The mission of the SC Awards is to honor the achievements of companies and information security professionals striving to safeguard businesses, their customers and critical data in North America. Information security products and services nominated for the Trust Awards, therefore, should be available for sale to U.S. and Canadian organizations, as well as provide both customer service and support to users in these countries. Competitors are voted on by two panels of judges comprised of a range of cybersecurity industry luminaries -- from current and former CISOs to vendor-neutral consultants or analysts to educators from academic institutions -- all members of SC's audience. After averages for each category are tallied, finalists and winners are decided. Results are completely independent. Financial/advertising considerations play no part in the results. That is, no one can "buy" a win by advertising, partnering or working with SC and its various team members!
Best Advanced Persistent Threat (APT) Protection
WINNER: Check Point Software Technologies for SandBlast
Cisco for Advanced Malware Protection
CrowdStrike for Falcon
Proofpoint for Targeted Attack Protection (TAP) for Email
SonicWALL for Capture Advanced Threat Protection
Best Mobile Security Solution
WINNER: KoolSpan for TrustCall
OptioLabs for OptioCore
VASCO Data Security International for DIGIPASS for Apps
VMware for Workspace ONE
Zimperium for Mobile Threat Protection
Best Vulnerability Management Solution
WINNER: Barracuda for Vulnerability Manager
Black Duck for Hub
Core Security for Core Vulnerability Insight
RiskSense for RiskSense Platform
Synack for Crowd Security Intelligence
Best SME Security Solution
DigiCert for CertCentral
WINNER: eSentire for Managed Detection and Reponse
Netsurion for remote-managed security
Versasec for vSEC:CMS 4.5
Webroot for SecureAnywhere® Business Endpoint Protection
Best Cloud Computing Security Solution
Gemalto for SafeNet ProtectV
Imperva for Skyfence
Threat Stack for Cloud Security Platform
WINNER: Vera for Vera Security
Virtru for Virtru
Best Fraud Prevention
WINNER: Distil Networks for Distil Networks
Pindrop for Phoneprint
Proofpoint for Email Fraud Defense
RSA Security for RSA Adaptive Authentication for eCommerce
Terbium Labs for Matchlight
Best Multifactor Solution
CensorNet for SMS Passcode
Easy Solutions for DetectID with Biometric Authentication
Gemalto for SafeNet Authentication Service
iovation for Customer Authentication
WINNER: RSA Security for SecurID Access
Best Web Application Solution
Barracuda for Web Application Firewall
Contrast Security for Contrast Enterprise
F5 Networks for F5 BIG-IP Application Security Manager (ASM) and F5 Silverline Web Application Firewall
WINNER: Imperva for Web Application Firewall (WAF)
Prevoty for Runtime Application Security
Best Enterprise Security Solution
Carbon Black for Cb Response
CrowdStrike for Falcon
Cylance for CylancePROTECT
LogRhythm for Security Intelligence and Analytics Platform
WINNER: Splunk for Enterprise Security
Best Computer Forensic Solution
Forcepoint for SureView Insideer Threat
WINNER: Guidance Software for EnCase Forensic and EnCase Endpoint Investigator
Infocyte for HUNT
LogRhythm for Network Monitor
Symantec for Blue Coat Security Analytics Platform
Best Identity Management Solution
CA Technologies for CA Identity Suite
Centrify for Identity Service
WINNER: CyberArk for Privileged Account Security Solution
SecureAuth for SecureAuth IdP
SSH Communications Security for Universal SSH Key Manager (UKM)
Best NAC Solution
WINNER: Cisco for Identity Services Engine (ISE)
F5 Networks for F5 BIG-IP Access Policy Manager (APM)
ForeScout for CounterACT
Hewlett Packard Enterprise for Aruba ClearPass
IntelliGO Networks for Network Access Control
Best Behavior Analytics/Enterprise Threat Detection
WINNER: CrowdStrike for Falcon
Imperva for Counterbreach
Rapid7 for InsightIDR- Escape Alert Fatigue, Relentlessly Hunt Threats
SentinelOne for Endpoint Protection Program
Splunk for UBA 3.0 (User Behavior Analytics)
Best Regulatory Compliance Solution
Forcepoint for TRITON AP-DATA
Netwrix Corporation for Netwrix Auditor
NextLabs for Information Risk and Compliance Suite for SAP
WINNER: Proofpoint for Information Protection, Archive, and Compliance
Securly for Securly
Best Data Loss Prevention (DLP) Solution
Bitglass for Data Leakage Prevention for the Cloud and Mobile Era
WINNER: Digital Guardian for Data Loss Prevention
Forcepoint for AP-DATA & AP-ENDPOINT
Safetica North America for Safetica 7
Spirion for Sensitive Data Manager
Best Risk/Policy Management Solution
Bay Dynamics for Risk Fabric
SolarWinds for Network Configuration Manager
WINNER: Tenable Network Security for SecurityCenter Continuous View®
Tufin for Network Orchestration Suite
Venafi for Trust Protection Platform
Best Customer Service
Avecto for Defendpoint
Barracuda for Customer Support
ID Watchdog for Platinum
WINNER: Webroot for SecureAnywhere
Best Professional Certification Program
WINNER: ISACA - Certified Information Systems Auditor (CISA)
ISACA - Certified Information Security Manager (CISM)
International Association of Privacy Professionals (IAPP)
Best IT Security-related Training Program
WINNER: Global Learning Systems for Security Awareness Training Program
KnowBe4 for Kevin Mitnick Security Awareness Training and Integrated Simulated Phishing Platform
PhishMe for Simulator
The Security Awareness Company for IT Security Awareness Training Content & Program Management
Wombat Security Technologies for Security Education Platform
Best Database Security SolutionWINNER: HexaTier for Unified Database Security and Compliance Solution
Imperva for SecureSphere
Netwrix Corporation for Netwrix Auditor
Protegrity for Database Protector
Vormetric for Data Security Platform
Best Managed Security Service
Digital Guardian for Managed Security Program
Radware for Attack Mitigation Service
Rapid7 for Analytic Response
SecureWorks for Managed Security Services
WINNER: Trustwave for Managed Security Services
Best SIEM Solution
WINNER: Hewlett Packard Enterprise for ArcSight Enterprise Security Manager (ESM) and ArcSight Data Platform (ADP)
LogRhythm for Security Intelligence and Analytics Platform
Rapid7 for InsightIDR- The SIEM You Always Wanted
RSA for NetWitness Suite
Splunk for Enterprise Security 4.5 (ES) with Adaptive Response
Best Security Company
Rookie Security Company of the Year
WINNER: Contrast Security
Best Email Security SolutionCisco for Email Security Solution
IRONSCALES for IronTraps
Mimecast for Secure Email Gateway
WINNER: Proofpoint for Email Protection
Trustwave for Secure Email Gateway
Best UTM Security Solution
5nine Software for Cloud Security
Entensys for UserGate UTM
WINNER: SonicWALL for TZ Firewall Series
Sophos for UTM
WatchGuard Technologies for FireBox T70
Best Emerging Technology
Cylance for CylancePROTECT
WINNER: Exabeam for User Behavior Intelligence Platform
Flashpoint for Flashpoint Platform
Javelin Networks for Javelin ZeroMove
Trusona for Cloud Identity Suite
Best Security Team
WINNER: City of LA
Connie Berrera, CISO, Jackson Health System
WINNER: Tim Callahan, SVP, Global Chief Security Officer, Aflac
Emily Heath, Global CISO, AECOM
Pritesh Parekh, VP, Chief Security Officer, Zuora
Myrna Soto, SVP, Global CISO, Comcast Cable
If you are interested in viewing the images from the SC Awards 2017, please click here.
