The Security Standard 2011
Security Standard 2011 - Speakers
Nick Akerman
Dorsey & Whitney LLP
A partner in Dorsey’s New York Office, Nick Akerman is a trial lawyer specializing in both complex civil and criminal cases. He is a nationally recognized expert on computer crime and the protection of competitively sensitive information and computer data. Nick has obtained over 15 injunctions under the federal Computer Fraud and Abuse Act in various federal courts around the country requiring computer thieves to return stolen computer data and prohibiting the dissemination of the data to competitors. He also consults with clients in developing systems, policies and protocols to protect computer data.
Nick received his JD, cum laude, from Harvard Law School; and his BA, magna cum laude, from the University of Massachusetts. He is admitted to practice in New York, Massachusetts, and the District of Columbia.
Dave Anderson
Senior Director of Security and Risk Management
Dave Anderson is Senior Director of Security and Risk Management for McAfee, responsible for the global product marketing strategy for McAfee’s Risk and Compliance business unit.  Dave has nearly 20 years global experience in information security, risk management, and strategy at leading enterprise technology and services companies, including SAP, ArcSight, KPMG, and VeriSign, where he has developed market and product solutions that integrate risk, compliance, security and strategy into unified governance and risk frameworks.  Dave’s experience includes implementing and delivering IT Governance solutions based on COSO, CobiT, ISO 27001 and ITIL standards.  Dave has been published in multiple leading industry and technical journals, and is a frequent speaker on risk management, corporate governance, and security strategy.  Dave holds an MBA from Duke University, specializing in global management and strategy.
Jerry Archer, CISSP
Senior Vice President and Chief Security Officer
Sallie Mae

Mr. Archer's responsibilities include securing and protecting all of Sallie Mae’s systems and offerings, and for security initiatives across the company. Prior to Sallie Mae, Archer was the Chief Information Security Officer at Intuit and prior to joining Intuit, Archer was managing director at Global Competitive Strategies, LLC. Previously, Mr. Archer was Senior Vice President for Global Interoperability at Visa International and before Visa, at the Fidelity Brokerage Company; he was senior vice president of information security and technical risk.  For his work in the U.S. Intelligence Community earned Mr. Archer the National Performance Review Hammer Award, a Distinguished Service Award from the Central Intelligence Agency and a Meritorious Unit Citation from the National Security Agency.

James Beeson
GE Capital - Commercial

James Beeson has spent fourteen years with General Electric. James started as a Technical Services Manager in GE Capital, Vendor Financial Services, moved into Information Security in 2000 with responsibility for Mid-Market Finance, and is now responsible for Information Security and Data Protection globally at GE Capital (Commercial Lending and Leasing, Real Estate Financing, Energy Financial Services, and Capital Aviation Services), a group of businesses that generates more than $31 Billion per year in Revenue, providing over $2.5 Billion per year in Net Income and managing over $360 Billion in assets.

He has an MBA from Southern Methodist University with a Finance emphasis and a BBA with a major in Management and Leadership. He is Certified in Risk and Information Systems Control (CRISC), and also Six Sigma Quality certified.

David Black
Aon eSolutions

David Black is the CISO for Aon eSolutions, the leading global provider of web-enabled integrated risk management tools and resources. Mr. Black is responsible for Aon eSolutions strategy and approach to IT risks as well execution of initiatives for protection of all our products and services as well as our corporate environment.

During his 15-year information security career, Mr. Black has performed security roles from technical design and implementation to development and execution of comprehensive strategic security and IT risk management programs. His experience spans across industries with consulting and corporate tenures directing global security initiatives and teams.

Scott Borg
Director and Chief Economist
U.S. Cyber Consequences Unit

Scott Borg is the Director and Chief Economist of the U.S. Cyber Consequences Unit (US-CCU), an independent, non-profit research institute that investigates the strategic and economic consequences of possible cyber-attacks. He is responsible for many of the concepts that are currently being used to analyze the implications of cyber security in business contexts. He did pioneering research on the possible impact of cyber attacks on critical infrastructure industries and on a risk-based approach to cyber defense. In collaboration with John Bumgarner, he is author of the “US-CCU Cyber-Security Check List”, which is regularly used by security professionals in over eighty countries. Mr. Borg’s book “Cyber Attacks: A Handbook for Understanding the Economic and Strategic Risks” should be out later this year.

