Faculty Directory
Wolfgang Goerlich
Wolfgang Goerlich
J. Wolfgang Goerlich is a CISO in the public sector. Prior to this role, he led IT and IT security in the healthcare, financial services, and tech verticals. Wolfgang has held senior positions at several consulting firms, leading security advisory and assessment practices. He is a strong presence in the security community, contributing to the establishment and organization of multiple groups and events. Wolfgang focuses on strategy, governance, identity and access management, and resilience.
Marty Gomberg
Marty Gomberg
Martin Gomberg, CISSP, CIPP/E, is a.k.a., The Privacy CIO, founder of Cyberite LLC, The Digital Risk Alliance, and author of CISO Redefined: Protecting Business. Martin is a global advisor and frequent speaker on leadership, security, privacy and business resilience. He has spent over forty years in technical operations, as Vice President of Technical Strategies for a major bank, Senior Vice president and CIO of a global media network, SVP and Global Director of Security, Governance, Privacy, and Business protection, as an IANS Faculty member, and Senior Privacy Consultant for TrustArc. Martin is a former Vice Chair of a U.S. State Department Overseas Security Advisory Council (OSAC) Industry Working Group and Founding Member of the CIO Executive Council.
Thomas Graham
Thomas Graham
Dr. Thomas Graham, Ph.D., serves as the VP and Chief Information Security Officer (CISO) at Redspin, a top cybersecurity, and privacy consulting firm, the first authorized C3PAO, and one of the first organizations to conduct a DIBCAC High assessment under
the Joint Surveillance Program. Dr. Graham is the architect of Redspin becoming the first authorized C3PAO, performing numerous Joint Surveillance Voluntary Assessment Program (JSVAP) assessments, speaking on CMMC and NIST requirements, and Chairing
the MIS Advisory Board at East Carolina University.
He is responsible for all internal security items for Redspin and its affiliates. Before Redspin, he served as the CISO for CynergisTek, a publicly traded company, supporting
numerous Hospitals and Medical Facilities. He also as supported varous branches of the DoD to include being an ISSO for DISA.
David Hazar
David Hazar
David is the founder and principal consultant of HazarDSec LLC and co-founder of Next Level3. He also provides cybersecurity consulting services and training as an author and instructor for the SANS Institute. With more than 20 years of technical experience, David has spent over 15 years helping organizations establish and implement security controls and practices.
Jessica Hebenstreit
Jessica Hebenstreit
Jessica is the Senior Director Corporate Security at Quorum Software. Before Quorum Software, Jessica served as Director of Security Operations & Infrastructure at Eptura. Previously, she held a role as Senior Associate at Booz Allen Hamilton, consulting on Cyber Fusion Centers, Attack Surface Management, other cyber defense capabilities, and cyber program development and leadership. Jessica has consulted with many of the largest companies in the world including many Fortune 100.
Rebecca Herold
Rebecca Herold
Rebecca is Founder, Owner, and CEO of Rebecca Herold, LLC aka The Privacy Professor®, an information security, privacy, IT, and compliance services firm. She also co-founded Privacy Security Brainiacs, a SaaS platform, early 2020 with her oldest son, Noah. Rebecca also serves as a Distinguished Ponemon Institute Fellow and as an Advisory Board Member for multiple technology businesses and startups. Additionally, Rebecca serves as an expert witness for diverse cases, is an advisor on multiple high school and college/university curriculum and program boards, and hosts a VoiceAmerica radio show called “Data Security & Privacy with the Privacy Professor.”
Chris Hetner
Chris Hetner
Chris Hetner is a Senior Executive, Board Director, and leader in Cybersecurity recognized for raising cyber risk to the Corporate Board level in order to protect industries, infrastructures, and economies. He creates operational resilience by aligning robust Cybersecurity strategies with business objectives. Mr. Hetner’s professional judgment combined with a public company perspective and SEC regulatory and investor oversight experience has led to his success in corporate and government roles. Currently, he is an Expert Advisor to the Institute for Defense Analyses (US Dept. of the Treasury), the Special Advisor for Cyber Risk for the NACD, and a National Board Member of the Society of Hispanic Professional Engineers. Identifying potential risks and initiating solutions that can be replicated across industries is a hallmark of his career.
Chris Hughes
Chris Hughes
With 20 years of IT and cybersecurity experience in the U.S. Department of Defense as well as federal and commercial industries, Chris has held roles in security architecture, engineering and GRC, as well as security leadership, including CISO. He has deep expertise in cloud-native security, compliance innovation, vulnerability management, application security, DevSecOps and software supply chain security. Chris is currently the president and co-founder of Aquia and a cyber innovation fellow with CISA.