Roota Almeida is a dynamic senior IT Executive and CISO responsible for successful implementation of information security, risk and compliance systems and strategies across multiple industries with global operations. Currently, she is the Head of Information Security at Delta Dental of NJ responsible for managing the development and implementation of enterprise-wide information security strategy, policies, risk assessments and controls. Roota has over 14 years of direct experience in establishing and maintaining global security strategies, architectures, standards, and compliance while driving the necessary cultural changes to affect measurable improvements in the organizations security posture. She is recognized as a thought leader in the industry as a Co-Chair, Governing Body Member and frequent speaker at various information technology summits.
Ron Baklarz has over twenty-five years in the Information Security field developing “first-of-a-kind” information security programs within government, military, and private sector organizations including the Naval Nuclear Program, U.S. House of Representatives, Prudential Insurance Company, The American Red Cross, MedStar Health, and Amtrak. Ron is currently the Chief Information Security Officer at Amtrak and he has held various information security consulting, technical, and operational positions throughout his career. In addition to holding professional certifications in the fields of information security and auditing, Ron earned a BS Business Management from Point Park University and MS Information Science and CAS Telecommunications both from the University of Pittsburgh.
Vikas Bhatia is the Founder & Chief Executive Officer of Kalki Consulting. Headquartered in Manhattan, Kalki provides SecurITy ™ to small and medium sized businesses in a range of different industry sectors including financial services healthcare, education and manufacturing. Vikas has over 18 years enterprise information technology experience with over 15 years dedicated to information security operations, auditing, compliance and consulting engagements. Prior to founding Kalki, he held senior consulting positions at the Federal Reserve Bank, Deloitte & Touché and Cap Gemini where he served clients such as, the (UK) Ministry of Defense, Barclays Bank, American Express, Visa, CIT Bank, Citigroup, Honeywell, Shell Oil, Target (way before the breach!) and has indirectly advised countless other state and local government, energy financial services, healthcare, and retail clients. Throughout his career, he has earned numerous professional certifications, including: - Security Assurance for the Federal Reserve (SAFR) - HiTRUST Certified Practitioner - Certified Chief Information Security Officer (C|CISO) - Certified Information Systems Security Professional (CISSP) - Certified Information Privacy Professional (CIPP) - Certified Ethical Hacker (CEH) Vikas earned a BA in Economics from Kingston University in the UK and has been recognized as an Advanced Degree holder in Information Risk Management from Pennsylvania State University. Additionally, based on his expertise, Vikas was awarded permanent residence status in 2012 by U.S. Citizenship and Immigration Services, which deemed him a “person with exceptional ability in the national interest” in the area of Information Security. https://kalkiconsulting.com/
Fernando Blanco is Vice President and Chief Information Security Officer at CHRISTUS Health, one of the nation’s largest Catholic healthcare delivery system. He is responsible for the Cybersecurity program supporting CHRISTUS Health’s delivery network across four states, in four countries and in more than 300 locations. Prior to his experience in Healthcare, Mr. Blanco worked in domestic and international information security roles in the consumer products industry. Mr. Blanco lectures in areas of Cybersecurity and IT General Controls.
Joshua Bregler was born in Tucson, AZ and raised in Alamogordo, NM. After completing four years of service United States Marine Corps, Josh received an Honorable Discharge as a Sergeant. Josh then transitioned back to New Mexico to work for the Department of Defense in it's Research and Development IT space. This experience carried through San Diego and on to Boston, including HewlettPackard, the Space and Naval Warfare Command and the Defense Contract Management Agency. This led to a Security Architect position at Abt Associates, an international think tank based in Cambridge, MA. Josh now serves as the Senior Director of Security for AMAG Pharmaceuticals.
Direct the strategic use of Information Technology for the College-Institute. Responsible for both Information Technology, E-Learning departments and the four campus network of 350+ computers distributed across two countries and 10 time zones.
Chris is a Microsoft Certified Professional (MCP) with a bachelor’s degree in Computer Information Science. He is also a graduate of the governor’s Executive Leadership for Information Technology Excellence (ELITE) program and the Health and Human Services (HHSC) Executive Leadership Academy. Chris joins us from the Texas Department of Motor Vehicles where he served as Manager of the Infrastructure team. He previously served as Data Systems Manager and then Information Resources Manager for the Texas Department of Transportation and as IT Manager at Motorola. Chris is also an Adjunct Professor at Austin Community College teaching classes in networking, Microsoft core technologies and Information Security. Chris has held many positions in Security, and Network Infrastructure for the state. Currently he is the ISO and Director of Infrastructure for the Department of Aging and Disability Services. Chris has taught Principles of Security, Intrusion Detection, TCP/IP, Networking, Linux, and Active Directory courses for Austin Community College. He has served on several advisory panels, including Technical Advisory Panel –TxDOT. Security Advancement Forum for the Enterprise (SAFE)--DADS, Interview Panel for ACC's current Provost. Aspiring Leadership Academy (ALA) Advisory Board for HHSC. Additionally he has done book course commentary for McGraw Hill that included topics for security and networking.
