Comprised of the IT security's industry's thought leaders, SC Magazine's Editorial Advisory Board offers insight about marketplace happenings, ideas for features and news, thoughts on technology and threat trends, editorial contributions and more. The Board's corporate CSOs, industry analysts, educational practitioners, consultants and leading vendors all lend their knowledge and experience to help SC Magazine continue to offer the most timely editorial and product reviews in the industry.

  • Rich Baich, CISO, Wells Fargo & Co.
  • Greg Bell, global information protection and security lead partner, KPMG
  • Christopher Burgess, CEO/president, Prevendra
  • Jaime Chanaga, global consultant and adviser
  • Rufus Connell, vice president of global marketing, Frost & Sullivan
  • Dave Cullinane, co-founder and adviser, TruSTAR Technology
  • Mary Ann Davidson, CSO, Oracle
  • Dennis Devlin, CISO, chief privacy officer and senior vice president of privacy practice, SAVANTURE
  • Gerhard Eschelbeck, vice president of security and privacy engineering, Google
  • Gene Fredriksen, vice president and CISO, PSCU
  • Maurice Hampton, director, field operations, Elastica
  • John Johnson, global security strategist and adviser 
  • Paul Kurtz, co-founder and CEO, TruSTAR Technology
  • Kris Lovejoy, president and CEO, Acuity Solutions
  • Tim Mather, CISO, Cadence Design Systems
  • Stephen Northcutt, director, SANS Institute
  • Randy Sanovic, owner, RNS Consulting
  • * Howard Schmidt, partner, Ridge-Schmidt Cyber
  • David Shearer, CEO, (ISC)²
  • Ariel Silverstone, consulting chief security officer
  • Justin Somaini, CSO, SAP
  • Craig Spiezle, executive director and president, Online Trust Alliance
  • Larry Whiteside, vice president, healthcare and critical infrastructure, Optiv
  • Amit Yoran, president, RSA



Rich Baich is Wells Fargo's EVP/chief information security officer. Formerly, he was principal for security and privacy at Deloitte and Touche. He has led multi-national teams designing, implementing, measuring and advising organizations to effectively and efficiently balance risk, technology and data management decisions with data protection risks, regulatory compliance issues, privacy and security controls. Baich is former CISO at ChoicePoint where he held enterprise-wide responsibility for information and technology security. Previously, he held leadership positions within NSA, McAfee and the FBI. In 2005, Baich authored Winning as a CISO, a security executive leadership guidebook.

Greg Bell is global information protection and security lead partner at KPMG LLP. Formerly he was senior security architect, The Coca-Cola Co., and the lead network and systems administrator for Eaton Corporation's Supercharger Division.

Christopher Burgess (@burgessct) is the CEO, president and co-founder of Prevendra. Formerly, he was a senior security adviser in the corporate security programs office at Cisco Systems.

Jaime Chanaga is a global consultant and trusted adviser to leading companies and organizations on issues of strategy, cybersecurity, and risk management. Formerly, he was chairman and CEO of The CSO Board LLC, a consulting firm dedicated to helping leaders solve critical strategic issues and make lasting substantial improvements in their performance. Chanaga is a co-author of the book Corporate Security in the Information Age. You can read his blog on business, strategy, technology, security and executive insights. Chanaga is an avid reader and enjoys listening to jazz music and playing the piano.

Rufus Connell is an industry research director with the Frost & Sullivan North America Information & Communications Technologies Practice. He oversees global production of market research and consulting deliverables in the network security and retail spaces.

Dave Cullinane is the CEO co-founder of TruSTAR Technology. Formerly, he was CEO of Security Starfish and chief information security officer for eBay Marketplaces. Prior to joining eBay, Cullinane was the CISO for Washington Mutual. He also served as a senior consultant for nCipher and as the director of information security for Sun Life of Canada's U.S. operations. He also helped create Digital Equipment Corporation's security consulting practice. Cullinane is a charter member of the Alliance for Enterprise Security Risk Management (AESRM) - an alliance of security professional associations dedicated to advancing the profession. He is the past international president of the Information Systems Security Association (ISSA) and a charter member of the Global Council of Chief Security Officers. He also serves on ASIS International's Information Technology Security Committee (ITSC). Cullinane was nominated for SC Magazine's Information Security Executive of the Year for 2004 and 2005 and awarded Global Award as Chief Security Officer of the Year for 2005.

