Speaker Full Bios

Summit 9

Thank you for joining us at the 9th Annual Information Security Summit

After months of planning and preparation, over 600 attendees, culminated on Friday May 19, 2017 at the Universal City Hilton drawing the ISSA LA’s 9th Annual Information Security Summit to a successful close. Photos from the event can be found here.

Below are the speakers who made Summit 9 such a fantastic event

Manley Feinberg

Manley is recognized as an award winning international keynote speaker and business leader, author, published outdoor adventure photographer and professional musician. He served two terms as the President of the National Speakers Association, St. Louis chapter; and is a member of the National Geospatial-Intelligence Agency (NGA) Leadership Development Staff.

During Manley’s eleven years with Build-A-Bear Workshop, his leadership direction helped take the revolutionary retail concept from 40 stores to over 400 worldwide, realizing revenue growth from 55 million to over 474 million, and a successful IPO on the NYSE.  He built an award winning reputation for implementing business solutions and support that produced measurable results every day. Manley’s leadership influence contributed to a workplace culture that landed Build-A-Bear on the FORTUNE 100 Best Companies to Work For® List four years in a row.

It is this expertise that he shares by applying lessons learned in business and adventures to life’s daily challenges.  The authentic, sincere and deep interpersonal connection Manley makes with your audience enables him to deliver practical and proven content to help organizations maximize their opportunities and develop their most valuable asset, their employees.   Through custom developed programs and support ranging from 60 minutes to 12 months, he will leave you with many actionable techniques, frameworks, and insights.   Most importantly, he can engage your organization in a way that sustains true results that last well beyond the presentation, and ultimately affect long term change.

Manley’s inspirational keynotes are brought to life through his national geographic photography and riveting stories culminating from a lifetime of adventure through 25 countries, to over 400 outdoor destinations.   Manley vividly shares compelling lessons from his adventure and leadership experiences in a way that allows you to relate to your mountains.  He will have you hanging beside him surviving in the Himalayas, struggling to communicate in Uzbekistan, and immediately transfer the experience to moving you forward in your courageous efforts.

Manley will challenge your mindset, arm you with ideas you can use, and inspire you to action.

Keynote Title: 7 Vertical Lessons & 1 Essential Question for Leading with Impact

Session Description:

Professionals often struggle to deliver more value under tightening budget constraints and rising expectations. Add the complications of regulations, engaging a multi-generational work
force, constantly shifting technology, and the balance of personal life needs; and you have a serious challenge.  After facing the same frustrations from the front lines to the executive level for more than 20 years; I believe the answer is to equip individuals at all levels with tools to help them think, act and influence as leaders in their environment so they can serve with greater impact. My Reaching Your Next Summit Keynote can be the catalyst for this change.  Your attendees will gain 7 strategies and 1 essential question to develop a service leadership mindset that engages, equips and inspires both them and their team members to step up and lead regardless of their title. Expect your attendees to build relationships and serve beyond vertical and horizontal boundaries in their environment. Collaboration is just the beginning.  With more accountability and increased commitment in the 90%, you will see results you can measure.Objectives:
  • Gain 7 personal leadership principles that will empower every attendee to stretch their comfort zones and Serve Beyond Position
  • Discover the one area you must micro-manage to gain Clarity in the Chaos, Drive Focus and Build Momentum
  • Drive innovation by encouraging individuals to step up, support others, and say what they see
  • Encourage networking and valuable relationship building between attendees
  • Engage, equip, and inspire attendees with multiple ideas they can use immediately to develop stronger relationships and increase their influence across vertical and horizontal boundaries

 

Richard Stiennon

Richard Stiennon joined Blancco Technology Group as Chief Strategy Officer in July 2016. In this role, he leads long-term strategic planning, product positioning, public affairs, analyst relations, joint ventures and industry partnerships. Many in the industry recognize him from his days as Vice President of Research at Gartner Inc. from 2000 to 2004, where his forward-thinking insights and questioning of the corporate status quo earned him Gartner’s Thought Leadership Award in 2003. He has also written three thought-provoking books on the alarming state of cyber war and its impact on businesses, with his most recent book, There Will Be Cyberwar, being named a Washington Post bestseller in April 2016. Considered to be one of the most prolific security thought leaders, he has spoken at over 28 data security conferences across 3 continents and is frequently quoted in news publications, including The Washington Post, New York Times, USA Today, Christian Science Monitor, Dark Reading, to name a few.

Keynote Title: Scaling the Data Mountain Without Putting Privacy at Risk

Session Description:

As our recent study on data protection regulations and guidelines found, 28 percent of global organizations admitted they have been hit by a data breach in the last 12 months. This isn’t that surprising when you consider how frequently we hear about data breaches every day – from O2 to TalkTalk to Target to Yahoo. And these data breaches cost companies an average of $2.1 million to $6.7 million – a sum that could cause serious harm to a business.

These statistics beg the question: Will we see an even greater increase in data breaches this year or will organizations finally start taking data protection seriously and commit to the development of robust data governance programs?

Data governance can help organizations protect their most important assets before data can be exposed or breached. The key to building a sound data governance program is to create a defined set of procedures that mitigate data security risks and then map out a plan that allows the organization to execute those procedures.

Businesses – and their IT teams – should think of data governance in the same way they’d go about building a new house. You cannot ask an architect to build a house without a detailed blueprint. It’s the same for data protection – without a data governance ‘blueprint,’ organizations will not be able to properly mitigate data security risks and ensure regulatory compliance.

In this session, Richard Stiennon, Chief Strategy Officer of Blancco Technology Group, will help companies improve their thinking and approach to managing both data and devices across their entire lifecycle – from creation to storage to archival to transfer to destruction. More specifically, Stiennon will demonstrate how and why data destruction can help significantly reduce the total volume of data that could be accessible, exposed and needs to be protected.

 

Ira Winkler

Ira Winkler, CISSP is President of Secure Mentem and co-host of The Irari Report (www.irarireport.com).  He is considered one of the world’s most influential security professionals, and has been named a “Modern Day James Bond” by the media.  He did this by performing espionage simulations, where he physically and technically “broke into” some of the largest companies in the World and investigating crimes against them, and telling them how to cost effectively protect their information and computer infrastructure.  He continues to perform these espionage simulations, as well as assisting organizations in developing cost effective security programs.  Ira also won the Hall of Fame award from the Information Systems Security Association, as well as several other prestigious industry awards. Most recently, CSO Magazine named Ira a CSO Compass Award winner as The Awareness Crusader.

Ira is also author of the riveting, entertaining, and educational books, Advanced Persistent Security, Spies Among Us and Zen and the Art of Information Security.  He is also a columnist for ComputerWorld, and writes for several other industry publications.

Mr. Winkler has been a keynote speaker at almost every major information security related event, on 6 continents, and has keynoted events in many diverse industries. He is frequently ranked among, if not the, top speakers at the events.

Mr. Winkler began his career at the National Security Agency, where he served as an Intelligence and Computer Systems Analyst.  He moved onto support other US and overseas government military and intelligence agencies.  After leaving government service, he went on to serve as President of the Internet Security Advisors Group, Chief Security Strategist at HP Consulting, and Director of Technology of the National Computer Security Association.  He was also on the Graduate and Undergraduate faculties of the Johns Hopkins University and the University of Maryland.  Mr. Winkler was recently elected the International President of the Information Systems Security Association, which is a 10,000+ member professional association.

Mr. Winkler has also written the book Corporate Espionage, which has been described as the bible of the Information Security field, and the bestselling Through the Eyes of the Enemy.  Both books address the threats that companies face protecting their information.  He has also written hundreds of professional and trade articles.  He has been featured and frequently appears on TV on every continent.  He has also been featured in magazines and newspapers including Forbes, USA Today, Wall Street Journal, San Francisco Chronicle, Washington Post, Planet Internet, and Business 2.0.

Keynote Title: Fighting Sophisticated Attacks with Advanced Persistent Security

Session Description:

It appears that any successful attack these days is labeled, Sophisticated. The implication is that the attacks were unpreventable. The reality is very different. We dissect recent attacks, and then go through how they could have been prevented. Advanced Persistent Security principles are applied to demonstrate how even successful breaches can be contained to significantly reduce loss.

 

Bill Cheswick

Bill Cheswick logged into his first computer in 1968. He has been programming and working for (and against) computer security ever since.
After graduating from Lehigh University in 1975, he worked as a system programmer for several years. He first connected to ARPAnet in 1985, and joined Bell Labs in 1987.
At Bell Labs he worked on early firewall designs, especially application-level gateways. His first firewall paper described a circuit-level gateway that predated SOCKS by several years, and coined the word “proxy” as it is currently used. The popular Berferd paper was an early exploration of honeypots—that paper first used jail in its current software usage. With Steve Bellovin, Ches set up one of the first “packet telescopes” which captured and analyzed stray Internet packets. They wrote and patented the first DNS proxy.  Steve and Ches published Firewalls and Internet Security: Repelling the Wily Hacker in 1994. This was the first full book on the subject, and sold over 100,000 copies in a dozen languages. This book trained a generation of new security experts. The second edition was published in 2003 with the help of Avi Rubin.
Ches worked on corporate and Internet mapping in the late 1990s with Hal Burch, creating dramatic and popular Internet maps that still appear in publications and talks today. He used this mapping technology to explore wartime damage in Serbia in 1999, and other connectivity questions since then. He has pinged a US attack sub, the SSN Hawaii. Distance: 66ms.

In 2000, he left Bell Labs and co-founded Lumeta to commercialize the mapping technology. These products have been useful in exploring and auditing government and corporate networks. In 2006 he left Lumeta and joined AT&T Shannon Lab where he worked on security, visualization, and user interfaces. He earned several patents (now over a dozen) in visualization and authentication, including a new way to see a movie, and slow movies. He left AT&T in 2012.

