Security Standard 2010

The 2011 Security Standard site can be found at

Nick Akerman
Dorsey & Whitney LLP
A partner in Dorsey’s New York Office, Nick Akerman is a trial lawyer specializing in both complex civil and criminal cases. He is a nationally recognized expert on computer crime and the protection of competitively sensitive information and computer data. Nick has obtained over 15 injunctions under the federal Computer Fraud and Abuse Act in various federal courts around the country requiring computer thieves to return stolen computer data and prohibiting the dissemination of the data to competitors. He also consults with clients in developing systems, policies and protocols to protect computer data. Nick speaks and writes regularly on protecting computer data, including in his regular computer data column for the National Law Journal. He has been a featured quoted expert on computer fraud and computer security issues in the New York Times, USA Today, the San Jose Mercury, the Boston Globe, the St. Louis Dispatch, the Sacramento Bee, Forbes, ComputerWorld, CFO Magazine, CNET, CNET Japan, ZDNet, MSN, Internet Week and the Weekly Homeland Security Newsletter. Prior to private practice Nick served as a federal prosecutor. He was an Assistant United States Attorney in the Southern District of New York, where he prosecuted a wide array of white collar criminal matters, including bank frauds, bankruptcy frauds, stock frauds, complex financial frauds, environmental crimes and tax crimes. Nick was also an Assistant Special Watergate Prosecutor with the Watergate Special Prosecution Force under Archibald Cox and Leon Jaworski. Nick received his JD, cum laude, from Harvard Law School; and his BA, magna cum laude, from the University of Massachusetts. He is admitted to practice in New York, Massachusetts, and the District of Columbia.
Jerry Archer, CISSP
Senior Vice President and Chief Security Officer
Sallie Mae
Mr. Archer's responsibilities include securing and protecting all of Sallie Mae’s systems and offerings, and for security initiatives across the company. Prior to Sallie Mae, Archer was the Chief Information Security Officer at Intuit and prior to joining Intuit, Archer was managing director at Global Competitive Strategies, LLC. Previously, Mr. Archer was Senior Vice President for Global Interoperability at Visa International and before Visa, at the Fidelity Brokerage Company; he was senior vice president of information security and technical risk.  For his work in the U.S. Intelligence Community earned Mr. Archer the National Performance Review Hammer Award, a Distinguished Service Award from the Central Intelligence Agency and a Meritorious Unit Citation from the National Security Agency.

Warren Axelrod
Research Director for Financial Services
United States Cyber Consequences Unit
Warren Axelrod is the Research Director for Financial Services for the United States Cyber Consequences Unit. He is also affiliated with Delta Risk, a consultancy specializing in cyber security, risk management and business resiliency. Until recently, he was the Business Information Security Officer and Chief Privacy Officer for US Trust, Private Wealth Management division of Bank of America. He won the 2009 Michael Cangemi Best Book/Best Article Award for an article on security metrics published in the ISACA Journal. His most recent book is Outsourcing Information Security (Artech House, 2004), and he was the coordinating editor of Enterprise Information Security and Privacy (Artech House, 2009). He participated as a workgroup co-leader in the updating of the Cloud Security Alliance (CSA) Security Guidance for Critical Areas of Focus in Cloud Computing – Version 2, and contributed to CSA’s Application Security White Paper, both available for downloading at He led the Software Assurance Initiative for the Financial Services Technology Consortium.. He holds a Ph.D. in managerial economics from Cornell University, and a B.Sc. in electrical engineering and an M.A. in economics and statistics from Glasgow University. He is certified as a CISSP and CISM.
Bob Bragdon
CSO magazine
As the publisher of CSO (Chief Security Officer) magazine, the world's leading information resources for security executives, Bragdon manages the full CSO product line, including, CSO magazine and CSO events. He works closely with industry vendors, enterprise security executives, government officials and law enforcement agencies in identifying and addressing the challenges of today's complex security and risk management environments. A frequent speaker and panel moderator on enterprise and national security issues, Bragdon has presented and keynoted at numerous industry events. Prior to his current role at CSO magazine, he served as Vice President of Event Marketing and Sales for COMDEX at Key3Media Events. Bragdon has also held various management positions in marketing, sales and product development at SOFTBANK, Ziff-Davis and Cahners Publishing. He is a member of the ASIS International and a graduate of Bowdoin College with a BA in Government and International Relations.
Moderator: Bob Bragdon
CSO magazine
As the publisher of CSO (Chief Security Officer) magazine, the world's leading information resources for security executives, Bragdon manages the full CSO product line, including, CSO magazine and CSO events. He works closely with industry vendors, enterprise security executives, government officials and law enforcement agencies in identifying and addressing the challenges of today's complex security and risk management environments. A frequent speaker and panel moderator on enterprise and national security issues, Bragdon has presented and keynoted at numerous industry events. Prior to his current role at CSO magazine, he served as Vice President of Event Marketing and Sales for COMDEX at Key3Media Events. Bragdon has also held various management positions in marketing, sales and product development at SOFTBANK, Ziff-Davis and Cahners Publishing. He is a member of the ASIS International and a graduate of Bowdoin College with a BA in Government and International Relations.
Vincent Campitelli
Vice President, IT Risk Management
McKesson Corporation