Christopher Burgess (@burgessct) is President and co-founder of Prevendra, LLC. He is also an author, speaker, advisor, consultant and advocate for effective security strategies, be they at the office or home for you and your family. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008).
Miki Calero has been named one of the Most Influential People in Security by Security Magazine, and a Top 100 City Innovator Worldwide by United Business Media (UBM) Future Cities, for advancing enterprise risk management through unified physical and cybersecurity. As Chief Security Officer, he established an Enterprise Security Risk Management program that received CSO Magazine's CSO40 award for groundbreaking business value and innovative application of risk and security concepts at the 15th largest city in the US, Columbus, Ohio. Miki's career spans the private and public sectors, including startup companies, Fortune 500 enterprises, and federal, state, and local government. His responsibilities have included protection of information systems, physical assets, and critical infrastructure in strategic, tactical, and operational capacities. He consults and advises on security strategies for comprehensive asset protection, and promotes enterprise security and public private partnerships as keynote speaker at national and international events, and writer in various media outlets.
Chris Camacho is Flashpoint’s Chief Strategy Officer, partnering with the executive team to develop, communicate, and execute on strategic initiatives. With more than 15 years of cybersecurity leadership at some of the largest financial institutions in the world, Mr. Camacho has led initiatives across multiple areas, such as Operational Strategy, Research and Development, Threat Management, and Security Operations Centers to ensure cyber risk postures are aligned with business goals. Mr. Camacho is a respected leader, collaborator, advisor, investor, speaker and mentor in the cybersecurity community. He manages various collaboration groups geared at information sharing across multiple sectors including U.S. Government. An experienced entrepreneur, Mr. Camacho also serves as CEO for NinjaJobs, a private community created to match elite candidates with top tier global jobs and the only job platform dedicated to cybersecurity. Mr. Camacho holds a BS in Decision Sciences and Management of Information Systems from George Mason University.
Vaune Carr is an industry leading Information Technology (IT) visionary whose expertise is recognized throughout the world and who is fundamentally involved in delivering technology solutions that meet the needs of the business. A Premier I00 IT Leader, she has dedicated her professional efforts to safeguarding data and building trust into information systems by being at the forefront of technology and by lending her voice to industry standards, technical innovation, vendor partnerships, and working with authorities on a worldwide basis. Her professional efforts have led to recognition by ISACA, with a membership of 95,000 globally, as a CRISC Professional; from the ISSA with a Diamond Service Award; and the security leaders’ “Walk of Fame Award”. She has served on several U.S. Presidential Committees representing the Commercial Sector. She is experienced in compliance program implementations that are based on comprehensive risk-based design and strategically created to improve overall compliance and data integrity.
Michael Castro, currently holds the role as Senior Director, Information Security and Risk Management for Loblaw Companies Ltd. With over 17 years in Information Security, and over 20 years overall in IT, Mr. Castro’s diverse background has provided him the opportunity to balance security and business while providing governance that addresses risk to the organization, in accordance with the business model. Prior to joining Loblaw Companies, Mr. Castro has held numerous Info and Cyber Security roles in the areas of Oil & Gas, Finance, and Retail. Michael Holds a Bachelor’s degree from McMaster University and a Masters in Business Administration and IT Management from Athabasca University. He also carries designations for CISSP, CISA, CISM and C|CISO.
Benjamin Caudill is the Founder and Principal Consultant of Rhino Security Labs, a penetration testing and security assessments firm headquartered in Seattle, WA. As a security professional, Benjamin has seen a wide range of security environments, with clients ranging from mobile startups to government agencies and Fortune 500’s. He’s been published in Wired Magazine, CNN, Forbes and presented at security conferences such as Defcon.
Daniel Crothers is currently the Chief Information Officer at Brand Ventures, Inc. (BrandedOffers.com), an international brand management and incubator based in Los Angeles, California which was recently named as the #950th fastest growing company on Inc. Magazine's Fastest Growing 5000 companies in America list. He's responsible for ensuring continuity while facilitating company transformation into enterprise class organization for maximum ROI. He studied Business, Computer Science and Cyber Security at Grantham University where he excelled in his class. In addition to his accomplishments outside of the corporate world, Daniel managed IT security and systems for DOD networks while proudly serving in the U.S. Army. He is a firm believer that Military Veterans possess unique skills that work hand-in-hand with today's IT and Business challenges. Daniel is an ideal example of an exemplary veteran who has successfully transitioned his skills into the private sector. Daniel Crothers Chief Information Officer Brand Ventures, Inc. Daniel Crothers Chief Information Officer Brand Ventures, Inc/Brandedoffers.com
Rick is Chief, Cyber and Information Security for Crumpton Group LLC in Arlington, Virginia. Rick provides strategic guidance for large company CISOs, and acts as surrogate CISO for companies who want to improve their IT security programs. Prior to joining Crumpton Group, Rick was the CISO of Digital Management, Inc. (DMI). Rick has run ethical hacking, incident response and forensics, and risk management teams throughout his career. He has held positions as a Risk Management consultant at Gartner, Chief Scientist for Lockheed Martin’s Center for Cyber Security Innovation, and Managing Principal in the Professional Security Services practice at Verizon.
Patricia Edfors is a recognized senior executive with a successful track record in information security and risk management for U.S. and global entities. Her experience spans the Federal government, healthcare, financial services, internet services, media and entertainment and telecommunications industries. Ms. Edfors is currently the Chief Information Security and Privacy Officer for Sirius XM Radio Inc. Before joining Sirius XM, she headed up Banrion Consulting, an information risk management consulting firm. Ms. Edfors also held executive positions including as Chief Privacy and Security Officer at Mirixa Corporation, a healthcare technology company, as well a leadership positions for Information Security in organizations such as America Online, Baltimore Technologies (formerly GTE CyberTrust), U.S. Department of Justice, U.S. Department of the Treasury and NIST. Ms. Edfors has a unique talent for examining the security, privacy and compliance postures of small and large firms to assist the C-Suite in determining and implementing cost-effective and appropriate safeguards, programs, and organizational structures to meet the company’s unique needs.
