Atlanta-2013

Atlanta CISO Events


Knowledge transfer and exchange has always been a challenge for organizations. Our intent for this exclusive and high-level event is distinctively clear - it is to create a platform to facilitate effective knowledge exchange, where the latest information security threats and land scape evolution are being discussed and debated.

Jay Bavisi
President EC-Council









Join us for EC-Council’s fourth CISO Forum! The Global CISO Forum (GCF) is EC-Council's annual CISO event that brings CISOs from all over the world together to focus on the real information security threats to nations, companies, and networks. The GCF is held in conjunction with Hacker Halted, EC-Council's largest and most popular security event, creating a mix of executives and hackers.


Global Reach:

EC-Council’s CISO Program has over 1,000 participants from across industries and around the world. From our groundbreaking Certified CISO (C|CISO) Program to our high-level, exclusive events, EC-Council CISOs come from around the world, including Hong Kong, Egypt, the Netherlands, Bangladesh, Canada, the Philippines, Ghana, Sri Lanka, China, Zambia, Nigeria, the UAE, Switzerland, Mexico, the United Kingdom, Iceland, and all across the United States. Our upcoming Global CISO Forum | Europe, taking place in Reykjavik, Iceland on October 7-8, 2013, and our planned CISO Summit Bahrain in December, are increasing the Global Reach of EC-Council’s CISO Program, making the program stronger through a diversity of perspectives, cultures, and security postures.



Past speakers include Erick Rudiak, CISO of Express Scripts; Gary Harbison, CISO of Monsanto; Karthik Swarnam, CISO of Trans Union; Amar Singh, CISO of News International; Curtis Levinson, US Cyber Defense Liaison to NATO; Erin Owens, CISO of Maxim Healthcare; Illyas Kooliyankal, CISO of Abu Dhabi Security Exchange; and many others discussing topics such as:
  • Organization Techniques to Secure Your Workforce
  • Countermeasure Culture: Battle Ready your Workforce
  • Managing Security with an Outsourced Cloud Vendor
  • How to Sell, Brand, and Integrate your IS Program with Business Objectives
  • Wargaming
  • CISOs versus Hackers
  • Maturity Measurement Deep Dive
  • Secure Adoption of Cloud Computing; Standing in your Vendor’s Shoes

History of Excellence:

EC-Council’s prior events in Las Vegas, NV; Miami, FL; St. Louis, MO have been highly valuable events for our attendees and sponsors. Here’s some of the feedback we’ve gotten from our attendees:

  • “Excellent insight into an alternate definition on risk and how to answer the question “Are we secure?”
  • “A great combination of solid theory and actionable guidance.”
  • A discussion of maturity rarely reaches that level of depth and practical application.
  • “ … I got a great idea during the panel discussion for an IP awareness campaign.”
  • “That's why I come to these things...smart people with great angles on who to improve security incrementally.”
  • “… differing views are best made available in conferences such as the EC-Council CISO Summit. Within these venues, lively discussions explore topics that are of interest to all security managers.
  • “EC Council's CISO Summit is an excellent opportunity to interface with not only some of the largest organizations, but also the smaller ones as well.”
  • “It was a truly wonderful event. It's very healthy for information security executives and professionals to get together to share what's working in their own organization for the betterment of other organizations as well.”
  • “ … very well organized with a good mix of talent from diverse industries. The topics were excellent and targeted to the need of the industry today.”

Exciting Events:

This year’s agenda includes two new and exciting events: the CISO Awards Luncheon and the launch of the Certified Chief Information Security Officer (C|CISO) Program.

The CISO Awards Luncheon will honor the best and brightest information security executives from around the world in the following categories:
  • C|CISO of the Year (must be an EC-Council Certified CISO to enter)
  • CIO of the Year
  • CISO of the Year

The C|CISO Program is EC-Council’s groundbreaking executive certification. At the Global CISO Forum the exam, courseware, and training will be available to the public for the first time. Anyone interested in earning this certification can take live training and the exam at the Forum.






Attend EC-Council Global CISO Executive Summit to share IS knowledge and ideas with top CISO, IT professionals

Due to the nature of the discussions that will take place, this will be a closed-door event open only to senior information security executives (C-levels, VPs, Senior Directors, etc.).











EC-Council Global CISO Forum 2013

Agenda CISO Leadership


Wednesday, September 18th


Time Event Location
7:00 PM – 10:00 PM CISO Cocktail Reception Sponsored by Axzo Press The Point of View Lounge (Atlanta Hilton)


Thursday, September 19th

Time Event Location
9:00 AM – 5:00 PM   Registration Outside Salon A&B  
9:00 AM – 9:10 AM   Opening Remarks
Eric Lopez, Senior Director,
EC-Council
Grand Ballroom East  
9:10 AM – 9:50 AM   Opening Keynote
Jay Bavisi, President, EC-Council
Grand Ballroom East  
10:00 AM – 10:10 AM   Global CISO Forum Opening
Remarks
Salon A&B  
10:10 AM – 11:00 AM   Information Security Program Models
Mark Carney,
VP Strategic Services, FishNet Security
Salon A&B  
11:00 AM – 11:20 AM   Break    
11:20 AM – 12:10 PM   Panel – Measuring the Effectiveness of Your Security Program
Mauricio Angee VP of Mercantil Commercebank
Everette Hubbard VP of HNI Corporation Juan Gomez Sanchez,
CEO of Optima Consulting
Mark Gelhardt, CISO of TravelClick
Muhammad Saleem, CISO of the Ministry of Health, KSA
Salon A&B  
12:10 PM – 1:00 PM   Data Breach Trends and Top Security Issues
Scott Stein, Managing Director of Stroz Friedberg, LLC
Salon A&B  
1:00 PM – 2:15 PM   CISO Awards Luncheon
Brought to you by Axzo Press Recognizing the C|CISO of the Year
CIO of the Year
CISO of the Year
Axzo Press Security Leader of the Year
Salon C  
2:15 PM – 3:05 PM   CSO and CSA partnership
Rakesh Radhakrish,
Chief Security Architect at Amgen
Salon A&B  
3:05 PM – 3:55 PM   Panel Discussion
The Mindset of a Successful CISO & Career Longevity
Greg Bee, CISO at Country Financial
Kevin Beaver, Infosec Consultant
Lisa Dobson, VP of Davidson Technologies Inc.
Ron Baklarz, CISO of Amtrak
Salon A&B  
3:55 PM – 4:15 PM   Break    
4:15 PM – 5:05 PM   Connecting Security to the Business
Dwayne Melancon, CTO of Tripwire
Salon A&B  
5:05 PM – 5:55 PM   Compliance to Security – Evolving the Program
Jason Stradley, Principal at BT Global Services
Salon A&B  
5:55 PM – 6:00 PM   Day 1 Closing Remarks Salon A&B  
8:00 PM   Movie Night! Premier of “Dragon Day” Grand Ballroom East  

Friday, September 20th


Time Event Location
8:00 AM – 12:00 PM Registration Outside Salon A&B
8:30 AM – 9:00 AM Pastries & Coffee Salon A&B
9:00 AM – 9:10 AM Opening Remarks Salon A&B
9:10 AM – 10:00 AM Information Security and Acquisition Management
Robert Hotaling, CSO of Cengage
Salon A&B
10:00 AM – 10:50 AM Panel Discussion:
Who should you report to – CIO or CFO?  What’s the Impact of reporting to the wrong boss?
Robert Hotaling, CSO of Cengage
Joe Voje, CISO of University of Texas Panamerican Dennis King, CSO of Working Security
Michael Woodson, Lead, Fraud Management and Forensics at Tata Consultancy Services
Salon A&B
10:50 AM – 11:10 AM Break
11:10 AM – 12:00 PM Chasing Hackers and Securing IT Environments for the Past 25 Years: Things That Worked and Things
That Didn’t
Dr. Joseph Popinski, CISO & AVP-IT at University of Alabama at Birmingham
Salon A&B
12:00 PM – 12:50 PM

