• United States



CSO’s Security Standard starts now

Sep 19, 201115 mins
Data and Information Security

I’m in Brooklyn, New York for CSO’s two-day Security Standard event. I’m going to be helping out with a lot of stage work, so I probably won’t get to write as much as I usually do. Still, I’ll manage to fire off a few reports while I’m here.

Let’s get started with a snapshot of the event:


New York Marriott at the Brooklyn Bridge

333 Adams Street

Brooklyn, NY 11201


Nick Akerman is a trial lawyer specializing in both complex civil and criminal cases. He is a nationally recognized expert on computer crime and the protection of competitively sensitive information and computer data. Nick has obtained over 15 injunctions under the federal Computer Fraud and Abuse Act in various federal courts around the country requiring computer thieves to return stolen computer data and prohibiting the dissemination of the data to competitors. He also consults with clients in developing systems, policies and protocols to protect computer data.

Dave Anderson is Senior Director of Security and Risk Management for McAfee, responsible for the global product marketing strategy for McAfee’s Risk and Compliance business unit. Dave has nearly 20 years global experience in information security, risk management, and strategy at leading enterprise technology and services companies, including SAP, ArcSight, KPMG, and VeriSign, where he has developed market and product solutions that integrate risk, compliance, security and strategy into unified governance and risk frameworks. Dave’s experience includes implementing and delivering IT Governance solutions based on COSO, CobiT, ISO 27001 and ITIL standards.

Jerry Archer is Senior Vice President and Chief Security Officer for Sallie Mae. His responsibilities include securing and protecting all of Sallie Mae’s systems and offerings, and for security initiatives across the company. Prior to Sallie Mae, Archer was the Chief Information Security Officer at Intuit and prior to joining Intuit, Archer was managing director at Global Competitive Strategies, LLC. Previously, Mr. Archer was Senior Vice President for Global Interoperability at Visa International and before Visa, at the Fidelity Brokerage Company; he was senior vice president of information security and technical risk. For his work in the U.S. Intelligence Community earned Mr. Archer the National Performance Review Hammer Award, a Distinguished Service Award from the Central Intelligence Agency and a Meritorious Unit Citation from the National Security Agency.

CISO James Beeson has spent fourteen years with General Electric. James started as a Technical Services Manager in GE Capital, Vendor Financial Services, moved into Information Security in 2000 with responsibility for Mid-Market Finance, and is now responsible for Information Security and Data Protection globally at GE Capital (Commercial Lending and Leasing, Real Estate Financing, Energy Financial Services, and Capital Aviation Services), a group of businesses that generates more than $31 Billion per year in Revenue, providing over $2.5 Billion per year in Net Income and managing over $360 Billion in assets.

David Black is the CISO for Aon eSolutions, the leading global provider of web-enabled integrated risk management tools and resources. Mr. Black is responsible for Aon eSolutions strategy and approach to IT risks as well execution of initiatives for protection of all our products and services as well as our corporate environment.

Scott Borg is the Director and Chief Economist of the U.S. Cyber Consequences Unit (US-CCU), an independent, non-profit research institute that investigates the strategic and economic consequences of possible cyber-attacks. He is responsible for many of the concepts that are currently being used to analyze the implications of cyber security in business contexts. He did pioneering research on the possible impact of cyber attacks on critical infrastructure industries and on a risk-based approach to cyber defense. In collaboration with John Bumgarner, he is author of the “US-CCU Cyber-Security Check List”, which is regularly used by security professionals in over eighty countries. Mr. Borg’s book “Cyber Attacks: A Handbook for Understanding the Economic and Strategic Risks” should be out later this year.

As the newly appointed CSO of ADP, Roland Cloutier brings one of the world’s largest providers of business outsourcing solutions a wealth of global protection and security leadership experience, including the management of strategic converged security and business protection programs. Prior to ADP, Mr. Cloutier served as Vice President and CSO of EMC, where he spearheaded protection of the company’s worldwide business operations including leadership of all information, business risk, crisis management, and investigative security operations, across both the commercial and government sectors. Mr. Cloutier has held executive security management roles at consulting and managed security service organizations and has more than nine years experience in federal law enforcement. Mr. Cloutier is active in industry development and is on the Advisory Boards for Vigilance Corp and Core Security Technologies, and ADP’s board representative for the National Cyber Security Alliance Council.

