CSO Interchange speakers New York, December 7, 2004.

Howard Schmidt, Chief Security Officer, eBay

Howard A. Schmidt joined eBay as Vice President and Chief Information Security Officer in May of 2003. He retired from the federal government after 31 years of public service. He was appointed by President Bush as the Vice Chair of the President's Critical Infrastructure Protection Board and as the Special Adviser for Cyberspace Security for the White House in December 2001. He assumed the role as the Chair in January 2003 until his retirement in May 2003.

Prior to the White House, Schmidt was chief security officer for Microsoft Corp., where his duties included CISO, CSO and forming and directing the Security Strategies Group. Before Microsoft, he was a supervisory special agent and director of the Air Force Office of Special Investigations (AFOSI), Computer Forensic Lab and Computer Crime and Information Warfare Division. Before AFOSI, Schmidt was with the FBI at the National Drug Intelligence Center, where he headed the Computer Exploitation Team.

Schmidt is recognized as one of the pioneers in the field of computer forensics and computer evidence collection. He served as an augmented member to the President's Committee of Advisors on Science and Technology in the formation of an Institute for Information Infrastructure Protection. He has testified before congressional committees on computer security and cyber crime, and has been instrumental in the creation of public and private partnerships and information-sharing initiatives. He holds a bachelor's degree in business administration (BSBA) and a master's degree in organizational management (MAOM) from the University of Phoenix as well as an Honorary Doctorate in Humane Letters.


Philippe Courtot, Chairman and CEO of Qualys, Inc. a leading provider of on demand vulnerability management.

Demonstrating a unique mix of technical vision, marketing and business acumen, Philippe Courtot has repeatedly built innovative companies into industry leaders. As CEO of Qualys, Philippe has worked with thousands of companies to improve their network security. In 2004, Philippe received the SC Magazine Editor's Award for bringing on demand technology to the network security industry and for co-founding, with former White House advisor Howard Schmidt, the CSO Interchange to provide a forum for sharing information in the security industry.

Before joining Qualys, Philippe was the Chairman and CEO of Signio, an electronic payment start-up that he repositioned to become a significant e-commerce player. In February 2000, VeriSign acquired Signio for more than a billion dollars. Today, VeriSign's payment division, based on the Signio technology, handles 30% of electronic transaction in the U.S., processing $100-million in daily sales. Prior to Signio, Philippe was President and CEO of Verity, where he re-engineered the company to become the leader in enterprise knowledge retrieval solutions. Under Philippe's direction, the company completed its initial public offering in November 1995. Philippe also turned an unknown company of 12 people, cc:Mail, into the dominant e-mail platform provider, achieving a 40% market share while competing directly against IBM and Microsoft. Acknowledging the market leading position of cc:Mail and the significance of e-mail in corporate environments, Lotus acquired the company in 1991. In 1986, as CEO of Thomson CGR Medical, a medical imaging company, Philippe received the Benjamin Franklin award for his role in the creation of a nationwide advertising campaign promoting the life- saving benefits of mammography. Philippe served on the Board of Trustees for The Internet Society, an international non-profit organization that fosters global cooperation and coordination on the development of the Internet. French and Basque born, he holds a Masters Degree in Physics from the University of Paris, came to the US in 1981 and has lived in Silicon Valley since 1987.


Joyce Brocaglia, CEO, Alta Associates

Joyce Brocaglia is president and chief executive officer of Alta Associates, the premier executive recruitment firm for the information security industry. Since 1986, the firm has served as a trusted advisor for organizations seeking top industry talent and has played a key role in building corporate information security organizations, developing professional services practices and growing security product start-ups.

Brocaglia is a recognized career counselor, sought after for her knowledge of market conditions, business intelligence and ability to create industry alliances. In 2003, Brocaglia founded the Executive Women's Forum on Information Security, Privacy and Risk Management; a ground breaking event for women executives in the information security industry to exchange ideas and best practices.

Brocaglia is a frequent speaker at leading industry events on the topics of career matters and emerging roles within the information security community. She is the career advisor of CSO Magazine and author of the monthly “Career Corner” column for the Information Systems Security Association (ISSA) Journal Magazine. She also serves on the board of advisors for the Information Systems Security Association and ISC2. Brocaglia holds a Bachelor of Science degree in accounting from Montclair State University and is a Certified Public Accountant.


