portal_banner
Insights Portal / Ask-An-Expert Writeups
Loading...

Log In To View This Article

Not a client? Request more information

Additional Subscription Required

This content is not available with your current subscription. If you'd like to learn more about the available Decision Support add-ons, please contact your IANS Account Manager.

Aaron Shi

IANS Employee

Gunnar Peterson

Former IANS Faculty

Daniel Maloof

IANS Employee

David Kolb

Former IANS Faculty

Chris Gonsalves

Former IANS Employee

Debra Farber

Former IANS Faculty

Adam Ely

Former IANS Faculty

Paul Asadoorian

Former IANS Faculty

Joanne Cummings

IANS Employee

Kevin McDonald

IANS Faculty

Kevin is a Healthcare Cybersecurity Consultant working with companies such as MedSec, LogRhythm and individual healthcare providers. Kevin has over 40 years’ experience in healthcare in roles from direct patient care as a registered nurse to a Director of Information Security at Mayo Clinic. He assisted in developing the cybersecurity program at the Mayo Clinic and designed their medical device cybersecurity program.

Achievements & Noteworthy Contributions

  • Frequent presenter at the FDA, HIMSS, Gartner, RSNA American Associations of Physicists in Medicine and the American Hospital Association
  • Development of Mayo Clinic Medical Device Cybersecurity program
  • Co-Chair HSCC Joint Security Plan for Medical Devices

Certifications & Credentials

  • Bachelors in Nursing from Norther Illinois University
  • Master’s in Education from University of Wisconsin LaCrosse
  • Graduate Certification in Information Systems – City University Seattle
  • CISSP

Hobbies & Fun Facts

Kevin retired from Mayo Clinic in 2019 and enjoys camping and trout fishing “out west”.

Sounil Yu

IANS Faculty

Sounil Yu has over 30 years of hands-on experience creating, breaking and fixing computer and network systems. He is the creator of the Cyber Defense Matrix and the DIE Resiliency Framework, teaches Cybersecurity Technologies as an adjunct professor, co-chairs Art into Science: A Conference on Defense, and advises many security startups. His specialties include leading innovation programs, intern programs, and a thriving startup culture to meet emerging cybersecurity needs. He often serves as a challenge function and change agent to drive unconventional thinking and alternative approaches to hard problems in security.

Achievements & Noteworthy Contributions

  • Board Member of SCVX
  • Board Member of FAIR Institute
  • Fellow at the National Security Institute
  • Former Chief Security Scientist at Bank of America
  • Frequent speaker at several information security conferences

Certifications & Credentials

  • MS, Electrical Engineering - Virginia Tech
  • BS, Electrical Engineering - Duke University
  • BA, Economics - Duke University
  • GIAC Certified Penetration Tester
  • GIAC Certified Forensic Analyst

Hobbies & Fun Facts

In his non-existent, imaginary free time, Sounil tries to beat his oldest son in Starcraft and Clash of Clans.

Anton Chuvakin

IANS Faculty

Dr. Anton Chuvakin is now involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security (an Alphabet company) acquisition in July 2019.

Anton was, until recently, a Research Vice President and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies team. Anton is a recognized security expert in the field of log management, SIEM and PCI DSS compliance. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, security management.

In addition, Anton teaches classes and presents at many security conferences across the world; he addressed audiences in United States, UK, Australia, Singapore, Spain, Russia and other countries. He works on emerging security standards and serves on advisory boards of several security start-ups. Before that, Anton was running his own security consulting practice, focusing on logging, SIEM and PCI DSS compliance for security vendors and Fortune 500 organizations. Dr. Anton Chuvakin was formerly a Director of PCI Compliance Solutions at Qualys. Previously, Anton worked at LogLogic as a Chief Logging Evangelist, tasked with educating the world about the importance of logging for security, compliance and operations.

Achievements & Noteworthy Contributions

  • Author of books "Security Warrior", "Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management" and "PCI Compliance, Third Edition: Understand and Implement Effective PCI Data Security Standard Compliance" (book website)
  • Contributor to "Know Your Enemy II", "Information Security Management Handbook" and other books.
  • "Security Warrior" Blog

Certifications & Credentials

  • Ph.D. in Physics, SUNY at Stony Brook, Stony Brook, NY

Ryan Leirvik

IANS Faculty

Ryan is a Principal at GRIMM, a boutique cybersecurity consultancy. He has spent the better part of two decades enhancing cyber programs at the world's largest institutions — from the Department of Defense to some of the most successful private and commercial organizations. He focuses largely on providing advanced capabilities for CISO's, as well as testing for best possible security practices at board of directors' requests.

Ryan’s C-level work experience also includes developing Board level metrics to measure and manage enterprise cyber risk, developing and instructing C-Suite cyber risk management courses, and establishing functional reporting metrics for assessing cyber readiness.

Achievements & Noteworthy Contributions

  • Presidential Management Follow
  • DEFCON 2014 Wireless Capture the Flag Competition winner
  • Office of the Secretary of Defense Medal for Exceptional Civilian Service

Certifications & Credentials

  • BS, Purdue University
  • MS, Virginia Tech
  • MBA, Case Western
  • Far too many SANS courses
  • CISO Cybersecurity, National Defense University
  • Overabundance of Data Warehouse Institute courses
  • Cybersecurity: The Intersection of Policy and Technology, Harvard Kennedy School

Hobbies & Fun Facts

  • Parenting — and all the humility that comes with it
  • Teacher in Finance for Junior Achievement

Ken Pyle

Former IANS Faculty

Ken Pyle is a partner of DFDR Consulting specializing in Information Security, Computer Forensics, Exploit Research, and Network Engineering. Ken has an extensive background in Network Penetration and Remediation, Compliance and Secure Design. Ken has consulted with financial institutions, banks, government defense contractors and other highly secure facilities on issues of Information Security, Computer Forensics and Secure Network Design. Ken is a highly regarded international speaker and researcher, having presented on a wide range of subjects including: Election Interference and Online Influence Campaigns, Threat Hunting, Advanced Social Engineering Tactics, Exploit Development, and offensive tactics.

Achievements & Noteworthy Contributions

  • HTCIA Chapter President
  • South Jersey "40 under 40" award winner
  • Author of critical technical exploits in SonicWALL, Cisco, Dell, DATTO, HP
  • Author of groundbreaking academic work in Phishing and Social Engineering
  • Professor of Cyber Security at multiple academic institutions

Certifications & Credentials

  • Master of Information Assurance, Network Defense (Distinguished Honors)
  • CISSP
  • HCISPP
  • ECSAv8
  • CEHv8
  • OSCP
  • OSWP
  • EnCE
  • Sec+

Eric Kuehn

IANS Faculty

Eric is a Senior Security Consultant at Secure Ideas, an information security consulting company that focuses on security testing, assessments, and training. He has spent close to 20 years working with Microsoft infrastructures for large Fortune 100 companies. Since its release, his core focus has been Active Directory. He was the technical leader and responsible for the engineering and architecture of one of the most complex and largest AD infrastructures used by one of the world’s largest banks. This included ongoing maintenance and major enhancements of not only a highly secure authentication environment, but also of all the supporting tool sets required to monitor its health and integrity.

Achievements & Noteworthy Contributions

  • Speaker at information security conferences such as BSides
  • Former Team Manager and Technical Lead of Active Directory Infrastructure Engineering at Bank of America

Certifications & Credentials

  • CISSP - (ISC)2
  • ITIL Foundation

Tanya Janca

IANS Faculty

Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.

Achievements & Noteworthy Contributions

  • Founder: We Hack Purple (Academy, Community and Podcast), WoSEC International (Women of Security), OWASP DevSlop, OWASP Victoria, #CyberMentoringMonday
  • 2019 Hacker of the Year - CSWY Awards
  • CISO for 2015 Canadian General Election
  • 13.5 year’s service to the Canadian Public (Government)
  • Public Speaking Award - Algonquin College
  • Spoken and keynoted at security conferences, meetups and training events the world over
  • Currently authoring first book; Alice and Bob Learn Application Security

Certifications & Credentials

  • BA, Business Management – Malone University
  • CISSP – (ISC)2
  • Qualified Security Assessor (QSA) – PCI Security Standards Council
  • ISO/IEC 27001 Certified – ISO
  • GSEC – GIAC
  • Certificate Professional (OSCP) & Certified Expert (OSCE) – Offensive Security
  • Global Information Assurance Gold Certification
  • Microsoft Certified Solutions Expert (MCSE) – Microsoft

Hobbies & Fun Facts

Tanya is also a musician, has released 5 solo albums, plays guitar and drums and will sing karaoke any chance she gets.

Tyler Shields

IANS Faculty

Tyler is Vice President of Strategy for Sonatype, a security and DevOps software vendor, headquartered in Fulton, Maryland. His previous roles include starting, leading, and growing security technology companies including CA Technologies, Signal Sciences, Veracode, Symantec, LURHQ, and @Stake. Tyler is an active investor, board member, and advisor to numerous young cyber security firms.

Achievements & Noteworthy Contributions

  • Authored and published research papers on the detection of rootkit and anti-debugging technology with static analysis techniques
  • Authored the world’s first mobile spyware system targeting Blackberry phones
  • Expert commentator featured in Rolling Stone, Bloomberg, Forbes, Reuters, and the LA Times
  • Contributor to multiple television and radio interviews for both National Public Radio and the BBC

Certifications & Credentials

  • MBA - University of North Carolina, Chapel Hill
  • MS, Computer Science - James Madison University
  • BS, Information Technology - Rochester Institute of Technology

Adrian Sanabria

IANS Faculty

Adrian is an Advocate at Thinkst Applied Research and also serves as an information security Advisor. He has spent his career exploring many aspects of the industry, from the enterprise side to the vendor side. From consulting and industry analysis to entrepreneurship, mentoring and building local communities.

Adrian is an optimist, a compulsive researcher and seeks out patterns in all things. He is always trying to see the big picture; how things fit. His most recent research takes both a deep and high-level look at the core reasons why security defenses continue to fail in many organizations.

Achievements & Noteworthy Contributions

  • Author and Presenter on topics that challenge conventional wisdom in the information security space
  • Founder of BSides Knoxville, East Tennessee's premier cybersecurity event
  • Founder of DC865, Knoxville's area DEFCON group
  • Contributor to the Penetration Testing Execution Standard (PTES)
  • Frequent volunteer to community efforts including the Cavalry, BioHacking DEFCON Village, Medical Device DEFCON Village, the National Board of InfoSec Examiners (NBISE), open-source data-loss prevention tools and several CIS benchmarks
  • Discovers and reports many critical vulnerabilities in commercial products

John Korpal

IANS Faculty

John is an IT Security Engineer for Verizon Wireless and is a member of OWASP, ISC2, and ISSA. In his career, John has architected solutions that allowed companies to be PCI-DSS compliant, protected 100 million customers sensitive information and over 6 billion sensitive data elements, and created one of the first complete Enterprise Mobile Application Security policy for a major telecom company. He has also served by developing high-performance aircraft test systems for the US Department of Defense aircrafts such as B-1, B-2, and YF-22.

