Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.


Ponemon Institute Fellows: P-Q-R

< Back to Ponemon Fellows

Paul E. Paray

Paul E. Paray, Esq. is a partner with Zimmerman Weiser & Paray LLP in New Jersey.

Paul has practiced law in the New York metropolitan area for nearly three decades and enjoys a privacy and commercial litigation practice focused on breach notification, data security audits, and privacy policy review.  He has extensively written and spoken on privacy and intellectual property matters including at RSA, PLUS, IAPP, NJICLE, ACG, AHRMNY, EIPS (Conference on Corporate IP Strategy, Henan Province, China), SecureWorld Expo, LegalTech Privacy Summit, IAITAM, and Harvard Privacy Symposium.  Paul has also been quoted in numerous trade journals and can be found musing on privacy matters at 

Stuart L. Pardau

Stuart L. Pardau is an attorney, corporate executive, and scholar with expertise in data security and privacy, which is complemented by his experience in the intellectual property and corporate law areas. Currently, Stuart is an Assistant Professor (tenure-track) at the College of Business and Economics at California State University Northridge and is also a member of the Leadership Council at the Rand Corporation in Santa Monica.

In addition, to his academic pursuits, Stuart has his own private law and consulting practice, The Law Offices of Stuart L. Pardau Associates, where he advises clients on intellectual property, data security/privacy, and corporate law issues. Prior to that, Stuart was, for close to 10 years, the Chief Legal Counsel, at the leading market research firm, J.D. Power and Associates, where he became a thought leader in technology, data security and privacy issues concerning the market research industry, including through his work as a member of the Council on American Survey Research ("CASRO") Legislative Affairs Committee.

A former Managing Director and Regional Counsel of FedEx Corporation, based in Tokyo, Japan, Stuart also has over 10 years of experience living and working in East Asia, with particular expertise in Japan, China and the Republic of Korea. Stuart is conversational in Japanese and has a J.D. from Stanford Law School and a Masters degree from Cambridge University in the U.K.

Phyllis A. Patrick

Phyllis Patrick is Founder and President of Phyllis A. Patrick & Associates LLC, a consulting group specializing in providing strategic planning, security, and privacy services to the health care industry.  The company’s practical approach to security and privacy is reflected in its diversity of clients, which include academic medical centers, community hospitals, physician groups, vendors and business associates, health information exchanges, and pharmaceutical companies.

In addition to serving as Vice President, Planning and as Administrator for laboratory services for a health system in California, Ms. Patrick has held senior positions in security, privacy, and compliance at major academic medical centers in New York.  She was named the first   Information Security Officer at the Mount Sinai Medical Center in Manhattan.  As Vice President and Chief Compliance Officer at the Hospital for Special Surgery, she created and directed the organization’s Compliance Program, which included the Privacy and Security Programs. 

As a consultant to Strategies for Tomorrow, a company known for its expertise in Health Information Exchange (HIE) development, Ms. Patrick has led Privacy and Security initiatives for HealtHIE Nevada, Indiana Health Information Technology, Inc. (IHIT), and HealthBridge.

She is a member of the Privacy and Security Work Group for the North Carolina Healthcare Information and Communications Alliance, Inc. (NCHICA) and a Board member of the New England Healthcare Internal Auditors (NEHIA). A long-­â€time member of the Greater New York Hospital Association (GNYHA), she was a founding member of GNYHA’s Security Work Group and a contributing member of the Compliance Work Group.  

A member of the Editorial Advisory Board for HCPro’s Briefings on HIPAA, Ms. Patrick is also member of the GRC Advisory Board for Wolters Kluwer Law & Business.  In 2013 she was appointed to the Ponemon Institute’s RIM Council, a select group of privacy, security and information management leaders from multinational corporations who are champions within their various industries on issues involving privacy and data protection.  She is a frequent speaker at national and regional conferences and professional associations, including the HIPAA Summit, AMC Privacy and Security conferences, Health Care Financial Management Association (HFMA), the Association of Healthcare Internal Auditors (AHIA), and others.  She is frequently quoted in healthcare publications.  She is the author of the book, The Complete Guide to Healthcare Privacy and Information Security Governance.