Vince is currently responsible is VP of IT Risk Management for the US Pharmaceutical division of McKesson Corporation, the leading distributor of healthcare supplies in the US. In his current role, Vince is charged with designing and implementing the key programs designed to identify, manage and report on all aspects of technology risk that impact the Pharmaceutical businesses. This business consists of ensuring that over $ 90 billion of vital medications and supplies are efficiently moved through the nations supply chain. The vast majority of the supply chain is reliant upon and managed by the deployment of information technology solutions and networks.

Prior to joining McKesson, Vince held various leadership roles with major financial service firms within their Internal Audit, Risk or Controls organizations. Vince also spent over 12 years as a partner at PriceWaterHouseCoopers serving their audit and risk advisory clients.

Vince is a graduate of Penn State University with a degree in Mechanical Engineering and the University of Maryland with an MBA in Operations Research.

Jason Clark
Chief Security and Strategy Officer
Jason Clark recently joined Websense as Chief Security and Strategy Officer. Jason brings a strong customer view point and Global CISO experience to Websense. Jason was Chief Information Security Officer for Emerson since 2007. At Emerson, Jason built a global Information Security Department from the ground up significantly reducing risks across 140,000 employees and 1,500 locations. This security project was the single largest IT project ever conducted at Emerson. Prior to working for Emerson, Jason was the Director of Information Security for the New York Times. During his tenure with the New York Times, Jason was instrumental in selling the importance of Information Security, and securing the newspaper’s PCI Compliance for online transactions. Jason also helped build a strong foundation for the Times’ Internet presence. Before he joined the New York Times, Jason started the first Information Security departments within multiple banks. He worked for Everbank for four years as an Information Security Manager and an Architecture Manager. Jason also worked with BB&T for four years as a Senior Network and Security Engineer. Additionally, Jason served in the US Army as a Security Systems Engineer for two years.
Roland Cloutier
Vice President and Chief Security Officer
As the newly appointed CSO of ADP, Roland Cloutier brings one of the world's largest providers of business outsourcing solutions a wealth of global protection and security leadership experience, including the management of strategic converged security and business protection programs. Prior to ADP, Mr. Cloutier served as Vice President and CSO of EMC, where he spearheaded protection of the company's worldwide business operations including leadership of all information, business risk, crisis management, and investigative security operations, across both the commercial and government sectors. Mr. Cloutier has held executive security management roles at consulting and managed security service organizations and has more than nine years experience in federal law enforcement. Mr. Cloutier is active in industry development and is on the Advisory Boards for Vigilance Corp and Core Security Technologies, and ADP’s board representative for the National Cyber Security Alliance Council.
Mark Connelly
Chief Information Security Officer, CISM, CGEIT

Mark Connelly is Chief Information Security Officer at ITT.  He is currently responsible for Information Security and Risk for IT, Worldwide.

