Keynote speakers
May 8, 2012
Douglas Hubbard | The Failure of Risk Management
Douglas Hubbard is founder of Hubbard Decision Research and creator of Applied Information Economics (AIE) method. His career has focused on the application of AIE to solve current business issues facing today’s corporations. With more than 22 years of consulting experience, Hubbard provides risk/return analyses of critical projects, investments and other management decisions in the insurance, banking, utilities, government, entertainment media, military logistics and manufacturing industries. Hubbard is also the author of three books: “How to Measure Anything: Finding the Value of Intangibles in Business,” “The Failure of Risk Management: Why It’s Broken and How to Fix It,” and most recently, “Pulse: The New Science of Harnessing Internet Buzz to Track Threats and Opportunities.” Hubbard’s career has focuses on the application of AIE to solve current business issues facing today’s corporations. Hubbard’s session description.
May 9, 2012
Jon Gordon| Mobile & Social: A Transformation
Jon Gordon is an editor at Minnesota Public Radio News, one of the leading public radio operations in the United States. He is responsible for strategy and execution of social media, audience engagement and distribution of news for mobile platforms. He created, produced and hosted “Future Tense,” a daily tech-themed radio report that aired on public radio stations across the country from 1996 to 2010. From his base in San Francisco, Gordon’s job on “Future Tense” was to present the most important and interesting technology news and information in a simple, straightforward manner. Gordon’s work has been recognized by the Associated Press, the Corporation for Public Broadcasting, The Northwest Broadcast News Association and the UCLA’s Anderson School of Business. Gordon’s session description.
Session speakers
Chris Andrews | Solving Data Breach Points of Egress with Analysis
Christopher Andrews provides expert computer forensic, incident response and technology consulting services to Kroll clients. Andrews conducts forensic analysis, acquires and preserves computer media and performs data recovery on electronic media. In addition, he conducts investigations involving the analysis of electronic media for litigation and is often called upon to provide expert testimony. Prior to joining Kroll, Andrews worked as a special agent with the Northern California Computer Crimes Task Force. He was also a District Attorney Investigator in Humboldt County, California. Chris’s session description.
Tim Armstrong | The Internals of Identity-theft Attacks
As a Malware Researcher at Kaspersky Lab Americas, Tim Armstrong monitors the emerging threat landscape, with a specific focus on mobile malware and embedded technologies. Tim has been recognized as an expert in many publications on topics such as corporate breaches and Android specific malware. Tim has worked in IT security for more than five years in a variety of roles, including those of Corporate Customer Response, Professional Services, and Corporate Technical Support. He joined Kaspersky Lab in 2007 and has been on the Global Research and Analysis team since 2009 and is currently based in Massachusetts.
Scott Ashdown (Imation) | Securing Enterprise Data & Best Practices for Secure Mobility
Scott Ashdown has over 15 years of experience in product development and product management in the data security, authentication, and VoIP industries. He held increasingly senior positions at MPR Teltech, Bioscrypt, ActivIdentity, CounterPath, and Wesley Clover prior to joining Imation. Focused on translating market needs into well-resolved products, Scott holds a Bachelor of Engineering in Computer Systems fromCarletonUniversity.
Brian Baird | Is Cloud Identity Management right for you?
Brian Baird is SaskTel’s Identity Management Centre of Excellence CTO and chair of the Cloud Security Alliance (CSA) Canada Chapter. He enjoys working with industry peers to foster awareness, adoption and successful execution of secure Cloud Computing. Areas of expertise offered by Mr. Baird include Identity Management, Information Risk Management and Governance Risk and Compliance (GRC). Industry experience has been earned in several verticals including Health Care, Government, Insurance, Utilities, Telecommunications, Agriculture and Finance. Brian offers a deep passion for the entrepreneurial spirit. He creatively solves tough business problems by mashing traditional Enterprise grade operational discipline with incremental innovation.
John Benninghoff | Behavioral Security Modeling
John Benninghoff started his information security career when he was asked to build and deploy a Network IDS using free software (SHADOW and OpenBSD) after returning from a SANS conference in 1998. John has worked as a network security engineer, security architect, and senior manager, and now provides consulting services through his company, Transvasive Security. John holds CISSP and CISM Certifications, and received the CISM Worldwide Excellence Award for earning the top score on the December 2005 CISM Exam. John’s session description.
