Security. It's where we live.
2022 CISO Compensation & Budget Survey
Take the Survey
For the security practitioner caught between rapidly evolving threats and demanding executives, IANS is a clear-headed resource for decision making and articulating risk. Grounded in real-world experience, we help CISOs and their teams by delivering unbiased, practical advice and the ability to speak with IANS Faculty practitioners who understand your challenges.
Our StoryEnd-User Decision Support is our flagship offering delivered through an annual subscription service designed for CISOs and their teams. IANS connects you with independent experts and practitioners who have ‘been there, seen it, and done it,’ enabling you to accelerate your capabilities and make informed decisions.
We connect you with the right IANS Faculty member who can answer your questions in a one-one-one call or written report. They'll share a point of view on a product or technology, provide recommendations for action, and help you come to a decision.
Learn More
Stop searching for content. We've curated it for you. We vet the most relevant third-party InfoSec content, then format it in PowerPoint to make it easy to repurpose.
Learn More
How do you speak intelligently with executives and board members who aren't fluent in security lingo? Covering InfoSec topics from key news publications, IANS uses business language to help you brief the C-suite and key internal stakeholders.
Learn More
Get started quickly on a variety of common information security initiatives. Our tools, toolkits, templates, checklists, matrices, and maps provide the practical support you need to build your action plan.
Learn More
IANS Decision Support clients have access to the Insights Portal, a resource with content organized by topic and product type. The portal includes Ask-An-Expert Writeups, Faculty Reports, Content Aggregator slides, Executive Communications materials, Podcasts, Tools and Templates, Topic Guides and Webinar Replays.
Learn MoreWe work with you to shape engagements and provision them with the right IANS Faculty experts. Your project will never be staffed with junior level consultants. Our expertise is built from hands-on experience. We staff your project with doers who recommend actions, and then help you take them.
Test controls while improving detection and response with simulated attacker, purple team, and threat hunting engagements.
Learn More
Gain knowledge of what an attacker can do by taking advantage of current vulnerabilities through network, web, and mobile application testing.
Learn More
Understand what’s working well and what needs attention with comprehensive review of technical controls in place, governance, and process along with a roadmap of recommended action.
Learn More
Increase skills and understanding through tailored, hands-on training of your IT and security staff.
Learn MoreOur events feature IANS Faculty members who offer a breadth of in-the-weeds advice and high-level guidance for the entire security team. Designed for you to engage with like-minded security professionals in a supportive environment, you’ll learn from a variety of industry approaches and use cases.
Get out of the trenches and prepare for interactions with the C-suite at these executive-only one-day sessions.
All CISO Roundtables
Bring your security team, network with like-minded security practitioners, and join keynote presentations and IANS Faculty breakouts.
All Forums
Immerse yourself on a specific technical or operational topic. Attend our half-day comprehensive deep dives.
All Symposiums
Don't miss a beat. Tune in to monthly topical sessions led by IANS Faculty members.
All WebinarsIANS and Securosis have developed the Cloud Security Maturity Model (CSMM) to help organizations understand what their cloud security journey looks like and consciously determine how mature they want to be for each category. We’ve partnered with Cloud Security Alliance to integrate the CSMM into their cloud security research program as well as their certification and training initiatives.
Learn More About the CSMM Diagnostic Download - Cloud Security Maturity Benchmark ReportWe help CISOs and their teams make well-informed decisions. Our insights come from IANS Faculty practitioners, who are living your challenges and deliver deep-domain, actionable advice on a wide range of security topics.
Children's Hospital and Clinics of Minnesota
With close to 100 end-user security events annually, we are unmatched in the level of peer-to-peer interaction we offer our clients. We provide a safe environment to network, share experiences and discuss challenges.
Learn More
IT governance management professional with strong business acumen, employing a pragmatic and consultative approach. Risk and controls experience rests on a foundation of solid experience within corporate IT. Leveraged collaboration skills to involve all silos of the company, including legal, CFO, customer service, business operations and information technology, to promote management awareness and facilitate remediation efforts. Motivated by the challenge of identifying opportunities to significantly improve and streamline business operations, while working effectively with the business stakeholders responsible for implementing the process improvement or controls
IANS Faculty
IANS Faculty members are expert information security practitioners. Their insights are based on real-world experiences. They understand the key issues you face and deliver actionable recommendations, research, and step-by-step guidance.
Learn More
John is the Owner of Black Hills Information Security (BHIS) where he leads the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development. He is also a SANS Institute Senior Instructor. In these roles, John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.
Legg Mason
Security is all we do, and it always has been. What matters to the CISO and team matters to us. We specialize in providing in-depth knowledge and practical insights you can use both with your team and when interacting with the C-suite.