Previously, Mark was Managing Director at Credit Suisse responsible for Global IT Infrastructure Risk and Security. He was instrumental in delivering new innovative solutions in Risk and Security and a key member of the Risk Governance Committees at Credit Suisse. He drove the deployment of new IT Risk/Security solutions, policies and standards and thus significant business value throughout the firm. He was a member of the Financial Services Sector Coordinating Committee Working Group.

Prior to Credit Suisse, Mark Connelly worked for Sun Microsystems for over 19 years. He held positions as Chief Information Security Officer, Vice President for IT, and Vice President for Global Technical Operations. Prior to Sun Microsystems, Mark was a Member of Technical Staff at AT&T Bell Labs.

- M.S.E.E. from the Server Institute at Washington University, St. Louis, MO.
- B.A. from Washington University, St. Louis, MO., 
- M.A. from University of Missouri - Columbia, MO. He also holds the Certificate for Information Security Managers(CISM).

- Eta Kapp Nu Electrical Engineering Honor Society
- Certified Information Security Manager
- Certified in the Governance of Enterprise IT
- Society of Information Managers (SIM)
- Information Systems Audit and Control Association (ISACA)
- Nominee for IT Security Executive of the Year 2007 Northeast Region

Andras Cser
Principal Analyst
Forrester Research
Andras Cser is a leading expert on identity management, access management, user account provisioning, entitlement management, federation, privileged identity management, and role design and management. Andras also covers enterprise fraud management, which has many synergies with identity and access management when an organization needs to protect against risk and wants to manage fraud appropriately. Andras helps clients develop an enterprise strategy for creating business value through identity management. His research focuses on strategy, cost-benefit analysis, architecture, performance and scalability of identity and access management and provisioning solutions, enterprise fraud management solutions, role-based access control (RBAC), as well as maintenance and distributed intranet and Internet identity systems. He maintains an interest in evaluating skill sets and core competencies of professional service providers in this space. Prior to joining Forrester, Andras was a security architect with CA Technical Services through the Netegrity acquisition. Andras designed the architecture and led the implementation of Fortune 500 companies' identity and access management and provisioning solutions. Previously, Andras managed business process re-engineering projects. Andras holds an M.B.A. degree from Technical University of Budapest and Heriot-Watt University, Edinburgh, UK and an M. Sc. in computer science and electrical engineering from Technical University of Budapest.
Sam Curry
Vice President, Product Management and Strategy
RSA, The Security Division of EMC
Sam Curry is the chief technology officer for the Go-to-Market arm of RSA, The Security Division of EMC. Sam has more than 18 years of experience in security product management, marketing, product development, quality assurance, support, sales and marketing. He has also has been a cryptographer, researcher and writer. Prior to his current role, he was vice president of Product Management for two years, where he lead and set the strategic direction for all aspects of product management for RSA’s solutions. Prior to joining to RSA, Sam was vice president of Product Management and Marketing for a broad information security management portfolio at CA and also held various executive roles at McAfee including chief security architect as well as leading Product Marketing and Product Management. Earlier, he was a founder of one and a first employee in another successful technology company. Sam holds a B.A. in English from the University of Massachusetts and a B.S. in Physics from Mount Allison University.
Francis D'Addario
Security Executive Council Emeritus Faculty, Strategic Influence and Innovation
Former Affiliation: Starbucks Coffee Company