Mary Ann Davidson is CSO at Oracle Corporation and is responsible for Oracle product security, as well as security evaluations, assessments and incident handling. Davidson also represents Oracle on the Board of Directors of the Information Technology Information Security Analysis Center (IT-ISAC). Prior to joining Oracle in 1988, Davidson served as a commissioned officer in the U.S. Navy Civil Engineer Corps, during which she was awarded the Navy Achievement Medal. Davidson has a bachelor's degree from the University of Virginia and an MBA from the Wharton School of the University of Pennsylvania. In her spare time, Davidson is an enthusiastic outdoors person and participates in several sports, including surfing, alpine and cross-country skiing and fly-fishing.

Dennis Devlin is chief information security officer, chief privacy officer and senior vice president of privacy practice, SAVANTURE. Formerly, he was chief information security officer at Brandeis University. He has over 35 years of information technology leadership experience in private industry and higher education. Prior to his current role Dennis was vice president and chief security officer of The Thomson Corporation, a member of the senior IT management team at Harvard University, and began his career as a software developer and systems analyst for American Hoechst Corporation. Dennis is a graduate of the University of Pennsylvania and has completed extensive continuing education in information technology and management. He has been a frequent presenter on information security at universities and conferences including the RSA Security Conference, SC Magazine US Forum and Gartner IT Security Summit. Dennis has also served on CSO advisory boards for RSA, Qualys, Verdasys, GeoTrust and SC Magazine.

Gerhard Eschelbeck is vice president security engineering at Google. Formerly, he was CTO and senior vice president of engineering at Webroot Software, where he was responsible for developing and driving overall product strategy and managing the company's development and threat research teams. Previously, Eschelbeck served as CTO and vice president of engineering of Qualys, where he pioneered the company's Software as a Service based vulnerability management platform. He was senior vice president of engineering for security products at Network Associates, vice president of engineering of anti-virus products at McAfee, and founder of IDS GmbH, a secure remote control company acquired by McAfee. Eschelbeck has presented his research to Congress and at numerous security conferences. He is a frequent contributor to the SANS Top 20 expert consensus identifying the most critical security vulnerabilities. Eschelbeck is also the author of Laws of Vulnerabilities. He is one of the inventors of the Common Vulnerability Scoring System (CVSS) and holds numerous patents in the field of managed network security. Gerhard holds master's and PhD degrees in computer science from the University of Linz, Austria.

Gene Fredriksen is VP and global information security officer at PSCU. Formerly, he was senior director, corporate information security officer, Tyco International. Formerly he was the principal consultant of the Burton Group, which focuses on security architecture and infrastructure, information risk management, security governance, compliance and identity management. Prior to joining Burton, he served as CSO of Raymond James Financial and worked at Eaton Corporation and American Family Insurance. Fredriksen is also a certified Information Security Manager (CISM) and has been a participant in numerous security and risk management groups, including as past chair of the BITS Security and Risk Assessment Steering Committee and member of the Financial Services Sector Coordinating Council research and development committee. Currently, he is chair of the St. Petersburg College Information Security Programs Advisory Board. In 2004, Fredriksen was selected as a top five information security executive in the United States by the Executive Alliance.

Maurice Hampton is director, field operations at Qualys. Formerly, he was information security program manager, GE Corporate.

Paul Kurtz is the CEO of TruSTAR Technology. Previously, he was the chief operating officer of Good Harbor, advising clients on cyber-security and homeland security issues. Kurtz has served as the founding executive director of the Cyber Security Industry Alliance (CSIA), an advocacy group dedicated to ensuring the privacy, reliability and integrity of information systems. Prior to joining CSIA, Kurtz was special assistant to the president and senior director for critical infrastructure protection on the White House's Homeland Security Council (HSC), where he was responsible for both physical and cybersecurity. Prior to his White House work, Kurtz served as political advisor to Operation Provide Comfort in Incirlik, Turkey, and as science attaché in Vienna, Austria. He participated in several arms control inspection teams, traveling to Iraq and North Korea. Kurtz received his Bachelor's degree from Holy Cross College and his Master's degree in international public policy from Johns Hopkins University's School of Advanced International Studies.

Kris Lovejoy is director of Tivoli Strategy at IBM.