Matt Blanco | Developing a Global Business Continuity Strategy
Matt Blanco leads Target’s Information Technology Service Continuity Management (ITSCM) team, where he is responsible for a multi-year transformation of Target’s Technology Recovery Services, including the high availability of critical infrastructure systems, recovery of critical business applications and data center recovery planning. Matt is an Information Technology (IT) professional with over 20 years of experience in the development, implementation and recovery planning of IT systems. He has held a variety of leadership roles within Target Technology Services (TTS) ranging from Business Intelligence, IT Operations, Security & Compliance and Infrastructure & Support. Matt’s session description.
Andrew Borene |From American Frontlines to Assembly Lines: U.S. Innovation & Competition in a Global Robotics Revolution
Andrew Borene is Executive Director of Robotics Alley™ and Director & Counsel at ReconRobotics. Andrew is a former Associate Deputy General Counsel with the U.S. Department of Defense and has taught as adjunct faculty at the Humphrey Institute of Public Affairs. He served on active duty as a U.S. Marine intelligence officer with the 1st Marine Division, including combat service in Iraq, and time as the executive officer for its Headquarters & Service Company at Camp Pendleton. During law school, he was a judicial extern in the chambers of Judge John Tunheim, U.S. District Court, Minnesota. In 2009, he was awarded a U.S. Department of State funded fellowship as an Emerging American Leader for the study of post-conflict peace-building in Northern Ireland. Andrew is a Director at Large with the FBI’s InfraGard Alliance Minnesota Executive Board where he assists the organization’s leadership in issues related to law, intelligence, information sharing, critical infrastructure protection and national security. He is also an alumnus of the Minnesota High Tech Association’s ACE Leadership Program, and founding editor of the American Bar Association’s “U.S. Intelligence Community Law Sourcebook”. Andrew holds a J.D. (University of Minnesota) and a B.A. in Economics (Macalester College). Andrew’s session description.
Jarret Brachman |Impostors, Insiders and Intruders: Mitigating the Threat from Within
Dr. Jarret Brachman is a leading expert on extremist movements. He began his career at the Central Intelligence Agency and went on to become the founding Director of Research at West Point’s Combating Terrorism Center. In 2008, Brachman published his first book, Global Jihadism and returned to his hometown to launch a new program on security at NDSU. Brachman advises clients on issues related to counterterrorism and violent extremism across the U.S. intelligence, military and law enforcement communities. Brachman has testified before Congressional subcommittees, the British House of Lords and has appeared in nearly every major print and television media outlet. Jarret’s session description.
Michael Brady | Mindsets and Toolkits: Thinking Positively About Security
Michael Brady is a life-long security leadership professional. He has provided security, safety, and incident management services at semiconductor and computer manufacturing firms, as an independent security consultant, and as an executive for security service providers. Currently an account manager, consultant, and trainer for Hannon Security Services Inc, Michael is also an adjunct instructor in the Security Management program at Saint Mary’s University of Minnesota School of Graduate and Professional Programs. Michael recently completed his Master of Arts in Human Development degree where he focused on issues of leadership, team building, and problem solving. Michael’s session description.
Karl Brophey | Behavioral Security Modeling
Karl Brophey provides IT strategy, leadership, and architecture services at Brophey Consulting. He has held diverse roles across IT and Product Development, leading data-intensive system development and integration intitiatives for industries including healthcare, financial services, business services, and government, from start-ups to multinationals. Karl focuses on facilitating communications between groups – business and technology, development and infrastructure, organizations and their clients and vendors. He believes understanding the different needs and ways of thinking of business staff, architects, analysts, developers, and testers is critical to delivering solutions that effectively meet the business’ needs. Karl’s session description.
