Mike Rothman, President of independent research firm Securosis, specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and compliance. Mike’s bold perspectives and irreverent style make him one of security’s most sought after speakers and commentators. After 20 years in and around security, he’s one of the guys who “knows where the bodies are buried” in the space. Mike is the author of “The Pragmatic CSO,” which introduces technically oriented security professionals to the nuances of what is required to be a senior security professional.

Mike will be presenting his session Seeing through the Clouds: Tactics to Deal with Limited Cloud Visibility at this year’s Secure360 Conference.

Tell us a little about yourself

I’m the “plumber” of Securosis and that mean I focus my research on sexy things like network and endpoint security. Though don’t feel too bad for me, I get to drink coffee all day and stir the proverbial pot.

I write a weekly newsletter on our blog called The Incite. Read the last couple of posts and you’ll learn more about me than you ever wanted to know and maybe catch up on a little security news as well.

What’s the topic of your presentation at Secure 360

I’m going to talk about how cloud computing changes how you monitor your environment. When everything is in your own datacenter, it’s possible to monitor from the network layer on up. In the cloud, you can’t see the network and in a lot of cases you can’t see parts of the computing stack. That means your tactics necessarily have to change, so that’s what I’ll talk about in my session.

What do you hope that the audience will walk away understanding from your session?

The audience needs to understand that although a lot of things are the same when applications and data are moved into the cloud, and lot of things are different as well. And if the architects aren’t considering how security and specifically monitoring is going to change, then it’s not going to end well.

If you’ve been to Secure 360 before, what’s your favorite Secure 360 memory?

Minneapolis has a great, tight knit security community, many of which I’ve met through my travels. So it’s great to roam around the floor and see great speakers with a group that is eager to learn.

Who do you most want to meet / see at this year’s Secure 360?

I won’t insult any of my good friends by being specific. But suffice it to say there are many folks I’m lucky to call friends that will be at S360 this year, and I’m looking forward to seeing them and drinking a few Leinies.

What’s the favorite technology that you use on a daily basis?

Has to be my iPad. My business is to stay current with what’s happening in the security industry, so I read A LOT. The iPad makes consuming content easy and accessible pretty much anywhere I am. And it keeps my kids occupied on long car rides, so it’s a 360 degree win for me.

You can learn more about Mike by visiting his blog The Incite or following him via Twitter at @securityincite.

Barry has been the Chief Information Security Officer for the MN Dept. of Human Services since 2003. He is responsible for information security and security technologies department-wide including the development and implementation HIPAA compliant security policy and security architecture. Barry has more than 25 years of experience in information technology and security. He holds an MS in applied mathematics from Virginia Polytechnic Institute (aka Virginia Tech), and the CISSP, ISSMP, CISA, and CISM certifications. He is a soccer coach in Apple Valley and serves on the soccer boards of the Valley United Soccer Club and Valley Athletic Association as director of coaching.

Barry will be presenting two sessions at this year’s Secure360 Conference:

• #*%! my CISO Says
• IT Consumerization – iPad’ing the Enterprise or BYOMalware?

Tell us a little about yourself

I’ve been in IT almost 30 years in a variety of roles including: software developer, sales engineer, ISP operations and security in industries like aerospace, software, ISP, financial and government. I love learning and keeping up with new developments. I listen to a couple of hours of security and tech podcasts everyday!

What’s the topic of your presentation at Secure 360

One on IT Consumerization and one on communicating and aligning security with management and business.

What do you hope that the audience will walk away understanding from your session?

There are no exact answers in our field. Among the best things we can do is to stay connected with our business partners, educate others and make risk-based decisions.

If you’ve been to Secure 360 before, what’s your favorite Secure 360 memory?

I’ve actually spoken at every Secure 360 conference! (and a number of spring ISSA conferences before that) Perhaps my strongest memory is a bit sad… I had a great, but brief, conversation with Gene Schultz between talks a couple of years ago. I didn’t get a chance to tell him the great story of how he actually inspired me to do my first conference talk about 15 years ago

Who do you most want to meet / see at this year’s Secure 360?

I look forward to touching base with old colleagues and definitely enjoy meeting new friends!

What’s the favorite technology that you use on a daily basis?

There are two items without which I cannot function… my android phone and my netbook… yes, a netbook! Now, if someone can just invent a battery that really lasts!

You can learn more about Barry by visiting his about.me page.