Karen S. Evans is serving as the National Director for the US Cyber Challenge (USCC). The USCC is the nationwide talent search and skills development program focused specifically on the cyber workforce. She serves as an independent director and outside manager for publicly traded companies. She is also an independent consultant in the areas of leadership, management and the strategic use of information technology. She retired after nearly 28 years of federal government service with responsibilities ranging from a GS-2 to Presidential Appointee as the Administrator for E-Government and Information Technology at the Office of Management and Budget (OMB) within the Executive Office of the President.
Jane Frankland is an entrepreneur, speaker and business consultant. She has 19-years worth of experience in information security and over the years has built and sold her own global penetration testing firm, advised boards and held senior executive positions at several large PLCs, including the NCC Group. Jane believes passionately in entrepreneurship, empowerment and freedom. Through her consultancy she wants to see more professionals reach their potential and more businesses survive and thrive. As an ambassador for the profession, she is passionate about STEAM (science, technology, engineering, arts and maths) and diversity in the workplace. She is currently writing a book on women in security, which is due for release in 2017.
Pamela Fusco has accumulated over 20 years of substantial experience as an Information Security and Risk Management Professional. She has held positions as the Chief Security Officer for Merck & Co., Inc., Digex Inc, and MCI Security Solutions, and as Executive Vice President, Global Information Security, at Citigroup. She is currently Executive Director for Security Solutions at FishNet Security. Fusco is certificated and accredited as a CISSP, CISM, CHS Level III, National Security Agency INFOSEC Assessment Methodology Auditor (AIM Auditor), National Cryptologic School Adjunct Faculty Certified Instructor (NSA/CSS/NCS), and has a MS in Information Management.
Ajit Gaddam is the Chief Architect for Information Security at VISA Inc. Over the last decade, Ajit led the Information Security and security architecture programs for various Fortune 150 financial, insurance and technology companies. He also co-founded two startups with successful exits. He is an active participant in various open source and security standards bodies including for Open Group, NIST, and OWASP. He is a prolific inventor (over 50 patents), international speaker (BlackHat, Strata Hadoop, COSO, OpenGroup, etc.), instructor (SANS, community colleges), and a security researcher (book author, papers published with over 180 citations). In his spare time, he practices Judo Jujitsu, participating in marathons, playing Halo 2 and COD MW2.
Mike Gibbons joined Edward Jones in July 2014 as the firm’s Chief Information Security Officer. He was named a principal with the firm in 2015. Gibbons joined Edward Jones with more than 25 years of experience in the cyber security industry. He served as the chief of computer crime investigation for the Federal Bureau of Investigation and has significant expertise in information protection, privacy, risk management, governance, incident response and compliance management. As a special agent, he oversaw all cybercrime investigations for the FBI. After serving at the FBI, Gibbons was a principal at Deloitte and Touche, where he helped eliminate security weaknesses for large financial services clients. He also worked as a managing director for Alvarez and Marsal, consulting as the interim CISO for public and private companies. Mike is a Distinguished Graduate of the National Defense University and is a Certified Information System Security Professional (CISSP) and Certified Information Privacy Professional (CIPP).
Terry is the founder of D6 Research a vendor-neutral research and advisory firm specializing in security, identity, and authentication across the physical, transactional and logical domains. For the past 15 years, Terry has specialized in assisting global organizations to assess their security posture and develop adoption strategies to mitigate identity related threats. At D6 Research, he has been focused on leveraging this experience to build repeatable methodologies, tools, and research to more meaningfully impact global enterprise practitioners. Terry has worked in strategic roles for a variety of companies in the identity and security space and applies his past and present knowledge to impose transparency and disclosure between vendors and end users. Terry is frequently published in media and presents at various conferences including DEFCON, DerbyCon, Security BSides, and is a board member of ISSA Orange County and Security B Conferences of California.
Stuart founded his own company, now trading as UK Data Secure Ltd, in 2009 to provide specialist consultancy and programme management support to retailers grappling with the demands of data security and in particular PCI DSS compliance. Stuart is a highly recommended and very pragmatic consultant in the PCI DSS world, with an excellent grasp of retail, payments and PCI DSS; a rare and invaluable combination. His involvement in and connections within the information security industry are invaluable to tier one retail clients delivering PCID SS compliance as part of holistic information security risk reduction programmes.
Stacey Halota joined Graham Holdings Company (then The Washington Post Company) in 2003. Graham Holdings is a diversified education and media company whose operations include educational services; television broadcasting; online, print and local TV news; home health and hospice care; and manufacturing. She leads the development and implementation of information security and privacy programs, including Sarbanes Oxley, privacy law, Payment Card Industry compliance and other data protection efforts. Halota has more than 25 years of experience in the information technology, security and privacy field. Before joining Graham Holdings, she served as the federal government and southeast region leader of Guardent (now part of Verisign), a security and privacy consulting and managed security services company. Prior to Guardent, she worked at PricewaterhouseCoopers in the Technology Risk Services consulting practice working with federal government and Fortune 500 clients. Halota was named Secure Computing Magazine’s 2009 Chief Security Officer of the Year, and was also named 2009 Mid-Atlantic Information Security Executive of the Year (Commercial Category) by the Executive Alliance. She is a Certified Information Systems Security Professional (CISSP), a Certified Information Privacy Professional (CIPP) and a Certified Information Systems Auditor (CISA). She has spoken at many information security events, most recently in 2015 on mobile security at the Black Hat CISO summit, on “Congruence and Tension: Where Privacy and Security Align and Where They Don’t” at the first Privacy+Security Forum created by Professor Daniel Solove, as a keynote speaker at the 2015 Women’s Cyberjustu Awards, and at the inaugural International Consortium of Minority Cybersecurity Professional (ICMCP) conference. She also participates as a judge at “Shark Tank”-type events that evaluate security start-ups, including in 2015 and 2016 at the TEN ISE Lion’s Den at Black Hat. She is on the strategic advisory board of ICMCP, and Graham Holdings’ newest company, CyberVista that is focused on cybersecurity training.