Robert Duran is the Information Security and Privacy Officer and VP of Information Risk Management for Time Inc., a New York City-based division of Time Warner Inc. Robert’s organization has responsibility for Information Security, Privacy, Business Continuity and Vendor Management programs both domestically and internationally at Time Inc.

Andy Ellis is Akamai’s Chief Security Officer, responsible for overseeing the security architecture and compliance of the company’s massive, globally distributed network as well as setting the strategic security direction of its offerings and managing the Information Security organization at Akamai.

Jamil Farshchi is Senior Business Leader of Strategic Planning and Initiatives at Visa. Previous to his current role at Visa, Jamil was the CISO at Los Alamos National Laboratory (LANL) and was responsible for the protection of the laboratory’s classified and unclassified information assets. He has extensive security and technology experience working in or supporting industries including health care, financial services, telecommunications, business process outsourcing, aeronautics, defense and energy for companies such as Sitel Corporation, NextWave Wireless and the National Aeronautics and Space Administration (NASA).

Gene Fredriksen is the CISO for Tyco International. Formerly he was the principal consultant of the Burton Group, which focuses on security architecture and infrastructure, information risk management, security governance, compliance and identity management. Prior to joining Burton, he served as CSO of Raymond James Financial and worked at Eaton Corporation and American Family Insurance. Fredriksen is also a certified Information Security Manager (CISM) and has been a participant in numerous security and risk management groups, including as past chair of the BITS Security and Risk Assessment Steering Committee and member of the Financial Services Sector Coordinating Council research and development committee. Currently, he is chair of the St. Petersburg College Information Security Programs Advisory Board. In 2004, Fredriksen was selected as a top five information security executive in the United States by the Executive Alliance.

Mike Gable joined Trend Micro in early 2004 as Director of Sales Engineering and held that position until 2008. This coincided with dramatic growth that saw Trend Micro’s North American revenues more than double. In 2009, Mike moved to his current role in Strategic Sales management—where he is currently implementing Trend Micro’s next-generation sales strategies.

Jeffrey Garonzik is the Information Assurance Architect for the Central Intelligence Agency. Mr. Garonzik has over thirty years of Information Technology, Information Assurance, and Cybersecurity experience throughout the Intelligence Community and in industry. Mr. Garonzik is currently providing the vision and defining the operational and strategic direction for addressing the major Cybersecurity challenges for the Intelligence Community. In industry, he previously held the positions of Manager of Information Systems at McCoy Electronics and Technical Director for Trident Data Systems. Mr. Garonzik’s experience with Information Assurance threats, assessments, countermeasures, and government information systems make him a recognized leader, innovator, subject matter expert, and advisor for organizations that are securing their cloud infrastructures.

Patrick D. Howard, Chief Information Security Officer (CISO), U.S. Nuclear Regulatory Commission and is responsible for overseeing the agency-wide cyber security program. He has over 35 years of experience in the security industry, and has worked in the computer security field for the past 18 years. Mr. Howard also served as the CISO at the Department of Housing and Urban Development (HUD) from 2005-2008, where he led HUD to a first ever “A+” score on Congress’ 2006 Federal Information Security Management Act (FISMA) Report Card and was recognized as a 2007 Fed 100 winner for his accomplishments in government IT. Prior to joining HUD, Mr. Howard was employed by the Titan Corporation supporting the Department of Transportation (DOT) where he served as the DOT’s Certification and Accreditation Program Manager. Mr. Howard is co-author of the Total CISSP Exam Prep Book, and authored Building and Implementing a Security Certification and Accreditation Program and FISMA Principles and Best Practices: Beyond Compliance.