Bob Bragdon
CSO magazine
As the publisher of CSO (Chief Security Officer) magazine, the world's leading information resources for security executives, Bragdon manages the full CSO product line, including, CSO magazine and CSO events. He works closely with industry vendors, enterprise security executives, government officials and law enforcement agencies in identifying and addressing the challenges of today's complex security and risk management environments. A frequent speaker and panel moderator on enterprise and national security issues, Bragdon has presented and keynoted at numerous industry events. Prior to his current role at CSO magazine, he served as Vice President of Event Marketing and Sales for COMDEX at Key3Media Events. Bragdon has also held various management positions in marketing, sales and product development at SOFTBANK, Ziff-Davis and Cahners Publishing. He is a member of the ASIS International and a graduate of Bowdoin College with a BA in Government and International Relations.
Roland Cloutier
Vice President and Chief Security Officer
As the newly appointed CSO of ADP, Roland Cloutier brings one of the world's largest providers of business outsourcing solutions a wealth of global protection and security leadership experience, including the management of strategic converged security and business protection programs. Prior to ADP, Mr. Cloutier served as Vice President and CSO of EMC, where he spearheaded protection of the company's worldwide business operations including leadership of all information, business risk, crisis management, and investigative security operations, across both the commercial and government sectors. Mr. Cloutier has held executive security management roles at consulting and managed security service organizations and has more than nine years experience in federal law enforcement. Mr. Cloutier is active in industry development and is on the Advisory Boards for Vigilance Corp and Core Security Technologies, and ADP’s board representative for the National Cyber Security Alliance Council.
Robert Duran
Information Security & Privacy Officer
Time Inc.

Robert Duran is the Information Security and Privacy Officer and VP of Information Risk Management for Time Inc., a New York City-based division of Time Warner Inc. Robert’s organization has responsibility for Information Security, Privacy, Business Continuity and Vendor Management programs both domestically and internationally at Time Inc.

Over the past eight years at Time Inc., Robert has worked in partnership with Time Inc.’s business leaders in delivering some of the worlds most visited websites such as, and innovative consumer products and services. Robert received his MBA from the Darden Graduate School of Business, University of Virginia.

Andy Ellis
Akamai Technologies
Andy Ellis is Akamai's Chief Security Officer, responsible for overseeing the security architecture and compliance of the company's massive, globally distributed network as well as setting the strategic security direction of its offerings and managing the Information Security organization at Akamai.
A graduate of MIT and a former US Air Force officer, Andy is a noted speaker and the author of Protecting a Better Internet, a blog focused on key issues facing the information security industry. He also sits on the Board of Advisors of HacKid.
Jamil Farshchi
Senior Business Leader of Strategic Planning and Initiatives

Jamil is a security and technology leader whom strives to create competitive advantage and business value through the implementation of risk-based and mission-aligned security. Previous to his current role at Visa, Jamil was the CISO at Los Alamos National Laboratory (LANL) and was responsible for the protection of the laboratory’s classified and unclassified information assets. He has extensive security and technology experience working in or supporting industries including health care, financial services, telecommunications, business process outsourcing, aeronautics, defense and energy for companies such as Sitel Corporation, NextWave Wireless and the National Aeronautics and Space Administration (NASA).

Jamil has published numerous articles on subjects including anomaly-based intrusion detection, wireless security, and information security value creation. He has received several technology awards including the NASA Cooperative External Achievement Award and the President’s Council on Integrity and Efficiency IT Excellence Award. Jamil attended the University of Oklahoma, Harvard Business School, and is currently a Doctoral Candidate at The Wharton School/GSE, University of Pennsylvania.

Gene Fredriksen
Tyco International

Gene Fredriksen is the CISO for Tyco International. Formerly he was the principal consultant of the Burton Group, which focuses on security architecture and infrastructure, information risk management, security governance, compliance and identity management. Prior to joining Burton, he served as CSO of Raymond James Financial and worked at Eaton Corporation and American Family Insurance. Fredriksen is also a certified Information Security Manager (CISM) and has been a participant in numerous security and risk management groups, including as past chair of the BITS Security and Risk Assessment Steering Committee and member of the Financial Services Sector Coordinating Council research and development committee. Currently, he is chair of the St. Petersburg College Information Security Programs Advisory Board. In 2004, Fredriksen was selected as a top five information security executive in the United States by the Executive Alliance.

