Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.


Ponemon Institute Fellows: M-N-O

< Back to Ponemon Fellows

Gordon MacKay

Gordon MacKay, CISSP, serves as Executive Vice President and Chief Technology Officer (CTO) for Digital Defense, Inc. (DDI), a national managed security risk assessment provider.  He leads the technology roadmap, as well as the Cloud Platform Development and Vulnerability Research teams.

As CTO, MacKay applies mathematical modeling and engineering principles in investigating novel solutions to many of the technological challenges within the automated vulnerability management space.  In 2013, MacKay’s solution to matching network discovered hosts within independent vulnerability assessments across time resulted in achieving patent-pending status for the company’s scanning technology host reconciliation process.

Prior to joining DDI, MacKay held several research and development leadership positions at Alcatel USA and led the Call Server Database Team with the inception and design of a real time in-memory database used in the Alcatel Softswitch.

MacKay has presented at numerous security related conferences, including RSA, and his expertise has been featured by top national and international media outlets such as FOX Business, Softpedia, IT World Canada and others.  He enjoys using creative real world analogies, as well as using Star Trek references in the content of his presentations and communications.

He holds a Bachelor's degree in Electrical Engineering, Computer Engineering from McGill University, Montreal Canada.

Alastair MacWillson

Former Global Managing Partner Security Practice, Accenture

Dr. Alastair MacWillson is the Global Managing Partner of Accenture’s global security practice, which comprises of over 3,000 security and risk professionals, and works with business and government leaders around the world on critical issues relating to technology strategy and risk, operational performance and management, cyber and information security, and critical infrastructure protection.  He also serves on the leadership council of Accenture’s global technology consulting business.

Prior to joining Accenture in 2002, Dr. MacWillson was the global leader of the technology consulting practice in PricewaterhouseCoopers.  During his time with PwC he also had responsibility for the PwC technology venture fund, which had $50m invested in new business activities, and was also the founder and interim global CEO for beTRUSTed, a managed service e-security business of PwC.  Having successfully established the beTRUSTed business, he handed over responsibilities to a full-time CEO in early 2002.   

Dr. MacWillson was appointed as Chair of the Institute of Information Security Professionals in 2011, having previously been the Chair of the IISP Accreditation Committee for 5 years.   In his role with the IISP, he aspires to help shape the security industry through greater awareness and recognition, and improving the standards of professionalism.      

Over the past 22 years Dr. MacWillson has lead technology transformation and security projects for major organizations such as  World Bank, SWIFT, DTC, CBT, LSE, Boeing, Northrop Grumman, NASA, QinetiQ, BP, Shell, Barclays, Goldman Sachs, Bank of America, , Ericsson, BT, as well as intelligence, security and defense departments of  the UK, US, European, Australian and Indian Governments.   He has advised clients on information and cyber security in the nuclear research and nuclear energy sector and has worked on projects for the UKAEA and Lawrence Livermore National Laboratory.   

Dr MacWillson has acted as an adviser to a number of governments on technology strategy critical infrastructure protection, cyber security and counter terrorism and has sat on related committees for the US and UK governments, the European Commission and the United Nations. 

Prior to moving into consultancy in 1990, Dr. MacWillson worked in government service and held senior advisory positions on security and risk related strategy with the UK Foreign Office and, through secondment, with the US State Department.  During his government career, Dr. MacWillson completed tours of duty in the Middle East, Moscow and Washington DC as well as working for shorter periods in a variety of other countries. 

With over 22 years of experience in information technology, security and applied cryptography, Dr. MacWillson is internationally recognised as an expert in the field.  As such, he is a frequent speaker and commentator on technology and security issues and his insights have been featured by some of the top media outlets such as the BBC, CNN, The Wall Street Journal and the Financial Times.  He is also a visiting lecturer on security and technology and has presented on many programmes with MIT, Georgetown, RHUL, Stanford, Surrey universities and the LBS.  During his career Dr. MacWillson has published many articles and papers on technology and risk and has authored journals on cyber and information security, risk, cryptography and cyber terrorism, as well as a widely selling textbook on Hostage Taking Terrorism (McMillan 1992).

