2009 Speakers

Home

KEYNOTE SPEAKERS BIOS

Morning Keynote: Strategies for Managing Risk and Thriving in a Dynamic Environment

Gail Coury

Vice President, Risk Management, Global IT, Oracle

Gail has over twenty years experience in information security infrastructure systems and network management, security technical consulting, information systems auditing, and programming. Industries include enterprise application software, airline reservation systems, insurance, banking, and retail sales.

Gail leads the risk management function for Oracle Global IT. This includes Security Strategy, Security Solutions, Threat & Vulnerability Management, Security Services, and Audit & Compliance. She is the former CISO for PeopleSoft and former CISO for J.D. Edwards.

Gail received her bachelor’s degree in Management Science and Computer Science from Clarke College. She is an alumnus of the Stanford Executive Program of the Graduate School of Business at Stanford University.

Afternoon Keynote: Why We Must Develop a New Model for Collaboration in Cyber Security: A Perspective on America's Innovation Crisis

Pascal Levensohn

Founder and Managing Partner

Levensohn Venture Partners

Pascal Levensohn has twenty-eight years of experience as finance professional and has led Levensohn Venture Partners (LVP) since 1996. At LVP, Pascal and his four partners focus on investing in Intelligent Infrastructure, specializing in emerging Security (homeland, cyber, and physical), Digital Media, and Cleantech (GreenIT) companies. LVP's current security investments include BigFix and ShotSpotter.

A frequent speaker on venture capital industry trends, Pascal has been outspoken in 2009 in bringing attention to the innovation crisis in America and its particular impact on cyber security. He has recently both moderated and served as a panelist at important forums on this topic ranging from the Security Innovation Network’s (SINET’s) IT Security Entrepreneurs’ Forum (ITSEF III) to BlackHat, joined by experts on innovation from the government intelligence community, the US military, academia, and entrepreneurs. Transcripts of his public remarks on the innovation crisis to the DHS CATCH conference (March 2009) and at the SINET event at the National Press Club in Washington, D.C. (June 2009) are available at www.levp.com.

Pascal has been a director of the National Venture Capital Association since 2007 (www.nvca.org) and currently serves as the Chairman of the NVCA’s Education Committee. He is the principal author of three authoritative white papers on best practices for VC-backed company boards which are now part of the curriculum at institutions, including the Harvard Business School, the Stanford Graduate School of Engineering Management, and The Kauffman Fellows Program. In 2009, Pascal joined the board of directors of the Security Innovation Network http://www.security-innovation.org/.

Pascal is a member of the Council on Foreign Relations (www.cfr.org ). He is a former co-chairman of the Aspen Institute’s Socrates Society (http://www.aspeninstitute.org/seminars/socrates-society-seminars). Pascal received a BA in Government from Harvard University.

INNOVATION CRISIS PANEL SPEAKERS BIOS

Moderator: Innovation Crisis/Gap Panel

Robert D. Rodriguez

Chairman and Founder of the Security Innovation

Network www.security-innovation.org a 501 (c) (3) non-profit focused on the advancement of IT security innovation through collaboration. Previous to this he spent over twenty-two years as a Special Agent with the United States Secret Service. During this tenure he held a number of leadership roles within Executive Protection, Protective Intelligence and Criminal Investigations. He served as a supervisor on the Presidential Protective Detail, Counter Assault Team, Protective Intelligence and Criminal Investigation operations. His executive protection experience include 11 years at the White House serving Presidents Ronald W. Reagan, George H. Bush, William J. Clinton, George W. Bush, Vice President Dan Quayle and numerous Heads of State.

For the last two and a half years of his career Mr. Rodriguez managed Secret Service operations for the Northern District of California and spearheaded the development of the Secret Service’s first public-private partnership cyber initiative in the Bay Area. He was at the forefront of the Department of Homeland Security’s (DHS) effort to establish partnerships with key government; public, private and international stakeholders relative to the IT security of their critical infrastructures. In 2003 Mr. Rodriguez chaired a DHS and Secret Service sponsored National IT security symposium at Stanford University and he continues to lead executives of Fortune 500 companies to engage in public-private partnerships. Since 2005 he has been coordinating the public private partnership outreach for the DHS SRI International Cyber Security R & D Center. As an advisor to these programs Mr. Rodriguez brings together representatives from disparate groups (academia, science, private industry, investment banking, government, system integrators, intelligence communities, entrepreneurs, policy makers, innovators, DoD, law enforcement and venture capital) to collaborate on IT security challenges and needs. He was the catalyst behind private industries input towards the design of a Computer Security academic module/curriculum for Stanford University and assisted in the coordination of a National Science Foundation supported academic internship program with industry partners. He is the Chairman of IT Security Entrepreneurs’ Forum (ITSEF) held every year at Stanford University. The ITSEF is designed to educate, create awareness and social networks that assists in the acceleration of IT security solutions into the commercial and government markets. In 2008 he was tasked by DHS – NCSD – US CERT to assist in the coordination of the annual DHS GFIRST Conference and is an advisor to TRUST, a NSF trusted computing grant program that includes seven of our nation’s top universities. Mr. Rodriguez is presently coordinating a working group comprised of Stanford University’s Business and Computer Science Schools in conjunction with industry CISOs towards the development of a risk metrics model for cyber security.

Mr. Rodriguez believes in mutually beneficial trust based relationships that are both top-down and bottom up. He presently serves on the Board of Directors for the San Francisco Emerald Bowl, Crimestoppers, Boys and Girls Club and Santa Clara Goodwill Industries. He is on the Gartner Information Security Summit Advisory Board and is a certified graduate of the Federal Government’s Senior Executive Service Program. Mr. Rodriguez is one of six recipients of the 2009 CSO Magazine CSO Compass Award in recognition of outstanding leadership in the security field. The CSO theme this year is "Raising the Bar" and recognizes honorees who have helped improve security's effectiveness and standing in the business world.