Nick Hunt
Nick Hunt
Lee Imrey
Lee Imrey
Lee is a Security Go-To-Market Strategist for Splunk, a Cisco Company, where he helps businesses build resilient cybersecurity functions, and realize the greatest value from their investment in their security program. He has worked in security and IT for four decades, starting as a programmer and working security roles from admin to CISO. He has been responsible for information security at the Department of Justice, managed cybersecurity programs in the healthcare sector impacting 99% of US citizens, and served as CISO for a financial services company with global operations. Lee has also taught thousands of cybersecurity professionals as a mentor.
Tanya Janca
Tanya Janca
Tanya Janca, aka SheHacksPurple, is the best-selling author of 'Alice and Bob Learn Secure Coding', 'Alice and Bob Learn Application Security’ and ‘Cards Against AppSec'. Over her 28-year IT career she has won countless awards (including OWASP Lifetime Distinguished Member and Hacker of the Year), spoken all over the planet, and is a prolific blogger. Tanya has trained thousands of software developers and IT security professionals, via her online academies (We Hack Purple and Semgrep Academy), and her live training programs. Having performed counter-terrorism, led security for the 52nd Canadian general election, developed or secured countless applications, Tanya Janca is widely considered an international authority on the security of software.
Steven John
Steven John
Steven is an accomplished Global Senior Executive and Board Member with more than 30 years of success, and a diverse background spanning healthcare, software, agriculture, retail, wholesale, distribution, chemical manufacturing, and ecommerce companies ranging from startup to well-established to turnaround. Steven is an invaluable asset to a company employing new technologies to transform and grow, engaging data assets to build competitive advantage, mitigating future-looking risks like disruptive business models and cyber-attacks, working with private equity and activist investors to refresh and retool, developing emerging technologies and services that increase value for the customer and elevates the company’s market position.
Throughout his Executive career, Steven has held business or IT positions with Workday, Agriliance, HB Fuller, First Health, CIGNA, and Transora, and Aramark. He also teaches an IT leadership forum in NYC for Fortune 500 companies. A seasoned Board Member, Steven has held positions with RAPID, Gemini Ventures, and DEMO CIO Council. Additionally, he is a Founding Member of the Agricultural CIO Forum and the CIO Executive Council. Proving his thought leadership, he was selected by Computerworld Magazine as one of the Premier 100 IT Leaders; CIO Executive Council as Leader of the Year; InformationWeek as a Relentless Innovator; Hewlett-Packard as a Member of their Big Data Customer Advisory Council; and inducted into the CIO Hall of Fame in 2018.
Eric Johnson
Eric Johnson
Kevin Johnson
Kevin Johnson
Kevin is the Founder, CEO, and Principal Security Consultant of Secure Ideas, an information security consulting company that focuses on penetration testing services and training. He is also a founder and contributor of many open source projects including the Samurai Web Testing Framework (SamuraiWTF), a web penetration testing and training environment, and the Basic Analysis and Security Engine (BASE) project, a web front-end for Snort Analysis
Dave Kennedy
Dave Kennedy
Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.
Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.
Lee Kim
Lee Kim
Lee Kim specializes in cybersecurity, data privacy, governance, compliance, and generative artificial intelligence. Her insights are informed by her scientific training, creative pursuits, and diverse professional background. She presents before a wide range of domestic and international audiences. She has significant experience with the media and has been featured on the Canadian Broadcasting Corporation (live and pre-recorded interviews), radio shows, and podcasts. She also has significant experience working in the public policy realm, including with Congressional staffers and various governmental agencies around the world.
By way of background, Lee is an AV preeminent peer review rated attorney (a distinction that only 10% of all attorneys have earned according to Martindale-Hubbell). (Note, however, that while Lee is an attorney, she does not provide legal services through IANS.) Additionally, prior to law school, Lee worked as a database, system, and web administrator at a major university, software company, and a major academic medical center.
Lee is currently serving as an analyst with the US Department of Homeland Security Analytic Exchange Program. Over the years, her teams’ research topics have included phishing, healthcare cybersecurity, patient safety, and maritime and port cybersecurity.
Lee serves as a Director of InfraGard Northern Capital Region, Vice Chair of the Policy Committee of the American Bar Association Health Law Section, and National Visiting Committee member of the National Cybersecurity Training and Education Center. Previously, Lee served with the ISC2 Government Advisory Council Executive Writers Bureau.
Please note: The advice that Lee Kim provides through IANS is not legal advice and is not intended to be relied on as such. There is no attorney-client relationship.