Francis D'Addario is the Security Executive Council's Emeritus Faculty lead for Strategic Protection Influence and Innovation. He is also a Principal of Crime Prevention Associates, a strategic all-hazards risk and mitigation firm founded in 1986. Francis served as the vice president of Partner and Asset Protection for the Starbucks Coffee Co. (1997-2009); director of loss prevention for Hardees Food Systems (1990-1997); and director of security for Jerrico Inc. (1981-1990), where his teams endeavored to "protect people, secure assets, contribute margin" for global markets. They are credited with benchmarked results for crime prevention, profit contribution, professional engagement and violence avoidance. His team has been recognized as the best performing distributed support function. Francis has more than 20 years in public safety and strategic security management. He is a Certified Protection Professional, Fraud Examiner, Community Emergency Responder, Food Defense Coordinator and Coffee Master. D'Addario's publications include Not a Moment to Lose... Influencing Global Security One Community at a Time (Security Executive Council, 2010) The Managers Violence Survival Guide (CPA 1995) and Loss Prevention through Crime Analysis (Crime Prevention Institute/Butterworth's, 1989). Francis co-designed LossVision, a copyrighted risk reporting, investigations, and asset recovery software tool; and Safe and Sound, an interactive ‘workplace violence' training curriculum marketed by Learning Dynamics. He co-chaired the business committee for Three Projects/One Community a $29 million capital campaign providing West Seattle with permanently affordable food distribution, social services, low income housing, and art facilities. Francis was recognized as one of the ‘25 Most Influential' thought leaders by Security Magazine. He served as a project team member for ISO 28001, an international supply chain security standard. He is the recipient of additional recognitions including the CSO (Chief Security Officer) Magazine ‘Compass' for protection innovation, the National Food Service Security Council's ‘Lifetime Achievement' and the ‘Spirit of Starbucks,' pursuant to Nisqually Earthquake evacuation and business recovery.
Dennis Devlin
Chief Information Security Officer
Brandeis University

Dennis Devlin is Chief Information Security Officer for Brandeis University. He has nearly four decades of information technology leadership experience in both private industry and higher education. During his career Dennis has strategized and led many enterprise-class initiatives in information security, digital privacy, identity management, networking, electronic messaging, disaster recovery and business continuity planning, emergency notification, and server and network operations. Prior to his current role Dennis was Vice President and Chief Security Officer for The Thomson Corporation (now Thomson-Reuters), a member of the senior IT leadership team at Harvard University, and began his career as a software developer, systems analyst, and IT manager for American Hoechst Corporation (now Aventis).

Dennis is a graduate of the University of Pennsylvania and has completed extensive continuing education in IT management. He has lectured at the UCLA Anderson School of Management, Babson College Center for Information Management Studies, University of Massachusetts Strategic Information Technology Center, Center for Advancing Business through Information Technology at Arizona State University and Boston University Metropolitan College. Dennis is a frequent presenter at professional meetings and conferences including the RSA Security Conference, Qualys Security Conference, SC Magazine US Forum, MIS Training Institute, Gartner IT Security Summit, EDUCAUSE, NERCOMP, and the Institute for Computer Policy and Law at Cornell University.

Dennis has been featured in many articles on security and written for CSO Magazine, SC Magazine and Secure Business Quarterly. He has served on CSO advisory boards for RSA Security, Qualys, Verdasys, GeoTrust, ChosenSecurity, LogMatrix and the CSO Editorial Advisory Board for SC Magazine. Dennis is also a faculty member of the Institute for Applied Network Security (IANS).

David Escalante
Director of Computer Policy & Security, Information Technology Services
Boston College

David Escalante is the Director of Computer Policy & Security at Boston College. While at Boston College, David has been nominated twice for the ISE "Information Security Executive of the Year" award, and is presently serving as co-chair of the EDUCAUSE Governance, Risk, and Compliance working group. David has spoken about security at numerous forums, including the RSA Conference, SecureWorld, The Security Standard, Blackboard World, the Campus Technology Conference, and IT Roadmap.

Prior to Boston College, David was the Director of Professional Services, Americas, for Baltimore Technology, a PKI vendor, and the Manager of the Network Consulting Group at Bolt Beranek & Newman, where he advised a variety of commercial and government institutions on network and security issues.

