For the security practitioner caught between rapidly evolving threats and demanding executives, IANS is a clear-headed resource for decision making and articulating risk. We help CISOs and their teams protect their IP because digital risks are now business risks. As your trusted partner on the information security journey, we deliver unbiased, practical advice and the ability to speak with professionals who understand your challenges.
Our StoryEnd-User Decision Support is our flagship offering delivered through an annual subscription service designed for CISOs and their teams. IANS connects you with independent experts and practitioners who have ‘been there, seen it, and done it,’ enabling you to accelerate your capabilities and make informed decisions.
We connect you with the right IANS Faculty member who can answer your questions in a one-one-one call or written report. They'll share a point of view on a product or technology, provide recommendations for action, and help you come to a decision.
Learn More
Stop searching for content. We've curated it for you. We vet the most relevant third-party InfoSec content, then format it in PowerPoint to make it easy to repurpose.
Learn More
How do you speak intelligently with executives and board members who aren't fluent in security lingo? Covering InfoSec topics from key news publications, IANS uses business language to help you brief the C-suite, the board, and key internal stakeholders.
Learn More
Get started quickly on a variety of common information security initiatives. Our tools, toolkits, templates, checklists, matrices, and maps provide the practical support you need to build your action plan.
Learn More
IANS Decision Support clients have access to the Insights Portal, a resource with content organized by topic and product type. The portal includes Faculty Reports, Ask-An-Expert writeups, Topic Guides and Webinars. Here you can also access Tools and Templates, Executive Communications materials, and Content Aggregator slides.
Learn MoreWe work with you to shape engagements and provision them with the right IANS Faculty experts. Your project will never be staffed with junior level consultants. Our expertise is built from hands-on experience. We staff your project with doers who recommend actions, and then help you take them.
Test controls while improving detection and response with simulated attacker, purple team, and threat hunting engagements.
Learn More
Gain knowledge of what an attacker can do by taking advantage of current vulnerabilities through network, web, and mobile application testing.
Learn More
Understand what’s working well and what needs attention with comprehensive review of technical controls in place, governance, and process along with a roadmap of recommended action.
Learn More
Increase skills and understanding through tailored, hands-on training of your IT and security staff.
Learn MoreOur events feature IANS Faculty members who offer a breadth of in-the-weeds advice and high-level guidance for the entire security team. Designed for you to engage with like-minded security professionals in a supportive environment, you’ll learn from a variety of industry approaches and use cases.
Get out of the trenches and prepare for interactions with the C-suite at these executive-only one-day sessions.
All CISO Roundtables
Bring your security team, network with like-minded security practitioners, and join keynote presentations and IANS Faculty breakouts.
All Forums
Immerse yourself on a specific technical or operational topic. Attend our half-day comprehensive deep dives.
All Symposiums
Don't miss a beat. Tune in to monthly topical sessions led by IANS Faculty members.
All WebinarsCheck out the IANS Faculty members who will be speaking at RSA this year! Their sessions topics include but are not limited to IoT, DevSecOps, ML, Cloud Migration, Cloud Security Architecture, Mobile Security, and Threat Modeling.
See Who's GoingWe help CISOs and their teams make well-informed decisions. Our insights come from IANS Faculty practitioners, who are living your challenges and deliver deep-domain, actionable advice on a wide range of security topics.
Children's Hospital and Clinics of Minnesota
With close to 100 end-user security events annually, we are unmatched in the level of peer-to-peer interaction we offer our clients. We provide a safe environment to network, share experiences and discuss challenges.
Learn More
IT governance management professional with strong business acumen, employing a pragmatic and consultative approach. Risk and controls experience rests on a foundation of solid experience within corporate IT. Leveraged collaboration skills to involve all silos of the company, including legal, CFO, customer service, business operations and information technology, to promote management awareness and facilitate remediation efforts. Motivated by the challenge of identifying opportunities to significantly improve and streamline business operations, while working effectively with the business stakeholders responsible for implementing the process improvement or controls
IANS Faculty
IANS Faculty members are expert information security practitioners. Their insights are based on real-world experiences. They understand the key issues you face and deliver actionable recommendations, research, and step-by-step guidance.
Learn More
John is the Owner of Black Hills Information Security (BHIS), and has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing. John is also an instructor and course author of BlackHat's "Active Defense, Offensive Countermeasures, and Hacking Back" and the SANS Institute's "Hacker Tools, Techniques, Exploits and Incident Handling" classes. John is co-author of the" Offensive Countermeasures: The Art of Active Defense" book and is a contributor to the industry shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks. He leads the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development at BHIS. He is a dynamic speaker at conferences worldwide. In his spare time, he co-hosts the Hack Naked TV and Security Weekly podcasts.
Legg Mason
Security is all we do, and it always has been. What matters to the CISO and team matters to us. We specialize in providing in-depth knowledge and practical insights you can use both with your team and when interacting with the C-suite.
Learn More
Janet Oren leads global cybersecurity initiatives at Legg Mason Global Asset Management. Her career path includes 32 years at the National Security Agency (NSA) where she was responsible for the protection of classified information and other cybersecurity standards. She on large weapon systems; wrote national encryption policy; and was the senior cybersecurity representative in the NSA’s 24-hour watch center. In between NSA and Legg Mason, she was a managing director at PricewaterhouseCoopers.
This group of over 50 hands-on practitioners understands the key issues you face and delivers actionable recommendations, research, and step-by-step guidance on achieving fast and successful results.
Joshua Marpet is an IANS Faculty Member and an accomplished speaker, long-time information and physical security practitioner and start-up CEO and serial entrepreneur. He is Co-Founder and COO of Red Lion and has presented on topics ranging from Facial Recognition to National Security, to audiences from government agencies, law enforcement, Fortune 5 companies, and many others. His research encompasses digital forensics, business security maturity, and how not to start an information security business. He is also a board member of Security BSides Delaware.