Ches “retired” in 2012: it is not likely to last. He is a Visiting Scholar at the University of Pennsylvania where he hangs out and occasionally teaches classes.
He hacks his farm in in Flemington, NJ, and supports his wife Lorette as she raises bees and plants, does botanical research. He consults, flies drones, tries to keep up in science, technology, and medicine, experiments with iOS apps, and is learning digital signal processing by processing recordings of thousands of passing trains.
He continues to serve on program committees, attend conferences, and give invited talks world-wide. Queries for consulting are welcome.

Title: Computer security: I think we can win!

Session Description:

By a number of important measures, the Internet is working spectacularly well. A large part of the world’s economy uses it to great advantage. But there is crime and espionage as well, and the attackers are highly capable, motivated, and spectacularly successful.
Meanwhile, experienced security people despair. The same bugs seem to persist, the lessons of the past ignored or forgotten. This has been going on for decades.
But I am an optimist. Despite the steady drumbeat of repeated problems, we are still very early in the game, making widespread rookie mistakes. In many cases, we are Not Even Trying. Despite the incredible progress of Moore’s Law, our software isn’t much better than thirty years ago.
This is going to get better over the coming decades. We have tools and techniques we haven’t explored or deployed very far. We can get the upper hand—yes, it is possible to write a secure program. They are our computers, on our networks, running software we choose: we have the home-field advantage. We ought to be able to win.

 

Chenxi Wang, Ph.D.

Dr. Chenxi Wang is Chief Strategy Officer of Twistlock. She is responsible for corporate strategy and marketing. Chenxi is the 2016 program co-chair for Security & Privacy at the Grace Hopper Conference. Chenxi built an illustrious career at Forrester Research, Intel Security, and CipherCloud. At Forrester, Chenxi covered mobile, cloud, and enterprise security, and wrote many hard hitting research papers. At Intel Security, she led the ubiquity strategy that spans both hardware and software platforms. Chenxi started her career as a faculty member of Computer Engineering at Carnegie Mellon University. Chenxi is a sought-after public speaker and a trusted advisor for IT executives. She has been quoted/featured by New York Times, Wall Street Journal, Forbes.com, Fox Business News, Bloomberg, Dark Reading, and many trade media outlets. Chenxi holds a Ph.D. in Computer Science from University of Virginia. She was recently named by SC Magazine as a Women of Influence for 2016.

 

Title: Digital Trust in the Era of Artificial Intelligence

Session Description:

This talk examines the evolution of trust in cyberspace, from the inception of the Internet to today’s hyper-connected digital world. How do we assess trust? Does Neuroscience help us answer this question? We look at how human brains process information,  derive trust or distrust from a neuroscience point of view, and apply that to the cyberspace. We also look at how this may be impacted when artificial intelligence passes the Turing Test, and how we might go about assessing trust then. This talk presents research in the intersection of neuroscience and computer security.

Richard Greenberg

Richard Greenberg, CISSP is the Information Security Officer for the Los Angeles County Department of Public Health.

Richard’s previous positions included Director of Surveillance and Information Systems, Chief of Security Operations, Director of IT, and Project Manager for various companies/agencies.

Richard brings over 25 years of management experience and has been a strategic and thought leader in IT and Information Security for both the private and public sectors. His Project Management, Security Management and Operations, and Policy and Compliance experience has helped shape his broad perspective on creating and implementing Information Security Programs.

Richard is a Fellow of ISSA International, and has received appointment to the ISSA Honor Roll. He has been selected as a finalist for both the (ISC)2 Senior Information Security Professional Leadership Award and the Los Angeles Business Journal CISO of the Yea.

Richard is the ongoing Chair of the Healthcare Privacy and Security Forums in LA. He has been a Co-Chair of the ISSA LA Security Summits 2011-2017, and has been Co-Chair of all four of the highly sucessful AppSec California conferences. He has also served as the OWASP AppSec USA Conference Co-Chair and has been a member of the ISSA International Conference Committee.

Richard, President of both the OWASP and ISSA Los Angeles Chapters, has worked diligently to bring together the various Southern California InfoSec organizations to enhance their collaboration efforts, to help outreach efforts for the entire SoCal region.

Richard has been a published author, and has spoken on Information Security individually and on panels. He is also a Security Evangelist, helping to spread the word about secure application development and general security awareness.

https://www.linkedin.com/in/richardagreenberg

Title: Moderator of the CISO Panel at the CISO Forum

Session Description:

This panel will consist of four leading CISOs, who will share their strategies to cope with the latest challenges and threats. You will be better prepared to move forward on your initiatives after attending this Forum.

Title: Moderator of the CISO Panel at the Healthcare Privacy and Security Forum

Session Description:

Four leading Healthcare CISOs will share how they are handling important privacy and security concerns in response to the increasing number and sophistication of data breaches. Join us as we learn from the experts how to protect our sensitive information.

Debra Farber, J.D.

Debra J. Farber (@privacyguru) is a data privacy and information security executive and entrepreneur with 15 years of strategy, operations, public policy, training, and compliance experience across industries and frameworks. She is Co-Founder of Women in Security and Privacy (WISP) and Founder and CEO of Orinoco Privacy – a SaaS-based platform company that connects privacy consultant expertise to small and medium-sized businesses. Debra also heads up U.S. Operations for NotSoSecure, Inc., a boutique security firm that specializes in pentesting and ethical hacking training classes (“Web Hacking,” “AppSec for Developers,” “IoT Hacking,” etc.).

Debra lives in San Francisco and serves as Advisor for several innovative tech companies, like BigID. In addition, she sits on the California Cyber Security Task Force, the Editorial Board for Cyber Security: A Peer-Reviewed Journal, and IAPP’s CIPT Exam Development Advisory Board. Prior to her current positions, she held privacy and security leadership roles at Visa, TRUSTe, IBM, American Express, IANS, The Advisory Board Company, and Farber Strategies. Debra holds a BA in English from Binghamton University and a JD from Brooklyn Law School. When not geeking out about data protection, she enjoys learning about new technologies, binge-watching scifi, playing viola, and keeping up on social media.

Debra J. Farber (@privacyguru) is a data privacy and information security executive and entrepreneur with 15 years of strategy, operations, public policy, training, and compliance experience across industries and frameworks. She is Co-Founder of Women in Security and Privacy (WISP) and Founder and CEO of Orinoco Privacy – a SaaS-based platform company that connects privacy consultant expertise to small and medium-sized businesses. Debra also heads up U.S. Operations for NotSoSecure, Inc., a boutique security firm that specializes in pentesting and ethical hacking training classes (“Web Hacking,” “AppSec for Developers,” “IoT Hacking,” etc.).

Debra lives in San Francisco and serves as Advisor for several innovative tech companies, like BigID. In addition, she sits on the California Cyber Security Task Force, the Editorial Board for Cyber Security: A Peer-Reviewed Journal, and IAPP’s CIPT Exam Development Advisory Board. Prior to her current positions, she held privacy and security leadership roles at Visa, TRUSTe, IBM, American Express, IANS, The Advisory Board Company, and Farber Strategies. Debra holds a BA in English from Binghamton University and a JD from Brooklyn Law School. When not geeking out about data protection, she enjoys learning about new technologies, binge-watching scifi, playing viola, and keeping up on social media.

Diana Kelley

Diana is the Global Executive Security Advisor to IBM Security and manage the IBM Security Newsroom. As Global ESA she leverages her 25+ years of cyber risk and security experience to provide advice and guidance to CISOs and security professionals. She is a regular contributor to SecurityIntelligence, X-Force Research and a co-author of IBM’s “Securing the C-Suite” study. She is also a faculty member with IANS Research and serves on the Advisory Board for InfoSec World, Structure Security and the Content Committee for the Executive Women’s Forum.

Diana was an IEEE “Rock Star of Risk” in 2016 and speaks frequently at major conferences including: TED, RSA, CyberTech, CompuTex, and InfoSec World. She has been quoted as a cybersecurity expert in many publications including: The NYTimes, TIME, MSNBC.com, Fortune, Information Security Magazine and The Wall Street Journal. Along with Ed Moyle, she co-authored the book Cryptographic Libraries for Developers, and wrote the chapter on “PKI and Directories” for the PKI: Wiley Tech Brief. In 2016 she was a guest lecturer at Boston College’s Master of Science in Cybersecurity program.

Title: Supersized Cybersecurity Groundhog Day – Insights for Preventing 2016 from Repeating

Session Description:

2016 was a year in which everything was bigger – bigger breaches, more vulnerabilities, larger attacks, and big repercussions. Whether it was the evolution of DDoS attacks into the record-shattering Mirai botnet that disrupted large portions of the internet or insidious commercial banking Trojans available for sale as ready-made malware kits, the tone of cyberattacks darkened in 2016 while illuminating one key fact: many companies are not applying basic security fundamentals to their IT environments.

Attend this talk to learn:

  •        The top-level security trends from 2016, and what it could mean for 2017, including the political and intellectual property concerns stemming from large-scale data leaks
  •        Why classic attack vectors continue to be a weapon of choice for those seeking to disrupt operations and steal data
  •        Why a lower attack rate for the average security client may not be good news
  •        What steps your organization can take to protect against these attacks

Eric Chien

Eric Chien is technical director of Symantec’s Security Response division leading a deep analysis team of engineers that investigate high-impact Internet security threats and was one of the lead authors of Symantec’s groundbreaking research on the revolutionary Stuxnet malware.

 

 

 

 

Title: Wanna Cry – The Fastest Most Damaging Worm in Years

Session Description:

WannaCry took the world by storm on Friday May 12, 2017 spreading to hundreds of thousands of computers in hours and then wiping all their content.  This presentation will walk through everything we know about WannaCry from how the threat works, the impact, attribution, remediation, how you can protect yourself, and most importantly lessons learned.