Ms. Patrick received her B.S. in Psychology from the Pennsylvania State University and her M.B.A. in Health Care Administration from Cornell University.  She is a Fellow in the American College of Healthcare Executives and is certified in healthcare compliance and information security  management.

Deborah C. Peel, M.D.

Deborah C. Peel, MD is the leading national and international advocate for restoring patients' rights to control the use of sensitive personal health information in electronic systems.  She also has practiced as a physician and psychoanalyst for over thirty-five years.

She was named one of the "100 Most Influential in Healthcare" in the US by ModernHealthcare magazine four times since 2007-the first privacy expert and consumer advocate on the list.

She learned about the lack of health privacy from her patients. Many feared seeking treatment unless their records were private. They had lost jobs or reputations using health insurance to pay for care. They realized physicians disclose medical records to get insurance payments, and insurers share health information with employers, so they offered cash for privacy.

In 2004, she formed Patient Privacy Rights (PPR),, which has become the world's leading consumer health privacy advocacy organization. PPR has over 12,000 members in all 50 states.

In 2006, Dr. Peel founded the bipartisan Coalition for Patient Privacy, representing 10.3 million Americans. The Coalition is responsible for the historic privacy protections in the stimulus bill: a ban on sales of PHI, audit trails, segmentation, breach notice, the right to prevent disclosure of PHI for payment and HCO if payment is out-of-pocket, and encryption. Microsoft joined the Coalition in 2007.

In 2011 PPR and the University of Texas LBJ School of Public Affairs created the 1st International Summit on the Future of Health Privacy. The summits are the only place where both threats to health privacy and solutions are thoughtfully debated by national and international experts from advocacy, academia, government, and industry.

In 2012, PPR expanded the summit and partnered with the O'Neill Institute at Georgetown Law Center, the University of Cambridge Computer lab, the Harvard Data Privacy Lab, and The University of Texas School of Information. Sponsors included Microsoft, FairWarning, Jericho Systems, Accenture, Dell, CA Technologies, PwC, IDExperts, e-MDs, Meditology, and TATRC. See:

Dr. Peel was the First Tocker Fellow at the University of Texas School of Information. See:

Edgar Perez

Edgar Perez is a published author, business consultant for billion-dollar private equity and hedge funds and Council Member at the Gerson Lehrman Group, Guidepoint Global Advisors and Research International, with subject matter expertise in cyber security, investing, trading, financial regulation (Dodd-Frank Act) and market structure. He is author of Knightmare on Wall Street (2013), and The Speed Traders, published in English by McGraw-Hill Inc. (2011), 交易快手, published in Mandarin by China Financial Publishing House (2012), and Investasi Super Kilat, published in Bahasa Indonesia by Kompas Gramedia (2012). Mr. Perez is course director of Cybersecurity Boardroom Workshop and The Speed Traders Workshop; he has presented his workshops in Singapore, Hong Kong, Sao Paulo, Seoul, Kuala Lumpur, Warsaw, Kiev, New York, Singapore, Beijing, Shanghai. He has contributed to The New York Times and China’s International Finance News and Sina Finance.

Mr. Perez has been interviewed on CNN's Quest Means Business, CNBC's Squawk on the Street, Worldwide Exchange, Cash Flow and Squawk Box, FOX BUSINESS's Countdown to the Closing Bell and After the Bell, Bloomberg TV's Market Makers, CNN en Español's Dinero, Petersburg – Channel 5, Sina Finance, BNN's Business Day, CCTV China,,, Leaderonomics, GPW Media, Channel NewsAsia's Business Tonight and Cents & Sensibilities. In addition, Mr. Perez has been featured on iMoney Hong Kong, The Wall Street Journal, The New York Times, Dallas Morning News, Valor Econômico, FIXGlobal Trading, TODAY Online, Oriental Daily News and Business Times. Mr. Perez has presented to the Council on Foreign Relations, Vadym Hetman Kyiv National Economic University (Kiev), Quant Investment & HFT Summit APAC (Shanghai), U.S. Securities and Exchange Commission (Washington DC), CFA Singapore, Hong Kong Securities Institute, Courant Institute of Mathematical Sciences at New York University, University of International Business and Economics (Beijing), Hult International Business School (Shanghai) and Pace University (New York), among other public and private institutions. In addition, Mr. Perez has spoken at a number of global conferences, including Fund Selector Summit Miami 2016 (Key Biscayne), Cyber Security World Conference (New York), Inside Market Data (Chicago), CME Group‘s Global Financial Leadership Conference (Naples Beach, FL), Harvard Business School’s Venture Capital & Private Equity Conference (Boston), MIT Sloan Investment Management Conference (Cambridge), Institutional Investor’s Global Growth Markets Forum (London), TradeTech Asia (Singapore), FIXGlobal Face2Face (Seoul) and Private Equity Convention Russia, CIS & Eurasia (London).