Philip is a cybersecurity and assurance expert. He has a deep background in IT Security dating back to high school and was able to translate that in to a career in IT risk and security after attaining his degree in computer science. Philip is an Information Security Engineer at Wells Fargo and prior to that role he was Director of Core System Security Visa. Philip worked at Ernst & Young and Grant Thornton as a Sr. IT Auditor conducting IT security process and system reviews for large financial institutions, specializing in Unix, Windows and Legacy systems. He continued this work when he moved over to Visa Inc’s internal audit department bringing his deep technical background to the types of audits typically found within a large, global, tech company. During this time he was applauded for his ability to translate between the business and the technical for management reporting.
Jake Williams, the founder of Rendition Infosec, has almost two decades of experience in secure network design, penetration testing, incident response, forensics and malware reverse engineering. Prior to founding Rendition Infosec, Williams worked with various government agencies in information security and CNO roles. He also works with SANS where he teaches and authors courses in Malware Reverse Engineering, Memory Forensics, Cyber Threat Intelligence, and Advanced Exploit Development. He is the two-time victor of the annual DC3 Forensics Challenge. He has spoken at Blackhat, DEFCON, Shmoocon, CEIC, RSA, EnFuse, and DC3 Conference (among others). His research areas include automating incident response throughout the enterprise, threat modeling and analysis, binary analysis, and malware C2. The primary focus of his work is increasing enterprise security by presenting complex topics in a way that anyone can understand.
Justin Wilder is a Vice President with In-Q-Tel, a non-profit strategic investor serving the Intelligence Community, where he oversees a portfolio of innovative cybersecurity companies solving complex challenges at the intersection of National Security and Commercial Industry. Justin has led the research and technical diligence exploring a number of domains leading to developmental investments shaping numerous Digital Forensics, Behavioral Analytics, Endpoint Protection, Orchestration and Automation, and Software Assurance early stage startups. His cybersecurity experience spans twenty years in service of Academic, Fortune 50, DoD, Federal, and Intelligence clients as a developer, engineer, advisor, and entrepreneur. Justin received his Bachelor’s degree in Electrical Engineering from the University of Maryland, College Park and his Master’s degree in Computer Science from George Washington University.
Kenneth R. van Wyk is an internationally recognized information security expert and author of three popular books, Enterprise Software Security, Secure Coding, and Incident Response. In addition to providing consulting and training services through his company, KRvW Associates, LLC, he currently holds the following positions: Member of the Board of Directors for SecAppDev (http://www.secappdev.org), and monthly columnist for Computerworld (http://www.Computerworld.com). Ken is also the project leader of the Open Web Application Security Project (OWASP) iGoat project and is a Lehigh University distinguished engineering alumnus. Ken has 25 years experience as an IT Security practitioner in the commercial, academic, and military sectors. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. At Carnegie Mellon University’s Software Engineering Institute, Ken was one of the founders of the Computer Emergency Response Team (CERT®). He holds a mechanical engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented tutorials and technical sessions CSI, ISF, USENIX, FIRST, AusCERT, and others. Ken is a dual citizen of the EU (England) and the USA, and holds a current U.S. Department of Defense TOP SECRET clearance.
Joff has 15+ years of experience in the IT industry in roles such as enterprise network architect and network security defender. He has mentored "Intrusion Detection in Depth" and taught "Python for Penetration Testers" for the SANS Institute. Currently Joff is a Researcher and Penetration Tester with Black Hills Information Security (BHIS). He helps lead the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development at BHIS. Joff holds a B.Sc. in Mathematics, an M.Sc. in Computer Science, and holds the GIAC certifications GPEN, GWAPT, and GXPN. In his free time, he is a host on the Security Weekly podcast and contributes to open-source projects.
Kelli K. Tarala (Twitter: @KelliTarala) is a principal consultant and co-founder of Enclave Security. As a security architect and project manager with over 20 years of experience, she specializes in IT audit, governance, and information assurance strategies. Over the past few years, she has served as a one of the lead technical editors for the Center for Internet Security’s Critical Security Controls and has had the privilege of assisting on the development of the Critical Security Controls and chairing task panels for the Center for Internet Security. She is a courseware author for the SANS Institute as well as the lead author for many of the governance resources and creator of tools at AuditScripts.com. She has completed graduate work at the University of Wisconsin Madison and holds multiple professional certifications.
James Tarala is a principal consultant with Enclave Security based out of Venice, Florida and has spent the past 20 years providing security consultation and services to large enterprises and government agencies, both inside the US and internationally. Over the past few years, he has served as a lead technical editor for the Center for Internet Security’s Critical Security Controls and has had the privilege of assisting on the development of the Critical Security Controls and chairing task panels for the Center for Internet Security. He is also a senior analyst, author, and instructor with the SANS Institute. As a consultant, he has spent the past few years architecting large enterprise IT security and infrastructure architectures. He works regularly with organizations to assist them in their security management, governance practices, and regulatory compliance issues and regularly performs independent security assessments and assists enterprises in developing their internal security control programs.
John is the Owner of Black Hills Information Security (BHIS), and has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing. John is also an instructor and course author of BlackHat's "Active Defense, Offensive Countermeasures, and Hacking Back" and the SANS Institute's "Hacker Tools, Techniques, Exploits and Incident Handling" classes. John is co-author of the" Offensive Countermeasures: The Art of Active Defense" book and is a contributor to the industry shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks. He leads the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development at BHIS. He is a dynamic speaker at conferences worldwide. In his spare time, he co-hosts the Hack Naked TV and Security Weekly podcasts.