Lunch with Hacker Halted Grand Ballroom East
12:50 PM – 1:40 PM
Implementing the 20 Critical Controls
Randy Marchany, CISO at Virginia Tech
Salon A&B
1:40 PM – 2:30 PM
Panel Discussion
Hacking Back: Should it be part of your security program?
Justin Dolly, CISO at Service Now
Joseph DiBiase,
Shawn Murray,
Vijay Viswanathan, CISO at HD Supply
Salon A&B
2:30 PM – 3:20 PM

Winning the Hearts and Minds of End Users: It not what you say, but how you say it.
Joe Voje, CISO of University of Texas Pan American

Salon A&B
3:20 PM – 3:40 PM

Break  
3:40 PM – 4:30 PM Beyond traditional security metrics: the security question your C*O needs you to answer
Erick Rudiak, CISO of Express Scripts
 Salon A&B
4:30 PM – 5:20 PM  Vendor Risk Management Essentials - In the cloud or not....vendor risk management starts from the same place
Eric Svetcov, CSO of Mede Analytics
 Salon A&B
5:20 PM – 5:30 PM  
Conference Wrap Up

 Salon A&B
5:00 PM – 6:00 PM Enjoy Hacker Halted and Exhibition Area and Axzo Press CISO
Hospitality Suite
 
9:00 PM – Midnight  Hacker Halted Signature Party  Hilton Courtyard


















If you would like to speak, click here

 

 

Erick Rudiak VP, Chief Information Security Officer at Express Scripts

Erick Rudiak has built information security programs for two multi-billion dollar enterprises, each of which more than doubled in size through M&A. After fourteen years in Information Systems and three in Security Risk Management as Chief Information Security Officer at Hewitt, Erick joined Express Scripts as Chief Information Security Officer in 2011.

Erick Rudiak
VP, Chief Information Security
Officer at Express Scripts

 

 

 

 

Justin Dolly is the Vice President & Chief Information Security Officer at ServiceNow Inc

Justin Dolly is the Vice President & Chief Information Security Officer at ServiceNow Inc. In this role he provides strategy and vision for all Information Security-related initiatives at ServiceNow ensuring the integrity, availability and security of information, intellectual property, infrastructure, platform and users for the global organization. He also leads compliance and risk management initiatives. Most recently Justin was the Chief Information Security Officer at VMware Inc., where he was responsible for developing and leading for all Information Security-related programs and initiatives. Previously Justin held various security and technology leadership roles at Kaiser Permanente (2010-2011), CNET/CBS Interactive (2006-2010) and at Macromedia (2000-2006). In the late 1990s, Justin held a variety of technical and engineering positions at Wells Fargo Bank.
He has more than 15 years of experience in information, infrastructure, web and application security, and network engineering and design and is respected as a visionary leader within the Information Security industry. Justin holds a Bachelor of Arts degree from the National University of Ireland.

Justin Dolly
Vice President & Chief Information
Security Officer at ServiceNow Inc

 

 

 

 

Ms. Dobson, Davidson Technologies' Vice President, Ballistic Missile Defense Operations and Information Assurance

Ms. Dobson, Davidson Technologies' Vice President, Ballistic Missile Defense Operations and Information Assurance. She leads her team in the disciplines of Cyber Security Engineering, Information Assurance, Information Technology, Modeling & Simulation; System Analysis; Systems Engineering & Integration; Test & Evaluation; Obsolescence; Survivability, Reliability, Availability, Maintainability (RAM); Operations and Sustainment. In addition, her team performs network security architecture and physical security assessments, 24x7 Network Operations, Intrusion Monitoring, Incident response, and penetration tests for enterprise and government entities.

Ms. Dobson holds a B.S. in Computer Engineering from Auburn University, M.S. in Management of Technology (M.B.A) from University of Alabama in Huntsville, and a GIAC Security Leadership Certification (GSLC) from SANS. She joined the firm in 2003 as an Engineer where her Cyber Security focus began. As a software developer, she built a security configuration that reduced build time from 32 hours to 4 hours and passed all assessments. She serves as a member of the SANS Advisory Board and a member of Women in Defense. Ms. Dobson supports Hacker Halted CISO Forum, Cyber Huntsville, National Space Symposium, Space and Missile Defense Conference, Information Systems Security Association (ISSA) Cyber Security Summit and other Industry forums.

DTI is a Woman Owned Small Business performing Cyber and IA for multiple contracts in many locations across the U.S. DTI has been the recipient of the Best Places to Work Award, Principals Top 10, Performance Excellence Awards and Supplier of the Year awards.

Lisa L. Dobson, Vice President
Davidson Technologies, Inc. WOSB
DoD 8570 GSLC Certified/Cyber Focused

 

 

 

 

Shawn Murray is a principal scientist with the United States Army Cyber Command currently assigned as a Cyber Analyst to the Regional CERT in Europe

Shawn Murray is a principal scientist with the United States Army Cyber Command currently assigned as a Cyber Analyst to the Regional CERT in Europe. His previous assignments include work with the United States Missile Defense Agency, US Air Force and Commercial Industry in various roles in Information Assurance and Cyber Security. He has traveled the globe performing physical and cyber security assessments on critical national defense and coalition systems. Dr. Murray has worked with NSA, FBI, CIA and the US Defense and State Departments on various Cyber initiatives and has over 20 years of IT, communications and Cyber Security experience. He teaches Cyber security, business and computer science courses for two universities. He has several industry recognized certifications to include the C|CISO, CISSP and CRISC. He holds several degrees to include an Applied Doctorate in Computer Science with a concentration in Enterprise Information Systems. He is a professional member of IEE, ACM, ISSA, IC2 and is a FBI Infragard program partner. He enjoys spending time traveling with his family, collaborating with other professionals and volunteering in his community as a Shriner.

Dr. Shawn P. Murray
C|CISO, CISSP, CRISC, FITSP-A
Principal Scientist, Cyber Analyst
US Army Cyber Command, RCERT Europe

 

 

 

 

Mark Carney Vice President of Strategic Services at Fishnet Security

As the Vice President of Strategic Services at Fishnet Security, Mark Carney leads a group of 22 seasoned security advisors that interface with CSOs, CROs, and CIOs at FORTUNE 500 and global institutions that assist these organizations with information assurance, managed services, identity and access management, and training professional service’s needs. Mark has experience in building information assurance professional services organizations, including all aspects of sales/marketing/business development, staff management, project management, and service delivery execution. In his over 10 years at FishNet Security, he has also managed the information assurance division and spent several years as a Sr. Security Consultant.

Mark Carney
CISSP, CRISC, C|CISO, PCI-QSA, NSA-IAM,MBA
Vice President of Strategic Services
at FishNet Security


 

 

 

Scott Stein is a Managing Director

Scott Stein is a Managing Director at Stroz Friedberg where he oversees the firm’s Seattle operations and key practice areas, including cybercrime and data breach response, digital forensics and ediscovery. As head of the office, he manages the on-site digital forensics laboratory, as well as the end-to-end processing for all ediscovery engagements. Senior executives, in-house lawyers and outside counsel rely on his wealth of technology, government and legal experience to better manage their technical and strategic approach to digital risk and investigations.

Prior to joining Stroz Friedberg, Mr. Stein was a Senior Attorney at Microsoft Corporation. Over the course of six years, he provided legal advice to help the company address vital issues related to the Communications Assistance for Law Enforcement Act (CALEA), the Electronic Communications Privacy Act, National Security, and Federal Regulatory Compliance. Mr. Stein also directed a team of Microsoft cyber investigators who focused on preventing, detecting and resolving intricate computer crimes ranging from viruses and worms to botnets and spyware. Notably, the Federal Bureau of Investigation (“FBI”) recognized the group for “Exceptional Service in the Public Interest” as a reward for their help in identifying the unlawful distributors of the 2005 “Mytob/Zotob” computer worm. Later Mr. Stein also led the team’s investigative support of the FBI’s “Operation Bot Roast” which tracked down bot herders and virus coders causing the rampant infection of over a million computers.

