Bob Russo, general manager, PCI Security Standards Council
Bob Russo brings more than 25 years of high-tech business management, operations and security experience to his role as the general manager of the PCI Security Standards Council. Mr. Russo guides the organization through its crucial charter, which is focused on improving data security standards for merchants, banks and other key stakeholders involved in the global payment card transaction process. To fulfill this role, Mr. Russo works with representatives from American Express, Discover Financial, JCB, MasterCard Worldwide and Visa International to drive awareness and adoption of the PCI Data Security Standard. Mr. Russo is responsible for driving the organization's policies, as well as meeting its goals to create education programs, establish pools of certified Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs) and incorporate feedback from all stakeholders across the payment chain into the work of the Council and the development of new standards. In addition, he oversees the PCI Security Standards Council's training, testing and certification programs for QSAs and ASVs.
Bruce Sussman, senior manager/PCI product manager, Crowe Horwath
Bruce is an experienced Senior Manager with Crowe Horwath, LLP in the Firm's Livingston, NJ office. He brings with him 20 years diversified experience in banking, consulting, internal audit and risk management. Prior to joining Crowe, Bruce spent 11 years with subsidiaries of First Data and Metavante with various responsibilities for internal audit, risk management and fraud control. His achievements include starting internal audit departments in the US and Canada, designing a real time anti fraud product, and creating a series of anti fraud and IT security whitepapers and webinars. He has been published in the Journal of Accountancy, NYS CPA Journal, ISACA and frequently speaks before risk and security associations and trade groups. He also provides peer review for IT and risk related articles submitted to the NYS Society of CPA's Journal.
Erik Cabetas , security officer, E-Commerce company
Erik Cabetas is in charge of Information Security program for an E-Commerce company in NYC with 4 million members. He has a decade of experience in Information Security from the consulting, vendor and corporate security angles. From Fortune 100s to small startups. He enjoys securing companies in a way that aligns with their business goals first. It is his opinion that a security focused Information Security program as opposed to a compliance focused program is more effective in terms of the ultimate goal; protecting the bottom line. He has participated in PCI projects from the merchant and assessor's Point of View.
Steve Santorelli, director of global outreach, Team Cymru
Steve was a cop in London for 10 years before joining Microsoft and then the small, not-for-profit Internet security research company Team Cymru as an investigator. He specializes in finding the people behind botnets and other types of malware. It's claimed he is rather unique in that he's got experience as a detective as well as from within industry. The reality is that he still likes donuts and the thrill of the virtual chase when he gets to work with smarter folks to track down the ghosts in the Interweb.
Ed Giorgio, co-founder and president, Ponte Technologies
Ed Giorgio is the co-founder and president of Ponte Technologies, a security and technology company. He is on numerous advisory boards and the Commission to advise the 44th president. He was formerly a principal at Booz Allen Hamilton, where he spent 10 years working on information security and enterprise resilience issues for a variety of commercial clients and federal agencies. Mr. Giorgio also has nearly 30 years of security experience with the National Security Agency (NSA). While at NSA, he pioneered developments in communications security, national intelligence policy and technology, and public key cryptography. Mr. Giorgio is the only person to have served as both Chief U.S. codemaker and, subsequently, as Chief U.S. codebreaker at NSA where he directly managed 1600 mathematicians and computer scientists. As a mathematician, he designed and delivered the first public key based e-mail privacy and authentication system on the worldwide intelligence network. Today he provides services which help clients bridge business innovation, technology, and security and delivers these services to government and commercial clients. He also advises investment bankers and VC's on the viability of early-stage security companies. Mr. Giorgio is considered a leading authority on cryptology and has extensive experience in Internet security technology, wireless security, security policy, information warfare, privacy, and digital rights management. He is also an expert on Security & Privacy and recently testified before the House S&T committee.
Jaime Chanaga, founder and president, The CSO Board, LLC.
is founder and president of The CSO Board, LLC, a global firm specializing in management and organizational development. As a leading management consultant, he has worked with top executives and respected international organizations. He has written for numerous publications and is a co-author of the book "Corporate Security in the Information Age". He is a member of the Editorial Advisory Board for SC Magazine and boards for other innovative companies. Jaime is a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Auditor (CISA). Jaime is also a proud member of InfraGard® a partnership between the U.S. FBI and private industry focused on matters related to counterterrorism, cyber crime and other major anti-crime programs.
Matt Tesauro, vice president, services, Praetorian
Matt Tesauro has been working with software and security for over 10 years. He is currently employed by Praetorian, an independent security firm headquartered in Austin, TX that specializes in software security assurance services. Matt's primary focus includes penetration testing, design analysis, code reviews, and security training. His background in web application development and system administration helps bring a holistic focus to the Secure SDLC efforts he's driven. Matt is also on the board of the OWASP Foundation and is actively involved in the application security community as an industry speaker, trainer, project leader, and subject matter expert. He is the currently the project lead of the OWASP Web Testing Environment which brings together the best of breed application security tools and documentation.