Caleb is the founder and CEO of Bluebox Security. Before founding Bluebox Security Caleb was an EIR at Andreessen Horowitz. Prior to this, Sima was CEO of Armorize Technologies, an internationally acclaimed, SaaS based malware monitoring and code security analysis firm headquartered in San Francisco. Before his tenure at Armorize, Sima served as chief technology officer for HP's Application Security Center and was responsible for directing the lifecycle of the company's web application security solutions. Sima joined HP after the company he founded SPI Dynamics was acquired in 2007. Prior to founding SPI Dynamics, Sima worked for Internet Security Systems' elite X-Force R&D team and as a Security Engineer for S1 Corporation. Outside of work, Caleb enjoys poker, car racing and motorcycles.
Adam is a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped found the CVE and many other things. He's currently helping a variety of organizations improve their security, and advising and mentoring startups as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security and the co-author of The New School of Information Security.
Glen has nearly 30 years of operational security leadership experience, with the past 15+ exclusively focused on cyber operations and capability, in the enterprise. Glen’s early professional experience spanned from leading special operations Marines across distant beaches to being responsible for global cyber operational assurance for the United States Marine Corps, as their CISO (CO, CND, USMC). Commercially, his roles have been as diverse as a development lead for a small network security startup (ArcSight ’05), to becoming a Field Operations Vice President through its IPO (’10) and then $1.5B acquisition by HP (’12).
Glen has a MS in Information Technology Management from the Naval Postgraduate School, with operational emphasis in security as the Founder and Director of a self-funding security laboratory studying cypher deception and advanced detection. Glen also graduated from the U.S. Naval Academy and was commissioned into the USMC. Glen has attained and instructed numerous security certifications from the GIAC, NSA and ISC2. He has been an invited speaker at the Pentagon Security Forum, a SANS certified instructor since 2002 and an IANS faculty member since 2003.
Richard is a security executive with ~20 years experience ranging from start-ups to global organizations. He is currently the SVP and CISO at Lending Club. He was most recently the CISO/VP of Trust for Twilio and formerly the VP/GM Cybersecurity and Privacy for GE Healthcare. His background is in Information Security, Digital Risk Management and Product Development with an analytics bent. His current focus is developing quantitatively informed strategies, building agile teams that scale and making digital risk measurable. Likewise, he recently co-authored a decision analysis book called "How To Measure Anything In Cybersecurity Risk" (Wiley 2016) This book targets those looking to improve risk management strategies using predictive analytics.
Justin is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and played key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG). He currently leads the testing group at the National Electric Sector Cybersecurity Organization Resources (NESCOR). Justin has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences.
Mr. Searle is currently a certified instructor for the SANS Institute. In addition to electric power industry conferences, Justin frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, Nullcon, and AusCERT. Justin co-leads prominent open source projects including the Samurai Web Testing Framework, Middler, Yokoso!, and Laudanum. Justin has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), and Web Application Penetration Tester (GWAPT).
Mike is the Director of Technical Alliances with Cofense, (formerly, PhishMe). Prior to Cofense, Mike spent nearly two decades in financial services and was the head of information security for 12 years as well as having led IT operations. Mike was involved from the onset with Security Current when it launched and served as the research director leading a number of strategic projects for global security vendors and CISOs. Also, Mike is a mentor with Queen City Fintech, in Charlotte, NC, and has a security consulting LLC where he conducts independent advisory and risk assessment engagements. Mike holds a Master's of Science in Information Assurance from Walsh College and is a member of two college information security curriculum advisory committees. In his free time, he loves to spend time with his wife and two daughters, workout, drive his Jeep Wrangler, and cook for those who love great food and drinks.
Katrina Rodzon has over 12 years of experience and a diverse set of skills that she has applied to creating, implementing and evaluating innovative security awareness programs for Fortune 100 companies. She has also managed curriculum strategy and content development across a vast range of topics, ranging from psychology to information technology, for both online and in person mediums. In addition, she manages the development of large enterprise behavioral content/modification plans, methodology creation for assessing an organizations culture, and assisted in creating effective social engineering tools and testing scenarios for penetration testing teams. She has received advanced graduate training in cognition, behavior analysis, research methodology, statistics, and psychology.
Ron is a seasoned technologist specializing in cyber security with over 30 years experience working within the IT industry. At JP Morgan Chase, Ron is the global lead for their Cyber Security Technology and Architecture team. This group is responsible for helping the business build and maintain robust, secure solutions to support our clients and employees. He is also an active researcher and speaker in the IA field and is widely published on network security topics including co-authoring books on Software Assurance and Insider Threat. He has authored courses on computer security that have been taught across the country and has been a faculty member of the SANS Institute, the Institute for Applied Network Security (IANS), and George Mason University. He holds masters and bachelors degrees in computer science from Mason and a PhD in Information Technology from their School of Information Technology and Engineering.
Marcus has more than 25 years of experience within Information Security and is a world-renowned expert on security system design and implementation. Currently, Marcus is an independent consultant and technology advisor to start-ups and large enterprises. He is recognized as an innovator in firewall technology and the implementer of the first commercial firewall product. Marcus has designed a number of security products including DEC SEAL, TIS firewall toolkit, Gauntlet firewall, and NFR's Network Flight Recorder intrusion detection system. Marcus holds several industry awards including ISSA fellowship. In his spare time Marcus likes to be playing strategy games, taking photos, making soap, woodworking, or forging swords.
