Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.


Ponemon Institute Fellows: J-K-L

< Back to Ponemon Fellows

Larry Jaffee

Larry Jaffee is a contributing writer to SC Magazine for IT Security Professionals, for which he’s written feature articles and ebooks focusing on crisis response to data breaches, insider threats and preparation to ward off attacks. A business journalist and public relations professional for more than three decades, Jaffee teaches as an adjunct faculty member at the New York Institute of Technology a graduate-level course in crisis communications, as well as undergraduate courses in journalism and TV news reporting. He occasionally provides business consulting services as a council member of the Gerson Lehrman Group. His writing has been published in publications including The New York Times, Rolling Stone, and Parade, as well as currently Huffington Post.

Much of his career has been focused on media, entertainment and marketing. He served as the top editor of several business magazines and websites covering those industries. His current PR practice includes strategically advising technology companies and global trade associations in the solar energy and optical media fields. He has a master’s degree in journalism from Pennsylvania State University and a bachelor’s degree in communication arts from Hofstra University. He also taught writing at both schools.

John Johnson

Dr. John D. Johnson is Advisory Senior Manager for Cyber Risk Services at Deloitte, focused on IoT and Industrial Cybersecurity. John was previously CTO for RIG, a startup working to integrate IoT devices using edge computing and secure communications. John was Founder/CEO/CISO at Aligned Security and previously spent 18 years as security architect for John Deere, where he managed security infrastructure and developed strategy and secure architecture solutions for protecting a global corporate network, endpoints, industrial systems, product development and the supply chain. John also served as Network and Security Manager at Los Alamos National Laboratory. John has developed numerous courses and taught graduate cybersecurity for 17 years. He is a frequent speaker, active IEEE volunteer and serves on industry advisory boards and conference committees.

Ondrej Krehel

Ondrej Krehel is the founder and chief executive of LIFARS LLC, an international cyber security and digital forensics firm. He’s the former Chief Information Security Officer of Identity Theft 911, the nation’s premier identity theft recovery and data breach management service.  He previously conducted forensics investigations and managed the cyber security department at Stroz Friedberg and the Loews Corporation.

With two decades of experience in computer security and digital forensics, he has launched investigations into a broad range of IT security matters—from hacker attacks to data breaches to intellectual property theft. Matters also included corporate espionage, financial fraud and mathematical modeling.

He holds an M.S. degree in Mathematical Physics from Comenius University in Bratislava and an Engineering Diploma from Technical University in Zvolen, Slovakia. He is one of the few that hold Certified Ethical Hacker Instructor (CEI) accreditation, and being authorized to lecture Ethical Hacking course to government and private sector.

An international conference speaker and educator, he’s presented at RSA, among other notable security summits, and is an adjunct professor at St. John ’s University. His work has been featured by CNN, Reuters, The Wall Street Journal and The New York Times.

Bob Kellner

Bob Kellner is the Senior Vice President, Director of Operational Risk Management Corporate Control Programs. Bob leads the ORM Corporate Control Programs division of the Risk Management & Compliance group at U.S. Bank. His group consists of the Enterprise Privacy Office, which is responsible for managing risks and controls around information privacy and accessibility banking, as well as the Service Provider Response Team; Enterprise Fraud Risk Management (EFRM) which is responsible for leading the federated model fraud across the enterprise, and includes activities for event escalation, fraud reporting and tools and technology. Bob’s group also consists of a Business Change Risk Assessment program, which assesses and approves consumer facing business changes, specifically new products and services, significant changes to existing products and services, as well as entering new markets. Bob owns the Third Party Risk Assessment program, which sets policy, provides guidance and standards, and oversees the risk and compliance management of third parties enterprise-wide. Lastly, the Enterprise Governance Risk and Compliance (eGRC) technology platform and eGRC discipline are managed within Bob’s group. Bob has implemented Sarbanes-Oxley, GLBA Secure Customer Information, and Identity & Access Management programs while at U.S. Bank.  In his tenure at U.S. Bank, Bob also ran Business Continuity Planning, the Office of Enterprise Security, Enterprise Security Services, and Basel II Operational Risk function.

Bob is an officer of U.S. Bank and is a member of the Compliance & Operational Risk Committee, the IT Governance Council, and is on the internal Development Network Corporate Board. He has over 20 years experience in large corporations in finance, accounting, and risk management practices. Bob is a member of the Institute of Management Accountants and ISACA. He holds Certified Public Accountant (inactive) and Certified Management Accountant professional certifications and has his Master’s degree in Finance from the University of St. Thomas. He has built a career on relationship & rapport building, and lives by a collaborative style.

