Howard A. Schmidt CISSP, CISM, Former Special Adviser for Cyberspace Security for the White House

Howard A. Schmidt has had a long distinguished career in defense, law enforcement and corporate security spanning almost 40 years. He has served as Vice President and Chief Information Security Officer and Chief Security Strategist for online auction giant eBay. In The fall of 2004 he assumed the position of Chief Security Strategist for the US CERT Partners Program for the National Cyber Security Division.

He retired from the White House after 31 years of public service. He was appointed by President Bush as the Vice Chair of the President's Critical Infrastructure Protection Board and as the Special Adviser for Cyberspace Security for the White House in December 2001. He assumed the role as the Chair in January 2003 until his retirement in May 2003.

Prior to the White House, Howard was chief security officer for Microsoft Corp., where his duties included CISO, CSO and forming and directing the Trustworthy Computing Security Strategies Group.

Before Microsoft, Mr. Schmidt was a supervisory special agent and director of the Air Force Office of Special Investigations (AFOSI) Computer Forensic Lab and Computer Crime and Information Warfare Division. While there, he established the first dedicated computer forensic lab in the government.

Before AFOSI, Mr. Schmidt was with the FBI at the National Drug Intelligence Center, where he headed the Computer Exploitation Team. He is recognized as one of the pioneers in the field of computer forensics and computer evidence collection. Before working at the FBI, Mr. Schmidt was a city police officer from 1983 to 1994 for the Chandler Police Department in Arizona.

Mr. Schmidt served with the U.S. Air Force in various roles from 1967 to 1983, both in active duty and in the civil service. He had served in the Arizona Air National Guard from 1989 until 1998 when he transferred to the U.S. Army Reserves as a Special Agent, Criminal Investigation Division where he continues to serve. He has testified as an expert witness in federal and military courts in the areas of computer crime, computer forensics and Internet crime.

Mr. Schmidt had also served as the international president of the Information Systems Security Association (ISSA) and the first president of the Information Technology Information Sharing and Analysis Center (IT-ISAC). He is a former executive board member of the International Organization of Computer Evidence, and served as the co-chairman of the Federal Computer Investigations Committee. He is a member of the American Academy of Forensic Scientists. He serves as an advisory board member for the Technical Research Institute of the National White Collar Crime Center, and was a distinguished special lecturer at the University of New Haven, Conn., teaching a graduate certificate course in forensic computing.

He served as an augmented member to the President's Committee of Advisors on Science and Technology in the formation of an Institute for Information Infrastructure Protection. He has testified before congressional committees on computer security and cyber crime, and has been instrumental in the creation of public and private partnerships and information-sharing initiatives. He is regularly featured on CNN, CNBC, Fox TV as well as a number of local media outlets talking about cyber-security.

Mr. Schmidt has been appointed to the Information Security Privacy Advisory Board (ISPAB) to advise the National Institute of Standards and Technology (NIST), the Secretary of Commerce and the Director of the Office of Management and Budget on information security and privacy issues pertaining to Federal Government information systems, including thorough review of proposed standards and guidelines developed by NIST.

Howard holds board positions on a number of corporate boards in both an advisory and director positions.

Mr. Schmidt holds a bachelor's degree in business administration (BSBA) and a master's degree in organizational management (MAOM) from the University of Phoenix. He also holds an Honorary Doctorate degree in Humane Letters.

Philippe Courtot, Chairman and CEO of Qualys, Inc. a leading provider of on demand vulnerability management.

Demonstrating a unique mix of technical vision, marketing and business acumen, Philippe Courtot has repeatedly built innovative companies into industry leaders. As CEO of Qualys, Philippe has worked with thousands of companies to improve their network security. In 2004, Philippe received the SC Magazine Editor's Award for bringing on demand technology to the network security industry and for co-founding, with former White House advisor Howard Schmidt, the CSO Interchange to provide a forum for sharing information in the security industry.