JT Jacoby is Chief Security Officer at the NYC Housing Authority. Previously, he held several roles at Fidelity including technology audit, emerging risk and information security reporting to the CISO. As a Senior Director there, he led the firm-wide Identity theft, corporate information security risk management programs and was a leading internet security strategist. Prior to Fidelity, JT was Executive Vice President of auditek, inc., a Fortune 500 information technology audit and security consultancy located in Washington, DC. He is a member of the Institute of Internal Auditor’s editorial review committee and possesses both CISA and CISM certifications. He frequently lectures on the topics of IT security.

Shukri Khader, CISO, Avon Products, has more than 21 years of experience in the information technology industry (i.e., Information Security, Technology Audit, Telecommunications, Internet, Client/Server Architecture, Market Data Services). Shuk has been with Avon in this capacity for over 10 years. He is responsible for shaping up the Global Information Security strategy, which includes overseeing, implementing, maintaining and coordinating all information security efforts across the company, including information technology, human resources, communications, legal, facilities management and third-party vendors who provide various services to Avon and Business groups.

Josh Konvisser, Partner, Pillsbury Winthrop Shaw Pittman LLP represents clients in sophisticated technology transactions. Mr. Konvisser’s experience includes representing vendors and customers in complex sourcing and technology transactions such as information technology and business process outsourcing; computer software and systems transactions; technology transfers and distribution agreements; and software licensing, marketing and development agreements, including software as a service, platform as a service, infrastructure as a service, and other cloud-based delivery models. In addition, Mr. Konvisser has worked with clients to evaluate and mitigate privacy and data security issues, with a focus on balancing risk and commercial interests. Mr. Konvisser’s technology work has spanned the health care and life sciences, retail, financial services, consumer products, manufacturing, and state and local government sectors.

David N. Kroening, Chief Information Security Officer, NY State Insurance Fund, has over twenty years of professional IT experience, much of it in the security field. He’s worked for a variety of industries, including banking, legal and state government. He currently functions as a CISO, responsible for security architecture and policy. He’s designed and implemented a variety of security projects ranging from proxy and firewall installations to security assessments and two-factor authentication.

John Logan, Chief Information Security and Privacy Officer, First Place Financial Corporation, is a U.S. Air Force Veteran and Information Technology/Security Professional with 20+ years of experience in the highly regulated financial, healthcare, insurance, aerospace, and military environments. He is currently the Chief Information Security & Privacy Officer for First Place Financial Corp. located in Warren OH. Prior to First Place John was the Information Security Manager for Fifth Third Bancorp in Cincinnati OH and Radian Group Inc., out of Philadelphia. While on active duty he was the Chief of Regional Network Engineering for the Department of Defense Health Services Region 5 as well as the manager for computer operations at the Air Forces 2nd Largest Medical Center at Wright Patterson AFB. John has an MS in Information Assurance from Norwich University and holds the CISSP certification from ISC2.

Dave Malcom, CISO, Hyatt Hotels Corporation, is an experienced IT risk management professional, with deep experience performing IT audit, consulting, and compliance work. Dave has served as the Chief Information Security Officer for Hyatt Hotels Corporation since March 2011. In this role, Dave is responsible for leading the information security strategy at Hyatt, with primary responsibility for achieving and maintaining PCI compliance at Hyatt’s global properties and collaborating with the field to design and develop innovative, secure solutions to help enhance guest experiences. Prior to joining Hyatt, Dave had over a decade of experience in providing IT audit and consulting services to global corporations an employee of Accenture, PricewaterhouseCoopers, and Arthur Andersen. Dave’s primary areas of focus included performing reviews of data protection and privacy, eDiscovery, records management, and network and application security. Dave graduated from Illinois Wesleyan University with a bachelor’s degree in Accounting. Dave is a Certified Information Systems Auditor (CISA) and Certified Internal Auditor (CIA). Dave has lived in Chicago, Illinois his entire life and pledges his blind allegiance to the Chicago Cubs, Bulls, and Bears. When he isn’t battling IT risk, Dave enjoys attempting to play golf and eating sandwiches.