Scott Stein
Managing Director of STROZ FRIEDBERG

 

Rakesh Radhakrishnan Principal Architect Specialist

Rakesh Radhakrishnan is a Principal (Information Security) Architect Specialist at AMGEN. He has a total of 25 years of experience in IT and 15+ years in Information Security covering all 5 domains of the CISO program.  Rakesh is extremely passionate about “Aligning Aspired (Target ESA) with Applied Architecture” and he believes in the critical nature of the partnership and teamwork between the Chief Security Architect office of an Organization and the CSO office. All the Architecture Assessments, Target ESA definitions/designs, innovation, solution design, integration models, problem solving (predicting future issues/problems as well), design patterns and reusable code/artifacts produced by Security Architects can ONLY be put to good use if it is aligned with the CSO programs associated with governance, empowerment, program management, policy & standards, compliant SW acquisition, organizational structuring and so on.  Hence he truly enjoys the ISACA COBIT 5 model for Information security that addresses the governance challenges of IS along with SEI’s Architecture Led Program Management for Architecture led governance and acquisition management.

His blog is at:
http://identity-centric-architecture.blogspot.com/

 

Rakesh Radhakrishnan
Principal (Information Security)
Architect Specialist at AMGEN

 

 

 

 

Dwayne Melancon is Tripwire's Chief Technology Officer

Dwayne Melancon is Tripwire's Chief Technology Officer, where he owns a critical role in driving and evangelizing the company's global overall product strategy. Dwayne works with global enterprise CISO's on security & operations challenges, and is currently focused on developing effective security metrics, communicating the business value of information security, and establishing objective, data driven-security.

Prior to joining Tripwire, Melançon held leadership roles at DirectWeb, Inc., Symantec Corporation and Fifth Generation Systems, Inc. He is certified on both IT management and audit processes, holding both ITIL and CISA certifications, and is a frequent speaker at national and regional industry events.

Dwayne Melançon
CTO of Tripwire

 

 

 

Jason Stradley is a visionary security executive

Jason Stradley is a visionary security executive with an entrepreneurial spirit and the ability to execute against his vision. Known for strong organizational and thought leadership he combines those qualities to communicate his vision to motivate others to excellence.

Mr. Stradley has developed solutions for enterprise environments in the financial services, manufacturing, Healthcare, Hospitality industries as well as several not-for-profit. Mr. Stradley is a frequent speaker at such venues as SANS, MISTI, Gartner, DRJ and others and has been published in several industry publications including CSO Magazine and the Cutter IT Journal.

Mr. Stradley currently holds the C|CISO, CISSP, CGEIT, CBCP, CISM, SANS GSLC, CBCP, CRISC, and CCSK certifications.

Jason Stradley

 

 

 

Mr. Voje currently Chief Information Security Officer

Mr. Voje currently serves as the Chief Information Security Officer for The University of Texas –Pan American, where he is developing an Information Security program and Privacy practice for one of the nation’s largest Hispanic serving institutions of higher education.

As former Naval Officer, Mr. Voje, served in many roles related to cyber security and information assurance for the U.S. Navy. Outside of the military, he has led the Information Security programs for a large west coast financial institution, Washington State’s second largest public utility district, and consulted for the Federal Government in addition to intellectual property and law firms through his consulting company American Cyber Corps.  Mr. Voje holds a Masters degree in Network Security and is a Certified Information Systems Security Professional (CISSP), an Information Systems Security Engineering Professional (ISSEP), a Certified Ethical Hacker (C|EH), and Cisco Certified Network Associate (CCNA) with Security endorsement.

Joe Voje
CISO of University of Texas Pan American

 

 

 

Ron Baklarz

Ron Baklarz has over twenty years in the Information Security field developing “first-of-a-kind” information security programs within government, military, and private sector organizations including the Naval Nuclear Program, U.S. House of Representatives, Prudential Insurance Company, MedStar Health, and Amtrak. Ron is currently the Chief Information Security Officer at Amtrak and he has held various information security consulting, technical, and operational positions throughout his career.

Ron Baklarz
CISO at Amtrak, Ron Baklarz CISSP,
CISA, CISM, NSA-IAM/IEM

 

 

 

Michael is a Senior Management professional

Michael is a Senior Management professional with an extensive background in Network and Information Security, Data Privacy, Fraud Management, Technical Investigations, Regulatory Compliance and Policy Development, Litigation Preparedness, Enterprise Governance, Risk Management, Computer Forensics and Application Security Threats and Countermeasures.

Currently Michael is based out of the United States and serves as the Lead for Fraud Management and in North America with a focus on Insider Threat Management, Cyber Forensics, Secure Software Development Lifecycle methods and Governance Risk and Compliance solutions.

Michael Woodson
Lead, Fraud Management and Forensics N.A.
at Tata Consultancy Services

 

 

 

Kevin Beaver

Kevin Beaver is an information security consultant, author, expert witness, and professional speaker with Atlanta-based Principle Logic, LLC. With over 24 years of experience in IT, Kevin specializes in performing independent application and network security assessments to help organizations minimize their business risks. He has authored/co-authored 11 books on information security including the best-selling Hacking For Dummies (Wiley). In addition, he’s the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go.

You can reach Kevin through his website www.principlelogic.com, follow him on Twitter at @kevinbeaver and connect to him
on LinkedIn.

Kevin Beaver



Randy Marchany

Randy Marchany has been involved in the computer industry since 1972. He is currently the Virginia Tech Information Technology Security Officer and the Director of the Virginia Tech IT Security Lab. He was a co-author of the FBI/SANS Institute's "Top 10/20 Internet Security Vulnerabilities" document that has become a standard for most computer security and auditing software. He was the co-author of the "Responding to Distributed Denial of Service Attacks" document that was prepared at the request of the White House in response to the DDOS attacks of 2000. He was a coauthor of the Center for Internet Security's series of Security Benchmark documents for Solaris, AIX and Windows2000.

These benchmarks represented the first successful attempt to create a set of consensus documents with detailed steps for implementing system security. He was a member of the White House Partnership for Critical Infrastructure Security working group that developed a Consensus Roadmap for responding to the recent series of DDOS Internet Attacks. He was a recipient of the SANS Institute's Security Technology Leadership Award for 2000. He was a recipient of the VA Governor's Technology Silver Award in 2003. He was part of the team that won the EDUCAUSE Excellence in Information Technology Solutions in 2005. He is a co-holder of a patent for battery based intrusion detection system and has a patent pending for an IPV6 defense tool. He is a member of IEEE, ACM, IIA, EDUCAUSE, SANS Institute, BMI.

Randy Marchany
CISO at Virginia Tech



 

Mr. Gomez-Sanchez

Mr. Gomez-Sanchez has over 16 years of Information Security experience.  He has focused his entire professional life to pursue excellence in the field of Information Security. 
  
Currently, Juan Gomez-Sanchez is the Managing Principal and President of Optima Consulting Services Inc.  Optima Consulting Inc. is a professional services organization exclusively focused on Security Program Management and Security Risk/Compliance Management.  Under Optima Consulting Mr. Gomez-Sanchez has helped clients achieve their security goals by creating comprehensive tactical and strategic security plans, implement such plans and help manage their security programs.  Clients include the Florida’s Turnpike Enterprise (PCI level 1 merchant), Transcom Inc. (PCI certified global service provider - Spain), Kapsch AG (Global provider of technology Services- Austria), Electronic Toll Collection (PCI level 1 merchant – South Africa) and various
smaller clients.

Juan Gomez Sanchez
CEO at Optima Consulting





Mr. Saleem has more than 14 years of experience in the fields of Enterprise and Security Architecture, Forensics and Fraud Management, Cyber Intelligence & Incident Response Management, Enterprise Security and Risk Management, Business Continuity & Disaster Recovery, Governance Risk and Compliance, Policy & Procedures, Cloud Computing, BIG Data & Security Analytics, Networks Infrastructure & Data Centre as well as integrating Systems and Applications. At present I am Chief Information Security Officer (CISO) at Ministry of Health. I am also Program Manager of National e-Health Program responsible for 31 Enterprise Security & Risk Management projects
for the MoH.