Before joining Qualys, Philippe was the Chairman and CEO of Signio, an electronic payment start-up that he repositioned to become a significant e-commerce player. In February 2000, VeriSign acquired Signio for more than a billion dollars. Today, VeriSign's payment division, based on the Signio technology, handles 30% of electronic transaction in the U.S., processing $100-million in daily sales. Prior to Signio, Philippe was President and CEO of Verity, where he re-engineered the company to become the leader in enterprise knowledge retrieval solutions. Under Philippe's direction, the company completed its initial public offering in November 1995. Philippe also turned an unknown company of 12 people, cc:Mail, into the dominant e-mail platform provider, achieving a 40% market share while competing directly against IBM and Microsoft. Acknowledging the market leading position of cc:Mail and the significance of e-mail in corporate environments, Lotus acquired the company in 1991. In 1986, as CEO of Thomson CGR Medical, a medical imaging company, Philippe received the Benjamin Franklin award for his role in the creation of a nationwide advertising campaign promoting the life- saving benefits of mammography. Philippe served on the Board of Trustees for The Internet Society, an international non-profit organization that fosters global cooperation and coordination on the development of the Internet. French and Basque born, he holds a Masters Degree in Physics from the University of Paris, came to the US in 1981 and has lived in Silicon Valley since 1987.

Julia H. Allen, Senior Technical Staff, Carnegie Mellon University

Julia H. Allen is a senior member of the technical staff within the Networked Systems Survivability Program at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. The CERT® Coordination Center is also a part of this program.

Allen is engaged in developing and transitioning enterprise security frameworks and executive outreach programs in enterprise security and governance. Prior to this technical assignment, Allen served as acting Director of the SEI for an interim period of 6 months as well as Deputy Director/Chief Operating Officer for 3 years. Her degrees include a B. Sci. in Computer Science (University of Michigan) and an MS in Electrical Engineering (University of Southern California). She is the author of The CERT Guide to System and Network Security Practices (Addison-Wesley, June 2001).

C. Warren Axelrod, Director, Global Information Security, Pershing LLC

Warren Axelrod is a director of Pershing LLC, a Bank of New York Securities Group Co., and has global responsibility for information security. He develops and enforces corporate security policies, standards and architectures for Pershing. He is involved at both industry and national levels with security and critical infrastructure protection issues.

He was honored with a Computerworld Premier 100 IT Leaders Award for 2003 and his department's implementation of an intrusion detection system earned a Best in Class award. He represented financial services security interests at the Y2K command center in Washington over the century date rollover. He was a founder of the FS/ISAC (Financial Services Information Sharing and Analysis Center), which is a public-private collaborative effort to share information on security threats, vulnerabilities and incidents among members, and also served two terms on its Board of Managers.

He testified at a Congressional Hearing on November 15, 2001 on cyber security, and contributed to the Banking and Finance Sector's National Strategy for Critical Infrastructure Assurance, which was published in May 2002. He is on the Editorial Advisory Board of The ISSA Journal, and is chairman of the GAISP (Generally Accepted Information Security Principles) Information Security Policy Principles Working Group. He is the author of Outsourcing Information Security, which was released in September 2004. He has published two previous books on computer management (Computer Effectiveness: Bridging the Management/Technology Gap and Computer Productivity: A Planning Guide for Cost-Effective Management), and numerous articles on such topics as computer and network security, contingency planning, and computer-related risks. He has chaired and presented at many conferences, throughout the U.S., Europe and Asia, for the financial services industry and for computer management, technology and security professionals. He holds a Ph.D. in managerial economics from the Johnson Graduate School of Management at Cornell University in Ithaca, New York. He also earned honors degrees in electrical engineering and in economics and statistics, both from the University of Glasgow, Scotland. He is certified as a CISSP and CISM. He also holds NASD Series 7 and Series 24 certifications.

Rich Baich, CISSP, CISM, Chief Information Security Officer, ChoicePoint

Rich Baich, CISSP/CISM, is the Chief Information Security Officer at Choicepoint INC. Mr. Baich has been working in the Information Security Business for over 10 years in various security leadership capacities to include: Cryptology Officer serving at the National Security Agency (NSA), Information Security Consultant, Sr. Director Professional Services at Network Associates and recently as the Special Assistant to the Deputy Director for the National Infrastructure Protection Center ( NIPC) within the FBI.

He holds a BS from United States Naval Academy, MBA / MSM from University of Maryland University College, and has been awarded the National Security Telecommunications and Information Systems Security (NSTISSI) 4011 Certification and the NSA sponsored Information Systems Security (INFOSEC) Assessment Methodology (IAM) Certification.

Rich received Georgia's Information Security Executive Officer of the Year for 2004 and he is currently serving on the Board of Directors for Lancope and the Atlanta InfraGard Organization. He recently authored Winning as a CISO which presents an executive business approach to dealing with information security.