Kostas Georgakopoulos
Vice President and Head of Security Department
Bank of China, New York
Kostas Georgakopoulos is currently head of information security for the Bank of China, New York where he is responsible for developing and implementing security standards, procedures and guidelines in order to effectively protect the Bank’s information and systems. As well, he ensures that all information systems, technology infrastructure, and data stores comply with FFIEC & PCI security standards and is responsible for defining, documenting and assisting with the administration of the Bank’s programming, networking, security and application architecture standards and procedures. Kostas was previously Vice President of Information Security Governance at Deutsche Bank, and Vice President of Information Security at Citigroup, Corporate and Investment Bank.
Tom Gillis
STBU VP and General Manager
Tom Gillis is the Vice President and General Manager for the high-growth Security Technology Business Unit (STBU) within Cisco’s Wireless and Security Technology Group where he leads the company’s businesses for security management, appliances, applications and endpoint services. Formerly Vice President of Product Management for STBU, Gillis was promoted to the VP/GM position after significantly growing Cisco’s security business and market share. During this time, Gillis successfully led Cisco's product management team, as well as outbound marketing, technical marketing engineering, technical publications, and training organizations. Prior to his role at Cisco, Gillis was part of the founding team IronPort Systems and served as Senior Vice President of Marketing, at the time the company was acquired by Cisco. Under his guidance, IronPort grew an average of 100 percent year-on-year for seven years. During his tenure, IronPort rose to become a leading provider of anti-spam, anti-virus and anti-malware appliances for organizations ranging from small businesses to the Global 2000. Before joining IronPort, Gillis worked at iBEAM Broadcasting, Silicon Graphics, and Boston Consulting Group. Gillis is a recognized leader in the dynamically charged and high-growth Internet security industry, with in-depth knowledge of the challenges surrounding secure network infrastructure. As an author, speaker and industry executive, he has made invaluable contributions to the security technology community. He has presented at major conferences and events ranging from Gartner Symposiums to Fox News Live. Gillis is also the author of two books, "Get the Message" and "Upping the Anti," a business guide to messaging security. Gillis holds an M.B.A. from Harvard University, and graduated Magna Cum Laude with an M.S.E.E. degree from Northwestern University and a B.S.E.E. from Tufts University.
Richard A. Gunthner
Vice President, Global Corporate Security
MasterCard Worldwide

Richard A. Gunthner is Vice President of Global Corporate Security for MasterCard Worldwide. Based at company headquarters in Purchase, NY, he is responsible for setting security strategy and managing MasterCard’s global corporate security organization. Mr. Gunthner is a member of the company’s Corporate Incident Command Team, Business Continuity Steering Committee and Technology Risk Committee.

He is the senior advisor to the Executive Committee in all matters pertaining to physical security. As the company’s chief security officer, he is responsible for ensuring the safety and security of MasterCard’s employees, facilities, reputation and business operations through the assessment and management of global security risks.

At MasterCard, he built an industry leading world class security organization focused on protecting global employees and assets by balancing the needs of security, operations and customer service, while capitalizing on state of the art technology and integrated security solutions.

Prior to joining MasterCard in 2004, Mr. Gunthner spent 14 years at American Airlines in various management roles of increasing responsibility in finance, regional operations and security; focused primarily on the Florida, Caribbean, Mexico and Latin America regions. In his capacity as Regional Security Manager, he provided strategic and operational leadership to over 2000 security professionals to combat terrorism, drug trafficking, human smuggling and travel documentation fraud.

Mr. Gunthner is an active member of the Department of State - Overseas Security Advisory Council (OSAC), the Domestic Security Alliance Council (DSAC) and a member of the Advisory Board of the Chief Security Officer (CSO) Roundtable.

He is fluent in English, French, German and speaks some Spanish.  Mr. Gunthner graduated from Boeing Flight Safety as a licensed FAA Commercial Multi Engine Instrument Pilot.