Learn More
Janet Oren leads global cybersecurity initiatives at Legg Mason Global Asset Management. Her career path includes 32 years at the National Security Agency (NSA) where she was responsible for the protection of classified information and other cybersecurity standards. She on large weapon systems; wrote national encryption policy; and was the senior cybersecurity representative in the NSA’s 24-hour watch center. In between NSA and Legg Mason, she was a managing director at PricewaterhouseCoopers.
This group of over hands-on practitioners understands the key issues you face and delivers actionable recommendations, research, and step-by-step guidance on achieving fast and successful results.
Matt is the CSO of Public Cloud at Palo Alto Networks where he works with organizations to develop and implement security strategy for public cloud adoption and maturity. He has extensive experience in information security leadership and blogging. Matt currently leads the Cloud Threat team which is an elite group of security researchers exclusively focused on public cloud concerns. He also serves as an advisory board member for Rutgers University's Cybersecurity Certificate program.
Matt identifies as a personal growth junkie who enjoys exercising in his free time. For his first job, he directly approached the CEO of Johnson & Johnson and got the job!
Wolf is an Advisory CISO of Duo Security, the leading provider of unified access security and multi-factor authentication delivered through the cloud. He has held senior management roles in IT and IT security in the financial services and healthcare verticals. In addition, Wolf has held senior leadership roles in consulting firms specializing in identity and access management, governance risk and compliance, and security programs. Wolf advises clients primarily in risk management, incident response, business continuity, and secure development.
Chris is the Co-Founder and CEO of LARES Consulting, an information security consulting firm that leverages a blend of assessment, testing, and coaching. He also serves on the Board of Directors at CREST, an international not-for-profit accreditation and certification body that represents and supports the technical information security market.
In his free time, Chris can be found out on the ski slopes or playing with his dogs.
Justine is the CEO of MedSec, a company focused on medical device security management and the delivery of security solutions to healthcare delivery organizations and medical device manufacturing companies. She also serves as a member of HP’s Security Advisory Board, a member of BlackHat’s USA Guest Review Board, and as an advisor to technology startups.
Justine is a New Zealander by origin, an ex-professional ballet dancer, and mother of three boys.
Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, as well as Co-Founder of ICS Village, a nonprofit advancing awareness of industrial control system security. He is a Senior Fellow with the Atlantic Council and the National Security Institute and an Advisor to the Army Cyber Institute. Prior to that, Bryson led an elite offensive capabilities development group. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain.
Bryson hosts a weekly cooking show with different guests, Unicorn Chef.
Mick is the Managing Partner for InfoSec Innovations, an information security advisory and research firm. He also serves as an Instructor and GIAC Advisory Board Member for the SANS Institute. Mick empowers information security professionals with useful tools and skills from his extensive experience as an analyst, consultant, and software developer.
In his free time, Mick enjoys photography, scuba diving, and the great outdoors.
Jonathan is the Global Director for the Microsoft Enterprise Cybersecurity Group. In this role, he leads a team of security advisors who provide strategic direction on the development of Microsoft security products and services. He also serves as a member of Microsoft’s Internal Risk Management Committee and is a principle author of the Microsoft Security Intelligence Report. Jonathan also serves as an Affiliate Faculty member in Research Assurance at Regis University and serves as an advisor to security startups and venture capital firms.
If he wasn't a CISO, Trull suspects that he would work for a non-profit organization, perhaps as an international health aid worker.
Josh is executive director of GuardedRisk, a firm devoted to the security and compliance of law firms, insurance companies, data processors and their clients. An internationally recognized digital forensics expert, Josh has strategized and performed on government corruption, bad compliance, protecting mission-critical data, and everything in between. Likewise, he has presented on topics ranging from Facial Recognition and National Security to audiences from government agencies, law enforcement, Fortune 5 companies, and many others.
In his free time, Josh enjoys target shooting, blacksmithing, blade making and other crafts. He has also practiced horse dentistry, broom making and historic preservation. As a former police officer and firefighter, Josh worked in the former NYC Twin Towers and in Louisiana during Hurricane Katrina. He also helped his family in New Jersey during Hurricane Sandy.
Philip is senior vice president of an offensive security research group at a multinational, Fortune 500 financial services company. He is a leading expert and thought leader in mainframe cyber security with a special focus on the z/OS platform. Philip has built mainframe security programs for multiple Fortune 100 organizations using both vendor and public toolsets. Philip also develops information security coursework to educate the next generation of practitioners, raises awareness about mainframe security, and encourages more organizations to effectively prioritize their risk profiles.
In his free time, Philip enjoys retro art, computing, gaming, and swimming with his two boys.
