CSO Interchange
HomeAbout UsSpeaker BiosEventsNewsContact Us
Upcoming Events
London 2008
Past Events
Paris 2008
London 2007
New York 2007
Lille 2007
San Francisco 2007
Lille 2006
London 2005
Chicago 2005
New York 2004

Past CSO Interchange Speakers

 

Howard A. Schmidt, CISSP, CISM, Former Special Adviser for Cyberspace Security for the White House

Howard A. Schmidt has had a long distinguished career in defense, law enforcement and corporate security spanning almost 40 years. He has served as Vice President and Chief Information Security Officer and Chief Security Strategist for online auction giant eBay. He most recently served in the position of Chief Security Strategist for the US CERT Partners Program for the National Cyber Security Division, Department of Homeland Security.

He retired from the White House after 31 years of public service in local and federal government. He was appointed by President Bush as the Vice Chair of the President's Critical Infrastructure Protection Board and as the Special Adviser for Cyberspace Security for the White House in December 2001. He assumed the role as the Chair in January 2003 until his retirement in May 2003.

Prior to the White House, Howard was chief security officer for Microsoft Corp., where his duties included CISO, CSO and forming and directing the Trustworthy Computing Security Strategies Group.

Before Microsoft, Mr. Schmidt was a supervisory special agent and director of the Air Force Office of Special Investigations (AFOSI) Computer Forensic Lab and Computer Crime and Information Warfare Division. While there, he established the first dedicated computer forensic lab in the government.

Before AFOSI, Mr. Schmidt was with the FBI at the National Drug Intelligence Center, where he headed the Computer Exploitation Team. He is recognized as one of the pioneers in the field of computer forensics and computer evidence collection. Before working at the FBI, Mr. Schmidt was a city police officer from 1983 to 1994 for the Chandler Police Department in Arizona.

Mr. Schmidt served with the U.S. Air Force in various roles from 1967 to 1983, both in active duty and in the civil service. He had served in the Arizona Air National Guard from 1989 until 1998 when he transferred to the U.S. Army Reserves as a Special Agent, Criminal Investigation Division where he continues to serve. He has testified as an expert witness in federal and military courts in the areas of computer crime, computer forensics and Internet crime.

Mr. Schmidt also serves as the international president of the Information Systems Security Association (ISSA) and was the first president of the Information Technology Information Sharing and Analysis Center (IT-ISAC). He is a former executive board member of the International Organization of Computer Evidence, and served as the co-chairman of the Federal Computer Investigations Committee. He is a member of the American Academy of Forensic Scientists. He had served as a board member for the CyberCrime Advisory Board of the National White Collar Crime Center, and was a distinguished special lecturer at the University of New Haven, Conn., teaching a graduate certificate course in forensic computing.

He served as an augmented member to the President's Committee of Advisors on Science and Technology in the formation of an Institute for Information Infrastructure Protection. He has testified before congressional committees on computer security and cyber crime, and has been instrumental in the creation of public and private partnerships and information-sharing initiatives. He is regularly featured on CNN, CNBC, Fox TV as well as a number of local media outlets talking about cyber-security. He is a co-author of the Black Book on Corporate Security and author of "Patrolling CyberSpace, Lessons Learned from a Lifetime in Data Security".

Mr. Schmidt has been appointed to the Information Security Privacy Advisory Board (ISPAB) to advise the National Institute of Standards and Technology (NIST), the Secretary of Commerce and the Director of the Office of Management and Budget on information security and privacy issues pertaining to Federal Government information systems.

Howard holds board positions on a number of corporate boards in both an advisory and director positions and recently has assumed the role as Chairman of the Board for Electronics Lifestyle Integration (ELI).

Mr. Schmidt holds a bachelor's degree in business administration (BSBA) and a master's degree in organizational management (MAOM) from the University of Phoenix. He also holds an Honorary Doctorate degree in Humane Letters. Howard is a Professor of Practice at GA Tech, GTISC, Professor of Research at Idaho State University and Adjunct Senior Fellow with Carnegie Mellon's CyLab.

Back to top

Philippe Courtot, Chairman and CEO of Qualys, Inc. a leading provider of on demand vulnerability management.

Demonstrating a unique mix of technical vision, marketing and business acumen, Philippe Courtot has repeatedly built innovative companies into industry leaders. As CEO of Qualys, Philippe has worked with thousands of companies to improve their network security. In 2004, Philippe received the SC Magazine Editor's Award for bringing on demand technology to the network security industry and for co-founding, with former White House advisor Howard Schmidt, the CSO Interchange to provide a forum for sharing information in the security industry.

Before joining Qualys, Philippe was the Chairman and CEO of Signio, an electronic payment start-up that he repositioned to become a significant e-commerce player. In February 2000, VeriSign acquired Signio for more than a billion dollars. Today, VeriSign's payment division, based on the Signio technology, handles 30% of electronic transaction in the U.S., processing $100-million in daily sales. Prior to Signio, Philippe was President and CEO of Verity, where he re-engineered the company to become the leader in enterprise knowledge retrieval solutions. Under Philippe's direction, the company completed its initial public offering in November 1995. Philippe also turned an unknown company of 12 people, cc:Mail, into the dominant e-mail platform provider, achieving a 40% market share while competing directly against IBM and Microsoft. Acknowledging the market leading position of cc:Mail and the significance of e-mail in corporate environments, Lotus acquired the company in 1991. In 1986, as CEO of Thomson CGR Medical, a medical imaging company, Philippe received the Benjamin Franklin award for his role in the creation of a nationwide advertising campaign promoting the life- saving benefits of mammography. Philippe served on the Board of Trustees for The Internet Society, an international non-profit organization that fosters global cooperation and coordination on the development of the Internet. French and Basque born, he holds a Masters Degree in Physics from the University of Paris, came to the US in 1981 and has lived in Silicon Valley since 1987.

Back to top

David Allin, Director Security & Audit, European Patent Office

Dave Allin is Director in the information services department of the European Patent Office responsible for the introduction of an ISO17799-based information security policy and also PRINCE2 based project planning. He has some 30 years experience in the IT industry ranging from analysis, development, database management and user services to security and project management governance.

Back to top

Julia H. Allen, Senior Technical Staff, Carnegie Mellon University

Julia H. Allen is a senior member of the technical staff within the Networked Systems Survivability Program at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. The CERT® Coordination Center is also a part of this program.

Allen is engaged in developing and transitioning enterprise security frameworks and executive outreach programs in enterprise security and governance. Prior to this technical assignment, Allen served as acting Director of the SEI for an interim period of 6 months as well as Deputy Director/Chief Operating Officer for 3 years. Her degrees include a B. Sci. in Computer Science (University of Michigan) and an MS in Electrical Engineering (University of Southern California). She is the author of The CERT Guide to System and Network Security Practices (Addison-Wesley, June 2001).

Back to top

Antoine Ancel, Chef de mission sécurité (DSI), La Banque Postale (Groupe La Poste)

Antoine Ancel a débuté sa carrière professionnelle au sein de différents cabinets de conseil et SSII, tel que Bull Steria. En 2005, il intègre les cabinets conseils NET2S puis ATHEOS au poste de directeur de projet. Une expérience qui lui permet de conforter son expertise dans le domaine de la sécurité informatique (gestion des identités, des vulnérabilités, gestion de crise...) pour le compte du secteur Banque/Assurance. En 2006, grâce à son expérience et à ses connaissances techniques et stratégiques, il intègre la Banque Postale au poste de Chef de mission Sécurité au sein de la direction de la sécurité de la DSI. Un poste qui lui permet aujourd'hui d'intervenir sur des missions liées à la gestion des accréditations, des PCA, de la cartographie des risques de la DSI... tant sur les politiques et directives que sur la mise en oeuvre et le suivi.