Panelist: Innovation Crisis/Gap Panel

John Stewart

Chief Security Officer at Cisco

Mr. Stewart provides leadership and direction to multiple corporate security and government teams throughout Cisco, strategically aligning with business units and the IT organization to generate leading corporate security practices, policies, and processes. His organization focuses on global information security consulting and services, security evaluation, critical infrastructure assurance, eDiscovery, source code security, identification management, as well as special programs that promote Cisco, Internet, and national security. Additionally, he is responsible for overseeing the security for Cisco.com—the infrastructure supporting Cisco’s more than $35 billion business.

Mr. Stewart’s longstanding career in information security encompasses numerous roles. He was the Chief Security Officer responsible for operational and strategic direction for corporate and customer security at Digital Island. Mr. Stewart has served as a research scientist responsible for investigating emerging technologies in the Office of the CTO at Cable & Wireless America. He has professional experience in software development, systems and network administration, and is a software specialist, author, and instructor.

Throughout his career, Mr. Stewart has been an active member of the security industry community. He served on advisory boards for Akonix, Cloudshield, Finjan, Ingrian Networks, Riverhead, and TripWire, Inc. Currently, Mr. Stewart sits on technical advisory boards for Panorama Capital (formerly JPMorganPartners Venture), RedSeal Networks, and Signacert, Inc. He is on the board of directors for KoolSpan, Inc., and a member of the CSIS commission on cyber security for the 44^th Presidency.

Mr. Stewart’s publications and recent speaking engagements include:

Author, Securing Cisco Routers Step by Step
Co-author, Internet WWW Security FAQ, found online at the W3C
U.S. Dept. of Veterans Administration Information Security Conference, 2009, Washington, D.C.
Colloquium for Information Systems Security Education, 2009, Seattle, WA
RSA Conference, 2009, San Francisco, CA
Visa Security Summit, 2009 Washington, D.C.
NATO Information Assurance Symposium, 2008, Brussels, Belgium
International Conference of the Institute of Internal Auditors, 2008, San Francisco, CA
FIRST 20th Annual Conference, 2008, Vancouver, British Columbia
American Conference Institute Data Breach & Identity Theft Conference, 2008, Washington, D.C.

Mr. Stewart holds a Master of Science Degree in Computer and Information Science from Syracuse University, Syracuse, New York.

Panelist: Innovation Crisis/Gap Panel

Audrey MacLean

Professor at Stanford University

Prof. MacLean has a unique track record for entrepreneurial success as a founder, CEO, seed investor, and board member. She has been on the Midas Touch list by Forbes and listed by BusinessWeek as one of the 50 most influential business women in America. She was also featured by Forbes in a cover article on Angel Investing.

MacLean has over three decades of combined experience in the computer and communications industries. She was a founder of Network Equipment Technologies which went public in 1987 and later co-founded and was CEO of Adaptive which merged with NET in 1993.

Building on her own entrepreneurial success, MacLean has been instrumental in helping to launch and grow successful companies through her work as a mentor capitalist and as a professor of entrepreneurship. The companies she has seed funded which have gone public include: Pure Software, Pete's Brewing Company, AdForce, dsl.net, and Selectica. Successful acquisitions include: Avidia/PairGain, Firefly/Microsoft, InternetMiddleware/NetworkAppliance, Amplitude/CriticalPath, specialtyMD/Chemdex, Gigabeat/Napster, Achieva/Kaplan, Ironport/Cisco and Centrality/SiRF. Other start-up portfolio companies include: Servo, Finesse, Future Point, Limelife, Loopt, Open Lane, Skybox and Coraid. MacLean is also an affiliate and advisor to a number of leading Venture Funds.

In her teaching capacity at Stanford, she is the lead professor for the Technology Venture Formation course in the Stanford Technology Venture Program in the School of Engineering. She is also a contributor to the annual STVP roundtable of university leaders from top technical institutions nationwide. MacLean also serves as a board member of the Kauffman Fellows Program, The University of Hawaii Maui College, and Santa Clara University's Center for Applied Ethics.

Panelist: Innovation Crisis/Gap Panel

David Rice

Director for Policy Reform at U.S. Cyber Consequences Unit

David Rice is an internationally recognized cybersecurity expert, Consulting Director for Policy Reform at the U.S. Cyber Consequences Unit, and author of the critically acclaimed book Geekonomics: The Real Cost of Insecure Software. Mr. Rice is a key figure shaping the discussion in cybersecurity and his work informs decision makers worldwide. As Director of The Monterey Group, a private consulting firm, Mr. Rice advises a variety of clients on a range of issues including: cybersecurity strategy development and execution, corporate cyber risk management, cybersecurity performance metrics, identity management, and secure software development practices.

Prior to private industry, Mr. Rice served as an analyst for the National Security Agency and Special Duty Cryptologic Officer for the United State Navy. The U.S. government recognized and awarded Mr. Rice for “significant contributions” to the Department of Defense and the National Security Agency for developing security configuration and design guidance for critical national infrastructure and global networks. The Department of Defense, praises "(his) expertise in vulnerability discovery and countermeasure design,” designating it “exceptional and world class." The DoD commended Mr. Rice for “providing critical configuration and policy guidance on current and emerging technologies, aiding decision makers and protecting sensitive information systems worldwide”.

