Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.


Ponemon Institute Fellows: V-W-X-Y-Z

< Back to Ponemon Fellows

David A. VanderNaalt

Mr. David A. VanderNaalt is a noted expert and consultant in the security industry. He is the former Chief Information Security Officer for the state of Arizona, leading the Statewide Information Security and Privacy Office. SISPO serves as the strategic planning, facilitation and coordination office for information technology security, privacy protection, and the protection of the technology critical infrastructure in the state.

Prior to assuming that position, David served the City of New York at the Department of Investigation in a dual role, as Director; Digital Forensic Investigations and Director, NYC Citywide Information Security Program. David served his last year with the City as Director of Citywide Continuance Planning at the Department of Information Technology in a cooperative role with the Office of Emergency Management, creating the baseline model for the City’s Continuity of Operations Plan.

David served in several capacities at American Express, including Director of worldwide network change and problem management; and led the creation of the worldwide Information Security group. David was the first corporate information security officer for AMEX worldwide operations. 

In 1983, David created one of the first formal security groups in the US at Central & South West Services in Dallas, TX.

David proudly served in the US Navy from 1968 – 1971.  David Studied Behavior Science at Grand Canyon College prior to entering the Navy.

Mark Weatherford

Mark Weatherford is a Principal at The Chertoff Group and advises clients on a broad array of cybersecurity issues.  As one of the nation’s leading experts on cybersecurity, Mr. Weatherford works with businesses and organizations around the world by helping create comprehensive and strategic security programs.

Mr. Weatherford is a Distinguished Visiting Fellow at the Homeland Security Studies & Analysis Institute, serves on the Advisory Board of AlertEnterprise, Coalfire Systems and Cylance, is a member of the Bipartisan Policy Center’s Electric Grid Cyber Security Initiative, and serves on the Idaho National Laboratory’s Strategic Advisory Group (SAG) for Electric Grid Resilience.

Prior to joining The Chertoff Group, Mr. Weatherford was appointed by President Obama as the Department of Homeland Security’s first Deputy Under Secretary for Cybersecurity.  Before joining DHS, Mr. Weatherford was the Vice President and Chief Security Officer at the North American Electric Reliability Corporation (NERC) where he directed the cybersecurity and critical infrastructure protection program and worked with electric utility companies across North America.  Prior to NERC, Mr. Weatherford was appointed by Governor Arnold Schwarzenegger to serve as California’s first Chief Information Security Officer and was also the first Chief Information Security Officer for the State of Colorado, where he was appointed by two successive governors.

As a former U.S. Navy Cryptologic Officer, Mr. Weatherford led the United States Navy’s Computer Network Defense operations and the Naval Computer Incident Response Team (NAVCIRT).

Mr. Weatherford earned a bachelor’s degree from the University of Arizona, a master’s degree from the Naval Postgraduate School and holds the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) certifications. He was awarded SC Magazine’s “CSO of the Year” award in 2010, named one of the “10 Most Influential People in Government Information Security” by GovInfoSecurity in both 2012 and 2013 and was selected for the 2013 CSO Compass Award for leadership achievements in the security community.

Jo Webber

Dr. Jo Webber is an experienced CEO with board level experience at 12 public and private companies. She has worked in multiple technology fields including; pharmaceutical and biotechnology, oil and gas, ecommerce and payments and security. She has experience working with international privacy issues including contract matters with minors across Europe and in the USA. While the CEO of Oink, a P2P payment provider, she lead the company to successful compliance with the US’s COPPA regulations and gained TRUSTe’s Privacy Certification. She has experience operating a business under PCI compliance and has years of experience with fraud detection in the ecommerce field. She has worked directly in the security industry with Spirion – specializing in data security.

Jo Webber has a Doctor of Philosophy (PhD) focused in Quantum Physics from Nottingham Trent University. She is a Fellow of the Royal Society of Chemistry and has authored three patents in the technology sector and multiple per-reviewed papers.

Joseph Weiss

Joseph Weiss, PE, CISM, CRISC, ISA Fellow, IEEE Senior Member, is an industry expert on control systems and electronic security of control systems, with more than 35 years of experience in the energy industry. He spent more than 14 years at the Electric Power Research Institute (EPRI) where he led a variety of programs including the Nuclear Plant Instrumentation and Diagnostics Program, the Fossil Plant Instrumentation & Controls Program, the Y2K Embedded Systems Program and, the cyber security for digital control systems. As Technical Manager, Enterprise Infrastructure Security (EIS) Program, he provided technical and outreach leadership for the energy industry's critical infrastructure protection (CIP) program.