Chris Buse | Digital Identities
Christopher Buse is the Chief Information Security Officer for the State ofMinnesota. In this capacity, Christopher is responsible for designing and implementing the enterprise security architecture for state government. Before accepting this position, Christopher served as the Manager of Information Technology Audits for the Minnesota Office of the Legislative Auditor. During his 19 years as an auditor, Christopher planned and oversaw information technology audit work done on large government computer systems. Christopher also provided state of the art technology tools and training for audit professionals. Christopher Buse graduated from St. Cloud State University in 1986 with a Bachelor of Science degree in Accounting. Since graduation, he has supplemented his accounting degree with numerous computer science and management information systems courses. Christopher is a Certified Public Accountant (CPA), Certified Information Systems Auditor (CISA), and a Certified Information Systems Security Professional (CISSP). Christopher is active in many professional organizations and currently serves on the Executive Committee of the Multi State Information Sharing and Analysis Center. He also sits on the Information Systems Audit and Control Association (ISACA) International Professional Influence and Advocacy Committee, and has held numerous Board of Director positions in the Minnesota Chapter. Christopher was awarded the 2008 Security Professional of the Year by the Information Systems Security Association’s Minnesota Chapter. Chris’ session description.
Barry Caplin |#*%! my CISO Says
Barry has been the Chief Information Security Officer for the MN Dept. of Human Services since 2003. He is responsible for information security and security technologies department-wide including the development and implementation HIPAA compliant security policy and security architecture. Barry has more than 25 years of experience in information technology and security. He holds an MS in applied mathematics from Virginia Polytechnic Institute (aka Virginia Tech), and the CISSP, ISSMP, CISA, and CISM certifications. He is a soccer coach in Apple Valley and serves on the soccer boards of the Valley United Soccer Club and Valley Athletic Association as director of coaching. Barry’s session description.
Special Agent Robert Cameron |Cyber Crime: They Will Not Stop for Lunch
In 1995 Robert Cameron joined the Navy as a Cryptologist. He served at the National Security Agency, leading an engineering team responsible for the installation and accreditation of networks. Upon leaving the Navy, Robert worked as an Information Systems Security Engineer for Booz Allen Hamilton. In 2002, Robert took a Special Agent position with the FBI. Since that time, he has operated as a case agent specializing in the investigation of internet related criminal violations, counter-terrorism, and counter-espionage matters. He has extensive experience in international operations, incident response, and the development and implementation of honeypots and wireless networks. Robert’s session description.
Tom Cocchiarella | Discussing Security with (Non-Security) Management
Tom has more than 30 years of IT experience, from Technician to VP, Security VAR & Consultant, Owner of Fragneto’s, Inc. to serving on the Board of Directors of FBI InfraGard (MN) and is an alumnus of the FBI Citizens Academy. Tom currently co-manages the Cargill North America PMO, and is also a advisor/member of Ramsey County CERT, Woodbury VERT, and holds CISM and Certified in Homeland Security – Level III certifications. Tom’s session description.
Steve Currie | Scenario Analysis: Moving Beyond Penetration Testing
Steve Currie is a manager in Ernst & Young’s IT Risk Transformation practice in Minneapolis, focusing on Information Security governance and process development. Steve has recently worked on projects running Security Operations Centers, pro-active malware detection, and information security scenario analysis. Steve is a founding member of the Cloud Security Alliance Chapter of Minnesota and holds CISM and CISA certifications. Steve’s session description.
Robert Edinger, MSIA, CISSP | Job: Security – Lessons from the Front Lines
Rob Edinger is veteran information security professional with over 19 years in consulting and leadership roles for private, public, government, and corporate organizations of all sizes and verticals. A Senior Member of ISSA and Charter member of MN (ISC)2, he earned CISSP designation in 1998. Rob holds a B.A.-Business Management from Bethel University and an M.S.-Information Assurance from Norwich University. At Milestone, Rob is responsible for the security consulting and audit services practice, project management, security thought leadership, and sales support. Robert’s session description.
Miles Edmundson | Darts, Dice, and Monte Carlo
Miles has over 10 years in the information security space. He began his career performing technical penetration tests for financial services clients. From there, he moved to internal vulnerability testing and social engineering engagements. He spent three years as Carlson’s Information Security Manager and for the last 4.5 years has been the Information Security Officer at Rural Community Insurance Services, a company owned by Wells Fargo. Miles’ session description.
Tim Erlin | Benchmark Analysis: The State of Vulnerability Management
Tim Erlin, CISSP, is the Director of Product Manager at nCircle, responsible for Suite360, including vulnerability management and configuration auditing, and policy compliance. In his more than 10 year tenure at nCircle, he has also held the positions of Senior Sales Engineer and QA Engineer. His career in information technology began with systems and network administration. Tim’s session description.