BUSINESS TRACK SPEAKERS BIOS

Speaker: The Economics and Value of IT Security

Dr. Eugene Schultz

Chief Technology Officer at Emagined Security

Dr. Eugene Schultz, CISM, CISSP, is the Chief Technology Officer at Emagined Security, an information security consultancy based in San Carlos, California. He is the author/co-author of five books, one on Unix security, another on Internet security, a third on Windows NT/2000 security, a fourth on incident response, and the latest on intrusion detection and prevention. He has also written over 120 published papers. Gene was the Editor-in-Chief of _Computers and Security_ from 2002 - 2007, is currently on the editorial board for this journal, and is an associate editor of _Network Security_. He is also a member of the editorial board for the SANS NewsBites, a weekly information security-related news update, co-author of the 2005 and 2006 Certified Information Security Manager preparation materials, and is on the technical advisory board of three companies. Gene has previously managed an information security practice as well as a national incident response team. He has also been professor of computer science at several universities and is retired from the University of California at Berkeley. He has received the NASA Technical Excellence Award, the Department of Energy Excellence Award, the Information Systems Security Association (ISSA) Professional Achievement and Honor Roll Awards, the ISACA John Kuyers Best Speaker/Best Conference Contributor Award, the Vanguard Conference Top Gun Award (for best presenter) twice, the Vanguard Chairman's Award, and the National Information Systems Security Conference Best Paper Award. Additionally, Gene has been elected to the ISSA Hall of Fame. While at Lawrence Livermore National Laboratory he founded and managed of the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC). He is also a co-founder of FIRST, the Forum of Incident Response and Security Teams. He is currently a member of the accreditation board of the Institute of Information Security Professionals (IISP). Dr. Schultz has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases.

Moderator: Threats - the cyber-crystal ball, what we can expect in the future

Mary Ann Mezzapelle, CISSP, CSSLP
Chief Technologist – Security Services, Office of the CTO

Mary Ann Mezzapelle is the Chief Technologist for Security Services at EDS, an HP company. She is responsible for technology strategy and planning for the EDS security services. She has 27 years business experience applying advanced information technology capabilities for high business value impact serving clients in several industries such as financial, insurance, energy, transportation and manufacturing.

Ms. Mezzapelle has certifications in CISSP and CSSLP. She is an active member of the San Francisco Bay Area chapter of the Information Systems Security Association (ISSA) and InfraGard. At ISSA, she has held several board positions including president, programs director and recording secretary. She contributes to the security community as a planner for Cornerstones of Trust, domain coach for the CISSP study groups and conference speaker.

She also serves on the local walk committee for the Juvenile Diabetes Research Foundation (JDRF).

Ms. Mezzapelle holds a bachelor of science degree in Computer Science from the University of Alabama at Birmingham.

Panelist: Threats - the cyber-crystal ball, what we can expect in the future

Connie Sadler

Director of Information Security at Lucile Packard Children's Hospital

Connie Sadler is the Information Security Officer at Lucile Packard Children's Hospital at Stanford, where she plays a significant role in policy development, compliance, user awareness and training, and the overall protection of sensitive and confidential information. Connie also does a seminar on Identity Theft, and is active in Educause, ISACA and HIMSS. Connie has been in the Information Security community for over 20 years, and has security and compliance experience in higher education, research, government, health care, and aerospace and defense. She says that she isn't the most technically savvy person in the field by any means, but experience, common sense, and an ability to understand people really help her to predict behavior, and behavior observation is what allows us to predict the future to the extent that we can.

Panelist: Threats - the cyber-crystal ball, what we can expect in the future

Manish Gupta

VP of Product Management at McAfee

Manish Gupta is a marketing and business development executive with more than 14 years of experience in technology marketing for products in networking, security, and application software for both enterprise and service provider markets. Manish is the VP of Product Management at McAfee responsible for the Network IPS (IntruShield) product line. Prior to McAfee, Manish was the VP Product Management and Business Development for iPolicy Networks, a startup in the UTM (Unified Threat Management) space. At iPolicy, Manish's key accomplishments include growing the business from scratch to a peak of $10M annualized run rate, raising more than $20M in venture capital, and achieving the "visionary" status in Gartner's magic quadrant. He also led various business development initiatives at iPolicy leading to the exit of the company.

Prior to iPolicy, Manish held product management and product marketing leadership roles at Symbol Technologies and Redback Networks. His formative product management years were spent at Intel, with a brief tenure at Intel Capital and Cheyenne Software. Manish holds a bachelors in engineering from Delhi College of Engineering in India, a masters in engineering from University of Maryland and an MBA from Northwestern's Kellogg Graduate School of Management where he was an Austin scholar.

Panelist: Threats - the cyber-crystal ball, what we can expect in the future

John F. (“Jack”) Bennett
Supervisory Special Agent, FBI’s San Francisco Division

Supervisory Special Agent John Bennett's career in Law Enforcement spans 23 years. The past 11 years he has served as a Special Agent with the FBI. His distinguished career includes leadership in diverse programs such as Organized Crime, Domestic Terriorsim, and Weapons of Mass Destruction. Agent Bennett is acknowledged as a world expert in the field of Child exploitation matters and Crimes against children. He led the FBI Innocent Images Program at the National Center for Missing and Exploited Children and set up global taskforces with Interpol. He currently leads the Criminal Cyber Squad in the San Francisco Division.

Speaker: Head in the clouds, feet on the ground - The business side of security in the cloud

Tim Mather

Tim is currently pursing a graduate degree in information assurance full-time. Most recently, he was the Chief Security Strategist for RSA, The Security Division of EMC, responsible for keeping ahead of security industry trends, technology, and threats. Prior to that, he was Vice-President of Technology Strategy in Symantec’s Office of the Chief Technology Officer, responsible for coordinating the company’s long-term technical and intellectual property strategy. Previously at Symantec, he served for nearly seven years as Chief Information Security Officer (CISO). As CISO, Tim was responsible for development of all information systems security policies, oversight of implementation of all security-related policies and procedures, and all information systems audit-related activities. He also worked closely with internal products groups on security capabilities in Symantec products.

