For the security practitioner caught between rapidly evolving threats and demanding executives, IANS is a clear-headed resource for decision making and articulating risk. Grounded in real-world experience, we help CISOs and their teams by delivering unbiased, practical advice and the ability to speak with IANS Faculty practitioners who understand your challenges.Our Story
End-User Decision Support is our flagship offering delivered through an annual subscription service designed for CISOs and their teams. IANS connects you with independent experts and practitioners who have ‘been there, seen it, and done it,’ enabling you to accelerate your capabilities and make informed decisions.
We connect you with the right IANS Faculty member who can answer your questions in a one-one-one call or written report. They'll share a point of view on a product or technology, provide recommendations for action, and help you come to a decision.Learn More
How do you speak intelligently with executives and board members who aren't fluent in security lingo? Covering InfoSec topics from key news publications, IANS uses business language to help you brief the C-suite and key internal stakeholders.Learn More
Get started quickly on a variety of common information security initiatives. Our tools, toolkits, templates, checklists, matrices, and maps provide the practical support you need to build your action plan.Learn More
IANS Decision Support clients have access to the Insights Portal, a resource with content organized by topic and product type. The portal includes Ask-An-Expert Writeups, Faculty Reports, Content Aggregator slides, Executive Communications materials, Podcasts, Tools and Templates, Topic Guides and Webinar Replays.Learn More
We work with you to shape engagements and provision them with the right IANS Faculty experts. Your project will never be staffed with junior level consultants. Our expertise is built from hands-on experience. We staff your project with doers who recommend actions, and then help you take them.
Understand what’s working well and what needs attention with comprehensive review of technical controls in place, governance, and process along with a roadmap of recommended action.Learn More
Our events feature IANS Faculty members who offer a breadth of in-the-weeds advice and high-level guidance for the entire security team. Designed for you to engage with like-minded security professionals in a supportive environment, you’ll learn from a variety of industry approaches and use cases.
My old Navy flight instructor once told me that “not making a decision IS a decision”. That stuck with me. His words come to mind when I consider Washington, DC’s stalled approach to protecting consumer privacy and regulating the downside of new technologies, including facial recognition, machine learning and AIRead The Blog
We help CISOs and their teams make well-informed decisions. Our insights come from IANS Faculty practitioners, who are living your challenges and deliver deep-domain, actionable advice on a wide range of security topics.
Children's Hospital and Clinics of Minnesota
With close to 100 end-user security events annually, we are unmatched in the level of peer-to-peer interaction we offer our clients. We provide a safe environment to network, share experiences and discuss challenges.Learn More
IT governance management professional with strong business acumen, employing a pragmatic and consultative approach. Risk and controls experience rests on a foundation of solid experience within corporate IT. Leveraged collaboration skills to involve all silos of the company, including legal, CFO, customer service, business operations and information technology, to promote management awareness and facilitate remediation efforts. Motivated by the challenge of identifying opportunities to significantly improve and streamline business operations, while working effectively with the business stakeholders responsible for implementing the process improvement or controls
IANS Faculty members are expert information security practitioners. Their insights are based on real-world experiences. They understand the key issues you face and deliver actionable recommendations, research, and step-by-step guidance.Learn More
John is the Owner of Black Hills Information Security (BHIS) where he leads the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development. He is also a SANS Institute Senior Instructor. In these roles, John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.
In his free time, John enjoys mountain biking, AT Skinning (or Ski Touring) and ranching.
Security is all we do, and it always has been. What matters to the CISO and team matters to us. We specialize in providing in-depth knowledge and practical insights you can use both with your team and when interacting with the C-suite.Learn More
Janet Oren leads global cybersecurity initiatives at Legg Mason Global Asset Management. Her career path includes 32 years at the National Security Agency (NSA) where she was responsible for the protection of classified information and other cybersecurity standards. She on large weapon systems; wrote national encryption policy; and was the senior cybersecurity representative in the NSA’s 24-hour watch center. In between NSA and Legg Mason, she was a managing director at PricewaterhouseCoopers.
This group of over 60 hands-on practitioners understands the key issues you face and delivers actionable recommendations, research, and step-by-step guidance on achieving fast and successful results.
Matt is the Chief Security Officer of Public Cloud at Palo Alto Networks where works with organizations to develop and implement security strategy for public cloud adoption and maturity. He has extensive experience in information security leadership and blogging. Matt currently leads the Cloud Threat team which is an elite group of security researchers exclusively focused on public cloud concerns. He also serves as an advisory board member for Rutgers University's Cybersecurity Certificate program.
Matt identifies as a personal growth junkie who enjoys exercising in his free time. For his first job, he directly approached the CEO of Johnson & Johnson and got the job!
Wolf is an Advisory CISO of Duo Security, the leading provider of unified access security and multi-factor authentication delivered through the cloud. He has held senior management roles in IT and IT security in the financial services and healthcare verticals. In addition, Wolf has held senior leadership roles in consulting firms specializing in identity and access management, governance risk and compliance, and security programs. Wolf advises clients primarily in risk management, incident response, business continuity, and secure development.
Chris is the Co-Founder and CEO of LARES Consulting, an information security consulting firm that leverages a blend of assessment, testing, and coaching. He also serves on the Board of Directors at CREST, an international not-for-profit accreditation and certification body that represents and supports the technical information security market.
In his free time, Chris can be found out on the ski slopes or playing with his dogs.