Ryan English | 500 days in the Cloud
Ryan English serves as Practice Principal for the HP Enterprise Security Professional Services team. Previously, Ryan was VP of Product Management and Professional Services at Vigilar, and before that, he oversaw product strategy and direction for SPI Dynamics’ Quality Assurance and Developer security products. Ryan has also held several project and product management positions, and assisted in the strategic growth and development of consulting divisions. He holds an MBA from Regis University, and a BS from the University of Alabama. Ryan’s session description.
Lynn Estes | Free & Open Source Software in the Enterprise
Lynn has over 20 years of experience including consulting, system hardening, and application development. He has experience in designing, building, and managing secure systems using both Windows and Linux based platforms. A CISSP since 2005 he also has interest in writing secure code and significant experience in application auditing and configuration management. He currently works at Blue Cross Blue Shield of MN in Technical Infrastructure Services as the Intel systems lead. Lynn’s session description.
Kevin Flanagan | Beyond The Breach – Lessons Learned from the RSA Attack
Kevin Flanagan, CISSP, CISA, is the Director of Technical Consulting for North America at RSA, The Security Division of EMC. Kevin leads a team of Security Specialists responsible for solution architecture and technical subject matter expertise. Over the years he has provided security program definition, risk assessment, secure application design, and data protection architecture for many software/service providers and large corporations.
David Flora | Fearing the Auditor More Than the Hacker and Security Issues With an International Perspective
As the Principal in the Chicagoland office, Dave brings more than 20 years of business communications experience and expertise to Firestorm. Dave’s vision aligns with Firestorm’s focus on the human impacts of disaster (Every Crisis is a Human Crisis) and goal of building a Culture of Preparedness in the U.S. private sector. Mr. Flora also brings to Firestorm a passion for designing and developing risk mitigation strategies for corporate services centers, such as mail centers, print services and receiving areas for Fortune 1000 companies. David’s session description.
Evan Francen | 10 Information Security Principles to Live (or die) By
Evan spent more than 15 years as a leading information security professional and corporate leader in both private and public companies. He is well-versed in governmental and industry-specific regulations, standards and guidelines including ISO/IEC 27002 (17799:2005), HIPAA, GLBA, PCI-DSS, FDA CFR Part 11, SOX and COBIT, but also understands the intricacies in aligning compliance with business objectives. Most recently, and prior to establishing FRSecure LLC, Evan established the formal information security programs for two publicly-traded companies. Evan’s session description.
Stacey Garcia | Why Mobile Device Management (MDM) needs mobile security
Stacey Garcia is product marketing manager for Websense, Inc. She joined Websense in 2010 and is responsible for managing all activities for Websense TRITON Mobile Security, Cloud Email Security, and Cloud Web Security. She has a wealth of knowledge in the mobile and cloud security space. Garcia holds a bachelor’s degree in marketing with a minor in chemistry from California State University, Long Beach. Stacey’s session description.
William Hagestad II | Examining the Chinese Cyber Warfare Threat
Lieutenant Colonel Hagestad has a Master’s of Science in Security Technologies from the College of Computer Engineering, University of Minnesota conferred in 2011. He also has a Bachelor of Arts in Mandarin Chinese, with minor emphasis in Classical Chinese and Modern Japanese while also holding a second Master’s of Science in the Management Of Technology from the Carlson School of Management, University of Minn. William is an internationally recognized subject matter expert on the Chinese People’s Liberation Army & Government Information Warfare. William’s session description.
Patrick Harding | Authenticating mobile devices to the Cloud
Harding brings more than 20 years of experience in software development, networking infrastructure and information security to the role of Chief Technology Office for Ping Identity. Harding is responsible for Ping Identity’s technology strategy. Previously, Harding was a vice president and security architect at Fidelity Investments where he was responsible for aligning identity management and security technologies with the strategic goals of the business. Harding was integrally involved with the implementation of federated identity technologies at Fidelity — from “napkin” to production. An active leader in the Identity Security space, Harding is a Founding Board Member for the Information Card Foundation, a member of the Cloud Security Alliance Board of Advisors, on the steering committee for OASIS and actively involved in the Kantara Initiative and Project Concordia. He is a regular speaker at RSA, Digital ID World, SaaS Summit, Burton Catalyst and other conferences. Harding holds a BS Degree in Computer Science from the University of New South Wales in Sydney, Australia. Patrick’s session description.