Back to top

C. Warren Axelrod, Director, Global Information Security, Pershing LLC

Warren Axelrod is a director of Pershing LLC, a Bank of New York Securities Group Co., and has global responsibility for information security. He develops and enforces corporate security policies, standards and architectures for Pershing. He is involved at both industry and national levels with security and critical infrastructure protection issues.

He was honored with a Computerworld Premier 100 IT Leaders Award for 2003 and his department's implementation of an intrusion detection system earned a Best in Class award. He represented financial services security interests at the Y2K command center in Washington over the century date rollover. He was a founder of the FS/ISAC (Financial Services Information Sharing and Analysis Center), which is a public-private collaborative effort to share information on security threats, vulnerabilities and incidents among members, and also served two terms on its Board of Managers.

He testified at a Congressional Hearing on November 15, 2001 on cyber security, and contributed to the Banking and Finance Sector's National Strategy for Critical Infrastructure Assurance, which was published in May 2002. He is on the Editorial Advisory Board of The ISSA Journal, and is chairman of the GAISP (Generally Accepted Information Security Principles) Information Security Policy Principles Working Group. He is the author of Outsourcing Information Security, which was released in September 2004. He has published two previous books on computer management (Computer Effectiveness: Bridging the Management/Technology Gap and Computer Productivity: A Planning Guide for Cost-Effective Management), and numerous articles on such topics as computer and network security, contingency planning, and computer-related risks. He has chaired and presented at many conferences, throughout the U.S., Europe and Asia, for the financial services industry and for computer management, technology and security professionals. He holds a Ph.D. in managerial economics from the Johnson Graduate School of Management at Cornell University in Ithaca, New York. He also earned honors degrees in electrical engineering and in economics and statistics, both from the University of Glasgow, Scotland. He is certified as a CISSP and CISM. He also holds NASD Series 7 and Series 24 certifications.

Back to top

Rich Baich, CISSP, CISM, Chief Information Security Officer, ChoicePoint

Rich Baich, CISSP/CISM, is the Chief Information Security Officer at Choicepoint INC. Mr. Baich has been working in the Information Security Business for over 10 years in various security leadership capacities to include: Cryptology Officer serving at the National Security Agency (NSA), Information Security Consultant, Sr. Director Professional Services at Network Associates and recently as the Special Assistant to the Deputy Director for the National Infrastructure Protection Center ( NIPC) within the FBI.

He holds a BS from United States Naval Academy, MBA / MSM from University of Maryland University College, and has been awarded the National Security Telecommunications and Information Systems Security (NSTISSI) 4011 Certification and the NSA sponsored Information Systems Security (INFOSEC) Assessment Methodology (IAM) Certification.

Rich received Georgia's Information Security Executive Officer of the Year for 2004 and he is currently serving on the Board of Directors for Lancope and the Atlanta InfraGard Organization. He recently authored Winning as a CISO which presents an executive business approach to dealing with information security.

Back to top

Michael Barrett, Chief Information Security Officer, PayPal, Inc.

Michael Barrett is the chief information security officer for PayPal. In this role, he is responsible for ensuring the security of PayPal's 123 million accounts worldwide. He oversees the information systems and services that protect the integrity and confidentiality of PayPal customer and employee information.

Before joining PayPal, Barrett was vice president of security and utility strategy at American Express, where he helped define the company's information-security program and directed its Internet technology strategy.

Previously, Barrett was president of the Liberty Alliance, an open-standards consortium focused on identity management standards and guidelines. Barrett was the driving force behind the introduction and standardization of the Alliance's federated identity concepts, and he also co-chaired its Identity Theft Prevention Working Group.

Network World magazine has twice recognized Barrett as one of the 50 most powerful people in networking. He is a certified information systems security professional (CISSP) and a certified information security manager (CISM). He graduated from Brighton University (U.K.), where he earned a bachelor of science degree in computer science.

Back to top

Murray M. Beach, Co-founder & President, Boston Corporate Finance

Mr. Beach is the co-founder and President of Boston Corporate Finance. Mr. Beach has over twenty-five years of experience in negotiating, structuring, valuing and closing mergers and acquisitions, financings, strategic alliances, and joint ventures. Over his career, he has closed over 100 M&A transactions and over 100 financings with companies in the Technology, Healthcare, Consumer Products and Financial Services industries. Prior to founding Boston Corporate Finance, Mr. Beach was a Group Head of Corporate Finance for KPMG, serving Technology clients of KPMG around the globe.

Before joining KPMG in 2000, Mr. Beach was the Head of Investment Banking at Advest, Inc., and also managed Advest's Technology Team. In addition to his Investment Banking duties, Mr. Beach was a Member of the Board of Directors of Advest, a member of the Executive Committee, was President of Advest Capital, Inc., and was responsible for establishing both a Venture Capital fund and a buyout fund. Beyond his investment banking and venture capital work, Mr. Beach has been an expert witness on the valuation of companies, their stock and intellectual property on many occasions, testifying in both Federal and State Courts.

Mr. Beach is an expert in closing international transactions, and currently serves as President of M&A International, Inc., a consortium of 40 investment banks from 35 countries around the globe which collaborate on cross border transactions for the middle market. He has also served as President of the Connecticut Venture Group and as a member of the Board of Directors of the Connecticut Technology Council. He earned his CPA in 1983 and is registered as a principal with the NASD.

Back to top

Laurent Borowski, Senior Manager, Ernst & Young TSRS

Laurent Borowski a été responsable du premier laboratoire d'évaluation (ITSEC/CC/ISO15408) privé de produits de sécurité dans une société de services. Il a participé au développement des critères d'évaluation au niveau international, a participé la mise en place du schéma national d'évaluation auprès du DCSSI et a mené les premières évaluations ayant donné lieu à des certifications en France.

Laurent Borowski a rejoint Ernst & Young en 1997 où il est actuellement Directeur. Il est aujourd'hui spécialisé dans le domaine réglementaire lié à la sécurité des systèmes d'information. Il est intervenu dans le cadre de missions intégrant les problématiques de contrôle permanent, des risques opérationnels et l'audit financier. Il a dirigé de nombreuses missions d'expertise, d'organisation et de diagnostic en systèmes d'information, principalement dans le secteur de la banque, de la finance et de l'assurance.

Back to top

Joyce Brocaglia, CEO, Alta Associates

Joyce Brocaglia is president and chief executive officer of Alta Associates, the premier executive recruitment firm for the information security industry. Since 1986, the firm has served as a trusted advisor for organizations seeking top industry talent and has played a key role in building corporate information security organizations, developing professional services practices and growing security product start-ups.

Brocaglia is a recognized career counselor, sought after for her knowledge of market conditions, business intelligence and ability to create industry alliances. In 2003, Brocaglia founded the Executive Women's Forum on Information Security, Privacy and Risk Management; a ground breaking event for women executives in the information security industry to exchange ideas and best practices.

Brocaglia is a frequent speaker at leading industry events on the topics of career matters and emerging roles within the information security community. She is the career advisor of CSO Magazine and author of the monthly “Career Corner” column for the Information Systems Security Association (ISSA) Journal Magazine. She also serves on the board of advisors for the Information Systems Security Association and ISC2. Brocaglia holds a Bachelor of Science degree in accounting from Montclair State University and is a Certified Public Accountant.

Back to top

Larry L. Brock, Chief Information Officer, DuPont

Larry Brock has been working for DuPont for 27 years in Information Technology, Research & Development, and Marketing. He has worked in several functional groups and businesses across DuPont, including the Corporate IT group, Imaging, Fibers, and Nylon.