Dr. Mansur Hasib is the only cybersecurity and healthcare leader and author in the world with 12 years experience as Chief Information Officer, a Doctor of Science in Cybersecurity, and the prestigious CISSP, PMP, and CPHIMS certifications. Dr. Hasib served as Chief Information Officer in healthcare, biotechnology, and education and has 30 years of digital leadership experience. With 12,000 undergraduate and graduate students in cybersecurity and over 371 cybersecurity faculty members at UMUC, as Program Chair of the graduate Cybersecurity Technology program, Dr. Hasib is part of the leadership team running the world’s largest cybersecurity education program. For his doctoral dissertation in 2013, Dr. Hasib conducted a national study in US healthcare and examined the relationship between cybersecurity culture and cybersecurity compliance. He shares these results in a book titled Impact of Security Culture on Security Compliance in Healthcare in the USA. This work was cited in the references for ISC2's new healthcare security and privacy certification. In September 2015, Dr. Hasib published the third edition of Cybersecurity Leadership: Powering the Modern Organization. In this widely acclaimed work he shares his cybersecurity leadership and governance model and life-long learning with many examples drawn from his practical experiences, research, and observations. This book was cited during a testimony at a US Senate Appropriations Committee hearing and is being used by universities as well as government and private cybersecurity leadership training programs. February 2015 this book was published as an audio book. Follow him on Twitter @mhasib or LinkedIn: www.linkedin.com/in/mansurhasib. To contact Dr. Hasib visit: www.cybersecurityleadership.com.
Erin is a former CIO and CSO who yields her nearly two decades consulting and C-level management experience in managing Urbane’s compliance and strategic advisory delivery teams. She and her team work with all levels of an organization to identify business goals and IT challenges and then, through specially tailored services, aligns them with the best solutions to help them securely drive their business forward. Through her work, Erin has established several industry best practices and has presented these at numerous high-profile security conferences, including RSA, DEF CON, Brucon, Derbycon, Hack In The Box, and ISC2 Congress just to name a few. She is also passionate about fostering collaboration between the CSOs and practitioners that oversee day-to-day security challenges with the security research community at large to help them learn from each other and ultimately improve our industry. Urbane Security is an information security firm that provides specially tailored security and compliance solutions that empower the Fortune 500 to securely focus on their ultimate business goals. Accomplished through highly technical services ranging from offensive and defensive security testing, to risk assessment and compliance services, which Urbane Security manages as trusted advisors to ensure high quality, incomparable expertise, and consistency of service in every engagement. Urbane Security’s core passion lies in elevating its clients and the broader industry through education, communication, cutting edge research and community. In addition to its Chicago headquarters, the company has presences in Atlanta, Los Angeles, New York and San Francisco. www.urbanesecurity.com
Dr. John Johnson serves as Global Security Architect for a Fortune 100 Company where he defines information assurance, risk management and governance strategy. John has been responsible for architecting solutions that have been critical to maintaining global network security at the company since 1999. His projects have involved every aspect of corporate security, from the management of enterprise security systems, to developing standards and policies, overseeing the security of business acquisitions and divestitures, and working with HIPAA, SOX, PCI and global security and privacy regulations. With over 30 years of IT experience and 20 years of information security experience, his career includes working as a staff physicist and managing network security at Los Alamos National Laboratory, as well as working as a contractor and small business owner. John is a frequent speaker, he is active in the security industry and he writes and teaches college courses on information assurance.
Ashutosh Kapsé is the Head of Information Security, Technology Risk at IOOF Holdings Ltd, one of Australia’s largest non-banking financial institutions. He is a recognized expert and thought leader in the security management field who has dedicated his career to helping organisations address security, risk and fraud issues. He has worked in the area of technology risk and security for 24 years. His expertise is validated through his certifications which include CISM, CRISC, ISO27001LA, CISA, IRAP Certified, CCSK, CGEIT etc. He is a sought after speaker and regularly presents at international conferences, about his experience in practical implementations of security. He as worked extensively, with organizations in the Government, Financial, Infrastructure, Retail and Utilities sectors and has proven track record in being able to present and influence at Executive management and Board level. He believes that the cyber security status is a direct reflection of leadership and culture in that organisation.
Aaron Kirby is Senior Vice President, Authentication Solutions in the MasterCard Operations & Technology organization. In this role, he is responsible for the application development and support of the authentication platforms that support key business products including SecureCode (Card Not Present Authentication) and Biometric Authentication. Mr. Kirby joined MasterCard in May of 2014. Prior to joining MasterCard, Mr. Kirby was a Global Security Architect for IBM. Before joining IBM he led an Online Authentication Strategy and Operations team for Capital One and worked in online security for the Wells Fargo Commercial Banking group. He also spent a number of years as an information security consultant at Deloitte and PricewaterhouseCoopers. Mr. Kirby earned a Bachelor of Science from Ithaca College, a Master of Computer Information Systems degree from the University of Denver and is a Certified Information Systems Security Professional. He is an active volunteer for Junior Achievement of Greater St. Louis and also served on active duty in the United States Army as a Combat Engineer.
Jonas Kriks joined ATEL in 2007 and currently serves as Chief Information Officer. He has more than 17 years of experience leading information technology to develop, deploy and strengthen IT strategy initiatives across corporate operations. Kriks serves in an advisory role designing cost-effective solutions supporting enterprise networking, telecom, software assurance, application development, and cyber security. Mr. Kriks leads a diversified team aligning technological projects with Board direction within ATEL’s business functions of equipment leasing, asset-based lending, venture finance, lease administration, investor securities services and asset management. Jonas holds a degree in Communications and Business Finance from CSU, Sacramento along with several technical/ security certifications.
Colonel Cedric Leighton is the Chairman of Cedric Leighton Associates, LLC and its subsidiary, Cedric Leighton International Strategies, LLC, a global strategic risk consultancy specializing in the burgeoning field of cyber risk. He advises an international clientele on cyber strategies and the deployment of the newest cybersecurity technologies. Colonel Leighton is a member of the Federal Reserve Bank’s Secure Payments Taskforce, which is charged with facilitating the development of a secure payments system for the United States. Colonel Leighton is also a CNN Military Analyst. In this capacity he provides on-air commentary on military and international security issues to CNN’s US and international audiences. Prior to his appointment at CNN, he appeared on numerous global television and radio networks, to include the BBC, CCTV (China), Al Jazeera, ARD (German TV), Bloomberg, CNBC, Fox News Channel, Fox Business Network, MSNBC, Sky News and TRT (Turkish TV). He has been quoted in the New York Times, Wall Street Journal, Los Angeles Times, Le Figaro, Correo Brasiliense, and La Razon as well as in several specialty publications like C4ISR Magazine and ADS Advance. He has also written for several publications, including The Hill and Leadership Excellence Magazine.