Erin Richards

Erin Richards is a Director of Risk Management at Oracle Corporation, Irvine, Ca. For the past 15 years, Erin has been in the Oracle Cloud Services organization leading a culturally diverse global team addressing security for hosted customers to meet their compliance needs while ensuring that services are offered in conformance to Oracle security policies to the highest recognized security standards and practices. Erin holds various security certifications and a Bachelor of Science in Electrical Engineering focused in computer science. After a nearly 11 year career in the US Department of Defense industry involved with programs developing Air Force defense missile systems, she decided it was time to move into the commercial industry. Erin joined Oracle in 1994 and has held positions in sales, alliances, consulting, development, product management, cloud hosting operations and information security. She is involved with Oracle’s Women’s Leadership Program mentoring young women in their career endeavors. Erin is a former yacht racer, collegiate soccer player, and avid runner; due to injuries and ‘wear and tear’, she’s had to switch to activities not so physically demanding and now enjoys golf, tennis, and incredibly hard work outs that challenge even her kids. She currently resides in North Tustin with her husband, Rick, 3 children, and two dogs. Erin can be contacted at erin.richards@ymail.com.

Evan Wheeler

Evan Wheeler is an expert in information security and operational risk management for organizations in many critical infrastructure sectors. Wheeler has extensive experience presenting business resilience and cyberthreat profiles to board committees, managing international teams, working with regulators and overseeing security operations. He is a specialist in building and running risk programs for organizations in highly regulated environments. He earned an M.S. in information assurance at Northeastern University. He also served as a Course Author and Lecturer for graduate programs at Clark University, Northeastern University and the SANS Institute. He published a book, Security Risk Management: Building an Information Security Risk Management Program from the Ground Up.

 

Title: Overhauling Your Risk Management Program

Session Description: 

Given the fluid threat landscape that we all face, Healthcare organizations must adopt sound risk management methodologies to keep pace, but it isn’t always obvious where to start. Learn the most common reasons why organizations struggle to manage risk effectively, and how to avoid those same mistakes. This session takes a practical approach to managing information risk without overcomplicating the process.

James W. Brady, Ph.D.

James is the Area Chief Information Officer at Kaiser Permanente Orange County, where he oversees all the information systems for the 262-bed Anaheim and 150-bed Irvine Medical Centers, 23 medical offices, 960 physicians, 8,000 employees, and over 550,000 health plan members. Prior to coming to Kaiser Permanente, he was the Chief Information Security Officer and Director of Technical Services at Hawaii Health Systems Corporation in Honolulu, Hawaii, the state’s fifth largest employer and the nation’s fourth largest community hospital system, with more than 1,270 beds, 4,000 employees, 1,000 physicians, and 14 facilities. At Hawaii Health Systems Corporation, James led the technology and infrastructure transformation, including deploying the Siemens Electronic Health Record system.  Before working in Hawaii, he directed the $60M data center consolidation and migration program, and deployed the Epic Electronic Health Record system as an Enterprise Information Services Systems Manager at Cedars-Sinai Health System in Los Angeles, CA.  James has earned two Masters Degrees, a PhD in Information Systems and Information Security, and 19 technical and professional certifications.  He recently co-authored the HIMSS CPHIMS certification study guide, the Essentials of Health Information Systems textbook, and has been featured in many healthcare news articles and webinars, as well as industry and academic conferences and publications.  James recently was the President and an Executive Board member for the HIMSS Southern California Chapter, is a certified HIMSS CPHIMS and CAHIMS instructor, and was recently awarded the 2015 HIMSS Distinguished Fellows Service Award, the 2015 Los Angeles Business Journal CIO of the Year Award, and was named to the 2017 Becker’s Top CIOs to Know list.  James also holds an adjunct faculty role in the School of Health and Human Services at National University, lectures at the University of California at Los Angeles (UCLA) School of Public Health, and is a workgroup member of the UC Irvine Cybersecurity Policy and Research Institute. He is married with three children, enjoys jogging, tennis, and inline speed skating, and lives in Laguna Nigel, CA.

Jennifer Granick

Jennifer Stisa Granick is the Director of Civil Liberties at the Stanford Center for Internet and Society. She is the author of a forthcoming book from Cambridge University Press entitled American Spies: Modern Surveillance, Why You Should Care, and What To Do About It. From 2001 to 2007, Granick was Executive Director of CIS and taught Cyberlaw, Computer Crime Law, Internet intermediary liability, and Internet law and policy. From 2007 to 2010 she served as the Civil Liberties Director at the Electronic Frontier Foundation. Granick practices, speaks, and writes about computer crime and security, electronic surveillance, security vulnerability disclosure, encryption policy, and the Fourth Amendment. In March of 2016, she received Duo Security’s Women in Security Academic Award for her expertise in the field as well as her direction and guidance for young women in the security industry. Before teaching at Stanford, Granick spent almost a decade practicing criminal defense law in California.

Title: American Spies, Modern Surveillance, and You

Session Description: 

In January of this year, my book American Spies, Modern Surveillance, Why You Should Care, and What To Do About It was published by Cambridge University Press. In the book, I argue that we are living in a golden age for surveillance, and that we desperately need to reform our laws.

Technological development, government secrecy, and a legal vacuum have conspired to give the intelligence community unprecedented insight into and power over private conduct. Government agents can use this power as government agents always have: to monitor and hinder individuals and groups that seek political and social change. While some surveillance is necessary for public safety, the current legal regime has swung too far the other way.

There is a opportunity for meaningful surveillance reform this year. On Dec. 31, 2017, a statute used to conduct spying on American soil and which affects vast numbers of Americans will expire. As Congress considers whether to reauthorize the statute, and how to reform it, it will look to information security professionals like the attendees at ISSA to better understand the risks, rewards, and possibilities for both securing our communications infrastructure and conducting national security investigations. Learning about modern surveillance is a precursor for this community’s involvement in improving it.

Jim Manico

Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. Jim is a frequent speaker on secure software practices and is a member of the Java-One Rock Star speaker community. Jim is a Global Board Member for the OWASP foundation where he helps drive the strategic vision for the organization and is the author of “Iron-Clad Java: Building Secure Web Applications” from McGraw-Hill.

For more information, see http://www.linkedin.com/in/jmanico.

 

Title: The OWASP Top Ten 2017

Session Description: 

In April 2017, the OWASP Top Ten 2017 Release Candidate 1 was released. PCI and other compliance based regulations cite and depend on the OWASP Top Ten for application security guidance.  This release has several controversial aspects to it that may have  a dramatic effect on your business. This talk will discuss why  your organization should largely ignore the OWASP Top Ten  and why using the OWASP Top Ten as a standard is actually incredibly dangerous for those who want to establish good  risk management when it comes to application security. This
talk straight-up throws down the gauntlet towards the primary authors of the OWASP Top Ten.

Mark Weatherford

Mark Weatherford is Senior Vice President and Chief Cybersecurity Strategist at vArmour. He has more than 20 years of security operations leadership and executive-level policy experience in some of the largest and most critical public and private sector organizations in the world.  At vArmour, Mark focuses on helping customers understand the rapidly evolving cybersecurity needs of the cloud and 21st century data center technologies.

Prior to joining vArmour, he was a Principal at The Chertoff Group where he worked with businesses and organizations around the world create strategic security programs. In 2011, Mr. Weatherford was appointed by President Obama as the Department of Homeland Security’s first Deputy Under Secretary for Cybersecurity and before DHS, he was the Vice President and Chief Security Officer at the North American Electric Reliability Corporation (NERC) where he directed the cybersecurity and critical infrastructure protection program and worked with electric utility companies across North America.  Prior to NERC, Mr. Weatherford was appointed by Governor Arnold Schwarzenegger to serve as California’s first Chief Information Security Officer and was also the first Chief Information Security Officer for the State of Colorado, where he was appointed by two successive governors. As a former U.S. Navy Cryptologic Officer, Mr. Weatherford led the United States Navy’s Computer Network Defense operations and the Naval Computer Incident Response Team (NAVCIRT).

Mr. Weatherford serves on the Board of Directors of the Center for Cyber and Homeland Security at the George Washington University, the Board of Directors at the National Cybersecurity Center, and is a Distinguished Fellow at the Poneman Institute. He is a Senior Advisor to The Chertoff Group and on the Executive Advisory Boards at AlertEnterprise, BitGlass, Chevron, Coalfire, and Cylance. He is also a member of an advisory group on Cyber-Enabled Economic Warfare at the Foundation for Defense of Democracies in Washington DC.

He earned a bachelor’s degree from the University of Arizona, a master’s degree from the Naval Postgraduate School and holds the Certified Information Systems Security Professional (CISSP) certification. He was awarded SC Magazine’s “CSO of the Year” award in 2010, named one of the “10 Most Influential People in Government Information Security” by GovInfoSecurity in both 2012 and 2013 and was selected for the 2013 CSO Compass Award for leadership achievements in the security community.

Title: The Internet of (Insecure) Things: We Forgot ‘The Cyber’

Session Description:

With spending on the Internet of Things predicted to reach $1.29T by 2020, John Chambers 2014 statement that, “The Internet of Things will be five to ten times more impactful in the next decade than the entire Internet has been to date” is becoming reality. Especially if you consider the security implications of the 50B+ devices that are forecast to be connected to the Internet. Companies that don’t think they’re big enough, important enough, or valuable enough to be concerned about the hacking of IoT devices simply aren’t paying attention and this was validated by the Dyn attack in November 2016. IoT devices have become pervasive and come with an obstinate problem – they’re Internet-connected. ALWAYS. While the IoT is providing economic opportunities inconceivable a decade ago, it is changing the way companies develop and deliver products and services. This talk will explore how the Cloud and Internet of Things technologies are changing the world and why security needs to be a larger part of the conversation.