John Kropf

John Kropf joined Reed Elsevier in 2012 as Deputy Counsel for Privacy and Information Governance.  John previously was a career member of the United States Senior Executive Service, and served as the Deputy Chief Privacy Officer for the Department of Homeland Security's Privacy Office and senior adviser on International Privacy Policy.

Before joining DHS, Kropf worked for 10 years as an international lawyer with the U.S. Department of State in the Office of the Legal Adviser.  He also served two years with the American Embassy in Turkmenistan as country director for USAID.  Kropf began his federal career as an attorney with the U.S. Department of Justice Honors Program.   He earned his law degree and a master’s degree in public and international affairs from the University of Pittsburgh.   

He is also a graduate of Denison University with a B.A. in Philosophy.  John is a member of the bars of Pennsylvania and the District of Columbia.   He is also a member of the International Association of Privacy Professionals (IAPP) and serves as a member of its Certification Advisory Board and has earned the CIPP/US and CIPP/G certificates.  He is the author of the Guide to U.S. Government Practice on Global Sharing of Personal Information as well as numerous articles on global and strategic privacy issues.

David Kuo

Dave Kuo joined the SAP SuccessFactors as the Head of Compliance, Privacy and Risk Management and he is responsible for the Global Compliance and Privacy Program for the Cloud Human Capital Management (HCM) solution service delivery.   Dave is a senior IT and cybersecurity management executive with twenty-five years of experience in HCM implementation and information protection strategy development. 

Prior to SuccessFactors Dave was with KPMG where he led the Compliance Readiness Services for Financial Services sector here in North America.  Prior to KPMG, Dave was with Accenture, where he led and developed the Data Protection and Privacy Services globally.  Dave is a Certified Information System Auditor (CISA and Certified Information Privacy Professional for IT (CIPT). 

Ron LaPedis

Ron LaPedis is a global enablement specialist for security and host connectivity products with Micro Focus.  He is co-inventor on two storage and two virtualization patents, and is named on one encryption patent. He is an Associate Fellow of the Business Continuity Institute (AFBCI), a Master Business Continuity Professional (MBCP), and a Certified Information Systems Security Professional (CISSP) with ISSAP and ISSMP endorsements.

In his free time, he is a communications volunteer with the Emergency Services Bureau of the San Mateo County Office of Emergency Services. 

Ryan LaSalle

Ryan is the Managing Director of the Cyber Lab, part of Accenture’s cross-industry research and development Technology Labs. During his 16 years with Accenture, he has worked with customers in Public Service, Retail, Financial Services, Utilities, Pharmaceuticals, Media & Entertainment, and Communications & High Tech to find emerging technology solutions to their business needs. As the lead for Accenture's Cyber Lab, Ryan’s current role focuses on research that brings together the areas of analytics, knowledge discovery, and cyber-security, with the goal of developing first-of-a-kind approaches to sharpening threat assessment methodologies and enhancing knowledge of successful responses. 

He holds patents in human resource management, knowledge discovery and establishing trust between entities online. Ryan is a graduate of Princeton University, with a B.S. degree in Electrical Engineering. 

Barbara Lawler

Barbara Lawler is a globally recognized data and privacy leader, who has been an active member of the data policy landscape since 1999.  She is the CPO at Intuit, makers of TurboTax®, QuickBooks®, and Mint® and leads global implementation of data stewardship, privacy by design and ethical data innovation directly benefiting consumers.  She leads a team that works with product developers and data scientists to deliver practical, innovative data governance decision-making tools.  Intuit has finished in the top 10 “Most Trusted Company for Privacy” since 2006.

Before Intuit, Ms. Lawler spent over 20 years in data management, marketing and privacy roles at Hewlett Packard, and was their first CPO.  She is Chair of the Ponemon Institute RIM Council Advisory Board and is a member of the Executive Committee of the Information Accountability Foundation (IAF) Advisory Board.  She is a previous member of the IAPP Board of Directors, speaks frequently on privacy and information ethics, participates in policymaker discussions, and has testified four times before the U.S. Congress. 

Beyond the office Barb supports youth arts programs and recently launched a small Foundation to support young peoples’ participation. She is on the Board of Directors of the Children’s Council of San Francisco.