Achievements & Noteworthy Contributions

  • Former Enterprise Architect for Alltel Wireless, a wireless telecommunications provider
  • Former Senior Technical Lead for Computer Sciences Corporation, a multinational corporation that provided IT and professional services
  • Former Team Leader & System Analyst for ITT Inc., an American worldwide manufacturing company

Certifications & Credentials

  • MS, Computer Science –West Coast University
  • BS, Computer Science –California Polytechnic State University, San Luis Obispo
  • CISSP –(ISC)2
  • C|EH –EC-Council
  • CRISC –ISACA

Hobbies & Fun Facts

John holds an FCC amateur license and loves to build objects with his 3D printer.

Nick Mankovich

IANS Faculty

Nick is the CEO of CyberRisk Consulting, providing risk management advisory services for corporate boards and executive leadership. Trained in biological science, Nick worked extensively in R&D and has a long history of transformational leadership in R&D, product security, enterprise security and privacy, culminating in executive CISO roles in two Fortune 500 companies.

Achievements & Noteworthy Contributions

  • Created hospital-wide networked digital radiology imaging systems (PACS)
  • Innovated in medical 3D printing for cranial implant surgery
  • Created one of the first global medical device product security programs
  • Led the Philips Healthcare Privacy Office for the first global corporation to adopt global binding corporate rules under the European Privacy Directive (EC 95/46 - predecessor to GDPR)
  • Core team leader in creating international standards for healthcare IT safety, security & risk management (ISO-IEC 81000 series)
  • Designed, created & operated two risk-based InfoSec organizations

Certifications & Credentials

  • MS & PhD Biological Sciences University of Illinois
  • BA Case Western Reserve University
  • CIPP – Certified Information Privacy Professional

Hobbies & Fun Facts

Nick enjoys woodworking, restoring historic homes, gardening and both mountain and road bicycling.

Matt Chiodi

IANS Faculty

Matt is the Chief Security Officer of Public Cloud at Palo Alto Networks where works with organizations to develop and implement security strategy for public cloud adoption and maturity. He has extensive experience in information security leadership and blogging. Matt currently leads the Cloud Threat team which is an elite group of security researchers exclusively focused on public cloud concerns. He also serves as an advisory board member for Rutgers University's Cybersecurity Certificate program.

Achievements & Noteworthy Contributions

  • Presenter at information security conferences such as RSA and BSides
  • Former CISO & VP at RedLock, a cloud security threat defense startup
  • Former Board VP and Governor of InfraGard’s Philadelphia chapter
  • Former Director and Global Head of Cloud Security Advisory Services at Cognizant
  • Former Senior Consultant and Senior Security Architect at Deloitte Consulting

Certifications & Credentials

  • BS, Business Information Systems – Messiah College
  • CISSP – (ISC)2
  • CCSK – Cloud Security Alliance

Hobbies & Fun Facts

Matt identifies as a personal growth junkie who enjoys exercising in his free time. For his first job, he directly approached the CEO of Johnson & Johnson and got the job!

Wolfgang Goerlich

IANS Faculty

Wolf is an Advisory CISO of Duo Security, the leading provider of unified access security and multi-factor authentication delivered through the cloud. He has held senior management roles in IT and IT security in the financial services and healthcare verticals. In addition, Wolf has held senior leadership roles in consulting firms specializing in identity and access management, governance risk and compliance, and security programs. Wolf advises clients primarily in risk management, incident response, business continuity, and secure development.

Achievements & Noteworthy Contributions

  • Former organizer of annual BSides and Converge conferences in Detroit
  • Former Senior VP of Strategic Security Programs at CBI, an information security solutions firm
  • Former VP of Consulting Services at VioPoint Inc., an information security consulting firm

Certifications & Credentials

  • CISSP - (ISC)2
  • Certified Information Systems Auditor (CISA) - ISACA

Chris Nickerson

IANS Faculty

Chris is the Co-Founder and CEO of LARES Consulting, an information security consulting firm that leverages a blend of assessment, testing, and coaching. He also serves on the Board of Directors at CREST, an international not-for-profit accreditation and certification body that represents and supports the technical information security market.

Achievements & Noteworthy Contributions

  • Appeared on Tiger Team on TruTV
  • TEDx Presenter, Hackers are all about curiosity, and security is just a feeling
  • Founding member of the Penetration Testing Execution Standard (PTES)
  • Co-founder of the BSides security conferences
  • Speaker at information security conferences such as DEFCON, CyberWeek, and BlackHat
  • Author of Red Team Testing: Offensive Security Techniques for Network Defense (2016)
  • Collaborator with the Red Team Alliance Training Collective
  • Former Senior Information Security Compliance Manager at Sprint

Certifications & Credentials

  • IEM, IAM –National Security Agency(NSA)
  • CISA – ISACA
  • CISSP – (ISC)2
  • BS7799

Hobbies & Fun Facts

In his free time, Chris can be found out on the ski slopes or playing with his dogs.

John Visneski

IANS Faculty

John is the Director of Information Security and Data Protection Officer at The Pokémon Company International where he has built their security team and achieved GDPR Compliance. Before joining Pokémon, he served as a Cyberspace Operations Officer for the US Air Force where he supported operations in Iraq and Afghanistan. John also served as Chief of Executive Communications for the Chief of Staff and Secretary of the US Air Force supporting intelligence operations that shaped policy at the Pentagon.

Achievements & Noteworthy Contributions

  • Featured in the Wall Street Journal, Computerworld.com, and SiliconAngle.com
  • Featured on the Master of Data and Serverless Smarts podcasts
  • Interviewed for CloudAcademy.com and CIO Dive
  • Former Cyberspace Operations Officer at the US Air Force

Certifications & Credentials

  • BS, Computer Science – Seattle University
  • CISSP – (ISC)2

Hobbies & Fun Facts

John is a Seattle sports fan and enjoys running in his free time.

Justine Bone

IANS Faculty

Justine is the CEO of MedSec, a company focused on medical device security management and the delivery of security solutions to healthcare delivery organizations and medical device manufacturing companies. She also serves as a member of HP’s Security Advisory Board, a member of BlackHat’s USA Guest Review Board, and as an advisor to technology startups.

Achievements & Noteworthy Contributions

  • Organizer for The Pwnies, an annual awards ceremony for information security practitioners
  • Former CISO at Dow Jones, a news and information company that publishes the Wall Street Journal
  • Former Global Head of Risk Management at Bloomberg LP
  • Former X-Force Researcher and Consultant at IBM
  • Former Executive Director & CTO of American Diamond Mint
  • Former CEO of Immunity Inc. (now Cyxtera), a security research firm
  • Chair of the Miami Children Corp’s Board of Directors

Certifications & Credentials

  • BS, Computer Science –University of Otago

Hobbies & Fun Facts

Justine is a New Zealander by origin, an ex-professional ballet dancer, and mother of three boys.

Bryson Bort

IANS Faculty

Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a Senior Fellow for Cybersecurity and National Security at R Street and the National Security Institute and an Advisor to the Army Cyber Institute and DHS/CISA. Prior, Bryson led an elite offensive capabilities development group. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain.

Achievements & Noteworthy Contributions

  • Board Advisor to the Army Cyber Institute
  • Fellow at the National Security Institute
  • Contributor to Forbes magazine
  • Presenter at information security conferences such as Black Hat, DEF CON, RSA, and ShmooCon
  • Former VP at ManTech, and information security technology and service company
  • Former Global IT Asset Manager for Smiths Group plc, a FTSE100 technology group

Certifications & Credentials

  • MBA, Business Administration and Management – University of Florida
  • MS, Telecommunications Management – University of Maryland
  • MS, Electrical Engineering and Computer Science – University of Texas
  • BS, Computer Science – United States Military Academy at West Point
  • ITIL Master

Hobbies & Fun Facts

In his free time, Bryson competes in Jiujitsu. He also was an amateur clown.

Mick Douglas

IANS Faculty

Mick is the Managing Partner for InfoSec Innovations, an information security advisory and research firm. He also serves as an Instructor and GIAC Advisory Board Member for the SANS Institute. Mick empowers information security professionals with useful tools and skills from his extensive experience as an analyst, consultant, and software developer.

Achievements & Noteworthy Contributions

  • Presenter at information security conferences such as ShmooCon and DerbyCon
  • Former Practice Lead DFIR for Binary Defense Systems, an attack intelligence and security solutions company
  • Former Senior Security Analyst & Research Specialist at Black Hills Information Security
  • Former Consulting Systems Analyst at Nationwide Insurance
  • Former Senior Security Engineer at Diebold
  • Former VP of Systems & Data security at Bank of America

Certifications & Credentials

  • BA, Communications – Ohio State University
  • CISSP – (ISC)2
  • GPEN, GCUX, GWEB, GSNA – GIAC

Hobbies & Fun Facts

In his free time, Mick enjoys photography, scuba diving, and the great outdoors.

Jonathan Trull

IANS Faculty

Jonathan is the Global Director for the Microsoft Enterprise Cybersecurity Group. In this role, he leads a team of security advisors who provide strategic direction on the development of Microsoft security products and services. He also serves as a member of Microsoft’s Internal Risk Management Committee and is a principle author of the Microsoft Security Intelligence Report. Jonathan also serves as an Affiliate Faculty member in Research Assurance at Regis University and serves as an advisor to security startups and venture capital firms.

Achievements & Noteworthy Contributions

  • Recognized as one of the "People Who Made a Difference in Cybersecurity” by the SANS Institute
  • Participant in the Cloud Security Alliance Top Threats Working Group
  • Presenter at security conferences such as RSA, Black Hat, and CSO50
  • Principal author of the Center for Internet Security Azure Security Foundations Benchmark
  • Former VP and CISO at Optiv Inc., a pure-play cyber security solutions provider
  • Former CISO at Qualys, a cloud security and compliance solutions provider
  • Former CISO for the State of Colorado where he established Colorado’s first Cyber Crime Task Force
  • Former LCDR – Intelligence Officer for the US Navy Reserve

Certifications & Credentials

  • CISO Executive Certification – Carnegie Mellon University
  • MA, Public Administration – University of North Texas
  • BS, Criminal Justice - Metropolitan State University of Denver
  • Certified Cloud Security Professional (CCSP) – ISC2
  • Certified Information Security Professional (CISSP) – ISC2
  • Certified Information Systems Auditor (CISA) – ISACA
  • Offensive Security Certified Professional (OSCP) – Offensive Security

Hobbies & Fun Facts

If he wasn't a CISO, Trull suspects that he would work for a non-profit organization, perhaps as an international health aid worker.