Jake Williams is the Executive Director of Cyber Threat Intelligence at SCYTHE. Williams is a cybersecurity expert who has more than two decades of experience in secure network design, penetration testing, incident response, forensics and malware reverse engineering. He has worked with many government agencies in information security at federal, state, and local levels. Williams is an IANS Faculty Member and also works as a SANS Analyst. He is a prolific speaker on topics in information security and has trained thousands of people on incident response, red team operations, reverse engineering, cyber threat intelligence, and other information security topics. Jake is the two time winner of the DC3 Digital Forensics Challenge, a recipient of the DoD Exceptional Civilian Service Award, and is one of only a handful of people to ever be certified as Master Network Exploitation Operator by the US Government.
Justin is a Vice President at In-Q-Tel, a non-profit strategic investor serving the Intelligence Community, where he oversees a portfolio of innovative cybersecurity companies solving complex challenges at the intersection of National Security and Commercial Industry. He has also led research and technical diligence exploration for developmental investments that shape Digital Forensics, Behavioral Analytics, Endpoint Protection, Orchestration and Automation, and Software Assurance early-stage startups.
Ken is the President and Principal Consultant of KRvW Associates, LLC, an independent information security consulting company, and a Visiting Scientist at Carnegie Mellon University. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. Ken is a frequent speaker at technical conferences, and has presented papers and training for CSI, ISF, USENIX, FIRST, CERT, among others.
Ken is a dual citizen of the EU (England) and the USA and holds a current U.S. Department of Defense TOP SECRET clearance. In his free time, Ken enjoys travel, cooking, Saints football, and spoiling a couple of basset hounds. He also volunteers his time teaching firearms safety as an NRA certified instructor.
Joff is a Security Analyst and Penetration Testerat Black Hills Information Security (BHIS). He has extensive experience covering intrusion prevention/detection systems, infrastructure defense, vulnerability analysis, defense bypass, source code analysis, and exploit research. He is also an Instructor at the SANS Institute where he primarily teaches the use of Python for information security purposes.
When Joff isn’t working or co-hosting the Security Weekly podcast, he enjoys making music and woodworking.
Kelli is a Principal Consultant and Co-Founder of Enclave Security, an information security consulting firm specializing in governance. As a security architect and project manager, she specializes in IT audit, governance, policy library development, and information assurance strategies. She is a courseware author for the SANS Institute as well as one of the lead technical editors for the Center for Internet Security’s Critical Security Controls. She is also the lead author for many of the governance resources and creator of tools and policies at AuditScripts.com. You can follow her on Twitter @KelliTarala
Kelli enjoys the Florida lifestyle including kayaking, paddle boarding, and snorkeling. She also likes to run and read mysteries and science fiction.
James is Principal Consultant, Co-Founder, and President of Enclave Security, an information security consulting firm specializing in governance that is based in Venice Florida. As a consultant, he has focused on architecting and assessing large enterprise IT security and infrastructure architectures. He has also assisted organizations in security management, operational practices, and regulatory compliance issues. He often performs independent security audits and assists internal audit groups in developing their internal audit programs. James also serves as a Senior Instructor, Course Author, editor, and regular speaker with the SANS Institute.
In his free time, James enjoys the Florida sunshine, spending time outdoors (away from computer screens), running, and exercising.
John is the Owner of Black Hills Information Security (BHIS) where he leads the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development. He is also a SANS Institute Senior Instructor. In these roles, John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.
In his free time, John enjoys mountain biking, AT Skinning (or Ski Touring) and ranching.
Caleb is the VP of Security at Databricks, a Unified Data Analytics Platform. Previously, he served as the Managing Vice President of Cyber Security at CapitalOne. Caleb has held many executive-level positions at information technology and security companies in addition to starting and running his own companies. Currently, he also serves as an Investor & Advisor to Pindrop Security.
In his free time, Caleb enjoys poker, car racing, and motorcycles.
Adam is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He currently helps organizations improve their security via his independent information security solutions firm, Shostack & Associates, focused on delivering high-impact training and consulting in threat modeling, secure development, and DevSecOps. He also serves as a MACH37™ Stars Network Mentor and an advisor to many startups including NTrepid, Continuum, and Judo Security. Previously, he worked at Microsoft where he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and creator of the "Elevation of Privilege" game.
Glen currently serves at Shape Security, an information security defense platform. He brings nearly 30 years of operational security leadership experience with 15+ of those years focused on cyber operations and capability in the enterprise. Glen’s early professional experience spanned from leading special operations Marines across distant beaches to being responsible for global cyber operational assurance for the United States Marine Corps, as their CISO (CO, CND, USMC). Commercially, his roles have been as diverse as a development lead for a small network security startup (ArcSight ’05), to becoming a Field Operations Vice President through its IPO (’10) and then $1.5B acquisition by HP (’12). Glen also serves as a Certified Instructor for the SANS Institute, a role he has held since 2002.