Prior to joining Symantec in September 1999, Tim was the Manager of Security at VeriSign. Additionally, he was formerly Manager of Information Systems Security at Apple Computer. Tim’s experience also includes seven years in Washington, D.C. working on secure communications for a classified, national-level command, control, communications, and intelligence (C3I) project, which involved both civilian and military departments and agencies.

Tim is a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Manager (CISM). He holds Masters Degrees in National Security Studies from Georgetown University, and International Policy Studies from Monterey Institute of International Studies. Tim holds a Bachelor’s Degree in Political Economics from the University of California at Berkeley.

Speaker: Head in the clouds, feet on the ground - The business side of security in the cloud

Subra Kumaraswamy

IT Security Office, Sun Microsystems

Subra Kumaraswamy has more than 19 years of engineering and management experience in Information Security, Internet and Ecommerce Technologies. He is currently leading a Identity & Access Mgmt program within Sun IT Security Office. Subra's past roles include Entrepreneur, Software Engineer, Security Consultant at Accenture, Netscape and Lycos. In his past time, Subra researches emerging technologies such a cloud computing to understand the security and privacy implications for users and enterprises. Subra is one of the three author sof "Cloud Security & Privacy" book (to be published by O'Reilly in September 2009). Subra has a Masters degree in Computer Engineering and is CISSP certified.

LEGAL TRACK SPEAKERS BIOS

Mock E-Discovery Court Hearing, Panel: Top Forensics Do’s and Don’ts/New California E-Discovery Act

Hon. Richard A. Kramer II

Judge, Superior Court, City and County of San Francisco

Judge Richard Kramer was appointed to the San Francisco Superior Court by Governor Pete Wilson in December, 1996. He presided over a felony trial department for five years, then a general civil trial department. Since 2002, he has been assigned to the San Francisco Superior Court Complex Litigation Department. He also served as a justice in the Appellate Division of the Superior Court for three years and as a Justice Pro Tem in the Court of Appeal. Judge Kramer is an Adjunct Professor of Law at the University of California, Hastings College of the Law.
Before becoming a judge, Kramer was a commercial trial lawyer at Steefel, Levitt & Weiss in San Francisco.

Mock E-Discovery Court Hearing, Panel: Top Forensics Do’s and Don’ts/New California E-Discovery Act

David G. Townsend Sr.

Security Team Member at Kaiser Permanente

Dave Townsend is a recognized authority on computer forensics and Cyber crime investigation, with more than 20 years of police & detective experience including many high profile assignments with the Silicon Valley High Tech Crimes Task Force and the FBI.

Dave is a former member of the FBI REACT Task Force where he investigated numerous high technology crimes as well as developed, designed and implemented training to investigators and staff on tools, resources and investigative techniques in computer crime. Dave is part of Kaiser Permanente's Information Security Team where he provides computer forensics support, ESI data collection and incident response.

Mock E-Discovery Court Hearing, Panel: Top Forensics Do’s and Don’ts/New California E-Discovery Act

Attorney Stephen Wu

Partner, Cooke Kobrick & Wu LLP

Stephen Wu is a partner in the Silicon Valley law firm Cooke Kobrick & Wu LLP. He advises clients concerning e-discovery, electronic records retention, digital evidence, and legal matters relating to information security, privacy, and ecommerce. His litigation practice also includes trade secret, copyright, trademark, and general commercial litigation matters. Finally, Mr. Wu acts as outside general counsel to Silicon Valley startups and technology companies, handling licensing, marketing agreements, and other technology transactions.

Mr. Wu is Chair-Elect of the American Bar Association’s Section of Science and Technology Law. In addition, from 2001 to 2004 he was Co-Chair of the Section’s Information Security Committee. He is a 1988 graduate of Harvard Law School and, before starting his private practice, was the second in-house attorney at VeriSign, Inc. At VeriSign, he was in charge of the company’s worldwide security and legal policies and practices governing its digital certification information security services. Before VeriSign, Mr. Wu practiced with two large law firms in the areas of intellectual property, commercial, and general litigation, as well as technology licensing and transactions. Mr. Wu has authored or co-authored five books on information security law.

Mock E-Discovery Court Hearing, Panel: Top Forensics Do’s and Don’ts/New California E-Discovery Act