Gary D. Long, CISA, CISSP is an information security professional with over 20 years of combined US and global experience working in the public and private sector in information security consulting, sales, and management. Gary has served in such positions as Information Security Officer at Cerner Corporation in Kansas City, and Principal at several information security consulting firms. Gary has provided Security thought leadership by speaking at forums, such as RSA Conference, mNext Forum, Executive Alliance Security Leader’s Summit, as well as offering commentary to monthly CSO Magazine articles. Gary is a Senior Member of the Information Systems Security Association (ISSA).
Jon leads the OMNETRIC Group Cyber Security Practice where he works with energy operators to improve their resilience to digital threats and protect critical national infrastructure. He has been working in the IT industry for over twenty years as a developer, architect, consultant and manager in industries such as retail, logistics, e-commerce, government and energy. He now leads a team of industry experts aiming to improve the cyber-security situation for energy businesses. Twitter: @DefendtheGrid
As the CIO, Ryan is focused on delivering IT solutions that add a meaningful market differentiation for ADTRAN. He is an experienced pragmatic, result-driven executive with deep operational and management expertise across IT. He possess a strong blend of High-Tech and Life Sciences experience and is effective at working alongside business leaders to develop strategic IT solutions that add direct and long-term value. Before ADTRAN Ryan held leadership positions with Eli Lilly and Deloitte as well as led contract work for the Central Intelligence Agency and Department of Defense.
Jim joined AvidXchange in April 2016 as Chief Information Security Officer (CISO). He has more than 30 years of IT experience, with the past 15 years being focused on information security, privacy, and risk management. Recent positions Jim has held include VP of Information Security at Vantiv, CISO for Mercury Payment Systems, Head of Security Solutions for retail banking at Barclays Bank, Global Head of Information Security for Amazon.com, and Chief Security Executive for Corillian (Internet banking and security solutions). Jim has current certifications as a Certified Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP/US and CIPP/E), Certified Information Security Manager (CISM), and Certified in the Governance of Enterprise IT (CGEIT). He holds a Master of Science in management from Stanford University, an MBA from City University, a Master of Science in engineering from Northwestern University, and a Bachelor of Science in system design from Marquette University. He is also a member of the FBI InfraGard program.
Richard is the President of X-SES Consultants LLC and as such he promotes comprehensive sustainable corporate IT governance programs that foster cost-effective software assurance, supply chain risk management, standards compliance, and procurement strategies. He was previously the CEO of Secure Exchange Technology Innovations, implementing international communications standards for emergency management alerting systems. His broad experience in formulating information and cyber security policy for the Department of Defense, drafting cyber legislation, and influencing national cyber policy initiatives for 20 plus years lends credence to being a nationally and internationally recognized thought leader on cyber security and information related policy, legal, and technical issues. He was the legal and strategic architect of the Nation’s first Live Information Warfare Exercise (ER97) and a Contributor to the Comprehensive National Cyber Security Initiative. He has served as a keynote speaker on cyber security related executive leadership issues at major conferences in Germany, England, India, Moldova, China, Thailand, Switzerland and the United States. He is a frequent Cyber commentator on CNN, BBC, Politico; FedScoop; New York Times & Scientific America. He currently serves as a Strategic Advisor to the following corporations: Aqua Comm; GidGrid; Secure Cloud Systems; SignaCert; Sierra Vista; Consulsys; Auroras; Mobile Active Defense; INVNT/IP; and the National Maritime Law Institute.
Christopher Paidhrin, is the Chief Information Security Officer for City of Portland, Oregon. For the past 16 years Christopher has been a nationally recognized healthcare Information Security authority, having received recognition, nominations and awards for service excellence, including NetworkWorld, ISE, SC Magazine, and Information Security magazine’s 2011 "Security 7" Award. Christopher is a regular media consultant and presents at numerous events across the U.S. Christopher is an advocate of IT Service Management (ITSM) best practices and process improvement, including learning organizations and knowledge management. Christopher is also a Wikimedia advocate, Mind Map enthusiast, unpublished screenwriter and avid autodidact. http://www.linkedin.com/in/christopherpaidhrin
Mitchell Parker, CISSP, is the Executive Director of Information Security and Compliance at IU Health. Previous to this job, he was the CISO at Temple Health, an academic health system in Philadelphia, PA. Mitch has done a significant amount of work in researching the effects of cloud computing, network-based threats, compliance, and privacy and security requirements on connected health devices. While he was at Temple, Mitch worked collaboratively with a number of EMR and biomedical equipment vendors to improve their security postures and provide a better quality of service. He currently resides in Carmel, IN, with his wife, two children, and two cats.
Highly-experienced consultant/architect/auditor with primary focus on Cyber and Cloud Security. Has nearly 30 years' IT experience, in the UK and globally, across the life-cycle: business development, pre-sales, solution architecture, development, testing (including ethical hacking), implementation, security assessment/accreditations, metrics/KPIs and often acting as “trusted advisor” for clients. Now runs international cyber services start-up based in the UK.
Dan is responsible for the overall information security strategy for First Financial Bank, and has extensive experience in information security and technology disciplines. In his current role, Dan directly manages security programs focusing on Identity and Access Management, Security Control Management, IT Audit and Compliance, Policy Development, Cyber Incident Response, Anti-Malware methodologies, Extensibility of Security Platforms, Applied Threat Intelligence, and Third Party Security. Dan has spoken at various security and risk conferences throughout the country, in addition to online and print interviews and featured columns. With over 19 years of technology and security experience, Dan has held information technology and security leadership roles within the financial and insurance industry. Dan is a CISSP, CISA, CRISC in addition to holding other certifications with concentrations in information technology and security.