Robert Bigman

Robert Bigman retired from Central Intelligence Agency (CIA), after serving a thirty year distinguished career.  Recognized as a pioneer in the field of classified information protection, Mr. Bigman developed technical measures and procedures to manage the nation’s most sensitive secrets.  As an information security trailblazer, Mr. Bigman participated in developing security measures for Government computers well before commercial industry found the Internet.  He then developed creative solutions to allow the CIA to use the Internet to further its mission without exposure.  With twenty-five years of experience, Mr. Bigman worked in every area of information and data security, the last fifteen years as the Agency’s Chief Information Security Officer (CISO). As the Agency CISO, Mr. Bigman managed a large organization of technical and program officers responsible for the protection of all Agency information.  As the CISO, his responsibilities included cryptography, information security policy/processes, standards and requirements, testing and network defense/response.  Mr. Bigman also served as the Agency’s designated officer for all discussions with the information security industry and its commercial partners. Mr. Bigman has contributed to almost every Intelligence Community information security policy/technical standard and has provided numerous briefings to the National Security Council, Congress and presidential commissions. Mr. Bigman’s earlier assignments at the CIA included participation in the technical design of the Intelligence Community’s first counterterrorism database and delivery of the Agency’s first secure TCP/IP local and wide area network for the Counterintelligence Center.  In recognition of his expertise and contributions, Mr. Bigman has received numerous CIA and Director of National Intelligence awards.

Mr. Bigman is now an independent consultant and works with U.S. Government, foreign governments and the top 50 Fortune corporations, helping them both build productive cyber security programs and successfully resist attacks from the most sophisticated hackers. Examples of his engagements include: Working with financial institutions to re-engineer their network and desktop defenses to reduce the risk of sophisticated (i.e., Nation-State) hacking; Working with a large ISP to reorganize their entire corporate cyber security program and develop new program charters and technical security policies; Working with a medical device manufacturer to ensure that their in-body monitoring devices exhibit the highest level of system, application, and network security, and; Working with a customer service organization to ensure that their Internet/Web services both satisfy security and privacy regulations and adequately protect sensitive consumer privacy information.  Mr. Bigman also provides cyber security program and technical training to global government and private organizations.  His training activities include cyber awareness programs for board of directors, cyber threats/vulnerabilities and secure design requirements briefings for IT system architects/engineers, cyber security policy training for IT security professionals  and general cyber security training for all employee levels/types within an organization.  Mr. Bigman is also the author of a comprehensive course entitled: “Building a High Performance Cyber Security Program.”

Mr. Bigman contributes to a number of cyber security blogs and frequently appears on cyber security media outlets including web pod cast, radio and television. His company, 2BSecure, is located in Rockville, Maryland and additional information is available at http://2bsecurellc.vpweb.com/.

Title: The Truth About Cyber Security

Session Description:

Why is it that after many years of spending millions of dollars on all sorts of technology, attending hundreds of training courses and responding to the “whims and fancies” of the compliance police, auditors and regulators, we are still losing the battle to the hackers.  What is it that they know and that we seem to keep missing/forgetting?  This session describes the truth about why we are losing the battle and what (surprising) measures actually do have an impact on the hackers ability to compromise networks, systems and applications.

Scott Hennon

Scott is the Senior Vice President and Chief Information Security Officer (CISO) at East West Bank. In his role, Scott provides leadership and guidance for safeguarding private sensitive information against accidental or unauthorized modification, destruction or disclosure.

Scott also, in collaboration with his Enterprise IT Risk Management team, consisting of Information Security, User Administration, Enterprise Business Continuity, and IT Risk Management, plans and develops security and risk management measures and strategies to identify, defend, and respond appropriately to cyber risks, threats and attacks.

Prior to this role, Scott worked at City National Bank, where he served as their Senior Vice President and CISO, providing leadership in a similar capacity to his current role at East West Bank. In addition, Scott has also had prior experience leading bank internal IT Audit teams, providing technology risk advisory and consulting services to several companies in multiple industries, and serving in IT leadership roles such as Director of IT and CIO.

Scott has over 25 years’ experience in technology and information security and was recently named the 2015 “CISO-Cybersecurity Professional of the Year” by the LA Business Journal.  He also has close to 20 years of relevant experience working in or around the financial services industry and audit. He holds ISACA certifications including being a Certified Information Systems Auditor (CISA), a Certified Information Security Manager (CISM), and Certified in the Corporate Governance of Enterprise IT (CGEIT). He also holds the distinguished security certification from (ISC)2 for being a Certified Information Systems Security Professional (CISSP).

Suedy Renner

Suedy Renner is a global business and technology leader with over 25+ years’ experience in strategic technology transformation, innovation, integration, optimization, modernization & implementation of various large initiatives.

Currently, Suedy serves as a Principal Management Consultant and Advisory CTO delivering high-impact guidance and thought leadership to clients to various organizations in strategic innovations, mobile & cloud applications, product & service development, strategic alliances, business & technology partnershipsin Hi-Tech, Financial Services & Healthcare verticals.

She applies significant business and technical acumen toward preparing transformational roadmaps, defining strategic vision, determining delivery methodology, guiding programs & executions while cultivating technology partnerships with various solution providers to drive customer digital transformation to cloud and mobile based solutions ranging from assessments through implementation.

As VP of IT &Enterprise Architecture at W&B Companies, she managed the strategic technology transformation and day to day operation for 7 competing companies. She managed business & technology requirements for highly regulated industry focusing on securing & commercialization of insurance exchanges.  Results included design & transformation of a legacy architecture into an Enterprise Cloud and Mobile Architecture.

Suedy’s innovative & intuitive thought process, technical skillset & operational excellence has delivered successful products and services across various high profile organizations such as Nexus IS(A Dimension Data Company), Bank of America, McAfee, Nortel Networks, MCI, Texas Instruments, American Express, Mobile Oil, Imperial Oil and many more.

Suedy has held many executive positions including CIO/ CTO and VP of IT & Engineering in various organizations.  She is known for her leadership style, integrity, delivery excellence, hands-on approach, innovative solutions & entrepreneurial spirit.

She has deep passionate for innovative transformational technologies & organizations, and dedicates significant amount of her time mentoring and growing others, and has been an Executive Guest Speaker & Mentor at WITI and Guest Panel Speaker at ISSA-LA Summit and various other organizations.

suedy@suedyrenner.com

http://www.linkedin.com/in/suedyrenner

Valerie Thomas

Valerie Thomas is a Executive Information Security Consultant for Securicon LLC that specializes in social engineering and physical penetration testing. After obtaining her bachelor’s degree in Electronic Engineering, Valerie led information security assessments for the Defense Information Systems Agency (DISA) before joining private industry. Her unique Defense and civilian background provides her with a solid understanding of intrusion detection, data loss prevention, and endpoint (in)security. Her electronic and RFID training became a crucial element of her physical security specialization. While some choose to focus on cyber or physical security, she has chosen to exploit the weaknesses of the combination of the two. As an ethical hacker and consultant she holds multiple industry certifications.

Valerie is the coauthor of “Building an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats” with Bill Gardner. Throughout her career, Valerie has conducted penetration tests, vulnerability assessments, compliance audits, and technical security training for executives, developers, and other security professionals. She has provided briefings and workshops for DEFCON, Derbycon, Blackhat, and multiple BSides events.

Title: Defending The Enterprise Against Social Engineering Attacks

Session Description:

Technology will continue to advance, but the greatest vulnerability will always exist in the human behind the keyboard.  Many resources exist on the exploitation of these vulnerabilities, but few discuss prevention at an enterprise level.  At this year’s Summit, I’ll be introducing the Social Engineering Defensive Framework.  This scalable process provides a roadmap for management to see their organization from a social engineer’s point of view, have a clear understanding of how susceptible they are to attack, and how to prevent attacks in the future.

 

Robb Reck

“Security only works when it’s in tune with the company it supports. Understanding what we are defending (and why) is more important than preventing, detecting or responding to threats. Understanding is dependent on high-quality relationships with stakeholders.”

Robb has built successful risk based security programs in the software and financial services industries. As Chief Information Security Officer at Ping Identity he is responsible for ensuring the integrity of all Ping products, the confidentiality of sensitive data, and the availability of critical services. Previous to his role at Ping Robb served as vice president and CISO for Pulte Financial Services. Before Pulte Robb served as Information Security Officer and Director of Risk Management for Harland Financial Solutions.

Robb leads the Denver ISSA chapter, helps coordinate Rocky Mountain Information Security Conference, and serves on ISSA International’s CISO Advisory Council. He holds a Bachelor’s of Arts from George Fox University and an MBA from Colorado State University.

 

Peter Kim

Peter Kim is a Director of Vulnerability Research at Blizzard Entertainment. Peter Kim has been in the information security industry for the last 12 years and has been running red teams/penetration testing for the past 8 years. He has worked for multiple utility companies, Fortune 1000 entertainment companies, government agencies, and financial organizations.

He is the author of the best-selling computer hacking book, ‘The Hacker Playbook: Practical Guide to Penetration Testing Series.’   Peter gives back to the security community by teaching penetration testing courses at community colleges and by creating and maintaining one of the largest security communities in the Southern California area (LETHAL).  He has also spoken at multiple security conferences including ToorCon, Derbycon, and others.

 

Shea McHugh

Shea McHugh is an information technology professional specializing in cybersecurity and network administration.  She graduated from North Idaho College with an Associates in Computer Information Technology in 2015 and has worked in IT roles since then.  In 2016, Shea joined the inaugural class of the SANS Institute’s Women’s Immersion Academy. She successfully completed three SANS advanced, technical training courses and industry-leading GIAC certifications over an 8-month period: GSEC, GCIH, and GWAPT.  Shea lives in Coeur d’Alene, Idaho, and works for Intermax Networks.

 

 

 

Maxwell Shuftan

Maxwell Shuftan is  a director of CyberTalent Solutions at SANS Institute.

Max leads the CyberTalent division of the SANS Institute, the most trusted and the largest provider of information security training and certification in the world. In this role, he directs business development and external stakeholder engagement to support the various SANS CyberTalent programs and develop strategic partnerships. He also oversees CyberTalent program operations and staff management. SANS CyberTalent helps organizations in both the public and private sectors address their cybersecurity human capital needs through initiatives such as VetSuccess, the Women’s Immersion Academy, and the CyberTalent Assessments, among others. Max joined SANS Institute as its’ CyberTalent Business Development manager in 2015.

