic Communications and Privacy Act in the book entitled Data Security and Privacy in Massachusetts. Published by the MCLE Press, the book was honored in July 2016 with a top award by the Association for Continuing Legal Education (ACLEA). Called “outstanding” by ACLEA’s judges, and praised for its comprehensive coverage and substantive excellence, the book is being recognized as among ACLEA’s best publications for 2016.

Peter received his J.D. from the University of Pennsylvania Law School and his B.A. from Rutgers College, magna cum laude, Phi Beta Kappa.

Deborah Guild

Deborah Guild is executive vice president and chief security officer for The PNC Financial Services Group. In this capacity, she serves as the chief information security officer responsible for aligning all aspects of PNC’s security program, including cyber and information security, security operations, enterprise fraud, security operations architecture, physical security and governance.

Guild was named to her current position in January 2017. Previously, she served as PNC’s chief technology officer responsible for infrastructure, technology operations, information security, cyber crime and IT service management.

Prior to joining PNC in October 2013, Guild spent 21 years at Bank of America where she most recently served as chief technology officer of enterprise functions and end user computing. She also served as the global integrated business and change management executive.

Guild previously served as senior network engineer at Intel Corporation. Guild serves on the board for the National Center for Women and Information Technology (NCWIT). She earned a bachelor's degree in computer science, minor in mathematics from University of North Florida.

 

Renee Guttmann

Renee Guttmann is the Chief Information Security Officer at the Coca-Cola Company.  Renee is responsible for the Information Risk Management program at The Coca-Cola Company.  Previously, she was VP of Information Security and Privacy at Time Warner and Senior Director of Information Security at Time Inc.   She has also held information security roles at Capital One, Glaxo Wellcome, Inc. and Gartner.  

Renee received the 2008 Compass Award from CSO Magazine and in 2007 was named a “Woman of Influence” by the Executive Women’s Forum.
 

Brian Harrell

Brian Harrell is a nationally recognized expert on critical infrastructure protection, continuity of operations, and cybersecurity risk management. Harrell is the Director of Security and Risk Management at Navigant, a $1 billion-dollar consulting firm, where he provides critical infrastructure companies with consultation on risk mitigation, protective measures, and compliance guidance. In his current role, he has been instrumental in providing strategic counsel and thought leadership for the security and resiliency of the power grid and has helped entities identify and understand emerging threats. Advising utilities throughout North America, Harrell has worked to increase physical and cybersecurity mitigation measures designed to deter, detect, and defend critical energy systems.

Prior to Navigant, Harrell was the Director of the North American Electric Reliability Corporation’s (NERC) Electricity Information Sharing and Analysis Center (E-ISAC) and was charged with leading NERC’s efforts to provide timely threat information to over 1900 bulk power system owners, operators, and government stakeholders. During his time at NERC, Harrell was also the Director of Critical Infrastructure Protection Programs, where he led the creation of the Grid Security Exercise, provided leadership to Critical Infrastructure Protection (CIP) staff, and initiated security training and outreach designed to help utilities “harden” their infrastructure from attack.

Prior to coming to the electricity sector, Harrell was a program manager with the Infrastructure Security Compliance Division at the U.S. Department of Homeland Security (DHS) where he specialized in securing high risk chemical facilities and providing compliance guidance for the Chemical Facility Anti- Terrorism Standards (CFATS). For nearly a decade of world-wide service, Harrell served in the US Marine Corps as an Infantryman and Anti-Terrorism and Force Protection Instructor, where he conducted threat and vulnerability assessments for Department of Defense installations.

Harrell has received many accolades for his work in critical infrastructure protection and power grid security, including awards from Security Magazine, CSO, AFCEA, and GovSec. Harrell maintains the Certified Protection Professional (CPP) certification and holds a bachelor’s degree from Hawaii Pacific University, a master of education degree from Central Michigan University, and a master of homeland security degree from Pennsylvania State University.

Sam Harris

Sam Harris leads the GE Digital cybersecurity solution architect team.  GE Digital is focused on driving new value for industrial organizations by offering them advanced software capabilities based on the Internet of Things that increase productivity.  Sam joined GE after having a nineteen year tenure in the computer software industry working with solutions for big data, advanced analytics and security.

