Speakers
Anish Bhimani
Chief Information Security Officer, JP Morgan Chase
Anish Bhimani oversees security of IT infrastructure and supports the corporate risk management program. Most recently a senior associate at Booz Allen Hamilton, Bhimani has also held senior positions at security vendors Predictive Systems and Global Integrity Corp. He co-authored the book "Internet Security for Business" and worked on the development of the Financial Services ISAC and the Financial Services Security Lab.
William R. Cheswick, Lead Member of Technical Staff, AT&T Research
Bill Cheswick has worked on (and against) operating system security for over 35 years. He has worked at Lehigh University and the Naval Air Development Center in system software and communications. At the American Newspaper Publishers Association/Research Institute he shared his first patent for a hardware-based spelling checker, a device clearly after its time. For several years he consulted at a variety of universities doing system management, software development, communications design and installation, PC evaluations, etc.
Cheswick joined Bell Labs in December 1987, where he became postmaster and firewall administrator and designer. In 1990 he published a paper on firewall design that coined the word "proxy" in its current meaning. He followed this with "An Evening With Berferd", and then the publication of "Firewalls and Internet Security; Repelling the Wily Hacker", co-authored with Steve Bellovin. In 1998, Cheswick starting the Internet Mapping Project with Hal Burch. This work became to core technology of a Bell Labs spin-off, Lumeta Corporation. During his sabbatical over the winter of 2007 he worked on science museum including an upgrade for the Liberty Science Center's digital darkroom.
Jerry Dixon
Director of Analysis for Team Cymru/VP, Government Regulations, InfraGard
Jerry Dixon is the director of analysis for Team Cymru, and also serves as InfraGard's vice president for government relations. He is the former executive director of the National Cyber Security Division (NCSD) & US-CERT, of the Department of Homeland Security. During his time at Homeland, Dixon led the national effort to protect America's cyber infrastructure and identify cyber threats. He also served as the deputy director of operations for the U.S. Computer Emergency Readiness Team (US-CERT). Dixon was instrumental in creating US-CERT, which serves America as the 24x7x365 cyber watch, warning, and incident response center that protects the cyber infrastructure by coordinating defense against and response to cyber attacks. He led the initial development of US-CERT's capabilities for analyzing and reducing cyber threats and vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities across federal, state, local government agencies, and private sector organizations, making it Homeland Security's primary element of cyber preparedness and response.
Dino Dai Zovi
Security Researcher
Dino Dai Zovi is an information security professional, researcher and author. He currently manages Information Security for a technology-based investment firm based in New York City. His previous roles have focused on penetration testing and red teaming with Matasano Security, Bloomberg's Attack and Exploitation Team, @stake, and the IDART Red Team at Sandia National Laboratories. His research on hypervisor rootkits, 802.11 wireless attacks, and vulnerability exploitation techniques has been presented at international security conferences including BlackHat, CanSecWest, Microsoft’s BlueHat Security Briefings, and DEFCON. Dai Zovi has also discovered and responsibly disclosed a number of vulnerabilities in popular operating systems and software. Most notably he discovered a vulnerability in Apple QuickTime that he used to hack a Mac and win the PWN to OWN contest at CanSecWest 2007. He is a co-author of "The Art of Software Security Testing" and author of papers published at the USENIX Workshop on Offensive Technology and IEEE Information Assurance Workshop.
Joel Snyder
Senior Partner, Opus One
Joel Snyder is an expert at helping companies build larger, faster, safer and more reliable networks, and has done so since 1981 when he signed on with CompuServe Research and Development. For more than a decade, Snyder has been a member of the ISO and ITU committees that write network standards. Additionally, Snyder is a technical editor for Information Security magazine. His recent article titled "SIMplicity" evaluated the common components that all SIMs share: data collection, analysis, alerting and responding, forensics and reporting, and storage, scalability and archiving.
He has authored several books, hundreds of articles for technical publications, and has trained thousands of people privately and at conferences around the world on networking, security, messaging and VPNs. He's helped more than 150 companies with their networking, e-mail and security problems. Snyder has spoken at many industry events and among the most popular presenters at previous Information Security Decisions conferences.