Bill Brenner

Research Director, IANS

Bill Brenner is IANS’ Research Director and has more than two decades of experience as a content strategist, researcher, tech writer, blogger, podcaster and community builder. Information Security has been his focus and passion for the last 15 years. He was previously a senior writer and content strategist at Sophos, content strategist for data security company PKWARE and senior tech writer for Akamai Technology's Security Intelligence Research Team (Akamai SIRT). Before that, he was managing editor for CSOonline.com and senior writer for SearchSecurity.com. He lives in Boston with his wife and two sons, is addicted to Heavy Metal music and only drinks the strongest, most bitter coffee blends.

Joshua Marpet

IANS Faculty

Josh is Co-Founder and COO of Red Lion, an information security advisory and consultancy company. An internationally recognized digital forensics expert, Josh has strategized and performed on government corruption, bad compliance, protecting mission-critical data, and everything in between. Likewise, he has presented on topics ranging from Facial Recognition and National Security to audiences from government agencies, law enforcement, Fortune 5 companies, and many others.

Achievements & Noteworthy Contributions

  • Speaker at information security conferences such as Black Hat, RSA, DEF CON, and BSides
  • Board member of BSides DC and BSides DE
  • Honored as one of the Top 10 Most Influential People in the BSides Movement
  • Author of a pending patent on a Blockchain based system to store forensic data with a perfect chain of custody
  • Former SVP of Compliance and Managed Services for CyberGRC, a risk management platform
  • Former Founder and CEO of BiJoTi, a security performance monitoring service
  • Former CTO of Air CommNetworks, a wireless communications and solutions provider
  • Former Senior Information Security Risk Analyst at Federal Reserve Bank of Philadelphia
  • Former Engineer at Net@Work, Yoh IT, DVTel, Inc., and Exigent Technologies
  • Testified in front of the Turkish Supreme Court on Digital Forensic Matters

Certifications & Credentials

  • BA, Psychology, Psychopharmacology, Statistics – Fairleigh Dickinson University
  • AA, Liberal Arts – Community College of Morris
  • Certified Ethical Hacker (CEH) - EC-Council
  • AccessData Certified Examiner (ACE) - AccessData

Hobbies & Fun Facts

In his free time, Josh enjoys target shooting, blacksmithing, blade making and other crafts. He has also practiced horse dentistry, broom making and historic preservation. As a former police officer and firefighter, Josh worked in the former NYC Twin Towers and in Louisiana during Hurricane Katrina. He also helped his family in New Jersey during Hurricane Sandy.

Philip Young

IANS Faculty

Philip is senior vice president of an offensive security research group at a multinational, Fortune 500 financial services company. He is a leading expert and thought leader in mainframe cyber security with a special focus on the z/OS platform. Philip has built mainframe security programs for multiple Fortune 100 organizations using both vendor and public toolsets. Philip also develops information security coursework to educate the next generation of practitioners, raises awareness about mainframe security, and encourages more organizations to effectively prioritize their risk profiles.

Achievements & Noteworthy Contributions

  • Keynote speaker at SHARE and GSE on mainframe penetration testing
  • Speaker at information security conferences such as Black Hat, RSA, DEF CON, ShmooCon, and BSides
  • Contributor to Nmap and Metasploit open source projects
  • Former Information Security Specialist at Visa
  • Former IT Audit Security Professional at Grant Thornton, an accounting and advisory organization
  • Former Senior IT Auditor at Ernst & Young

Certifications & Credentials

  • BS, Computer Science – Wilfrid Laurier University
  • CISSP – (ISC)2
  • CISA – ISACA
  • Offensive Security Certified Professional (OSCP) – Offensive Security
  • Microsoft Certified Solutions Expert (MISE) – Microsoft
  • Security+ – CompTIA

Hobbies & Fun Facts

In his free time, Philip enjoys retro art, computing, gaming, and swimming with his two boys.

Jake Williams

IANS Faculty

Jake is the Founder, President, and Principal Analyst of Rendition Infosec, an information security consultancy. He also sits on the Vulnerability Review Board at Peerlyst, a startup social networking platform exclusively for security professionals. Jake is a prolific speaker and instructor on a variety of information security topics such as reverse engineering malware, memory forensics, threat intelligence, and advanced exploit development.

Achievements & Noteworthy Contributions

  • Two-Time Winner of the Annual DC3 Forensics Challenge
  • Speaker at information security conferences such as Black Hat, DEF CON, ShmooCon, RSA, and DC3
  • Designated a Master Computer Network Exploitation (CNE) Operator by the NSA
  • Former Vulnerability Analyst at US Department of Defense
  • Former Senior Systems Engineer at Dell Services

Certifications & Credentials

  • MSIA, Information Assurance –Capitol College
  • GSE, GSNA, GCFE, GREM, GCWN, GCIA, GCIH, GPEN, GCFA, GXPN, GSEC –GIAC

Ken Van Wyk

IANS Faculty

Ken is the President and Principal Consultant of KRvW Associates, LLC, an independent information security consulting company, and a Visiting Scientist at Carnegie Mellon University. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. Ken is a frequent speaker at technical conferences, and has presented papers and training for CSI, ISF, USENIX, FIRST, CERT, among others.

Achievements & Noteworthy Contributions

  • Former Steering Committee and Board of Directors Member for the Forum of Incident Response and Security Teams (FIRST)
  • Co-founder of Carnegie Mellon University’s Computer Emergency Response Team (CERT®)
  • Project Leader of Open Web Application Security Project’s (OWASP) iGoat project
  • Former Member on the Board of Directors for SecAppDev.org
  • Former Monthly Columnist for Computerworld.com
  • Lead author of Enterprise Software Security: A Confluence of Disciplines (2014)
  • Co-author of Rugged Handbook (2012)
  • Co-author of Secure Coding (2003)
  • Co-author of Incident Response (2001)

Certifications & Credentials

  • Graduate Coursework,Software Engineering – Carnegie Mellon University
  • Graduate Coursework, Computer Science – Lehigh University
  • BSME –Lehigh University

Hobbies & Fun Facts

Ken is a dual citizen of the EU (England) and the USA and holds a current U.S. Department of Defense TOP SECRET clearance. In his free time, Ken enjoys travel, cooking, Saints football, and spoiling a couple of basset hounds. He also volunteers his time teaching firearms safety as an NRA certified instructor.

Joff Thyer

IANS Faculty

Joff is a Security Analyst and Penetration Testerat Black Hills Information Security (BHIS). He has extensive experience covering intrusion prevention/detection systems, infrastructure defense, vulnerability analysis, defense bypass, source code analysis, and exploit research. He is also an Instructor at the SANS Institute where he primarily teaches the use of Python for information security purposes.

Achievements & Noteworthy Contributions

  • Co-host on the Security Weekly podcast
  • Speaker at information security conferences such as DerbyCon
  • Former Senior Security Consultant at NWN Corporation, a security innovation SaaS platform
  • Former Senior Network Security Architect & Pen Tester at University of North Carolina, Greensboro

Certifications & Credentials

  • MS, Computer Science – University of North Carolina, Greensboro
  • BS, Mathematics – University of North Carolina, Greensboro
  • GPEN, GWAPT, GXPN, GCIA, GCIA Gold–GIAC

Hobbies & Fun Facts

When Joff isn’t working or co-hosting the Security Weekly podcast, he enjoys making music and woodworking.

James Tarala

IANS Faculty

James is Principal Consultant, Co-Founder, and President of Enclave Security, an information security consulting firm specializing in governance that is based in Venice Florida. As a consultant, he has focused on architecting and assessing large enterprise IT security and infrastructure architectures. He has also assisted organizations in security management, operational practices, and regulatory compliance issues. He often performs independent security audits and assists internal audit groups in developing their internal audit programs. James also serves as a Senior Instructor, Course Author, editor, and regular speaker with the SANS Institute.

Achievements & Noteworthy Contributions

  • Speaker at information security conferences such as RSA
  • Lead Technical Editor of the Center for Internet Security’s Critical Security Controls
  • Author of the Open Threat Taxonomy open source project
  • Creator of tools at AuditScripts.com

Certifications & Credentials

  • MA, Information Security Engineering – SANS Technology Institute
  • Master’s Certificate, Information Assurance – University of Maryland Global Campus
  • BS, Linguistics - Cairn University (Formerly Philadelphia Biblical University)

Hobbies & Fun Facts

In his free time, James enjoys the Florida sunshine, spending time outdoors (away from computer screens), running, and exercising.

John Strand

IANS Faculty

John is the Owner of Black Hills Information Security (BHIS) where he leads the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development. He is also a SANS Institute Senior Instructor. In these roles, John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.

Achievements & Noteworthy Contributions

  • Co-author of Offensive Countermeasures: The Art of Active Defense (2013)
  • Contributor to the Penetration Testing Execution Standard (PTES)
  • Contributor to the 20 Critical Controls frameworks
  • Former co-host of Hack Naked TV and Security Weekly podcasts
  • Presenter at information security conferences such as RSA and Black Hat
  • Author of Black Hat’s "Active Defense, Offensive Countermeasures, and Hacking Back" course
  • Author of SANS Institute’s "Hacker Tools, Techniques, Exploits and Incident Handling" course
  • Former Information Assurance lead at Northrop Grumman and Accenture Certifications & Credentials

Certifications & Credentials

  • CISSP – (ISC)2
  • GCIH – GIAC

Hobbies & Fun Facts

In his free time, John enjoys mountain biking, AT Skinning (or Ski Touring) and ranching.

Caleb Sima

IANS Faculty

Caleb is the VP of Security at Databricks, a Unified Data Analytics Platform. Previously, he served as the Managing Vice President of Cyber Security at CapitalOne. Caleb has held many executive-level positions at information technology and security companies in addition to starting and running his own companies. Currently, he also serves as an Investor & Advisor to Pindrop Security.

Achievements & Noteworthy Contributions

  • Co-Author of Hacking Exposed Web Applications (2006, 2010)
  • Former CEO & Co-Founder of BlueBox Security (acquired by Lookout)
  • Former CEO of Armorize Technologies (acquired by Proofpoint), aa SaaS based malware monitoring and code security analysis firm
  • Former CTO of HP’s Application Security Center
  • Former CTO & Founder of SPI Dynamics (acquired by HP)
  • Former Senior Security Consultant and X-Force Researcher at Internet Security Systems (acquired by IBM)

Certifications & Credentials

  • Executive Education – Harvard Business School

Hobbies & Fun Facts

In his free time, Caleb enjoys poker, car racing, and motorcycles.

Adam Shostack

IANS Faculty

Adam is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He currently helps organizations improve their security via his independent information security solutions firm, Shostack & Associates, focused on delivering high-impact training and consulting in threat modeling, secure development, and DevSecOps. He also serves as a MACH37™ Stars Network Mentor and an advisor to many startups including NTrepid, Continuum, and Judo Security. Previously, he worked at Microsoft where he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and creator of the "Elevation of Privilege" game.