Rebecca is a widely recognized and respected expert in information privacy, security and compliance. Rebecca has been named in the “Best Privacy Advisors in the World” list all years Computerworld magazine has released their rankings, along with receiving many other awards and recognitions. Rebecca has been leading the NIST Smart Grid privacy subgroup since June, 2009. Rebecca’s Compliance Helper service helps healthcare organizations and their business associates to meet their HIPAA, HITECH and other information security and privacy requirements. Rebecca has been an Adjunct Professor for the Norwich MSIA program since 2004, and she is working on her 15th published book.

Rebecca will be presenting her session Cloud Computing in Healthcare: Key Security and Privacy Issues at this year’s Secure360 Conference.

Tell us a little about yourself

I’ve been working in the information security, privacy and compliance arenas for over two decades. I’ve owned my own business since 2004. I’ve been an Adjunct Professor for the Norwich Master of Science in Information Assurance program since 2005, and I’m working on my 15th, 16th and 17th published books. I was born and raised in a small rural area in north central Missouri, and I’ve lived on a working farm in Madison County, Iowa (where the bridges are) for the past 17 years. I have two sons, 12 yrs and 14 yrs¸ am a fanatic marching band mom, love attending my son’s basketball games, enjoy sports, art, music, and being outside. I love traveling when my family can join me and can have some fun. Otherwise, I try to limit business-only travel as much as possible. We are currently restoring a 100 year old house in town that was empty for several years, so that is interesting and fun.

What’s the topic of your presentation at Secure 360

Cloud Computing in Healthcare: Key Security and Privacy Issues

What do you hope that the audience will walk away understanding from your session?

Several things. Just a few:

• That HIPAA/HITECH requirements are passed along to cloud service providers, and the healthcare entities will be held responsible in part for ensuring the security of the PHI entrusted to the cloud provider business associate (BA).
• That cloud providers BAs are responsible for complying with all of HIPAA/HITECH; they cannot just pick and choose the technology requirements, or some subset of them.
• The wide range of risks that cloud service providers must address, and some of the actions that can be taken to mitigate the risks.
• Some effective ways in which covered entities can maintain ongoing oversight of the business associate cloud service provider’s compliance levels.

If you’ve been to Secure 360 before, what’s your favorite Secure 360 memory?

There are many. I’ve made a lot of new contacts and friends. I’ve met folks in person that I had, until the conference, only communicated with online or over the phone. I’ve been able to see a completely different side of well-known information security and compliance gurus, so that has been cool. A lot of great conversations over lunches and after the conference at the receptions. Plus, I really like the venue; easy to get to, very nice facilities, and great close-by accommodations.

Who do you most want to meet / see at this year’s Secure 360?

I’m looking forward to seeing the folks I typically only get to see once a year while at Secure 360. I’d name some, but then I would hate to find out later that I forgot some good friends and inadvertently snubbed them, so I’ll just refrain on that note. I see there are a lot of other cloud sessions going on, so I may drop in on one or two of them to compare and contrast information based upon my experiences and findings throughout the past few years. The sessions by Jarrett Brachman and Nancy Lyons look very interesting, and I hope to sit in on them.

What’s the favorite technology that you use on a daily basis?

I’m sure you’ll get some interesting and humorous double entendre answers to this! J Favorites would include: laptop, microwave, and coffee maker.

You can learn more about Rebecca by visiting her blog Privacy Professor, following her via Twitter at @privacyprof, or by visiting her LinkedIn Profile.

In addition to sitting on the Board of Directors of The Open Organisation Of Lockpickers (TOOOL), a non-profit group dedicated to academic and hobbyist endeavors into lock research and locksport, Deviant’s company The CORE Group performs physical penetration testing and security training services. Think of the movie “Sneakers”… yeah, they do that. With the portly charm of Dan Aykroyd, the steely eyes of Sidney Poitier, and the suave cunning of Robert Redford, all rolled into one, Deviant and his team can help you identify flaws in your security posture. Don’t be surprised if they ask to move the location of your first meeting to the server room… as location from which they are likely to be calling.

Deviant will be presenting his session Physical Security on the Front Lines at this year’s Secure360 Conference.

What do you hope that the audience will walk away understanding from your session?

The ability to think tactically about physical security and thus a greater means of making decisions which have a direct impact on their bottom line and security posture. If you can at the very least eliminate the low-hanging fruit and then prioritize your list of addressable items which remain, you’ll be light years ahead of your competition in terms of keeping unauthorized persons out of your facility.