JT Jacoby
Chief Security Officer
NYC Housing Authority
JT Jacoby is Chief Security Officer at the NYC Housing Authority. Previously, he held several roles at Fidelity including technology audit, emerging risk and information security reporting to the CISO. As a Senior Director there, he led the firm-wide Identity theft, corporate information security risk management programs and was a leading internet security strategist. Prior to Fidelity, JT was Executive Vice President of auditek, inc., a Fortune 500 information technology audit and security consultancy located in Washington, DC. He is a member of the Institute of Internal Auditor’s editorial review committee and possesses both CISA and CISM certifications. He frequently lectures on the topics of IT security.
Steve Jensen
Vice President and Chief Information Security Officer
Carlson Wagonlit Travel
Steve Jensen has over 21 years of experience in Information Technology with a specialty in Information Security. Steve recently joined Carlson Wagonlit Travel as Vice President and Chief Information Security Officer where he has responsibility for security internationally. Prior to Carlson Wagonlit, Steve was the Chief Information Security Officer at Blue Cross Blue Shield of Minnesota. In this role, he had responsibility for identity and access management, threat and vulnerability management, IT risk and compliance management, business continuity planning and disaster recovery. Steve began his career in 1989 with IBM working both in the development lab as well as in the field. In 1993, he left IBM and served as the Vice President of Information Security Services for U.S. Bank. In 2002, Steve joined Ecolab as the Director of Global Security, as well as the Director of Development for Sales, Service and Marketing. Steve holds a B.A. in Computer Science from the University of Minnesota in 1988. Steve is also a Certified Information Systems’ Security Professional (CISSP) since June 2000 and a Certified Information Security Manager (CISM) since March 2004.
Nick L. Kael, CISSP
Principal Security Strategist
Nick Kael is a Senior Security practitioner with over 15 Years in the technology Industry and the last 9 of those dedicated to Information and Network Security. At Symantec Nick is responsible for Security Strategy & direction, an understanding of industry trends, maintain a knowledge of the current threat landscape, best practices as well as trusted advisor to security executives, senior management and executives of our large enterprise customers across the New York Metro Area. He is an extension of Symantec’s CTO Office and works closely with the business unit executives. Nick has a broad range of knowledge in information security domains, web technologies, architecture, infrastructure, networking and development environments. Prior to Symantec Nick held leadership roles in both network and security engineering teams in several telecommunications providers such as MCI, Qwest, Global Crossing & British Telecom where he was also a director in the Managed Security Services in a global scope. Before entering the corporate world Nick served 8 years in the United States Marine Corps as a Team Leader in Force Reconnaissance team where different aspects of Security were vital to operations both on a physical and logical level.
Mark Lobel
Mark is an internationally recognized security and controls professional with experience designing, benchmarking, and assessing organizational security strategies and technologies. He has deep experience with designing, assessing, implementing, and penetration testing network security on Windows 2000/3/XP and Unix based networks. Mark's work has primarily focused on enterprises in the Technology, Information Communications, and Entertainment and Media industries with significant experience as well in the Financial Services industry. Mark is the global PricewaterhouseCoopers subject matter expert on security benchmarking, and is a frequent speaker on these and other topics for the MIS Training Institute, The Information Security Forum (ISF) CSI, SHARE, ISSA, IBM Training, Vanguard, ISACA and others. Since 1998 Mark has fielded PricewaterhouseCoopers' yearly Global Security Survey with CIO and CSO Magazines and been the lead agent for the North American Chapter of the Information Security Forum (ISF) since 1997 Mark for the past two years has been on the Security Management Advisory Committee for the ISACA Certified Information Security Manager (CISM) professional certification.
Alan Lustiger
Director of Information Security
Gain Capital Holdings, Inc.
Alan Lustiger has over 20 years of experience in system administration and information security. He is currently the Director of Information Security at GAIN Capital, an online forex trading broker, where he is responsible for all aspects of GAIN's application and network security. Alan was a member of AT&T's "Tiger Team" focusing on penetration testing of corporate systems, and consulted for Fortune 500 companies while working for Ernst and Young. He also spent nine years at TD Ameritrade as their security architect, specializing in IDS, DDoS defenses, threat modeling and secure network architectures. Alan has delivered talks at conferences such as NetSec, CSI, ComputerWorld's IT Executive Summit, Mobile and Wireless World, and Storage Networking World on a variety of security topics including Hacking 101, Password Cracking, Storage Security and Mobile Device Security.
Gary Lynch
Global Leader of International Trade and Supply Chain Risk
Marsh Inc.