Achievements & Noteworthy Contributions

  • Member of the Blackhat Review Board
  • Co-created the Common Vulnerabilities and Exposures (CVE®)
  • Lead designer of Microsoft SDL Threat Modeling Tool
  • Author of Threat Modeling: Designing for Security (2014)
  • Co-author of The New School of Information Security (2008)
  • Creator of Elevation of Privilege: The Threat Modeling Game

Glen Sharlun

IANS Faculty

Glen currently serves at Shape Security, an information security defense platform. He brings nearly 30 years of operational security leadership experience with 15+ of those years focused on cyber operations and capability in the enterprise. Glen’s early professional experience spanned from leading special operations Marines across distant beaches to being responsible for global cyber operational assurance for the United States Marine Corps, as their CISO (CO, CND, USMC). Commercially, his roles have been as diverse as a development lead for a small network security startup (ArcSight ’05), to becoming a Field Operations Vice President through its IPO (’10) and then $1.5B acquisition by HP (’12). Glen also serves as a Certified Instructor for the SANS Institute, a role he has held since 2002.

Achievements & Noteworthy Contributions

  • Speaker at the Pentagon Security
  • Mentor for the United States Naval Academy Alumni Association
  • Former Head of Federal at Authentic8: Secure Virtual Cloud Browser
  • Former VP of North America at TrapX Security
  • Former VP of Worldwide Customer Success at ArcSight (acquired by Hewlett-Packard)
  • Former Co-Founder and VP of Field Operations at Secure Cognition, Inc.

Certifications & Credentials

  • MS, Information Systems Management – Naval Postgraduate School
  • BS – United States Naval Academy

Richard Seiersen

IANS Faculty

Richard is the Co-Founder and CEO of Soluble, an early-stage information security startup that helps their clients discover, manage, and remediate cloud risks in one platform. He also serves as an advisor to security and technology startups including Wallarm, Respond Software Inc., RiskRecon, AnChain.ai Inc, and Uptycs. In addition to publishing security-focused books with Wiley, Richard focuses on developing quantitatively informed strategies, building agile teams that scale,and making digital risk measurable.

Achievements & Noteworthy Contributions

  • Author of The Metrics Manifesto: Confronting Security with Data (2020)
  • Co-Author of How to Measure Anything in Cybersecurity Risk (2016)
  • Speaker at information security conferences such as RSA and Black Hat
  • Former Adjunct Faculty at Carnegie Mellon Universityin their DoD CISO program
  • Former CISO & SVP at LendingClub, a peer-to-peer lending company
  • Former CISO & VP of Trust at Twilio Inc., a cloud communications platform SaaS company
  • Former VP & General Manager of Cyber Security and Privacy at GE Healthcare
  • Former Director of Cyber Security at Kaiser Permanente

Certifications & Credentials

  • Graduate Coursework, Predictive Analytics – Northwestern University
  • MA, Counseling: Emphasis Decision Analysis - John F. Kennedy University
  • BM, Classical Guitar Performance – California State University, Northridge
  • CISSP – (ISC)2
  • CREA – Information Assurance Certification Review Board (IACRB)
  • GIAC Systems and Network Auditor – GIAC

Justin Searle

IANS Faculty

Justin is the Director of ICS Security at InGuardians, specializing in Industrial Control Systems (ICS) security architecture design and penetration testing. He also led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and has played key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP). Justin has authored and taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences.

Achievements & Noteworthy Contributions

  • Senior Instructor at SANS Institute (9+ years) teaching courses on Advanced Web Penetration Testing and ICS Security Essentials
  • Instructor at Black Hat (10+ years) teaching “Assessing and Exploiting” series of courses for ICS and Web Applications
  • Creator and maintainer of The Control Things Platform open source project
  • Co-leader of Samurai Web Testing Framework (SamuraiWTF) and Samurai Security Testing Framework for Utilities (SamuraiSTFU) open source projects
  • Presenter at information security conferences such as Black Hat, DEFCON, OWASP, Toorcon, Brucon, Nullcon, and AusCERT
  • Former Owner and CEO of UtiliSec, an information security consultancy focused on ICS services
  • Former IT Security Architect at JetBlue Airways
  • Former Professor at ITT Technical Institute

Certifications & Credentials

  • MBA, International Technology –American InterContinental University
  • BS, Technology Education (Computer Science & Electrical Engineering) –Brigham Young University
  • CISSP – (ISC)2
  • GCIH, GCIA, GWAPT, GICSP – GIAC

Hobbies & Fun Facts

Justin is a SCUBA dive master, private pilot, and licensed Master Class falconer. Justin and his wife own a small ranch in Utah where they breed and train Andalusian horses for use in Dressage and Working Equitation.

Mike Saurbaugh

IANS Faculty

Mike is the director of technical alliances with Cofense (formerly PhishMe), a phishing defense solutions organization, as well as the founder and principal consultant of First Security Alliance LLC, an independent information security advisory and assessment consultancy. He also serves as a mentor with Queen City Fintech in Charlotte, NC and was a Stars Mentor with MACH37 Cyber Accelerator. Likewise, Mike has served on the Cybersecurity Curriculum Advisory Committee at Alfred State College and Corning Community College in addition to regularly volunteer teaching high school students in cybersecurity fundamentals.

Achievements & Noteworthy Contributions

  • Speaker at information security conferences such as InfoSec World, (ISC)2, SecTor, ISACA, and Evanta
  • Journal Author for ISACA
  • Former Research Director at SecurityCurrent an online, security-focused publication
  • Former Head of Information Security and Technology Services at Corning Credit Union

Certifications & Credentials

  • MS, Information Assurance – Walsh College
  • BSE, Education – State University of New York College at Cortland
  • Certificateof Study–Rochester Institute of Technology
  • CISSP – (ISC)2
  • CISM, CRISC – ISACA

Hobbies & Fun Facts

In his free time, he loves to spend time with his wife and two daughters, work out, drive his Jeep Wrangler, and cook.

Katrina Rodzon

IANS Faculty

Kati is a Product Manager at a pharmaceutical company in Salt Lake City and an independent Behavior Design, Methodology, and Analytics Expert. She has applied her diverse set of skills to creating, implementing and evaluating innovative security awareness programs for Fortune 100 companies. Likewise, she has assisted in creating effective social engineering tools and testing scenarios for penetration testing teams. Kati also has experience managing curriculum strategy and content development in psychology to information technology for both online and live instruction.

Achievements & Noteworthy Contributions

  • Former Security Program Manager & Product Manager of Bugcrowd Inc., a crowdsourced security platform

Certifications & Credentials

  • ABD-Ph.D., Cognitive Psychology and Behavior Analysis – Utah State University
  • MA, Research and Experimental Psychology – San Francisco State University
  • BA, Psychology – California State University, Bakersfield

Hobbies & Fun Facts

In her free time, Kati works as a professional solo and duo aerialist performer and teacher. She also takes full advantage of the SLC outdoor fun of through rock climbing, hiking, skiing, and mountain biking.

Ron Ritchey

IANS Faculty

Ron is a seasoned technologist specializing in cyber security with over 30 years of experience in the IT industry. Currently, he is the global lead for Cyber Architecture at JP Morgan Chase. His group is responsible for designing secure solutions to support their clients and employees. He is also an active researcher and speaker in the Information Assurance (IA) field and is widely published on network security topics including co-authoring books on Software Assurance and Insider Threats.

Achievements & Noteworthy Contributions

  • Former Chief Scientist for Information Security at Bank of America
  • Former Faculty at The SANS Institute and George Mason University
  • Former Industrial Advisory Board Member at George Mason University’s Volgenau School of Engineering
  • Former Principal at Booz Allen Hamilton, a technology-focused management consulting company
  • Holder of many US Patent and Trademark Office granted patents on cyber security related innovations
  • Co-Author of Inside Network Perimeter Security (2002, 2005)
  • Co-Author of Guide to IPSEC VPNs (2005)

Certifications & Credentials

  • PhD, Information Technology – George Mason University
  • MS, Computer Science – George Mason University
  • Graduate Certificate, Software Engineering – George Mason University
  • BS, Computer Science – George Mason University
  • CISSP – (ISC)2

Hobbies & Fun Facts

Not only is Ron an IoT hacker, he is also a pilot and amateur barista.

Marcus Ranum

IANS Faculty

Marcus is a semi-retired independent consultant and technology advisor to start-ups and large enterprises. He is recognized as an innovator in firewall technology and the implementer of the first commercial firewall product. Marcus’s work has been cited in at least 15 published U.S. patents in addition to computer and network security articles and books.

Achievements & Noteworthy Contributions

  • Designer of firewall products such as DEC SEAL, TIS firewall toolkit, Gauntlet firewall, and NFR's Network Flight intrusion detection system
  • Builder of the first internet email service for the whitehouse.gov domain
  • Winner of the ISSA Fellowship and inducted into ISSA’s all of fame
  • Winner of the Techno-Security Professional of the Year award
  • Co-Author of Host Intrusion Monitoring Using Osiris and Samhain (2005)
  • Author of The Myth of Homeland Security (2003)
  • Co-Author of Web Security Sourcebook (1997)
  • Former Instructor for SANS Institute
  • Former CSO at Tenable Network Security, an information security monitoring company
  • Former Founder, CEO, and CTO of Network Flight Recorder
  • Former Chief Scientist at Trusted Information Systems and V-One

Certifications & Credentials

  • BA, Psychology –Johns Hopkins University

Hobbies & Fun Facts

In his spare time, Marcus likes playing strategy games, taking photos, making soap, woodworking, or forging swords.

Teri Radichel

IANS Faculty

Teri Radichel is the CEO of 2nd Sight Lab, a cloud security company that offers cloud security training, penetration tests, and cloud security assessments to organizations worldwide. She is the author of the book Cybersecurity for Executives in the Age of Cloud, an AWS Hero and meetup organizer, a member of the IANS Faculty and Infragard, and received the SANS 2017 Difference Makers Award for security innovation. Teri holds numerous cloud security certifications, including the GSE, which many regard as one of the most challenging certifications to obtain in cybersecurity. She was a member of the original Capital One cloud team and has worked as Cloud Architect, Director of SAAS Engineering, and now CEO, helping companies secure their clouds. Teri has spoken at numerous conferences worldwide including AWS re:Invent, re:Inforce, RSA, OWASP AppSec Day, and Serverless Days, to name a few.

Achievements & Noteworthy Contributions

  • Winner of the SANS Differences Makers Award in 2017
  • Organizer of Seattle AWS meetup which has almost 3,000 members
  • Presenter at information security conferences such as RSA, AWS re:Invent, Microsoft Build, ISACA Congress, OWASP AppSec Day, ServerlessDays London, and BSides
  • Published writer in Dark Reading, Infosecurity Magazine, Secplicity.com, and her own cloud security blog (https://medium.com/cloud-security)
  • Founding member of SANS Cloud Security Curriculum Advisory Board
  • Former Instructor at the SANS Institute
  • Author of widely referenced papers in the SANS Institute reading room

Certifications & Credentials

  • BA, Business – University of Washington
  • MA, Software Engineering – Seattle University
  • MA, Information Security Engineering – SANS Technology Institute
  • AWS Hero – Amazon
  • GSE, GSEC, GCIH, GCIA, GCPM, GCCC, GREM, GPEN, GXPN – GIAC

Hobbies & Fun Facts

Teri is an avid traveler and has visited all 50 states in the US. She also taught herself to program TI Basic in grade school.