Richard is the Chief Risk Officer at Resilience. Prior to joining Resilience in 2021, he was the co-founder and president of Soluble, a cloud security company sold to Lacework in October 2021. He was previously the CISO of Twilio, GE Healthcare and Lending Club. He is the co-author of “How To Measure Anything In Cybersecurity Risk” (July 2016) and author of “The Metrics Manifesto: Confronting Security with Data” (March 2022).
Justin is the Director of ICS Security at InGuardians, specializing in Industrial Control Systems (ICS) security architecture design and penetration testing. He also led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and has played key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP). Justin has authored and taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences.
Justin is a SCUBA dive master, private pilot, and licensed Master Class falconer. Justin and his wife own a small ranch in Utah where they breed and train Andalusian horses for use in Dressage and Working Equitation.
Mike is the director of technical alliances with Cofense (formerly PhishMe), a phishing defense solutions organization, as well as the founder and principal consultant of First Security Alliance LLC, an independent information security advisory and assessment consultancy. He also serves as a mentor with Queen City Fintech in Charlotte, NC and was a Stars Mentor with MACH37 Cyber Accelerator. Likewise, Mike has served on the Cybersecurity Curriculum Advisory Committee at Alfred State College and Corning Community College in addition to regularly volunteer teaching high school students in cybersecurity fundamentals.
In his free time, he loves to spend time with his wife and two daughters, work out, drive his Jeep Wrangler, and cook.
Kati is a Product Manager at a pharmaceutical company in Salt Lake City and an independent Behavior Design, Methodology, and Analytics Expert. She has applied her diverse set of skills to creating, implementing and evaluating innovative security awareness programs for Fortune 100 companies. Likewise, she has assisted in creating effective social engineering tools and testing scenarios for penetration testing teams. Kati also has experience managing curriculum strategy and content development in psychology to information technology for both online and live instruction.
In her free time, Kati works as a professional solo and duo aerialist performer and teacher. She also takes full advantage of the SLC outdoor fun of through rock climbing, hiking, skiing, and mountain biking.
Ron is a seasoned technologist specializing in cyber security with over 30 years of experience in the IT industry. Currently, he is the global lead for Cyber Architecture at JP Morgan Chase. His group is responsible for designing secure solutions to support their clients and employees. He is also an active researcher and speaker in the Information Assurance (IA) field and is widely published on network security topics including co-authoring books on Software Assurance and Insider Threats.
Not only is Ron an IoT hacker, he is also a pilot and amateur barista.
Marcus is a semi-retired independent consultant and technology advisor to start-ups and large enterprises. He is recognized as an innovator in firewall technology and the implementer of the first commercial firewall product. Marcus’s work has been cited in at least 15 published U.S. patents in addition to computer and network security articles and books.
In his spare time, Marcus likes playing strategy games, taking photos, making soap, woodworking, or forging swords.
Teri Radichel is the CEO of 2nd Sight Lab, a cloud security company that offers cloud security training, penetration tests, and cloud security assessments to organizations worldwide. She is the author of the book Cybersecurity for Executives in the Age of Cloud, an AWS Hero and meetup organizer, a member of the IANS Faculty and Infragard, and received the SANS 2017 Difference Makers Award for security innovation. Teri holds numerous cloud security certifications, including the GSE, which many regard as one of the most challenging certifications to obtain in cybersecurity. She was a member of the original Capital One cloud team and has worked as Cloud Architect, Director of SAAS Engineering, and now CEO, helping companies secure their clouds. Teri has spoken at numerous conferences worldwide including AWS re:Invent, re:Inforce, RSA, OWASP AppSec Day, and Serverless Days, to name a few.
Teri is an avid traveler and has visited all 50 states in the US. She also taught herself to program TI Basic in grade school.
Chris is a Principal Consulting Engineer at BitSight Technologies, an information security risk management company that created the security ratings platform market. He has 35 years in information security and served in a variety of technical and management roles ranging from a programmer for the US intelligence community to founder and CEO of his own consultancy. Chris’s experience has spanned many industries working in organizations as large as IBM in addition to small startups. Although he spent almost a decade building the IoT security practice at IBM and running an Industrial Control and automotive security practice at Booz Allen, his current focus has shifted to enterprise risk. Bringing his broad experience in information security, Chris also serves as a mentor and advisor to science and technology organizations.
In his free time, Chris is making or breaking new technology, hiking, rock climbing, or appreciating fine wine and craft brews. Having grown up in India and Africa, as a son of an international economist, Chris speaks French and enjoys traveling—especially to tropical locales.