Dr. MacWillson has a B.Sc. in Physics, Postgraduate Diplomas in Computer Science and Digital Imaging, a Ph.D. in Theoretical Physics, a D.Phil. in Cryptographic Science and a Management Diploma from IMD in Lausanne.  

Gail Magnuson

Gail Magnuson, a bright and innovative Global Security, Privacy and Information Policy Executive and Consultant with over fifteen years of experience in creating and delivering effective and streamlined policy solutions and programs that achieve business goals as well as regulatory compliance.  Gail is known for expeditiously implementing such policies & programs that bring global teams together, drive consensus, creatively meet the needs and stand the test of time.

She is also known for establishing ongoing compliance & governance disciplines as well.  She has done this effectively as an as international chief privacy officer, security and privacy consultant, security and privacy portfolio manager, information management and process design executive and business ethics global eLearning leader.

Recognized as a global expert in the security and privacy communities and in the financial services, business services, tele-communications, government, and health care communities. Serves in leadership roles in research and global matters through active participation in leadings associations such as:

  • Nymity, as author of Nymity’s Risks & Controls modules and strategic white papers. Built Nymity’s global research contributor program to over 350 contributors
  • Member of OASIS PMRM (Privacy Management Reference Model and Methodology) Technical Committee, its goal to advance open standards for privacy in the information community
  • Regular attendee at National, Regional and International Conferences for Privacy Commissioners and professionals
  • Executive Research Fellow at Zeropoint Risk Research, LLC
  • Center for Information Policy Leadership (CIPL) at Hunton & Williams and IAPP
  • Responsible Information Management group at the Ponemon Institute and Ponemon Distinguished Fellow
  • BITS at the Financial Services Round Table and the Santa Fe Group’s Shared Assessments

Gail has spent her fifteen year data protection career at Bank of America, IBM, Fiderus, EDS, Manpower and Gail Magnuson, LLC.

Her background also includes more than 30 years of facilitating organizational change in information, business processes, systems and operations innovations, strategic planning and systems architecture, primarily in finance industry, working directly with both established and entrepreneurial companies.

Greg Mancusi-Ungaro

Over a 30 year career, Greg Mancusi-Ungaro has successfully identified market opportunities, and matched them with invention and new technologies to create business transformations. A strategic visionary and marketing pioneer, he has been a prolific evangelist, writer, and technology and business strategy driver.  While at Lotus Development Corporation, helped to pioneer concepts and technologies, such as the automated slide layouts, programmatic designs, portable color palettes and intelligent chart formatting, the backbone of modern business graphics.  At HR innovator Webhire, Mancusi-Ungaro worked to transform traditional enterprise product delivery into web-based services creating an early entry into the then nascent SaaS industry.  Mancusi-Ungaro led marketing at Linux and open source pioneer Ximian and later directed global Linux Marketing efforts at Novell. 

Now, at cyber threat detection and intelligence leader BrandProtect, Mancusi-Ungaro is helping to bring new technology and services solutions to the market to fill a fast-developing gap in enterprise security requirements – intelligent threat detection, analysis and mitigation of external cyber security threats and attacks. Mancusi-Ungaro and the BrandProtect team are inventing unique technology-based services which combine innovative technical achievement with human intuition, directly supporting CISOs and enterprise security teams trying to meet fast-changing security requirements and best practices in a world that has become dominated -- and threatened – by malicious digital activity.

Larry Marks

Larry has focused his career on leading through collaboration to ensure best practices are implemented to assist compliance and process improvement.  He has focused his career on audit, security, risk, compliance, privacy, and program/project management across Financial Services, Health Care and Telecommunications. Larry has extensive experience in designing, managing, auditing and implementing IT processes, policies, controls and technology. Larry has managed teams, priorities and expectations across business and IT leadership while delivering fit-for-purpose services.

Larry is a published writer on subjects related to security, governance, Leadership, program/project management, regulatory compliance, and risk with articles appearing in ISACA, ISC2, Information Security Magazine and PMI Journal. He has been quoted in industry publications related to Information Security and Project Management. He is a member of the Editorial Review Committee for ISACA Journal and ACFE’s Fraud Magazine. Larry is also Associate Editor for Information Security Journal: A Global Perspective, ISC2 and contribute book reviews to the ISC2 Information Security Magazine.  Larry is a volunteer for PMI for both their 2018 and 2020 SRP Preliminary Proposal Review Committee.