Richard E. Mackey
VP, SystemExperts, ISACA/CISM
Richard Mackey is regarded as one of the industry's foremost authorities on distributed computing infrastructure and security. He has advised leading Wall Street firms on overall security architecture, virtual private networks, enterprise wide authentication, and intrusion detection and analysis. He also has unmatched expertise in the Open Software Foundation Distributed Computing Environment.
Prior to joining the consultancy SystemExperts, he was the director of collaborative development for The Open Group (the merger of the Open Software Foundation and X/Open), where he was responsible for the integration of Microsoft's ActiveX Core with DCE and DCE Release 1.2. Mackey is an original member of the DCE Request for Technology technical evaluation team and was responsible for the architecture and defining the contents of the Distributed Computing Environment Releases 1.1 and 1.2. Before The Open Software Foundation, Mackey was a member of the Cronus Distributed Computing Environment research project at BBN Corp. The Cronus Project, which explored fundamental mechanisms in distributed security, adaptive user interfaces and object-oriented technology, was one of the intellectual forerunners to MIT's Project Athena and OSF's DCE. Mackey also previously worked in hardware and software development in communications and fiber optics at RCA. Mackey has been a frequent speaker at major conferences such as Giga, USENIX, Uniforum and Networld + Interop and has taught tutorials on developing secure distributed applications.
Pete Lindstrom, CISSP
Senior Analyst, Burton Group
Pete Lindstrom covers security metrics, risk management, Web 2.0/SOA/Web services security, securing new technologies (virtual, grid, nanotech, etc.) for Burton group. He has conducted numerous security audits and security consulting projects at Fortune 500 companies including American Home Products (Wyeth) and GMAC Mortgage, and the United States Marine Corps as a consultant for Coopers & Lybrand (now PriceWaterhouseCoopers).
He was the former research director for Spire Security. Prior to that, he was an analyst with Hurwitz Group. Lindstrom is a frequent industry IT speaker and contributing writer on security topics. He serves on the editorial advisory board of Information Security Magazine and is a Certified Information Systems Security Professional (CISSP) and former Certified Information Systems Auditor (CISA).
Rich Mogull
Founder, Securosis
Rich Mogull has more than 17 years experience in information security, physical security, and risk management. Prior to founding independent information security consulting firm Securosis, Mogull spent seven years at well-known research firm Gartner Inc, most recently as a vice president, where he advised thousands of clients, authored dozens of reports and was consistently rated as one of Gartner's top international speakers. He is one of the world's premier authorities on data security technologies and has covered issues ranging from vulnerabilities and threats, to risk management frameworks, to major application security.
Eric Holmquist
Vice President, Director of Operations Risk Management, Advanta Bank Corp
Eric Holmquist has over 25 years experience in the financial services industry and is a frequent industry author and speaker. He is responsible for the development and oversight of the bank's operational risk management program. In addition, Holmquist chairs the bank's MIS Council, an oversight group that provides governance with regard to standards, methods and production of financial and operational reports and the management of enterprise data. Holmquist also acts as the bank's information security officer with responsibility for oversight of the bank's information security strategy as well as acting as a liaison to the Board of Directors.
Holmquist chairs the operational risk management for IT committee through the Risk Management Association, a nationwide trade group based in Philadelphia focused on sound risk management practices in the global financial services industry. Holmquist is the author of "Risk-Sizing ORM – Scaling Operational Risk Management For The Small To Mid-sized Market", is a contributing author to "Operational Risk 2.0 (2007)" and "The Advanced Measurement Approach to Operational Risk (2006)", both by Incisive Media and writes periodic articles on operational risk management topics for OpRisk & Compliance Magazine.
David Sherry
Vice President, Enterprise Identity and Access Management, Citizens Financial Group
David Sherry is responsible for enterprise governance and regulatory compliance for access controls and identity management. Prior to taking on this emerging strategic area, he directed the InfoSec Operations Group, responsible for access control of over 125,000 computer accounts for 30,000 employees in thirty states, as well as oversight of Citizen's security awareness program, and information security risk assessment. During his tenure Sherry managed his InfoSec Group to unprecedented service level and regulatory accomplishments, and recognized best-practice security processes. Sherry is a frequent conference speaker and guest-lecturer, he is also an adjunct faculty member at Providence College.