Diana Greenhaw, senior business leader, global payment system security, Visa Inc.
Diana Greenhaw has been with Visa since 2006 and currently manages Visa's global data security standards and policies as well as expanding global merchant and agent compliance with the Payment Card Industry Data Security Standard (PCI DSS). Greenhaw has more than 14 years of experience within various segments of the payment card industry and in management of compliance and risk mitigation initiatives.Greenhaw also serves as a Visa representative on the PCI Security Standards Council's board of managers and speaks frequently before industry and trade groups to promote global data security efforts. Prior to joining Visa, Greenhaw was with Chase Paymentech and Fifth Third Bank, focused on client services and compliance management, respectively. Greenhaw received a BA in Public Relations from Texas State University.
Jeremy King, european director, PCI Security Standards Council
Jeremy King, European Director for the PCI Security Standards Council (PCI SSC) leads the SSC's efforts in increasing adoption and awareness of the PCI Security Standards in the European region. In this role, Mr. King works closely with the Council's General Manager and representatives of its policy-setting executive committee from American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. His chief responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SCC managed standards in European markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences and meetings with key stakeholders. He also serves as a resource for Approved Scanning Vendors (ASV), Qualified Security Assessors (QSA) and related staff in supporting the regional training, certification and testing programs.
Neira Jones, head of payment security, Barclaycard
As head of Payment Security at Barclaycard, Neira Jones is responsible for ensuring that the transactions processed by Barclaycard's 100,000 business customers worldwide are safe, secure and comply with industry standards and that they understand the importance of information security. Neira's success in steering Barclaycard and its customers through the changes in payment security, and in particular with the PCI DSS (Payment Card Industry Data Security Standard), has resulted in the payment acceptance provider winning the European Card Acquiring Forum's 2010 award for Data Security. Neira has over twenty years experience in financial services, working for among the best known and respected names in the banking sector. Her knowledge of the finance industry and her skill in change and transformational management have been instrumental in the launch of products and services including mortgages, credit and debit cards, insurance and business banking.
Jeffrey Bardin, chief security strategist, Treadstone 71. LLC
Since 1982 Jeff has worked in leadership positions organizations such as General Electric, Lockheed Martin, and Marriott International. He also served as the Security Manager for the Centers for Medicare and Medicaid (LMIT), Chief Security Officer for Hanover Insurance, the Chief Information Security Officer for Investors Bank & Trust, and the Director, Office of Risk Management for EMC. Jeff is currently Chief Security Strategist for Treadstone 71. Jeff sits on the Board of Directors, Boston Infragard; was a founding member of the Cloud Security Alliance; is a member of the Cyber Security Forum Initiative and sits on the RSA Conference Submission Selection Committee. Jeff published his first book, The Illusion of Due Diligence in 2010 and has co-authored other books such as the Computer and Information Security Handbook and Understanding Computers, and has published articles for magazines such as The Intelligencer.
Jerry Archer, senior vice president and CSO, Sallie Mae
Mr. Archer's responsibilities include securing and protecting all of Sallie Mae's systems and offerings, and for security initiatives across the company. Prior to Sallie Mae, Archer was the Chief Information Security Officer at Intuit and prior to joining Intuit, Archer was managing director at Global Competitive Strategies, LLC. Previously, Mr. Archer was Senior Vice President for Global Interoperability at Visa International and before Visa, at the Fidelity Brokerage Company; he was senior vice president of information security and technical risk. For his work in the U.S. Intelligence Community earned Mr. Archer the National Performance Review Hammer Award, a Distinguished Service Award from the Central Intelligence Agency and a Meritorious Unit Citation from the National Security Agency.
Chris Brenton, cloud security architect, CloudPassage
Chris Brenton is a Cloud Security Architect for CloudPassage, the industry leader in hybrid IaaS security. He is also a fellow instructor for the SANS Institute. He is one of the founding members of the original Honeynet Project, as well as one of the original Internet Storm Center handlers. During his career, Chris was instrumental in the foundation of Dartmouth college's Institute for Security Technology Studies (ISTS) and CSO of one of the first nation's first managed security providers, ALTeNet Solutions. Chris has been credited with the discovery of numerous security vulnerabilities and is a published author of various books on networking and network security. In his spare time, Chris is an extremely active blogger.