Teri Radichel was on the original team that helped Capital One, the first major US Bank to use AWS, move production workloads to the cloud. She then architected a SAAS IOT solution for firewalls connecting to the cloud for a security vendor. She also led a cloud team of 30 people and delivered a secure CI/CD pipeline based on her white paper, Balancing Security and Innovation with Event Driven Automation. Now she focuses on training, penetration testing, and cloud security assessments. She also enjoys security research and writing. You can find her articles in publications like Dark Reading, Infosecurity Magazine, and her cloud security blog. Teri has presented on cloud security at conferences like RSA, AWS re:Invent, Countermeasure IT, SANS Networking, SANS Cloud Summit, and BSides. She is an AWS Hero and runs the Seattle AWS Architects and Engineers meetup which has almost 3,000 members. She received the 2017 SANS Differences Makers Award and was on the initial SANS cloud security curriculum advisory board. She now offers training through IANS Summits and other venues. Cybersecurity certifications: GSEC, GCIH, GCIA, GCPM, GCCC, GREM, GPEN, GXPN
Chris has almost 35 years experience in digital and physical security, spanning diverse roles from the deeply technical to executive management. He started his journey in the U.S. Air Force as a software developer for the DoD intelligence community and built his own boutique consultancy after separating from the military. Chris sold FireTower after ten years of growth and joined Q1 Labs as the Chief Security Officer, which was acquired by IBM in 2012. During his five years at Big Blue, Chris led threat research activities for the X-Force and built a prototype of Cyber Watson. He took an interest in the IoT and was instrumental in founding IBM’s IoT security practice, including authoring their points of view on connected car security. As a result, he was recruited into Booz Allen Hamilton as a Principal/Director leading the Dark Labs embedded systems vulnerability analysis practice. Chris returned to the startup community and is currently at BitSight Technologies, empowering enterprises to manage third- and first-party risk. He can be found speaking on a variety of InfoSec topics at conferences and private events when he’s not making or breaking new technology as a hobby, hiking, rock climbing, or appreciating fine wine and craft brews.
Mike is an experienced healthcare and education technology executive and has been involved in information security for approximately 15 years. Mike is currently a Director at Security Risk Advisors out of Philadelphia, and has spent 6 years as CISO with the University of Rochester & Medical Center. He has been a CTO and overseen software development and innovation groups, and is the founder of SnapEval, a mobile-first enterprise performance management system. When Mike isn’t working, you can find him doing various physical activities, such as snowboarding, mountain biking, and triathlon.
Davi Ottenheimer is a security executive, board member and founder who has led global teams in developing and managing secure systems for more than twenty years. Currently he is working on product security at mongoDB making big data secure, IoT safe and AI trusted. Davi is also a recognized strategist and author specializing in cyber defense ethics and safely navigating the cultural disruptions of emerging technology. He co-authored in 2012 a cloud security book “Securing the Virtual Environment: How to Defend the Enterprise Against Attack” and is author of the upcoming book "Realities of Securing Big Data". Davi is a frequent top-rated public speaker and in 2018 he established the Excellence in Humanitarian Service Award at the RSA Conference; inaugural award was for building and managing resilient encryption systems that were instrumental to ending South African Apartheid. While serving as a Dedicated Paranoid at Yahoo! and responsible for managing security for hundreds of millions of mobile, broadband and digital home products, he invented an ephemeral authentication system for IoT that is in ubiquitous use today. An expert in governance, assessments, audit and compliance leadership Davi was a qualified PCI DSS and PA-DSS assessor (QSA and PA-QSA) for 7 years, and former Board Member for the Payment Card Industry Security Alliance and the Silicon Valley chapters of ISACA and OWASP. He received his postgraduate academic Master of Science degree in International History from the London School of Economics.
Rich Mogull has 20 years of experience in information security, physical security and risk management. He specializes in cloud security, application security, security automation, security management and data security. Prior to founding Securosis, Rich was a Research VP at Gartner on the security team where he also served as Research Co-Chair for the Gartner Security Summit. Rich has worked as an Independent Consultant, Web Application Developer, Software Development Manager at the University of Colorado, and Systems and Network Administrator. Rich is the Security Editor of TidBITS, a monthly columnist for Dark Reading. He is a frequent industry speaker at events including the RSA Security Conference and DEFCON, and has spoken on every continent except Antarctica. A University of Colorado graduate with a degree in history, Rich's interests outside of information security include martial arts and triathlons.
Jennifer has more than 15 years of experience working in various areas of the technology industry. She has received many awards including Tech Woman of the Year 2014 NCTA, Top Ten Power Players: Women in Security 2014 SC Magazine, and Top Influencers in Security 2015. In addition to being an author of the (ISC)2 Official CISSP Courseware, Jennifer is also a cover co-author of "Low Tech Hacking". Jennifer is the VP of Engineering and Consulting CISO with Carolina Advanced Digital, Inc. Jennifer also consults for a variety of government agencies, educational institutions and Fortune 100 and 500 corporations. In her free time, she enjoys painting, reading, and competitive ballroom and swing dancing.
Tim Medin is the founder and Principal Consultant at Red Siege, a company focused to adversary emulation and penetration testing. Tim is also the SANS MSISE Program Director and a course author. Through the course of his career, Tim has performed penetration tests on a wide range of organizations and technologies. He gained information security experience in a variety of industries including previous positions in control systems, higher education, financial services, and manufacturing. Tim is an experienced international speaker, having presented to a organizations around the world. Tim is also the creator of the Kerberoasting, a technique to extract Kerberos tickets in order to offline attack the password of enterprise service accounts. Tim earned his MBA through the University of Texas.
Stephen has over 30 years of experience including building and leading worldwide teams, and designing/running some of the world's largest Internet services. Over the last 11 years he has led global engineering teams focused on massively scalable cloud systems and computer security.
In his most recent position, Stephen was SVP of Engineering at Symantec. In that role, he created their first ever cloud platform, including building out new data centers, linked together by a carrier-grade network backbone, and developing a new secure cloud platform that was the foundation of all new SaaS security offerings. He also developed a big data analytics platform that could handle real-time ingestion of security data, as well as creating a queryable data lake for Symantec’s threat intelligence data. In addition, he was also responsible for all existing "cloud" operations for Symantec's security offerings ($1B in combined revenue).