Larry is one of the ISACA Whitepaper Developers for COBIT 5, Security as a Service, DevOps and database security. He has authored/co-authored technical audit programs by ISACA.  He currently holds a leadership position in ACFE NJ.

He has several certifications - PMP, ITIL, CISA, CISSP, CFE, CGEIT, CRISC and CSTE. Larry is an active volunteer with ISACA having recently served on their CRISC Exam Writing Team and part of ISACA’s Editorial Advisory Review Committee, and PMI’s ISO Committee. He is an active member of the ACFE – Fraud Magazine Editorial Advisory Review Committee. He is an SME regarding SECAAS, COBIT 5 and Oracle Database Auditing to ISACA. He has served as a member of New York Chapter’s GRA Committee and ACFE Scholarship Committee. Larry participates in ISACA online communities regarding governance and security. He also is a blogger and contributor to the Leadership section of

His literary work has appeared in ISC2 Security Journal, PMI Journal, and ISACA Journal. Larry  has proctored the ISC2 certification exams and continues to assist ISACA in their CRISC Exam question development. Larry holds a Bachelor of Arts degree from New York University in History and Economics and M.B.A. in Accounting from New York University.

Lynn Mattice

Mr. Mattice is President and founder of the National Economic Security Grid (NESG). The NESG is a non-partisan grassroots-based non-profit initiative that is a resource to metropolitan area public and private sector entities and is dedicated to educating public and private sector enterprises relative to the broad range of risks, threats and hazards they face.

He is also Managing Director of Mattice & Associates, a management consulting firm specializing in conducting enterprise risk assessments, implementing IP and brand protection measures and establishing broad-based risk intelligence programs. Mr. Mattice has a strong track record as a senior executive for three major U.S. based global corporations (Northrop Corporation, Whirlpool Corporation and Boston Scientific) and one mid-cap company (Wescom, Inc.) in dramatically different business sectors. His experience base traverses the defense & intelligence, electronics, life sciences, consumer products and service industries.

Mr. Mattice has been certified as an Expert Witness at both the Federal and State Court levels. He is also board certified in the disciplines of risk and information system controls. Mr. Mattice is a past Chairman of the Board of Directors for the National Intellectual Property Law Institute (NIPLI) in Washington, D.C., where he remains Chairman Emeritus and counselor to the President of the Institute. Mr. Mattice also served as an industry advisor to the U.S. Intelligence Communities National Counterintelligence Center and as a member of the U.S. State Department’s Overseas Security Advisory Council.

He was one of eleven industry representatives appointed to a joint government and industry task force established by Presidential Directive under President George H.W. Bush’s administration, focused at developing a new National Industrial Security Program (NISP) to replace the myriad of duplicative government security regulations. Mr. Mattice was recognized for his efforts as one of the principal architects of the NISP by way of a special joint commendation signed by the three Cabinet Officials who led the Presidential Task Force - Secretary Cheney of Defense, Director Kerr of Central Intelligence and Secretary Watkins of Energy.

Mr. Mattice was selected by Security Magazine as one of the “Most Influential People in Security for 2009”. He was designated in 2007 by Security Technology & Design magazine as one of the “Top 10 Movers and Shakers” in the Security Industry. He also was honored by CSO Magazine when they presented him with their 2007 Compass Award for his visionary leadership in the security field. He is a charter member of the Board of Directors for the International NGO Safety and Security Association, and was elected to three terms on the Board of Directors for the International Security Management Association (ISMA). Mr. Mattice also co-chairs the newly established Private Sector Liaison Committee within the Major County Sheriff’s Association.

Mr. Mattice was awarded a Senior Fellowship in 2010 at George Washington University’s Homeland Security Policy Institute. He also participates on HSPI’s Counterterrorism and Intelligence Task Force. He served on the Advisory Board for the Graduate and Undergraduate level Leadership and Management Program in Security (LaMPS) at Michigan State University in East Lansing, Michigan. His education in business disciplines has been enhanced through executive development programs from The Center for Creative Leadership, University of Michigan’s School of Business, Harvard Business School and Harvard’s John F. Kennedy School of Government. The focus of his undergraduate work at California State University – Long Beach was in Security Administration.