Rich Snow, IT director, Mount Auburn Cemetery
Rich Snow is the IT Director at Mount Auburn Cemetery, a National Historic Landmark. Since the 1990's he has been responsible for network security in different environments including aerospace, healthcare, internet startup, and non-profit companies. Rich wrote a SANS gold paper on spam filtering and manages several large email lists. He is a graduate of Syracuse University. Before entering the field of computer networking, he worked in quality assurance and as a printed circuit designer. He currently holds the SANS GCWN and Sonicwall CSSA certifications.
Stephen Fried, CISO, People's United Bank
Stephen Fried is a seasoned information security professional with over 25 years experience in information technology. For the past fifteen years Stephen has concentrated his efforts on providing effective information security leadership to large organizations. Stephen has led the creation of security programs for two Fortune 500 companies and has extensive background in such diverse security issues as risk assessment and management, security policy development, security architecture, infrastructure and perimeter security design, outsource relationship security, offshore development, intellectual property protection, security technology development, business continuity, secure e-business design, and information technology auditing. A frequent speaker and instructor at conferences, Stephen is also active in many security industry organizations. He is a contributing author to the Information Security Management Handbook and has also been quoted in Secure Enterprise and CIO Decisions Magazines. His latest book, Mobile Device Security, was published by CRC Press in 2010.
Philip Cox, director, security and compliance, SystemExperts
Philip Cox is Director, Security and Compliance for SystemExperts Corporation, a consulting firm that specializes in system security and management. He is a well-known authority in the areas of system integration and security. He serves on the Trusted Cloud Initiative Architecture workgroup, as well as the PCI Virtualization and Scoping SIGs. Phil frequently writes and lectures on issues dealing with heterogeneous system integration and compliance (PCI-DSS and ISO). He is the lead author of Windows 2000 Security Handbook Second Edition (Osborne McGraw-Hill) and contributing author for Windows NT/2000 Network Security (Macmillan Technical Publishing) and CIW Security Professional Certification Bible (Wiley).
Ross Wescott, chief IT auditor, Portland General Electric Company
Ross Wescott is the Chief IT Auditor at Portland General Electric Company. In this capacity he is responsible for developing and managing all IT internal control reviews and special projects in the information systems areas of the Company. In addition, as the senior member of the staff, he is frequently called to assist the Director of Internal Audit on developing and implementing Internal Audit strategy, methodology, and tool use. He also is used for any special projects around the Company that may call for Internal Audit participation. He also helps to recruit and train summer Interns for the department. He has developed the guidelines and processes to ensure that PGE's Internal; Audit group is and remains in compliance with the IIA standards. He has experience in the following industries: Utilities and Manufacturing (Steel and Wood Products). He has specialization IT Internal Control Systems but is also well-versed in inventory practices. He has experience in understanding and documenting a wide variety of information systems applications (financial and non-financial) and analyzing internal control systems to include both preventative and detective controls.
Randy Marchany, CISO, Virginia Tech
Randy Marchany is the University Information Security Officer for Virginia Tech. He is also the director of the VA Tech IT Security Testing Lab, a component of the university's Information Technology Security Office. He is the author of VA Tech's Acceptable Use Statement and a co-author of the original FBI/SANS Institute's "Top 10/20 Internet Security Vulnerabilities" document that has become a standard for most computer security and auditing software. He is the co-author of the SANS Institute's "Responding to Distributed Denial of Service Attacks" document that was prepared at the request of the White House in response to the DDOS attacks of 2000. He was part of the SANS Institute's Secure Code project that developed a set of exams to test programmers' knowledge of secure coding techniques.He has been a member of the SANS Institute's faculty since 1992 and developed its original IT Audit course.
Phil Agcaoili, CISO, Cox Communications
Phil Agcaoili has been a change agent and transformation leader in the Technology and Information Security industries for over 20 years and is the Chief Information Security Officer at Cox Communications. He co-founded several companies and sold them during the Dot.Com era, secured many of the largest global companies, safeguarded the privacy for hundreds of millions of customers worldwide, and is now helping shape the direction of cyber security for US Telecoms through his appointment as the committee co-chair of the FCC Communications Security, Reliability and Interoperability Council (CSRIC), helping shape cyber security with the National Cable Television Association (NCTA), and is helping shape the direction of cloud computing as a founding member of the Cloud Security Alliance and as a co-founder and co-author of the CSA Cloud Controls Matrix (CCM) and GRC Stack. Mr. Agcaoili has led security teams and has represented GE, VeriSign, Alcatel, Scientific-Atlanta, Cisco, Dell, and Cox Communications in their respective Corporate Security, Privacy, Governance, Risk, and Compliance (GRC) Councils and Committees.