Justine is the CEO of MedSec, a company focused on medical device security management and the delivery of security solutions to healthcare delivery organizations and medical device manufacturing companies. She also serves as a member of HP’s Security Advisory Board, a member of BlackHat’s USA Guest Review Board, and as an advisor to technology startups.
Justine is a New Zealander by origin, an ex-professional ballet dancer, and mother of three boys.
Bryson is the CEO and Founder of SCYTHE, a start-up building a next generation attack emulation platform, Chairman, Founder, and Former CEO of GRIMM (SMFS, Inc.), a boutique cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is also an Advisor to The Army Cyber Institute at West Point and a National Security Institute Fellow. Formerly, as a U.S. Army Officer, Bryson served as a tank commander and a leader of a tactical communications platoon as well as a Battle Captain and Brigade Engineering Officer supporting Operation Iraqi Freedom.
In his free time, Bryson competes in Jiujitsu. He also was an amateur clown.
Even when his job title has indicated otherwise, Mick Douglas has been doing information security work for over 10 years. He received a bachelor's degree in communications from Ohio State University. He is the managing partner for InfoSec Innovations.
He is always excited for the opportunity to share with others so they do not have to learn the hard way! By studying with Mick, security professionals of all abilities will gain useful tools and skills that should make their jobs easier. When he's not "geeking out" you'll likely find Mick indulging in one of his numerous hobbies; photography, scuba diving, or hanging around in the great outdoors.
As the Global Director for the Microsoft Enterprise Cybersecurity Group, Jonathan leads Microsoft’s team of worldwide security advisors who provide strategic direction on the development of Microsoft security products and services and deliver deep customer and partner engagements around the globe. He serves as a member of Microsoft’s Internal Risk Management Committee and is a principle author of the Microsoft Security Intelligence Report.
Jonathan joined Microsoft in 2016 as an experienced information security executive bringing more than 17 years of public and private sector experience. Trull was Vice President and CISO with Optiv, where he was responsible for developing and executing the company's information security strategy and program. Prior to his role at Optiv, Trull was the Chief Information Security Officer (CISO) for Qualys where he was responsible for securing infrastructure and products, bringing security best practices to customers, providing strategic direction on the development of the QualysGuard Security Platform, achieving FedRAMP certification of the Qualys cloud platform, researching real world threats and providing guidance on how to address them.
Trull has established himself as an innovative security leader and was recently named by the SANS Institute as one of the "People Who Made a Difference in Cybersecurity." He serves as an advisor to several security startups and venture capital firms, participates in the Cloud Security Alliance Top Threats Working Group, and has spoken at major security events such as RSA, Black Hat, Gartner, CSO50 and SANS. He is also the principal author of the Center for Internet Security Azure Security Foundations Benchmark and several open source security tools. Trull is a Certified Cloud Security Professional (CCSP), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and an Offensive Security Certified Professional (OSCP). He earned a master's degree from the University of North Texas and a bachelor's degree from Metropolitan State University of Denver.
Josh is Co-Founder and COO of Red Lion, an information security advisory and consultancy company. An internationally recognized digital forensics expert, Josh has strategized and performed on government corruption, bad compliance, protecting mission-critical data, and everything in between. Likewise, he has presented on topics ranging from Facial Recognition and National Security to audiences from government agencies, law enforcement, Fortune 5 companies, and many others.
In his free time, Josh enjoys target shooting, blacksmithing, blade making and other crafts. He has also practiced horse dentistry, broom making and historic preservation. As a former police officer and firefighter, Josh worked in the former NYC Twin Towers and in Louisiana during Hurricane Katrina. He also helped his family in New Jersey during Hurricane Sandy.
Philip is senior vice president of an offensive security research group at a multinational, Fortune 500 financial services company. He is a leading expert and thought leader in mainframe cyber security with a special focus on the z/OS platform. Philip has built mainframe security programs for multiple Fortune 100 organizations using both vendor and public toolsets. Philip also develops information security coursework to educate the next generation of practitioners, raises awareness about mainframe security, and encourages more organizations to effectively prioritize their risk profiles.
In his free time, Philip enjoys retro art, computing, gaming, and swimming with his two boys.
Jake is the Founder, President, and Principal Analyst of Rendition Infosec, an information security consultancy. He also sits on the Vulnerability Review Board at Peerlyst, a startup social networking platform exclusively for security professionals. Jake is a prolific speaker and instructor on a variety of information security topics such as reverse engineering malware, memory forensics, threat intelligence, and advanced exploit development.
Justin Wilder is a Vice President with In-Q-Tel, a non-profit strategic investor serving the Intelligence Community, where he oversees a portfolio of innovative cybersecurity companies solving complex challenges at the intersection of National Security and Commercial Industry. Justin has led the research and technical diligence exploring a number of domains leading to developmental investments shaping numerous Digital Forensics, Behavioral Analytics, Endpoint Protection, Orchestration and Automation, and Software Assurance early stage startups. His cybersecurity experience spans twenty years in service of Academic, Fortune 50, DoD, Federal, and Intelligence clients as a developer, engineer, advisor, and entrepreneur. Justin received his Bachelor’s degree in Electrical Engineering from the University of Maryland, College Park and his Master’s degree in Computer Science from George Washington University.