Mike Gable
AVP, Strategic Sales
Trend Micro
Mike Gable joined Trend Micro in early 2004 as Director of Sales Engineering and held that position until 2008.  This coincided with dramatic growth that saw Trend Micro’s North American revenues more than double.  In 2009, Mike moved to his current role in Strategic Sales management—where he is currently implementing Trend Micro’s next-generation sales strategies.

Mike has more than 20 years’ experience in technology, including key positions with industry standouts and pioneers including Harris Semiconductor, Banyan Networks, Peakstone, and Novell.  Mike has worked in sales, product development, systems engineering, product management, marketing, professional services, and strategic planning.

Mike is fluent in Spanish having spent most of his childhood in Latin America.  He holds a degree in Economics from Wake Forest University.
Jeffrey Garonzik
Information Assurance Architect
Central Intelligence Agency

Mr. Jeffrey Garonzik is the Information Assurance Architect for the Central Intelligence Agency. Mr. Garonzik has over thirty years of Information Technology, Information Assurance, and Cybersecurity experience throughout the Intelligence Community and in industry. Mr. Garonzik is currently providing the vision and defining the operational and strategic direction for addressing the major Cybersecurity challenges for the Intelligence Community. In industry, he previously held the positions of Manager of Information Systems at McCoy Electronics and Technical Director for Trident Data Systems. Mr. Garonzik’s experience with Information Assurance threats, assessments, countermeasures, and government information systems make him a recognized leader, innovator, subject matter expert, and advisor for organizations that are securing their cloud infrastructures.

Mr. Garonzik has earned a BS in Computer Science from Shippensburg University, a Masters in Information Technology from Johns Hopkins, a Certificate in Public Finance from University of Maryland, and is currently pursuing an MBA in leadership at the University of Baltimore. Mr. Garonzik has repeatedly been a distinguished lecturer on Information Assurance topics at the Annual Computer Security Applications Conference and is a recognized author for HP Design magazine. Mr. Garonzik is a Certified Information Systems Security Professional and has earned earned certification from ICCP Certified Computing Professional in systems analysis and security.

Darren Guarino
Information Security Director
Tyco International
Patrick D. Howard
U.S. Nuclear Regulatory Commission
Patrick D. Howard, Chief Information Security Officer (CISO), U.S. Nuclear Regulatory Commission and is responsible for overseeing the agency-wide cyber security program. He has over 35 years of experience in the security industry, and has worked in the computer security field for the past 18 years. Mr. Howard also served as the CISO at the Department of Housing and Urban Development (HUD) from 2005-2008, where he led HUD to a first ever "A+" score on Congress' 2006 Federal Information Security Management Act (FISMA) Report Card and was recognized as a 2007 Fed 100 winner for his accomplishments in government IT. Prior to joining HUD, Mr. Howard was employed by the Titan Corporation supporting the Department of Transportation (DOT) where he served as the DOT's Certification and Accreditation Program Manager. Mr. Howard is co-author of the Total CISSP Exam Prep Book, and authored Building and Implementing a Security Certification and Accreditation Program and FISMA Principles and Best Practices: Beyond Compliance.
Mr. Howard received a Bachelor’s degree in History from the University of Oklahoma and a Master’s degree in International Relations from Boston University. He is a Certified Information Systems Security Professional and a Certified Information Security Manager. He is a member of the American Council for Technology/Industry Advisory Council (ACT/IAC) Cyber Security Shared Interest Group Government Advisory Panel and the International Information Systems Security Certification Consortium’s Government Advisory Board and Executive Writer’s Bureau, which he chairs. Mr. Howard is also an adjunct professor of Information Assurance at Walsh College, Troy Michigan.
JT Jacoby
Chief Security Officer
NYC Housing Authority
JT Jacoby is Chief Security Officer at the NYC Housing Authority. Previously, he held several roles at Fidelity including technology audit, emerging risk and information security reporting to the CISO. As a Senior Director there, he led the firm-wide Identity theft, corporate information security risk management programs and was a leading internet security strategist. Prior to Fidelity, JT was Executive Vice President of auditek, inc., a Fortune 500 information technology audit and security consultancy located in Washington, DC. He is a member of the Institute of Internal Auditor’s editorial review committee and possesses both CISA and CISM certifications. He frequently lectures on the topics of IT security.
Shukri Khader
Avon Products