Chris Poulin

IANS Faculty

Chris is a Principal Consulting Engineer at BitSight Technologies, an information security risk management company that created the security ratings platform market. He has 35 years in information security and served in a variety of technical and management roles ranging from a programmer for the US intelligence community to founder and CEO of his own consultancy. Chris’s experience has spanned many industries working in organizations as large as IBM in addition to small startups. Although he spent almost a decade building the IoT security practice at IBM and running an Industrial Control and automotive security practice at Booz Allen, his current focus has shifted to enterprise risk. Bringing his broad experience in information security, Chris also serves as a mentor and advisor to science and technology organizations.

Achievements & Noteworthy Contributions

  • Speaker at information security conferences and private events
  • Contributing engineer to IBM’s Cyber Watson prototype
  • Former Principal and Director of IoT at Booz Allen Hamilton
  • Former Security Research Strategist (X-Force) at IBM
  • Former CSO at Q1 Labs (IBM Security)
  • Former Owner, Founder, & CEO of FireTower, Inc., a boutique information security consultancy

Hobbies & Fun Facts

In his free time, Chris is making or breaking new technology, hiking, rock climbing, or appreciating fine wine and craft brews. Having grown up in India and Africa, as a son of an international economist, Chris speaks French and enjoys traveling—especially to tropical locales.

Michael Pinch

IANS Faculty

Mike is the director at Security Risk Advisors, an information security advisory and solutions firm. As an experienced healthcare and education technology executive, Mike has overseen and managed software development and innovation groups in the information security realm. He has had the unique experience of fulfilling CISO and CTO roles in the healthcare payer, provider, and medical device manufacturer spaces.

Achievements & Noteworthy Contributions

  • Former CISO and CTO at University of Rochester
  • Former CISO at University of Rochester Medical Center
  • Former Adjunct Professor at Rochester Institute of Technology
  • Former CTO at Palladian Health

Certifications & Credentials

  • MS, Computing Security & Information Assurance –Rochester Institute of Technology
  • MBA, Technology Management & Management Information Systems –Rochester Institute of Technology
  • BS, Computer Science –Union College

Hobbies & Fun Facts

In his free time, you can find Mike snowboarding, mountain biking, or training and competing in triathlons.

Davi Ottenheimer

IANS Faculty

Davi is Security Architect at Inrupt, Inc., a company that supports Solid, a web decentralization project founded by the inventor of the World Wide Web, Tim Berners-Lee. He is also the Founder and President of flying penguin LLC, an information security consulting firm that focuses on risk mitigation and incident response solutions. Additionally, he serves as a Visiting Lecturer at St Pölten University of Applied Sciences (Fachhochschule St Pölten) in Austria, an Affiliate for the Policy Innovation Lab of Tomorrow (PILOT) at Penn State University, as well as an Advisory Board Member at Cyral, Anjuana Security, and Accenture. Davi has helped serve customer data protection needs across many industries including data storage and management, software, investment, banking, international retail, as well as higher education, healthcare and aerospace.

Achievements & Noteworthy Contributions

  • Author of Realities of Securing Big Data(2020)
  • Co-author of Securing the Virtual Environment: How to Defend the Enterprise Against Attack(2012)
  • Established the RSA Conference Excellence in Humanitarian Service Award
  • Former Board Member for the Payment Card Industry Security Alliance and the Silicon Valley chapters of ISACA and OWASP
  • Former VP of Trust and Digital Ethics at MongoDB, a database for cloud-based application development
  • Former Global Manager of Communications Security at Barclays Global Investors (now Black Rock)
  • Former Senior Director of Trust at EMC
  • Led the redesign and launch of http://security.yahoo.comwhile serving as Dedicated Paranoid
  • Founder and Chairman of the Board at poetry.org

Certifications & Credentials

  • MSc, International History –The London School of Economics and Political Science
  • BA, Philosophy & Political Science –Macalester College
  • CISSP – (ISC)2
  • CISM – ISACA
  • PA-QSA, QSA – PCI SSC

Rich Mogull

IANS Faculty

Rich is CEO and Analyst for Securosis, an information security research and advisory firm, in addition to Founder and Vice President of Product at DisruptOPS, a cloud environment monitoring platform. Prior to founding Securosis, he was Research Vice President for Gartner’s security team where he also served as Research Co-Chair for the Gartner Security Summit. Additionally,Rich has served as an independent consultant, web application developer, software development manager, and a systems and network administrator.

Achievements & Noteworthy Contributions

  • Primary Author of the Cloud Security Alliance Security Guidance for Critical Areas of Focus in Cloud Computing
  • Principle course designer for the Cloud Security Alliance CCSK training
  • Security Editor of the online media platform, TidBITS
  • Published writer in Dark Reading, Information Security Magazine, and Macworld
  • Presenter at information security conferences such as RSA and DEF CON
  • Paramedic First Responder for US Department of Health and Human Services

Certifications & Credentials

  • BA, History –University of Colorado
  • CISSP –(ISC)2

Hobbies & Fun Facts

In his free time, Rich enjoys cycling and most outdoor sports capable of causing serious bodily injury. He is also a member of the 501st Legion (a Star Wars charity group).

Jennifer Minella

IANS Faculty

Jennifer is the Consulting CISO and VP of Engineering & Security at Carolina Advanced Digital, Inc., a leading technology infrastructure and security solutions company. There, she leads strategic research and consulting for government, education, and Fortune 100 & 500 corporations. Jennifer also serves as a Program Committee Member for RSA Conference, Chair of the (ISC)2 Board of Directors, Contributing Analyst at Securosis, and HPE EG Worldwide Partner Ambassador for Hewlett Packard Enterprise and their subsidiary company Aruba.

Achievements & Noteworthy Contributions

  • Winner of the Tech Woman of the Year in 2014 by NCTA, Top Ten Power Players: Women in Security 2014 SC Magazine, and Top Influencers in Security 2015.
  • Former Communications Director on the 2013 Board for the ISSA Raleigh chapter
  • Co-Author of Low Tech Hacking (2011)
  • Contributing Technical Author for CISSPv9 Courseware
  • Author of whitepapers Catching the Unicorn: A technical exploration of why NAC is failing (2009), Universal NAC Feature Model (2012)

Certifications & Credentials

  • CISSP – (ISC)2
  • CWNP- Certified Wireless Security Professional (CWSP)
  • Master ASE Wireless Networking, Switching & Routing, Wireless Networks Implementer – Hewlett Packard Enterprise
  • Aruba Certified ClearPass Professional (ACCP) – Aruba, a Hewlett Packard Enterprise Company
  • Juniper Networks Certified Specialist, Junos Pulse Secure Access (NCIS-SA) – Juniper Networks

Hobbies & Fun Facts

In her free time, she enjoys painting, reading, powerlifting, and competitive ballroom and swing dancing.

Stephen McHenry

IANS Faculty

Stephen serves as an independent Security Consultant performing security assessments, developing information security programs and strategies, and creating remediation plans for select clients. He is also Co-Founder of Community of Practice, a Silicon-Valley-based membership organization for Engineering VPs and CTOs. Stephen has experience including building and leading worldwide teams and designing some of the world's largest Internet services.

Achievements & Noteworthy Contributions

  • Former Senior VP of Engineering at Symantec where he created their first cloud platform, a new secure cloud platform that acted as the foundation for SaaS security offerings, and a big data analytics platform
  • Former Director of Security Engineering at Google
  • Former Site Reliability Engineering Chancellor at Google managing a global team and supporting Maps, YouTube, Indexing, and Logging
  • Former Chief Architect for Netflix
  • Former VP of Engineering at Emasys, a semiconductor management software company
  • Former VP of Engineering & CTO for Fort Hill Systems, an internet content distribution company
  • Former VP of Engineering, VP of Professional Services, and CTO for Advanced Software Technologies

Certifications & Credentials

  • Strategic Negotiation Coursework – Harvard Business School
  • MS, Information and Computer Science – University of California, Irvine
  • BS, Physics & Geology – Chapman University

Raffael Marty

IANS Faculty

Raffy is VP of Research and Intelligence at Forcepoint where he leads Forcepoint X-Labs, a specialized group dedicated to behavior-based security research and development of predictive intelligence to Forcepoint's human-centric product portfolio. Bringing more than 20 years of cybersecurity experience across engineering, analytics, research, and strategy, Raffy is one of the industry's most respected authorities on security data analytics, big data, and visualization. As such, he serves as an advisor to many technology startups. He is the author of Applied Security Visualization and is a frequent speaker at global academic and industry events. Additionally, Raffy has held key roles at IBM Research, ArcSight, and Splunk.

Achievements & Noteworthy Contributions

  • Author of Applied Security Visualization (2008)
  • Frequent speaker at global academic and industry events
  • Former VP of Security Analytics at Sophos, a leading endpoint and network security company
  • Former Founder of Pixicloud, a visual analytics platform
  • Former Founder of Loggly, a cloud-based log management solution

Certifications & Credentials

  • MS, Computer Science - ETH Zurich

Hobbies & Fun Facts

In his free time, Raffy practices Japanese traditional Zen Buddhism through Kōan study and meditation.

Shannon Lietz

IANS Faculty

Shannon is Director of DevSecOps at Intuit and the Founder of DevSecOps, a non-profit organization committed to uniting security with DevOps and Agile practices via experimentation and education. Shannon is an award-winning security innovator and leader experienced in developing emerging security programs for Fortune 500 companies including ServiceNow, Sony, Sempra, Savvis, Cable & Wireless, 99 Cents Only, Exodus, and Bank of America.

Achievements & Noteworthy Contributions

  • Winner of 2014 Scott Cook Innovation Award for developing and cultivating a world-class cloud security program for protecting sensitive data in AWS
  • Former CEO and Founder of Got Metrics, Inc. a boutique metrics company
  • Former Master Security Architect for Savvis Inc. a CenturyLink subsidiary

Certifications & Credentials

  • BS, Biomedical Science – Mount Saint Mary’s University
  • IDEO coursework – Insights for Innovation, Designing for Change, Leading for Creativity, Storytelling for Influence

Hobbies & Fun Facts

Shannon is the founder of DevOps Community, and dedicates her time towards improving and adapting security to meet the needs of innovation and agility. Inspiring the mission of uniting security with DevOps and Agile practices via experimentation and education within the security industry.

Dave Lewis

IANS Faculty

Dave is a Global Advisory CISO for Duo Security, a Cisco subsidiary. He has almost two decades of industry expertise with extensive experience in IT operations and management. Dave is the Founder of the security news site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. He is also the Director & Co-Founder of OpenCERT Canada, Canada’s first open national Computer Emergency Response Team. Dave has worked finance, healthcare, entertainment, manufacturing, and critical infrastructure verticals. He also has experience consulting for federal organizations working as a Security Consultant and defense contractor to the FBI, US Navy, Social Security Administration, US Postal Service, and the US Department of Defense.