Todd Redfoot is the chief information security officer for GoDaddy. He leads an award-winning team of security professionals devoted to keeping customers, employees, and corporate systems safe. For Redfoot, that means more than information security. In addition to protecting the data of over 13 million customers worldwide, he's also responsible for the physical security of more than 4000 GoDaddy employees across the globe. Redfoot has vast experience handling cyber and security threats. During his tenure at GoDaddy, he's made it his mission to challenge the security professionals he works with to become the best in their field. His goal is not only to keep up with current threats and tactics, but to investigate and invest in new and disruptive technologies — to stay ahead of future risks just beyond the horizon. In addition to his work at GoDaddy, Redfoot holds several patents in the security space, is the founding member of the Hosting Security Forum, and is on the Governing Chair of the Phoenix chapter of Evanta CISO Summit.
Jamie Rees centers his career on information security as a provider of value to organizations. Over his 18 years of experience Jamie has held roles spanning from sysadmin, IT college instructor and security analyst to leadership roles as CISO and Chief Security Strategist. Currently Jamie is the senior cybersecurity strategist for a vertically integrated electrical utility, serves as chair of the Canadian cybersecurity leadership committee on youth and education and has security advisory roles on other national organizations’ boards. Through these roles and related past positions in telecommunications, finance, and government Jamie has built a strong base of business oriented security. As a result his career has been one of firsts, often forging new positions and award winning programs along the way.
Over 25 years experience in the cyber security domain as a Defense Intelligence Senior Leader (DISL) at the National Security Agency, Certified TEMPEST / signals analysis engineer and U.S. Navy Cryptologic Technician, performing maintenance functions on a variety of crypto equipment and maintaining network operation centers . While at the NSA successfully led cyber security organizations within the DoD and IC, developed strategic plans and led implementation of and operations to streamline Identity, Access Management, security postures and risk management in dynamically changing environments. Led transitions from individual cross domain solutions into enterprise-level capabilities for the DOD and IC. Currently performing a variety of technical research activities as a Senior Cyber Analyst. Areas of expertise: Identity and Access Management Systems, Credential Management Systems, Risk Management, and Security analysis.
Randy was an Industrial Engineer for the Youngstown Steel Co., a Sales Engineer for GATX, the Manager of Computer Security Planning for Mobil Corporation, and the Director of Information Systems Security for United Healthcare. In 1997 Randy became General Director, Information Security for General Motors Corporation responsible for GM’s information security strategy, programs, plans, and global information security posture. He holds several IT-Security Certifications and has traveled internationally for over forty-five years. Some of Randy’s other professional affiliations include: being a member of the Board Of Directors of the International Information Systems Security Certification Consortium (ISC)2 from1989 to 2008; (ISC)2’s Treasurer; Chairman of (ISC)2’s Board Of Directors; and a four year member of the National Computer Systems Security & Privacy Advisory Board. Randy is also a presenter of the IT-Security Safe & Secure Program for children in the schools. Randy has presented at major national and international IT-Security conferences, and is a published author, and publishes articles on IT-Security. Randy continues to do both IT-Security Assurance pro bono, and consulting services through his company, RNS Consulting. Randy also serves as the Marketing Director for a Global IT Educational Foundation, a member of SC Magazine’s Editorial Board, and a judge for IT-Security Awards for SC Magazine. His educational background includes a B.B.A., and an M.B.A in Finance.
various detective grades and branches until he joined Scotland Yard’s Computer Crime Unit in 2000. During the following 5 years he specialized in malware and botnet cases and reached the rank of Detective Sergeant. Steve received several awards and commendations from various international law enforcement agencies and judges. He was also an associate instructor for the CISSP certification. Steve then left law enforcement to join the Microsoft Internet Crimes Investigation Team, based in Redmond, USA. He spent the next 2 years investigating botnet cases which were then referred out to law enforcement officers around the world for further work and arrests. During this time he also developed the International Botnet Task Force, a unique group of industry and law enforcement from 35 countries, dedicated to working together to combat botnets and ruin the lives of botherders. He was also the lead investigator on the Zotob case. Steve left Microsoft in 2007 to join Team Cymru, a small group of researchers who work to discover who is behind internet crime and why they carry out their activities. Still actively involved in investigations, he is currently a Team Cymru Fellow and the Director of Analysis and Outreach. This role enables him to contribute to using Team Cymru’s unique position and insight to improve lives around the world. You can read more about him in a magazine article at: https://bitly.com/1PeVyrp
A visionary, strategic, award-winning and certified Information Technology professional with more than 25 years of in-depth and cross-industry experience that includes healthcare, telecommunications, financial services, retail and manufacturing. His career spans a progression of roles from Systems Operations and Network Administration, Software Engineering, Business Analysis, IT Project Management, Information Security, IT Risk Management, Disaster Recovery and Business Continuity Planning. As the CISO for Orthofix, John is currently focused on leading the development of strategic and innovative implementations of Information Security and IT Risk Management initiatives that leverage enabling technologies within the healthcare industry by applying practical, business-driven vision to develop sensitive data protection strategies. He has been recognized as a cybervisionary who was a member of the initial NH-ISAC Board of Directors as well as a member of the ISC(2) committee that developed the HCISPP. John has authored articles in cyber journals and is a frequent speaker at local, national and international industry conferences, summits and other related events that include RSA Security Conference USA, RSA Security Conference Europe, HIMSS, and Secure World.
Jay is a Principal at RSM US LLP and leads the Great Lakes Security and Privacy Practice. He’s broken into devices ranging from medical devices to automobiles to welding machines. Today, he spends most of his time helping clients develop processes to better manage security.
Mr. Bobby Singh has 20 plus years’ experience in information security with extensive experience in risk management, business operations, compliance, consulting and auditing. As the Chief Information Security Officer executive at TMX, Mr. Singh’s role involves ensuring that security is built-in both at the business-level and within the Infrastructure. He provides leadership in the development and promotion of security standards and risk management practices. Mr. Singh has broad expertise in developing and implementing security programs for public and private sector organizations. He is a frequent speaker at conferences and round tables. Prior to joining TMX, Mr. Singh has held positions at TD Bank and Rogers Communications, where he focused on delivering security services to clients and developing their security practice. Mr. Singh received his MBA from University of Pittsburgh and holds CISSP, CISM, CISA and CPA designations.