Ken is the President and Principal Consultant of KRvW Associates, LLC, an independent information security consulting company, and a Visiting Scientist at Carnegie Mellon University. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. Ken is a frequent speaker at technical conferences, and has presented papers and training for CSI, ISF, USENIX, FIRST, CERT, among others.
Ken is a dual citizen of the EU (England) and the USA and holds a current U.S. Department of Defense TOP SECRET clearance.In his free time, Ken enjoys travel, cooking, Saints football, and spoiling a couple of basset hounds. He also volunteers his time teaching firearms safety as an NRA certified instructor.
Joff is a Security Analyst and Penetration Testerat Black Hills Information Security (BHIS). He has extensive experience covering intrusion prevention/detection systems, infrastructure defense, vulnerability analysis, defense bypass, source code analysis, and exploit research. He is also an Instructor at the SANS Institute where he primarily teaches the use of Python for information security purposes.
When Joff isn’t working or co-hosting the Security Weekly podcast, he enjoys making music and woodworking.
Kelli is a Principal Consultant and Co-Founder of Enclave Security, an information security consulting firm specializing in governance. As a security architect and project manager, she specializes in IT audit, governance, policy library development, and information assurance strategies. She is a courseware author for the SANS Institute as well as one of the lead technical editors for the Center for Internet Security’s Critical Security Controls. She is also the lead author for many of the governance resources and creator of tools and policies at AuditScripts.com. You can follow her on Twitter @KelliTarala
Kelli enjoys the Florida lifestyle including kayaking, paddle boarding, and snorkeling. She also likes to run and read mysteries and science fiction.
James is Principal Consultant, Co-Founder, and President of Enclave Security, an information security consulting firm specializing in governance that is based in Venice Florida. As a consultant, he has focused on architecting and assessing large enterprise IT security and infrastructure architectures. He has also assisted organizations in security management, operational practices, and regulatory compliance issues. He often performs independent security audits and assists internal audit groups in developing their internal audit programs. James also serves as a Senior Instructor, Course Author, editor, and regular speaker with the SANS Institute.
In his free time, James enjoys the Florida sunshine, spending time outdoors (away from computer screens), running, and exercising.
John is the Owner of Black Hills Information Security (BHIS) where he leads the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development. He is also a SANS Institute Senior Instructor. In these roles, John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.
In his free time, John enjoys mountain biking, AT Skinning (or Ski Touring) and ranching.
Caleb is the founder and CEO of Bluebox Security. Before founding Bluebox Security Caleb was an EIR at Andreessen Horowitz. Prior to this, Sima was CEO of Armorize Technologies, an internationally acclaimed, SaaS based malware monitoring and code security analysis firm headquartered in San Francisco. Before his tenure at Armorize, Sima served as chief technology officer for HP's Application Security Center and was responsible for directing the lifecycle of the company's web application security solutions. Sima joined HP after the company he founded SPI Dynamics was acquired in 2007. Prior to founding SPI Dynamics, Sima worked for Internet Security Systems' elite X-Force R&D team and as a Security Engineer for S1 Corporation. Outside of work, Caleb enjoys poker, car racing and motorcycles.
Adam is a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped found the CVE and many other things. He's currently helping a variety of organizations improve their security, and advising and mentoring startups as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security and the co-author of The New School of Information Security.
Glen has nearly 30 years of operational security leadership experience, with the past 15+ exclusively focused on cyber operations and capability, in the enterprise. Glen’s early professional experience spanned from leading special operations Marines across distant beaches to being responsible for global cyber operational assurance for the United States Marine Corps, as their CISO (CO, CND, USMC). Commercially, his roles have been as diverse as a development lead for a small network security startup (ArcSight ’05), to becoming a Field Operations Vice President through its IPO (’10) and then $1.5B acquisition by HP (’12).
Glen has a MS in Information Technology Management from the Naval Postgraduate School, with operational emphasis in security as the Founder and Director of a self-funding security laboratory studying cypher deception and advanced detection. Glen also graduated from the U.S. Naval Academy and was commissioned into the USMC. Glen has attained and instructed numerous security certifications from the GIAC, NSA and ISC2. He has been an invited speaker at the Pentagon Security Forum, a SANS certified instructor since 2002 and an IANS faculty member since 2003.
Richard is the Co-Founder and CEO of Soluble, an early-stage information security startup that helps their clients discover, manage, and remediate cloud risks in one platform. He also serves as an advisor to security and technology startups including Wallarm, Respond Software Inc., RiskRecon, AnChain.ai Inc, and Uptycs. In addition to publishing security-focused books with Wiley, Richard focuses on developing quantitatively informed strategies, building agile teams that scale,and making digital risk measurable.
Justin is the Director of ICS Security at InGuardians, specializing in Industrial Control Systems (ICS) security architecture design and penetration testing. He also led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and has played key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP). Justin has authored and taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences.
Justin is a SCUBA dive master, private pilot, and licensed Master Class falconer. Justin and his wife own a small ranch in Utah where they breed and train Andalusian horses for use in Dressage and Working Equitation.
Mike is the director of technical alliances with Cofense (formerly PhishMe), a phishing defense solutions organization, as well as the founder and principal consultant of First Security Alliance LLC, an independent information security advisory and assessment consultancy. He also serves as a mentor with Queen City Fintech in Charlotte, NC and was a Stars Mentor with MACH37 Cyber Accelerator. Likewise, Mike has served on the Cybersecurity Curriculum Advisory Committee at Alfred State College and Corning Community College in addition to regularly volunteer teaching high school students in cybersecurity fundamentals.