Thornton A. May

Mr. Thornton May is one of the premier communicators in the information technology industry. He combines a scholar's passion for empirical research, an entrepreneur's capacity for opportunity identification, and a stand-up comic's gift for storytelling in working with executives to figure out what comes after what comes next.

May is responsible for sculpting executive education information technology curricula at four major business schools: UCLA, UC-Berkeley, Arizona State, and Ohio State. He designed and delivered the information technology portion of the curriculum at the University of Amsterdam's Controller's Institute (special program for multinational chief financial officers). May co-founded the Director's Institute, a program to improve board level technology decision-making.

May's insights have appeared in the Harvard Business Review, the Financial Times, and the Wall Street Journal, among other publications. He also debated the future practice of strategy on National Public Radio.

Joanne McNabb, CIPP/G

Ms. Joanne McNabb is chief of the California Office of Privacy Protection. The organization is a resource and advocate on identity theft and other privacy issues. In addition to providing information and education for consumers, it publishes privacy practice recommendations for business and organizations.

McNabb is co-chair of the International Association of Privacy Professionals' Government Working Group. She also serves on the Privacy Advisory Committee of the Department of Homeland Security. She is a frequent speaker at privacy conferences and seminars.

McNabb has more than 20 years experience in public affairs and marketing in both the public and private sectors, including five years with an international marketing company in France. Her marketing background contributes to her understanding of the commercial uses of personal information that have become a significant privacy concern.

Peter Milla

Mr. Peter Milla is a noted expert and consultant to the global research industry.  Peter has more than 25 years of experience in a wide range of information technology, market/survey research and data privacy and security activities, applying expertise in information technology and market/survey research methods. He has extensive experience with all computer assisted survey information collection technologies, specializing in Internet-based market/survey research.

Prior to becoming a consultant, Peter was Chief Information Officer and Chief Privacy Officer at Survey Sampling International and Harris Interactive.  

Peter is very active in market/survey research industry associations, having served on the Board of Directors of CASRO.  He currently holds leadership roles in several industry workgroups and committees in the areas of technology, government affairs, ISO (quality standards) and Internet research.  

Charlie Miller

Charlie Miller, Senior Vice President - Evangelist
    The Santa Fe Group, Shared Assessments Program

Charlie’s key responsibilities include expanding the Shared Assessments Third Party Risk Management membership driven program and facilitating regulatory, partner and association relationships. Charlie has vast industry experience, having led vendor risk management and financial services initiatives for several global companies. Charlie was previously the Director of Vendor and Business Partner Risk Management at AIG, and implemented third party risk management programs at Bank of Tokyo Mitsubishi (BTMU).  He held multiple leadership roles at Merrill Lynch & Co., Inc. where he oversaw the company’s global vendor management program, designed and implemented major global initiatives including: financial systems standardization; privacy; acquisition/divestiture due diligence; and information leakage and data protection. He also was a consulting partner at Deloitte LLP, and lead a financial services practice unit focused on outsourcing, risk management and cost control.  He began his journey at IBM as a systems programmer.
Charlie is a Certified International Privacy Professional and Certified Third Party Risk Professional.

Tammy Moskites

Tammy Moskites is the Chief Information Officer (CIO) and Chief Information Security Officer (CISO) at Venafi.  Tammy’s vision is to partner with CIOs and CISOs across the globe to provide guidance for them to be able to fortify their strategies to defend against increasingly complex and damaging cyber-attacks against the trust established by cryptographic keys and digital certificates. Tammy’s professional experience, leadership and recognized domain expertise as the CISO of Global 250 companies helps fellow CISOs defend their organizations.