Rebecca Herold | Cloud Computing in Healthcare: Key Security and Privacy Issues
Rebecca is a widely recognized and respected expert in information privacy, security and compliance. Rebecca has been named in the “Best Privacy Advisors in the World” list all years Computerworld magazine has released their rankings, along with receiving many other awards and recognitions. Rebecca has been leading the NIST Smart Grid privacy subgroup since June, 2009. Rebecca’s Compliance Helper service helps healthcare organizations and their business associates to meet their HIPAA, HITECH and other information security and privacy requirements. Rebecca has been an Adjunct Professor for the Norwich MSIA program since 2004, and she is working on her 15th published book. Rebecca’s session description.
Matt Hubbard (Trend Micro, Inc) | Securing Your Physical, Virtual, Cloud Infrastructure
Matt Hubbard has dedicated the majority of his 15 year career to help design and bring to market solutions that enable companies to secure their technology environment. He has worked in product management and R&D at companies such as Symantec, Dell and Compaq. As a passionate evangelist, Matt knows and promotes the value of enterprise security solutions. He currently serves as a Senior Manager at Trend Micro and helps C-Level Executives and their staff to understand the issues and solutions available to them to achieve measurable results. Matt holds a Bachelors degree from the University of Texas at Austin. Matt’s session description.
Dean Hyers | Winning Presence for Make-or-Break Moments
Dean Hyers began making movies as a teenager, became an entrepreneur in his twenties, and has stayed on these twin paths all his life. Upon graduating from Gustavus Adolphus College, Dean launched his own interactive media company, Digital Café, as his entrée into the movie business. Through Digital Café, Dean developed commercial software products, and directed electronic promotions for mainstream Hollywood blockbusters like Godzilla, Mighty Morphin’ Power Rangers: the Movie, and Die Hard III. Upon selling Digital Café to advertising heavy-hitter Campell Mithun in 1999, Dean returned to the director’s chair with his debut feature, Bill’s Gun Shop, which he also produced. The film was released through Warner Bros, after Dean took top honors at the SMMASH Film Festival and won Minnesota’s top directing prize, the DL Maberry Award for Directing. Dean began teaching acting and emotion-control skills to government undercover agents from the United States and Canada, and then formed SagePresence, where he speaks professionally and trains business professionals to design messages and master their presence under pressure when they speak, pitch new-business, manage clients, and lead teams. Dean’s session description.
Alex Hutton | New School Risk Management: Theory Driven Practice
Alex Hutton is a big fan of trying to understand security and risk through metrics and models. Currently, Alex is the Director of Risk & Governance for a large bank. A former principal for Research & Intelligence with the Verizon Business RISK Team, Alex also helped produce the Verizon DBIRs, the Verizon’s PCIR, was responsible for the VERIS data collection and analysis efforts, & developed information risk models for their Cybertrust services. Alex is the veteran of several security start-ups and constantly contributes to non-profit security associations. Alex’s session description.
Matt Hynes | Scenario Analysis: Moving Beyond Penetration Testing
Since 1996, Matt has helped companies better manage information risk and transform security organizations & processes. He leads the Information Security Advisory practice for Ernst & Young’s Midwest region. Matt is a frequent speaker at industry events on security-related topics and is a guest lecturer at the U of M. He is the past President of the Minnesota chapter of ISACA. Matt’s session description.
Jay Jacobs |New School Risk Management: Theory Driven Practice
Jay Jacobs is currently a Principal on the RISK Intelligence team at Verizon. Jay is a co-founder of the Society of Information Risk Analysts and currently serves on their Board of Directors. Jay also serves as the President of the Minnesota ISSA Chapter. He is a blogger, a published author and a co-host on the Risk Hose podcast. Jay’s session description.