Larry L. Brock, Chief Information Officer, DuPont

Larry Brock has been working for DuPont for 27 years in Information Technology, Research & Development, and Marketing. He has worked in several functional groups and businesses across DuPont, including the Corporate IT group, Imaging, Fibers, and Nylon.

Within IT, he previously was the CIO of the Flooring business unit. He has led the development and implementation of several large systems including; manufacturing product control, materials management, engineering maintenance, quality management, and data warehouse systems. While working in the Corporate IT group, he led the migration to open-based systems for both networking and computing.

Within Research & Development, Larry led the development and deployment of several imaging based systems, including a patented system to electronically move radiographs between hospitals and remote physicians.

Larry has served as an Information Security Officer within the US Air Force with primary assignment at the National Security Agency (NSA). He was active for the initial four years and continued in a reserve capacity for 26 years and retired as a Lt Colonel.
Larry holds a Bachelor's and Master's degree in electrical engineering.


Daniel W. Caprio, Jr., Deputy Assistant Secretary for Technology Policy and Chief Privacy Officer, U.S. Department of Commerce

Daniel W. Caprio, Jr. is part of the Technology Administration’s Office of Technology Policy (OTP). The TA/OTP Tech Team strives to maximize technology’s contribution to U.S. economic growth, productivity, innovative capacity and global competitiveness. The office works closely with leaders from industry, federal labs and universities and state, federal and international governments on critical policy issues impacting technology creators and users.

Commerce Secretary Donald L. Evans recently named Caprio to serve as the Commerce Department’s Chief Privacy Officer (CPO) where he will oversee all Departmental activities related to the development and implementation of federal privacy laws, policies and practices.

Prior to working at Commerce, Caprio served for the previous six years as Special Assistant and Chief of Staff to Federal Trade Commissioner Orson Swindle, where he worked as principal technology policy advisor with specific emphasis on information security, privacy, and global electronic commerce. In December 2001, Caprio was appointed to the United States Government Experts Group to revise the Organization for Economic Cooperation and Development (OECD) Guidelines for the Security of Information Systems and Networks. In December 2003, Mr. Caprio was named co-chairman of the National Cyber Security Partnership Awareness Task Force, a position he still holds.

Prior to joining Commissioner Swindle’s staff, Caprio was a lobbyist for KPMG Peat Marwick. Caprio has a broad range of experience in the federal legislative and executive branches of government, having worked for a member of the U.S. Senate, a number of members of the U.S. House of Representatives, including Representative Frank R. Wolf (R-VA ), and at the U.S. Department of Commerce where he directed Congressional Relations for the Economic Development Administration. Caprio worked in state government where he represented the State of Illinois and Governors James R. Thompson and Jim Edgar. He received his B.S. in Political Science from James Madison University.


Jaime Chanaga, Chief Information Security Officer, Geisinger Health System

Jaime Chanaga leads Geisinger's Information Security Office, and manages the development and implementation of system-wide policy, standards, guidelines, and procedures for safeguarding all information resources.

Geisinger is an 8,500 employee, 674-bed, physician-led system serving the healthcare needs of approximately 2.3 million people in 38 counties of Central and Northeastern Pennsylvania. Geisinger enjoys national acclaim as a model for quality health service with listings in the Best Doctors in America, Best Hospitals in America, Best Health Maintenance Organizations (HMO), and the nation's 100 Most Wired Hospitals and Health Systems.

Prior to this, Jaime was with OAG.COM where he was responsible for their Information Security division group. Jaime has served Fortune 500 organizations including, Computer Associates, Lucent Technologies, and Ameritech throughout the United States, Canada, and the United Kingdom.

Jaime is a Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA). He is a member of the International Information Systems Security Certification Consortium and the Information Systems Audit and Control Association & Foundation.


Dave Cullinane, Chief Information Security Officer, Washington Mutual

Dave Cullinane is the Chief Information Security Officer (CISO) for Washington Mutual, Inc. one of the largest banks in the United States.