Within IT, he previously was the CIO of the Flooring business unit. He has led the development and implementation of several large systems including; manufacturing product control, materials management, engineering maintenance, quality management, and data warehouse systems. While working in the Corporate IT group, he led the migration to open-based systems for both networking and computing.

Within Research & Development, Larry led the development and deployment of several imaging based systems, including a patented system to electronically move radiographs between hospitals and remote physicians.

Larry has served as an Information Security Officer within the US Air Force with primary assignment at the National Security Agency (NSA). He was active for the initial four years and continued in a reserve capacity for 26 years and retired as a Lt Colonel.

Larry holds a Bachelor's and Master's degree in electrical engineering.

Back to top

Daniel W. Caprio, Jr., Deputy Assistant Secretary for Technology Policy and Chief Privacy Officer, U.S. Department of Commerce

Daniel W. Caprio, Jr. is part of the Technology Administration’s Office of Technology Policy (OTP). The TA/OTP Tech Team strives to maximize technology’s contribution to U.S. economic growth, productivity, innovative capacity and global competitiveness. The office works closely with leaders from industry, federal labs and universities and state, federal and international governments on critical policy issues impacting technology creators and users.

Commerce Secretary Donald L. Evans recently named Caprio to serve as the Commerce Department’s Chief Privacy Officer (CPO) where he will oversee all Departmental activities related to the development and implementation of federal privacy laws, policies and practices.

Prior to working at Commerce, Caprio served for the previous six years as Special Assistant and Chief of Staff to Federal Trade Commissioner Orson Swindle, where he worked as principal technology policy advisor with specific emphasis on information security, privacy, and global electronic commerce. In December 2001, Caprio was appointed to the United States Government Experts Group to revise the Organization for Economic Cooperation and Development (OECD) Guidelines for the Security of Information Systems and Networks. In December 2003, Mr. Caprio was named co-chairman of the National Cyber Security Partnership Awareness Task Force, a position he still holds.

Prior to joining Commissioner Swindle’s staff, Caprio was a lobbyist for KPMG Peat Marwick. Caprio has a broad range of experience in the federal legislative and executive branches of government, having worked for a member of the U.S. Senate, a number of members of the U.S. House of Representatives, including Representative Frank R. Wolf (R-VA ), and at the U.S. Department of Commerce where he directed Congressional Relations for the Economic Development Administration. Caprio worked in state government where he represented the State of Illinois and Governors James R. Thompson and Jim Edgar. He received his B.S. in Political Science from James Madison University.

Back to top

Jaime Chanaga, Chief Information Security Officer, Geisinger Health System

Jaime Chanaga leads Geisinger's Information Security Office, and manages the development and implementation of system-wide policy, standards, guidelines, and procedures for safeguarding all information resources.

Geisinger is an 8,500 employee, 674-bed, physician-led system serving the healthcare needs of approximately 2.3 million people in 38 counties of Central and Northeastern Pennsylvania. Geisinger enjoys national acclaim as a model for quality health service with listings in the Best Doctors in America, Best Hospitals in America, Best Health Maintenance Organizations (HMO), and the nation's 100 Most Wired Hospitals and Health Systems.

Prior to this, Jaime was with OAG.COM where he was responsible for their Information Security division group. Jaime has served Fortune 500 organizations including, Computer Associates, Lucent Technologies, and Ameritech throughout the United States, Canada, and the United Kingdom.

Jaime is a Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA). He is a member of the International Information Systems Security Certification Consortium and the Information Systems Audit and Control Association & Foundation.

Back to top

Abdellah Cherkaoui, CISO, Sodexo - Service Vouchers & Cards

Abdellah Cherkaoui is the Chief Information Security Officer for the Service Vouchers & Cards activity of Sodexo. Dr. Cherkaoui oversees all aspects of global information and systems security across the corporation, including the definition and implementation of enterprise-wide security policies and guidelines, the benchmarking of systems and infrastructures security for Sodexo Service Vouchers & Cards operations and the development of an IT risk management culture.

Covering operations in 30 countries and issuing yearly 7.5 billion Euros in issued face value, Sodexo is a leading expert in fiscal and social benefits management. In 2007, more than 20 million beneficiaries worldwide used Sodexo service vouchers and cards to pay for everything from lunch to transportation or medicine and home services, at more than 1 million affiliated partners and merchants.

Strong believer of a risk management approach to business-supporting systems and infrastructures, Abdellah brought to his current position an eclectic and unique mix of engineering, scientific research and business experiences. Abdellah also held a position of International Project Manager for Sodexo leading a wide range of company IT projects in various parts of the world.

Before joining Sodexo, Abdellah held applied research and academic positions at the University of California in Santa Cruz and at the University of Washington in Seattle, during which time he led and conducted research projects in numerical modelling and performance computing, authoring several articles in leading publications such as the Journal of Fluid Mechanics or the Journal of Geophysical Research. Prior to this, Abdellah was a project manager in the business and government sectors in Morocco.

Abdellah holds a Ph.D. degree in marine geophysics from the University of Washington in Seattle and a Master's degree in geotechnical engineering from the Rabat National School of Mines in Morocco. Abdellah has been awarded a NASA International Fellowship in 1987 and a Fulbright Doctoral Fellowship in 1993.

Back to top

Richard Cross, Corporate Security Officer, TOYOTA Motor Europe

Richard Cross has been the Corporate Security Officer in Toyota Motor Europe for almost 4 years and has led the organisation through a maturing process with Information Security disciplines. His journey in Toyota has been a cross-cultural one both in terms of business approach and nationalities. His responsibilities cover operations as diverse as logistics, banking, R&D, Formula 1 and manufacturing, working with 37 different nationalities along the way. His belief is that the Security leadership is not related to saying "No" and blocking non-secure activities, but has everything to do with responsibly enabling business to go forward.

Prior to Toyota he worked for the a global petro-chemical company as a security consultant, and even further back in history he worked for a British Government intelligence agency in a technical security role.

Back to top

Dave Cullinane, Chief Information Security Officer, Washington Mutual

Dave Cullinane is the Chief Information Security Officer (CISO) for Washington Mutual, Inc. one of the largest banks in the United States.

Prior to joining Washington Mutual, Cullinane was a Senior Consultant for nCipher, Inc. and the Director of Information Security for Sun Life Financial's U.S. operations. He also helped create Digital Equipment Corporation's Security Consulting Practice.

Cullinane has more than 20 years of security experience and is Board Certified in Security Management by ASIS International as a Certified Protection Professional (CPP). He is also a Certified Information Systems Security Professional (CISSP) and a former Certified Business Continuity Professional (CBCP).

Cullinane is the current International President of the Information Systems Security Association (ISSA), the world's largest not-for-profit association of information security professionals. He also serves on ASIS International's Standing Committee on Computer Security and is on the Editorial Advisory Boards of CSO Magazine and Security Technology & Design Magazine.

Back to top

Xavier Dalloz, Partner, Xavier Dalloz Consulting

Xavier Dalloz dirige le cabinet de conseil Xavier Dalloz Consulting qui est spécialisé dans le suivi des technologies de l'information qui vont modifier la façon dont les entreprises vont faire des affaires, notamment en utilisant les réseaux de télécommunication. Xavier DALLOZ Consulting intervient auprès des entreprises pour les aider à insérer les technologies de l'information dans leur stratégie pour en obtenir un avantage concurrentiel. Xavier Dalloz est maître de conférences à l’IEP.