Before that, he was Director of Security Engineering for Google. There he was responsible for Internet Governance (as only one of two people in the company authorized to change Google’s DNS), PKI, product security for Commerce and YouTube, and some incident response, vulnerability management and acquisition integration. Prior, he led a worldwide team focused on keeping Google services operational 24x7 — including Maps, YouTube and Video, Crawling/Indexing and Logging. He built that team from 1 person to a global organization that spanned from Zurich to Sydney.
Before Google, he was the Chief Architect for Netflix's initial electronic delivery system — the very first system to deliver movies over the Internet.
Stephen has also been a VP of Engineering (VPE) for Emasys (semiconductor management software), VPE & CTO for Fort Hill Systems (formerly known as CacheWare — an Internet content distribution company), and VPE, VP of Professional Services & CTO for Advanced Software Technologies.
Previously, Stephen held engineering management and development positions at Ordain, Standard Logic, MSI Data Corporation, Rockwell, Pertec and Chevron.
Stephen received his undergraduate degrees in Physics and Geology from Chapman University and his Master's degree in Computer Science from University of California, Irvine.
Raffael Marty is chief research and intelligence officer at Forcepoint. He brings more than 20 years of cybersecurity industry experience across engineering, analytics, research, and strategy to the company. Marty leads Forcepoint X-Labs, a specialized group that is dedicated to behavior-based security research and developing predictive intelligence to differentiate Forcepoint's human-centric product portfolio.
Prior to Forcepoint, Marty ran security analytics for Sophos, a leading endpoint and network security company, launched pixlcloud, a visual analytics platform, and Loggly, a cloud-based log management solution. Additionally, Marty held key roles at IBM Research, ArcSight and Splunk and is an expert on established best practices and emerging innovative trends in the big data and security analytics space. Marty is one of the industry's most respected authorities on security data analytics, big data and visualization. He is the author of Applied Security Visualization and is a frequent speaker at global academic and industry events.
Marty holds a master's degree in computer science from ETH Zurich, Switzerland and is a student of the Japanese tradition of Zen meditation.
A security industry pioneer, Chad brings over 20 years of experience leading high-growth tech companies. Chad is the co-founder and CEO of Habitu8, a startup bringing a new approach to security awareness training. Prior to founding Habitu8, Chad co-founded Rapid7, a leading cyber-security company whose products are used today in over 120 countries. As VP of Engineering, Chad helped lead Rapid7 from a 3-person, privately-backed startup to a successful $900MM IPO in 2015.
Shannon Lietz is an award-winning security innovator and leader experienced in developing emerging security programs for Fortune 500 companies, including Intuit, ServiceNow, Sony, Sempra, Savvis, Cable & Wireless, 99 Cents Only, Exodus, and Bank of America, among others internationally. She received the Scott Cook Innovation Award in 2014 for developing and cultivating a world-class cloud security program for protecting sensitive data in AWS. Lietz is currently the Director of DevSecOps at Intuit responsible for driving the company’s Cloud Security Strategy and Program in support of corporate innovation. She has previous experience as a Master Security Architect, an Entrepreneur, and often volunteers to educate on security topics. Lietz is a passionate DevSecOps and Rugged Evangelist.
Dave has two decades of industry experience, including extensive experience in IT operations and management. Currently, Dave is a Global Security Advocate for Akamai Technologies. He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. Dave writes a column for Forbes and the Huffington Post.
Justin Leapline has over twenty years of experience involving system administration, software development, and information security. His core skills include regulatory and contractual compliance within the information security realm, security program management, payment card standards, and general governance practices and frameworks.
Justin currently leads up the PCI Practice at TrustedSec; a company focused on information security guidance. Before joining TrustedSec, he has been involved with numerous Fortune 1000 companies in the areas of information systems, audit, governance and information security and has led the governance and security practices for large eCommerce and financial services companies.
Additionally, Justin has spoken extensively at conferences concerning risk management, the payment card industry, and general information security practices.
Adrian is the CTO of the boutique analyst firm Securosis. Adrian has practiced security for twenty years, with prior experience as the CTO of the database security company IPLocks, VP Engineering at the web commerce firm Touchpoint, CTO/CIO of CPMi (A Raymond James brokerage), and CTO of encryption & DRM firm Transactor. Adrian is known for his depth of knowledge in data security, database (RDBMS & NoSQL) security, security monitoring, assessment, and secure application development. Adrian presents at most major security conferences, and has blogged for Dark Reading and Information Week. Adrian is a Computer Science graduate of the University of California at Berkeley with post-graduate work in operating systems at Stanford University. Adrian is an avid runner, mountain biker and maintain a farm in his back yard, but we suspect he is really too busy with his regular Securosis blogs, webcasts and research papers to ever leave his desk.
Peter Kuper is a Partner with In-Q-Tel. Peter actively seeks and works with private companies with a particular focus on security and enterprise software. Peter was the Lead Software Analyst for Morgan Stanley where he published industry leading investment reports and led over 18 public transactions. In total, Peter was a Wall Street analyst for 15 years offering him the opportunity to work with some of the most talented executives of both public and private companies. As a visible voice for the software industry, Kuper has given numerous presentations to professional and government groups and has been interviewed on CNBC, Bloomberg Television, and quoted in The Wall Street Journal, BusinessWeek, and The Financial Times. He has also published articles in IEEE Magazine. Peter currently serves as an Advisor to the Pacific Northwest National Lab.
Dave is the President and CEO of TrustedSec, an information security consulting company. David was a Chief Security Officer for an international Fortune 1000 company located in over 77 countries with over 18,000 employees. David developed a global security program with a large dedicated team. He is considered a thought leader in the security field and has presented at many conferences worldwide and had guest appearances on FoxNews, BBC, and other high-profile media outlets. David is the Founder of DerbyCon, a large-scale security conference in Louisville, KY. He also authored Metasploit: The Penetration Testers Guide, which was number one on Amazon.com in security for over 6 months. David is a founding member of the "Penetration Testing Execution Standard (PTES)," the industry leading methodologies and guidelines for performing penetration tests. Dave received a BA of Arts from Malone University in Ohio. Dave has many certifications including OSCE, QSA, OSCP, CISSP, ISO 27001, GSEC, and MCSE. Dave also served in the Marines for five years working on intelligence related missions. He enjoys scuba diving, handy work, Destiny, fine bourbons and getting away to the country without cell reception.