Nathan Smolenski joined Spencer Stuart to develop and manage the enterprise information security, physical security and risk management programs. As the CISO, Nathan is responsible for ensuring that information security is an integrated and foundational aspect of project delivery as well as a key business enabler for the ever evolving and workplace. Nathan is focusing on rationalizing the portfolio of current security projects, further developing Information Security policies, standards and controls as well as continuing to guide the security strategy for upcoming firm developed platforms. Prior to joining Spencer Stuart, Nathan focused on information security strategy and program development, IT and operational risk management, data privacy, information system audit, and the delivery of enterprise-wide IT program initiatives for a range of financial services organizations. Nathan’s past programs have brought transformational change and technological enablement to extremely large and complex end-user computing environments (> 20,000 users). Nathan previously served as the regional CISO for Zurich North America, with multi-board and regulator accountability for all information security and IT risk management functions supporting Zurich’s commercial and life insurance businesses in the US and Canada. Prior to that, Nathan was the CISO for 21st Century Insurance; a direct to consumer insurance company that is part of the Farmers Insurance family of companies. Earlier in his career, Nathan worked for MetLife, State Street Corporation, and the Julius Baer Group. Nathan is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM).
Dan Srebnick provides information security strategies to enterprise clients in the NYC metropolitan area and around the country. He writes, speaks, and blogs on information security issues such as the cloud, identity and access management, and the internet of things. He leverages 14 years of experience running information security for the City of New York. As Associate Commissioner for IT Security with the New York City Department of Information Technology and Telecommunications, he was NYC's Chief Information Security Officer, and responsible for an information security program across 50 City agencies that includes operational security, planning, policy and standards, application accreditation, information security auditing, and identity and access management. Significant accomplishments included the establishment of a Citywide endpoint security cloud service and an enterprise IAM system linking together identities from over 50 agencies and providing public account management and social media login integration for nyc.gov. Dan has been recognized for his innovations by the Center for Digital Government, Information Week, and ISE.
As Information Security Officer, Jeff is responsible for all aspects of Ontario Pension Board’s Information and Cyber Security. Previous to joining Ontario Pension Board, Jeff was Director of Cyber Security for Canadian Imperial Bank of Commerce following his tenure as VP and ISO at Bank of Tokyo-Mitsubishi Canada, and Head of Network Security with Tangerine Bank (formerly ING DIRECT Canada). Jeff is a trusted leader in the IT community known for his innovative solutions to complex challenges that safeguard the organization while bringing the corporate strategic vision to fruition. He has over 18 years’ of proven track record in delivering results through building responsive teams to the organization and exploiting technology as a strategic lever in achieving growth. Responsible for the security of billions of dollars in assets and personal client information, he has accumulated a wide range of experience and networks through his long term affiliations such as Canadian Financial Institutes Computer Incident Response Team and top global financial companies. Individual strengths include strong business acumen, setting and achieving strategic goals, motivating leader and mentor and talented key note speaker. Jeff thrives on change by staying on top of leading edge technology.
Twenty plus years of experience as an information security professional, serving in executive and senior management positions, in the US and the UK. My responsibilities have included the development and implementation of global information systems security management programs aligned with NIST CSF, ISO 27001:2013, elements of the NIST 800 series and HIPAA/HITECH. Served as Chairperson of the Communications and Public Relations Project Group of Interpol's European Working Party on Information Technology Crime, as well as advising their Wireless Applications Security Project Group. Former, the President of the United Kingdom and Bluegrass chapters of the Information Systems Security Association (ISSA), member of the editorial advisory board for the ISSA Journal and SC Magazine UK. I hold a Master of Science in Information Security from Royal Holloway, University of London and was a senior instructor for the (ISC)² CISSP CBK seminar.
Priscilla Tate is the founder, president, and executive director of Technology Managers Forum (TechForum). TechForum has a current membership of over 800 IT managers in the New York area. Ms. Tate produces Security Forum, an invitation-only conference held twice yearly in New York City. In addition to moderating TechForum events, Ms. Tate has moderated panels at other industry events, including the Computerworld Premier 100 and the RSA Conference in San Francisco. She is has served as a judge for the GLOMO Awards for Best Enterprise Mobile Application for five years. Prior to Founding TechForum in 1994, Ms.Tate was a technology officer at Citibank, EF Hutton and Manufacturers Hanover Trust. She worked at PC Magazine as a senior features editor in the 1980’s and was a frequent contributor to trade publications including EWeek, ComputerWorld and Infoworld. Ms. Tate hosted a weekly New York FM radio show “PC Planet” for two years and for co-produced a call-in radio style podcast “TechForum Live!” distributed via iTunes. Ms. Tate graduated from Duke University with a BA in History and an MA in Art History. She also studied at the Freie Universitat in Berlin with a scholarship administered by the Fulbright commission. She was a Columbia Fellow and did graduate work at Columbia University.
Dennis Thibodeaux is a technology educator and information security practitioner who has been a Microsoft Certified Professional since 1998. As an instructor, he draws on his extensive professional experience including consulting and teaching in computer security, systems engineering, network administration, disaster recovery, incident response, digital forensics, and related areas. He has taught employees of IBM, Princeton University, Bank of America, NASA, Lockheed Martin, the Federal Bureau of Investigation, the U.S. Secret Service, the United Nations, all branches of the United States military, and hundreds of other security-minded organizations in the public and private sectors. He has also taught college students in Information Technology, Criminal Justice, and Paralegal Studies degree programs.
Richard Timbol is a well-respected Cyber Security & IT professional with over 26 years of experience. He spent the early part of his career as an Enterprise Network Engineer in the pharma, financial, healthcare and retail industries. He later went on to lead teams and head departments in the diverse IT disciplines of InfoSec, Compliance, Network Engineering, Messaging, Deployment and End Point Support and is currently the Global Head of Information Security & Compliance for one of the world’s leading law firms. He holds multiple certifications across the entire range of IT and InfoSec fields, has shared his vision and expertise as an expert speaker and panelist and has been spotlighted in various security publications. He currently serves as the Vice-Chairman of The Threat Intelligence Committee for the LS-ISAO and has also served on the New York State eHealth Information Privacy and Security Collaborative as well as on several security advisory boards.
Date: Tuesday, February 14, 2017Venue: InterContinental San Francisco
Time: 6:30 pm - 11:00 pm
Dress Code: Black tie preferred (Men - smart suits, women - cocktail dresses)
Cost: Table of 10 - $4,650
Half table (seats 5) - $2,550
Individual ticket - $510
To purchase tickets to the SC Awards 2017, please click here.