Back to top

Mary Ann Davidson, CSO, Oracle

Mary Ann Davidson is the Chief Security Officer at Oracle Corp., responsible for security evaluations, assessments and incident handling. She represents Oracle on the Board of Directors of the Information Technology Information Security Analysis Center (IT-ISAC) and is on the editorial review board of the Secure Business Quarterly.

Ms. Davidson has a B.S.M.E. from the University of Virginia and an M.B.A. from the Wharton School of the University of Pennsylvania. She has also served as a commissioned officer in the U.S. Navy Civil Engineer Corps, where she was awarded the Navy Achievement Medal.

Back to top

Eric Domage, Research Manager- Security Products & Services, IDC EMEA Software Group

Eric Domage covers Western European security research and consulting, specializing in security software, including functional markets such as secure content management, secure vulnerability management, threat management, and identity and access management. He works closely with IDC's European Security Hardware, European Security Services, and European Security and Product Solutions teams. He has published studies on global security market sizing and trends, surveys on managed security service providers, and white papers on enterprise rights management. He is a frequent speaker at IT security events and is a member of the IT Security End-User Association.

Domage joined IDC France more than two years ago as a research manager for telecoms and IT security. Before joining IDC, he was editor-in-chief at IDG for five years, during which time he set up the CSO (Chief Security Officer) magazine and developed strong, EMEA-level contacts in the security solutions market. Domage has an MBA from the ESSEC Business School in Paris and a degree in journalism from the Institute Universitaire de Technologie (IUT) in Tours.

Back to top

Lord Erroll, House of Lords, Science & Technology Committee

Lord Erroll (Merlin) has worked in IT most of his life as well as spending 22 years in the Territorial Army, and is a professional public speaker. He is also one of the Hereditary Peers who was elected to stay in the House of Lords, where he takes a particular interest in ICT, Countryside & the Environment, the Constitution and Scottish matters.

Within Parliament, he plays an active role in several ICT groups, especially those looking at regulatory issues involving Communications, the Internet, Personal Identity and Government Data Sharing, linking this with a Local Authority perspective through his work on the board of LASSeO (The Local Authority Smartmedia Standards e-Organisation). He sits on the council of PITCOM (Parliamentary Information Technology Committee), is on the board of EURIM (European Information Group), is Secretary of apComms (All-Party Communications Group), Vice-Chairman of the All-Party Group on Entrepreneurship, and Treasurer of the All-Party Group on Risk and Adventure in Society. In 2007 he sat on the Science & Technology Select Committee's sub-committee on Personal Internet Safety.

He is President of E-RA (the E-business Regulatory Alliance) and also sits on other bodies such as the Information Systems Security Association (ISSA) and the Nominet (UK) Ltd. Policy Advisory Boards.

Back to top

Alexandre Fernandez, Consultant Sécurité, HSC

Alexandre Fernandez dirige les activités ISO 27001 du cabinet HSC. Auditeur de certification, il conseille ses clients dans la mise en place des Systèmes de Management de la Sécurité de l'Information. Par ailleurs, il assure toutes les formations relatives à l'ISO 27001 en se basant sur sa double expérience d'auditeur de certification et de conseil. Il dirige régulièrement des audits de sécurité techniques et organisationnels en France comme à l'étranger (USA, Royaume Uni, Australie, ...) Alexandre Fernandez a commencé sa carrière comme analyste programmeur dans une caisse de retraites. Il est ensuite devenu responsable de production dans un environnement mainframe. C'est après l'obtention de son diplôme d'ingénieur CNAM qu'il rejoint HSC. Il a enseigné trois ans à l'Université comme professeur associé.

Il est enregistré à l'IRCA et est certifié : BS 7799-2 Lead Auditor par le BSi depuis 2003, CISSP depuis 2004, ISO 27001 Lead Auditor par LSTI depuis 2005, ITIL foundations, ITIL practitioner et ISO 27001 Lead Implementer par LSTI depuis 2007.

Back to top

Mathieu Gorge, PDG, VigiTrust

Mathieu Gorge est Directeur Général de la société VigiTrust spécialisée en sécurité d'entreprise et basée à Dublin, Irlande. Il travaille en tant qu'expert indépendant auprès de la Communauté Européenne et d' ENISA (European Network and Information Security Agency) ainsi qu'auprès de L'ISCC (International Security Competence Centre). Mathieu représente VigiTrust au conseil du PCI, Payment Card Industry Standard. Ses articles ont été publies dans le Computer Fraud & Security Journal au Royaume Uni ainsi que dans le Journal de L'ISSA. Il se spécialise dans le combat contre le cyber-crime (délits/attaques par Internet), le standard PCI (Payment Card Industry Data Security Standard) et la norme de sécurité ISO 27001. Il se penche notamment sur les aspects humains de la sécurité et particulièrement sur le concept du "social engineering" et sur le rôle de la formation des utilisateurs. Il travaille en tant que conseiller en stratégie de sécurité auprès de cellules du gouvernement Irlandais les aidant à formuler, développer et implémenter leur stratégie de sécurité.

Back to top

Didier Gras, RSSI, Alcatel

Après avoir été Directeur sécurité de Noos-UPC France, opérateur TV, Internet et Téléphonie, Didier GRAS est le responsable de l'activité TMC (Threat Management Center) au sein d'Alcatel-Lucent. Il a débuté son parcours chez France Télécom. Puis, durant plusieurs années, il a mené des missions de conseil en sécurité pour le compte des sociétés du CAC 40, chez XP Conseil. Il participe au Cercle Européen de la sécurité. Il est membre du jury du Prix de l'Innovation attribué aux Assises de la Sécurité.

Back to top

Richard Hackworth, Head of Group IT Security, HSBC Group

Richard is Head of Group IT Security for HSBC Group. He is responsible for all aspects of IT Security Policy and standards, and for the professional conduct and development of IT risk management within HSBC throughout the world. His experience includes senior IT management positions in commodities trading, manufacturing and distribution industry. As a consultant he has served clients in central and European government, financial services and manufacturing. He was one of the original authors of BS 7799 and has served on an OECD expert committee on information security. He is a Chartered Engineer and a Chartered Statistician.

Back to top

Jay Heiser, Research VP, Gartner

Jay Heiser, CISSP is a research vice president in Gartner's Research organization. He specializes in the areas of risk management and policy, compliance, mobile security, and forensics.

Mr. Heiser's background includes product management of encryption, anti-virus and multi-level secure Unix products, performing security assessments for multi-national ISPs and the Department of Defense, and writing information security policies for both UBS and Credit Suisse.

A columnist with "Information Security" magazine since 2000 and co-author of "Computer Forensics: Incident Response Fundamentals," Mr. Heiser has an MBA from Thunderbird, the Garvin School of International Management.

Back to top

Christofer Hoff, Chief Information Security Officer, WesCorp

Hoff serves as WesCorp Federal Corporate Credit Union's Chief Information Security Officer and Director of Enterprise Security Services. WesCorp is the country's largest Federal Corporate Credit Union with assets totaling $25 Billion.

Hoff is responsible for WesCorp's Enterprise Security initiatives focused on providing internal business units and credit union members with rational information security risk management services and a consultative approach to information security.

Hoff is tasked with the overall responsibility to provide and support a secure computing environment for WesCorp. This includes the creation and security life-cycle management of policies, procedures and information security governance efforts including regulatory compliance requirements.

Prior to joining WesCorp, Hoff served as the Chief Security and Technology Officer for a national security consulting firm. He has served on the Board of three Internet technology ventures and successfully raised nearly $2 Million in venture capital funding.

Hoff currently holds several security credentials including CISSP, CISA, CISM, IAM, CCSE+ and is an accomplished and accredited technical instructor. He is active in several security associations such as ISC2, ISACA and the ISSA.