Achievements & Noteworthy Contributions

  • Member of the (ISC)2 Board of Directors
  • Writer for Decipher, PortSWigger Web Security, Forbes, and CSO Online
  • Speaker at information security conferences such as DEF CON and BSides
  • Director of BSides Las Vegas Chapter
  • Co-Founder of BSides Toronto
  • Advisor to Securosis, an information security research and advisory firm
  • Advisory Board Member for Sector Security Education Conference
  • Former Global Security Advocate at Akamai Technologies

Certifications & Credentials

  • MS, Computer & Information Systems Security/Information Assurance – Harvard University

Hobbies & Fun Facts

In his free time, Dave enjoys spending time with his family and playing bass guitar. Dave also ran as a torch bearer relay for the 2010 Winter Olympics.

Justin Leapline

IANS Faculty

Justin has over twenty years of experience in system administration, software development, and information security. His core skills include regulatory and contractual compliance, program management, payment card standards, and general governance practices and frameworks. He is the founder of episki, a cloud-based governance tool geared to help smaller organizations manage their security programs and serves as a Principal Consultant at TrustedSec.

Prior to his current roles, Justin consulted with Fortune 1000 companies in information systems, audit, governance and information security. He has led the governance and security practices for leading eCommerce and large financial services companies. Additionally, Justin has spoken at conferences concerning risk management, payment card industry (PCI), security leadership, and general information security practices.

Achievements & Noteworthy Contributions

  • Former Board Member of the Pittsburgh chapter of ISACA
  • Former Manager Security Governance & Compliance at Diebold
  • Former Director of Security at GiftCards.com
  • Former VP of Service Provider Management at BNY Mellon

Certifications & Credentials

  • CISSP – (ISC)2
  • Certified Information Systems Auditor (CISA) – ISACA
  • Certified Ethical Hacker (CEH) – EC Council
  • Certified ISO 27001 Auditor
  • PCI Qualified Security Assessor (QSA) – PCI Council

Hobbies & Fun Facts

In his free time, Justin enjoys spending time with his wife and 4 kids, dabbling at the piano, and is a tinkerer of projects.

Adrian Lane

Former IANS Faculty

Adrian is the CTO of Securosis, a boutique information security analyst firm, and VP of Development at DisruptOPS, a SaaS-based cloud management and automation company. Adrian has been an asset at companies like Ingres, Oracle, and Unisys --giving him extensive experience in the vendor community. Having worked as a CIO and CTO, Adrian has experience selecting and deploying technologies securely.

Achievements & Noteworthy Contributions

  • Presenter at information security conferences such as RSAC, Black Hat, and OWASP
  • Former CTO of the database security company IPLocks
  • Former VP Engineering at Touchpoint, a web commerce firm
  • Former CTO/CIO of CPMi, A Raymond James brokerage
  • Former Blogger for Dark Reading,one of the most widely read cyber security news sites on the Web

Certifications & Credentials

  • BS, Computer Science-University of California at Berkeley
  • Post Baccalaureate Studies, Computer Science (Operating Systems) - Stanford University

Hobbies & Fun Facts

Adrian is an avid runner, mountain biker, and backyard farmer.

Achievements & Noteworthy Contributions

  • Presenter at information security conferences such as RSAC, Black Hat, and OWASP
  • Former CTO of the database security company IPLocks
  • Former VP Engineering at Touchpoint, a web commerce firm
  • Former CTO/CIO of CPMi, A Raymond James brokerage
  • Former Blogger for Dark Reading,one of the most widely read cyber security news sites on the Web

Certifications & Credentials

  • BS, Computer Science-University of California at Berkeley
  • Post Baccalaureate Studies, Computer Science (Operating Systems) - Stanford University

Hobbies & Fun Facts

Adrian is an avid runner, mountain biker, and backyard farmer.

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Achievements & Noteworthy Contributions

  • Founding Member of the Penetration Testing Execution Standard (PTES)
  • Co-Author of Metasploit: The Penetration Testers Guide (2011)
  • Guest appearances on Fox News, CNN, CNBC, MSNBC, Huffington Post, Bloomberg, BBC, and other high-profile media outlets
  • Presenter at information security conferences such as Black Hat, RSA, DEF CON, ShmooCon, INFOSEC World, ISACA, ISSA, United Security Summit, INFOSEC Summit, Hack3rCon, BSides, and DerbyCon, which he co-created and expanded into DerbyCon Communities

Certifications & Credentials

  • BA, Business Management – Malone University
  • CISSP – (ISC)2
  • Qualified Security Assessor (QSA) – PCI Security Standards Council
  • ISO/IEC 27001 Certified – ISO
  • GSEC - GIAC
  • Certificate Professional (OSCP) & Certified Expert (OSCE) – Offensive Security
  • Global Information Assurance Gold Certification
  • Microsoft Certified Solutions Expert (MCSE) – Microsoft

Ondrej Krehel

IANS Faculty

Ondrej Krehel is the Founder, CEO, and Digital Forensics Lead of LIFARS LLC, an international cybersecurity and digital forensics firm. He is also the Co-Founder and an Advisory Board Member of QuBit Conference, an events and training company dedicated to connecting the information security community. Ondrej is an accomplished speaker having lectured for FBI Training Academy and the National Executive Institute. He also serves as a member of New York Metro Infragard, as the Chapter Leader of OWASP NYC, and as a Distinguished Fellow with the Ponemon Institute.

Achievements & Noteworthy Contributions

  • Featured in CNN, ABC TV, Reuters, The Wall Street Journal, and The New York Times
  • Author of “6 Skills Required for a Career in Digital Forensics” published by Forbes
  • Expert Witness in Federal, State, and Local Courts for investigations such as UBS Tax Evasion, Madoff Investigation, and Chevron versus State of Ecuador.
  • Contribution to DoJ of Indictment of APT0, xDedic, SamSam from Iran, and Lazarus North Korea State Sponsored Hackers
  • Guest Lecturer at Columbia University and New York University
  • Certified Ethical Instructor for the US Airforce
  • Former Adjunct Professor at St. John’s University
  • Former CISO at Identity Theft 911, a premier identity theft recovery and data breach service
  • Former Digital Forensics Examiner at Stroz Friedberg, LLC
  • Former Technical Project Leader in Security at Loews Corporation

Certifications & Credentials

  • PhD, Digital Trace and Forensic Investigations – Police Academy in Bratislava
  • MS, Mathematical and Theoretical Physics – Univerzita Komenského v Bratislave
  • BS, Engineering – Technická Univerzita vo Zvolene
  • CISSP – (ISC)2
  • CEH, CEI – EC-Council
  • EnCE – Guidance Software

Hobbies & Fun Facts

In his free time, Ondrej is an Extreme Back Country Skiing Instructor. He lives his life with curiosity and a discipline for finishing whatever he starts.

Diana Kelley

IANS, Faculty

Diana is the Cybersecurity Field CTO for Microsoft and a cybersecurity architect, executive advisor and author. At Microsoft she leverages her 25+ years of cyber risk and security experience to provide advice and guidance to CSOs, CIOs and CISOs at some of the world’s largest companies and is a contributor the Microsoft Security Intelligence Report (SIR). She was the Global Executive Security Advisor at IBM Security where she built and managed the IBM Security Research Community Newsroom process and was a regular contributor to IBM X-Force research. She is a faculty member with IANS Research, Industry Mentor at the CyberSecurity Factory, and guest lecturer at Boston College’s Master of Science in Cybersecurity program. Diana serves on the Board of Directors at Sightline Security, the RSA US Program Committee for 2018 and 2019, was an IEEE “Rock Star of Risk” in 2016, keynotes frequently at major conferences and co-authored the book Cryptographic Libraries for Developers.

Kevin Johnson

IANS Faculty

Kevin is the Founder, CEO, and Principal Security Consultant of Secure Ideas, an information security consulting company that focuses on penetration testing services and training. He is also a founder and contributor of many open source projects including the Samurai Web Testing Framework (SamuraiWTF), a web penetration testing and training environment, and the Basic Analysis and Security Engine (BASE) project, a web front-end for Snort Analysis

Achievements & Noteworthy Contributions

  • Presenter at information security conferences such as Black Hat, DEF CON, and ShmooCon in addition to organizations such as Infragard, ISACA, and ISSA
  • Former SANS Institute Senior Instructor (8 years)
  • Author of SANS Course, Security 542: Web Application Penetration Testing and Ethical Hacking
  • Former Senior Security Consultant for InGardians, an independent information security consultancy
  • Former Technical Architecture Engineer at Blue Cross Blue Shield of Florida
  • Former Programmer at ANC Rental Corp, Orlando.com, and eSiteCreation

Hobbies & Fun Facts

Kevin enjoys spending time with his family and is an avid Star Wars fan and member of the 501st Legion, a Star Wars charity group.

Rebecca Herold

IANS Faculty

Rebecca is Founder, Owner, and CEO of Rebecca Herold, LLC aka The Privacy Professor®, an information security, privacy, IT, and compliance services firm. She is also the Co-Founder of SIMBUS360, an information security and privacy management platform. Rebecca also serves as a Distinguished Ponemon Institute Fellow and as an Advisory Board Member for technology startups such as Anonos, Westchester Biotech Project, and DFLabs. Additionally, Rebecca has served as an expert witness, authored nineteen books, and hosts a VoiceAmerica radio show called “Data Security & Privacy with the Privacy Professor.

Achievements & Noteworthy Contributions

  • Leader of the NIST Smart Grid Privacy Research Group (2009-16)
  • Member of the NIST Smart Grid Cyber Security Research Group (2009-16)
  • Member of the NIST Privacy Framework Development Team
  • Founding Member of the IEEE P1912 Standard for Privacy and Security Architecture for Consumer Wireless Devices group
  • Member of ISACA’s International Privacy Task Force
  • Winner of Computerworld’s Best Privacy Advisers Award (2007, 2008, 2010)
  • Co-Author of Data Privacy for the Smart Grid (2015)
  • Author of The Privacy Papers: Managing Technology, Consumer, Employee and Legislative Actions (2001)
  • Author of Managing an Information Security and Privacy Awareness and Training Program (2005, 2010)
  • Co-Author of The Practical Guide to HIPAA Privacy and Security Compliance (2003, 2014)
  • Former Adjunct Professor at Norwich University’s MS in Information Security & Assurance program (2004-14)

Certifications & Credentials

  • MA, Computer Science & Education – University of Northern Iowa
  • BS, Mathematics & Computer Science – University of Central Missouri
  • CISSP – (ISC)2
  • CISA, CISM – ISACA
  • CIPP/US, CIPT, CIPM, FIP – IAPP
  • FLMI – Life Office Management Association

Hobbies & Fun Facts

In her free time, Rebecca enjoys renovating old houses, farming, gardening, writing, and traveling. She also enjoys watching Iowa State University football and basketball in addition to the Kansas City Chiefs.