Prior to joining Washington Mutual, Cullinane was a Senior Consultant for nCipher, Inc. and the Director of Information Security for Sun Life Financial's U.S. operations. He also helped create Digital Equipment Corporation's Security Consulting Practice.

Cullinane has more than 20 years of security experience and is Board Certified in Security Management by ASIS International as a Certified Protection Professional (CPP). He is also a Certified Information Systems Security Professional (CISSP) and a former Certified Business Continuity Professional (CBCP).

Cullinane is the current International President of the Information Systems Security Association (ISSA), the world's largest not-for-profit association of information security professionals. He also serves on ASIS International's Standing Committee on Computer Security and is on the Editorial Advisory Boards of CSO Magazine and Security Technology & Design Magazine.


Gerhard Eschelbeck, Chief Technology Officer and VP, Engineering, Qualys

As CTO and VP of Engineering for Qualys, Gerhard Eschelbeck is responsible for securing thousands of customer networks worldwide, including over 200 companies in the Fortune 1000. He also serves on the Department of Homeland Security Task Force on Cyber Security Early Warning and is a significant contributor to the SANS Top 20 initiative to identify the most critical security vulnerabilities.

Eschelbeck is a respected researcher and author in the network security field. In 2003, Eschelbeck published the well-known "Laws of Vulnerabilities," the industry's first research derived from the largest real-world vulnerability dataset, a statistical analysis of millions of critical vulnerabilities collected by millions of scans over a two-year period. In 2004, he formulated his new "Laws of Vulnerabilities" for Internal Networks," based on vulnerability data gathered during the past 30 months from over five million scans of individual systems.

Prior to joining Qualys, Eschelbeck was Senior VP of Engineering for security products at Network Associates, VP of Engineering of anti-virus products at McAfee Associates (before its acquisition by NAI), and Founder of IDS GmbH, a secure remote tool company acquired by McAfee.

Earlier, he was a research scientist at the University of Linz, Austria, where he earned Masters and Ph.D. degrees in computer science and where he still teaches regularly in the field of network security. Eschelbeck has authored several papers on active security, automating security management, and multi-tier IDS. He is an inventor of numerous patents in the field of managed network security.


Christofer Hoff, Chief Information Security Officer, WesCorp

Hoff serves as WesCorp Federal Corporate Credit Union's Chief Information Security Officer and Director of Enterprise Security Services. WesCorp is the country's largest Federal Corporate Credit Union with assets totaling $25 Billion.

Hoff is responsible for WesCorp's Enterprise Security initiatives focused on providing internal business units and credit union members with rational information security risk management services and a consultative approach to information security.

Hoff is tasked with the overall responsibility to provide and support a secure computing environment for WesCorp. This includes the creation and security life-cycle management of policies, procedures and information security governance efforts including regulatory compliance requirements.

Prior to joining WesCorp, Hoff served as the Chief Security and Technology Officer for a national security consulting firm. He has served on the Board of three Internet technology ventures and successfully raised nearly $2 Million in venture capital funding.

Hoff currently holds several security credentials including CISSP, CISA, CISM, IAM, CCSE+ and is an accomplished and accredited technical instructor. He is active in several security associations such as ISC2, ISACA and the ISSA.


David M. Kowal, Chief Information Security Officer, JPMorgan Chase

David Kowal joined JPMorgan Chase Manhattan Bank in October 1992. He is currently a Technology Auditor and member of the Department's Technology Infrastructure Group. Previously he had global audit responsibility for the firm's technology infrastructure organization and is now working on a strategic risk initiative to re-engineer the audit process.

Prior to joining JPMorgan Chase, Kowal was with a predecessor institution, Chemical Bank, for eight years where he managed the technology infrastructure audit group. In addition, he has held positions as technology auditor, systems programmer and application programmer at The University of Michigan for ten years. Kowal was also an instructor at the Junior College Level. He has lectured at conferences for the Institute of Internal Auditors and MIS Training Institute.

Kowal received a B. G. S. from The University of Michigan and a J. D. from the Detroit College of Law. He has a license to practice law in the State of New York.


John Meakin, Group Head of Information Security, Standard Chartered Bank

John Meakin leads a global information security team at Standard Chartered Bank, one of the world's most international banks with 30,000 employees in more than 50 countries and a management team comprised of 70 nationalities.