Muhammad Saleem
Chief Information Security Officer (CISO)
at Ministry of Health - K.S.A

 

 

 

Michael is a Senior Management professional

Dennis King is the Chief Security Officer and President of Working Security Inc., a Saint Louis provider of information security risk management, compliance, and governance services. Dennis brings over 20 years’ experience working with more than one hundred large and small companies across the globe including Finance, Energy, and Healthcare clients.
He has led development and management of compliance and secure infrastructure solutions at IBM and other IT outsourcing, cloud, and internet service providers, brought
IaaS security services to market, led HIPAA, SSAE-16/SAS70, ISO/IEC 27000, PCIDSS assessments, and managed a variety of forensic investigations.
Dennis holds CISSP, GCFA, C|CISO, PMP and CSM certifications. He earned an MBA from Washington University in St. Louis and a BS in Engineering from Purdue University.

Dennis King
CSO & President of Working Security, Inc.

 

 

 

Michael is a Senior Management professional

Dr. Joe Popinski is an Information Technology & Network Security consultant specializing in enterprise level IT, networking, cyber, and corporate security.  He currently serves as the AVP- IT & CISO for the University of Alabama at Birmingham’s Office of the Vice President for Information Technology.  In this role, he is responsible for Information Security at UAB including security architecture, strategic planning, DR, compliance, cyber security investigations, risk management, security technical monitoring, and other security related functions.

His experiences over the past 45 years range from IT security management, to government defense system technical analyses, to telephone company business/records keeping systems development, to data network management, to information/network/physical security investigations & management, to HIPAA security consulting, to enterprise security consulting, to professional services, to hacker tracking & evidence analysis, and as a network security consulting practice manager.  He recently served as NASA’s Marshall Space Flight Center’s IT Security Manager (contractor) for the Office of the CIO while employed by Dynetics Technical Services for 2 years, and as Director – Network Security Consulting for IE-Dynetics for 11 years.  He retired from BellSouth Telecommunications (30 year career); has served as a Manager in KPMG’s Information Risk Management practice; and as Director of Professional Services Division (Southeast) for Internet Security Systems (ISS) in Atlanta.

Joseph W. Popinski III,
Ph.D. AVP IT & CISO at University of Alabama

 

 

 

Michael is a Senior Management professional

Greg Bee is the Director of Information Security Governance and the Chief Information Security Officer at Country Financial. In his role, Greg is responsible for the implementation and governance of Country Financial's enterprise information security program, including IT compliance and risk activities. Greg has over 25 years of Information Technology experience, with the last 13 years leading the Country Financial enterprise security program as CISO. Greg is responsible for Enterprise Information Security policy and governance decisions to support overall risk management activities. Greg has experience with risk management, governance, vulnerability management, network security, incident response, and IT Security operations. Greg is a C|CISO, CISM, CRISC, and CGEIT. Greg has a Bachelor's degree in Computer Science, a Bachelor's degree in Economics, and a Master's of Business Administration all from Illinois State University.

Greg Bee
C|CISO, MBA, CISM, CRISC, CGEIT,
CLU, CHFC, FLMI, ACS

 

 

 

Robert Hotaling

Robert is the CSO of Cengage Learning a publisher of print and digital information services for the academic, professional and government agencies around the world.  With over 19 years of experience in Info Tech he has worked extensively on a global basis.  He has extensive experience with SOX, PCI, FERPA and GLBA.  Robert has developed and executed the security strategies for several multi-billion dollar businesses.

Before joining Thomson Learning as the CSO he was the Director of Business Systems and Communications for Prometric.  He was responsible for designing and implementing security and communications networks for contact centers/data centers in twelve countries.  Developed and implemented the communication and security models for United Kingdom’s Drive-Safe Agency, and then oversaw government-sponsored systems audits.  Created the strategy to make a critical function ISO 27002 compliant and has managed the security for 4000+ locations in 120 countries. 

He has an MS in Information Technology from The Johns Hopkins University and a BS in Management from The Pennsylvania State University. 

Robert Hotaling
Chief Security Officer,
Cengage Learning
(Formerly Thomson Learning)

 

 

 

 
 
 

 







































The EC-Council CISO Executive Summit 2011 took place from December 5-6th at the M Resort in Las Vegas, NV. Over 40 speakers from the private, public, and government sectors gathered to partake in 13 interactive panel-based discus- sions. This format allowed for networking, knowledge sharing, and continuous learning. Participants and attendees were able to engage in intimate discussions regarding the topics most relevant to high-level executives including man- aging insider threats, cloud compliancy, and structuring and managing an infosec workforce. Lasting relationship and business connections were made during the CISO Summit and at networking events. Continue reading for key take- aways, action items, and highlights from the summit.

Jeff Tutton, President of Global Security and Compliance at Intersec Worldwide, recently lead an interactive panel discussion centered on outsourcing and information security management at EC-Council’s Inaugural CISO (Chief Information Security Officer) Executive Summit in Las Vegas held from Dec 5-6th. Jeff Tutton was joined by Todd Bell, Executive IT Security Advisor, ConnectTech, LCC, Inno Eroraha, Founder & CEO, NetSecurity Corporation, Chris Oglesby, Senior VP, Knowledge Consulting Group, and Edward Ray, CISO, MMICMAN, LLC. The panel discussion addressed the challenges of managing risk and monitoring the outsourcing company’s performance, while complying with recent industry changes such as SAS70 and PCI compliance.
Play the video located below to view the full interactive panel discussion:

 

Global CISO Forum Announced in Wake of LinkedIn Breach

Global CISO Forum to address the increasing demands faced by top-level information security executives. The IS landscape has never been so fraught with attacks as evidenced by the recent LinkedIn password fiasco or by Google sending warnings of state-sponsored attacks to gmail account holders. The Forum, which will take place in conjunction with EC-Council's premier IS conference, Hacker Halted, will focus on bringing together CISOs from around the world to discuss how the constantly changing security challenges affect the day-to-day lives of CISOs from the largest and most prestigious organizations. A few of the topics to be discussed will include integrating wargames into security strategies, recruiting, training, and managing superior security teams; data loss prevention; as well as internally branding and integrating a security program while aligning it with business objectives.
 
The diversity of topics that will be covered hint at the breadth of issues with which an average CISO must contend in order to succeed at keeping their organizations' data safe. "The cybersecurity war is becoming more complicated by the day." says Jay Bavisi, President of EC-Council. Mr. Bavisi went on to say, "EC-Council's Global CISO Forum is an event that aims to bring together the world's best and brightest CISOs to unite against the hackers and share information."
 
One reason for continued breaches, according to the recent Wisegate report, could be the changing role CISOs are playing within their organizations. The report documents how CISOs are now more than ever being charged with an ever-expanding suite of responsibilities ranging from managing the conflicts that arise from the differing goals of IS and business development, to developing privacy policies and disaster recovery plans. The Global CISO Forum aims to address these challenges, partly through formal panel-based discussions, but also by bringing together the top minds in the CISO world and encouraging an atmosphere of best practice sharing.
 
One aspect of the fight for information security that's long been observed in the industry is the tendency for "the bad guys" to do a better job of information sharing than the guardians of the world's information. According to Dave Cullinane, CISO at eBay, "Continuous process improvement is happening on the dark side. Our adversary is sharing information quite effectively. We are not. We must begin immediately to do so - and do it far more effectively than ever before. We need to shift the balance of power back to the Good Guys."
 
For more information and inclusion in the Forum, interested CISOs can apply to attend here: http://www.eccouncil.org/ciso/events
 
Read the full story at http://www.prweb.com/releases/2012/7/prweb9675634.htm To read more please click HERE

CISOs To Huddle In Wake Of LinkedIn Breach, Gmail Warnings

The EC-Council invites security chiefs to get together before Halloween and decide how to bedevil their adversaries.