Shuk Khader has more than 21 years of experience in the information technology industry (i.e., Information Security, Technology Audit, Telecommunications, Internet, Client/Server Architecture, Market Data Services). Shuk has been with Avon in this capacity for over 10 years. He is responsible for shaping up the Global Information Security strategy, which includes overseeing, implementing, maintaining and coordinating all information security efforts across the company, including information technology, human resources, communications, legal, facilities management and third-party vendors who provide various services to Avon and Business groups.

Prior to Avon, Shuk served as the Information Security Officer for the Asset Management Services Group at JPMorgan. He also worked at Nynex (Verizon now), and for a couple of consultant firms. He holds a master’s degree in System Science and is a member of the Microsoft CSO Council, the Next Generation Information Security Advisory Board, and also serves as a member on the governing body of the NY CISO executive summit.

Josh Konvisser
Pillsbury Winthrop Shaw Pittman LLP

Mr. Konvisser represents clients in sophisticated technology transactions. Mr. Konvisser's experience includes representing vendors and customers in complex sourcing and technology transactions such as information technology and business process outsourcing; computer software and systems transactions; technology transfers and distribution agreements; and software licensing, marketing and development agreements, including software as a service, platform as a service, infrastructure as a service, and other cloud-based delivery models. In addition, Mr. Konvisser has worked with clients to evaluate and mitigate privacy and data security issues, with a focus on balancing risk and commercial interests. Mr. Konvisser's technology work has spanned the health care and life sciences, retail, financial services, consumer products, manufacturing, and state and local government sectors.

Mr. Konvisser is a member of Pillsbury’s Global Sourcing and Technology Practice, and the Privacy, Security, and Information Use focus team. He has made presentations to the Practicing Law Institute (PLI), the Society for Information Management (New York), and the International Association of Information Technology Asset Managers. He also lectured at the Executive Master of Science and Technology program for Columbia University's School of Continuing Education in "Technology and the Law." Mr. Konvisser has been ranked by Chambers USA since 2007 and in IAM Licensing 250 Technology Licensing since 2010.

David N. Kroening
Chief Information Security Officer
NY State Insurance Fund

David Kroening has over twenty years of professional IT experience, much of it in the security field. He’s worked for a variety of industries, including banking, legal and state government. He currently functions as a CISO, responsible for security architecture and policy. He’s designed and implemented a variety of security projects ranging from proxy and firewall installations to security assessments and two-factor authentication.

Mr. Kroening is involved with NY State Office of Cyber Security (OCS) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) which maintain cyber security awareness and coordination at the state government level. Additionally, Mr. Kroening sits on the Security and Privacy workgroup of NASCIO (National Association of State CIO's). He is a graduate of CUNY Baruch and holds a CISSP, GSEC and several FEMA certifications.

Mr. Kroening is a former US Army engineer and volunteers his time at his children's schools on various IT issues. He also is a Cub Scout Leader and Branch Chief in the Coast Guard Auxiliary.

John Logan
Chief Information Security and Privacy Officer
First Place Financial Corporation

John Logan is a U.S. Air Force Veteran and Information Technology/Security Professional with 20+ years of experience in the highly regulated financial, healthcare, insurance, aerospace, and military environments. He is currently the Chief Information Security & Privacy Officer for First Place Financial Corp. located in Warren OH. Prior to First Place John was the Information Security Manager for Fifth Third Bancorp in Cincinnati OH and Radian Group Inc., out of Philadelphia. While on active duty he was the Chief of Regional Network Engineering for the Department of Defense Health Services Region 5 as well as the manager for computer operations at the Air Forces 2nd Largest Medical Center at Wright Patterson AFB. John has an MS in Information Assurance from Norwich University and holds the CISSP certification from ISC2.