Max has worked in the public affairs and stakeholder engagement arena of cybersecurity for the past six years, working with Government, corporate, and not-for-profit organizations, most recently as a Vice President at Cambridge Global Advisors, a homeland security strategic advisory services firm. He also previously served as the national recruitment director for the Cyber Aces Foundation, a nonprofit organization that trained and educated veterans, jobseekers, and students in cybersecurity via online training modules.

Max also has supported the U.S. Department of Homeland Security’s (DHS) CyberSkills Management Support Initiative (CMSI), an initiative within NPPD focused on building partnerships with academic institutions and NGOs as well as growing the cybersecurity talent pipeline for DHS through programs like the Cyber Student Volunteer Initiative.

Max has a Bachelor’s degree in Comparative Cultures and Politics from Michigan State University with a second degree in International Relations and a minor in Spanish. At Michigan State, he was a co-chair and fundraising director for the local Habitat for Humanity chapter. Additionally, he served as a Research Assistant to Distinguished Professor Richard Zinman of the James Madison College at MSU on international security and foreign relations policy.

mshuftan@sans.org

 

Diane J. Delaney

 

Diane Delaney is the Worldwide Talent Manager for IBM Security. In this role, she established and now oversees an enterprise-wide talent program to attract, recruit, hire and on-board diverse early professionals with cybersecurity skills. She also provides guidance and direction for their security enablement program which includes classes, digital badges and security certifications needed for career growth and that are critical to providing the best support to our IBM Security clients.

Previously, Diane was the Transition and Transformation (T&T) Operational Readiness Program Manager for IBM Global Technology Services, responsible for ensuring the successful turnover from T&T to Steady State for all strategic outsourcing accounts in North America. In addition, she managed the T&T critical skills project to recruit and hire top talent executives and senior program managers.

During her 32-year career with IBM, Diane has held several roles in different IBM divisions such as Senior Manager, Service Delivery Manager, Project Manager, Systems Engineer and Programmer.

Diane is an IBM Certified Executive Project Manager. She is PMP and ITIL Foundations v3 certified and holds a Bachelor of Science degree in Computer Science from SUNY Plattsburgh.

Diane lives in Woodland Hills, California. She is married and has two grown children. Outside of work, she enjoys playing racquetball, bicycling and skiing. She is actively involved at her church and is a volunteer leader for several community events focused on helping the homeless and hungry in her local community and around the world.

 

Kevin Cardwell

Kevin Cardwell served as the leader of a 5 person DoD Red Team that achieved a 100% success rate at compromising systems and networks for six straight years. He has conducted over 500 security assessments across the globe. His expertise is in finding weaknesses and determining ways clients can mitigate or limit the impact of these weaknesses.

He spent 22 years in the U.S. Navy. He has worked as both software and systems engineer on a variety of Department of Defense projects and early on was chosen as a member of the project to bring Internet access to ships at sea. Following this highly successful project he was selected to head the team that built a Network Operations and Security Center (NOSC) that provided services to the commands ashore and ships at sea in the Norwegian Sea and Atlantic Ocean . He served as the Leading Chief of Information Security at the NOC for six years. While there he created a Strategy and Training plan for the development of an expert team that took personnel with little or no experience and built them into expert team members for manning of the NOSC.

He currently works as a free-lance consultant and provides consulting services for companies throughout the world, and as an advisor to numerous government entities within the US, Middle East, Africa, Asia and the UK . He is an Instructor, Technical Editor and Author for Computer Forensics, and Hacking courses. He is the author of the Center for Advanced Security and Training (CAST) Advanced Network Defense and Advanced Penetration Testing courses. He is technical editor of the Learning Tree Course Penetration Testing Techniques and Computer Forensics. He has presented at the Blackhat USA, Hacker Halted, ISSA and TakeDownCon conferences as well as many others. He has chaired the Cybercrime and Cyberdefense Summit in Oman and was Executive Chairman of the Oil and Gas Cyberdefense Summit. He is author of Building Virtual Pentesting Labs for Advanced Penetration Testing, Advanced Penetration Testing for Highly Secured Environments 2nd Edition and Backtrack: Testing Wireless Network Security. He holds a BS in Computer Science from National University in California and a MS in Software Engineering from the Southern Methodist University (SMU) in Texas. He developed the Strategy and Training Development Plan for the first Government CERT in the country of Oman that recently was rated as the top CERT for the Middle East. He serves as a professional training consultant to the Oman Information Technology Authority, and developed the team to man the first Commercial Security Operations Center in the country of Oman. He has worked extensively with banks and financial institutions throughout the Middle East, Europe and the UK in the planning of a robust and secure architecture and implementing requirements to meet compliance. He currently provides consultancy to Commercial companies, governments, federal agencies, major banks and financial institutions throughout the globe. Some of his recent consulting projects include the Muscat Securities Market (MSM), Petroleum Development Oman and the Central Bank of Oman. He designed and implemented the custom security baseline for the existing Oman Airport Management Company (OAMC) airports and the two new airports opening in 2016. He created custom security baselines for all of the Microsoft Operating Systems, Cisco devices as well as applications. Additionally, he provides training and consultancy to the Oman CERT and the SOC team in monitoring and incident identification of intrusions and incidents within the Gulf region. He holds the CEH, ECSA, LPT and a number of other certifications.

Title: Solid Defense Strategies

Session Description:

In this session, I will discuss essential defensive strategies you can deploy and protect from the majority of the attacks that are in the news. I will show quick win that you can deploy that will make you organization more difficult to attack. The session will conclude with a demonstration of how to setup segmentation and isolation to protect your networks.

Mikhael Felker

Mikhael Felker is Director of Information Security and Risk Management at Farmers Insurance with focus on Operational / Cyber Risk.

Mr. Felker was previously the first information security hire to build the information security program and team for The Honest Company, the LA based unicorn ($1.7B valuation, 2015).  During his tenure at Honest he developed the first information security policies, implemented key security technologies, executed risk assessments, hired security engineers and contractors, developed program metrics, and provided C-level program reporting.

Previously, he led the ReachLocal global information security & compliance program, a public, Woodland Hills, CA based, B2B marketing company operating in 17 countries across 68 offices.  He led corporate security, product security, and compliance initiatives including PCI, HIPAA/HITECH and IT aspects of SOX.  His work on security initiatives helped ReachLocal win and retain industry-regulated customers.

Prior to taking on his ReachLocal security role, Mikhael led a team of ten overseeing production infrastructure (systems & network engineering).  He mentored his staff in program management and workflow (KanBan) techniques to improve overall performance, promoted several talented people into the infrastructure team, and hired the first IT intern who later converted to a full-time role.

During his decade career across a number of industries including Technology, Healthcare, Defense and Consumer Products companies, he has implemented technologies for vulnerability management, identity & access management, intrusion prevention, wireless security, eDiscovery, remote access, application security, two factor, security awareness training, eSignature, encryption platforms, endpoint security and many others.

While at Aerospace Corporation, he served as trusted-government advisor for Information Assurance evaluating $1B+ contract proposals, performed security & risk assessments for satellite systems, and under research contracts published papers for the Air Force cybersecurity.

In addition to his professional experience, Mikhael’s other passion is teaching and non-profit engagement; he has been a lecturer at USC Engineering and UCLA Extension, teaching courses ranging from Internet Protocols to Information Security Management.  He previously served on the Board of Directors for ISSA Los Angeles and PMI Los Angeles.

Felker received his M.S. in information security policy and management from Carnegie Mellon University and B.S. in computer science from UCLA.  He holds industry credentials in security, privacy and project management including CISSP, PMP, CIPP/US, CISM, CISA, ITIL, CGEIT, and CSM.  Mikhael’s written work of 50+ publications has been featured in 14+ publications including Forbes, ACM, IEEE Security & Privacy, ISACA Journal, ISSA Journal, case studies and a number of online magazines.

Mikhael resides in Encino, CA with his wife and daughter.  You can spot him sometimes on his road bike at cycling events in Southern California.

 

Gary Gooden

Gary Gooden is  the Former Chief Information Security Officer for Children’s Hospital Los Angeles (CHLA). He reports into the Chief Information Officer for CHLA

In his current role Gary has been driving the IT Security Strategy and executing against a roadmap that was created by him in an effort to modernize the Information security footprint within the hospital environment. This is been done in close coordination with other IT departments within the hospital environment.

Gary who joined CHLA on March 10th of 2014 previously held the role of IT Director, Technology Project Delivery. In that role he worked with the technology teams to accelerate the implementation of in house infrastructure solutions in close coordination with CHLA’s PMO office.

Prior to joining CHLA, Gary spent the last 23yrs at Amgen, Mattel and The Walt Disney Company in several IT executive leadership roles within Information Systems Infrastructure and Application Development and delivery. Most recently, Gary managed all demand and infrastructure capacity (physical and resource) planning activities while being responsible for the Global IT Infrastructure portfolio.

 

Yun-Kyung (Peggy) Lee

Yun-kyung (Peggy) Lee is the Deputy Regional Manager in the Pacific Region of the U.S Department of Health and Human Services, Office for Civil Rights (OCR).  Ms. Lee began as an Investigator at OCR in 2003 conducting investigations and recommending resolution of complaints alleging discrimination in the provision of health or social services based on race, color, national origin, disability, or age, and of complaints alleging violations of the HIPPA Privacy and Security Rules and the HITECH Breach Notification Rule that address health information privacy rights. She was also the Security Rule and Breach Notification Rule leader in the region.  Ms. Lee began her career as a New York attorney in both private practice and as a staff attorney at MFY Legal Services – Mental Health Law Project.  Upon arriving in California, Ms. Lee was a staff attorney at Neighborhood Legal Services – Health Consumer Center prior to joining OCR.  Ms. Lee is a graduate of Cornell University and Pace Law School.