Mike is the director at Security Risk Advisors, an information security advisory and solutions firm. As an experienced healthcare and education technology executive, Mike has overseen and managed software development and innovation groups in the information security realm. He has had the unique experience of fulfilling CISO and CTO roles in the healthcare payer, provider, and medical device manufacturer spaces.
In his free time, you can find Mike snowboarding, mountain biking, or training and competing in triathlons.
Davi is Security Architect at Inrupt, Inc., a company that supports Solid, a web decentralization project founded by the inventor of the World Wide Web, Tim Berners-Lee. He is also the Founder and President of flying penguin LLC, an information security consulting firm that focuses on risk mitigation and incident response solutions. Additionally, he serves as a Visiting Lecturer at St Pölten University of Applied Sciences (Fachhochschule St Pölten) in Austria, an Affiliate for the Policy Innovation Lab of Tomorrow (PILOT) at Penn State University, as well as an Advisory Board Member at Cyral, Anjuana Security, and Accenture. Davi has helped serve customer data protection needs across many industries including data storage and management, software, investment, banking, international retail, as well as higher education, healthcare and aerospace.
Rich is CEO and Analyst for Securosis, an information security research and advisory firm, in addition to Founder and Vice President of Product at DisruptOPS, a cloud environment monitoring platform. Prior to founding Securosis, he was Research Vice President for Gartner’s security team where he also served as Research Co-Chair for the Gartner Security Summit. Additionally,Rich has served as an independent consultant, web application developer, software development manager, and a systems and network administrator.
In his free time, Rich enjoys cycling and most outdoor sports capable of causing serious bodily injury. He is also a member of the 501st Legion (a Star Wars charity group).
Jennifer (JJ) Minella is an internationally-recognized authority on network and wireless security, an author and public speaker. A network architect turned advisory CISO and infosec leader, in the past ~15 years she's worked with organizations up to Fortune 50 on strategies ranging from network security to leadership. She is also the creator of the Mindfulness-Based Leadership for Infosec workshop series. Jennifer is the founder and principal advisor of Viszen Security, offering technical strategy and coaching solutions to CXOs and practitioner.
In her spare time aside from cyber security mentorship and volunteering, Jen gets in to all kinds of things. She's a World Record powerlifter and former competitive ballroom dancer who loves reading and the outdoors. She's traded in her Ducati for a kayak and still enjoys Figment the Imagination Dragon. She can usually be lured anywhere with promises of rye whisky.
Tim is A Principal Consultant and Founder at Red Siege, an information security company focused on adversary emulation and penetration testing. He also serves as the MSISE Program Director, Course Author, and Principal Instructor at the SANS Institute.
In his free time, Tim enjoys traveling and watching football.
Stephen serves as an independent Security Consultant performing security assessments, developing information security programs and strategies, and creating remediation plans for select clients. He is also Co-Founder of Community of Practice, a Silicon-Valley-based membership organization for Engineering VPs and CTOs. Stephen has experience including building and leading worldwide teams and designing some of the world's largest Internet services.
Raffy is VP of Research and Intelligence at Forcepoint where he leads Forcepoint X-Labs, a specialized group dedicated to behavior-based security research and development of predictive intelligence to Forcepoint's human-centric product portfolio. Bringing more than 20 years of cybersecurity experience across engineering, analytics, research, and strategy, Raffy is one of the industry's most respected authorities on security data analytics, big data, and visualization. As such, he serves as an advisor to many technology startups. He is the author of Applied Security Visualization and is a frequent speaker at global academic and industry events. Additionally, Raffy has held key roles at IBM Research, ArcSight, and Splunk.
In his free time, Raffy practices Japanese traditional Zen Buddhism through Kōan study and meditation.
Chad is Founder and CEO of Habitu8, an information security startup focused on building effective security awareness programs through training services. Prior to founding Habitu8, Chad co-founded Rapid7, a leading cyber-security company whose products are used today in over 120 countries. As VP of Engineering, Chad helped lead Rapid7 from a 3-person, privately backed startup to a successful $900MM IPO in 2015. With the combination of his technical and executive experience, Chad raises awareness authoring self-published, security-focused articles.
Shannon is Director of DevSecOps at Intuit and the Founder of DevSecOps, a non-profit organization committed to uniting security with DevOps and Agile practices via experimentation and education. Shannon is an award-winning security innovator and leader experienced in developing emerging security programs for Fortune 500 companies including ServiceNow, Sony, Sempra, Savvis, Cable & Wireless, 99 Cents Only, Exodus, and Bank of America.
Shannon is the founder of DevOps Community, and dedicates her time towards improving and adapting security to meet the needs of innovation and agility. Inspiring the mission of uniting security with DevOps and Agile practices via experimentation and education within the security industry.