Dave Malcom
Hyatt Hotels Corporation

Dave Malcom is an experienced IT risk management professional, with deep experience performing IT audit, consulting, and compliance work. Dave has served as the Chief Information Security Officer for Hyatt Hotels Corporation since March 2011. In this role, Dave is responsible for leading the information security strategy at Hyatt, with primary responsibility for achieving and maintaining PCI compliance at Hyatt’s global properties and collaborating with the field to design and develop innovative, secure solutions to help enhance guest experiences. Prior to joining Hyatt, Dave had over a decade of experience in providing IT audit and consulting services to global corporations an employee of Accenture, PricewaterhouseCoopers, and Arthur Andersen. Dave’s primary areas of focus included performing reviews of data protection and privacy, eDiscovery, records management, and network and application security. Dave graduated from Illinois Wesleyan University with a bachelor’s degree in Accounting. Dave is a Certified Information Systems Auditor (CISA) and Certified Internal Auditor (CIA). Dave has lived in Chicago, Illinois his entire life and pledges his blind allegiance to the Chicago Cubs, Bulls, and Bears. When he isn’t battling IT risk, Dave enjoys attempting to play golf and eating sandwiches.

Barmak Meftah
Chief Products Officer
Fortify Software, an HP Company
Barmak Meftah came to Fortify Software in early 2004 becoming the company's tenth employee. Following a progressive tenure with Oracle, Barmak joined Fortify driven by a clear vision of automating vulnerability analysis and energized by the epic challenge ahead to build and deliver a superior solution to organizations globally. Seizing the new company's opportunity to transform the information security paradigm, Barmak lead the build-out and expansion of a world-class product development team, security research, product management and a global services organization to execute the vision set forth. Amidst this trajectory, Fortify was named "The Next Big Thing" at Enterprise 2005. In the years to follow, Fortify has won numerous prestigious awards for each of its major product lines and delivered enterprise solutions to hundreds of customers in the Fortune 2,000 including financial services, healthcare, telecommunications, ecommerce and government organizations. Currently, Barmak leads Global Product Development, Security Research Labs, Product Management and the Customer Success organizations.
Barmak is a technology industry veteran with over 17 years of experience in enterprise software development, product management and management consulting. Prior to his appointment at Fortify, Barmak was Vice President of Engineering and Product Management at Sychron. There he managed the strategy, development and release of products comprised in the ground-breaking practice of grid computing. Previously, he spent seven years in various senior management roles at Oracle Corporation within the Server Technologies division. Roles at Oracle included Group Manager for ease of use and manageability product lines as well as Director of Development for the eServices platform. At the time of his departure, he was the head of products for the Oracle 9i Database on Windows and .NET platforms. Earlier in his career, Barmak served as a Managing Principal Consultant at Price Waterhouse LLC in the Management Consulting Services group and as the Group head for Wells Fargo Bank's desktop business unit.
Graduated from the University of San Francisco with a Bachelor's and a Master's degree in Computer Science, Barmak also serves on the technical advisory board for StarCite and is an advisor to numerous Venture Capital funds.
Lee Parrish
Lee Parrish is the VP & CISO for Parsons Corporation. Mr. Parrish possesses more than 20 years of experience in both physical and information security. He is board certified in information security as a CISSP, CISM and holds the GISP and ITIL certifications. He has published multiple articles in recognized, international information security professional journals and has spoken at industry events such as RSA Conference 2010, RSA Conference 2011, and the 2008 USMC Information Assurance Conference. Mr. Parrish’s academic credentials include a master’s of business administration from the University of Arkansas, as well as a master’s of science in information assurance from Norwich University.
Fred Rica
Principal – Advisory Services
Fred Rica is a Principal in PricewaterhouseCooper’s Advisory Services practice. Mr. Rica is a skilled technology professional with significant experience in IT security, governance and risk management. Mr. Rica is a nationally recognized authority on the subject of security penetration studies and has performed or managed hundreds of penetration reviews of large and complex processing environments over the last twenty years.

In 2002 Mr. Rica was selected by Crain’s New York Business as one of their “40 Under 40” rising stars of New York business under the age of forty.