Wolfgang Kandek (Qualys) | Update Your Software or Die
As the CTO for Qualys, Wolfgang is responsible for product direction and all operational aspects of the QualysGuard platform and its infrastructure. Wolfgang has over 20 years of experience in developing and managing information systems. His focus has been on Unix-based server architectures and application delivery through the Internet. Prior to joining Qualys, Wolfgang was Director of Network Operations at the Online Music streaming company myplay.com and at iSyndicate, an Internet media syndication company. Earlier in his career, Wolfgang held a variety of technical positions at EDS, MCI and IBM. Wolfgang earned a Masters and a Bachelors degree in Computer Science from the Technical University of Darmstadt, Germany. Wolfgang is a frequent speaker at security events and forums including Black Hat, RSA Conference, InfoSecurity UK and The Open Group. Wolfgang is the main contributor to the Laws of Vulnerabilities blog. Wolfgang’s session description.
Michael Kelly | Can We Build Successful Vulnerability Management Programs? Yes!
Michael has been an Information Security professional for over 16 years. He has worked with small startup IT management and security companies as well as large, Fortune 50 corporations. Michael’s work spans all areas of applications, systems and network management and security. Currently, Michael is responsible for the design, development and ongoing evolution of the IT Threat and Vulnerability Management program for a Fortune 100 retailer. Finally, Michael is active in the IT Security community both locally within the Twin Cites as well as nationally, and has spoken at national ASIS and ISC2 sponsored conferences. Michael’s session description.
Stephen Kerns | Assessing Your Mobile Applications
Steve has over 25 years of computer security experience including consulting, application development, database administration, and system administration. He has experience in designing and managing secure systems and applications. In more recent years, he has been working on code reviews, mobile applications, web application, and database assessment projects as an Information Security Consultant. Other areas of focus include PCI assessments and PA-DSS validation. Stephen’s session description.
Al Kirkpatrick | Fearing the Auditor More than the Hacker and Security Issues with an International Perspective
Al brings over twenty five years of business and technology experience to the Firestorm team and is currently the president of ANKIRK LLC, a global information risk services company. He has developed business continuity/disaster recovery/crisis management programs for technology-driven corporations relying on high information and systems availability as a material component of their revenue streams. He has also developed information risk programs and conducted risk assessments for companies in Europe, Asia/Pacific, India, China and the Americas. Al holds a United States Coast Guard captain’s license and is an active member of the International Seafarer’s Association.
Fred Klapetzky| What to do when your management doesn’t want to complete a BIA?
Fred Klapetzky, managing director at Marsh Risk Consulting, is the firm’s practice leader for the U.S. Business Continuity Management Practice. Klapetzky has performed technology and business continuity assessments/evaluations/planning for numerous clients. Klapetzky has also completed data center redesigns, consolidations, insourcing and outsourcing projects. He has integrated NIMS and ICS components into plans for airports, colleges and universities and manufacturing companies. Klapetzky was also a pioneer in computer crime investigations and helped develop many of the methods and techniques in use today by federal, state and local law enforcement.
Arun Kothanath | Is Cloud Identity Management right for you?
With 18+ years of experience in the security and technology field, Mr. Kothanath focuses on providing technology leadership involving security aspects to enterprises, start-ups and government entities. Mr. Kothanath has been pioneering cutting edge technology ideas leading in to enterprise strategies, product and technology development and research oriented activities nationally and internationally. Some of his focus areas include Identity Management, Fraud Management, Information protection and Risk management, GRC and Mobile security. Arun enjoys solving industry challenges and provide guidance to a variety of entrepreneurial initiatives.
Yan Kravchenko | Enough on Mobile Problems, What About Solutions?
Yan Kravchenko is currently a Director of Consulting for NetSPI. Yan has over 14 years of consulting experience in IT and Information Security, specializing in security program development and management, IT audit, and assisting organizations in security initiatives. Yan is a founding member of the local HITRUST SIG and has extensive experience working with healthcare organizations. Yan’s session description.
Barret Lane | Exercising Response Plans as Part of Continuity Planning
Barret W.S. Lane, J.D. is the Director of the Office of Emergency Management, City of Minneapolis and the CEO of Lane Consulting, LLC and principal attorney of the Law Office of Barret W.S. Lane. Mr. Lane served as a trial lawyer and as a member of the Minneapolis City Council. Mr. Lane holds a Minnesota Emergency Manager’s certificate and is a member of the Minnesota All-Hazard Incident Management Team. Barret’s session description.