Mr. Weiss was responsible for developing many utility industry security primers and implementation guidelines. He was also the EPRI Exploratory Research lead on instrumentation, controls, and communications. He serves as a member of numerous organizations related to control system security. These include the North American Electric Reliability Corporation (NERC) Control Systems Security Working Group (CSSWG), the International Electrotechnical Commission (IEC) Technical Committee (TC) 57 Working Group 15 - Data and Communication Security, the Process Controls Security Requirements Forum, CIGRÉ WG D2.22 - Treatment of Information Security for Electric Power Utilities (EPUs), IEEE P2030 Smart Grid Standards, and other industry working groups. He served as the Task Force Lead for review of information security impacts on IEEE standards. He is also a designated US expert to IEC TC45 Nuclear Plant Cyber Security Standards.

Mr. Weiss was involved in the development of, and participated in, the April 2002 White House Conference on CIP - “Developing Secure Digital/Electronic Process Control Systems for the Nation's Critical Infrastructures.” He was an invited speaker at the NIST/NSA Information Security Summit. He has provided oral and written testimony to three House subcommittees, one Senate Committee, and a formal statement for the record to another House Committee. He has also responded to numerous Government Accountability Office (GAO) information requests on cyber security and Smart Grid issues. He has published over 60 papers on instrumentation, controls, and diagnostics including a chapter on cyber security for Electric Power Substations Engineering and the book Protecting Industrial Control Systems from Electronic Threats (ISBN 978-1-60650-197-9). He was also a co-author of Cyber Security Policy Guidebook (ISBN 978-1-1180-2780-6).

Mr. Weiss supported MITRE and NIST in extending NIST SP800-53 to include control systems and the development of NIST SP800-82. He was tasked to write the White Paper on Industrial Control Systems Security for the Center for Strategic and International Studies Blue Ribbon Panel preparing cyber security recommendations for the Obama administration. He was an invited participant to the 2009 NITRD Leap Year Summit and the 2009 NERC High Impact-Low Frequency (HILF) Task Force. He has conducted SCADA, substation, plant control system, and water systems vulnerability and risk assessments and conducted short courses on control system security. He has also been asked to participate in an advisory committee being established by the Transportation Safety Board on Cyber Security for Mass Transit. He participated in the 2011 NERC Cyber Attack Task Force. He also established and chairs the annual Control System Cyber Security Conference and established the International Standards Coordination Meeting on Control System Cyber Security.

Mr. Weiss has received numerous industry awards, including EPRI Presidents Award (2002) and is an IEEE Senior Member, an ISA Fellow, and a member of the ISA Standards and Practices Board. He has two patents on instrumentation and control systems, is a registered professional engineer in the State of California, a Certified Information Security Manager (CISM), and Certified in Risk and Information Systems Control (CRISC).

Alan S. Wernick

ALAN S. WERNICK is the Founder of Wernick & Associates, Ltd., a Chicago law firm focused in information technology, data privacy/cybersecurity, and intellectual property transactions and disputes.  He is an attorney with both large law firm and in-house counsel experience, and is admitted to practice in IL, NY, OH, and DC.  Alan has an extensive track record advising organizations in both acquiring and selling technologies and related services, including the development of agreements; M&A due diligence for technology, privacy/cybersecurity, and intellectual property; privacy/cybersecurity and licensing compliance processes, procedures, and policies; dispute resolution; and advising businesses which have had a data breach.  His background includes computer programming, accounting, business, and the information technology industry.  In addition, for more than thirty years Alan has been an arbitrator/mediator with an emphasis on disputes involving technology, licensing, intellectual property, and data loss.  His background and experience provide a foundation for understanding the technology and business drivers underlying data privacy/cybersecurity, risk allocation inherent in business agreements, transactions, and disputes in these areas of the law.  Alan is a trusted advisor with multidisciplinary experience and practice combining law, technology, dispute resolution (ADR and litigation), business management, and education/training.  He is a seasoned communicator and bridge builder between business people and technology people, business people and the intellectual property world, technology licensors and licensees. 

Alan has been selected by his peers as a Martindale-Hubbell AV® Preeminent™ (5.0 out of 5) rated attorney; a Leading Lawyer in Computer & Technology Law; Who’s Who Legal for Data Privacy and Protection, Data Security and Information Technology, and Telecommunications Media & Technology: Information Technology; and by the International Who's Who of Internet & e-Commerce Lawyers. 

Alan is a prolific author and presenter at public and private seminars discussing various topics evolving at the intersection of business, technology, and the law including: 

His professional activities include serving as a member of the Alumni Board for the Fisher College of Business at The Ohio State University; a member of the American Bar Association; a member of the Ohio State Bar Association and D.C. Bar Association.  Additional details concerning Mr. Wernick's practice, his published writings and public lectures are available at or at his LinkedIn: profile.  His direct phone number is 847.786.1005 and e-mail is  

Jeff Wierenga

Jeff Wierenga is a ROI Product Manager with Hewlett Packard Enterprise.  Over the past 15 years in the software industry, he has worked as a Consultant, Program Manager, and Product Manager focused on estimating and realizing the return on investment (ROI) of software solutions.  He currently develops ROI capabilities and collateral for Cyber Security and Big Data solutions and has authored several white papers on the topic of software ROI.  He also works to enable sales teams with the value-centric tools and skills necessary to guide customers through the investment decision process.