Gary is a management consultant, author, and the global leader of Marsh’s Supply Chain Risk Management Practice. He serves on the Marsh Risk Consulting (MRC) Executive Committee and is responsible for driving client solutions, product innovation, and brand awareness. 

Over the past three decades, Gary has worked with global organizations in senior management, research and market, and management consulting risk positions. Gary has served as a global practice leader for Marsh over the past five years. Before Marsh, he had been a partner at Booz Allen Hamilton and Ernst and Young; a risk executive at JPMorgan Chase and Prudential; and a research director and market analyst at the Gartner Group. Gary has launched two successful startup organizations and is an author of two books—the most recent Single Point of Failure: The Ten Essential Laws of Supply Chain Risk Management, Wiley, 2009.

Gary is a Certified Information Systems Security Professional (CISSP) and received a B.S. in Finance from the New York Institute of Technology.  He is also Guest Lecturer on Operational Risk at the NYU Stern School of Management.

Gary is an Advisory Board member, New York Institute of Technology, Center for Risk and a member of the National Association of Corporate Directors (NACD).  Gary received commendation from the U.S Secret Service for his 9/11 disaster response and support activity, and received the Silver Medal of Valor from the Nassau County Fire Service, NY.

Thanh Ngu
IT Senior Manager
Avago Technologies
Nuala O'Connor Kelly
Senior Counsel, Information Governance and Chief Privacy Leader

Nuala was named senior counsel, information governance and privacy in 2008 and joined GE as chief privacy leader in 2005. In her current role, Nuala co-leads GE’s Information Governance Council, which is responsible for the development and implementation of the Company’s policies and practices across the data life cycle, including creation, protection and disposal. As privacy lead, Nuala also facilitates the team of business privacy leaders and the Information Governance and Privacy practice groups.

Prior to joining GE, Nuala served as chief privacy officer (CPO) of the U.S. Department of Homeland Security. Before DHS, Nuala served as chief privacy officer for the U.S. Department of Commerce, where she also served as chief counsel for technology and as deputy director of the Office of Policy and Strategic Planning. Prior to public service, Nuala served as VP-data protection and CPO-email & emerging technologies for DoubleClick, and served as that company’s deputy general counsel for privacy.

Nuala has practiced law with the firms of Sidley & Austin, Hudson Cook, and Venable in Washington, DC. She is a member of the board of directors of the International Association of Privacy Professionals (IAPP) and is a Certified Information Privacy Professional. In 2010, Nuala will serve as president of the IAPP, a 6,000+ member organization.

Nuala was born in Belfast, Northern Ireland and grew up on New York’s Long Island. She received her A.B. from Princeton University, a master of education from Harvard University, and a J.D. from the Georgetown University Law Center. She is a member of the bar of Washington, D.C. and Maryland. Nuala lives in Virginia with husband Glenn Kelly, daughters Nora (6) and Maggie (3), son Ian (9 months), and Labrador Retriever, Earl.