Arturo Leal

Arturo Garcia Leal leads the Global Information Technology Audit group at Praxair Inc., an industrial gases company with a global presence in more than 50 countries, the largest in North and South America and one of the three largest worldwide. His current responsibilities include the global assessment of ISO 2700 based Praxair internal IT control framework, Cybersecurity Specific Audits, IT Compliance assistance (SOX, HIPAA) and NIST based Industrial Control Systems reviews.  Previously Arturo led the IT Governance, Risk and Compliance function with close integration with Information Security. As part of his responsibilities within the IT GRC function, Arturo was responsible for the first global implementation of the IT Governance framework across all the IT functions in all business units within Praxair that included the definition of IT Governance control metrics and periodic performance reporting and review processes.

Throughout Arturo’s tenure of almost 30 years in the realms of Information Technologies, he has witnessed and worked with all aspects of information technologies. Arturo has participated in a wide variety of IT implementations primarily in the manufacturing industry.

Arturo is CISSP, CISA, CRISC and CGEIT Certified.  He earned a Bachelor’s Degree in Information Sciences from Mexico’s National Polytechnic Institute and a Master’s Degree on Information Technology Management with Honors from the Monterrey Institute of Technology and Higher Education where he published his work on IT Governance Factors that lead to successful IT performance within companies in Northeast Mexico. Arturo is also alumni of the Tuck School of Business at Dartmouth College from the Business Engagement and the Information Security Professional (BESP) Program. 

Matt Leonard, CIPP

Mr. Matt Leonard is a privacy and strategic marketing executive. His more than 25 years of experience managing direct marketing operations along with his experience developing and implementing privacy and information strategies, policies, and practices in complex organizations gives him a unique perspective on the issues surrounding responsible information practices.

Leonard directed privacy and information policy at Harte-Hanks, a major end-to-end direct marketing service organization. He spent ten years at IBM in Direct Marketing, Customer Information, and Privacy. He is an industry-recognized expert in all aspects of marketing, from Database Analytics to Product Development.

Leonard brings a depth of experience in marketing as well as specific expertise regarding privacy practices in marketing oriented organizations. He speaks frequently to organizations about privacy and marketing. He is an advocate of effective privacy and information practices as a basic business requirement.

Bradley Lide

As the acting Director of Business Enablement for SertintyONE, Bradley Lide brings to the table over 35 years of experience that stems from a diverse background. Having spent time in both information technology and physical security industries, he finds himself at ease in managerial roles and comfortable as being a part of the team troubleshooting in the field. While in these areas he developed a strong understanding of how these industries operate effectively in not only retail settings, but in enterprise environments as well.    

Currently his primary role at SertintyONE consists of meeting with a wide range of clientele to learn their specific critical data requirements along with their security concerns and needs. After listening and assessing, Bradley provides innovative and workable solutions for maintaining control of their important information along with the integrity of its contents.

For 13 years Bradley served as President of CyberAngel Security Solutions, a company focusing on data protection and technology surrounding hardware tracking and recovery. During his tenure he earned accolades in a variety of areas including authentication, mobile device security, data encryption, and device tracking methodologies.

Prior to his work at CyberAngel, Bradley held the corporate position of Physical Loss Prevention Director at the Lowe’s Home Improvement. His responsibilities focused on maintaining security systems ranging from video surveillance, fire prevention and anti theft methodologies throughout all retail stores in operation. With his knowledge he also designed and coordinated the security installations for all new store structures, distribution centers and millworks facilities.

Additional noteworthy attributes include strategic planning, product implementation and quality assurance, client/vendor relationship management and matters concerning privacy polices.

Beyond his work, Bradley is a founding member of the Middle Tennessee InfraGard Members Alliance where he has held the positions of Secretary, Vice President and four consecutive terms as President since 2002. He recently finished a three-year term on the InfraGard National Board and continues to participate in the national organization through by-laws, awards and fundraising committees.

Today his accomplishments and experience reflect in his commitment to his work and his ability to communicate with others to achieve the optimal solution for the greater good. 

Jeff Lowder

Jeff Lowder is president of the Society of Information Risk Analysts (SIRA) and director of global information security and privacy at OpenMarket (a subsidiary of Amdocs).

Jeff previously served as CISO at Disney Interactive, director of information security at The Walt Disney Company and the US Air Force Academy, as well as other senior security positions at United Online and PricewaterhouseCoopers.