Gerhard Eschelbeck, Chief Technology Officer and VP, Engineering, Qualys

As CTO and VP of Engineering for Qualys, Gerhard Eschelbeck is responsible for securing thousands of customer networks worldwide, including over 200 companies in the Fortune 1000. He also serves on the Department of Homeland Security Task Force on Cyber Security Early Warning and is a significant contributor to the SANS Top 20 initiative to identify the most critical security vulnerabilities.

Eschelbeck is a respected researcher and author in the network security field. In 2003, Eschelbeck published the well-known &Laws of Vulnerabilities,& the industry's first research derived from the largest real-world vulnerability dataset, a statistical analysis of millions of critical vulnerabilities collected by millions of scans over a two-year period. In 2004, he formulated his new &Laws of Vulnerabilities& for Internal Networks,& based on vulnerability data gathered during the past 30 months from over five million scans of individual systems.

Prior to joining Qualys, Eschelbeck was Senior VP of Engineering for security products at Network Associates, VP of Engineering of anti-virus products at McAfee Associates (before its acquisition by NAI), and Founder of IDS GmbH, a secure remote tool company acquired by McAfee.

Earlier, he was a research scientist at the University of Linz, Austria, where he earned Masters and Ph.D. degrees in computer science and where he still teaches regularly in the field of network security. Eschelbeck has authored several papers on active security, automating security management, and multi-tier IDS. He is an inventor of numerous patents in the field of managed network security.

Christofer Hoff, Chief Information Security Officer, WesCorp

Hoff serves as WesCorp Federal Corporate Credit Union's Chief Information Security Officer and Director of Enterprise Security Services. WesCorp is the country's largest Federal Corporate Credit Union with assets totaling $25 Billion.

Hoff is responsible for WesCorp's Enterprise Security initiatives focused on providing internal business units and credit union members with rational information security risk management services and a consultative approach to information security.

Hoff is tasked with the overall responsibility to provide and support a secure computing environment for WesCorp. This includes the creation and security life-cycle management of policies, procedures and information security governance efforts including regulatory compliance requirements.

Prior to joining WesCorp, Hoff served as the Chief Security and Technology Officer for a national security consulting firm. He has served on the Board of three Internet technology ventures and successfully raised nearly $2 Million in venture capital funding.

Hoff currently holds several security credentials including CISSP, CISA, CISM, IAM, CCSE+ and is an accomplished and accredited technical instructor. He is active in several security associations such as ISC2, ISACA and the ISSA.

Gene Kim, CTO and co-founder of Tripwire, Inc.

In 1992, he co-authored Tripwire while at Purdue University with Dr. Gene Spafford. Since 1999, he has been studying best in class IT operations, security and audit organizations, and co-founded the IT Process Institute, dedicated to research, benchmarking and development of prescriptive guidance. In 2004, he co-wrote the Visible Ops Handbook, codifying how to successfully transform IT organizations from "good to great." In 2003, he co-chaired two conferences with SANS and the Software Engineering Institute, and was named by InfoWorld as one of the "Four Up and Coming CTOs to Watch." Gene is certified on both IT management and audit processes, possessing both ITIL Foundations and CISA certifications. He currently serves on the Advanced Technology Committee of the Institute of Internal Auditors.

Michael Rasmussen, CISSP, Principal Analyst - Risk/Compliance Management, Forrester Research, Inc.

Michael is an analyst in Forrester's IT Management & Services research group. An information risk professional with more than 10 years of experience, Michael provides advice to clients around the globe on issues pertaining to risk and compliance management as well as public policy, legislation and regulation impacting information technology. One of Michael's primary research objectives is to assist clients in developing risk and compliance management programs that meet business requirements, protect stakeholder value, and reduce operational risk exposure to the organization.

onsidered one of the foremost authorities in understanding the broad view and impact of information standards, regulations, and legislation, Michael has worked closely with large commercial organizations and government agencies. His involvement in government initiatives has included contributions to US Congressional Reports & Committees and input to the President's Critical Infrastructure Protection Board on the National Strategy to Secure Cyberspace. During his career, Michael has worked in both the consulting and enterprise sectors. Prior to joining Forrester, he led the information protection consulting practice at a professional services firm. Earlier, his career included industry experience in healthcare and manufacturing.

Michael's educational experience consists of a B.S in business with a focus in information systems from the University of Phoenix. Michael has previously studied theology, and is currently pursuing a Juris Doctorate from the Oakbrook College of Law and Government Policy.