Mr. Perez was a vice president at Citigroup, a senior consultant at IBM, and a strategy consultant at McKinsey & Co. in New York City. Previously, he managed Operations and Technology for Peruval Finance. Mr. Perez has an undergraduate degree in Systems Engineering from Universidad Nacional de Ingeniería, Lima, Peru (1994), a Master of Administration from Universidad ESAN, Lima, Peru (1997) and a Master of Business Administration from Columbia Business School, New York, with a dual major in Finance and Management (2002). He belongs to the Beta Gamma Sigma honor society. Mr. Perez is an accomplished salsa and hustle dancer and resides in the New York City area with wife Olga, son Edgar Felipe and daughter Svetlana Sofia.

Jill Phillips

Jill Phillips is Sr. Attorney, Privacy & Security, for Intel. Previously, Jill was the Chief Privacy Officer for General Motors as well as the Global Privacy Manager for Chevron, where she established Chevron's privacy program, and the first Global Privacy Officer for Dell. Jill’s interest in privacy began in the late 1990’s when she was e-commerce senior counsel at Ford Motor Company.  Jill is a Certified Information Privacy Professional (CIPP/U.S. and Canada) and a frequent lecturer and panelist in the area of global data protection.

Christopher T. Pierson, Ph.D., J.D.

Dr. Christopher Pierson serves as the EVP, Chief Security Officer and Chief Compliance Officer for LSQ Holdings and a separate start-up payment company.  In this role, he is responsible for corporate security and compliance risks including all cybersecurity, fraud, intelligence, audit and its compliance, regulatory, anti-money laundering, information assurance, and privacy programs.  He chairs the corporate-wide Executive Risk Management Committee focusing on governance and strategic risks.

Dr. Pierson also serves as an appointed member for the Department of Homeland Security Data Privacy and Integrity Advisory Committee and Cybersecurity Subcommittee providing advice and guidance to the Secretary and Chief Privacy Officer on policy, operational, strategy, and technological issues affecting our country’s national security interests.

Previously, Chris was the SVP and first Chief Privacy Officer for the Royal Bank of Scotland's U.S. banking operations leading its privacy and data protection program.  Chris was responsible for the global roll-out of privacy as functional business unit and led RBS on the largest revitalization of its information technology, cybersecurity controls, regulatory framework, and operational efficiency.

Chris also served as a corporate attorney for Lewis and Roca where he established its Cybersecurity Practice and advised on information security, data breaches, privacy, intellectual property, and cyber law matters for Fortune 500 companies across all business sectors.  Chris is a graduate of Boston College (B.A., M.A.) and The University of Iowa (Ph.D., J.D.) and speaks at national events and is frequently quoted on cybersecurity.

Paige Poore

Paige Poore is the Director of Global Business Continuity Management for IBM.  Ms. Poore has world-wide responsibility for governance, guidance and business continuity risk management across the enterprise This includes the integration of business continuity management with crisis management, disaster recovery and cybersecurity teams.   Prior to this position, she led world- wide enterprise transformation and risk management initiatives for IBM CHQ.

Ms. Poore has 25+ years of information technology industry experience and has held world-wide leadership roles in Corporate Enterprise Transformation, the CIO organization, Services, Sales, and Research divisions.   She specializes in driving corporate- wide technology and business initiatives across a complex, globally integrated enterprise.