Mr. Wierenga earned a BS in Industrial Technology (Cum Laude, Phi Kappa Phi, Golden Key) from Colorado State University as well as a Master of Business Administration from Regis University.  He also holds a certificate in Project Management from University of Colorado – Denver.

Ashley Winton

Ashley Winton focuses his practice on global data protection and privacy, information governance and cybersecurity compliance. He has particularly in-depth knowledge of cyber breach response, cybersecurity in the context of payment systems, the lawful interception of data, and the conflict of laws in relation to corporate and government investigations and international litigation. 

Ashley frequently represents major corporations, trade associations, charities and government entities on a range of data privacy and cybersecurity issues and he has significant experience in advising on the impact of privacy and cybersecurity law on cloud services, health care and international data transfers. Ashley is annually recognised by Chambers & Partners for UK Data Protection, Information Law, Information Technology and by Legal 500 for Data Protection.
Ashley is a Chairman of the Data Protection Forum, the leading data protection association in the UK.

Jason Witty

Jason Witty is Executive Vice-President and Chief Information Security Officer at U.S. Bancorp, providing singular accountability for all information security controls in the company.  An award-winning CISO, Jason was recognized as the 2017 SecureWorld Ambassador of the Year;  a 2015 “CISO Superhero” at I.S.E. North America; the 2014 I.S.E. North America People’s Choice Award winner; 2013 “CISO of the Year” by the Information Systems Security Association of Chicago and the Association of Information Technology Professionals; and one of Information Security Magazine’s 2013 “Security 7” representing the Financial Sector.  He is a highly rated public speaker, frequently keynoting on cyber security topics at large events including CSA Cloud Summit, Finsec, Infosec Europe, RSA Conference, SecureWorld, and others.

Prior to joining U.S. Bancorp, Jason was the Senior Vice President and Cyberthreat Prevention Services Executive at Bank of America. He was responsible for a team of information security professionals spanning 8 countries who provided information security risk prevention and deterrence services, globally.  He was simultaneously accountable for all information security controls outside of the United States for Bank of America Merrill Lynch, covering 48 countries.

Jason is a certified Information Systems Security Management Professional (ISSMP) who has played major leadership roles in information security throughout his career. He has 25 years of information technology experience, 23 focusing on information security risk management. Before his role at Bank of America, Jason was the First Vice-President of Security Services for LaSalle Bank N.A. He also led the internal Information Security team at The Options Clearing Corporation and served as Director of Global Security Architecture for Aon Corporation at its world-wide headquarters in Chicago. He combines strong organizational management and leadership skills with a high degree of technical knowledge, the result of hands-on information security experience early in his career at Allstate Insurance, N.A.S.A. Langley, Siemens, and Jefferson Laboratories.

Over his career, Jason has been involved in 54 acquisition related network integrations, set up secure eCommerce environments, and led multiple cross-industry forums. Providing industry leadership, Jason is Vice-Chairman of the Board of Directors of the Financial Services Information Sharing and Analysis Center (FS/ISAC), a Board Advisor for Arbor Networks, Forcepoint, Kohl’s and Qualys, and is a member of the Executive Committee of the Cloud Security Alliance (CSA.)  He is also on the Program Committee of the RSA Conference (2013-2017) and serves as FBI’s Chicago Infragard Sector Chief for Finance.  Previously, he was the Chicago OWASP Chapter President (2006-2010.)
Jason maintains an active U.S. Government sponsored SECRET clearance.

Martin Wülfert 

Martin Wülfert is a founding partner of Your Business Lab, a consulting firm that specializes in product, go-to-market and M&A strategy with a particular focus on the IT Security industry. Your Business Lab has customers in North America, Europe as well as Israel and assists multiple private equity funds to acquire, re-position or divest portfolio companies.

Before founding YBL, Martin managed the public firm Utimaco Safeware AG as CEO for over seven years until the company was acquired by and integrated into Sophos. Utimaco developed leading technologies in the areas of disk and file encryption as well as hardware security modules and lawful interception solutions. 

Prior to Utimaco, Martin served at various management positions in the Novartis group, including being a division CIO for many years, integration manager in Australia & New Zealand and general manager of Novartis Animal Health in Germany.

Martin holds a diploma in Theoretical Physics from the University of Basel, Switzerland.