Rich Guida

IANS Faculty

Rich is Founder and Managing Director of Guida Technology Associates, Inc., a small consulting company, through which he has consulted for companies in the pharmaceutical, retail, financial, and telecommunications sectors. An information security and engineering professional with extensive experience in the Federal government and in the private sector, Rich as occupied executive positions within the Department of the Navy, the Department of the Treasury, and at Johnson & Johnson (J&J). In 2011, Rich retired from J&J as Vice President of Worldwide Information Security (J&J’s Chief Information Security Officer). He is especially skilled in written and oral communications.

Achievements & Noteworthy Contributions

  • Winner of the Federal 100’s Top IT Executive Award
  • Winner of Federal CIO Council’s Distinguished Service Award
  • Former Senior Technical Advisor to the CIO of the U.S. Department of the Treasury
  • Member of the U.S. Department of Commerce’s Information Security and Privacy Board (2000-05)
  • Former Associate Director for Regulatory Affairs of the U.S. Naval Nuclear Propulsion Program
  • Member of U.S. Army Science Board (2011-15)
  • Member of the Federal Senior Executive Service
  • Author of the book: The Entropy Police: Practicing Information Security in the Enterprise (2016)

Certifications & Credentials

  • BS, Electrical Engineering, Computer Science – Massachusetts Institute of Technology
  • MS, Nuclear Engineering – Massachusetts Institute of Technology
  • MBA, Finance – The George Washington University
  • CISSP– (ISC)2

Hobbies & Fun Facts

In his free time, Rich enjoys military history, playing the piano, and video games.

Marty Gomberg

IANS Faculty

Marty is a Senior Privacy Consultant at TrustArc, a privacy compliance and data protection software and services company. In this role, He helps clients across the US, Europe, and Asia conform to current and emerging privacy and cyber regulation. Marty is also a Consulting Product Advisory Board Member at TrustArc. He also serves clients via his independent information security advisory firm and consultancy, CYBERITE LLC, where he acts as an executive advisor for global data security, privacy, continuity and crisis management.

Achievements & Noteworthy Contributions

  • Author of CISO Redefined: Thoughts on Leadership, Business Protection, and the Chief Information Security Officer (2018)
  • Former SVP And Chief Information Officer at A+E Networks
  • Former SVP and Global Director of Governance, Security, and Business Protection at A+E Networks
  • Former VP Technical Strategies Global Corporate Finance at Chase
  • Former Vice Chair of U.S. State Department Overseas Security Advisory Council for the Media and Entertainment Industry
  • Founding Member of CIO Executive Council
  • Winner of the 2013 Member Appreciation Award from the CIO Executive Council for Outstanding Contribution to the Profession
  • International speaker on information security most recently featured in PRIVSEC in Dublin and New York City

Certifications & Credentials

  • MS; PhD ABD, Forensic Anthropology, Paleopathology, and BioBehavioral Sciences –University of Connecticut
  • BA, Physical Anthropology –SUNY Binghamton
  • CISSP – (ISC)2
  • CIPP/E –Institute of Applied Privacy Professionals

Hobbies & Fun Facts

In his free time, Marty enjoys collecting wine and spelunking in European caves to look at prehistoric paintings. To date, he has made 4 trips through northern Spain, Southern France, and the Pyrenees visiting approximately 27 caves.

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Achievements & Noteworthy Contributions

  • Co-Founder of VMware Center for Policy and Compliance
  • Co-Author of Center for Internet Security QuickStart Cloud Infrastructure Benchmark v1.0.0
  • Author of the MIS|TI Fundamentals in Cloud Security course
  • Speaker at information security conferences such as RSA, AWS reInvent, Cloud Expo Silicon Valley, SANS Institute Cloud Security Summit
  • Former Global Director of Security Evangelism and Product Strategy and Director of VMware Policy and Compliance at VMware
  • Former Cloud Business Director at EMC

Hobbies & Fun Facts

George’s first language is Spanish. He is an avid snowboarder, golfer, and yogi who is always looking for the best sandwich and IPA in any city that he visits.

John Galda

IANS Faculty

John is Global Head of Risk and Information Security Officer at Charles River Development, a State Street Corporation subsidiary where his team have achieved PCI, ISO 27001, and GDPR compliance. John has 30+ years of experience in information technology at Fortune 500 companies such as General Electric, Liberty Mutual, United Technologies, and Textron. A metrics-oriented security leader with executive management and technical experience, John has a demonstrated ability to clearly present technical topics to all levels of an organization.

Achievements & Noteworthy Contributions

  • Former Division Information Security Officer at GE Capital
  • Former Director of Security Operations at Liberty Mutual Group

Certifications & Credentials

  • MBA, Business – Questrom School of Business, Boston University
  • Graduate studies, Accounting – Harvard University
  • MA – Columbia International University
  • BS, Information Technology – University at Buffalo
  • CISSP – (ISC)2
  • CISM – ISACA
  • ITIL, LEAN Six Sigma, PMP – George Washington University

David Etue

IANS, Faculty

David Etue brings experience including security program leadership, management consulting, product management, and technical implementation. David is the VP of Managed Services at Rapid7, where he drives the creation, execution and strategic vision of managed services offerings globally. He was previously VP of Business Development for Gemalto’s identity and data protection group, which he joined via the SafeNet acquisition where he led Corporate Development Strategy. He also was Cyber Security Practice Lead at management consultancy PRTM, VP of Products & Markets at Fidelis Security Systems, led General Electric's global computer security program, and held various positions in technology strategy, operations and product management. He is a Certified CISO, Certified Information Privacy Professional, a graduate of GE's Information Management Leadership Program, and a certified Six Sigma Green Belt.

Ron Dilley

IANS Faculty

Ron Dilley is a leading information security practitioner and thought leader with more than two decades experience building and implementing information security practices for global companies, overseeing and revitalizing infosec teams and advising on mergers, acquisitions and divestitures from an infosec perspective. In the constantly changing infosec landscape, Ron is dedicated to staying abreast and ahead of current and emerging threats across all relevant technologies.

Dennis Devlin

IANS Faculty

Dennis is an emeritus CISO with nearly five decades of accomplishment leading enterprise IT and information risk management in both private industry and higher education. He has built and led teams that delivered highly successful enterprise-class initiatives and programs in information security, privacy, identity management, messaging, business continuity and emergency notification. Dennis serves as a Distinguished Fellow for the Ponemon Institute and a Contributing Author for Amazon’s Security 2020.

Achievements & Noteworthy Contributions

  • Speaker at education institutions and information security conferences such as RSA and Gartner
  • Co-Founder and former CISO for SAVANTURE, Inc., a cloud security services provider
  • Former AVP for Information Security and Compliance Services at George Washington University
  • Former CISO and Adjunct Facultyat Brandeis University
  • Former Corporate VP & CSO at The Thomson Corporation (now Thomson-Reuters)
  • Former member of executive IT leadership at Harvard University

Certifications & Credentials

  • BA –University of Pennsylvania

Hobbies & Fun Facts

In his free time, Dennis enjoys digital photography, world travel and volunteering.

Rocky DeStefano

IANS Faculty

Rocky is the Executive Director of Cybersecurity at JP Morgan. Rocky was a member of the USAF and subsequently supported AFCERT as part of the Incident Response Team. Rocky founded and led the Global Security Operations Center for EDS and has supported cybersecurity advancement in notable companies such as ArcSight, NetWitness, RSA and Visible Risk. At every step in his career, Rocky's focus has been to continually enhance visibility and detection solutions to defend the enterprise.

Achievements & Noteworthy Contributions

  • Former VP of Product at JASK, an advanced SIEM platform
  • Former Cyber Security Subject Matter Expert at Cloudera supporting Big Data initiatives
  • Former CEO & President of Visible Risk, a network visibility and static analysis platform

Certifications & Credentials

  • E-Business – University of Phoenix
  • AAS, Community College of the Air Force
  • CISSP – (ISC)2

Bill Dean

IANS Faculty

Bill is a Shareholder at LBMC Information Security,where he is responsible for security assessments, incident response, digital forensics, electronic discovery and overall litigation support. He also serves as an expert witness in federal courts and numerous state courts and has conducted digital forensic investigations and electronic discovery services to support litigation efforts. He is also an active member of the International Society for Forensic Computer Examiners and Board Member in East Tennessee’s InfraGard Chapter.

Achievements & Noteworthy Contributions

  • Former Director of Computer Forensics and Security Assessments at Sword & Shield Enterprise Security
  • Former Founder of Forensic Discoveries before merging with Sword & Shield Enterprise Security
  • Former Senior Systems Analyst at Covenant Health
  • Former Systems Manager at Citizens Bank of Tennessee

Certifications & Credentials

  • BS, Information Technology –East Tennessee State University
  • AS, Computer Science –Walters State Community College
  • Certified Computer Examiner –International Saociety of Forensic Computer Examiners
  • GPEN, GCIH, GCFA – GIAC
  • PCI Professional – PCI Security Standards Council

Hobbies & Fun Facts

In his free time, Bill enjoys boating, UT Football, and hanging out with his two sons.

Joshua Corman

IANS Faculty

Josh is the Chief Security Officer and SVP at PTC, a global computer software and services company that provides CAD modeling, Internet of Things, and Augmented Reality software products. He is also a Co-Founder of @IamTheCavalry and @RuggedSoftware to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. Additionally, Josh serves as an adjunct faculty for Carnegie Mellon’s Heinz College.

Achievements & Noteworthy Contributions

  • Member of the 2016 HHS Cybersecurity Task Force
  • Speaker at TEDxNaperville - “Swimming with Sharks –Security in the Internet of Things” (2013)
  • Former Director of Cyber Statecraft Initiative for Atlantic Council’s Brent Scowcroft Center on International Security
  • Former CTO at Sonatype, a company that develops an integrated open source governance platform
  • Former Director of Security Intelligence at Akamai Technologies
  • Former Research Director of Enterprise Security at 451 Group, a technology-focused research and advisory firm
  • Former Principal Security Strategist and Technical Product Manager at IBM

Certifications & Credentials

  • BA, Philosophy –University of New Hampshire

Hobbies & Fun Facts

Josh is a film enthusiast who also enjoys cooking and diving in his free time.

Steve Coplan

IANS Faculty

Steve is the Director of Product and Solutions Marketing at BigID. He also serves as a Principal Consultant for Khova Consulting where he provides advisory services to help information security vendors, end users, and investors navigate the information security landscape. During his time at 451 Research, Steve was pivotal in establishing the firm as a leading source of analysis and insight on shifts in the information security market, focusing on the ripple effects on identity management and data security from IT shifts.

Achievements & Noteworthy Contributions

  • Former Director of Security Business Unit Strategy & Market Analysis at CA Technologies
  • Former Senior Director of Marketing & Strategy at Vaultive, a cloud security gateway vendor
  • Former Director of Product Marketing at Whale Communications (acquired by Microsoft)
  • Former Research Manager of Enterprise Security Practice at 451 Research

Certifications & Credentials

  • MSJ, Economics & Science Reporting – Northwestern University
  • BHons, Linguistics – University of Cape Town

Hobbies & Fun Facts

Steve speaks Afrikaans, Hebrew, and Zulu.