Ms Poore has experience across a broad spectrum of technologies including semiconductor, ecommerce, enterprise systems, data architecture, analytics, and has a wealth of international experience, having led teams in the U.S., Europe, and Asia. 

Her thought leadership in technology and innovation has been shared in industry conferences, panel discussions, consulting engagements and she is an author of a number of industry publications.  Most recently this includes the thought leadership whitepaper  “How IBM is enhancing Business Continuity Management to help address changing business realities – a more business centric approach to help reduce business continuity risk” and  “Counting the Cost with Business Continuity” an article published on the Building a Smarter Planet blog.    She has been a speaker at numerous industry events.

Ms. Poore holds 4 patents, 2 invention disclosures and is the recipient of IBM’s Bravo Award for technology implementation, IBM Division Leadership Award, the Corporate Innovative Achievement Award, and Invention Plateau Award.  She holds a BS in Chemistry from the University of North Carolina at Greensboro, and a MBA from Duke University.

Nils Puhlmann

Nils is a Co-Founder and member of the Board of the Cloud Security Alliance, a community of over 50,000 security professionals in over 50 chapters worldwide with the goal to promote the use of best practices for providing security assurance within Cloud Computing. The Alliance also educates on the uses of Cloud Computing to help secure all other forms of computing.

Nils Puhlmann was the Chief Security Officer of Zynga and led the converged security department, managing all security risks for the company and chairing the Security Risk Committee. He oversaw the company’s security domains of product & application security, security engineering & architecture, investigations & incident response, security intelligence & threat assessments, physical security, executive protection, ecrime and security compliance & audit.

Before joining Zynga, he served as Chief Security Officer of Qualys, where he was responsible for security, risk management and business continuity planning. His responsibilities included the security of the cloud-based QualysGuard SaaS platform. He also led the Qualys CSO Advisory Board and evangelized at various international industry events in areas of security management and cloud security.

Prior to Qualys, Puhlmann was the Chief Information Security Officer for Electronic Arts, with global responsibility for information security, intellectual property protection, risk management, compliance, physical security, forensics & investigations and business continuity management/disaster recovery. He was also previously the Chief Information Security Officer at Robert Half International, where he had global responsibility for managing information security, risk management, privacy, forensics & investigations, CERT and Business Continuity Management enterprise wide.

Prior to that, he was Director Global IT & Security and Chief Privacy Officer at Mindjet Corp, where he managed Mindjet's global information security, physical security and privacy programs. He was also a Senior Manager of Product Security at Adobe Systems, responsible for creating and managing Adobe's product vulnerability program, overseeing security assessments of Adobe applications, driving product security certifications, and promoting secure development practices. He created Adobe's product security incident response team, chaired Adobe's Security Task Force and managed Adobe's first Common Criteria Certification.

Puhlmann also held senior positions at Nortel Networks and START Amadeus, and was an independent security consultant with clients such as the State of California and other foreign States. He maintains numerous security certifications, including CISSP-ISSMP and CISM. He has held Board of Directors positions in the past (ISACA Silicon Valley) and is currently a Director on the Board of the Cloud Security Alliance, a Director on the International Board of Directors of ISSA, a Board member of OVAL (Open Vulnerability and Assessment Language), an Advisory Board member for several Security Companies and has been called as a subject matter expert by ISACA and ISC2. He was also a member of the Advisory Council for the CISO Forum of ISSA.

In 2012, Puhlmann was a finalist for the “CSO of the Year” award by SC Magazine. Puhlmann was invited in 2009 by the Dept. of Defense and the Executive Office of the President to speak at the National Cyber Leap Year Summit in Washington, DC. and is a frequent speaker and keynote presenter at global security and technology conferences. He is considered a visionary in the field of converged security risk management and information security and his advice is frequently sought after by corporations and government entities.

Michael L. Puldy

Michael Puldy is the Director of IBM’s Global Business Continuity Management program.  In his current capacity, he is responsible for IBM’s business continuity program strategy and working with IBM’s senior executive team and all business units on tactical compliance.  He has been with IBM for nineteen years of which thirteen years have been spent working directly in the IBM Resiliency Services business.  Throughout his IBM Resiliency Services career, Michael has worked in multiple roles including sales, presales and contracts, solution design, service delivery, operations and general manager. 