Meakin has 18 years of experience in information systems security. His specialty is better modeling and managing the costs and benefits of security for large businesses, particularly enabling dynamic management and monitoring instead of traditional static prevention processes. Previously, Meakin led systems security policy and strategy for Reuters, the Royal Bank of Scotland, Swiss Bank Corporation, and the investment-banking arm of Dresdner Bank. He has also provided information security consultancy support to several blue chip clients aimed at improving systems security and effectiveness.

Meakin has a Ph.D. in experimental solid state physics from Cambridge University, plays football regularly and builds computers in his spare time. He is a regular speaker at industry conferences and public forums.


David Mortman, Director of Global Security, Siebel Systems, Inc.

Mortman and his team are responsible for Siebel Systems' worldwide IT security infrastructure, both internal and external. He also works closely with Siebel's product groups and the company's physical security team. Previously, Mortman was Manager of IT Security at Network Associates, where, in addition to managing data security, he deployed and tested all of NAI's security products before they were released to customers. Before that, Mortman was a Security Engineer for Swiss Bank. A CISSP, member of USENIX/SAGE, and speaker at RSA's 2002 security conference, Mortman earned a BS in Chemistry from the University of Chicago.


Jeff Moss, CEO, Black Hat, Inc. and Founder of DEFCON

Jeff Moss, CEO of Black Hat, Inc. and founder of DEFCON, is a renowned computer security scientist most well known for his forums bringing together a unique mix in security: the best minds from government agencies and global corporations with the underground's best hackers. Moss' forums have gained him exposure and respect from each side of the information security battle, enabling him to continuously be aware of new security defense and penetration techniques and trends. Moss brings this information to three continents, North America, Europe and Asia, through his Black Hat Briefings, Black Hat Trainings, and DEFCON.

Moss speaks to the press regularly about computer security, privacy and technology and has appeared in such media as Business Week, CNN, Forbes, Fortune, New York Times, NPR, National Law Journal, and Wired Magazine. He is a regular presenter at conferences including Comdex, CSI, Forbes CIO Technology Symposium, Fortune Magazine's CTO Conference, The National Information System Security Convention, and PC Expo.

Prior to Black Hat, Moss was a director at Secure Computing Corporation, and helped form and grow their Professional Services Department in the United States, Taipei, Tokyo, Singapore, Sydney, and Hong Kong. Prior to Secure Computing Corporation, he worked for Ernst & Young, LLP in their Information System Security division. Moss graduated with a BA in Criminal Justice from Gonzaga University, and halfway through law school, he went back to his first love, computers, and started his first IT consulting business in 1995. He has been CISSP certified, and is a member of the American Society of Law Enforcement Trainers.


Ira Winkler, President and Acting CEO, Internet Security Advisory Group

Ira Winkler is recognized as one of the world's experts in Internet security, information warfare, information-related crime investigation, and industrial espionage. He is a specialist in penetration testing, where he infiltrates companies, both technically and physically, to find and repair an organization's weaknesses.

Prior to becoming founder and president of the Internet Security Advisors Group (ISAG), Winkler was Director of Technology at the International Computer Security Association (ICSA). ICSA (www.icsa.net) is a leading provider of security assurance, product certification, training, and information services, also functioning as an industry association with several thousand members. At the ICSA, Winkler was responsible for managing the Association's laboratories and led the team establishing certification criteria for Internet firewalls.

Winkler began his career at the National Security Agency (NSA), where he performed cryptanalysis and was responsible for systems design and implementing security elements in intelligence collection and analysis systems. Subsequent to his work at the NSA, he served as a consultant with government contractors, designing and implementing security systems throughout the intelligence community. While working with the government, he realized how vulnerable large computer systems are to unauthorized entry and alteration, and that this problem could cost businesses billions of dollars annually.

Winkler is the author of Corporate Espionage, (Prima Publishing, 1997), which describes the challenges of doing business in the digital age. He is the co-author of a new bestseller, Through the Eyes of the Enemy, which details the intelligence aspect of the cold war and the emergence of the Russian mafia as a national security threat. He has also written more than 70 articles and white papers on corporate security issues.