Tammy has over 25 years of IT experience and is noted by her peers to be a results-driven and passionate executive leader with expertise envisioning and leading IT Security, Technology and Operational Support based organizations. She is a Certified Information Security Manager (CISM) and has held her ITIL Foundation Certification since 2001. She is well known within the security community for her ability to step in and fix broken processes and departments and building amazing teams with exceptionally strong morale, self-confidence and teamwork!  Tammy’s professional affiliations include, but are not limited to, ISSA, ISACA, InfraGard, and the Information Risk Security Board. She leads the the Executive Advisory Board for Venafi, Inc., and sits on the advisory board of as well as on the CSO Executive Advisory Board for Qualys, Inc. Tammy moderates for security roundtables, panel events and sought after to speak on reengineering information security organizations and how to make them high performing teams. She has spoken at multiple security events globally including, RSA, ISE, ISSA, ISACA, InfoSec UK, and many more.  You will also find her leading career seminars including “Navigating your IT Career” to diverse groups throughout the United States. One of her passions is to volunteer her knowledge regarding IT Security, Career Planning and Mentoring/Coaching expertise at non-profit companies, diverse chapters and IT events. 

Tammy was recently awarded as a finalist for the 2014 Women in Technology Awards and was also on the cover of CSO Magazine in May 2014, Leap of Faith.  Evanta Global CISO Summit recognized her as one of the top 25 breakaway CISO leaders for 2013. She also was recognized as one of the Top Women in Technology for 2013 by CableFax magazine. Tammy is the 2012 and 2010 North American Information Security Executive People's Choice of the Year Winner at the ISE Awards. She was a finalist for Information Security Executive of the Decade in 2012 and Executive of the year for North America in 2012 and 2010.

In her spare time Tammy is an avid cook.  She enjoys spending time with her family and friends fishing, golfing, entertaining and attending sporting events.

Richard Moulds

Richard is Vice President of Strategy and Business Development for Whitewood Encryption Systems and is responsible for all product, development and go-to-market activities. Richard has more than 15 years experience in the commercial security market and specializes in various applications for cryptography spanning mobile, payments, cloud, internet of things and corporate data protection. 

Prior to Whitewood, Richard was an early member of the executive team at nCipher, a UK based start-up focused on internet security, and as head of marketing contributed to a successful IPO and subsequent acquisition by Thales. Richard has also held executive marketing and product management roles in the video communications industry. Richard has a BSc in Electronics Engineering and an MBA from Warwick Business School in the UK. Richard is a widely regarded commentator on cybersecurity, privacy the use of cryptography and is the author of Key Management for Dummies and PCI Cardholder Data Protection for Dummies.

Valmiki Mukherjee

Valmiki (Val) is a globally recognized expert in cyber and cloud security industry with focus on innovation and collaboration to address the information security needs of the future. He currently serves as an Executive Director in the Cyber Advisory Services at EY. Val for several years has served as trusted advisor to a number of the top Fortune 500 C-Level executives, public agency leaders and education institution management teams.

Val is considered as an original thought leader in the domain of Cyber Peace and in 2014 established the Cyber Peace Alliance, a global think/do tank of cybersecurity and policy experts advancing the concept of a secure and trusted Cyberspace. Val founded the Cyber Future Foundation and its Constituents including the Cyber Peace Alliance to take the initiative forward.

Val is known for his Commitment to the information security professional community and is constantly engaged  as a leader and contributor within many standards initiatives, security alliances and consortium. He also serves as the Global Co-chair of Cloud Security Alliance's IAM domain. Val is also the Founder   Current Chairman of CSA North Texas which in a couple of years has grown to be a significant contributor to the global Cloud Security domains. He also addresses graduate classes at leading schools on Information Security, Risk Management and Cloud Security.

Jon Neiditz

Jon Neiditz co-leads the Cybersecurity, Privacy and Data Governance Practice at knowledge asset protection law firm Kilpatrick Townsend & Stockton LLP.  Jon has been named a “Cybersecurity Trail Blazer” by the National Law Journal, is listed as one of the Best Lawyers in America® in Information Management Law, and is listed more questionably by Twitter (of course) as the 82nd most influential person in the world in data security (the last of which led Jon to seek isolation from the social media world, wanting only to converse with Ponemon Fellows on long walks). 

One of the first lawyers to focus broadly on data governance and knowledge asset protection, Jon helps clients anticipate and obviate information risks, appropriately monetize information, comply with information laws, and contain and obtain coverage for incidents.  He has managed responses to multiple data breaches and other information security incidents every week since 2005 as well as helped design and implement many strategic and compliance initiatives in the areas of privacy, cybersecurity and information management.  Jon holds a J.D. from Yale Law School and a B.A., magna cum laude, from Dartmouth College.  When he reenters the world, Jon will again blog at and, and tweet as @jonneiditz.  