In his previous assignment, Michael was based in Singapore leading IBM Resiliency Services for Asia Pacific and IBM’s growth markets where he was responsible for both sales and delivery in those theaters. 

In 2000, Michael left IBM Resiliency Services for a five-year break to work in IBM’s Systems and Technology Group storage division.  During that assignment, Michael had global responsibilities for client support for all storage hardware and software products.  He was also responsible for the DS8000 high-end disk storage architecture and IBM’s Global Mirror disk replication technology.

Prior to joining IBM, Michael served as Vice President Technical Systems for a regional bank in the United States.  During this 10-year period, Michael was responsible for data center operations as well as technical elements of the bank’s business recovery operation.

Michael can be found on twitter at, and he is the author of The Millennial’s Guide to Business Travel, Lessons for the Next Generation of Road Warriors.

He has a BS in computer science from Clemson University, and a MBA from the University of North Florida.

James Ransome, Ph.D., CISSP, CISM

Dr. James Ransome, CISSP, CISM, is the Senior Director of Product Security and responsible for all aspects of McAfee’s Product Security Program to include the Product Security Incident Response Team (PSIRT), a corporate-wide initiative that supports the delivery of secure software products to customers. He is a recognized security practitioner, author, and speaker with a current focus software security. His career is marked by leadership positions in the private and public industries, having served in three chief information security officer (CISO) and four chief security officer (CSO) roles at Applied Materials, Autodesk, Qwest Communications, Pilot Network Services, Exodus Communications, Exodus Communications -Cable and Wireless Company, and Cisco. Ransome was also the vice president of Integrated Security at CH2M HILL and senior vice president of Commercial Managed and Professional Security Services at SecureInfo Inc. While at Exodus Communications and Cable and Wireless, he managed Internet and physical security for hundreds of thousands of users within the world's largest commercial hosting environment, serving more than 4,500 customers from 42 data centers.

Ransome has 23 years of government service, which includes ten years as a computer scientist and geospatial imagery intelligence analyst, weapons of mass destruction threat credibility assessment analyst and senior NEST key leader for DOE/Lawrence Livermore National Laboratory, three years as US Special Agent for the Naval Criminal Investigative Service (NCIS), and is a retired Naval Intelligence Officer (Commander) and former U.S. Marine Corps Weapons Platoon Sergeant and Intelligence Specialist with twenty-three years combined active and reserve service.

He holds a Ph.D. in Information Systems and developed/tested a security model, architecture, and provided leading practices for converged wired-wireless network security for his doctoral dissertation as part of a NSA/DHS Center of Academic Excellence in Information Assurance Education program. He is a member of Upsilon Pi Epsilon, the International Honor Society for the Computing and Information Disciplines, a Certified Information Security Manager (CISM), a Certified Information Systems Security Professional (CISSP), and a Ponemon Institute Distinguished Fellow.

Ransome recently authored his 10th information security book “Core Software Security: Security at the Source.” He also developed the initial wireless, network architecture, SCADA, Cryptography, and VoIP security leading practices for the Federal Communications Commission Network Reliability and Interoperability Council Focus Group on Cybersecurity – Homeland Defense.

Steve Ransom-Jones

Steve Ransom-Jones has worked in the field of information security for over twenty-five years where he has developed a passion for adapting methodologies to assess and solve unstructured problems. He is responsible for leading the evolution of the Privacy, Risk and Advisory services for Neohapsis as well as delivering them to key clients.

He started his information security career working for the UK Government Communications Headquarters and has been heavily involved in deploying secure solutions globally using some of the practices that emerged from Europe in the 80's and 90's, including ITSEC and BS7799. Mr. Ransom-Jones moved to the US in 1998 to join IBM as a security consultant where he contributed to developing the practice's privacy methodology and performed or managed engagements on behalf of a wide variety of clients. He also experienced the thrills and issues of security and compliance challenges in outsourcing environments as he managed the delivery of security services for several of IBM's Fortune 100 outsource customers.