 

Title: HIPAA, OCR, Breaches, Audits and YOU!

Session Description:

  • Recent guidance from OCR
  • A broad overview of the HITECH Audit program
  • Latest statistics on breaches reported to OCR
  • Lessons learned from recent settlement agreement cases and continuing enforcement issues, including Risk Analysis and Risk Management

 

My-Ngoc Nguyen

My-Ngoc Nguyen (pronounced Mee-Nop Wynn) is the CEO/Principal Consultant for Secured IT Solutions and  certified instructor for the SANS institute.  She brings 20 years of experience in information systems and technology, with the past 15 years focused on cyber security and information assurance for both the government and commercial sectors. My-Ngoc is highly experienced in  IT security and risk methodologies as well as developing and maturing cyber security programs. She led a cyber security program under a federal agency for a highly-regulated, first-of-a-kind project of national importance. With that experience, she has been assisting client organizations in both public and private sectors to implement secure and compliant business processes and IT solutions using defense-in-depth and risk-based approaches. Along with a master’s degree in management information systems, she carries top security certifications that include GSLC, GPEN, GCIH, GSEC, and CISSP, and is a former QSA. She is a member of the FBI’s InfraGard, Secret Service Electronic Crime Task Force, the Information Systems Security Association (ISSA), the Information Systems Audit and Control Association (ISACA), and the International Information Systems Security Certification Consortium (ISC2). My-Ngoc founded the non-profit organization CyberSafeNV to raise security awareness among Nevada residents and is currently the organization’s chairperson.

 

Marcus Richerson

Marcus Richerson is the President and Lead Penetration Tester at Somerset Recon, spearheading their work on the Hello Barbie security series. He has worked in information security for 12 years. He regularly hosts and participates in capture the flag hacking competitions and enjoys reverse engineering, exploit development, lockpicking, SCADA security, embedded device hacking, web hacking and mobile application hacking. He holds a master of science in computer science from San Diego State University.

 

 

 

Alexander Kissinger

Alexander Kissinger is the Senior Penetration Tester at Somerset Recon.

 

 

 

 

 

Erik Parreira

Erik Parreira is the Senior Security Engineer at Somerset Recon.

 

 

 

 

 

Jeffrey Duran

Jeffrey Duran is the Director of Product Marketing for enSilo. Prior to enSilo, he lead the marketing efforts for Invotas (acquired by FireEye), and was a formative member of the communications team for the U.S. Army Cyber Command.  Jeff has more than 20 years of experience solving complex communication’s problems for the cybersecurity, software development, manufacturing, and defense industries.

 

 

Title: Your Organization Will Be Attacked. But Your Data Isn’t Going Anywhere.

Session Description:

It’s the harsh truth about security, yet it’s the invariable risk of doing business: you will be attacked. This does not mean though that the business will suffer. If we know in advance what’s coming, we can well prevent the damage – let it be data ransom, tampering or theft. So that when the attack hits, the security, legal and executive teams can rest assure that the data will remain protected. So, yes, your organization will be under attack. But it’s possible to stop the race against the clock so that incident response does not need to bill overtime, hefty fines are avoided, business can continue as usual, and your organization does not appear as front page news.In this talk we look at various attack and market developments. By raising and discussing these trends, attendees will:

  • Recognize changes in the threat-scape and new attack trends
  • Apply new security approaches that are effective and reduce security expenditures
  • Adapt according to technological advancements and market changes
  • Develop best practices for protecting their data in advance of the inevitable attack

 

Jennifer L. Rathburn

Jennifer L. Rathburn is a partner with Foley & Lardner LLP. Ms. Rathburn focuses on counseling clients on data protection programs, data incident management, and breach response and recovery, as well as the monetization of data, the Health Insurance Portability and Accountability Act (HIPAA), and other privacy and security issues. She is one of the founders of the Midwest Cyber Security Alliance and has a deep understanding of the complex risk, operational, and legal issues companies must address to maintain the confidentiality of, access to, and integrity of their data.

Ms. Rathburn was selected for inclusion in The Best Lawyers in America© list for her work in health care law (2015 – 2017).  She is a member of the American Bar Association, American Health Lawyers Association, American Health Information Management Association, and International Association of Privacy Professionals.  Ms. Rathburn is a frequent writer and speaker on data privacy and cybersecurity issues.

 

 

Stan Banash

Stan Banash Jr. is the Chief Information Security Officer (CISO) for Children’s Hospital of Orange County (CHOC). As CISO, he is responsible for the strategic direction and alignment of the Information Security Program. His approach to Information Security employs risk management resulting in a strategically oriented and fiscally responsible program.

Prior to joining CHOC, Stan spent eight years developing and maturing the Information Security Program for Corinthian Colleges in Santa Ana, CA.  He became interested in Information Security as a consultant and CTO of Tallan Inc. during the early days of E-Commerce.

Stan has a Master Degree in Business Administration from Keller Graduate School and Bachelor Degree in Aerospace Engineering from the University of Southern California. Stan holds Certified Chief Information Security Officer (C|CISO), Certified Information Security Manager (CISM), Certified Information System Security Professional (CISSP), and Certified Information Privacy Professional (CIPP/US) certifications.

 

 

Mark Kadrich

For the past 30+ years, Mark Kadrich has worked in the security community, building knowledge, and contributing solutions. His strengths are in architecture level design, solution design, policy generation, endpoint security, and risk management. Mr. Kadrich is the author of the book Endpoint Security published by Addison Wesley. Mr Kadrich holds degrees in Management Information Systems, Computer Engineering and Electrical Engineering. He was a contributing author in publications such as Healthcare Technology Online, Health IT Outcomes, TCP Unleashed, ISSA Journal, Publish Magazine, Planet IT, RSA, CSI, SANS and The Black Hat Briefings. Mark Kadrich is a well- known speaker and evangelist on network security matters at technical conferences and security events. He was the program manager and chair for Cornerstones of Trust for 3 years.

Mr. Kadrich is the Interim Chief Information Security Officer for Antelope Valley Hospital in Lancaster California.

 

Eva Galperin

Eva Galperin is EFF’s Director of Cybersecurity. Prior to 2007, when she came to work for EFF, Eva worked in security and IT in Silicon Valley and earned degrees in Political Science and International Relations from SFSU. Her work is primarily focused on providing privacy and security for vulnerable populations around the world. To that end, she has applied the combination of her political science and technical background to everything from organizing EFF’s Tor Relay Challenge, to writing privacy and security training materials (including Surveillance Self Defense and the Digital First Aid Kit), and publishing research on malware in Syria, Vietnam, Kazakhstan. When she is not collecting new and exotic malware, she practices aerial circus arts and learning new languages.

 

 

Title: When Governments Attack: Malware Targeting Activists, Lawyers, and Journalists

Session Description:

Targeted malware campaigns against activists, lawyers, and journalists are becoming extremely commonplace. These attacks range in sophistication from simple spear-phishing campaigns using off the shelf malware, to APT-level attacks employing exploits, large budgets, and increasingly sophisticated techniques. Activists, lawyers and journalists are, for the most part, completely unprepared to deal with cyber-attacks; most of them don’t even have a single security professional on staff.

In this session, Eva Galperin of the Electronic Frontier Foundation will discuss the technical and operational details of malware campaigns against activists, journalists, and lawyers around the world, including EFF employees and clients, as well as what the security community can do to protect these highly vulnerable populations.

 

Cynthia Stamer

Repeatedly recognized among the “Top Rated Healthcare Lawyers and “Labor & Employment Lawyers” by LexisNexis® Martindale-Hubbell® list of Top Rated Lawyers, Past Chair of the American Bar Association (ABA) Health Law Section Managed Care & Insurance Interest Group and former Vice Chair of its eHealth, Privacy & Security Interest Group, Vice Chair of the ABA International Section Life Sciences Committee, Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment, Cynthia Marcotte Stamer, P.C. is a  Texas-based lawyer, health industry consultant, author, educator and policy advocate, valued nationally and internationally as a creative and pragmatic solutions creator and thought leader.  Coupling her lifelong involvement as a health industry solutions creator with more than 28 years leading edge legal, policy and operations work, Ms. Stamer helps health care and managed care providers and organizations, health benefit plan sponsors, insurers, technology and other health industry vendors, communities, government leaders and patients find and implement pragmatic health care and health plan solutions including extensive involvement with the development and deployment of telemedicine, remote and mobile health care and other health care services, technology, operations, public policy and other solutions.

Ms. Stamer is an author of the thousands of publications and workshops these and other healthcare, privacy and data security, workforce and other management matters, Ms. Stamer also is a highly sought out speaker and industry thought leader known for empowering audiences and readers. Ms. Stamer’s insights on employee benefits, insurance, health care and workforce matters in Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, Modern Healthcare, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications. Ms. Stamer also regularly serves on the faculty and planning committees for symposia of LexisNexis, the American Bar Association, ALIABA, the Society of Employee Benefits Administrators, the American Law Institute, ISSA, HIMMs, and many other prominent educational and training organizations and conducts training and speaks on these and other management, compliance and public policy concerns.

Lunchtime Healthcare Panel

Title: Finding & Negotiating The Mine Fields:  CISO, CIO & Privacy Officer’s Playbook for Promoting Compliance & Security Without Getting Fired

Session Description:

CISOs, CIOs and Privacy Officers face a challenging mission of ensuring their healthcare, financial and other critical information, data and systems continue to support the patient care and operating functions of their organizations, while at the same time defending these systems, operations and their sensitive, but mission critical data against malicious or innocent misappropriation, use, access or destruction. They must do so always with constrained resources, while maintaining sufficient management support to get and stay employed.

Fulfilling this mission generally requires CISOs, CIOs and Privacy professionals to battle through the minefield of technical, budgetary, legal, political, contracting, communication and other performance management, teamwork and other challenges.  Health industry operations and management attorney, author and thought leader Cynthia Marcotte Stamer, Esq. and a panel of experienced experts will lead you and your fellow Privacy and Security professionals in sharing and exploring some of these challenges, success stories, pitfalls, project planning approaches and other experiences and tips designed to help better arm you to anticipate and respond to these challenges.