Ondrej Krehel is the CEO and Founder of LIFARS LLC, an international cybersecurity and digital forensics firm. He’s the former Chief Information Security Officer of Identity Theft 911, the nation’s premier identity theft recovery and data breach management service. He previously conducted forensics investigations and managed the cyber security department at Stroz Friedberg and the Loews Corporation. With two decades of experience in computer security and digital forensics, he has launched investigations into a broad range of IT security matters—from hacker attacks to data breaches to intellectual property theft. His work has received attention from CNN, Reuters, The Wall Street Journal and The New York Times, among many others.
Kevin has over 15 years of experience within security working with and performing services for Fortune 100 companies and draws upon his development and system administration background. Kevin is the CEO and Principal Security Consultant with Secure Ideas. Previously, Kevin was a Senior Instructor at SANS and the author of "Security 542: Web Application Penetration Testing and ethical Hacking." Other current speaking engagements include DEFCON, ShmooCon as well as Infragard, ISSA and the University of Florida. He founded BASE (web front-end for snort analysis) as well as Samurai WTF live DVD (live environment focused on web pen testing). Two additional projects Kevin founded are Yokoso and Laudanum, which are focused on exploit delivery. In his free time, Kevin enjoys spending time with his family and is an avid Star Wars fan and member of the 501st Legion (Star Wars charity group).
Rebecca has 25+ years of information privacy, security and compliance experience. She's received many awards including Computerworld's "Best Privacy Advisers In The World." Rebecca is currently writing her 17th published book. She founded The Privacy Professor® in 2004, and co-founded SIMBUS Information Security and Privacy Services which launched in 2015. Rebecca has led the NIST SGIP Smart Grid Privacy Subgroup since mid-2009, and is in the NIST Privacy Engineering group. Rebecca is Secretary for the IEEE P1912 Standard for Privacy and Security Architecture for Consumer Wireless Devices group. Rebecca has been Adjunct Professor for the Norwich University Master of Science in Information Security & Assurance (MSISA) program since 2005. Rebecca has a B.S. in Math and Computer Science from the University of Central Missouri and an M.A. in Computer Science and Education from the University of Northern Iowa. In her free time, Rebecca enjoys renovating old houses, farming, gardening and traveling.
The first 25 years of Rich Guida's total of 46 years of professional experience were spent in the Navy Department. He was responsible for technical, regulatory, environmental, and security aspects of nuclear propulsion aboard submarines and aircraft carriers. Rich was appointed to the Senior Executive Service in 1989, and received a Presidential award in 1996. He left government service in 2001 to join Johnson & Johnson, from which he retired in 2011 as VP, Worldwide Information Security (J&J’s Chief Information Security Officer). Since retiring from J&J, Rich has consulted in the pharmaceutical, retail, financial, and telecommunications sectors. He served on the Commerce Department's Information Security and Privacy Advisory Board (2000-2005), and the U.S. Army Science Board (2011-2015). He is a CISSP, and in 2016 authored the book “The Entropy Police: Practicing Information Security in the Enterprise.” Rich has a BS in Electrical Engineering/Computer Science and an MS in Nuclear Engineering from MIT; and an MBA from The George Washington University. In his free time, Rich enjoys military history, playing the piano, and video games.
Martin Gomberg has spent over thirty years in technical operations, as Vice President of Technical Strategies for a major bank, seventeen years as CIO for a major cable television and media brand, several as a business protection, information security, data governance and privacy executive, founding member of the CIO Executive Council, and recently as vice chair of the U.S. State Department Overseas Security Advisory Council for the Media and Entertainment Industry. He has been an active speaker, author, workshop leader and blogger on operational security, crisis management, business continuity and the protection of company consequential data, domestic and global. He is the recipient of the 2013 Member Appreciation Award from the CIO Executive Council for Outstanding Contribution to the Profession. In addition, in 2016 Marty completed CIPP/E certification with Institute of Applied Privacy Professionals covering European privacy. In Marty’s free time, he spends it in the European caves looking at prehistoric paintings. He has made 3 trips to date through northern Spain and Southern France and in the Pyrenees and have visited about 24 caves. In between trips throughout Europe, Marty is also an avid wine collector.
As Sumo Logic's Chief Security Officer, George Gerchow brings over 20 years of information technology and systems management expertise to the application of IT processes and disciplines. His background includes the security, compliance, and cloud computing disciplines. Mr. Gerchow has years of practical experience in building agile security, compliance and, modern day Security Operation Centers in rapid development organizations. These insights make him a highly regarded speaker, and invited panelist on topics including DevSecOps, cloud secure architecture design, virtualization, compliance, configuration management, and operational security and compliance. George has been on the bleeding edge of public cloud security and privacy since being a co-founder of the VMware Center for Policy & Compliance. Mr. Gerchow is also an active Board Member for several technology start-ups and the co-author of the Center for Internet Security - Quick Start Cloud Infrastructure Benchmark v1.0.0 and the MISTI Fundamentals in Cloud Security. He is a Faculty Member for IANS (Institute for Applied Network Security) and Cloud Academy.
John has 30+ years of experience in information technology at Fortune 500 companies such as General Electric, Liberty Mutual, United Technologies, and Textron. John is a Certified Information Systems Security Professional (CISSP) from ISC2, Certified Information Security Manager (CISM) from ISACA and is also certified in ITL, LEAN Six Sigma and Project Management from George Washington University. He has a Bachelor's of Science in IT, done graduate work at Harvard, and has two Master degrees, the most recent an MBA from Boston University.