Dave is a Global Advisory CISO for Duo Security, a Cisco subsidiary. He has almost two decades of industry expertise with extensive experience in IT operations and management. Dave is the Founder of the security news site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. He is also the Director & Co-Founder of OpenCERT Canada, Canada’s first open national Computer Emergency Response Team. Dave has worked finance, healthcare, entertainment, manufacturing, and critical infrastructure verticals. He also has experience consulting for federal organizations working as a Security Consultant and defense contractor to the FBI, US Navy, Social Security Administration, US Postal Service, and the US Department of Defense.
In his free time, Dave enjoys spending time with his family and playing bass guitar. Dave also ran as a torch bearer relay for the 2010 Winter Olympics.
Justin has over twenty years of experience in system administration, software development, and information security. His core skills include regulatory and contractual compliance, program management, payment card standards, and general governance practices and frameworks. He is the founder of episki, a cloud-based governance tool geared to help smaller organizations manage their security programs and serves as a Principal Consultant at TrustedSec.
Prior to his current roles, Justin consulted with Fortune 1000 companies in information systems, audit, governance and information security. He has led the governance and security practices for leading eCommerce and large financial services companies. Additionally, Justin has spoken at conferences concerning risk management, payment card industry (PCI), security leadership, and general information security practices.
In his free time, Justin enjoys spending time with his wife and 4 kids, dabbling at the piano, and is a tinkerer of projects.
Adrian is the CTO of Securosis, a boutique information security analyst firm, and VP of Development at DisruptOPS, a SaaS-based cloud management and automation company. Adrian has been an asset at companies like Ingres, Oracle, and Unisys --giving him extensive experience in the vendor community. Having worked as a CIO and CTO, Adrian has experience selecting and deploying technologies securely.
Adrian is an avid runner, mountain biker, and backyard farmer.
Adrian is an avid runner, mountain biker, and backyard farmer.
Peter is the Managing Director at ClearSky Security, an information security solutions firm that focuses on threat intelligence services. He also serves as the Managing Partner at HypAdvisor Consulting, LLC, an advisory firm for technology companies. He is also an Advisor to the Pacific Northwest National Lab. Formerly, as the Lead Software Analyst for Morgan Stanley, he published industry-leading investment reports and led over 18 public transactions. In total, Peter was a Wall Street analyst for 15 years, which offered him the opportunity to work top executives in both public and private companies. As a visible voice for the software industry, Kuper is an active speaker to many professional and government groups.
Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.
Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.
Dr. Ondrej Krehel is the Founder, CEO, and Digital Forensics Lead of LIFARS LLC, an international cybersecurity and digital forensics firm. He is also the Co-Founder and an Advisory Board Member of QuBit Conference, an events and training company dedicated to connecting the information security community. Ondrej is an accomplished speaker having lectured for FBI Training Academy and the National Executive Institute. He also serves as a member of New York Metro Infragard, as the Chapter Leader of OWASP NYC, and as a Distinguished Fellow with the Ponemon Institute.
In his free time, Ondrej is an Extreme Back Country Skiing Instructor. He lives his life with curiosity and a discipline for finishing whatever he starts.
Kevin is the Founder, CEO, and Principal Security Consultant of Secure Ideas, an information security consulting company that focuses on penetration testing services and training. He is also a founder and contributor of many open source projects including the Samurai Web Testing Framework (SamuraiWTF), a web penetration testing and training environment, and the Basic Analysis and Security Engine (BASE) project, a web front-end for Snort Analysis
Kevin enjoys spending time with his family and is an avid Star Wars fan and member of the 501st Legion, a Star Wars charity group.
Rebecca is Founder, Owner, and CEO of Rebecca Herold, LLC aka The Privacy Professor®, an information security, privacy, IT, and compliance services firm. She also co-founded Privacy Security Brainiacs, a SaaS platform, early 2020 with her oldest son, Noah. Rebecca also serves as a Distinguished Ponemon Institute Fellow and as an Advisory Board Member for multiple technology businesses and startups. Additionally, Rebecca serves as an expert witness for diverse cases, is an advisor on multiple high school and college/university curriculum and program boards, and hosts a VoiceAmerica radio show called “Data Security & Privacy with the Privacy Professor.”
In her free time, Rebecca enjoys renovating old houses, farming, gardening, writing, and traveling. She also enjoys watching Iowa State University football and basketball in addition to the Kansas City Chiefs and spending time with her Doberman, Jesse.
Rich is Founder and Managing Director of Guida Technology Associates, Inc., a small consulting company, through which he has consulted for companies in the pharmaceutical, retail, financial, and telecommunications sectors. An information security and engineering professional with extensive experience in the Federal government and in the private sector, Rich as occupied executive positions within the Department of the Navy, the Department of the Treasury, and at Johnson & Johnson (J&J). In 2011, Rich retired from J&J as Vice President of Worldwide Information Security (J&J’s Chief Information Security Officer). He is especially skilled in written and oral communications.