Jeff Nicol

Jeff Nicol works as a Privacy Protection Expert in the Consumer Business Group at Huawei in Düsseldorf, Germany.

Jeff entered the privacy space back in 1999 as Intel’s first dedicated privacy employee. He built the privacy team at Intel, with initial focus on customer and worker data privacy, along with early forays into product privacy and ‘privacy by design’. He moved on from Intel to start Privacy Ready LLC, a boutique consulting practice doing privacy work for the likes of TRUSTe, Cisco Systems and their various subsidiaries (Linksys, Scientific Atlanta, WebEx). Privacy Ready had many repeat customer engagements, earning Mr. Nicol accolades from ComputerWorld as one of the ‘Top 25’ Privacy Consultants.

Jeff has a number of IAPP privacy certifications (CIPP/US, CIPP/G, CIPP/E, CIPM, CIPT), was awarded the IAPP’s Fellow of Information Privacy (FIP) designation, and is a Ponemon Fellow. As a new resident of Germany, Jeff is enjoying exploring the region and getting a first-hand perspective on what it’s like to ‘do privacy’ while sitting in the heart of the EU.

Stuart Noad

Stuart Noad is Director of Marketing (Northern Europe) for Appsense, the global leader in User Virtualisation. Previously Mr. Noad served as Marketing Director, and as a member of the operational board, for HP Information Security, successfully overseeing its brand transition from Vistorm.

During this time, and with Ponemon Institute, Mr. Noad has delivered many new security initiatives including the Security Effectiveness Rating and the Cyber Security Benchmark. He is a Chartered Marketer with more than 12 years experience across a wide range of leading security, software and IT services businesses.

Stanley Norman

Stanley R. Norman, P.Eng.  is the Founder and President of ACK  Enterprises – Security Solutions. He is also the President of the FBI’s North Texas InfraGard.

Previous experience includes:  Multiple Research and Development executive positions with extensive experience (designer and management) in global product developments from Concept to Market Deployment.  Over 30 years of R&D experience in the high tech Critical Infrastructure areas of Communications and Information Technology with a heavy emphasis on utilizing the latest advanced technologies along with Security and Intelligence Analysis. Global R&D product responsibilities included Hardware/Software/System Design, Strategic Planning, R&D Effectiveness, Competitive Analysis, Multi-Site Product Development and Introduction to Market, Network Security, Internet and Intranet Security. Additional focus was provided in the areas of Anatomy of Database Attacks, Protection from Insider Threats, Using Data Analytics in Fraud Investigations and Service Organizations Control.

Currently managing and operating a company that specializes in leveraging leading edge technologies for Security Solutions in the following areas: Internet, Cyber Technologies, Perimeter Security, Surveillance Systems, Intrusion Detection, Monitoring, Electronic Access Control, Private Investigations, Digital Forensics, Cybercrime and Intelligence Analysis.

The following is a list of current security affiliations: North Texas Crime Commission (NTCC), Vice Chair of the NTCC Cyber Crime Research Group, Vice Chair of the NTCC Cybercrime Committee, NTCC Health Care Fraud Committee, FBI Health Care Fraud Working Group, United States Secret Service Electronic Crimes Task Force, United States Coast Guard (Aux)- Eighth Coast Guard District, Fusion Liaison Officer - North Central Texas Fusion Center for intelligence gathering, Department of Homeland Security Cyber forums, FBI Cyber Squad.

Also graduated from the following citizen academies: FBI Academy, District Attorney’s Prosecutor Academy, Dallas County Sheriff’s Academy, Collin County Sheriff’s Academy, Plano Police Academy. Two other academies are being pursued – Texas Department of Public Safety (DPS) and Dallas/Fort Worth International (DFW) Airport Police Department.

Background also includes: Licensed Professional Engineer,  Senior member of the Institute of Electrical and Electronic Engineers, Past mentor at the University of Texas for the MBA program, Past Vice president of the TL-9000 Special Interest Group, Member of the Association of Professional Engineers, Licensed Private Investigator specializing in Digital Forensics and Cybercrime, Holder of four United States Patents.