In his free time, he loves to spend time with his wife and two daughters, work out, drive his Jeep Wrangler, and cook.
Katrina Rodzon has over 12 years of experience and a diverse set of skills that she has applied to creating, implementing and evaluating innovative security awareness programs for Fortune 100 companies. She has also managed curriculum strategy and content development across a vast range of topics, ranging from psychology to information technology, for both online and in person mediums. In addition, she manages the development of large enterprise behavioral content/modification plans, methodology creation for assessing an organizations culture, and assisted in creating effective social engineering tools and testing scenarios for penetration testing teams. She has received advanced graduate training in cognition, behavior analysis, research methodology, statistics, and psychology.
Ron is a seasoned technologist specializing in cyber security with over 30 years experience working within the IT industry. At JP Morgan Chase, Ron is the global lead for their Cyber Security Technology and Architecture team. This group is responsible for helping the business build and maintain robust, secure solutions to support our clients and employees. He is also an active researcher and speaker in the IA field and is widely published on network security topics including co-authoring books on Software Assurance and Insider Threat. He has authored courses on computer security that have been taught across the country and has been a faculty member of the SANS Institute, the Institute for Applied Network Security (IANS), and George Mason University. He holds masters and bachelors degrees in computer science from Mason and a PhD in Information Technology from their School of Information Technology and Engineering.
Marcus is a semi-retired independent consultant and technology advisor to start-ups and large enterprises. He is recognized as an innovator in firewall technology and the implementer of the first commercial firewall product. Marcus’s work has been cited in at least 15 published U.S. patents in addition to computer and network security articles and books.
In his spare time, Marcus likes playing strategy games, taking photos, making soap, woodworking, or forging swords.
Teri Radichel was on the original team that helped Capital One, the first major US Bank to use AWS, move production workloads to the cloud. She then architected a SAAS IOT solution for firewalls connecting to the cloud for a security vendor. She also led a cloud team of 30 people and delivered a secure CI/CD pipeline based on her white paper, Balancing Security and Innovation with Event Driven Automation. Now she focuses on training, penetration testing, and cloud security assessments. She also enjoys security research and writing. You can find her articles in publications like Dark Reading, Infosecurity Magazine, and her cloud security blog. Teri has presented on cloud security at conferences like RSA, AWS re:Invent, Countermeasure IT, SANS Networking, SANS Cloud Summit, and BSides. She is an AWS Hero and runs the Seattle AWS Architects and Engineers meetup which has almost 3,000 members. She received the 2017 SANS Differences Makers Award and was on the initial SANS cloud security curriculum advisory board. She now offers training through IANS Summits and other venues. Cybersecurity certifications: GSEC, GCIH, GCIA, GCPM, GCCC, GREM, GPEN, GXPN
Chris has almost 35 years experience in digital and physical security, spanning diverse roles from the deeply technical to executive management. He started his journey in the U.S. Air Force as a software developer for the DoD intelligence community and built his own boutique consultancy after separating from the military. Chris sold FireTower after ten years of growth and joined Q1 Labs as the Chief Security Officer, which was acquired by IBM in 2012. During his five years at Big Blue, Chris led threat research activities for the X-Force and built a prototype of Cyber Watson. He took an interest in the IoT and was instrumental in founding IBM’s IoT security practice, including authoring their points of view on connected car security. As a result, he was recruited into Booz Allen Hamilton as a Principal/Director leading the Dark Labs embedded systems vulnerability analysis practice. Chris returned to the startup community and is currently at BitSight Technologies, empowering enterprises to manage third- and first-party risk. He can be found speaking on a variety of InfoSec topics at conferences and private events when he’s not making or breaking new technology as a hobby, hiking, rock climbing, or appreciating fine wine and craft brews.
Mike is the director at Security Risk Advisors, an information security advisory and solutions firm. As an experienced healthcare and education technology executive, Mike has overseen and managed software development and innovation groups in the information security realm. He has had the unique experience of fulfilling CISO and CTO roles in the healthcare payer, provider, and medical device manufacturer spaces.
In his free time, you can find Mike snowboarding, mountain biking, or training and competing in triathlons.
Davi is Security Architect at Inrupt, Inc., a company that supports Solid, a web decentralization project founded by the inventor of the World Wide Web, Tim Berners-Lee. He is also the Founder and President of flying penguin LLC, an information security consulting firm that focuses on risk mitigation and incident response solutions. Additionally, he serves as a Visiting Lecturer at St Pölten University of Applied Sciences (Fachhochschule St Pölten) in Austria, an Affiliate for the Policy Innovation Lab of Tomorrow (PILOT) at Penn State University, as well as an Advisory Board Member at Cyral, Anjuana Security, and Accenture. Davi has helped serve customer data protection needs across many industries including data storage and management, software, investment, banking, international retail, as well as higher education, healthcare and aerospace.
Rich is the CEO and an Analyst for Securosis, an information security research and advisory firm, in addition to Founder and Vice President of Product at DisruptOPS, a cloud environment monitoring platform. Prior to founding Securosis, he was Research Vice President for Gartner’s security team where he also served as Research Co-Chair for the Gartner Security Summit. Additionally,Rich has served as an independent consultant, web application developer, software development manager, and a systems and network administrator.