Andrew Carroll

Former IANS Faculty

Andy has extensive experience in IT audit, security governance and application development. After beginning his career in financial audit at a Big 4 accounting firm, Andy quickly moved into the IT audit field, where he gained over 15 years of experience working in both public accounting and private industry.

About five years ago, Andy moved into a senior director role where he worked in security governance for a multibillion-dollar retailer. During this time, he has performed PCI audits, drafted and published IT policies, procedures and awareness campaigns, and managed the user administration process for business-critical applications. He has also worked very closely with the Risk Assessment team to manage third-party risk, implement a new privileged access management system and deploy a GRC tool. Andy has also developed a continuous-controls monitoring tool from the ground up. Recently, Andy joined an investment banking firm to build out their third-party risk management and identity and access management processes.

Bruce Bonsall

IANS Faculty

Bruce is the Owner and Principal Consultant at Bruce Bonsall, LLC, an independent information security consultancy. A trusted security advisor across many industries, he has extensive experience designing and implementing progressive, cost effective countermeasures to protect assets and reduce costs. He has assessed the information security regulatory compliance and operational readiness of organizations of all sizes and industries,and is adept at tailoring security programs to fit each organization. At IANS, Bruce has performed 100+ CISO Impact reviews. Additionally, he serves as a mentor for the Air Force Association’s Cyber Patriot, a national cyber education program for youth.

Achievements & Noteworthy Contributions

  • Former CISO at MassMutual Financial Group, a global, highly regulated, Fortune 100 financial services company
  • Led a security team that ranked #1 in Information Week 500’s Information Security category and #1 in TechForum’s Security Best Practices category
  • Recognized as one of Security Magazine’s Top 25 Most Influential People in Security in 2008
  • Winner of the National Information Security Executive of The Year Award in 2006

Certifications & Credentials

  • BS, Interdisciplinary Studies –New York Institute of Technology, Manhattan
  • AS, Civil Engineering –Springfield Technical Community College
  • CISSP –(ISC)2

Hobbies & Fun Facts

Bruce is an accomplished outdoorsman, persistent golfer, and staunch supporter of the US Constitution.

Kevin Beaver

IANS Faculty

Kevin is the Founder and Principle Consultant of Atlanta-based Principle Logic, LLC, an independent information security company that focuses on vulnerability and penetration testing, security operations reviews, and virtual CISO services. He also serves on the Industry Advisory Board for Computer Engineering at Kennesaw State University – Southern Polytechnic College of Engineering and Engineering Technology. Kevin has served in many information technology and security roles for healthcare, e-commerce, finance, education, and consulting organizations. Kevin is also a prominent writer having written over 1,000 articles on information security.

Achievements & Noteworthy Contributions

  • Author of Hacking for Dummies (2004, 2007, 2010, 2011, 2015, 2018)
  • Co-Author of Hacking Wireless Networks for Dummies (2011), Laptop Encryption for Dummies (2007), PCI Cardholder Data Protection for Dummies (2010), Identity & Access Management for Dummies (2011), Next-Generation IPS for Dummies (2013), Point-of-Sale Security for Dummies (2015), Securing the Mobile Enterprise for Dummies (2006)
  • Co-Author of The Practical Guide to HIPAA Privacy and Security Compliance (2014)
  • Author of white paper Implementation Strategies for Fulfilling and Maintaining IT Compliance (2011)
  • Contributor to TechTarget's SearchSecurity.com, Ziff Davis's Toolbox.com, and Iron Mountain’s InfoGoTo.com
  • Speaker at security conferences such as Gartner, ISACA, RSA and SecureWorld Expo
  • Appeared as a security expert on CNN Television and CBS Radio
  • Quoted as a security professional in Wall Street Journal, Entrepreneur Magazine, Fortune Small Business, Men’s Health, Women’s Health, Woman’s Day, and Inc. Magazine’s IncTechnology.com.

Certifications & Credentials

  • MS, Management of Technology – Georgia Tech | Dupree College of Business
  • BS, Computer Engineering Technology – Southern College of Technology
  • CISSP – (ISC)2

Hobbies & Fun Facts

For fun, Kevin enjoys road racing his Mazda Miata in the Spec Miata class with the Sports Car Club of America (SCCA), riding dirt bikes, and snow skiing.

Aaron Turner

IANS Faculty

Aaron Turner is the President & Chief Security Officer of HighSide, a distributed identity and secure collaboration technology company. He is also President and CEO of Integricell, an information security consulting firm which focuses on helping customers better manage the risks associated with global-scale business. Aaron also serves on the RSA Program Committee, helping select the educational content presented at the yearly RSA Conference.

Achievements & Noteworthy Contributions

  • Congressional witness to help set policy for US critical infrastructure protection
  • Winner of SC Media's 2019 Top Executive Leaders of the Last 30 Years award
  • Information security leader for the Government of Luxemborg’s Technoport® business incubation program
  • Testified before the US House of Representatives to help shape national critical infrastructure protection strategy in 2007
  • Interviewed for NBC Washington News and AP News on cellular network vulnerabilities
  • VP of Security Research and Development at Verifone after 2015 Terreo acquisition
  • Former Co-Founder and CEO of Terreo, an IoT security company focused on credit card skimming detection
  • Former Co-Founder and CEO of RFinity, a mobile payment technology company that was eventually sold to a global mobile network operator in 2010
  • Former Security Strategist at the Department of Energy’s Idaho National Laboratory investigating the impact of system vulnerabilities in commodity software on public utilities funded by the DHS, DOE, and DOD. He was on the team which conducted the ‘Aurora’ attack against a simulated power grid.
  • Founding Member of many Microsoft information security teams (1999-2006) and coordinated field security testing of Microsoft technologies such as Active Directory, SQL Server, Exchange Server, BitLocker, Windows Update, and Windows Firewall.
  • Recognized by Bill Gates for technical excellence and leadership during security incidents involving Microsoft technologies in 2000 and 2003

Certifications & Credentials

  • JD Candidate – Dedman School of Law, Southern Methodist University
  • BA, Spanish Linguistics – Brigham Young University

Hobbies & Fun Facts

In his free time, Arron enjoys restoring 1960's split-window VW buses and arranging and recording vocal music with his brothers and daughters. Aaron has also completed several Condon Bleu culinary education programs and volunteers as a real-time Spanish translator for immigration courts. Additionally, he is an avid traveler who has visited over 75 countries.

Mike Rothman

IANS Faculty

Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

Achievements & Noteworthy Contributions

  • Author of The Pragmatic CSO, which details how technical security practitioners can thrive as a CISO
  • Spearheaded META Group’s initial foray into information security research
  • Founded and acted as President of Security Incite, an information security analyst firm
  • Founded SHYM Technology, a pioneer in the PKI software market
  • Held Marketing and Strategy positions at CipherTrust, TruSecure, and eIQ Networks

Certifications & Credentials

  • BS, Operations Research and Industrial Engineering – Cornell University

Hobbies & Fun Facts

Mike has been to 23 of the past 24 RSA Conferences. Of the 1000+ talks Mike has given over the years, he is most proud of the mindfulness talk he gave at RSA in 2014 (Google "Rothman RSA Neurohacking”).

Josh More

IANS Faculty

Josh is the Owner and President of Eyra Security, an information security and business improvement consulting firm that specializes in helping startups and organizations in transition take advantage of lean and agile methods, open source technology, and varied frameworks used for security, risk management, and compliance. He also serves on the GIAC Advisory Board. Additionally, as an active member in the information security community, Josh is a member of ISSA, Agile Iowa, OWASP, DC612, Central Iowa Area Linux Users Group and Infragard.

Achievements & Noteworthy Contributions

  • President Emeritus of Central Iowa Area Linux Users Group
  • President Emeritus of Iowa Cyber sector of Infragard
  • Co-Author of Breaking into Information Security: Crafting a Custom Career Path to Get the Job You Really Want (2016)
  • Author of Job Reconnaissance: Using Hacking Skills to Win the Job Hunt (2013)
  • Author of Assessing Vendors: A Hands-On Guide to Assessing Infosec and IT Vendors (2013)
  • Co-Author of UTM Security with Fortinet: Mastering FortiOS (2012)
  • Former Senior Security Consultant at RJS Smart Security and Alliance Technologies

Certifications & Credentials

  • BA, Physics – Grinnell College
  • CISSP – (ISC)2
  • GSLC, GCIH – GIAC
  • Novell Certified Linux Professional (NCLP)
  • Red Hat Certified Engineer (RHCE)

Hobbies & Fun Facts

In his free time, Josh enjoys reading books from various genres including business, photography, mythology, mythic fiction and natural history. He also enjoys practicing photography, cooking, and other artistic sciences.

Jason Gillam

IANS Faculty

Jason is a Principal Security Consultant and CIO at Secure Ideas, a boutique information security consultancy that focuses on penetration testing and training, where he leverages his software design, architecture, and security testing experience. He is also the author of many extensions for Burp Suite and is a contributor to several other projects including SamuraiWTF, MobiSec, and Laudanum.

Achievements & Noteworthy Contributions

  • Speaker at information security conferences such as BSides and ISSA Charlotte
  • Former Lead Security by Design Engineer at Bank of America
  • Former Software Engineer Team Lead at Vignette and Epicentric

Certifications & Credentials

  • BE, Engineering –Royal Military College of Canada
  • CISSP –(ISC)2

Hobbies & Fun Facts

In his free time, Jason enjoys running, homebrewing, and spending time with his wife and two kids.

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

Achievements & Noteworthy Contributions

  • Former CSO for Configuresoft
  • Former CTO for the Center for Internet Security
  • Speaker at information security conferences such as RSA, DEF CON, and BSides
  • Author of Virtualization Security: Protecting Virtualized Environments (2012)

Certifications & Credentials

  • MBA – Georgia State University
  • BS, Computer Information Systems – Kennesaw State University
  • BS, Psychology & Microbiology – Georgia State University
  • CISSP – (ISC)2

Hobbies & Fun Facts

In his free time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).

Mark Clancy

IANS Faculty

Mark is the CISO and VP of Cybersecurity at Sprint and is Founder of Cyber Risk Research LLC, an independent information security R&D consultancy. He also serves as an Advisor and Advisory Board Member for Global Cyber Institute and The Florida Center for Cybersecurity respectively. Mark has testified before congress three times on cybersecurity policy and is a frequent speaker on cybersecurity and technology risk management forums globally.

Achievements & Noteworthy Contributions

  • Former CTO at Emergynt (formerly Emergynt Network Defense)
  • Former CEO and Co-Founder of Soltra Solutions, a cyber threat intelligence software company
  • Former CISO and Managing Director of Technology Risk Management at Depository Trust & Clearing Corporation (DTCC)
  • Former Executive VP at Citigroup

Certifications & Credentials

  • BS, Electrical and Electronics Engineering – Drexel University