 
The EC-Council the body behind the Certified Ethical Hacker certification, will convene a Global CISO Forum in Miami on Oct. 29 and 30, open only to a limited number of senior information security executives, to discuss a security landscape that is increasing in complexity and alarming Internet users. Apparently, when attackers start ripping off and decrypting large caches of LinkedIn's hash-encrypted passwords and state-sponsored attacks are a big enough threat to Gmail users that Google has to issue warnings, it's time for the world's CISOs to huddle.
 
The summit, scheduled in conjunction with the EC-Council's IS conference, Hacker Halted, will gather CISOs from the world's "largest and most prestigious" enterprises to talk about how these types of extreme events affect their companies and what to do about it.
 
But what can a forum like this do to prevent data breaches? For one thing, it provides a venue for the exchange of ideas and information. For a long time, attackers have been well-organized and shared information freely. "But due to proprietary, governmental and other borders, we guardians of information do not share information as well as they do," says Amber Williams, manager of strategic initiatives at the EC-Council. "This forum is designed to promote exchange of ideas and discussion, with six to seven experts per panel topic who will elicit a lot of responses from the audience as they go along."
 
That's all well and good, but, according to Danny Lieberman, CTO of Software Associates, most CISOs and infosec professionals already know what needs to be done for appropriate security countermeasures. For example, encryption is a cornerstone of securing data at rest, and our latest InformationWeek Strategic Security Survey recommendation list includes better vetting of service providers.

The problem is getting the CEO to agree.
 
While the EC-Council's Hacker Halted events see increasing attendance year on year, says Williams, the council is capping attendance for the Global CISO Forum at 200. The goal is to make high-level executives feel free to talk about not just best practices but the struggles they have had without fear of hurting their brands, she says.
 
You know the EC-Council is getting serious when it talks about "integrating war games into security strategies." Other topics of discussion planned for the summit include recruiting, training, and managing superior security teams; data loss prevention; and internally branding and integrating a security program while aligning it with business objectives. In fact, the EC-Council says one reason for continued breaches is the conflicts that arise from the differing goals of security and business development teams. The forum intends to address this issue and others not only through panels but also by encouraging an atmosphere of best-practice sharing.
 
It's great that the EC-Council and CISOs are on fire about this. But it's also clear that without approval from the CEO, anything with a price tag that doesn't have demonstrated business value will go nowhere. That is why CISOs should pay special attention to the part about aligning with business objectives.
 
What CISOs should really be asking at this forum, says Lieberman, is how their peers develop a real business case to present to the CEO. How do I put together a threat model and evaluate the risk? How do I get the CFO on board before I go to the CEO?
 
Lieberman illustrates a sample exchange, where the CISO is prepared to say to the CEO, "There is X percent chance someone will steal our company's intellectual property. I have put together a team to evaluate the risk, and that is its finding. It will cost $20 million if this IP theft occurs. I need a couple more employees and $1 million to buy hardware and software to protect that $20 million worth of IP."
 
Better yet, have the CFO on the team that helped put together this analysis, something the EC-Council plans to address. "Because we are inviting mostly C-levels, they will report to a board or another C-level executive," says Williams. "Part of what we want to share is how to brand a security program internally and sell it to the board, C-level executives, and the whole company. And in the case of governments, sell it to the many layers of government workers."
 
Another concern for many security chiefs, says Alan Shimel, managing partner at The CISO Group, is the changing nature of the threat. Many CISOs at work today came into that role during a time when financial fraud and cybercrime were the motives for attacks, says Shimel. "Now we have hacktivists and people who are financially motivated, but instead of looking for personally identifiable information, they're looking for intellectual property," he says. "Due to these different motives, hackers use different attack vectors."
 
Announced speakers for the event include Eddie Schwartz, CISO for RSA; Joe Albaugh, CISO at the Federal Aviation Administration; Ron Baklarz, CISO at Amtrak; and Richard T. Rushing, CISO for Motorola Mobility.
 
To read more please click HERE

Research Proves Best Performing Companies Employ a CISO with a High-Performing Security Program

Research done by SC Magazine proves that organizations that have a Chief Information Security Officer (CISO) have higher profit margins, generate more revenue, and display increased productivity.
 
January 31, 2012, Albuquerque, NM- EC-Council has released a new white paper that gives comprehensive strategies to CISOs on leading a high-performing information security (IS) program. According to research done by SC Magazine, companies that have an active CISO role and high-performing  security program generate more revenue, spend less money, are more productive, and have reduced risks. However, the complexities and challenges of the organization’s infrastructure create daily traps that distract IS teams from carrying out tactical and strategic functions.
 
An effective CISO and well-run information security program can save a company almost 10% of total revenue. SC Magazine’s “Want to Reduce IT Risk and Save Money? Hire a CISO” article cites that this saving in gross revenue is accredited to a decreased risk of data loss and theft. Further, the article cites that the most successful companies that employ a CISO to lead an effective IS program are 10 times less likely to experience costly security breaches.
Todd Bell, Executive IT Security Advisor at ConnectTech, LLC., says “Today’s threat landscape requires CISOs to develop and implement a high-performing information security (IS) program. One of the biggest challenges is not letting the torrent of corporate issues interfere with the overall effectiveness of the IT security team.” Bell, a speaker at EC-Council’s CISO Executive Summit in December 2011, was inspired by his panel role in the “Implementing a High-Performing Information Security Program” discussion and developed a how-to-guide for CISOs on leading a high-performing IS program. To view the White Paper, please go to: http://goo.gl/pxmY5
 
Simply put, CISOs contribute to better business results by ensuring security measures are fully implemented, standardizing and automating procedures, and by taking a strategic role with the organization to make information security a part of a business process.” Affirms Jim Hurley, managing director of Symantec’s IT Policy Compliance Group.
 
EC-Council is committed to providing Information Assurance Executive Professionals with the latest Information Security news and trends from the industry’s leading experts. Readers of this White Paper are also encouraged to look into EC-Council’s Certified Chief Information Security Officer (C|CISO) Certification and EC-Council’s CISO Executive Summit Series. To view the full report complete with key takeaways from the CISO Executive Summit or to attend or speak at upcoming CISO Executive Summits, please click here.  If you would like to receive more information about EC-Council’s Chief Information Security Officer Certification program, please click here.
Contact:
Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)
 
About EC-Council’s Chief Information Security Officer (C|CISO) Certification:
 
C|CISO is the first certification of its kind to equip Information Assurance leaders with the most effective toolset to defend organizations from cyber attacks. It recognizes an individual’s accumulated skills in developing and executing an information security management strategy in alignment with organization goals. Applicants can take advantage of the Grandfather Provision until September 2012. The Grandfather Provision is open to highly-skilled and experienced professionals who can demonstrate and prove proficiency in the 5 C|CISO domains. For more information about C|CISO, please visit: http://www.eccouncil.org/ciso
 
About EC-Council:
 
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT) and Certified Chief Information Security Officer (C|CISO). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. For more information about EC-Council visit www.eccouncil.org, follow @ECCouncil on Twitter, LinkedIn or visit EC-Council’s Facebook page.

Global Increase in Outsourcing Leaves Companies Open to Information Security Breaches

Companies must find ways to manage the benefits and risks of outsourcing as almost two-thirds of Information Technology (IT) infrastructure is predicted to be outsourced within the next 8 years. EC-Council CISO Summit panel discussion suggests that increased information security compliance plans, continuous education, and knowledge sharing may prove to be the best solution.

January 23, 2012, Albuquerque, NM- Global economic troubles have motivated many companies to seek alternative means of conducting business that will cut costs and maximize profits. One of the most popular and effective methods is outsourcing Information Security (IS) infrastructure. According to a recent study commissioned by Savvis, Inc. this number is predicted to increase from 17% to over 64% globally by 2020. Security outsourcing has its benefits; however, it also comes with an array of risks.