Randolph (Randy) N. Sanovic, CISSP, ISSMP, General Director, Information Security, General Motors Corporation

Randy has been an Information Security Professional since 1974. In 1978 he became Manager, Computer Security Planning for Mobil Corporation responsible for the Corporation's overall information security posture, strategy, programs, plans, and policies. In 1995, Randy became Director, Information Systems Security for United Healthcare Corporation where he directed a staff of thirty-two information security professionals. His responsibilities, included reorganizing the Corporation's disparate information security functions into a worldwide well-managed function, and developing an effective Strategic IT-Security Plan covering the Corporations distributed 3-tier client server, and Internet/Intranet computing environments. In 1997 Randy became General Director, Information Security for General Motors Corporation responsible for GM's information security strategy, programs, plans, and global information security posture.

Some of Randy's other professional affiliations include being a member of the Board Of Directors, International Information Systems Security Certification Consortium (ISC)2 since 1989 and Co-Chair of (ISC)2's America's Advisory Board, a four—year member National Computer Systems Security & Privacy Advisory Board, and past Chairman of the Membership Advisory Committee of the International Information Integrity Institute (I-4). Randy has also presented at major national and international IT-Security conferences, published articles on IT-security, and continues to serve on editorial boards of IT-security publications. Educational background includes B.B.A. and M.B.A.

Karen Worstell, Chief Information Security Officer, Microsoft

As CISO of Microsoft, Karen is responsible for securing Microsoft's information assets worldwide. She joined Microsoft in early 2005, and leads policy development and deployment, IT governance, system security analysis and engineering, assessment and compliance, investigations, and the Security Center of Excellence.

Karen's 20 years of information security experience spans the government classified and commercial sectors. Prior to joining Microsoft, Karen was the VP of IT Risk Management and CISO for AT&T Wireless/Cingular. Before joining AT&T Wireless she led the Security practice for SRI Consulting and its spin-off, Atomic Tangerine, where she assisted clients with opportunity analysis for information security start-ups, led product development and security research on emerging trends, and consulted with global Fortune 500 and government customers in the U.S., Singapore and Europe. She has also served in senior information security roles at Bank of America, Boeing Defense and Space, Boeing Research and Technology, and Union Carbide Corporation. She served one term on the Computer Systems Security and Privacy Advisory Board of the U.S. Department of Commerce.

Karen holds Bachelor of Science degrees in Chemistry and Molecular Biology from the University of Washington, and a Master of Science degree in Computer Science from Pacific Lutheran University. She is a Certified Information Security Manager.

Andreas Wuchner, Global IT Security Head, Novartis

Andreas Wuchner is Head Global IT Security of Novartis Pharmaceuticals where he has functional leadership responsibility for IT Security and Security Emergency Response management globally across the corporation. In this role he and his team are responsible for the planning and supervision of Novartis global computer and network information security systems, defining company-wide IT Security policies & standards and enhancing the security of Novartis IT services and global infrastructure components.

He has over 10 years practical experience and business expertise spanning all aspects of information technology management - particularly in rapidly changing, highly demanding and large scale environments. Prior to joining Novartis Pharmaceuticals Andreas worked for Ciba Geigy and IBM on various IT functions.

Currently he represents Novartis on Executive Strategic Security Advisory Boards of several leading security industry companies including Symantec Corporation and Microsoft.

He is a regular speaker on different aspects of information risk management and IT Security practices from a pharmaceutical business viewpoint. Recent speaking engagements include security seminars in Europe, Asia and USA.

Andreas holds an Engineering degree in Electronics and Computer Science from the University of Applied Sciences of Offenburg in Germany.

Amit Yoran, Security Advisor, Yoran Enterprises

Amit Yoran serves as an independent director to several innovative security technology companies and as a security strategy advisor to several large corporations. He was appointed by President Bush as the Administration's cyber chief, responsible for coordinating the national activities in cyber security. Working with the Secretary of Homeland Security, Mr. Yoran coordinated among federal departments, law enforcement and intelligence efforts, as well as direct interaction with many leading IT and IT security companies. These efforts were particularly focused on protection of the 13 critical infrastructures of the United States.

Prior to joining the Bush Administration, Mr. Yoran was the Vice President of Worldwide Managed Security Services at the Symantec Corporation. Mr. Yoran was the co- founder of Riptech, a market leading IT security company, and served as its CEO until the company was acquired by Symantec. He previously served an officer in the US Air Force as the Director of Vulnerability Programs for the Department of Defense's Computer Emergency Response Team. Mr. Yoran received a Master of Science degree from the George Washington University and Bachelor of Science from the United States Military Academy at West Point.