Attorney Steven Teppler

Senior Counsel, KamberEdelson, NYC and Chicago

Steven W. Teppler is a partner at KamberEdelson, LLC, a high-tech litigation boutique with headquarters in Chicago, and directs the firm’s electronic litigation efforts. Mr. Teppler has practiced law since 1980, is admitted to the bars of New York, the District of Columbia and Florida, and advises private and public sector clients about risk, liability, and compliance issues unique to electronic data generation, alteration, transmission and archiving. He also lectures nationwide on evolving theories of computer generated information and evolving theories of liability, practice and evidence in an electronic data universe. Mr. Teppler holds six patents in the field of content authentication, and is the founder and CEO of a content authentication provider. Mr. Teppler is the Co-Chair of the eDiscovery and Digital Evidence Committee of the American Bar Association, co-Vice Chair of the Information Security Committee of the American Bar Association, a founding member of the Information Assurance Consortium, and a co-author of the ANSI X9F4 trusted timestamp guideline standards for the financial industry. Mr. Teppler is the Vice Chair of the Florida Bar Professional Ethics Committee, and contributed to Advisory Opinion 06-02 (Metadata Mining) and to Advisory Opinion 07-2 (Off-Shoring). Mr. Teppler’s recent publications include: Digital Evidence as Hearsay, Digital Evidence and Electronic Signature Law Review (October 2009) Volume 6, The HIPAA Technology Challenge: Protecting the Integrity of Health Care Information, California Health Law News – Volume XXVI, Issue 1, Winter 2007/2008; Spoliation in the Digital Universe, The SciTech Lawyer, Science and Technology Law Section of the American Bar Association, Fall 2007; Life After Sarbanes-Oxley – The Merger of Information Security and Accountability (co-author), 45 Jurimetrics J. 379 (2005); Digital Signatures Are Not Enough (co-author), Information Systems Security Association, January 2006; State of Connecticut v. Swinton: A Discussion of the Basics of Digital Evidence Admissibility (co-author), Georgia Bar Newsletter Technology Law Section, Spring 2005; The Digital Signature Paradox (co-author), IETF Information Workshop (The West Point Workshop) June 2005; Observations on Electronic Service of Process in the South Carolina Court System, efiling Report, June 2005. Mr. Teppler is also a contributing author of the book “Foundations of Digital Evidence” (American Bar Association, July 2008) and co-author of “Digital Evidence Lifecycle Management: A Guide for Attorneys, Enterprise, and Technologists (exp. pub. Winter 2010). Mr. Teppler received his Bachelor of Arts in Political Science Summa Cum Laude from the City College of New York, Phi Beta Kappa, and received his Juris Doctor from the Benjamin N. Cardozo School of Law in New York City.

Mock E-Discovery Court Hearing, Panel: Top Forensics Do’s and Don’ts/New California E-Discovery Act

Serge Jorgensen

CTO at The Sylint Group

Serge Jorgensen is the CTO for the Sylint Group and provides technical input in the area of information security, system design and incident response. Mr. Jorgensen has received various patents in engineering and math-related fields while developing secure, low-bandwidth data transmission techniques and methodologies. Mr. Jorgensen works closely with the FBI and industry in addressing Information Security needs to safeguard critical infrastructure processes and components. In this work, Mr. Jorgensen is responsible for developing and implementing secure communication protocols, traffic analysis techniques and malware identification and remediation efforts. Mr. Jorgensen is an active member of the ABA e-Discovery and Digital Evidence (EDDE) Committee, and works nationally and internationally to mitigate the effects of malicious attacks against corporate and government enterprises..

Speaker: Top Forensics Do’s and Don’ts/New California E-Discovery Act

John Marsh

Principal Solutions Consultant, Guidance Software

John Marsh is a Principal Solutions Consultant with Guidance Software Inc. Mr. Marsh is considered a subject matter expert in eDiscovery, Information Assurance (Cyber Security) and Computer & Cell Phone Forensics. Mr. Marsh role at GSI is both as a consultant and trainer/ instructor. Mr. Marsh has worked in Information Security, Technology, Development and Management, in both the public and private sectors, for over 25 years. Mr. Marsh is a CISSP and EnCase Certified Examiner (EnCE). The EnCE program certifies both public and private sector professionals in the use of EnCase computer forensic software. EnCE certification acknowledges that professionals have mastered computer investigation methodology as well as the use of EnCase during complex computer examinations. Recognized by both the law enforcement and corporate communities as a symbol of in-depth computer forensics knowledge, EnCE certification illustrates that an investigator is a skilled computer examiner.

Speaker: NOC-NOC: Who’s There? Effective E-Discovery Collaboration Between Lawyers and IT/Security Professionals

Leslie Lambert

VP and CISO, Sun Microsystems

Leslie K. Lambert is a Vice President of Information Technology at Sun Microsystems, Inc. She reports to the CIO as the Chief Information Security Officer and is responsible for overall IT Security Management, including intrusion detection, threat vulnerability assessments, incident management, security awareness, prevention and protection against SPAM and malware attacks, policies/standards/procedures development and deployment.

Lambert has 29 years of experience in both Information Technology and technical/business infrastructure. Her experiences range from Control Systems Design to the delivery, implementation, and management of IT systems and infrastructure.

Prior to Sun, Lambert was with Intergraph Corp. and Fluor Daniel in key Customer Engineering, IT, and Control Systems Design roles. Her experience covers the industries of oil and gas, engineering and construction, evaluation research, customer training, CAD/CAE, and Information Technology, where she gained significant hands-on operational, architectural, and management experience.

Speaker: NOC-NOC: Who’s There? Effective E-Discovery Collaboration Between Lawyers and IT/Security Professionals

George Totev

Senior Manager of Information Security at Sybase

George Totev is a Senior Manager of Information Security at Sybase – a $2.8bn IT company headquartered in Dublin, CA with more than 30 offices around the globe. His main responsibility is to manage and cost-effectively reduce the information-related risks within the organization. Since he joined in 2006 he developed effective policy set, established cross-departmental InfoSec Advisory Board and launched the company InfoSec Awareness program. In addition to Business Continuity and Crisis Management programs George manages joined initiatives to comply with various privacy laws, regulations and industry standards. He also oversees the technical aspect of electronic data discovery and litigation support.

Before joining Sybase George worked for Symantec where he designed and deployed a number of internal systems and services. He also managed various aspects of acquisition integration efforts, including the $13.5bn purchase of Veritas.

Before Symantec George worked for the World Bank and IBM. George has Master of Science in Computer Science from Technical University in Sofia and MBA from UCLA Anderson. In his free time he likes to sail and his hobby is photography.