Back to top

Mark Hughes, Director, Group Security, BT

I took up the position of Director, Group Security in October 2005. I am responsible to the Board for all aspects of day to day security and business continuity in BT. My primary focus is to ensure that BT has the right policies and procedures in place to assure the Board that BTs assets are properly secured be they physical, logical or information in order to prevent attack, counter fraud and to minimise disruption in the event of an incident. This also covers the coordination of BT's response to civil resilience obligations.

I'm a board member of the National Security Inspectorate and on the board of trustees of the Hammersmith Hospital Charity in London. I am also co chair of SISBO.

Back to top

Greg Hughes, Chief Security Executive & VP of Security and Information Technologies, Corillian

Greg Hughes is chief security executive and VP of Security and Information Technologies at Corillian. Hughes oversees the development and implementation of company-wide security principles, policies, and practices; leading the Corillian Security Solutions business unit, including the architecture and development of Corillian's security software products; and driving corporate IT planning and strategy. Hughes also has responsibility for the oversight and coordination of security activities related to Corporate Offices, Product Development, Professional Services, Hosting Services, Corporate Information Technologies, and Facilities. Prior to his current role, Hughes served as Director of the Security and Information Technologies divisions at Corillian. Hughes also worked in Corillian's Marketing and Communications department. Before joining Corillian in 1999, Hughes held various technical and management positions in the IT field, and worked in law enforcement as a criminal investigator and police officer. Hughes attended the University of Missouri, where he majored in Journalism.

Back to top

Gene Kim, CTO and co-founder of Tripwire, Inc.

In 1992, he co-authored Tripwire while at Purdue University with Dr. Gene Spafford. Since 1999, he has been studying best in class IT operations, security and audit organizations, and co-founded the IT Process Institute, dedicated to research, benchmarking and development of prescriptive guidance. In 2004, he co-wrote the Visible Ops Handbook, codifying how to successfully transform IT organizations from "good to great." In 2003, he co-chaired two conferences with SANS and the Software Engineering Institute, and was named by InfoWorld as one of the "Four Up and Coming CTOs to Watch." Gene is certified on both IT management and audit processes, possessing both ITIL Foundations and CISA certifications. He currently serves on the Advanced Technology Committee of the Institute of Internal Auditors.

Back to top

David M. Kowal, Chief Information Security Officer, JPMorgan Chase

David Kowal joined JPMorgan Chase Manhattan Bank in October 1992. He is currently a Technology Auditor and member of the Department's Technology Infrastructure Group. Previously he had global audit responsibility for the firm's technology infrastructure organization and is now working on a strategic risk initiative to re-engineer the audit process.

Prior to joining JPMorgan Chase, Kowal was with a predecessor institution, Chemical Bank, for eight years where he managed the technology infrastructure audit group. In addition, he has held positions as technology auditor, systems programmer and application programmer at The University of Michigan for ten years. Kowal was also an instructor at the Junior College Level. He has lectured at conferences for the Institute of Internal Auditors and MIS Training Institute.

Kowal received a B. G. S. from The University of Michigan and a J. D. from the Detroit College of Law. He has a license to practice law in the State of New York.

Back to top

Simon Langley, Principal Advisor, KPMG

Simon Langley works at one of the world's largest professional services firms providing advice on a wide range of information security issues. Simon has extensive experience in financial services which led to him focusing on payment cards and the mitigation of the risks associated with the use of cards and the processing of card transactions. Simon established KPMG's PCI service line in the UK which he leads. This role has now expanded to be a Global role within KPMG. Simon has worked at a wide range of organisations in the payment card transaction chain including large merchants, acquirers, payment gateways and service providers.

Back to top

Patrick Langrand, RSSI, La Banque Postale

Patrick Langrand est depuis le 1er juillet 2002 responsable de la sécurité des systèmes d'information (RSSI). Son rôle consiste à fédérer toutes les problématiques de sécurité des systèmes d'information de la banque.

Issu du monde des services et un DUT informatique de gestion en poche, il commence sa carrière au sein de Marben, puis Atos Origin. Cela lui permet d'exercer son savoir de consultant dans des univers où l'on cultive le secret, comme le militaire, ou bien les ministères dits sensibles. Il fait également ses premières armes dans le monde bancaire. La découverte de ce nouveau secteur coïncide avec son envie professionnelle de « finir quelque chose et pas seulement l'initialiser comme on le fait dans les sociétés de services informatiques ». C'est donc fort logiquement qu'en 2000, il quitte le monde des SSII pour intégrer Natexis Banques Populaires, où il occupe les fonctions d'animateur du pôle « nouvelles technologies ».

Back to top

Michael Lines, CSO, TransUnion

Michael Lines is TransUnion's chief security officer (CSO) and is responsible for enterprise wide information security, data protection, and the physical security of TransUnion and its worldwide subsidiaries.

Prior to joining TransUnion, Lines was the CSO for Fair Isaac Corporation. In this role, he managed information security for more than 3000 employees in 32 countries. Prior to that he was chief information officer for Narex Corporation in Denver and has held numerous executive level positions with various technology and Internet companies.

Lines attended the University of Florida and is active in numerous professional organizations including: International Institute of Electrical and Electronic Engineers (IEEE), Information Systems Audit and Control Association (ISACA), Information Systems Security Association (ISSA) and International Information System Security Certification Consortium (ISC2). He is also a Certified Information Systems Security Professional (CISSP).

Back to top

Ken Male, Founder & CEO, TheInfoPro

As founder and CEO of TheInfoPro, Ken Male recognized the importance of market intelligence in making sound decisions and understanding the reality of conditions of an IT sector's competitive landscape. In 2001, he developed TIP's "voice of the customer" approach to research and today, thousands of IT professionals, institutional investors and technology companies rely on TIP's grass roots research, delivered transparently without spin or bias.

Prior to launching TheInfoPro, Male held distinguished positions with IT providers and market research firms including Gartner, Giga, Jupiter, DEC and EMC. Male is a frequent speaker at industry conferences and events, including Storage Networking World US and Europe, Storage Decisions, and Forbes Emerging Technology Conferences. He has also provided industry briefings and commentary to such major news organizations as Forbes, CNBC, Dow Jones, Storage Magazine, InformationWeek, The Financial Times, and InfoStor. Ken earned his Bachelor of Science in Marketing from Boston College's Carroll School of Management.

Back to top

Raphaël Marchand, Responsable de la sécurité, GIE AXA

Premier à avoir implémenté dans son entreprise, le mode SaaS dans le cadre d’une politique de sécurité informatique, Raphaël Marchand est un spécialiste de la sécurité informatique dans le domaine de la banque et des assurances. Après diverses expériences professionnelles qui lui ont permis de développer son expertise dans la sécurité informatique, Raphaël Marchand a débuté sa carrière dans les banques et assurances en 2000 au sein d’ABN AMRO, puis a rejoint AXA-IM en 2002, AXA Banque en 2005, et est aujourd’hui Responsable Sécurité chez GIE AXA.

Back to top

Malcolm Marshall, Lead Partner, National Technology, KPMG

Malcolm Marshall heads KPMG's market leading Security, Privacy and Continuity Services and he has over twenty years' experience in advising clients in technology-related risk management. His clients include several of the world's largest corporations and UK Central Government departments. He works across all market sectors – from Aviation to Oil and Gas, Telecommunications and Banking. His recent work with banks includes a security improvement programme for a retail bank, identity and access management projects in the banking and corporate sectors and security compliance programmes in many sectors.

He chairs the KPMG Security Leadership Programme, through which KPMG and its clients share experience in current developments and emerging industry practice in information security. He is a regular conference presenter and chair and the author of numerous articles.