In his own time he enjoys “applied risk management” as an aviator by constructing and acting as a test pilot for experimental aircraft. He has designed and developed his own avionics hardware, software and firmware. He finds this a relaxing blend of practical construction, design and sound decision making activities.

Randy Raw

Randy Raw is Vice President of Information Security at Veterans United Home Loans (VU).  He is a proponent of risk-based, layered security measures that utilize both preventative and detective approaches to achieve the right solution for the organization. While at VU he has developed a unique model to help organizations evaluate and determine if InfoSec spending is improving security posture and reducing risk.

Randy has almost 30 years of experience in both public entities and private industry. Prior to VU, he led security efforts at the Missouri Research and Education network (MOREnet), Linn State Technical College (now State Technical College of Missouri) and the Osage County R-2 school district. While at MOREnet he was a member of REN-ISAC, serving on the Technical Advisory Group.

Mr. Raw is a CISSP and is active in the Central Missouri InfoSec community serving as a former president and board member of the Central Missouri InfraGard chapter and a founding member of the Central Missouri OWASP chapter. He is a frequent speaker on InfoSec and leadership topics.


Mark W. Reardon

Mark Reardon is the Vice-President of Information Security and CISO for the WellStar Health System, the largest health system in Georgia with over 20,000 employees. Mark oversees the System’s compliance with various information security requirements and the System’s Information Risk Management Program. This includes working with numerous service providers, to insure patient information is protected.

Mark’s background includes a blend of information security and IT governance with IT operations and software development experience. He served as the CISO for the state of Georgia for over ten years, implementing an information security program that followed the risk management framework established by NIST. In this capacity, Mark worked with the Governor’s Office to develop required agency reporting standards, and to develop a statewide risk management process that reports directly to the Governor.

Prior to becoming a CISO, Mark was Director of Security Engineering at CyberTrust Inc. (formerly TruSecure Corp.) and also an information security consultant in the transportation industry with Norfolk Southern Corporation. Additionally, Mark helped build the S1 Corporation from a startup into a leader in the banking and financial services software solutions industry, serving in several roles during his tenure including Director of Technology and Director of Software Development. He also managed S1’s Information Security Consulting Practice and was the Director of Information Security for the first transactional bank on the Internet.

Mark’s early IT experience includes developing data communications equipment and embedded software for Rockwell International, DCA Inc., Racal-Milgo, and AT&T Tridom.

John C. Reece

John C. Reece is chairman and CEO of John C. Reece & Associates, LLC, the firm he founded to provide personal leadership assistance to corporate and government executives in resolving issues having high impact on their enterprises' value creation performance. The firm assists private and public sector clients over nearly 15 years and enjoys a strong mix of new and repeat relationships.
His entire 50 + year professional career has been devoted to applying leading-edge computing, networking, security and privacy technologies to transform businesses—how they earn and add value, serve their stakeholders and win competitively.  He has brought thought leadership and success in all of  these endeavors across four ascending career stages— manager/practitioner, professional management consultant, corporate CIO and ultimately, as CEO and entrepreneur

Earlier, Reece served as Deputy Commissioner for Modernization and chief information officer at the IRS. He was also vice president of Information Technology at Time Warner Inc., functioning as that company's first CIO. Before moving to Time Warner, Reece created the enterprise CIO role at Alexander and global insurance broker, Alexander Services, Inc.

He was managing partner of Booz, Allen & Hamilton’s IT practice in the Midwest for over a decade and EVP and managing partner of Strategic Planning Associates’ (SPA) IT strategy team until it was sold to Marsh & McLennan.   He began his career as a practicing IT professional at IBM, Union Carbide and American Express Card Division.  He currently serves on 3M Corporation’s Visual Privacy Security Advisory Board and has been a Ponemon Fellow since that program’s inception.  He is a Northwestern University graduate

Ojas Rege

Ojas Rege is VP Strategy at MobileIron. His perspective on enterprise mobility has been covered by Bloomberg, CIO Magazine, Financial Times, and Forbes. He coined the term “Mobile First” on TechCrunch in 2007, one week after the launch of the first iPhone, to represent a new model of personal and business computing. He is co-inventor on four mobility patents, including the enterprise app store and selective management for BYOD.