Dan Larson | Security Beyond the Operating System
Dan Larson is an enterprise solution architect at McAfee. He is responsible for designing optimized implementation methodologies for McAfee solutions. Dan is a security expert who has worked with the largest enterprises and governments in the world to successfully implement security solutions. Prior to McAfee, he was a consultant at SafeBoot. There he developed best practices for data protection and encryption on mobile devices. Dan’s session description.
Lizabeth Lehrkamp | See What, Say it to Whom?
SA Lizabeth Lehrkamp has a BS in Mechanical Engineering from Clarkson University, Potsdam, NY. She worked in Technical sales for 5 years and then returned to Engineering with a company out of Plymouth, MN. In February 2005 she joined the FBI and was assigned to the Newark, New Jersey office, where she worked Italian Organized crime and then joined the Cyber crime squad. While working on the Cyber squad, SA Lehrkamp focused on Internet Fraud and Intellectual Property Rights. In the beginning of 2010, she was asked to change her focus from criminal work to National Security work and began working with Cleared Defense Contractors focusing on intrusions from foreign entities. In September 2010 she was transferred back to Minnesota and was assigned to the Human Intelligence squad working Cyber matters. In May 2011 Liz added InfraGard Coordinator for the Minnesota, North Dakota and South Dakota Chapters as one of her duties.
Jeffrey Locketz | New More Relevant Examinations to Former SAS 70 Audits
Jeff is a Partner at Lurie Besikof Lapidus & Company, LLP. LBL Technology Partners is a Division of Lurie Besikof Lapidus & Company, LLP that performs information technology audit and assurance engagements, IT governance consulting, IT strategic planning, IT controls development, information security assessments and planning, and business continuity planning. Jeff is a member of the American Institute of Certified Public Accountants, the Minnesota Society of CPAs, ISACA, the Project Management Institute (PMI), and the Institute of Internal Auditors. Jeffrey’s session description.
Nancy Lyons| People Online: Security, Privacy and Reputation @the Office and @Home
Think strategically, act thoughtfully, be a good human. Nancy works at the intersection of technology, community and people. As a leader and technologist, she creates solutions that further community and business goals by meeting the needs of individuals. Her guiding philosophy is that a human-centered approach to technology is the only way to get results that make a difference. Problem solving is about empowerment: motivated people create good products. Nancy supports clients and teams by fostering a collaborative, idea-driven culture that nurtures creativity and brainpower. Nancy is President/CEO of Clockwork Active Media, a leading digital agency specializing in designing and developing business solutions. She speaks nationally about work culture, social media, technology and leadership. She’s been recognized for her role as owner and CEO of Clockwork by the Minneapolis/St. Paul Business Journal and gives back to the community by serving on the Board of Directors at The Family Equality Council. Nancy’s session description.
Pete Machalek | Winning Presence for Make-or-Break Moments
Pete Machalek is co-founder of SagePresence, a partnership of filmmakers who offer their expertise in message and performance to professionals and organizations. Since 2001, SagePresence has delivered presentations, workshops and coaching to help clients generate confident and influential “stage presence” to win their audiences over, everywhere from the networking floor to the speaker’s podium. Pete’s session description.
Marc Maiffret | There is no Bigger Data Than Your Big Security Data
Marc Maiffret co-founded eEye Digital Security in 1998 and returned to the company in July 2010 as Chief Technology Officer. Marc is an industry expert in network security and has accepted three separate invitations to testify before the United States Congress on matters of national cybersecurity and critical infrastructure protection. Marc famously discovered the first Microsoft computer worm, “CodeRed” and was named one of People Magazine’s 30 People Under 30. Marc’s session description.
Lillian McDonald | Exercising Response Plans as Part of Continuity Planning
Lillian McDonald is the Executive Director for ECHO, a non-profit that works with diverse communities to provide programs and services so people are healthy, participate and succeed. Prior to working with ECHO, she coordinated risks and crisis communication response plans, media relations, and public relations for Ramsey County Public Health. Ms. McDonald worked for over 20 years as a news reporter, producer and assignment editor for major market radio and television stations KARE-11 and KMSP-9. Lillian’s session description.