In his free time, Rich enjoys cycling and most outdoor sports capable of causing serious bodily injury. He is also a member of the 501st Legion (a Star Wars charity group).
Jennifer is the Consulting CISO and VP of Engineering & Security at Carolina Advanced Digital, Inc., a leading technology infrastructure and security solutions company. There, she leads strategic research and consulting for government, education, and Fortune 100 & 500 corporations. Jennifer also serves as a Program Committee Member for RSA Conference, Chair of the (ISC)2 Board of Directors, Contributing Analyst at Securosis, and HPE EG Worldwide Partner Ambassador for Hewlett Packard Enterprise and their subsidiary company Aruba.
In her free time, she enjoys painting, reading, powerlifting, and competitive ballroom and swing dancing.
Tim is A Principal Consultant and Founder at Red Siege, an information security company focused on adversary emulation and penetration testing. He also serves as the MSISE Program Director, Course Author, and Principal Instructor at the SANS Institute.
In his free time, Tim enjoys traveling and watching football.
Stephen has over 30 years of experience including building and leading worldwide teams, and designing/running some of the world's largest Internet services. Over the last 11 years he has led global engineering teams focused on massively scalable cloud systems and computer security.
In his most recent position, Stephen was SVP of Engineering at Symantec. In that role, he created their first ever cloud platform, including building out new data centers, linked together by a carrier-grade network backbone, and developing a new secure cloud platform that was the foundation of all new SaaS security offerings. He also developed a big data analytics platform that could handle real-time ingestion of security data, as well as creating a queryable data lake for Symantec’s threat intelligence data. In addition, he was also responsible for all existing "cloud" operations for Symantec's security offerings ($1B in combined revenue).
Before that, he was Director of Security Engineering for Google. There he was responsible for Internet Governance (as only one of two people in the company authorized to change Google’s DNS), PKI, product security for Commerce and YouTube, and some incident response, vulnerability management and acquisition integration. Prior, he led a worldwide team focused on keeping Google services operational 24x7 — including Maps, YouTube and Video, Crawling/Indexing and Logging. He built that team from 1 person to a global organization that spanned from Zurich to Sydney.
Before Google, he was the Chief Architect for Netflix's initial electronic delivery system — the very first system to deliver movies over the Internet.
Stephen has also been a VP of Engineering (VPE) for Emasys (semiconductor management software), VPE & CTO for Fort Hill Systems (formerly known as CacheWare — an Internet content distribution company), and VPE, VP of Professional Services & CTO for Advanced Software Technologies.
Previously, Stephen held engineering management and development positions at Ordain, Standard Logic, MSI Data Corporation, Rockwell, Pertec and Chevron.
Stephen received his undergraduate degrees in Physics and Geology from Chapman University and his Master's degree in Computer Science from University of California, Irvine.
Raffael Marty is chief research and intelligence officer at Forcepoint. He brings more than 20 years of cybersecurity industry experience across engineering, analytics, research, and strategy to the company. Marty leads Forcepoint X-Labs, a specialized group that is dedicated to behavior-based security research and developing predictive intelligence to differentiate Forcepoint's human-centric product portfolio.
Prior to Forcepoint, Marty ran security analytics for Sophos, a leading endpoint and network security company, launched pixlcloud, a visual analytics platform, and Loggly, a cloud-based log management solution. Additionally, Marty held key roles at IBM Research, ArcSight and Splunk and is an expert on established best practices and emerging innovative trends in the big data and security analytics space. Marty is one of the industry's most respected authorities on security data analytics, big data and visualization. He is the author of Applied Security Visualization and is a frequent speaker at global academic and industry events.
Marty holds a master's degree in computer science from ETH Zurich, Switzerland and is a student of the Japanese tradition of Zen meditation.
A security industry pioneer, Chad brings over 20 years of experience leading high-growth tech companies. Chad is the co-founder and CEO of Habitu8, a startup bringing a new approach to security awareness training. Prior to founding Habitu8, Chad co-founded Rapid7, a leading cyber-security company whose products are used today in over 120 countries. As VP of Engineering, Chad helped lead Rapid7 from a 3-person, privately-backed startup to a successful $900MM IPO in 2015.
Shannon Lietz is an award-winning security innovator and leader experienced in developing emerging security programs for Fortune 500 companies, including Intuit, ServiceNow, Sony, Sempra, Savvis, Cable & Wireless, 99 Cents Only, Exodus, and Bank of America, among others internationally. She received the Scott Cook Innovation Award in 2014 for developing and cultivating a world-class cloud security program for protecting sensitive data in AWS. Lietz is currently the Director of DevSecOps at Intuit responsible for driving the company’s Cloud Security Strategy and Program in support of corporate innovation. She has previous experience as a Master Security Architect, an Entrepreneur, and often volunteers to educate on security topics. Lietz is a passionate DevSecOps and Rugged Evangelist.
Dave has two decades of industry experience, including extensive experience in IT operations and management. Currently, Dave is a Global Security Advocate for Akamai Technologies. He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. Dave writes a column for Forbes and the Huffington Post.
Justin Leapline has over twenty years of experience involving system administration, software development, and information security. His core skills include regulatory and contractual compliance within the information security realm, security program management, payment card standards, and general governance practices and frameworks.
Justin currently leads up the PCI Practice at TrustedSec; a company focused on information security guidance. Before joining TrustedSec, he has been involved with numerous Fortune 1000 companies in the areas of information systems, audit, governance and information security and has led the governance and security practices for large eCommerce and financial services companies.