Moderator: Derek Slater
Editor in Chief
CSO magazine
Slater writes and edits features for CSO and helps set the magazine's editorial direction. He also manages the Movers and Shakers section of the website. Particular interests include security metrics, research and benchmarking, and the (inevitable yet reluctant) convergence of the information security and corporate security disciplines. Prior to CSO's launch in 2002, Slater wrote for CIO Magazine for six years. He has also worked as an editor at Computerworld and at Ziff-Davis Interactive. He holds a BA in Linguistics and German from the University of North Carolina at Chapel Hill.
Michael Theis
Executive Director, Cyber Threat Strategies
Prior to his role as Executive Director of Insider Threat Strategies at Raytheon, Michael Theis was the first ever Cyber-Counterintelligence Program Manager for the National Reconnaissance Office and also served as the chief of Cyber-CI investigations. He has more than 25 years of experience as a counterintelligence special agent supporting the Intelligence Community and 30 years of concurrent computer systems engineering experience. He was responsible for overseeing the CI aspects of all information systems that supported NRO programs and activities, to include detecting and deterring insider threats. Prior to September 11, 2001, Mr. Theis spent several years as a senior executive in the private sector. He was a highly sought consultant for the Fortune 500, specializing in network systems engineering and network system security focused on corporate espionage and insider threat detection and countermeasures.
Roger Thornton
Founder & CTO
Fortify Software
Roger Thornton founded Fortify Software in October 2002, convinced that information security required a fundamental shift in thinking - from a focus on the perimeter to a focus on the core - the software code itself. Incubated with acclaimed venture firm, Kleiner Perkins Caufield & Byers and recognized by Business 2.0' magazine as the "Smartest Start-Up for 2005", Fortify represents a return to the "old-school" style of classic Silicon Valley startup: successfully achieving product revenues within its first year of operations and launching three award-winning product lines through global distribution within three years of its inception. Roger's passion and vision for software security is a catalyst that continues to shape the market landscape and the driving force behind Fortify's global leadership. Roger earned his BS and MS degrees in Engineering with honors at San Jose State University. Roger consistently consults with several venture capital firms, corporate executives and government leaders on security, cyber security policy and emerging trends.
Christopher Wolf
Hogan Lovells
Christopher Wolf is a director of Hogan Lovells' Privacy and Information Management practice group. Chris is widely recognized as one of the leading American practitioners in the field of privacy and data security law. He is known to clients as a practical problem solver on issues arising from the collection, use, retention, sharing, and security of personal data; as a thoughtful compliance counselor focused on risk management; and as an effective advocate in federal court, at the Federal Trade Commission or before state agencies, on the entire range of international and domestic privacy issues. Chris is known to the privacy community as a thought leader and compelling communicator. The prestigious Practising Law Institute (PLI) tapped Chris to serve as editor and lead author of its first-ever treatise on the subject, and to serve as co-editor of its guide to the FACTA Red Flags identity theft regulations. Chris recently was heralded for his "lifelong experience as a litigator" by Chambers USA by ranking him as one of the nation's top privacy lawyers. He also was asked to form and co-chair The Future of Privacy Forum, a think tank that focuses on modern privacy issues with a business practical-consumer friendly perspective, collaborating with industry, government, academia, and privacy advocates. When MSNBC labeled Chris "a pioneer in Internet law," it was reflecting on his participation in many of the precedent-setting matters that form the framework of modern privacy law.
Rajeev Yadav
Director, Information Security
Thomson Reuters

Rajeev Yadav is currently Director of Information Security with Thomson Reuters, a global market leading information provider where he primarily guides and implements information security strategies, governance and assurance on its financial products and services. Rajeev has worked in Information Security and IT services since 1993 in financial, media, hi-tech, telecommunication, health and insurance verticals. Prior to Thomson Reuters, Rajeev worked as a Senior Security Architect at Marsh & McLennan where he advised and worked on HIPPA, GLBA and data privacy regulatory requirements along with defining and leading day today information security objectives. Rajeev is also a CISSP (Certified Information Security Systems Professional) and BS7799:2 certified professional, with extensive working experience in its new standard variant ISO-27001.