Back to top

John Meakin, Group Head of Information Security, Standard Chartered Bank

John Meakin leads a global information security team at Standard Chartered Bank, one of the world's most international banks with 30,000 employees in more than 50 countries and a management team comprised of 70 nationalities.

Meakin has 18 years of experience in information systems security. His specialty is better modeling and managing the costs and benefits of security for large businesses, particularly enabling dynamic management and monitoring instead of traditional static prevention processes. Previously, Meakin led systems security policy and strategy for Reuters, the Royal Bank of Scotland, Swiss Bank Corporation, and the investment-banking arm of Dresdner Bank. He has also provided information security consultancy support to several blue chip clients aimed at improving systems security and effectiveness.

Meakin has a Ph.D. in experimental solid state physics from Cambridge University, plays football regularly and builds computers in his spare time. He is a regular speaker at industry conferences and public forums.

Back to top

David Mortman, Director of Global Security, Siebel Systems, Inc.

Mortman and his team are responsible for Siebel Systems' worldwide IT security infrastructure, both internal and external. He also works closely with Siebel's product groups and the company's physical security team. Previously, Mortman was Manager of IT Security at Network Associates, where, in addition to managing data security, he deployed and tested all of NAI's security products before they were released to customers. Before that, Mortman was a Security Engineer for Swiss Bank. A CISSP, member of USENIX/SAGE, and speaker at RSA's 2002 security conference, Mortman earned a BS in Chemistry from the University of Chicago.

Back to top

Jeff Moss, CEO, Black Hat, Inc. and Founder of DEFCON

Jeff Moss, CEO of Black Hat, Inc. and founder of DEFCON, is a renowned computer security scientist most well known for his forums bringing together a unique mix in security: the best minds from government agencies and global corporations with the underground's best hackers. Moss' forums have gained him exposure and respect from each side of the information security battle, enabling him to continuously be aware of new security defense and penetration techniques and trends. Moss brings this information to three continents, North America, Europe and Asia, through his Black Hat Briefings, Black Hat Trainings, and DEFCON.

Moss speaks to the press regularly about computer security, privacy and technology and has appeared in such media as Business Week, CNN, Forbes, Fortune, New York Times, NPR, National Law Journal, and Wired Magazine. He is a regular presenter at conferences including Comdex, CSI, Forbes CIO Technology Symposium, Fortune Magazine's CTO Conference, The National Information System Security Convention, and PC Expo.

Prior to Black Hat, Moss was a director at Secure Computing Corporation, and helped form and grow their Professional Services Department in the United States, Taipei, Tokyo, Singapore, Sydney, and Hong Kong. Prior to Secure Computing Corporation, he worked for Ernst & Young, LLP in their Information System Security division. Moss graduated with a BA in Criminal Justice from Gonzaga University, and halfway through law school, he went back to his first love, computers, and started his first IT consulting business in 1995. He has been CISSP certified, and is a member of the American Society of Law Enforcement Trainers.

Back to top

Pierre-Marc Pinel, Information Security Manager, Experian Western Europe

Ingénieur généraliste de formation, Pierre-Marc Pinel est Information Security Manager au sein d'Experian Western Europe depuis Juin 2006. A ce titre, il a la responsabilité du déploiement de la Politique de Sécurité de l'Information du groupe au sein des activités françaises.

Il a rejoint Experian en 2001 en qualité d'Architecte Sécurité puis de Responsable Sécurité, ayant en charge notamment l'équipe de contrôle interne.

Au cours de sa carrière, Pierre-Marc Pinel a travaillé sur des environnements techniques et métiers différents (banque, assurance, transport, administration) tout en maintenant une approche globale des problématiques liées à la sécurité de l'information.

Back to top

Seana Pitt, Chairperson, PCI Security Standards Council & VP, Global Merchant Policies and Data Quality, American Express

As inaugural chair of the PCI Security Standards Council, Seana will work with representatives from American Express, Discover Financial, JCB, MasterCard Worldwide and Visa International to drive awareness and adoption of the PCI Data Security Standard. The Executive Committee will also work to create education programs, establish pools of certified QSA's and ASV's and incorporate feedback from all stakeholders across the payment chain into the work of the council and the development of new standards.

At American Express, Seana Pitt helps drive the development and implementation of operating policies and procedures for the company's extensive merchant network. Her key focus is ensuring that all American Express merchants and processing partners are protecting Cardmember information at every step along the transaction process.

During her 20 year career at American Express Seana has worked closely with merchants at many levels. She has been on the frontlines, selling and implementing POS and back-office products and solutions. She has also led development of merchant profitability and satisfaction improvement plans. For a time Seana lead the company's Establishment Services North America Fraud Prevention unit where she worked to develop and implement fraud prevention tools and services that protect merchants against security threats. Additionally she has managed the American Express' relationship with Third Party Processors in the US and Canada.

A frequent speaker at industry events held by the Electronic Transactions Association, Direct Response Forum and Retail Industry Leadership Association, Seana is also a board member of the Merchant Risk Council. Seana holds a BA in Biology from Wheaton College.

Back to top

Michael Rasmussen, CISSP, Principal Analyst - Risk/Compliance Management, Forrester Research, Inc.

Michael is an analyst in Forrester's IT Management & Services research group. An information risk professional with more than 10 years of experience, Michael provides advice to clients around the globe on issues pertaining to risk and compliance management as well as public policy, legislation and regulation impacting information technology. One of Michael's primary research objectives is to assist clients in developing risk and compliance management programs that meet business requirements, protect stakeholder value, and reduce operational risk exposure to the organization.

onsidered one of the foremost authorities in understanding the broad view and impact of information standards, regulations, and legislation, Michael has worked closely with large commercial organizations and government agencies. His involvement in government initiatives has included contributions to US Congressional Reports & Committees and input to the President's Critical Infrastructure Protection Board on the National Strategy to Secure Cyberspace. During his career, Michael has worked in both the consulting and enterprise sectors. Prior to joining Forrester, he led the information protection consulting practice at a professional services firm. Earlier, his career included industry experience in healthcare and manufacturing.

Michael's educational experience consists of a B.S in business with a focus in information systems from the University of Phoenix. Michael has previously studied theology, and is currently pursuing a Juris Doctorate from the Oakbrook College of Law and Government Policy.

Back to top

Denis Roy, Information Security Officer Europe, Staples Europe

Denis ROY est Information Security Officer Europe chez Staples qu'il a rejoint en septembre 2007, en charge de la sécurité, et de la conformité à PCI-DSS et SOX.
Il a 20 ans d'expérience dans les systèmes d'informations dont 10 dans la sécurité, et est certifié CISM et BS7799-2 Lead Auditor (ISO 27001). Avant de rejoindre Staples, il a été en charge du pole conseil de Symantec France et Bénélux et acquis une expérience en Risk Management, Conformité et Business Continuity.

Denis ROY is Information Security Officer, Europe at Staples, he joined in September 2007, in charge of security, PCI-DSS and SOX compliance. He has been working for 20 years in the information systems space, from which 10 in the security, and is CISM and BS7799-2 Lead Auditor (ISO 27001) certified.
Before joining Staples, he has been in charge of the advisory consulting at Symantec for France and Benelux and has acquired an experience in Risk Management, SOX Compliance and Business Continuity.