Ojas has been with MobileIron for over six years as the company has grown from an idea to a Mobile IT platform with over 6,000 enterprise customers. MobileIron has been in the Leaders Quadrant of the Gartner Magic Quadrant for Enterprise Mobility Management for four consecutive years.

Prior to MobileIron, Ojas was responsible for the mobile product teams at Yahoo! and AvantGo. He started his career in 1988 as product line manager at Oracle and also spent six years at Boston Consulting Group. Ojas has a BS/MS in Computer Engineering from M.I.T. and an MBA from Stanford University. He is also Board Chair for Pact, a non-profit in Oakland California that provides adoption services for children of color and their parents. You can follow him on twitter at @orege.

Jim Richards

Jim was born in Michigan, raised in suburban Philadelphia, and resided in New Hampshire and Oregon before moving to West Virginia in 1981.

Jim has 30 years, and a variety of experiences, in the Information Technology field, and assumed the position of the first Chief Information Security Officer for the State of West Virginia in October, 2005. Prior to being hired as the CISO, Jim was with the West Virginia Department of Health and Human Resources, where he began as the Project / Program Manager for the Child Support software system, and was later responsible for all IT related procurement, policy and procedure development, and built the Department’s Information Security Program from the ground up.

Before working for the State of West Virginia, Jim worked for IBM as an Account Executive, supporting multiple major West Virginia state agencies.  During this time, Jim was instrumental in the first deployment of personal computers and office automation in West Virginia state government.
Jim graduated from West Virginia University with a degree in Computer Science.  Jim earned his CISSP credential in 2003, followed by his CIPP/US/G/IT certifications.

Jim has served as the President of the WV Chapter of InfraGard in 2006 and 2008, and Vice President in 2005 and 2007.  Jim was elected to the MS-ISAC Executive Committee in 2013, while serving as a co-chair of the Security Education and Awareness Workgroup of the MS-ISAC.

Kevin Richards

Kevin Richards is Managing Director for Accenture’s global security strategy and risk business and leads the security practice for North America – with responsibility for overseeing Accenture’s business in the United States, the company’s largest cybersecurity market, and Canada.

As a senior member of Accenture’s global security leadership team, Kevin oversees overall client value delivery, account management, client satisfaction, sales growth, revenue and profit for Accenture's suite of security offerings in North America. These differentiated offerings drive transformational value and productivity for clients across strategic industry groups– and are delivered through Accenture’s Global Delivery Network, which consists of more than 50 delivery centers across five continents.

Kevin is an information risk management professional with over 28 years of experience in information security and enterprise risk management. Working with large multi-national corporations, as well as the United States Department of Defense and other U.S. Federal agencies, Kevin provides an array of technical and pragmatic perspectives on building and protecting an organization’s critical information assets.

He often serves as an expert resource for journalists and is a frequent speaker at national and international security and IT conferences covering various cyber security topics.  Kevin has published numerous articles on information security and is a regular contributor to monthly security periodicals.  Publications include The Washington Post, USA Today, Vancouver Sun,, SC Magazine, and the ISSA Journal.

Kevin is a prior International President for and a Distinguished Fellow of the Information System Security Association ( and is a Certified Information Systems Security Professional.  He holds a bachelor of arts degree from Michigan State University.

Paul Rohmeyer

Paul Rohmeyer has over 20 years of professional experience in Financial Cybersecurity and Management Information Systems, among other areas.  Paul is a faculty member at Stevens in the School of Business and has presented and published on information security, decision-making and business resiliency. He has consulted since 2000, delivering executive-level guidance in the areas of risk management, information assurance and network security to premier corporate clients in the financial services, pharmaceutical and energy industries.  Prior to his consulting career, Paul served as Director of IT for AXA Financial and Director of IT Architecture Planning for SAIC/Bellcore. Paul holds a MBA in Finance from St. Joseph’s University, M.S. and Ph.D. degrees in Information Management from Stevens Institute of Technology and a B.A. in Economics from Rutgers University. Paul has achieved the CGEIT (Certified in the Governance of Enterprise IT), PMP (Project Management Professional), and NSA-IAM (U.S. National Security Agency Information Assurance Methodology) credentials.