Ed Moyle
Founding Partner, SecurityCurve
Ed Moyle provides, consulting, and solutions to clients worldwide. Prior to joining Security Curve, Ed was vice president and information security officer for Merrill Lynch Investment Managers (MLIM,) where he was responsible for coordinating all aspects of information security within the 2,500 employee, $500 billion, business unit. During his tenure at Merrill, Moyle also developed firm-wide cryptographic solutions for secure data transfer, secure key management, authentication and data integrity.
Moyle has worked within the federal sector for Computer Science Corporation (CSC,) where he consulted to the Department of Defense's Joint Service Computer Aided Acquisition and Logistics System. He was responsible for security engineering activities, including platform security, security evaluation activities and vendor evaluation/deployment activities. Ed is co-author of "Cryptographic Libraries for Developers", and a frequent contributor to the Information Security industry as author, public speaker, and analyst.
Diana Kelley
Founding Partner, SecurityCurve
Diana Kelley founded SecurityCurve in April 2003 and returned as a Partner in January 2008. Before returning to SecurityCurve she was the vice president and service director for the Security and Risk Management Strategies (SRMS) service at Burton Group. Prior to joining Burton, she was the executive security advisor for CA's eTrust Business Unit where she was responsible for advising customers on strategic security solutions. Kelley has 17 years of experience creating secure network architectures and business solutions for large corporations and delivering strategic, competitive knowledge to security software vendors.
Kelley speaks frequently at major conferences, including RSA, WiFi Planet, BlackHat, InfoSec World, NetWorld/InterOp, The Internet Security Conference, and ComDex. She was Conference Chair for the Mobile and Wireless Security conference for 2003, 2004, and 2005. For the Identity Management Conference in 2005 and 2006 and the Virtualization Summit in 2007. Kelley has been quoted in publications such as Information Security Magazine and The Wall Street Journal as a security expert. She co-authored the book "Cryptographic Libraries for Developers" and has authored numerous White Papers and research documents.
Matthew Todd, Ph.D.
CSO & Vice President, Risk and Technical Operations, Financial Engines, Inc.
Matthew Todd is chief security officer and vice president, risk and technical operations for Financial Engines, Inc., which offers investment advice and managed account services to retirement plan participants. Along with his staff, Todd is responsible for the security, implementation and maintenance of systems, networks and confidential customer financial data, including diverse secure data connections with leading US financial service providers. Working with legal, compliance, and audit teams, Todd helps business units to identify and mitigate risks.
Todd has been a local mentor for the SANS Institute, and holds the GSEC certification. He has over 15 years' experience in the technology space, and has been actively involved in information security for the last ten years. He currently serves on the Board of Directors of the San Francisco Bay InfraGard Chapter.
Lee Kushner
President, LJ Kushner and Associates, LLC
Lee Kushner is the president of LJ Kushner and Associates, LLC, an Executive Search firm dedicated exclusively to the Information Security industry and its professionals. Founded in 1999, LJ Kushner has successfully represented Fortune 2000 companies, Information Security Software Companies, Information Security Services Companies and large technology firms in enabling them to locate, attract, hire, and retain top level Information Security talent. He has been an invited speaker on the subjects of recruitment, retention, and industry trends at Information Security Conferences that include The Black Hat Briefings, The RSA Security Conference, Information Security Decisions, and a variety of ISSA Chapter Conferences.
Christofer Hoff
Chief Architect of Security Innovation, Unisys Corporation
Christofer Hoff is Unisys Corporation's chief architect of security innovation. Reporting to the VP of Worldwide Innovation, he collaborates closely with Unisys sales, marketing, the CTO office, Security Pillar for Strategic Program Office (SPO) and key Unisys business unit leaders around the world. Hoff proactively develops strategies for innovation and success as well as unlocking maximum value for the corporation and customers in the area of information security, survivability and assurance. Prior to Unisys, Hoff served as Crossbeam Systems' chief security strategist, responsible for the company's overall security strategy and product management efforts. Prior to joining Crossbeam, Hoff served as the chief information security officer and director of Enterprise Security Services for WesCorp, a $25 Billion Financial Services Cooperative and used his expertise gained as founder and CTO of a national security consulting company which provided services to the Fortune 500 and service provider customers. He is a featured speaker at numerous information security events, holds several security credentials - including CISSP, CISA, CISM, IAM - and is an accomplished and accredited technical instructor.