Hart Rossman
Vice President and Chief Technology Officer for Cyber Security Services & Solutions
Hart Rossman is Vice President and Chief Technology Officer for Cyber Security Services & Solutions at SAIC. In this role Mr. Rossman has oversight & responsibility for technology strategy, vendor relations & solution development, R&D, practice leadership for cyber security solutions; and provides customer support in solving all phases of complex information assurance-related problems. Areas of technical expertise include risk management, security in the software and system development lifecycle, system certification & accreditation, and security in the cyber supply chain. Domains of focus include cloud, mobility, consumerization, big data & analytics, national security systems, and emerging technology & cultural trends. He is a Senior Research Fellow with the Supply Chain Management Center within the RH Smith School of Business at the University of Maryland in the area of Cyber Supply Chain Assurance. Mr. Rossman has been named to the state of Maryland Governor’s Workforce Investment Board Cyber Security Workforce Steering Committee as well as ISC2’s Application Security Advisory Board and is a named contributor to the CWE/SANS Top 25 Most Dangerous Software Errors. He is a faculty member with the Institute for Applied Network Security, represents SAIC’s Incident Response Team in FIRST, and is a founding member of the Corporate Executive Programme. Mr. Rossman co-authored NIST SP 800-64rev2, “Security Considerations in the System Development Life Cycle.” He has earned a CISSP, CSSLP, received his B.A. in Communication from the University Of Maryland, College Park, and received his MBA from the University of Maryland, Robert H. Smith School of Business.
Dieter Schuller
VP, Business Development
Radiant Logic

For over 25 years, Dieter has been helping enterprises map technology to solve business problems. At Radiant Logic, he has been working with customers to leverage their existing investments in identity and data to support their new initiatives. Dieter joined Radiant in 2001 from Orbit Commerce (acquired by Digital River) where he developed a comprehensive sales and channel program that included direct sales, resellers, and partners. Prior to Orbit, Dieter was Vice President of International Sales at PLATINUM technology. Before being acquired in 1999 by Computer Associates for $3.5B (the largest software acquisition in history to that point), PLATINUM was a $1B systems software and services company with over 30% of their revenue attributable to the international markets.

Dieter was also a technical instructor for IBM and a partner at Greenbrier & Russel Consulting. Dieter holds a Bachelor of Sciences in Computer Science and Business from Northern Illinois University.

Daniel Srebnick
Chief Information Security Officer
NYC Department of Information Technology and Telecommunications

Dan Srebnick is an Associate Commissioner with the New York City Department of Information Technology and Telecommunications and is the City’s Chief Information Security Officer. He and his team are responsible for an information security program across all City agencies that includes operational security, planning, policy and standards, application accreditation, information security auditing, and identity and access management. He has had a thirty year career in City government across multiple City agencies, including almost 20 years with the New York City Police Department and time in financial services.

Vijay Viswanathan
Director & CISO
HD Supply

Vijay Viswanathan serves as Director & Chief Information Security Officer (CISO) for HD Supply. He is responsible for all aspects of the company’s comprehensive information security program. In this role, Vijay drives a strategy that enables a growth-oriented balance between business need and risk mitigation; compliance; threat detection and avoidance; business process improvements; and delivery of targeted service solutions to meet rapidly evolving needs.

To date, Vijay and his team of six information security professionals and engineers have constructed an effective information security program at HD Supply focused on risk reduction, compliance adoption, identity and access management and asset protection. Vijay was recently nominated for Information Security Executive of the year.

Jason Witty
SVP, International Information Security Executive, Global Information Security
Bank of America Corporation

Jason Witty is a Senior Vice President and the International Information Security Executive at Bank of America. Having led many teams within the Global Information Security organization, he is currently accountable for information security controls across 50 countries outside of the United States, covering all Bank of America and Merrill Lynch operating entities.

Jason is a certified Information Systems Security Management Professional (ISSMP) who has played major leadership roles in Information Security throughout his career. He has 18 years of Information Technology experience, 16 of which focused on information-security risk management.

He is a currently a board member of ChicagoFIRST and is Co-chair of the Chicago chapter of the Open Web Application Security Project (OWASP.) He is also on the Executive Committee of the Cloud Security Alliance and further serves as the Vice-President of Research on the Board of the CSA Chicago Chapter.