Tim Mather is CISO at Cadence Design Systems. Formerly, he was CSO at Apigee and before that vice-president of technology strategy in Symantec's office of the chief technology officer, responsible for coordinating the company's long-term technical and intellectual property strategy. Previously, he served for nearly seven years as Symantec's CISO where he was responsible for development of all information systems security policies, oversight of implementation of all security-related policies and procedures and all information systems audit-related activities. Prior to joining Symantec, Mather was the manager of security at VeriSign. Additionally, he was formerly manager of Information Systems Security at Apple Computer. Mather's experience also includes seven years in Washington, D.C. working on secure communications for a classified, national-level command, control, communications and intelligence (C3I) project, which involved both civilian and military departments and agencies. Mather holds Master's degrees in national security studies from Georgetown University, and international policy studies from Monterey Institute of International Studies. He holds a bachelor's degree in political economics from the University of California, Berkeley.

Stephen Northcutt is director - academic advising, SANS Technology Institute, a post-graduate level IT security college. Northcutt is author of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security - Second Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection - Third Edition. He was the original author of the Shadow intrusion detection system before accepting the position of chief for information warfare at the Ballistic Missile Defense Organization. Northcutt is a graduate of Mary Washington University. Before entering the computer security field, he worked as a Navy helicopter search and rescue crewman, white water raft guide, chef, martial arts instructor, cartographer and network designer.

Randolph (Randy) Sanovic is the owner RNS Consulting. Formerly, he was general director, information security, General Motors, responsible for GM's information security strategy, programs, plans and global information security posture. Previously, Sanovic served as director, information systems security, for United Healthcare where his responsibilities included reorganizing the corporation's disparate information security functions into a worldwide well-managed function, and developing an effective strategic IT security plan. He has also served as manager, computer security planning for Mobil, responsible for the corporation's overall information security posture, strategy, programs, plans and policies. Sanovic is also a member of the board of directors of the International Information Systems Security Certification Consortium (ISC)2, (ISC)2's treasurer, chairman of the Board Audit Committee, co-chair of (ISC)2's America's Advisory Board and a member of the National Computer Systems Security and Privacy Advisory Board. He holds a bachelor's degree and an MBA.

Howard Schmidt is a partner in the strategic advisory firm, Ridge-Schmidt Cyber, an executive services firm that helps leaders in business and government navigate the increasing demands of cybersecurity. He also serves as the international president of the Information Systems Security Association (ISSA) and has recently been appointed to the Information Security Privacy Advisory Board (ISPAB). Previously, Schmidt was appointed by President Bush as the vice chair, and then chair, of the President's Critical Infrastructure Protection Board and as the special adviser for Cyberspace Security for the White House. Schmidt was also CSO for Microsoft, where his duties included forming and directing the Trustworthy Computing Security Strategies Group. Schmidt is a co-author of the Black Book on Corporate Security and author of Patrolling Cyberspace, Lessons Learned from a Lifetime in Data Security. He holds a bachelor's degree in business administration and a master's degree in organizational management from the University of Phoenix and an honorary doctorate degree in humane letters. Schmidt is a professor of practice at the Georgia Institute of Technology, the Georgia Tech Information Security Center and adjunct senior fellow with Carnegie Mellon's CyLab.

Ariel Silverstone is chief security officer adviser, GNN. Formerly, he was chief information security officer, Expedia.

Justin Somaini is the CSO at SAP SE. With more than 17 years of information security experience, he is responsible for SAP's overall security strategy. In his role Justin develops, implements, and manages SAP's overall policies, standards, and guidelines in accordance with the SAP Security Strategy as well as ongoing SAP security initiatives to meet the emerging international IT and cyber security environments and data protection and privacy laws worldwide.

Craig Spiezle is executive director and president, Online Trust Alliance. Formerly, he was director, online safety technologies, Microsoft.

Amit Yoran is president, RSA, the security division of EMC. Formerly, he was the chairman and CEO of NetWitness, provider of network-based forensics, investigations and incident-response technologies. Previously Yoran served as the Bush Administration cyberczar, CEO and advisor to In-Q-Tel (venture capital arm of the CIA), vice president of Worldwide Managed Security Services at Symantec, founder and CEO of Riptech and director of vulnerability programs at the Department of Defense's CERT. Yoran currently serves as a director on the boards of several innovative security companies including Guidance Software (GUID), Guardium, Digital Sandbox and Trust Digital.


Sign up to our newsletters