Back to top

Randolph (Randy) N. Sanovic, CISSP, ISSMP, General Director, Information Security, General Motors Corporation

Randy has been an Information Security Professional since 1974. In 1978 he became Manager, Computer Security Planning for Mobil Corporation responsible for the Corporation's overall information security posture, strategy, programs, plans, and policies. In 1995, Randy became Director, Information Systems Security for United Healthcare Corporation where he directed a staff of thirty-two information security professionals. His responsibilities, included reorganizing the Corporation's disparate information security functions into a worldwide well-managed function, and developing an effective Strategic IT-Security Plan covering the Corporations distributed 3-tier client server, and Internet/Intranet computing environments. In 1997 Randy became General Director, Information Security for General Motors Corporation responsible for GM's information security strategy, programs, plans, and global information security posture.

Some of Randy's other professional affiliations include being a member of the Board Of Directors, International Information Systems Security Certification Consortium (ISC)2 since 1989 and Co-Chair of (ISC)2's America's Advisory Board, a four—year member National Computer Systems Security & Privacy Advisory Board, and past Chairman of the Membership Advisory Committee of the International Information Integrity Institute (I-4). Randy has also presented at major national and international IT-Security conferences, published articles on IT-security, and continues to serve on editorial boards of IT-security publications. Educational background includes B.B.A. and M.B.A.

Back to top

Nick Selby, Sr. Analyst and Director, Enterprise Security Practice, The 451 Group

Nick Selby leads The 451 Group's enterprise security practice, which provides objective analysis of enterprise security businesses and trends. The security practice delivers this analysis through the 451 Market Insight Service and 451 TechDealmaker reports, as well as strategic counsel. Additionally, The 451 Group's security program provides Tactical Reports - quarterly reports delving into the trends and the most pressing issues in the field of enterprise IT security - as well as providing subscribers with an expanded analyst inquiry program.

Prior to joining The 451 Group in October 2005, Nick worked as an IT security consultant to small and midsized firms subject to regulatory compliance and strict confidentiality. Based in Eastern Europe and Europe from 1990 to 2004, Nick spent a decade covering various emerging technologies, including open source and wireless technologies, and software piracy. He was Editor at Large for Amsterdam-based Tornado Insider/Tornado Investor, and has reported on technology and tech-based financial news for the International Herald Tribune.

An instrument-rated pilot, Nick published an online pilot resource, Flyguides, from 2001-2005. Nick is also an avid Linux hacker and member of the Capital District Linux Users Group, and a PHP/MySQL enthusiast.

Back to top

Paul Simmonds, Global Information Security Director, ICI, Ltd.

Paul Simmonds joined ICI in 2001 when he was recruited to head up Information Security for ICI, working for the CIO Office in London. Prior to joining ICI he spent a short time with a high security European web hosting company as Head of Information Security, and prior to that seven years with Motorola, again in a global information security role. In his career he has worked with many external agencies, and has also been directly involved in two successful criminal prosecutions, giving evidence in one case.

Paul has a degree in Electronic Engineering and a City & Guilds in Radio Communication. He came to the Information Security field from a background in IT Systems Implementation and consultancy during which he wrote and implemented one of the UK's first web sites. Paul was voted 36th in the 2004 list of the top 50 most powerful people in networking, by the US publication Network World Fusion, for his work with the Jericho Forum.

Back to top

Martin Smith, Founder & Chairman, The Security Company (International) Limited

Martin Smith has had a fascinating and varied career in the world of counter-espionage and counter-terrorism. His unique skills and knowledge are in enormous demand from international financial, commercial and industrial corporations.

Martin gained his degree in behavioural psychology before spending 15 years in the Royal Air Force, firstly as a pilot and then assigned to counter-espionage and counter-terrorism duties throughout East and West Europe. After being awarded membership of the Most Excellent Order of the British Empire (MBE) for this work he left the Service to carve out a second career in the commercial sector. He joined Touche Ross Management Consultants before becoming Senior Director of Corporate Security for Kroll Associates (UK). He then joined Standard Chartered Bank as Head of Information Security before forming his own specialist consultancy - The Security Company (International) Limited.

He and his specialist team help major corporations from all sectors to prevent fraud and industrial espionage, and to put in place their e-business security strategies. His company is particularly renowned in Europe for its work in implementing effective security awareness campaigns in large organisations.

In addition he is an accomplished after-dinner speaker and the owner of several classic British cars.

Back to top

Leonid Stavnitser, Sr. Security Manager, Oracle

As Senior Manager of Security Engineering for Oracle Global IT, Leonid Stavnitser is managing a team, responsible for implementing and managing security solutions and services for Oracle Corporation; providing support for Corporate and OnDemand strategic initiatives. His global team drives better results for customers and employees by delivering optimal performance for Oracle Applications, including the PeopleSoft and JD Edwards product lines and the Oracle OnDemand infrastructure. Prior to joining Oracle in 1998, Mr. Stavnitser worked for Alza Corporation. He is a Certified Information Systems Security Professional and received his Bachelor of Science degree in computer science and biochemistry from Kiev State University (Ukraine).

Back to top

Bob Tarzey, Service Director, Quocirca Ltd.

Bob Tarzey is a Service Director at Quocirca Ltd. His main area of coverage is route to market for ITC vendors to enterprises, the mid-market and small businesses. This includes coverage of the sales channel; resellers, distributors, systems integrators, independent software vendors (ISVs) etc. and alternative routes to market such as on-demand and software as a service (SaaS).

Bob's focus is generic and includes the total delivery of IT solutions, but he also has a specific focus on IT security, network computing and content management.

Bob writes regular analytical columns for Computer Reseller News, The Register and silicon.com and has written for The Times, Financial Time and The Daily Telegraph. He also provides general comment for the European IT and business press. Bob acts as a judge for the VNU Channel Awards and the CNET awards.

Back to top

Robert K. West, Founder and CEO, Echelon One, LLC

Bob is responsible for creating and executing Echelon One's corporate strategy. He has over 22 years of experience in information security, strategic planning, governance, organizational change, relationship management, computer network design, implementation and management.

Bob is a frequent speaker on the subject of information security and a member of the TriCipher Advisory Board, a member of the Cincinnati ISSA chapter board of directors, the Executive Security Action Forum, the United Way's Toqueville Society, and the Information Systems Audit and Control Association. He has also been a member of RSA Security's Customer Advisory Council, and the ISS Customer Advisory Council.

Previously, Bob was Chief Information Security Officer (CISO) at Fifth Third Bank in Cincinnati where he was responsible for the enterprise information security strategy. Prior to joining Fifth Third, Bob worked for Bank One in Columbus where he held several key leadership roles, including Information Security Officer for Bank One's Retail Group. Prior to joining Bank One, Bob was a manager with Ernst & Young's Information Security Services practice in Chicago, and a Senior Systems Officer with Citicorp International in New York and Chicago.

Bob received the 2004 Digital ID World Conference award for Balancing Innovation and Reality, and a 2004 InfoWorld 100 Award for implementing cross-company authentication using SAML. Bob graduated from Michigan State University with a Bachelor of Arts in German and then received his Master of Science in Management Information Systems from North CentralCollege.

Back to top

Philip Winslow, Vice President - Software Analyst, Equity Research, Credit Suisse

Philip Winslow is a Vice President in the technology research group at Credit Suisse with coverage of the software industry. He originally joined Credit Suisse as an Associate, covering the Internet Infrastructure Software sector. Philip graduated from the Wharton School at the University of Pennsylvania.

Back to top

Ira Winkler, President and Acting CEO, Internet Security Advisory Group

Ira Winkler is recognized as one of the world's experts in Internet security, information warfare, information-related crime investigation, and industrial espionage. He is a specialist in penetration testing, where he infiltrates companies, both technically and physically, to find and repair an organization's weaknesses.