William Corrington, CTO, US Department of the Interior
William Corrington has over 30 years of experience in the Information Technology industry. He has worked as a software engineer, systems architect, project manager, management consultant and entrepreneur in the areas of operating system development, factory automation, information publishing and network security. A former Vice President with Gartner Consulting's Federal practice, he joined the Department of the Interior in 2004 as the Deputy CIO for the Bureau of Land Management (BLM). At BLM he oversaw IT operations in support of over 12,000 users. He now serves as the DOI Chief Technology Officer (CTO) with responsibility for defining DOI technology strategy and architecture and leading enterprise-wide infrastructure projects including defining DOI's strategy for implementing Cloud Computing.
Dov Yoran, CEO and founder, ThreatGRID
Dov Yoran is the CEO and cofounder of ThreatGRID, an advanced malware analysis firm that provides actionable threat intelligence. He is also a cofounder and partner at MetroSITE Group an advisory services firm to both emerging security companies and large enterprises. Prior to MetroSITE, he has held several leadership roles at Symantec Corp and Riptech, Inc (acquired by Symantec in 2002). Dov is involved in a number of industry organizations including Founding Member of the Cloud Security Alliance, Board of Directors to both the NY Metro ISSA and NY Metro CSA chapters and a frequent speaker at industry conferences. Dov has a Master in Science in Engineering Management with a concentration in Information Security Management from George Washington University and is a cum laude graduate with a Bachelor of Science in Chemistry from Tufts University.
Kris Rowley, CISO, state of Vermont
Rowley has been CISO for Vermont for one year. Prior to working for the state, she was employed with Norwich University in Northfield, Vt. At Norwich, she worked with the CISO to develop and write university security policies. She also worked for the School of Graduate Studies as an administrative director.
Dave Cullinane, CISO & VP, eBay
Dave Cullinane is the Chief Information Security Officer (CISO) for eBay where he is responsible for Global Fraud, Risk and Security strategy and programs to protect eBay and its many global businesses (StubHub, InternetAuction.co, eBay India, etc.). Prior to joining eBay, Dave was the CISO for one of the largest banks in the United States. He has more than 30 years of security experience and is a Certified Information Systems Security Professional (CISSP) and a former Certified Business Continuity Professional (CBCP). Dave is a founding member and Chairman of the Board of the Cloud Security Alliance.
Larry Whiteside, CISO, Visiting Nurse Service of New York
Larry Whiteside manages a group of security professionals and secures data on internal/external networks and computer systems used by the Visiting Nurse Service of New York. He interfaces with business managers, engineers, developers and systems personnel to address security issues in projects. Mr. Whiteside has held senior security positions with Marsh & McLennan Companies, Computer Horizons Corp., netForensics, Naval Strategic Systems Programs, TruSecure Corporation, and the United States Air Force.
Bruce Bonsall, Former VP CISO, MassMutual Financial Group
Bruce began his IT career as a programmer trainee in 1985. For much of the last 26 years, he's worked in various roles in information security. Recognized as an industry expert, Bruce is a frequent contributor to security and information technology publications and events. He received the Certified Information Systems Security Professional (CISSP) designation in 1997. In 2006 Bruce received both the New England and National Information Security Executive of the Year Awards. His security team was also recognized in 2007 with the number 1 ranking in the InformationWeek 500 "Information Security/Privacy" category. In December 2008, Bruce was recognized as one of the Top 25 Most Influential People in Security by Security magazine.
Erik Avakian, CISO, Governor's Office of Administration Commonwealth of Pennsylvania
Erik was named Chief Information Security Officer for the Commonwealth of Pennsylvania in June 2010 and is responsible for the information security strategy, governance, technical standards, security policies, risk management, compliance, and cyber-incident response across the commonwealth. Prior to his appointment, Erik served as Deputy Chief Information Security Officer for the Commonwealth since 2007. Erik joined the Commonwealth in October 2005 as an IT Consultant and technical architect for the Enterprise Security Auditing and Monitoring initiative. The tremendous success of the project helped Pennsylvania win the 2007 award for outstanding achievement in information technology by the National Association of State Chief Information Officers (NASCIO) and finalist recognition for the NASCIO 2008 Recognition Awards for Pennsylvania's Security Incident Response Process. Erik leads a highly successful group of information security professionals who were named finalist in the 2008 SC Magazine Awards for "Best Security Team". In 2009, his team won the ISE Mid-Atlantic Project of the Year award for "Safeguarding Citizen Data".
SC Magazine Articles
- CISO salaries and demand for cyber-skills skyrockets, surprising no-one
- Malwarebytes says sorry for multiple AV bugs, still unpatched
- Ransomware and POS attackers to zero in on small businesses, retailers
- TaxAct breached: Customer banking and Social Security information compromised
- Student SSNs exposed in University of Central Florida breach