Jeff Tutton, President of Global Security and Compliance at Intersec Worldwide, recently lead an interactive panel discussion centered on outsourcing and information security management at EC-Council’s Inaugural CISO (Chief Information Security Officer) Executive Summit in Las Vegas held from Dec 5-6th. Jeff Tutton was joined by Todd Bell, Executive IT Security Advisor, ConnectTech, LCC, Inno Eroraha, Founder & CEO, NetSecurity Corporation, Chris Oglesby, Senior VP, Knowledge Consulting Group, and Edward Ray, CISO, MMICMAN, LLC. The panel discussion addressed the challenges of managing risk and monitoring the outsourcing company’s performance, while complying with recent industry changes such as SAS70 and PCI compliance. To view an interactive video of the panel discussion, please visit: http://goo.gl/SwxEj

The challenges of outsourcing are similar to those you may have with the acquisition (insourcing) process. When acquiring a new company you need to ensure that due diligence has been completed prior to acquisition and integration, as you now will be responsible for the security of that company’s data. This is the same with outsourcing,” said Tutton. “Hire a trusted and qualified third party to complete a thorough evaluation of the outsourcing company. But don’t just stop there, put in place methods and controls to monitor and maintain the security of this data during the entire lifecycle. Trust but verify, and assign responsibility to a qualified person within your organization to manage and maintain oversight of security. Another option is to outsource only the data and systems that you want to end up in the public domain.”

Tutton’s panel discussion presented a detailed overview of the benefits and challenges of outsourcing in respect to Information Security (IS). Globally, over 60% of organizations cite that managing the IT infrastructure domestically does not have any competitive advantages and are planning to move operations offshore. However, many offshore companies do not have the same legal restrictions as the United States. For instance, India, one of the biggest destinations for offshore outsourcing, does not have any data privacy laws. This lax in law enforcement leaves confidential information vulnerable to security breaches.

Last year, Epsilon, a cloud-based email service provider, suffered a security breach that landed up affecting around 75 clients and compromised over 60 million personal names and email addresses. Security breaches such as this can be extremely costly and detrimental to a company’s reputation.

“If an organization is looking to do a large infrastructure outsourcing engagement, the best way to ensure that security is a priority is to build a comprehensive list of security requirements into outsourcing contracts, develop appropriate service level agreements and reporting mechanisms to evaluate security and budget for a review by an independent assessment organization – this will ensure that security always stays top of mind,” said panel speaker Chris Oglesby. “If, however, the decision is to outsource infrastructure and security separately then the security operations should drive the direction and outcomes and create independence between the organizations to meet the client needs.”

In the future, companies need to employ executive IS leaders who will develop methods to adequately protect their IT infrastructure when outsourcing in-house responsibilities. Platforms, such as EC-Council’s CISO Summit Series, provide a means for top-level IS executives to gather and discuss the latest industry challenges. Continuous education and knowledge sharing will provide solutions to the quandaries top-executives face on a daily basis. For more information on upcoming EC-Council CISO Executive Summits, please visit: http://ciso.eccouncil.org/?page_id=4054
 
Contact:
Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council CISO Executive Summit Series:
EC-Council CISO Executive Summit Series strives to unite the top Information Security (IS) leaders across the world in the fight against cyber crime and IS threats, while providing a platform for continuous learning where the most recent Information Security threats and landscape evolution can be discussed and debated.? Designed by EC-Council, the 1st in the CISO Executive Summit Series made its debut in Las Vegas, NV in December 2011. Due to the nature of the discussions, all CISO Summits are closed-door events open only to senior information security executives (C-levels, VPs, Senior Directors, etc.). http://www.eccouncil.org/cisosummit

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT) and Certified Chief Information Security Officer (C|CISO). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. For more information about EC-Council visit www.eccouncil.org, follow @ECCouncil on Twitter, LinkedIn or visit EC-Council’s Facebook page.

http://www.eccouncil.org/ciso/


EC-Council’s Inaugural CISO Executive Summit Develops Guidelines to Address Challenges of 2012’s IT Mantra “Doing More with Less”

High unemployment and increased economic uncertainty has forced top-level Information Security executives to utilize alternative technology and invest in the existing workforce creating an onslaught of new security issues.

January 9, 2012 Albuquerque, NM- The New Year brings an unfamiliar set of challenges for executive-level Information Security (IS) professionals. The troubled economy and increased economic uncertainty has led many to seek alternatives to doing more with less. However, new initiatives such as implementing more cost efficient technology, with cloud computing being top-of-mind for many executives, and investing in existing resources, like the workforce, come with a set of security and training challenges.
These issues were addressed at EC-Council’s Inaugural CISO (Chief Information Security Officer) Executive Summit 2011 in Las Vegas, NV held from December 5-6th. Over 40 prominent top-level executives from the private, public, and government sectors gathered to collaborate on ways to overcome these obstacles. The corporations and agencies included: IBM, Motorola, TransUnion, Abu Dhabi Securities Exchange (ADX), Sallie Mae, Blue Cross Blue Shield, Deloitte & Touche, U.S. Department of Treasury, U.S. Army Reserve and Department of Defense.
The need for increased Information Security arises as executives look for more cost-cutting technology and invest in existing assets to stay competitive in 2012. As Pearl Zhu, CEO, COO, Chairman, and President of Brobay stated in the article 2012 IT Tea Leaf Reading: The Year of Wisdom, “Businesses are facing unprecedented uncertainties, accelerated changes and hyper-competitive global competitions.” Many organizations in 2012 will focus on software automation and cloud solutions, which provide convenience and cost-efficiency.
The topic of responsible implementation of cloud computing in terms of information security was one of the focus areas of the CISO Executive Summit.
Ben Eu, Program CISO at IBM, and Raymond Soriano, Director of Security & Privacy Services and Cyber Threat & Vulnerability Management at Deloitte & Touche, served as co-chairs on the “Embracing the Cloud and Mitigating Surrounding Threats” panel discussion. Summarizing the panel discussion, they stated that in order to mitigate threats posed by the cloud, top IS professionals must:

  • Perform due diligence and consider satisfactory levels of Right to Audit and other measures within contracts.
  • Consult with business to understand the requirements and risk tolerance for cloud solutions.
  • Engage with Internal Audit to help support and drive additional control with cloud solutions applied for the organization.
Another challenge that awaits CISOs in the New Year is ensuring the IS team they lead consists of highly skilled professionals who are ready to mitigate risks associated with cloud computing and other technologies.
 
According to “The IT Skills Gap”, an article written by Andrew Horne, Practice Director at Corporate Executive Board, another one of the CIO’s (Chief Information Security Officer) most serious challenges is the lack of adequate skills in prospective and current IS employees. It is projected that demand for certain roles in the IS field will increase by over 200% within the next 5 years. He goes on to say that, “As key IT skills are in short supply, and the few people with those skills are not going to be pried loose from their current employers, the only option for CIO’s is to develop existing employees.”
Co-chairs of “Structuring and Managing Your Infosec Workforce”, Jerry Chappee, Chief Information Assurance and Operations Officer for the U.S. Army Reserve, and Jeffrey Vinson, Director and CISO of SecureNet Payment Systems, stated that one of the best ways to improve the skills of the existing workforce is by investing in certifications, “Leaders of the organization need to support their people and show them the importance of certifications. More specifically, how the certification directly supports the business and keeps information more secure.”

The CISO Executive Summit created an environment where the most recent IS threats and landscape evolution was discussed and debated. Additional key issues addressed were implementing a high-performing IS program, managing insider threats, and factors with the greatest impact on the IS profession. For a full CISO Summit report including highlights and key takeaways, please visit: http://www.eccouncil.org/ciso/events
 
2012 will have its share of challenges and obstacles to overcome. The tough economic climate and mantra of “doing more with less” will prompt Information Security leaders to come together and share knowledge and ideas. It is the mission of the CISO Executive Summit Series to unite the top Information Security (IS) leaders across the world in the fight against cyber crime and IS threats, while providing a platform for continuous learning where the most recent IS threats and landscape evolution can be discussed and debated.?
 