Additionally, Justin has spoken extensively at conferences concerning risk management, the payment card industry, and general information security practices.
Adrian is the CTO of Securosis, a boutique information security analyst firm, and VP of Development at DisruptOPS, a SaaS-based cloud management and automation company. Adrian has been an asset at companies like Ingres, Oracle, and Unisys --giving him extensive experience in the vendor community. Having worked as a CIO and CTO, Adrian has experience selecting and deploying technologies securely.
Adrian is an avid runner, mountain biker, and backyard farmer.
Peter Kuper is a Partner with In-Q-Tel. Peter actively seeks and works with private companies with a particular focus on security and enterprise software. Peter was the Lead Software Analyst for Morgan Stanley where he published industry leading investment reports and led over 18 public transactions. In total, Peter was a Wall Street analyst for 15 years offering him the opportunity to work with some of the most talented executives of both public and private companies. As a visible voice for the software industry, Kuper has given numerous presentations to professional and government groups and has been interviewed on CNBC, Bloomberg Television, and quoted in The Wall Street Journal, BusinessWeek, and The Financial Times. He has also published articles in IEEE Magazine. Peter currently serves as an Advisor to the Pacific Northwest National Lab.
Dave is the President and CEO of TrustedSec, an information security consulting company. David was a Chief Security Officer for an international Fortune 1000 company located in over 77 countries with over 18,000 employees. David developed a global security program with a large dedicated team. He is considered a thought leader in the security field and has presented at many conferences worldwide and had guest appearances on FoxNews, BBC, and other high-profile media outlets. David is the Founder of DerbyCon, a large-scale security conference in Louisville, KY. He also authored Metasploit: The Penetration Testers Guide, which was number one on Amazon.com in security for over 6 months. David is a founding member of the "Penetration Testing Execution Standard (PTES)," the industry leading methodologies and guidelines for performing penetration tests. Dave received a BA of Arts from Malone University in Ohio. Dave has many certifications including OSCE, QSA, OSCP, CISSP, ISO 27001, GSEC, and MCSE. Dave also served in the Marines for five years working on intelligence related missions. He enjoys scuba diving, handy work, Destiny, fine bourbons and getting away to the country without cell reception.
Ondrej Krehel is the CEO and Founder of LIFARS LLC, an international cybersecurity and digital forensics firm. He’s the former Chief Information Security Officer of Identity Theft 911, the nation’s premier identity theft recovery and data breach management service. He previously conducted forensics investigations and managed the cyber security department at Stroz Friedberg and the Loews Corporation. With two decades of experience in computer security and digital forensics, he has launched investigations into a broad range of IT security matters—from hacker attacks to data breaches to intellectual property theft. His work has received attention from CNN, Reuters, The Wall Street Journal and The New York Times, among many others.
Kevin is the Founder, CEO, and Principal Security Consultant of Secure Ideas, an information security consulting company that focuses on penetration testing services and training. He is also a founder and contributor of many open source projects including the Samurai Web Testing Framework (SamuraiWTF), a web penetration testing and training environment, and the Basic Analysis and Security Engine (BASE) project, a web front-end for Snort Analysis.
Kevin enjoys spending time with his family and is an avid Star Wars fan and member of the 501st Legion, a Star Wars charity group.
Rebecca is Founder, Owner, and CEO of Rebecca Herold, LLC aka The Privacy Professor®, an information security, privacy, IT, and compliance services firm. She is also the Co-Founder of SIMBUS360, an information security and privacy management platform. Rebecca also serves as a Distinguished Ponemon Institute Fellow and as an Advisory Board Member for technology startups such as Anonos, Westchester Biotech Project, and DFLabs. Additionally, Rebecca has served as an expert witness, authored nineteen books, and hosts a VoiceAmerica radio show called “Data Security & Privacy with the Privacy Professor.
In her free time, Rebecca enjoys renovating old houses, farming, gardening, writing, and traveling. She also enjoys watching Iowa State University football and basketball in addition to the Kansas City Chiefs.
Rich is Founder and Managing Director of Guida Technology Associates, Inc., a small consulting company, through which he has consulted for companies in the pharmaceutical, retail, financial, and telecommunications sectors. An information security and engineering professional with extensive experience in the Federal government and in the private sector, Rich as occupied executive positions within the Department of the Navy, the Department of the Treasury, and at Johnson & Johnson (J&J). In 2011, Rich retired from J&J as Vice President of Worldwide Information Security (J&J’s Chief Information Security Officer). He is especially skilled in written and oral communications.
In his free time, Rich enjoys military history, playing the piano, and video games.
Marty is a Senior Privacy Consultant at TrustArc, a privacy compliance and data protection software and services company. In this role, He helps clients across the US, Europe, and Asia conform to current and emerging privacy and cyber regulation. Marty is also a Consulting Product Advisory Board Member at TrustArc. He also serves clients via his independent information security advisory firm and consultancy, CYBERITE LLC, where he acts as an executive advisor for global data security, privacy, continuity and crisis management.
In his free time, Marty enjoys collecting wine and spelunking in European caves to look at prehistoric paintings. To date, he has made 4 trips through northern Spain, Southern France, and the Pyrenees visiting approximately 27 caves.