Ron Dilley is a leading information security practitioner and thought leader with more than two decades experience building and implementing information security practices for global companies, overseeing and revitalizing infosec teams and advising on mergers, acquisitions and divestitures from an infosec perspective. In the constantly changing infosec landscape, Ron is dedicated to staying abreast and ahead of current and emerging threats across all relevant technologies.
Dennis Devlin is a former CISO with nearly five decades of accomplishment leading enterprise IT and information risk management in both private industry and higher education. Dennis has built and led teams that delivered highly successful enterprise-class initiatives and programs in information security, privacy, identity management, messaging, business continuity and emergency notification. During his career Dennis was co-founder and CISO of SAVANTURE, Assistant Vice President for Information Security and Compliance Services at George Washington University, CISO for Brandeis University, Vice President and CSO for The Thomson Corporation (now Thomson-Reuters) and a member of the senior IT leadership team at Harvard University. Dennis holds a B.A. from the University of Pennsylvania and his outside interests include digital photography and world travel.
Rocky DeStefano serves as Cloudera’s subject matter expert on cybersecurity. Mr. DeStefano was a member of the USAF and subsequently supported AFCERT as part of the Incident Response Team. Rocky founded and led the Global Security Operations Center for EDS and has supported cybersecurity advancement in notable companies such as ArcSight, NetWitness, RSA and Visible Risk. At every step in his career, Rocky's focus has been to continually enhance visibility and detection solutions to defend the enterprise.
Dr. Jared DeMott is the founder of the security company, Vulnerability Discovery & Analysis (VDA) Labs. DeMott is a former NSA security analyst, Microsoft BlueHat Prize winner, and was the CTO at Binary Defense. He’s frequently quoted in media, and invited to speak at security events. You'll find fingerprints of his work across the InfoSec community: fuzzing, code auditing, exploitation, incident response, malware analysis, pentests, threat intelligence, and security training. When DeMott isn’t leading a project, or bypassing a security control, he’s enjoying time with his family outdoors.
Bill is a Senior Manager in LBMC’s Information Security Services division and is responsible for incident response, digital forensics, electronic discovery and overall litigation support. Bill has more than 20 years of information technology experience with a specialty in information security and digital forensics for the past 10 years. Prior to LBMC, he served as the Director of Security Assessments and Digital Forensics for Sword & Shield Enterprise Security Inc. Bill was also the founder of Forensic Discoveries, before merging with Sword & Shield Enterprise Security and served as a senior security analyst responsible for information security for a large healthcare organization. In these roles, he was responsible for digital forensics to support litigation, incident response services, penetration testing, and overall security defense posture. Bill's roles have included delivering penetration testing and incident response services to companies around the world. Additionally, he consults with organizations of all sizes in security topics related to endpoint protection, vulnerability assessments, network forensics, incident response and overall hardening and monitoring of infrastructures. Lastly, Bill conducts digital forensic investigations and electronic discovery services to support litigation efforts. In these roles, he has been qualified as an expert witness in Federal Courts and Tennessee State Courts. Bill is a frequent speaker and published author on the topics of computer security, digital forensics and electronic discovery for numerous legal and technical associations. Additionally, Bill is a Certified Computer Examiner (CCE), GIAC Certified Incident Handler (GCIH), GIAC Certified Penetration Tester (GPEN) and GIAC Certified Forensic Analyst (GCFA). He is also an active member of the International Society for Forensic Computer Examiners and InfraGard Board member. Bill holds an A.S. in Computer Science from Walters State Community College and a BS in Information Technology from Information Technology.
Joshua Corman is a Founder of I am The Cavalry (dot org) and Director of the Cyber Statecraft Initiative for the Atlantic Council. Corman previously served as CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. Josh's unique approach to security in the context of human factors, adversary motivations and social impact has helped position him as one of the most trusted names in security. He also serving as an adjunct faculty for Carnegie Mellon’s Heinz College and on the 2016 HHS Cybersecurity Task Force.
Steve Coplan has over 16 years of IT industry experience, with a strong focus on identity, data security and cloud services - bringing a set of perspectives on enterprise security developed through stints as a consultant, product marketer, industry analyst and corporate strategy executive. He is currently principal of Khova Consulting, providing strategic advisory services to help information security vendors, end users and investors navigate the information security landscape. As an industry analyst at 451 Research in various roles since 2001, Steve was pivotal in establishing the firm as a leading source of analysis and insight on shifts in the information security market, focusing on the ripple effects on identity management and data security from IT shifts. Steve's industry analyst years were interspersed with product marketing and strategy turns at Whale Communications (acquired by Microsoft in 2006) and cloud security gateway vendor Vaultive, before moving into a more consultative role with a hands on focus. Before starting Khova, Steve worked on business and portfolio strategy team for the CA Technologies' security business unit, focusing on M&A and new product initiatives.
Andy has extensive experience in IT audit, security governance and application development. After beginning his career in financial audit at a Big 4 accounting firm, Andy quickly moved into the IT audit field, where he gained over 15 years of experience working in both public accounting and private industry.
About five years ago, Andy moved into a senior director role where he worked in security governance for a multibillion-dollar retailer. During this time, he has performed PCI audits, drafted and published IT policies, procedures and awareness campaigns, and managed the user administration process for business-critical applications. He has also worked very closely with the Risk Assessment team to manage third-party risk, implement a new privileged access management system and deploy a GRC tool. Andy has also developed a continuous-controls monitoring tool from the ground up. Recently, Andy joined an investment banking firm to build out their third-party risk management and identity and access management processes.