Prior to becoming founder and president of the Internet Security Advisors Group (ISAG), Winkler was Director of Technology at the International Computer Security Association (ICSA). ICSA (www.icsa.net) is a leading provider of security assurance, product certification, training, and information services, also functioning as an industry association with several thousand members. At the ICSA, Winkler was responsible for managing the Association's laboratories and led the team establishing certification criteria for Internet firewalls.

Winkler began his career at the National Security Agency (NSA), where he performed cryptanalysis and was responsible for systems design and implementing security elements in intelligence collection and analysis systems. Subsequent to his work at the NSA, he served as a consultant with government contractors, designing and implementing security systems throughout the intelligence community. While working with the government, he realized how vulnerable large computer systems are to unauthorized entry and alteration, and that this problem could cost businesses billions of dollars annually.

Winkler is the author of Corporate Espionage, (Prima Publishing, 1997), which describes the challenges of doing business in the digital age. He is the co-author of a new bestseller, Through the Eyes of the Enemy, which details the intelligence aspect of the cold war and the emergence of the Russian mafia as a national security threat. He has also written more than 70 articles and white papers on corporate security issues.

Back to top

Paul Wood, Group Business Protection Director, Aviva

Paul Wood has over 30 years experience in the security arena, dealing with crime, fraud, information security, counter-terrorist and executive protection. He worked in a number of security roles within government from 1974 until he retired in 1995 from the Directorate of Security Policy, at the Ministry of Defence. He has been involved in numerous government security projects including the protection of key national infrastructures.

After leaving government, Paul took a break from the security industry and established his own retail business before selling it as a going concern in 1997. He then returned to the security field and joined the Civil Aviation Authority / National Air Traffic Services as the Head of Corporate Security. For a short period in 1999 he worked for Baltimore Technologies (formerly Zergo) as an Information Security Consultant, where he provided security management, education and training services to high profile clients. He was one of the co-authors of the initial training course developed to deliver a qualification in Information Security Management accredited by the British Computer Society. From Jul 99 – Apr 06 he was the Chief Security Officer for UBS Investment Bank, with responsibilities for all aspects of physical and information security. In April 06 he assumed the appointment of Group Business Protection Director for Aviva Group; he has responsibility for all aspects of security across the Group.

Paul is a regular speaker on security matters. He is a contributor to the Directors' Information Assurance Network, sponsored by IAAC, he is a founder member and now Director on the Board of IISP and a member of many other professional security forums. He was awarded the MBE in the 1995 New Years' Honours List.

Back to top

Karen Worstell, Chief Information Security Officer, Microsoft

As CISO of Microsoft, Karen is responsible for securing Microsoft's information assets worldwide. She joined Microsoft in early 2005, and leads policy development and deployment, IT governance, system security analysis and engineering, assessment and compliance, investigations, and the Security Center of Excellence.

Karen's 20 years of information security experience spans the government classified and commercial sectors. Prior to joining Microsoft, Karen was the VP of IT Risk Management and CISO for AT&T Wireless/Cingular. Before joining AT&T Wireless she led the Security practice for SRI Consulting and its spin-off, Atomic Tangerine, where she assisted clients with opportunity analysis for information security start-ups, led product development and security research on emerging trends, and consulted with global Fortune 500 and government customers in the U.S., Singapore and Europe. She has also served in senior information security roles at Bank of America, Boeing Defense and Space, Boeing Research and Technology, and Union Carbide Corporation. She served one term on the Computer Systems Security and Privacy Advisory Board of the U.S. Department of Commerce.

Karen holds Bachelor of Science degrees in Chemistry and Molecular Biology from the University of Washington, and a Master of Science degree in Computer Science from Pacific Lutheran University. She is a Certified Information Security Manager.

Back to top

Andreas Wuchner, Global IT Security Head, Novartis

Andreas Wuchner, is head of global IT Security at Novartis Pharmaceuticals where he leads IT security strategy and architecture right across this global corporation. He and his team control the strategic planning and effective IT risk management of Novartis' worldwide computer and network systems.

Andreas has more than 10 years' experience managing all aspects of information technology, with extensive expertise in dynamic, demanding, large-scale environments. Prior to joining Novartis Pharmaceuticals in 1998, Andreas worked for Ciba Geigy and IBM on various projects covering different aspects of information technology.

For his successful security management work driving strategy and innovation Andreas was honored from ComputerWorld magazine as one of the Premier 100 IT Leaders 2007.

Andreas is a regular speaker and commentator on a wide range of topics about information risk management and IT security practices from a pharmaceutical business viewpoint. Recent speaking engagements include Infosecurity Europe 2006, the CISO Summit in Barcelona in June, the Forbes Corporate Security Forum in New York, the IT Security Africa congress in Johannesburg and various security seminars in Europe, Asia and USA. During 2005 he received two awards for leading edge security projects from independent organizations and in spring 2006 he was short listed for CSO of the Year in the SC Magazine European Excellence Awards. Extensive press appearances include the front cover profile interview in SC Magazine (European edition) in May.

He represents Novartis on strategic executive advisory boards of several leading security organizations including Cisco, Oracle, Microsoft and Qualys. He also participates on Gartner's best practice security council. Professionally qualified as CISO, CISA, CISSP, Andreas also holds a bachelor degree in electronics and computer science from the University of Applied Sciences in Offenburg ,Germany He maintains links even now to academia through his work with "Hochschule für Wirtschaft" in Lucerne, Switzerland, where he teaches budding security professionals about real life examples from his extensive industry experience.

Back to top

Andrew Yeomans, Vice President of Global Information Security, Dresdner Kleinwort

Andrew Yeomans is Vice President of Global Information Security at Dresdner Kleinwort investment bank. Andrew has been on the management board of the Jericho Forum since 2005, and won an award in their Jericho Challenge whilst an ordinary member. The Jericho Forum is an international information security thought-leadership group dedicated to defining ways to deliver effective IT security solutions that will match the increasing business demands for secure IT operations in our open, Internet-driven, globally networked world.

Prior to his eight years at Dresdner Kleinwort, Andrew led IBM's European technical sales for Internet security. He has worked with UNIX and Open Source software since 1985 and managed and ran IBM's Scientific and Technical Computing group's UNIX network. Andrew has an MA in Maths and Computer Science from Cambridge University and is a member of the Executive Advisory Board of the ISSA UK chapter and Infosecurity Europe Advisory Council.

Back to top

Amit Yoran, Security Advisor, Yoran Enterprises

Amit Yoran serves as an independent director to several innovative security technology companies and as a security strategy advisor to several large corporations. He was appointed by President Bush as the Administration's cyber chief, responsible for coordinating the national activities in cyber security. Working with the Secretary of Homeland Security, Mr. Yoran coordinated among federal departments, law enforcement and intelligence efforts, as well as direct interaction with many leading IT and IT security companies. These efforts were particularly focused on protection of the 13 critical infrastructures of the United States.

Prior to joining the Bush Administration, Mr. Yoran was the Vice President of Worldwide Managed Security Services at the Symantec Corporation. Mr. Yoran was the co- founder of Riptech, a market leading IT security company, and served as its CEO until the company was acquired by Symantec. He previously served an officer in the US Air Force as the Director of Vulnerability Programs for the Department of Defense's Computer Emergency Response Team. Mr. Yoran received a Master of Science degree from the George Washington University and Bachelor of Science from the United States Military Academy at West Point.

Back to top
News
"The forum was great! The speakers provided food for thought and the round table discussions were very lively."
"Good venue. Great attendance."
"CSOs need this event."
"I thoroughly enjoyed the forum and found it the most relevant I have attended in years."
Home|About Us|Speaker Bios|Events|News|Contact Us
© 2008 CSO Interchange. All rights reserved