Before joining GE, Sam led Teradata’s cybersecurity program including information security offerings to secure analytical environments and joint partner offerings using capabilities to support network forensics and security solutions.  He is an expert on information security systems and has worked with business and government decision-makers on critical issues such as security, trust, privacy and compliance.

Prior to Teradata, Sam worked for Microsoft Corporation leading an enterprise risk management & compliance program.  In this role he supported sales opportunities including, security for document management and record retention, programmatic application of audit and controls, and risk analytics & reporting.  Sam has also worked for SAS Institute with focus on risk and compliance business issues.  He served in Product Management, Product Marketing, Sales-support & Sales roles.  Sam led product management for Risk Dimensions, a calculation engine used to measure changes in value in for capital markets and energy firms trading gas, power and oil.

Sam is based in North Carolina and is an alumnus of the University of North Carolina at Chapel Hill.

Faith M. Heikkila

Faith M. Heikkila, Ph.D., CISM, FIP, CIPM, CIPP-US, ABCP is an accomplished information security and privacy professional. Dr. Heikkila earned her Ph.D. in Information Systems from Nova Southeastern University specializing in Information Assurance. Her Ph.D. Dissertation – “An Analysis of the Impact of Information Security Policies on Computer Security Breaches in Law Firms” was selected as the Distinguished Ph.D. Dissertation in Information Systems.  In December 2010, Dr. Heikkila received the Grand Valley State University Distinguished Alumna Award.

Dr. Heikkila is the InfraGard National Members Alliance, Inc. Secretary Emeritus, an FBI public/private critical infrastructure protection program.  Dr. Heikkila previously served as the InfraGard Michigan Members Alliance, Inc. President and subsequently the Chairman of the Board.  Dr. Heikkila is the author of information security and e-discovery published articles. Dr. Heikkila is widely recognized as a subject matter expert in e-discovery, data privacy, information security, information security policies and procedures, computer security breaches, vendor management, HIPAA, HITECH Act regulatory compliance, financial regulatory compliance laws, PCI DSS compliance, state data breach notification laws, and vendor management. In recognition of her authority in this burgeoning field, Dr. Heikkila’s expertise is globally sought through publications, invited lectures/presentations, and in organizing regional conferences.

Jean-Paul Hepp, Ph.D., CIPP

Dr. Jean-Paul Hepp is an accomplished business executive, strategist, and change agent. He has more than 24 years leadership experience working across multiple verticals in the highly regulated pharmaceutical industry.

Hepp engages global organizations with bold initiatives that transform the entire culture. At Pharmacia, he became the first in the industry to implement a corporate Internet strategy. His activities propelled Pharmacia to a leadership position. At Pharmacia, Hepp was again the first in the industry (along with Merck) to serve in the full-time Privacy Director/Corporate Privacy Officer position. He continued in this role with Pfizer after it acquired Pharmacia.

Rebecca Herold

Rebecca has 25+ years of systems engineering, information security, privacy & compliance experience, is CEO of The Privacy Professor® consultancy she founded in 2004, & President of SIMBUS, LLC Information Security, Privacy & Compliance cloud services she founded in 2014. Rebecca designed and engineered the SIMBUS architecture and associated services, including for online employee and contractor information security and privacy training and awareness, vendor management, risk management assessments and evaluations, policies and procedures, program management tasks, breach response, audit management, employee oversight and management, and inventory management.  Rebecca has authored 19 books, the last two of which were privacy books published by ISACA in 2017; one titled, “ISACA Privacy Principles and Program Management Guide” and the other titled, “Implementing a Privacy Protection Program: Using COBIT 5 Enablers With the ISACA Privacy Principles.” Rebecca has contributed to dozens of other books and written hundreds of articles. Rebecca led the U.S. National Institute of Standards & Technology Smart Grid Privacy Subgroup for 7 years, performed the first electric grid cybersecurity OpenFMB testing for NIST, was a co-founder/officer for IEEE P1912 Privacy and Security Architecture for Consumer Wireless Devices Working Group, and is on many advisory boards. 
 