In his free time, Rich enjoys military history, playing the piano, and video games.
Marty is a Senior Privacy Consultant at TrustArc, a privacy compliance and data protection software and services company. In this role, He helps clients across the US, Europe, and Asia conform to current and emerging privacy and cyber regulation. Marty is also a Consulting Product Advisory Board Member at TrustArc. He also serves clients via his independent information security advisory firm and consultancy, CYBERITE LLC, where he acts as an executive advisor for global data security, privacy, continuity and crisis management.
In his free time, Marty enjoys collecting wine and spelunking in European caves to look at prehistoric paintings. To date, he has made 4 trips through northern Spain, Southern France, and the Pyrenees visiting approximately 27 caves.
As Sumo Logic's CSO and SVP of IT, George Gerchow brings over 20 years of information technology and systems management expertise to the application of IT processes and disciplines. His background includes the security, compliance, and cloud computing disciplines. Mr. Gerchow has years of practical experience in building agile security, compliance and, IT teams in rapid development organizations. These insights make him a highly regarded speaker, and invited panelist on topics including, cloud secure architecture design, compliance and operational security. George has been on the bleeding edge of public cloud security, privacy and modernizing IT systems since being a co-founder of the VMware Center for Policy & Compliance. He is a Faculty Member for IANS- Institute of Applied Network Security and sits on several industry advisory boards. Mr. Gerchow is also a known philanthropist and CEO of a nonprofit corporation, XFoundation.
George’s first language is Spanish. He is an avid snowboarder, golfer, and yogi who is always looking for the best sandwich and IPA in any city that he visits.
John is a senior-level CISO and enterprise risk manager with 20+ years of experience in security and risk management. He has successfully managed companywide security operations in Fortune 100 financial services, technology and aerospace companies, and is a certified security professional (CISSP and CISM) with dual master's degrees (most recently an MBA).
Ron Dilley is a leading information security practitioner and thought leader with more than two decades experience building and implementing information security practices for global companies, overseeing and revitalizing infosec teams and advising on mergers, acquisitions and divestitures from an infosec perspective. In the constantly changing infosec landscape, Ron is dedicated to staying abreast and ahead of current and emerging threats across all relevant technologies.
Dennis is an emeritus CISO with nearly five decades of accomplishment leading enterprise IT and information risk management in both private industry and higher education. He has built and led teams that delivered highly successful enterprise-class initiatives and programs in information security, privacy, identity management, messaging, business continuity and emergency notification. Dennis serves as a Distinguished Fellow for the Ponemon Institute and a Contributing Author for Amazon’s Security 2020.
In his free time, Dennis enjoys digital photography, world travel and volunteering.
Rocky is the Executive Director of Cybersecurity at JP Morgan. Rocky was a member of the USAF and subsequently supported AFCERT as part of the Incident Response Team. Rocky founded and led the Global Security Operations Center for EDS and has supported cybersecurity advancement in notable companies such as ArcSight, NetWitness, RSA and Visible Risk. At every step in his career, Rocky's focus has been to continually enhance visibility and detection solutions to defend the enterprise.
Jared enjoys securing code and data in big tech after leading a successful startup. Jared has been passionate about cyber, since the early days of his career with the NSA. He holds a PhD from Michigan State University, and has often spoken on cyber matters at popular conferences. He was a finalist in Microsoft’s BlueHat security architecting contest, and has been on three winning Defcon capture-the-flag teams. Dr. DeMott has authored books, blogs and online courses on application security and malware analysis.
During his free time, Jared is enjoying time with his family, particularly vacationing and outdoors. Jared is a Christian and will happily discuss faith should you desire to do so.
Bill is a Shareholder at LBMC Information Security,where he is responsible for security assessments, incident response, digital forensics, electronic discovery and overall litigation support. He also serves as an expert witness in federal courts and numerous state courts and has conducted digital forensic investigations and electronic discovery services to support litigation efforts. He is also an active member of the International Society for Forensic Computer Examiners and Board Member in East Tennessee’s InfraGard Chapter.
In his free time, Bill enjoys boating, UT Football, and hanging out with his two sons.
Josh is the Chief Security Officer and SVP at PTC, a global computer software and services company that provides CAD modeling, Internet of Things, and Augmented Reality software products. He is also a Co-Founder of @IamTheCavalry and @RuggedSoftware to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. Additionally, Josh serves as an adjunct faculty for Carnegie Mellon’s Heinz College.
Josh is a film enthusiast who also enjoys cooking and diving in his free time.