COMPLIANCE AND GOVERNANCE TRACK SPEAKERS BIOS

Moderator: Compliance is Not The Same as Security

Robert K. West

Founder and CEO, Echelon One, LLC

Bob is responsible for creating and executing Echelon One’s corporate strategy. He has over 25 years of experience in corporate and startup environments. Bob is a frequent speaker on the subject of information security and risk, and is on the board of managers for the Jericho Forum, advisory boards for Agilance, the Hispanic Information Technology Executive Council, Security Growth Partners, Trusteer, the University of Detroit Mercy’s College of Liberal Arts and Education, the University of Cincinnati’s College of Information Technology Advisory Board, and has also been on Securent’s advisory board (acquired by Cisco), TriCipher’s advisory board, a member of RSA Security’s Customer Advisory Council, and the ISS Customer Advisory Council. He is on the board of directors for the Cincinnati Information Systems Security Association (ISSA) and is quoted frequently in the press including the Wall Street Journal and BusinessWeek.
Previously, Bob was Chief Information Security Officer (CISO) at Fifth Third Bank in Cincinnati where he was responsible for the enterprise information security strategy. Prior to joining Fifth Third, Bob worked for Bank One in Columbus where he held several key leadership roles, including Information Security Officer for Bank One's Retail Group. Prior to joining Bank One, Bob was a manager with Ernst & Young’s Information Security Services practice in Chicago, and a Senior Systems Officer with Citicorp International in New York and Chicago. Bob received the 2004 Digital ID World Conference award for Balancing Innovation and Reality, and a 2004 InfoWorld 100 Award for implementing cross-company authentication using SAML. Bob graduated from Michigan State University with a Bachelor of Arts in German and then received his Master of Science in Management Information Systems from North Central College.

Panelist: Compliance is Not The Same as Security, Unified Controls Frameworks

Niall Browne

CISO, LiveOps

Niall Browne is the Chief Information Security Officer for LiveOps, a leading provider of virtual contact services with 28,000 agents, where he is responsible for defining and managing the enterprise security, audit, risk and regulatory compliance programs. Niall has a proven track record of leading industry security initiatives. He has been Co-Chair of the BITS Shared Assessments development committee for the past three years, and was also Chair of the BITS FISAP Gap ISO 27002/PCI-DSS/COBIT Committee, as well as being a member of the Steering Committee. The BITS Shared Assessments program was created by the Financial Services Roundtable BITS, The Big 4 accounting firms, and the leading Financial Institutions including Bank of America, Morgan Stanley, Goldman Sachs, CitiGroup, Wachovia, The Bank of New York, M&T Bank, Bear Sterns, Regions, US Bank, Chase, and Wells Fargo, amongst others for the purpose of evaluating financial service providers in the US and internationally.
In 2007, Niall was a nominee and panel speaker for the ISE West Coast Award. He was also a member of the FSTC (Financial Services Technology Consortium) for the project 'Authenticating the FI to Consumers'. He has spoken at numerous industry conferences including the American Banker Technology Conference, CSI, Financial Services Outsourcing Conference, BITS Financial Services Conference, as well as participating in radio webcasts, and has been quoted extensively in both online and print media.
Prior to LiveOps Niall was Senior Director for Information Security for Yodlee, where he was responsible for the security of 9 million online banking users, with billions in aggregated financial assets.
In 2004 Niall was responsible for the IT security architecture for the European Union (EU) Presidency. He has in-depth security experience leading security initiatives within financial institutions, law enforcement agencies, government departments, and embassies, amongst others, encompassing 500 companies and 20 countries.

Panelist: Compliance is Not The Same as Security

Irfan Saif

Principal, Deloitte & Touche LLP

Mr. Saif is a Principal with Deloitte’s Security & Privacy practice. He also serves as the national Technology, Media, and Telecommunications (TMT) industry leader for the practice. Irfan has over fifteen years of professional experience, helping many major US and global technology clients address their information security, data privacy, and technology risk challenges. His areas of focus span strategy and governance, business process design, and technical implementations, tackling challenges such as PCI, intellectual property protection, identity and access management, secure software design and implementation, vulnerability assessments, and customer/employee data privacy among others.
Irfan speaks frequently on various information security and data protection topics. He holds the CISSP, CISM, and CSSLP information security certifications.

Panelist: Compliance is Not The Same as Security

Jason Hoffman, CISSP, CISM, CISA, CIA

Vice President - Technology & Operations, Security Innovation Network

Jason Hoffman is an accomplished, information technology, security, and risk management leader with a compelling record of success over his 18 year career working for large, complex organizations in the healthcare, financial services and e-commerce industries.
Mr. Hoffman is currently Vice President - Technology & Operations for the Security Innovation Network (SINET), a not-for-profit 501(c)(3) founded in San Francisco to enable increased collaboration between public and private entities to defeat global cyber security threats. Mr. Hoffman has also served on SINET's IT Security Entrepreneurs' Forum (ITSEF) Steering Committee since its inception. Mr. Hoffman is also CEO of Visionary Intelligence, a consulting firm he founded to help companies build and mature their information security and risk management programs.
Prior to SINET, Mr. Hoffman was Kaiser Permanente’s Director of Information Security Assurance and Risk Management. He was responsible for development and delivery of Kaiser's enterprise security risk management program, as well as, its security awareness and training program.
Prior to joining Kaiser Permanente, Mr. Hoffman served as Vice President and Chief Information Security Officer (CISO) of Greater Bay Bank, N.A. (acquired by Wells Fargo Bank in 2007). He has also held security and audit positions at VeriSign, Inc., Wells Fargo Bank and the University of California, San Francisco.
Mr. Hoffman is also one of the founders of a talented working group of security executives and university professors that have volunteered for Team for Research in Ubiquitous Secure Technology (TRUST) to create a college-level IT security curriculum that would bring information security education and awareness from the boardroom to the classroom.
In 2006, Mr. Hoffman was the recipient of the Information Security Executive of the Year West People's Choice Award, a selected finalist in the Information Security Executive of the Year West Award and nominated for the Information Security Executive of the Year National Award.
Mr. Hoffman has earned several accreditations and certifications in the information technology field, including CISSP, CISM, CISA, and CIA. He graduated from the University of California, Santa Cruz with a Bachelor of Arts degree in Economics and Legal Studies.