Bruce Bonsall is an accomplished Fortune 100 CISO and trusted security advisor to global enterprise CEOs and senior management across many industries. A respected security strategist and expert in governance, risk, privacy, resiliency and compliance, Bruce has a proven track record designing and implementing progressive, cost effective countermeasures to protect assets and reduce costs. His accolades include National Information Security Executive of the Year in 2006, 2008 Top 25 Most Influential People in Security, and the Number 1 ranking in the InformationWeek 500 "Information Security/Privacy" category. Bonsall has performed 100+ IANS CISO Impact reviews and with 30 years in the industry, his experience encompasses every facet of Information Security across nearly all industries. He’s an accomplished outdoorsman, average golfer, and champion of the US Constitution, a patriot, and Cyber Patriot mentor.
Kevin Beaver, CISSP is an independent information security consultant, writer, professional speaker, and expert witness with Atlanta, Georgia-based Principle Logic, LLC. With over 30 years of experience in IT and 24 years in information security, Kevin specializes in performing independent security assessments to help businesses minimize their IT risks, take the pain out of compliance, and uncheck the checkboxes that continue to create a false sense of security. Kevin has written/co-written 12 books on information security including the best-selling Hacking For Dummies (recently updated to its 6th edition) and The Practical Guide to HIPAA Privacy and Security Compliance (currently in its 2nd edition). He has written over 1,000 articles on information security and serves as a regular contributor to websites such as TechTarget's SearchSecurity.com, Ziff Davis' Toolbox.com, and IBM's SecurityIntelligence.com. Kevin has a B.S. in Computer Engineering Technology from Southern College of Technology and a M.S. in Management of Technology from Georgia Tech. In his free time, Kevin races cars in the SCCA Spec Miata class and also enjoys karting, riding dirt bikes, and snow skiing.
Aaron Turner is a multi-decade veteran of the InfoSec community with significant experience in the fields of identity and access management, mobile device security, embedded system vulnerabilities, IoT security and international cybersecurity risk management. Starting as an independent penetration tester in the early 1990's, he went on to work at Microsoft in the days before the company had formal security teams. During the massive worm attacks of the early 2000's, Aaron helped found many of the Microsoft Security teams, start security programs and eventually was responsible for all interactions between Microsoft and its customers' CISOs. In 2006, he was invited to participate in a new research project at the Idaho National Lab, funded by DHS, DOE and DOD, to investigate how the system vulnerabilities in commodity software and hardware impact critical infrastructure such as the national power grid, cellular communications networks and other utilities. While at INL, Aaron co-invented a contactless payment technology which he later spun-out of the INL in 2008 as a venture-backed company called RFinity, with that technology eventually licensed on to others. In 2010, Aaron founded IntegriCell to focus on cellular network vulnerability research and established a management consulting practice that delivered unique vulnerability intelligence to customers. Aaron founded Terreo in 2014 as an Internet of Things security product development company, and patented a series of inventions which captured radio frequency transmissions from IoT devices. In 2015, Verifone acquired Terreo and made Aaron the VP of Security Products R&D with a focus of applying the Terreo technologies to helping manage the risks posed by credit card skimmers. In 2017, he left Verifone and refocused his efforts on his IntegriCell research, specifically around applying Machine Learning to the massive data sets created by mobile and IoT devices. Aaron has testified before congress to help set policy for US critical infrastructure protection.
Mike has been in the information security industry for over 10 years. He is currently President and Analyst at Securosis, a firm exclusively focused on information security and research analysis. He started Security Incite in 2006 to provide the "voice of reason" in what was considered an overhyped, yet underwhelming security industry. After a brief detour as SVP, Strategy and Chief Marketing Officer at eIQNetworks, Mike joined Securosis at the start of 2010 with a "rejuvenated cynicism" about security. In 2007, Mike published "The Pragmatic CSO" to introduce technically oriented security professionals to the nuances of what is required to become a senior security professional.
Josh has more than eighteen years of experience in security, IT, development and system and network administration. Currently, he runs Eyra Security, a security and business improvement consulting firm based in Minneapolis, MN. Josh holds several security and technical certifications and has served in a leadership position on several security-focused groups. He has written several books on I.T. and Information Security, with the aim of applying to I.T. lessons learned from outside the core discipline, such as Agile/Lean Principles, Natural History, Psychology, Economics and Complexity Science. Josh specializes in the overlap between security and business practices, including vendor/customer management, technology transitions, and security as competitive advantage.
Jason has over 15 years of industry experience including software design, architecture, and security testing. He graduated from Royal Military College of Canada where he earned his Bachelor of Engineering. Jason was the tech lead for Bank of America's Security by Design team for several years, and is currently a Senior Security Consultant at Secure Ideas, LLC. He is author of many extensions for Burp Suite, and is a contributor to several other projects including SamuraiWTF, MobiSec, and Laudanum. Jason has spoken multiple events including BSides and ISSA Charlotte.
Dave is Lead Faculty at IANS. He is the Founder and Principal Consultant with Voodoo Security, and has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. Dave is also a SANS analyst, instructor, and course author, as well as a board member with the SANS Technology Institute. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. He's the author of the Sybex book "Virtualization Security: Protecting Virtualized Environments", leads the Atlanta chapter of the Cloud Security Alliance, and co-chairs the CSA Top Threats to Cloud Working Group. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies. Dave has his CISSP and SANS GIAC, and received his Bachelor's degree in Microbiology/Psychology and Computer Information Systems, and also has an MBA from GA Tech, GA State, and Kennesaw State University. When he has time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).
Mark has over 25 years of experience in information technology, information security, and cybersecurity spanning small businesses to the Fortune 25 from the data center to the board room. Currently, Mark is leading Cyber Risk Research LLC a consultancy and cyber security R&D organization. Previously he was the CEO and co-founder of Soltra, a software company in the Cyber Threat Intelligence space. He was the CISO for the Depository Trust and Clearing Corporation and held senior roles at Citigroup including running the global security incident response team. Mark has testified before congress three times on cybersecurity policy and is a frequent speaker on cybersecurity and technology risk management forums globally.