David Foote
CEO and Chief Research Officer, Foote Partners LLC
David Foote's reputation as a pioneer in IT workforce benchmark research and keen predictive analyst began at Gartner and continued at META Group, where he founded and directed the firm’s CIO service and Human Capital Management and IT Compensation research practices. He has for the past decade led a team of senior analysts and consultants at Foote Partners, whose proprietary benchmarking research (1,900 public/private employer research partners) and advisory services aimed at managing IT's impact on their businesses and customers are used regularly by more than 1,200 corporations and governments. A popular featured opinion columnist, web/podcaster, and frequent contributor to dozens of online, print and televised media sources, Foote’s research-backed analysis and predictions on IT market behavior and workforce trends reach a weekly global audience of business and technology professionals. The firm’s IT Skills and Certifications Pay IndexTM is North America’s oldest and most comprehensive continuously updated survey of pay and market demand for 330 IT skills, including information security.
Andras Cser
Senior Analyst, Forrester Research
Andras serves Security & Risk professionals. He is a leading expert on identity management, access management, user account provisioning, entitlement management, federation, and role design and management. Andras helps clients develop enterprise strategy for creating business value through identity management. His research focuses on strategy, architecture, performance and scalability of identity and access management and provisioning solutions, strong authentication, RBAC, as well as maintenance and distributed intranet and Internet identity systems. He maintains an interest in evaluating skill sets and core competencies of professional service providers in this space.
Prior to joining Forrester, Andras was a security architect with CA Technical Services through the Netegrity acquisition. Andras designed the architecture and led the implementation of Fortune 500 companies' identity and access management and provisioning solutions.
Eric V. Leighninger
Chief Security Architect, Allstate Insurance Company
Eric Leighninger has over 22 years of information security experience. He is responsible for creating and articulating the information security architectural vision, communicating that vision to the enterprise, creating security architecture models and roadmaps, and validating information security architectures against enterprise requirements. He currently is leading the design and development an enterprise-wide identity management initiative comprising identity provisioning and management, authentication and authorization services and directory services. He also developed and managed the Allstate Cryptographic Technology Implementation Program which provides integrated cryptographic services e.g., PKI, digital signatures, data and file encryption and key management for users and applications.
Leighninger was director of research for the Deloitte & Touche (D&T) eBusiness Technology Center which provided security and e-business expertise along with technology evaluation and development support to the D&T world-wide consulting practice.
Keith White
Vice President of Information Technology Risk, Credit Suisse
Keith White, a vice president in Credit Suisse's Information Technology Risk department, joined Credit Suisse First Boston in 1999 and established a global practice for reporting on and delivering against IT audit risks. He later developed and applied risk analysis techniques that were used to assess various technologies and then developed a standard methodology incorporating applicable internal and external standards. His other duties have included COO/CFO Credit Suisse First Boston Infrastructure. Outside of Credit Suisse, he has contributed to the development of industry standards and has published articles on technology risk. He is a member of RMA's Operational Risk Management for IT committee and was instrumental in the organization of its 2005 conference held at Credit Suisse. Prior to Credit Suisse he has held a variety of positions with financial services firms and consultancies including project manager, systems engineer, application developer, and credit risk officer.
Dennis Fisher
Executive Editor, Security Media Group
Dennis Fisher is the executive editor of the Security Media Group at TechTarget. He oversees all of the news and technical content on SearchSecurity.com and is responsible for the news section of Information Security magazine. He has more than 12 years of journalism experience, and has spent more than seven years covering the security industry. Before joining TechTarget, Fisher spent six years at eWeek, where he served as a senior editor and later as news editor. He has won a number of awards for his reporting, including two national ASBPE awards and the inaugural Carnegie-Mellon University CyLab Cyber Security Journalism Award.
Kelley Damore
Editorial Director, Security Media Group
Kelley Damore, editorial director, oversees editorial operations and strategy for all TechTarget Security Media properties, including Information Security magazine, SearchSecurity.com, Information Security Decisions conference and custom editorial and media events. Damore has covered the IT industry for 18 years and has won numerous editorial awards including Jesse H. Neal, ASBPEs and TABPI awards. She previously worked at CMP Media as Editor-in-Chief of CRN. Damore has also held writing positions as InfoWorld and PC Week. She came to TechTarget from non-profit Oxfam America, where she was the director of its publications and online operations. Damore holds a bachelor's degree from the College of the Holy Cross and a master's degree from Harvard University's Kennedy School of Government.