Rebecca has been an IAPP certification faculty member since 2010. Rebecca was Adjunct Professor for the Norwich University Master of Science in Information Security & Assurance program for 9 years, has received numerous awards and has keynoted on 5 continents to date. Rebecca appears regularly on the KCWI23 morning television show, hosts the Voice America radio show “Data Security & Privacy with the Privacy Professor” with a new show each week, and is quoted in a large number of diverse publications. Rebecca has also served as an information security, privacy and compliance expert witness.  Rebecca has degrees in Mathematics, Computer Science and Education. Rebecca earned the following certifications: CISM, CISA, FIP, CIPT, CIPM, CIPP/US, CISSP, FLMI.  Rebecca is based in Des Moines, Iowa, USA.  rebeccaherold@rebeccaherold.com. www.privacyguidance.com, www.SIMBUS360.com, https://www.voiceamerica.com/show/2733/data-security-and-privacy-with-the-privacy-professor
 

Priscilla Hill-Ardoin

Priscilla Hill-Ardoin retired from her position as chief privacy officer of AT&T, Inc., in 2007 after a distinguished career with the corporation and several of its subsidiaries. Hill-Ardoin founded the organization responsible for ensuring AT&T has policies and procedures in place to maintain full compliance with state and federal regulatory requirements governing telecommunications. She served as associate vice president-corporate services, chairman of the board for the AT&T Foundation, and the company's director of diversity. She also held positions in strategic planning, marketing, and network operations.

A recognized leader in the communications industry, Hill-Ardoin supported the advancement of women and minorities in all areas of the business. In 2003, she was appointed by FCC Chairman Michael Powell to the Chairman's Advisory Commission on Diversity in Communications in the Digital Age.

Chris Jay Hoofnagle

Mr. Chris Jay Hoofnagle, Esq. is senior staff attorney with the Samuelson Law, Technology and Public Policy Clinic and senior fellow with the Berkeley Center for Law and Technology. His focus is consumer privacy law. Previously, he was senior counsel to the Electronic Privacy Information Center and director of the organization's West Coast office. He was also a non-residential fellow with Stanford University's Center for Internet and Society for the 2005 academic year.

Among his recent academic publications are Identity Theft: Making the Unknown Knowns Known, in the Harvard Journal on Law and Technology; Putting Identity Theft on Ice: Freezing Credit Reports to Prevent Lending to Impostors, Stanford University Press; A Model Regime of Privacy Protection, in the University of Illinois Law Review (with J. Solove); and Big Brother's Little Helpers: How ChoicePoint and Other Commercial Data Brokers Collect, Process, and Package Your Data for Law Enforcement, in the North Carolina Journal of International Law & Commercial Regulation.

Bryan Hurd

Mr. Bryan E. Hurd is a seasoned cybercrime, computer security and homeland security professional with over 25 years of founding programs that have national and international impact. Bryan, a graduate of the U.S. Naval Academy, is one of the founders of the cyber security community in the United States, having created the first Cyber Counterintelligence program for the US Navy at the Naval Criminal Investigative Service (NCIS) in 1994. He then went on to create the US European Command’s First Information Operations Cell, the template later used to create Information Operations and Computer Network Offense and Defense programs across the US Government. Bryan also established the original commercial computer forensics program for EDS (now HP) as its first Global Program Director.

Bryan holds numerous certifications including CISSP, CISA, CISM and other certifications in the information security, systems auditing, computer forensics, and related fields. A board-certified anti-terrorism expert, Bryan also led innovation for the entire US watch listing system as the Chief of Operations, Director of Terrorist Identities at the National Counterterrorism Center (NCTC). He personally designed the Terrorism Case Management System for US Watchlisting that drastically improved the national response to the Boston Marathon Bombing. For this and other innovations, he was awarded the Director of National Intelligence (DNI) - National Intelligence Special Service Award.

Bryan was then recruited to become the first director of intelligence of the Digital Crimes Unit at Microsoft’s Global Cybercrime Center and led initiatives across the globe for Microsoft to fight cybercrime.

Bryan is currently the Senior Director, Security Strategy at Versive – a Seattle-based Artificial Intelligence driven cyber security company.  He also serves as the Chairman of the Board of Advisors for Rhino Security Labs - a penetration testing network, web application, social engineering assessment services company and serves on several other corporate boards. Bryan volunteers on the board of advisors for the non-profit Savvy Cyber Kids, dedicated to protecting children from cyber bullying and other online threats. He is also keynote speaker at international venues including the George C. Marshall European Center for Security Studies’ Program on Countering Transnational Organized Crime (CTOC), the Cyber Futures Forum Cyber Law and Cyber Crime Response Action Group, as well as speaking at other venues.