Closing Healthcare Panel

Title: What Initiatives Are on the Horizon in Healthcare, and How Can We Secure Them?

Session Description:

Health industry management attorney, author and thought leader Cynthia Marcotte Stamer, Esq. will moderate a panel of leading Privacy and Security professionals, and advisors to help you anticipate likely future opportunities and challenges by exploring emerging privacy and security threats and technologies. They will also delve into regulatory challenges and enforcement, as well as other trends, sharing tips and insights about strategies for preparing to leverage new opportunities and manage new challenges.

 

Dan Meacham

A highly accomplished information security leader with more than 15 years of experience protecting information assets, risk management, incident management and compliance management, Dan Meacham is recognized as a top contributor to the information security community through support and advisory board membership at the University of Dallas, Texas A & M University, UCLA Extensions and VHA.

Meacham’s enterprise-wide security and risk management strategies set the standard for enterprise security operations in large public, private and not-for-profit organizations. Meacham has managed domestic and international investigation teams and budgets. Some of his career highlights include developing a national information security architecture model for healthcare, CISO finalist for the United Nation’s World Health Organization (2006) and transforming a 32% PCI compliance program to 97% compliance in less than 12 months. Meacham is a founding Co-Chair of the Evanta Southern California CISO Executive Summit.

 

 

Mike Villegas

Miguel O. “Mike” Villegas is vice president (VP) for K3DES LLC, a payment and technology consulting firm. Over a span of 30 years, Mike has been a CISO for a large online retailer, partner for two “Big Four” consulting firms over a span of nine years, VP of IT risk management, an IT audit director for several large commercial banks, and owner of an information security professionals firm.

Mike is past president of the Los Angeles ISACA and San Francisco ISACA chapters. He served as co-chair for the SF ISACA Fall Conference from 2002 through 2008. He is currently on the LA ISACA Spring Conference and the CISA review coordinator for the Los Angeles ISACA chapter which he has taught for over 18 years.

Mike holds many certifications, including CISA, CISSP, GSEC, CEH, QSA and PA-QSA.

 

Chris Joerg

Chris Joerg is the Chief Information Security Officer for Cedars-Sinai Health System. Joerg has worked for two decades as an information security industry expert with a record of developing, running and improving information security strategy, organizations and infrastructure. Most recently, he worked at UNISYS, a global information technology company, where he was responsible for global information security. 

Joerg also held leadership positions at ISS – IBM, CompuCom Systems and Caesar’s Entertainment Corporation. He holds a master’s degree in management from Texas A&M. 

 

 

Todd Friedman

Todd Friedman is the Global CISO and privacy lead for ResMed, a global company that manufactures and distributes cloud connected medical equipment and solutions for diagnosing, treating and, managing sleep-disordered breathing and other respiratory conditions. ResMed employs more than 5,000 employees worldwide, operates in 100 countries, and has manufacturing facilities in Australia, France, Singapore and the US.

Todd is a versatile leader with more than twenty years’ experience in information risk and security management. His career has spanned the healthcare, toy, entertainment and insurance industries, during which Todd led numerous functions, including infrastructure planning and management, systems integration, PMO, project management, governance, compliance, strategic planning, and for the past decade, information risk and security management. Prior to joining ResMed in early 2015, Todd was the CISO of Mattel, and prior to that he was the SVP and CISO of Universal Music Group, the world largest music company.  In additional Todd is has a held a long term board role in startup Music.com, is on the Governing board of Evanta, and is on the selection committee of San Diego incubator EvoNexus.   

A native of Los Angeles, he holds an MBA from UCLA and a B.A. from UCSD, and maintains the following certifications: CISSP, CISM, CRISC and CIPP  

 

Bruce Phillips

Mr. Phillips has more than a decades experience in Information Security, building and executing successful strategic security programs. He has a wealth of industry
security knowledge in Real Estate Settlement Services and Financial Services. Focusing on a risk-based approach in the development and operation of business
systems and the application of Information Technology that not only meet the needs of the business but also protects business and consumer information.
Mr. Phillips previously served as the CISO of the nation’s largest title insurance company and VP of Security Architecture for the mortgage and finance industries’
leading provider of integrated technology, services and data solutions. He has spoken on various topics including Information Security, E-Discovery, and Litigation Support.
Mr. Phillips formerly served as a board member of the Orange County California – Information Systems Security Association (ISSA), and is currently a Governing Body Member of the Southern California CISO Executive Summit and an Infrastructure Liaison Officer with InfraGard.

 

Malcolm Harkins

Malcolm is the Global Chief Information Security Officer for Cylance, Inc. Previously he was the vice president and Chief Security and Privacy Officer (CSPO) at Intel Corporation. In this role Malcolm was responsible for managing the risk, controls, privacy, security, and other related compliance activities for all of Intel’s information assets, products and services. Malcolm is a frequent speaker at Industry events, and is a contributing author to a book titled Introduction to IT Privacy, a Handbook for Technologists a publication from the International Association of Privacy Professionals that was published in March 2014.

 

 

 

Gary R. Hayslip

As Chief Information Security Officer (CISO) for Webroot, Gary advises executive leadership on protecting critical information resources and oversees enterprise cyber security strategy. As CISO, his mission includes creating a “risk aware” culture that places high value on securing and protecting customer information entrusted to Webroot. Gary is a proven cyber security professional, he has a record of establishing enterprise information security programs and managing multiple cross-functional network and security teams. Gary has established a reputation as a highly skilled communicator and presenter. He has demonstrated ability to work within all business channels of an organization and is extremely effective in communicating the nuances of cyber security in business/risk terms for executive management. Gary recently co-authored the “CISO Desk Reference Guide: A Practical Guide for CISOs” focused on enabling CISOs to expand their expertise and scope of knowledge. Gary’s previous information security roles include multiple CISO, Deputy Director of IT and Senior Network Architect roles for the City of San Diego, the U.S. Navy (Active Duty) and as a U.S. Federal Government employee. In these positions he built security programs from the ground up, audited large disparate networks and consolidated and legacy network infrastructure into converged virtualized datacenters. Gary is involved in the cyber security and technology start-up communities in San Diego, he is an advisory board member for Cybertech, the parent organization for the Cyber incubator Cyberhive and the Internet of Things incubator iHive. He also serves as a member of the EvoNexus Selection Committee where he reviews and mentors Cyber Security and Internet of Things startups and he is an advisory board member for the Cyber Center of Excellence. Gary is an active member of the professional organizations ISSA, ISACA, OWASP, and is on the Board of Directors for INFRAGARD. Gary holds numerous professional certifications including: CISSP, CISA, and CRISC, and holds a Bachelor of Science in Information Systems Management & Masters in Business Administration. Gary has over 25 years of experience in Information Security, Enterprise Risk Management, and Data Privacy.

LinkedIn Profile: http://www.linkedin.com/in/ghayslip

Twitter: @ghayslip

 

David Son

David is a lead security professional who has extensive and broad experience in security risk management programs.  David is currently a security lead in AT&T’s Chief Security Office organization.

David managed DIRECTV’s IT Compliance and Risk Management program from IT SOX, PCI DSS, Private Data Governance, Cloud Governance and 3rd Party Assurance Programs prior to AT&T acquisition.  David has joined DIRECTV in 1999 and has been involved various Governance, Risk and Compliance projects for the company.  He frequently speaks at various conferences in PCI, Data Security and GRC topics.  Prior to joining DIRECTV, he has extensive experience in global trading business, finance and business continuity.

 

 

Maria Ramirez

Maria Ramirez is the Head Deputy District Attorney of the Los Angeles County District Attorney’s (LADA) Cyber Crime Division.  Ms. Ramirez supervises 11 attorneys and 19 investigators and oversees the investigation and prosecution of cyber related crime, including identity theft, credit card fraud, computer intrusions and child exploitation over the internet.  Under her leadership, the division has expanded in recent years to include County and Community Cyber Investigation Response Teams to address the increase in cyber related crime against the L.A. County departments and small to medium size businesses.  The division also works closely with the FBI’s Business Email Compromise (BEC) task force and the U. S. Secret Service Electronic Crimes Task Force.  Ms. Ramirez is on the advisory board of the International Association of Financial Crime Investigators (IAFCI) and is the chair of the LADA Fraud Inter-Bureau Working Group.  Recently, Ms. Ramirez received the 2015 Prosecutor of the Year award from the California District Attorney Investigator’s Association for her work in cyber crime prosecutions.

Ms. Ramirez has been a prosecutor for the DA’s Office for more than 26 years and has served in several assignments including the Auto Insurance Fraud Division, Major Narcotics Division, Hardcore Gang Division and several branch and area offices throughout Los Angeles County.  Ms. Ramirez graduated from Loyola Marymount University in 1987 with a major in Political Science and received her Juris Doctor from Loyola Law School in 1990.

 

John Palmieri

SA John Palmieri is an FBI Agent with the Los Angles Division of the FBI and worked in the Cyber division of the FBI for the past several years.  He has worked numerous cases on a broad spectrum of crimes ranging from employee hack-backs, business email compromise scams, malware intrusions, and national security investigations.  SA Palmieri holds and Electrical Engineering degree and prior to joining the FBI, he worked in private industry for many years doing electrical engineering and software engineering.

 

 

Ron Raether

Ron Raether leads the Cybersecurity, Information Governance and Privacy practice and is a partner in the Financial Services Litigation practice group at Troutman Sanders. Ron is known as the interpreter between businesses and information technology, and has assisted companies in navigating federal and state privacy laws for over twenty years. Ron’s understanding of technology led him to be involved in legal issues that cross normal law firm boundaries, including experience with data security, data privacy, patent, antitrust, and licensing and contracts.  This experience allows Ron to bring a fresh and creative perspective to data compliance issues with the knowledge and historical perspective of an industry veteran.