Steve is the Director of Product and Solutions Marketing at BigID. He also serves as a Principal Consultant for Khova Consulting where he provides advisory services to help information security vendors, end users, and investors navigate the information security landscape. During his time at 451 Research, Steve was pivotal in establishing the firm as a leading source of analysis and insight on shifts in the information security market, focusing on the ripple effects on identity management and data security from IT shifts.
Steve speaks Afrikaans, Hebrew, and Zulu.
Andy has extensive experience in IT audit, security governance and application development. After beginning his career in financial audit at a Big 4 accounting firm, Andy quickly moved into the IT audit field, where he gained over 15 years of experience working in both public accounting and private industry.
About five years ago, Andy moved into a senior director role where he worked in security governance for a multibillion-dollar retailer. During this time, he has performed PCI audits, drafted and published IT policies, procedures and awareness campaigns, and managed the user administration process for business-critical applications. He has also worked very closely with the Risk Assessment team to manage third-party risk, implement a new privileged access management system and deploy a GRC tool. Andy has also developed a continuous-controls monitoring tool from the ground up. Recently, Andy joined an investment banking firm to build out their third-party risk management and identity and access management processes.
Bruce is the Owner and Principal Consultant at Bruce Bonsall, LLC, an independent information security consultancy. A trusted security advisor across many industries, he has extensive experience designing and implementing progressive, cost effective countermeasures to protect assets and reduce costs. He has assessed the information security regulatory compliance and operational readiness of organizations of all sizes and industries,and is adept at tailoring security programs to fit each organization. At IANS, Bruce has performed 100+ CISO Impact reviews. Additionally, he serves as a mentor for the Air Force Association’s Cyber Patriot, a national cyber education program for youth.
Bruce is an accomplished outdoorsman, persistent golfer, and staunch supporter of the US Constitution.
Kevin is the founder and principal consultant of Atlanta-based Principle Logic, LLC, an independent information security company that focuses on vulnerability and penetration testing, security operations reviews, and virtual CISO services. He also serves on the Industry Advisory Board for Computer Engineering at Kennesaw State University – Southern Polytechnic College of Engineering and Engineering Technology. Kevin has served in many information technology and security roles for healthcare, e-commerce, finance, education, and consulting organizations. Kevin is also a prominent writer having written over 1,300 articles on information security.
For fun, Kevin enjoys road racing his Mazda Miata in the Spec Miata class with the Sports Car Club of America (SCCA) as well as riding dirt bikes and snow skiing with his children.
Aaron Turner is the VP of SSPM at Vectra AI. This followed the acquisition of Siriux Security, a SaaS posture management company which he founded and served as CEO. He is also a member of the board and security advisor to HighSide and CTO of Integricell. Aaron is a long-serving member of the RSA Conference Program Committee, helping select educational content presented at the annual RSA Conference.
In his free time, Aaron enjoys restoring 1960's split-window VW buses and arranging and recording vocal music with his brothers and daughters. He has completed several Cordon Bleu culinary education programs and volunteers as a Spanish translator for immigration court proceedings. He is an avid traveler, having visited over 80 countries around the world.
Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.
Mike has been to 23 of the past 24 RSA Conferences. Of the 1000+ talks Mike has given over the years, he is most proud of the mindfulness talk he gave at RSA in 2014 (Google "Rothman RSA Neurohacking”).
Josh is the Owner and President of Eyra Security, an information security and business improvement consulting firm that specializes in helping startups and organizations in transition take advantage of lean and agile methods, open source technology, and varied frameworks used for security, risk management, and compliance. He also serves on the GIAC Advisory Board. Additionally, as an active member in the information security community, Josh is a member of ISSA, Agile Iowa, OWASP, DC612, Central Iowa Area Linux Users Group and Infragard.
In his free time, Josh enjoys reading books from various genres including business, photography, mythology, mythic fiction and natural history. He also enjoys practicing photography, cooking, and other artistic sciences.
Jason is a Principal Security Consultant and CIO at Secure Ideas, a boutique information security consultancy that focuses on penetration testing and training, where he leverages his software design, architecture, and security testing experience. He is also the author of many extensions for Burp Suite and is a contributor to several other projects including SamuraiWTF, MobiSec, and Laudanum.
In his free time, Jason enjoys running, homebrewing, and spending time with his wife and two kids.
Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.
In his free time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).
Mark is the CISO and VP of Cybersecurity at Sprint and is Founder of Cyber Risk Research LLC, an independent information security R&D consultancy. He also serves as an Advisor and Advisory Board Member for Global Cyber Institute and The Florida Center for Cybersecurity respectively. Mark has testified before congress three times on cybersecurity policy and is a frequent speaker on cybersecurity and technology risk management forums globally.