As Sumo Logic's Chief Security Officer, George Gerchow brings over 20 years of information technology and systems management expertise to the application of IT processes and disciplines. His background includes the security, compliance, and cloud computing disciplines. Mr. Gerchow has years of practical experience in building agile security, compliance, and modern day Security Operation Centers in rapid development organizations. These insights make him a highly regarded speaker, and invited panelist on topics including DevSecOps, cloud secure architecture design, virtualization, compliance, configuration management, and operational security and compliance. George has been on the bleeding edge of public cloud security and privacy since being a co-founder of the VMware Center for Policy & Compliance. Mr. Gerchow is also an active Board Member for several technology start-ups and the co-author of the Center for Internet Security - Quick Start Cloud Infrastructure Benchmark v1.0.0 and the MISTI Fundamentals in Cloud Security. He is a Faculty Member for IANS (Institute for Applied Network Security) and Cloud Academy.
John has 30+ years of experience in information technology at Fortune 500 companies such as General Electric, Liberty Mutual, United Technologies, and Textron. John is a Certified Information Systems Security Professional (CISSP) from ISC2, Certified Information Security Manager (CISM) from ISACA and is also certified in ITL, LEAN Six Sigma and Project Management from George Washington University. He has a Bachelor's of Science in IT, done graduate work at Harvard, and has two Master degrees, the most recent an MBA from Boston University.
Ron Dilley is a leading information security practitioner and thought leader with more than two decades experience building and implementing information security practices for global companies, overseeing and revitalizing infosec teams and advising on mergers, acquisitions and divestitures from an infosec perspective. In the constantly changing infosec landscape, Ron is dedicated to staying abreast and ahead of current and emerging threats across all relevant technologies.
Dennis is an emeritus CISO with nearly five decades of accomplishment leading enterprise IT and information risk management in both private industry and higher education. He has built and led teams that delivered highly successful enterprise-class initiatives and programs in information security, privacy, identity management, messaging, business continuity and emergency notification. Dennis serves as a Distinguished Fellow for the Ponemon Institute and a Contributing Author for Amazon’s Security 2020.
In his free time, Dennis enjoys digital photography, world travel and volunteering.
Rocky DeStefano serves as Cloudera’s subject matter expert on cybersecurity. Mr. DeStefano was a member of the USAF and subsequently supported AFCERT as part of the Incident Response Team. Rocky founded and led the Global Security Operations Center for EDS and has supported cybersecurity advancement in notable companies such as ArcSight, NetWitness, RSA and Visible Risk. At every step in his career, Rocky's focus has been to continually enhance visibility and detection solutions to defend the enterprise.
Jared is the Founder and CEO of VDA Labs, a full-scope cyber company. Previously, he served as a vulnerability analyst with the NSA. Jared is also a Pluralsight author with six courses in their library including the “Security for Hackers and Developers” virtual learning path. He is frequently interviewed by media outlets, such as CNBC.com, to weigh in on cyber matters.
During his free time, Jared is enjoying time with his family, particularly vacationing and outdoors. Jared is a Christian and will happily discuss faith should you desire to do so.
Bill is a Shareholder at LBMC Information Security,where he is responsible for security assessments, incident response, digital forensics, electronic discovery and overall litigation support. He also serves as an expert witness in federal courts and numerous state courts and has conducted digital forensic investigations and electronic discovery services to support litigation efforts. He is also an active member of the International Society for Forensic Computer Examiners and Board Member in East Tennessee’s InfraGard Chapter.
In his free time, Bill enjoys boating, UT Football, and hanging out with his two sons.
Josh is the Chief Security Officer and SVP at PTC, a global computer software and services company that provides CAD modeling, Internet of Things, and Augmented Reality software products. He is also a Co-Founder of @IamTheCavalry and @RuggedSoftware to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. Additionally, Josh serves as an adjunct faculty for Carnegie Mellon’s Heinz College.
Josh is a film enthusiast who also enjoys cooking and diving in his free time.
Steve Coplan has over 16 years of IT industry experience, with a strong focus on identity, data security and cloud services - bringing a set of perspectives on enterprise security developed through stints as a consultant, product marketer, industry analyst and corporate strategy executive. He is currently principal of Khova Consulting, providing strategic advisory services to help information security vendors, end users and investors navigate the information security landscape. As an industry analyst at 451 Research in various roles since 2001, Steve was pivotal in establishing the firm as a leading source of analysis and insight on shifts in the information security market, focusing on the ripple effects on identity management and data security from IT shifts. Steve's industry analyst years were interspersed with product marketing and strategy turns at Whale Communications (acquired by Microsoft in 2006) and cloud security gateway vendor Vaultive, before moving into a more consultative role with a hands on focus. Before starting Khova, Steve worked on business and portfolio strategy team for the CA Technologies' security business unit, focusing on M&A and new product initiatives.
Andy has extensive experience in IT audit, security governance and application development. After beginning his career in financial audit at a Big 4 accounting firm, Andy quickly moved into the IT audit field, where he gained over 15 years of experience working in both public accounting and private industry.
About five years ago, Andy moved into a senior director role where he worked in security governance for a multibillion-dollar retailer. During this time, he has performed PCI audits, drafted and published IT policies, procedures and awareness campaigns, and managed the user administration process for business-critical applications. He has also worked very closely with the Risk Assessment team to manage third-party risk, implement a new privileged access management system and deploy a GRC tool. Andy has also developed a continuous-controls monitoring tool from the ground up. Recently, Andy joined an investment banking firm to build out their third-party risk management and identity and access management processes.