Panelist: Compliance is Not The Same as Security

Suzanne Widup

President, Digital Forensics Association

Suzanne Widup holds a B.S. in Computer Information Systems from Saint Leo University and an M.S. in Information Assurance from Norwich University. She has fifteen years experience in Information Technology roles, and has been involved with various aspects of Information Security for the last ten. She is currently pursuing a Ph.D. in Information Systems with a concentration in Information Security from Nova Southeastern University.

Moderator: Unified Controls Frameworks

Jonathan Thompson

Partner, Rook Consulting

Thompson is a Silicon Valley based entrepreneur with Midwestern philosophies. Thompson founded Rook Consulting to provide strategically precise IT Risk & Security Advisory Services to executive management teams desiring lightweight, cost effective, intuitive Risk and Security Programs.
Previously, at Ernst & Young, Thompson led client serving teams in developing methodologies and providing triage risk advisory services for E&Y's top ten accounts including the largest IT control failure in history. At a small professional services company, he served as Director of Business Development responsible for the company's go-to-market strategy and execution, field sales, channels, and marketing.
Thompson has held leadership positions for a variety of organizations, shares creative thought leadership at conferences, and has been published in leading international journals. He served as the President of the Silicon Valley Chapter of the Information Systems Security Association (ISSA), and has served as the Director of the Northern Region Conference for the American Marketing Association, President of the Management Information Systems Association & is a Board Member on the Henry B. Tippie College of Business Young Alumni Board. Mr. Thompson believes in stimulating process improvement & organizational change by leveraging marketing, psychology, and technology principles to business and organizational challenges. Effective solutions are simplified, rational, well-planned and fit within the cultural, political, and resource constraints of an organization.

Panelist: Unified Controls Frameworks

Brandon Dunlap

Managing Director of Research, Brightfly

Brandon Dunlap has more than 15 years of experience managing business technology risk in large and small organizations. He has served in a variety of roles across heavily regulated industries, successfully leading all aspects of IT security programs, including policy and procedure management, oversight and control, strategy, architecture, development, and training. Currently, he is the Managing Director of Research of Brightfly, an independent, advisory and research firm that focuses on building a collaborative practitioner community and bridging the gaps within information technology, security, risk, compliance, and audit disciplines.
Using Brightfly’s research within their internal incubator, Brightfly Development, Brandon designed and brought to market Illumination, a tool for automating IT policy development, compliance and tracking, which, through the acquisition of BindView, is now part of the Symantec Control Compliance Suite. Brandon has also served as a Symantec Senior Product Manager and as the head of the Information Protection Unit at Constellation Energy. In his role at Brightfly, he uses his unique background to guide the firm’s research agenda and cultivate the community involvement. Additionally, he develops and delivers curriculum on key security and compliance topics for leading professional associations.
Brandon’s broad presentation history, charismatic speaking style, credible experience, and vendor-neutral perspective have made him a popular presenter at technical and business-focused events In addition to headlining Brightfly events, he has recently addressed professionals at international gatherings and regional events of the Institute of Internal Auditors (IIA) and ISACA, as well as ISC2, the Institute for Applied Network Security (IANS), the ASIS International, among others. Brandon has been quoted and profiled in major industry publications, including CSO Online, Information Security Magazine, Dark Reading, Compliance Week, and TechTarget's SearchSecurity.

Panelist: Unified Controls Frameworks

James Anderson

Executive Consultant, Emagined Security

James M. Anderson’s 30+ year career focuses on the implementation of leading edge information risk management programs and technologies for large enterprises around the world. Anderson is Executive Consultant for Emagined Security, Inc., and also consults for Rook Consulting. Anderson has served as VP, Global Information Security Services for Visa encompassing information security architecture and policy implementation for Visa’s worldwide regions. Prior to joining Visa, Anderson served domestic and international enterprise customers as Principal Consultant leading the information security practice of SRI Consulting and headed the International Institute for Information Integrity (I-4) as Program Director. Anderson headed the information security unit of Morgan Stanley after designing, implementing and managing the physical and information security program as Director of Security and Information Services at Lexis-Nexis, Inc. Earlier, Anderson served in a variety of IT roles in large commercial banks and at Deloitte Consulting assisting clients in the large scale systems arena. Anderson is a CISSP and is also certified as a CISM and CGEIT. He has served on the advisory panels of both I-4 and the Computer Security Institute and published several articles for the information security community. Anderson did his undergraduate work in Industrial Engineering at Purdue University and has an MBA in accounting and finance from the University of Chicago Booth School of Business.

Panelist: Unified Controls Frameworks

Kevin Watkins

Security Researcher, McAfee, Inc

Kevin Watkins is a security researcher at McAfee Labs. He leads the regulatory compliance content and mappings across McAfee products. Watkins has also led the implementation of VoIP at McAfee and contributes to working groups that are bringing VoIP to the Secure Content Automation Protocol. He has served in the security industry for more than ten years and has designed security software and content used by many Fortune 100 companies and government agencies. In his free time, Watkins enjoys biking in the California mountains or snowboarding at Lake Tahoe.