What’s the favorite technology that you use on a daily basis?

A ruggedized Android smartphone running a custom ROM by Cyanogen which allows for massive control of permissions and device functionality… effectively bashing Google over the head with a privacy-conscious bat.

You can learn more about Deviant by reading his online biography or following him on Twitter at @deviantollam.

Bryan is currently the senior crisis management, intelligence, & business continuity leader for a local Fortune 50 corporation and has over nineteen years of experience as a business & security professional. His areas of responsibility include enterprise business continuity, crisis management, global intelligence, and two global emergency operations centers.

Bryan also serves as the Chair, Private Sector Committee, for the National Emergency Management Association and the Vice Chairman, Disaster Response & Preparedness Committee for the Retail Industry Leader’s Association.

Bryan will be presenting his session Order from Chaos: Building a Crisis Management Program at this year’s Secure360 Conference.

What’s the topic of your presentation at Secure 360

I’ll be talking about how to successfully build a crisis management program within a company of any size. While I think the nuts and bolts about how various crisis or business continuity programs operate is interesting, the most common question that I get from my peers across the industry is “How did you build the business case to get what you have?”. We’ll be talking about how to build the program, who to hire, and how to sell this approach to your company’s executives.

What do you hope that the audience will walk away understanding from your session?

I’m hopeful that the audience walks away with new insights into how to successfully make the business case to start or expand their crisis management or business continuity program.

If you’ve been to Secure 360 before, what’s your favorite Secure 360 memory?

I’ve been to every Secure360 Conference over the past few years. I have the advantage of being married to a co-founder – so my favorite memories all revolve around watching Marie operate in her element.

Who do you most want to meet / see at this year’s Secure 360?

This year I’ll be helping to lead the social media efforts for Secure360 – I’m looking forward to meeting most of the featured speakers along with many of the other contributors. I’ll be live-tweeting and blogging as much as possible throughout the conference.

What’s the favorite technology that you use on a daily basis?

I’m an Apple guy through and through. I’d say that the most common piece of technology that I use is my iPhone 4S, along with the new iPad. I’ll be using both along with a MacBook Pro at Secure360 this year.

You can learn more about Bryan by visiting his blog bryanstrawser.com, following him via Twitter at @bryanstrawser, or by visiting his LinkedIn Profile.

For our first featured speaker interview, we took a few minutes to chat with Chris Valtsos.

Chris Veltsos is an associate professor in the Department of Computer Information Science at Minnesota State University, Mankato where he regularly teaches Information Security and Information Warfare classes. Beyond the classroom, Chris is also very active in the security community, engaging with community groups and business leaders. Chris has presented at regional and national conferences, and provided input for groups like NIST, ISACA and the SANS NewsBites newsletter. Chris regularly consults in the field, including performing security assessments of academic institutions for the Advance IT Minnesota center.

Chris will be presenting his session “Are we there yet? Information Security Grows Up” at the 2012 Secure360 Conference.

What’s the topic of your presentation at Secure 360?

For years, security wanted a seat at the grown-ups’ table. Now that we finally have it, what’s next? The evolution of the field necessitates that we information security professionals also evolve our language, our models, and our measures, to properly communicate the risks that we seek to manage. And while the risks have evolved over the years, so has the amount of sharing and reporting from the security community. Yet, as the breach reports and security reports point out, we are still failing to properly implement and monitor some of the most basic aspects of security.

What do you hope that the audience will walk away understanding from your session?

How far the field as come, but also, how much further we need to go.

If you’ve been to Secure 360 before, what’s your favorite Secure 360 memory?

My favorite memory of Secure360 is the sense of camaraderie that one can experience attending this conference. Great speakers, attentive audiences, and friendly vendors.

Who do you most want to meet / see at this year’s Secure 360?

Secure360 has continually been able to bring some a rich mix of national-level information security speakers while also providing a platform for emerging local talent to get their start. This year is no exception.

My prediction: Twitter will be abuzz with the comments of Secure360 attendees.

What’s your favorite technology that you use on a daily basis?

Virtual Machines. In an age where the next click can get you infected, VMs can help restore a balance to the ongoing cat-and-mouse game of protecting against the next piece of malware or Zero-day.

You can learn more about Chris by visiting his blog Dr. Info Sec, following him via Twitter at twitter.com/drinfosec, or by visiting his LinkedIn Profile.