EC-Council will host a Global CISO Executive Summit on October 29, 2012 in Miami, FL. For more information, please visit: http://www.eccouncil.org/cisosummit.

Contact:
Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)


About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and information security skills. It is the owner and creator of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Chief Information Security Officer (C|CISO) as well as many other programs that are offered in over 80 countries through a global training network of more than 450 training partners. For more information on CISO certification, visit http://www.eccouncil.org/ciso.

CISO Awards Ceremony

EC-Council is proud to announce the finalists for the inaugural CISO Awards Ceremony at the 2013 Global CISO Forum USA! Finalists who are nominated for the awards are below:

Certified CISO of the Year

This award, available only to EC-Council Certified CISOs (C|CISOs), recognizes an individual’s outstanding work in information security. We will be honoring one C|CISO who has contributed to the information security industry, shown tremendous professional growth and achievement, and has promoted strong, innovative security practices.

Mauricio Angée is an Information Security Professional with over 20 years of experience in the Information Technology field with strong focus in Information Assurance, compliance, risk management, and systems certification and accreditation. Mr. Angée currently serves as Vice President of Information Security at Mercantil Commercebank, where is responsible for setting the roadmap and strategy for integrated Information Security solutions. Mr. Angée served as Sr. Manager of IT Security and Compliance acting as Chief Information Security Officer (CISO) at Universal Orlando Parks and Resorts where he was responsible for the Information Security operations, IT compliance, and risk management.

He also served as Information Systems Security Officer (ISSO) at Harris Corporation supporting the Federal Aviation Administration (FAA) Telecommunications Infrastructure (FTI) and the US Census Bureau. In his ISSO role, he successfully coordinated the security certification and accreditation activities, and developed the incident response capabilities.

Mauricio Angée
MS, CISSP VP,
Information Security Manager

 

 

 

 

Ron Baklarz

Ron Baklarz has over twenty years in the Information Security field developing “first-of-a-kind” information security programs within government, military, and private sector organizations including the Naval Nuclear Program, U.S. House of Representatives, Prudential Insurance Company, MedStar Health, and Amtrak. Ron is currently the Chief Information Security Officer at Amtrak and he has held various information security consulting, technical, and operational positions throughout his career.

Ron Baklarz
CISO at Amtrak, Ron Baklarz CISSP,
CISA, CISM, NSA-IAM/IEM

 

 

 

 

Ashish is the Chief Information Security Officer for Tesco HSC. In this role he is responsible for Information Security and Business Continuity for Tesco HSC that supports 14 countries where Tesco operates globally. He has over 12 years of industry experience across Information Security Governance, Audit & Compliance, Risk Management, Physical Security, Corporate Investigations and Computer Forensics.

He is a leading security evangelist and past speaker in C0C0N, OSAC, ACSG, ICSC etc. His efforts have been well recognized within the organizations he has worked for and across the industry. He is the winner of Top 100 CISO Awards for consecutive years 2012 and again 2013, and was instrumental in winning Security Strategist Awards 2005 in IT/ITES category, in addition to numerous organizations’ awards.

Ashish Chandra Mishra
Chief Information Security Officer
(CISO) at Tesco HSC

 

 

 

 

 

Paul Horn

Paul Horn joined DynCorp International LLC (DI) in 2011 as the Logistics Civil Augmentation Program (LOGCAP IV) Cybersecurity Manager under the direction of the U.S. Army in support of international contingency operations and since then has assumed management responsibility for all DI Cybersecurity. Paul joined DI from the Drug Enforcement Administration’s Aviation Division where he led the Vulnerability Management group. A veteran with more than 15 years of experience in the government and healthcare industry, Paul served in the U.S. Air Force as a Special Agent with the Air Force Office of Special Investigations, worked at the National Finance Center’s disaster recovery facility during Hurricane Katrina and at Texas Health Resources one of the largest health care providers in United States.

He earned an Associate’s degree in Criminal Justice from the Community College of the Air Force, a diploma in Network & Internet Security Administration from the Computer Learning Network in Mechanicsburg, PA, a Bachelor of Science in Business Administration and a Master’s of Science in Information Systems Security from Colorado Technical University in Colorado Springs, CO.
Paul also holds the C|CISO, CISSP, CISM and CRISC certifications.

Paul Horn
C|CISO, CISSP, CISM, CRISC

 

 

 

Mr. Frank Kai Fat Chow is currently the Senior Manager of Automated Systems (HK) Ltd., a listed Hong Kong company offering professional information technology services to corporate clients in the Greater China and the Asia Pacific region. Frank has more than fifteen years of extensive consulting experience in the information security industry in Asia-Pacific.

He currently leads a team of professionals in the delivery of information security risk management, security operation center, and business continuity services to a variety of clients. He is an advocate of a number of international leading practices, such as implementing ISO27001 information security management, ISO20000 IT service management, and BS25999 business continuity management standard for various local and multinational companies. He is a high profile speaker for major industry events and training sessions.

Frank Kai Fat Chow
CISSP-ISSAP, ISSMP, CSSLP
Senior Systems Manager
Automated Systems (HK) Ltd.

 

 

 

 

Mike is the CEO Founder of the Ascot Barclay Cyber Security Group and co-founder of Executive Risk Magazine – Cyber Security & Risk for Executives. Former Chairman and current Trustee on the board for AGE (UK) Hounslow (Charity - Not for Profit).

He is also Director for Learning at the ISSA (UK) CISO Security Leadership Academy (www.issa-uk.org) and is an executive member on pan government advisory boards and technology forums advising Ministers on security related matters.

Mike Loginov
C|CISO FRSA FInstSMM CEO ABG,
Executive Risk Magazine Founder,
UK Partner SecPoint

 

 

 

 

Silas Mohale is a South African based professional and specializes with IT audit, IT security, IT governance, and IT risk and compliance management, with hands-on experience in excess of 10 years. He holds a Bachelor of Commerce (Informatics/Information Systems) degree from the University of Pretoria, one of South Africa’s leading, academic institutions in higher learning and research.

He’s currently studying towards completing the MBA degree with the University of Pretoria’s Gordon Institute of Business Science, also a South African based leading institution in academic research and learning.

Silas Mohale
IT Audit,Systems & Process Assurance,
PricewaterhouseCoopers South Africa

 

 

 

 

Rakesh Radhakrishnan Principal Architect Specialist

Rakesh Radhakrishnan is a Principal (Information Security) Architect Specialist at AMGEN. He has a total of 25 years of experience in IT and 15+ years in Information Security covering all 5 domains of the CISO program. Rakesh is extremely passionate about “Aligning Aspired (Target ESA) with Applied Architecture” and he believes in the critical nature of the partnership and teamwork between the Chief Security Architect office of an Organization and the CSO office. All the Architecture Assessments, Target ESA definitions/designs, innovation, solution design, integration models, problem solving (predicting future issues/problems as well), design patterns and reusable code/artifacts produced by Security Architects can ONLY be put to good use if it is aligned with the CSO programs associated with governance, empowerment, program management, policy & standards, compliant SW acquisition, organizational structuring and so on. Hence he truly enjoys the ISACA COBIT 5 model for Information security that addresses the governance challenges of IS along with SEI’s Architecture Led Program Management for Architecture led governance and acquisition management.
His blog is at: http://identity-centric-architecture.blogspot.com/

Rakesh Radhakrishnan
Principal (Information Security)
Architect Specialist at AMGEN

 

 

 

 

CIO of the Year

This award, available only to Chief Information Officers (CIOs) recognizes an individual’s outstanding work in information security. Good CISOs know that security cannot be achieved without the support of management.