Panelist: Unified Controls Frameworks

Kimberly Getgen

Principal, Trust Catalyst

Kimberly Getgen is founder and principal analyst of Trust Catalyst a marketing research firm helping organizations put data protection strategies in place to preserve their most valuable resource – their customers’ trust. Prior to starting Trust Catalyst, Kim co-founded Reconnex Corporation, a data leakage prevention company acquired by McAfee in 2008. She has 12 years of marketing experience working for high tech and information security leaders like RSA Security. As a recognized subject matter expert on trust and security topics ranging from online fraud and cybercrime to governance, risk and compliance strategies, Kim has appeared in print, TV and radio sharing her understanding of threat landscape global corporations face today. She received her Masters degree from Oxford University and a Bachelor of Arts degree from Wake Forest University

Speaker: International Update on Privacy for GRC

Francoise Gilbert

Managing Director, IT Law Group

Francoise Gilbert is the Managing Director of the IT Law Group, a law firm headquartered in Palo Alto, California. Her practice focuses on compliance with privacy, security, and data protection laws and regulations in the United States and abroad. She advises clients on weaving privacy and security in their contracts and all aspects of their business, and developing and implementing data governance strategies and compliance programs.
Ms. Gilbert is the author and editor of Global Privacy & Security Law (Aspen Wolters Kluwer Publishing, 2009). She co-chairs the ABA ePrivacy Committee and the KnowledgeNet (Silicon Valley) of the International Association of Privacy Professionals, and is a founding member and contributor to the Cloud Security Alliance. She has been recognized by Chambers USA as a leading lawyer in the field of information privacy and security, and has been selected by her peers for inclusion in the Best Lawyers in America and in Who’s Who in Internet and eCommerce in the field of information privacy and security.

TECHNOLOGY TRACK SPEAKERS BIOS

Speaker: Virtualized Infrastructure Network Security

Simon Richard

Principal Network Architect at McKesson

After doing academic research and teaching at the College level in the field of mathematics, Simon started working as a web programmer and System Administrator in a Fortune 500 company (KeySpan Energy, now National Grid, a Global Fortune 500) in 1996, when the initial enterprise forays into Internet emerged. Simon’s responsibilities included managing Internet access, the DMZ, building bastion hosts and securing web applications. By 2003, Simon was responsible for KeySpan Energy’s Internet complex and Directory infrastructure operations and architecture.

In 2004 Simon moved to McKesson where he is now the Principal Network Architect in the Enterprise Architecture team. Simon is responsible for the network strategy for McKesson, a 110 billion health care focused Fortune 15 company.

Speaker: Cloud Computing Security - Practical and Actionable Security Controls to Assess the Cloud Vendor

Brian Koref

Information Security Officer at KLA-Tencor

Brian Koref is the current Information Security Officer for KLA-Tencor, a Semi-Conductor equipment company with approximately 5000 employees world wide with a market cap of more than 5 Billion Dollars. His responsibilities include intellectual property protection, policy development and governance, mergers and acquisitions due diligence, third party partner engagements and general consultation to the business in areas of information security. Prior to his current post, Brian has held a variety of Information Security management,engineering, architecture and analyst positions with various technology companies in the San Francisco Bay area. Brian began his career in information security while spending 8 years conducting computer crime investigations for the Air Force Office of Special Investigations.

Panel: The Next Disruptive Technology

Sandeep Tiwari

CEO, Zafesoft

Sandeep builds success, and he brings extraordinary value to his customers. His knowledge in leadership and execution is built from the ground up for which he cultivated his career to cover product management, engineering, marketing, and sales. Currently he is the CEO and co-founder of Zafesoft, a next generation content security company that allows users to secure content with edit-ability.

Prior to Zafesoft, Sandeep was a Vice President of Solutions Marketing at Borland Software, where he created and ran the Enterprise Solutions group. At SpeeDEV, he was the VP Sales and Marketing, responsible for a turnaround for the company acquiring the first 50 customers and leading to a merger with Kovair in 2005. At Fujitsu Software, he built the first internet based Workflow automation solution (own patent) creating i-Flow, as a director of product management and marketing. He also worked at Symantec and Delrina, starting as an account rep and growing into a director of sales role.

When he is not working he enjoys volunteer teaching, practicing yoga and meditation, and hiking - has climbed Mt. Kilimanjaro

Panel: The Next Disruptive Technology

Tim Johnson

Director, Strategic Alliances, Commtouch Inc.

As Director, Strategic Alliances, Tim Johnson looks after Commtouch's security partners in the Americas and Japan, ensuring they successfully launch, sell and support Commtouch's email and web security technology. He has been in the software industry for over 25 years and has held product marketing and product management roles in security since 1999 for BMC Software, SurfControl and Postini/Google. Tim has spoken on panels for ISSA, the Antispyware Coaltion, SecureWorld Expo and PeopleSoft European User Conference. He holds an MBA from the Merage School of Business at the University of California, Irvine and leads a den of 8 lively Cub Scouts in his "spare time.

Panel: The Next Disruptive Technology

Martha Gilbertson

VP of Product Marketing, Whitesky

Martha Gilbertson joined White Sky in 2007 bringing with her over 12 years of software product marketing experience. Prior to White Sky, Martha served as Director of Product Management at Fair Isaac Corporation where she introduced new services incorporating FICO® scores to consumers. Martha joined Fair Isaac from MarkMonitor where she was Senior Vice President of Product Management. There she led MarkMonitor into a new market by launching the company's Anti-Fraud Solutions. Previously, Martha served as VP Product Marketing at Digex, Inc. where she defined, delivered and managed their award winning set of managed hosting services for enterprises. Martha also spent 7 years in a range of marketing and financial positions at Polaroid Corporation and KPMG. Martha holds a bachelor's degree from the University of Massachusetts and an MBA from Babson College, both with honors.

Joomla! is Free Software released under the GNU/GPL License.