Ron’s involvement in seminal data compliance and data use cases has helped define current standards in several areas of the law.  He assisted one of the first companies required to provide notice of a data breach and has since successfully defended companies in over 100 class actions.  Ron represents clients in a broad range of technology and data privacy matters including data aggregation and analytics, mobile applications, de-identification/anonymization, including correlating data from multiple connected devices, “connected-things (IoT),” electronic crash- and consumer-reporting systems, and payment technologies.  Ron also advises on pre- and post-incident compliance concerns ranging from privacy policy preparation to development of incident response plans and workflows, addressing post-incident aftermath, and responding to regulatory inquiries.  Balancing privacy, cyber security and business functionality, Ron’s approach to data governance is uniquely designed with the industry in mind as it adapts to the ever-evolving technological and legal landscape.

 

Dave Babcock

Dave is a current and founding member of the Los Angeles County District Attorney (LADA) Cyber Investigation Response Team (CIRT) and a member of the United States Secret Service Los Angeles Electronic Crimes Task Force (LAECTF).  His unit investigates cyber-attacks, intellectual property thefts, and network intrusions against Los Angeles County government networks, employees, and technology assets.  In his current assignment Dave was the lead investigator on two of the largest security breaches, involving the theft of PII and PHI, in Los Angeles County history. Dave has trained thousands of IT security professionals (law enforcement and civilian alike) in the discipline of in-depth cyber security and risk reduction. Prior to this assignment, Dave was assigned to the Public Integrity Division and was an integral part of the highly publicized Bell City corruption case.  Before joining the LADA Babcock was a Police Officer for the City of Glendale. Dave served as a Non-Commissioned Officer in the Marine Corps. He is a graduate of the Illinois Institute of Technology, with a degree in Chemical Engineering. He holds a Global Information Association Certification in Network Security Essentials (GSEC). Most recently Dave attended a 112-hour Network Intrusion course at the United States Secret Service national computer training facility in Hoover, Alabama.

 

Warren Kato

Warren Kato has been a Deputy District Attorney for the Los Angeles County District Attorney’s Office for 18 years.  He has been assigned for the past 8 years to the Cyber Crime Division, where he has vertically prosecuted high tech identity theft crimes in conjunction with local and federal agencies.  He was previously assigned to the Hardcore Gang Division where he prosecuted gang murders, as well as to the Victim Impact Program where he prosecuted sex crimes.  He is an internationally recognized prosecutor in the field of identity theft prosecutions, and he has authored several legal articles that have been published and/or cited in law reviews and other legal publications.  He has received numerous awards and commendations, including being recognized as one of the 2007 California Lawyer Magazine “Attorneys of the Year” for Criminal Law (CLAY Award) for a jury trial prosecution that resulted in the highest California sentence at that time (1,210 years and 22 consecutive life sentences in state prison).  He was named the 2012 “Prosecutor of the Year” by the Southern California Chapter of the International Association of Financial Crimes Investigators (IAFCI); and he was recently awarded the 2015 “United States Prosecutor of the Year” award by the International and United States chapters of the IAFCI.  He has recently been selected to head a program geared towards combatting cyber-crimes committed against private industry.

 

Britton Schaefer

Britton is currently assigned to the Los Angeles County District Attorney (LADA) Public Integrity Division, where he investigates corruption by officials who hold public office and positions of trust throughout the County. Britton is a founding member of the LADA, Cyber Investigation Response Team (CIRT) and was a member of the United States Secret Service Los Angeles Electronic Crimes Task Force (LAECTF).  CIRT investigates cyber-attacks, intellectual property thefts, and network intrusions against Los Angeles County government networks, employees, and technology assets.  Prior to this assignment, Britton was assigned to the FBI Joint Terrorism Task Force in Los Angeles, working on the Al-Qaeda Squad.  He is a nationally recognized counter terrorism instructor and has trained over 20,000 police officers around the nation in recognizing and preventing terrorist attacks. Before joining the LADA, Schaefer was a Los Angeles County Sheriff’s Deputy.  Britton served as a Commissioned Officer in the United States Marine Corps. He is a graduate of San Diego State University, with a degree in Criminal Justice Administration.

Britton routinely instructs Los Angeles County employee end-users and information security managers in network security and cyber security awareness.

 

Darin Dick

Darin Dick is a Sr. Executive with 20 years Software Sales Experience, 12 of which spent in Information Security. He has served as a Technology & Industry Advisor to major accounts, both Domestically (West Coast) & Internationally; ANZ. His career spans across the enterprise software sector from the smaller entrepreneurial start-up’s to large Fortune 500 Enterprise Software Providers.

 

 

 

Tristan Petak

Tristan has an extensive background in science, data analytics, and solutions software, specializing in advanced, next generation cyber technology. He has work alongside executives and security teams in all verticals of the private sector to help them understand and protect their security environments.

 

 

 

Title: Unsupervised Machine Learning: A New Approach to Cyber Defense.

 

ISSA-LA Summit Committee

President/Summit Chair – Richard Greenberg

Richard Greenberg, CISSP is the Information Security Officer for the Los Angeles County Department of Public Health.

Richard is a Fellow of ISSA International, and has received appointment to the ISSA Honor Roll. He has been selected as a finalist for both the (ISC)2 Senior Information Security Professional Leadership Award and the Los Angeles Business Journal CISO of the Year.

Richard is the ongoing Chair of the Healthcare Privacy and Security Forums in LA. He has been a Co-Chair of the ISSA LA Security Summits 2011-2017, and has been Co-Chair of all four of the highly sucessful AppSec California conferences. He has also served as the OWASP AppSec USA Conference Co-Chair and has been a member of the ISSA International Conference Committee.

Richard, President of both the OWASP and ISSA Los Angeles Chapters, has worked diligently to bring together the various Southern California InfoSec organizations to enhance their collaboration efforts, to help outreach efforts for the entire SoCal region.

Richard has been a published author, and has spoken on Information Security individually and on panels. He is also a Security Evangelist, helping to spread the word about secure application development and general security awareness.

https://www.linkedin.com/in/richardagreenberg

 

Vice President – Yev Avidon

Yev Avidon is currently an Associate Director with AT&T. He has been leading Information Security and Risk Management teams for over 12 years.  Yev has been involved with local non-profit security organizations, such as ISACA LA, ISSA LA and OWASP LA. For the last six years Yev has been serving on the ISSA LA board as an Education Director, Technology Director and currently as a Vice President. He was a member of the Information Security Advisory Committee at the UCLA Extension. He is a Certified Information Systems Security Professional (CISSP), a Certified Information Systems Auditor (CISA) and ISO/IEC 27001:2005 Lead Auditor.

 

 

 

Treasurer – Gary Landau

Gary Landau is currently a CISO Advisor with Unisys. He has been leading IT and information security teams for over 25 years as part of startups as well as large global organizations. He is passionate about continuously improving system reliability, performance, and security. Mr. Landau has an MS in Computer Science and numerous certifications such as CISSP, CISM, CISA, CCSK, CCNA-Security and CCNP. He is also one of the founding board members and past President of the LA chapter of the Cloud Security Alliance.

 

 

 

Secretary – Edmond Momartin

Edmond Momartin, CISSP, CISA serves on the Boards of ISSA and OWASP Los Angeles Chapters and has been involved in IT for the past 30 years, most recent 15 years in Information Security and Compliance. He has managed teams of 20+ people, led large multi-discipline projects (e.g. ERP migrations, M&A), provided guidance to business for litigation and compliance with government regulations (FAR, ITAR, SOX).  He’s also been involved with Strategy, Risk Management, Vendor and Software License Management, Process Improvement, and Software Contracts. He’s able to pay attention to detail  while not losing sight of big picture and always thrives on new challenges.   For the past 7 years, he’s volunteered his spare time at at several local non-profits like including Scale and currently is the Comptuer Forum Chair at AESA.

 

Summit Technology Director – Chris Daskalos

Chris Daskalos is currently a Consultant in the Cyber Resilience Group at Stroz Friedberg, an AON Company. In this role, he works with clients to improve their resilience against cyber threats in a proactive capacity. Chris has been a member of IAPP since he was a student and has recently begun getting involved with ISSA and OWASP. Chris holds an MS in Information Security Policy and Management from Carnegie Mellon University and a BS from the University of Southern California. A nagging thought on the back of Chris’ mind is how the blockchain can be leveraged to improve supply chain assurance.

 

 

 

 

Summit Vendor Director – Joel Simangan


Joel Simangan, MSIA, CISM, CRISC, GISP, CFE, CHP, CSCS, is the Information Security Officer and HIPAA Privacy Officer for the County of Los Angeles Internal Services Department.
Joel currently serves as an Advisory Board  Member at ISSA Los Angeles and a Governing Body Member at Evanta/CEB.  He was previously a Board Member at ISSA Los Angeles, one of the co-founders of ISSA Ventura County Chapter and a CISO Panel Speaker at CIOsynergy Los Angeles 2015 (http://la.securecio.com/).
Joel is a solutions-driven security professional with almost 20 years of experience in Information Security, and almost 30 years in IT working in complex enterprise environments including Fortune 100 & 500 global industries – S&L/Banking, Retail, Internet Banking, Software Development, Public Utilities, Securities, Home Mortgage, Local Gov’t & Consulting Services.

 

 

ISSA-LA Marketing Director – Sean Martin

Sean Martin is an information security veteran of nearly 25 years and a four-term CISSP. Sean is the co-founder and editor-in-chief at @ITSPmagazine and the president of imsmartin, an international business advisory firm. Sean’s articles have been published globally covering security management, cloud computing, enterprise mobility, application security, InfoSec awareness and education, bug bounties, governance, risk, and compliance — oftentimes with a focus on specialized industries and sectors such as government, finance, healthcare, insurance, legal, manufacturing and the supply chain. Sean is also a board member for ISSA Los Angeles and an active participant in the OWASP community.