Barmak Meftah, Chief Products Officer, Fortify Software, an HP Company, came to Fortify Software in early 2004 becoming the company’s tenth employee. Following a progressive tenure with Oracle, Barmak joined Fortify driven by a clear vision of automating vulnerability analysis and energized by the epic challenge ahead to build and deliver a superior solution to organizations globally. Seizing the new company’s opportunity to transform the information security paradigm, Barmak lead the build-out and expansion of a world-class product development team, security research, product management and a global services organization to execute the vision set forth. Amidst this trajectory, Fortify was named “The Next Big Thing” at Enterprise 2005. In the years to follow, Fortify has won numerous prestigious awards for each of its major product lines and delivered enterprise solutions to hundreds of customers in the Fortune 2,000 including financial services, healthcare, telecommunications, ecommerce and government organizations. Currently, Barmak leads Global Product Development, Security Research Labs, Product Management and the Customer Success organizations.

Lee Parrish is the VP & CISO for Parsons Corporation. Mr. Parrish possesses more than 20 years of experience in both physical and information security. He is board certified in information security as a CISSP, CISM and holds the GISP and ITIL certifications. He has published multiple articles in recognized, international information security professional journals and has spoken at industry events such as RSA Conference 2010, RSA Conference 2011, and the 2008 USMC Information Assurance Conference. Mr. Parrish’s academic credentials include a master’s of business administration from the University of Arkansas, as well as a master’s of science in information assurance from Norwich University.

Fred Rica is a Principal in PricewaterhouseCooper’s Advisory Services practice. Mr. Rica is a skilled technology professional with significant experience in IT security, governance and risk management. Mr. Rica is a nationally recognized authority on the subject of security penetration studies and has performed or managed hundreds of penetration reviews of large and complex processing environments over the last twenty years. In 2002 Mr. Rica was selected by Crain’s New York Business as one of their “40 Under 40” rising stars of New York business under the age of forty.

Hart Rossman is Vice President and Chief Technology Officer for Cyber Security Services & Solutions at SAIC. In this role Mr. Rossman has oversight & responsibility for technology strategy, vendor relations & solution development, R&D, practice leadership for cyber security solutions; and provides customer support in solving all phases of complex information assurance-related problems. Areas of technical expertise include risk management, security in the software and system development lifecycle, system certification & accreditation, and security in the cyber supply chain. Domains of focus include cloud, mobility, consumerization, big data & analytics, national security systems, and emerging technology & cultural trends.

Dieter Schuller, VP, Business Development, Radiant Logic,has been helping enterprises map technology to solve business problems. At Radiant Logic, he has been working with customers to leverage their existing investments in identity and data to support their new initiatives. Dieter joined Radiant in 2001 from Orbit Commerce (acquired by Digital River) where he developed a comprehensive sales and channel program that included direct sales, resellers, and partners. Prior to Orbit, Dieter was Vice President of International Sales at PLATINUM technology. Before being acquired in 1999 by Computer Associates for $3.5B (the largest software acquisition in history to that point), PLATINUM was a $1B systems software and services company with over 30% of their revenue attributable to the international markets.

Daniel Srebnick, Chief Information Security Officer, NYC Department of Information Technology and Telecommunications

Dan Srebnick is an Associate Commissioner with the New York City Department of Information Technology and Telecommunications and is the City’s Chief Information Security Officer.

Vijay Viswanathan serves as Director & Chief Information Security Officer (CISO) for HD Supply. He is responsible for all aspects of the company’s comprehensive information security program. In this role, Vijay drives a strategy that enables a growth-oriented balance between business need and risk mitigation; compliance; threat detection and avoidance; business process improvements; and delivery of targeted service solutions to meet rapidly evolving needs.

Jason Witty is a Senior Vice President and the International Information Security Executive at Bank of America. Having led many teams within the Global Information Security organization, he is currently accountable for information security controls across 50 countries outside of the United States, covering all Bank of America and Merrill Lynch operating entities.

–Bill Brenner