Bruce is the Owner and Principal Consultant at Bruce Bonsall, LLC, an independent information security consultancy. A trusted security advisor across many industries, he has extensive experience designing and implementing progressive, cost effective countermeasures to protect assets and reduce costs. He has assessed the information security regulatory compliance and operational readiness of organizations of all sizes and industries,and is adept at tailoring security programs to fit each organization. At IANS, Bruce has performed 100+ CISO Impact reviews. Additionally, he serves as a mentor for the Air Force Association’s Cyber Patriot, a national cyber education program for youth.
Bruce is an accomplished outdoorsman, persistent golfer, and staunch supporter of the US Constitution.
Kevin is the Founder and Principle Consultant of Atlanta-based Principle Logic, LLC an independent information security company that focuses on vulnerability and penetration testing, security operations reviews, and virtual CISO services. He also serves on the Industry Advisory Board for Computer Engineering at Kennesaw State University – Southern Polytechnic College of Engineering and Engineering Technology. Kevin has served in many information technology and security roles for healthcare, e-commerce, finance, education, and consulting organizations. Kevin is also a prominent writer having written over 1,000 articles on information security.
For fun, Kevin enjoys road racing his Mazda Miata in the Spec Miata class with the Sports Car Club of America (SCCA), riding dirt bikes, and snow skiing.
Aaron Turner is a multi-decade veteran of the InfoSec community with significant experience in the fields of identity and access management, mobile device security, embedded system vulnerabilities, IoT security and international cybersecurity risk management. Starting as an independent penetration tester in the early 1990's, he went on to work at Microsoft in the days before the company had formal security teams. During the massive worm attacks of the early 2000's, Aaron helped found many of the Microsoft Security teams, start security programs and eventually was responsible for all interactions between Microsoft and its customers' CISOs. In 2006, he was invited to participate in a new research project at the Idaho National Lab, funded by DHS, DOE and DOD, to investigate how the system vulnerabilities in commodity software and hardware impact critical infrastructure such as the national power grid, cellular communications networks and other utilities. While at INL, Aaron co-invented a contactless payment technology which he later spun-out of the INL in 2008 as a venture-backed company called RFinity, with that technology eventually licensed on to others. In 2010, Aaron founded IntegriCell to focus on cellular network vulnerability research and established a management consulting practice that delivered unique vulnerability intelligence to customers. Aaron founded Terreo in 2014 as an Internet of Things security product development company, and patented a series of inventions which captured radio frequency transmissions from IoT devices. In 2015, Verifone acquired Terreo and made Aaron the VP of Security Products R&D with a focus of applying the Terreo technologies to helping manage the risks posed by credit card skimmers. In 2017, he left Verifone and refocused his efforts on his IntegriCell research, specifically around applying Machine Learning to the massive data sets created by mobile and IoT devices. Aaron has testified before congress to help set policy for US critical infrastructure protection.
Mike has been in the information security industry for over 10 years. He is currently President and Analyst at Securosis, a firm exclusively focused on information security and research analysis. He started Security Incite in 2006 to provide the "voice of reason" in what was considered an overhyped, yet underwhelming security industry. After a brief detour as SVP, Strategy and Chief Marketing Officer at eIQNetworks, Mike joined Securosis at the start of 2010 with a "rejuvenated cynicism" about security. In 2007, Mike published "The Pragmatic CSO" to introduce technically oriented security professionals to the nuances of what is required to become a senior security professional.
Josh has more than eighteen years of experience in security, IT, development and system and network administration. Currently, he runs Eyra Security, a security and business improvement consulting firm based in Minneapolis, MN. Josh holds several security and technical certifications and has served in a leadership position on several security-focused groups. He has written several books on I.T. and Information Security, with the aim of applying to I.T. lessons learned from outside the core discipline, such as Agile/Lean Principles, Natural History, Psychology, Economics and Complexity Science. Josh specializes in the overlap between security and business practices, including vendor/customer management, technology transitions, and security as competitive advantage.
Jason is a Principal Security Consultant and CIO at Secure Ideas, a boutique information security consultancy that focuses on penetration testing and training, where he leverages his software design, architecture, and security testing experience. He is also the author of many extensions for Burp Suite and is a contributor to several other projects including SamuraiWTF, MobiSec, and Laudanum.
In his free time, Jason enjoys running, homebrewing, and spending time with his wife and two kids.
Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.
In his free time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).
Mark has over 25 years of experience in information technology, information security, and cybersecurity spanning small businesses to the Fortune 25 from the data center to the board room. Currently, Mark is leading Cyber Risk Research LLC a consultancy and cyber security R&D organization. Previously he was the CEO and co-founder of Soltra, a software company in the Cyber Threat Intelligence space. He was the CISO for the Depository Trust and Clearing Corporation and held senior roles at Citigroup including running the global security incident response team. Mark has testified before congress three times on cybersecurity policy and is a frequent speaker on cybersecurity and technology risk management forums globally.
2019 in InfoSec WebinarLearn More
Atlanta SymposiumLearn More
Dallas RoundtableComing Soon
Dallas ForumLearn More
Toronto ForumComing Soon
Minneappolis ForumComing Soon
Seattle ForumComing Soon
Washington, DC ForumComing Soon
Los Angeles ForumComing Soon