Dwayne Melancon is Tripwire's Chief Technology Officer

Tim is a Chief Information Officer (CIO) / IT Transformation Director with a proven track record of success within the Global Corporate Enterprise, Outsourced, Managed Services, Utility Services, Construction, Security Services, Central / Local Government, Technology, Consultancy, Telecoms, SME, Financial, Retail, Mining, Oil & Gas and Commercial markets.

Tim is currently responsible for ICT for G4S Risk Management, a leading global provider of Security Services including Risk Mitigation / Consulting, Close Protection, Ordnance Management and holistic Security integrated solutions for global clients operating in complex or sensitive environments (e.g. Iraq, Afghanistan, Sudan, Mozambique etc.)

Tim Grieveson
Chief Information Officer (CIO),
IT Transformation Director

 

 

 

CISO of the Year

This award, available only to Chief Information Officers (CIOs) recognizes an individual’s outstanding work in information security. Good CISOs know that security cannot be achieved without the support of management.

 

Justin Dolly is the Vice President & Chief Information Security Officer at ServiceNow Inc

Justin Dolly is the Vice President and Chief Information Security Officer at ServiceNow Inc. In this role he provides strategy and vision for all Information Security-related initiatives at ServiceNow ensuring the integrity, availability and security of information, intellectual property, infrastructure, platform and users for the global organization. He also leads compliance and risk management initiatives. Most recently Justin was the Chief Information Security Officer at VMware Inc., where he was responsible for developing and leading for all Information Security-related programs and initiatives. Previously Justin held various security and technology leadership roles at Kaiser Permanente (2010-2011), CNET/CBS Interactive (2006-2010) and at Macromedia (2000-2006). In the late 1990s, Justin held a variety of technical and engineering positions at Wells Fargo Bank.
He has more than 15 years of experience in information, infrastructure, web and application security, and network engineering and design and is respected as a visionary leader within the Information Security industry. Justin holds a Bachelor of Arts degree from the National University of Ireland.

Justin Dolly
Vice President & Chief Information
Security Officer at ServiceNow Inc

 

 

 

 

 

 

 

 

Dwayne Melancon is Tripwire's Chief Technology Officer

Nikesh is a specialist in the field of Information Security. With more than 15+ Years of experience in IT Assurance engagements like IS Security, IS Audits, IT Governance, Risk and compliance, he has a wide range of experience spanning the Infosec and GRC space.

Having worked in different continents, it's given him the opportunity to look at the core drivers, industry challenges, stakeholder expectations and workable solutions and approaches for the GRC and Infosec programs.
Nikesh is associated with AGC Networks Inc. and can be reached at
nikesh.dubey@agcnetworks.com / nikesh.dubey@gmail.com

Nikesh Dubey
CISSP,CISA,CISM,CRISC at
AGC Networks inc.

 

 

 

Goetz

Goetz joined Constellation Energy/Exelon in August 2009. Prior to that, Goetz was the Chief Operating Officer of i2S, Inc., a professional services company whose clients included various agencies within the U.S. Intelligence Community from 2007-2009.  Goetz guided i2S through a successful M&A process, culminating in its sale.  During his 20-plus-year tenure as an FBI Special Agent, Goetz was detailed to the Central Intelligence Agency’s (CIA) Counterterrorism Center. He led the CIA team investigation into the August 7, 1998, bombing of the U.S. Embassy in Nairobi, Kenya.  He was chief of the FBI’s Legal Attaché Office in Germany from 2000-2005 and was instrumental in the 9/11 investigation of the Al-Qaeda terrorist cells in Germany.  Goetz also established and headed the FBI’s Baghdad Office in 2005.  Upon returning to the United States, he was put in charge of the FBI Baltimore Office’s Counterterrorism, Counterintelligence and Cyber Programs. Before retiring, he was the Acting Section Chief of the Office of International Operations, FBI Headquarters, where he had responsibility for all FBI overseas offices.

Goetz
Chief Operating Officer of i2S

 

 

 

Dwayne Melancon is Tripwire's Chief Technology Officer

Sanath Manatunge is the Chief Risk Officer (CRO) at Commercial Bank of Ceylon Plc., the largest private sector bank in Sri Lanka. He counts over 24 years of banking experience at Commercial Bank, having held senior positions such as Head of Credit Risk and Chief Manager – Corporate Banking prior to being appointed as the CRO. Sanath was instrumental in the Bank introducing a dedicated, independent IT Risk Management Function under the Integrated Risk Management Department in 2012 becoming the pioneering local Bank to undertake such initiative, in the absence of a specific CISO role in Sri Lanka.

This initiative has contributed greatly in strengthening the information security and operational risk management strategy of the Bank creating the “second line of defense” to the existing third line of defense of the IT function; i.e. the IS Audit Compliance function.

Sanath Manatunge
Chief Risk Officer,
Commercial Bank of Ceylon Plc

 

 

 

Mr. Saleem has more than 14 years of experience in the fields of Enterprise and Security Architecture, Forensics and Fraud Management, Cyber Intelligence & Incident Response Management, Enterprise Security and Risk Management, Business Continuity & Disaster Recovery, Governance Risk and Compliance, Policy & Procedures, Cloud Computing, BIG Data & Security Analytics, Networks Infrastructure & Data Centre as well as integrating Systems and Applications. At present I am Chief Information Security Officer (CISO) at Ministry of Health. I am also Program Manager of National e-Health Program responsible for 31 Enterprise Security & Risk Management projects
for the MoH.

Muhammad Saleem
Chief Information Security Officer (CISO)
at Ministry of Health - K.S.A

 

 

 

 

Dwayne Melancon is Tripwire's Chief Technology Officer

Gary Sheehan is the Chief Security Officer of ASMGi and directs the firm’s GRC services practice. Gary possesses over 25 years of information security experience and has held a variety of information security and technology positions since 1977. As CSO of ASMGi, Gary has direct responsibility for all security matters of the organization, including information security, client data security, and data center security.

As Director of GRC Services, Gary is responsible for managing the design, delivery and implementation of governance, risk, security and compliance solutions that meet customer needs and keep pace with the constantly evolving regulatory and security requirements.

Gary Sheehan
CSO, Director, GRC Services at ASMGi,
Executive Director at
Information Security Summit

 

 

 

Awards Ceremony

This prestigious awards ceremony will take place at the Global CISO Forum in Atlanta on September 19 – 20, 2013. Winners in each category will be announced at the awards ceremony.

To get started, please fill out the form below and follow the instructions for nomination.

 





255 Courtland Street NE
Atlanta, Georgia, 30303
Hotel class: 4 stars

Global CISO Forum attendees pay only $149 per night. Please Click Here to get registered.




Enjoy a stay at the Hilton Atlanta hotel, located in the heart of the city, within walking distance to several world-famous attractions. Settle in to a contemporary guest room with thoughtful amenities for work and relaxation and WiFi. Studios are ideal for executives or families looking for extra space. All 70 Executive Level guest rooms are decorated in a modern style with upgraded furnishings and expanded amenities including private check-in, concierge, complimentary internet access and Executive Lounge access with continental breakfast, evening cocktail hour and hors d’oeuvres.
Hold business meetings and conferences in more than 119,000 sq. ft. of flexible function and event space at this downtown Atlanta hotel. Enjoy intense flavors and tastes, fresh ingredients and an elegant ambiance with a view overlooking Atlanta’s starlit skyline at Nikolai’s Roof restaurant. The Point of View lounge adjacent to Nikolai’s Roof offers classic cocktails and a cozy atmosphere. Experience Polynesian cuisine at Trader Vic’s and sample the extensive list of island-inspired cocktails at the Mai Tai Bar. Marketplace is our 24-hr café serving gourmet food items, Starbucks® coffee and Krispy Kreme® donuts. The hotel also offers meals-to-go for your flight or drive home.
 



Enquire Online About Advanced Security Training Programs


Should you have any queries pertaining to the event, or wish to discuss partnership opportunities,

please contact: Amber Williams amber.williams@eccouncil.org
For more information and news updates, connect with us via Social Media or our Mailing List.
We look forward to hearing from you!


 


 















Registation Form