Kellman Meghu | Myths, Mistakes and Outright Lies (when it comes to your IT Security)
Kellman Meghu is Head of Security Engineering (CanadaandCentral US) for Check Point Software Technologies Inc., the worldwide leader in securing the Internet. His background includes over 15 years of experience deploying application protection and network-based security. Since 1996 Mr. Meghu has been involved with consultation on various network security strategies to protect ISP’s in Southern Ontario as well as security audits and security infrastructure deployments for various Commercial and Governmental entities acrossCanadaand theCentral United States. Other past responsibilities have included day-to-day operational work in complex security networks, policy planning, management and documentation. Prior to joining Check Point, Mr. Meghu has held various network, VoIP and security engineering roles with European telecommunications giant Alcatel, a leading global information technology services company, Electronic Data Systems (EDS) and as a private consultant. Kellman’s session description.
Deb Mogensen | IT Sourcing and Procurement – Cradle to Grave IT Asset Security
Deborah Mogensen is currently Director of Best Buy’s IT Sourcing and Category Management Team and is responsible for over $800MM in IT spend annually. Deb has over 20 years in the technology leasing industry where her responsibilities have included IT Procurement, Vendor Management, and Asset Management. She is an expert in and has taught class on technology lease negotiations and strategically managing leased assets including asset disposal and reselling used equipment. Deb’s session description.
HD Moore | Terrible Things in Network Security
HD is Chief Security Officer at Rapid7 and Chief Architect of Metasploit, the leading open-source penetration testing platform. HD founded the Metasploit Project in the summer of 2003 with the goal of becoming a public resource for exploit code research and development. Prior to joining Rapid7 and continuing his work on the Metasploit Framework, HD was the Director of Security Research at BreakingPoint Systems, where he focused on the content and security testing features of the BreakingPoint product line. Prior to BreakingPoint, HD spent seven years providing vulnerability assessments, leading penetration tests, and developing exploit code.
Josh More | Lean Security: A Practical Approach to Security Projects
Josh brings more than fifteen years of experience in IT and security to RJS. He has worked as a security consultant, developer and system administrator in past roles. At RJS, Josh guides the security wing of our company, providing his immense security knowledge to security assessments, consultative opportunities and informative blog posts. Josh holds multiple security and technical certifications and serves in a leadership position on several security-focused groups. Josh believes that security works best from a holistic approach, thus he works all angles: risk assessments, posture analysis, incident response, malware analysis, infrastructure defense, system forensics, employee training and business strategy. Josh’s session description.
David Mortman | Pragmatic Cloud Security
Chief Security Architect at enStratus and Contributing Analyst at Securosis. Former Director, Security and Operations, C3 and CISO at Siebel Systems. Regularly speaks, at Blackhat, Defcon, RSA and SourceBoston. Spoke at Secure360 as well. Advisory Boards include Qualys and Igie. Does Security, Privacy, Compliance, Ops, Cloud. Bakes, cooks, juggles. David’s session description.
Chris Mullins | Practical Measures for Measuring Security
Chris Mullins is an experienced software industry executive with a strong competency in regulatory compliance and information security. Chris’ session description.
Deviant Ollam | Physical Security on the Front Lines
While paying the bills as a security auditor and penetration testing consultant with his company, The CORE Group, Deviant Ollam is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. Every year at DEFCON and ShmooCon Deviant runs the Lockpicking Village, and he has conducted physical security training sessions at Black Hat, DeepSec, ToorCon, GovCERT, AusCERT, HackCon, ShakaCon, HackInTheBox, CanSecWest, ekoparty, and the United States Military Academy at West Point. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th. Deviant’s session description.
Erik Pakieser, MnCEM, CBCP | New Federal Business Continuity Guidelines
Erik has been working in public safety and law enforcement since 1988. His diverse background includes military police, law enforcement, corrections, and professional security. He is currently the Business Continuity Coordinator for the Minnesota Department of Transportation and a Principal Consultant with QSI Training, a security consulting company. Erik’s session description.
Frank Perlmutter | The Downfall of the BC Professional: Setting Up a Personal Plan to Quit Bad Habits and Shine at Your Organization
Frank Perlmutter, CBCP, is a nationally renowned speaker with more than a decade of experience in Business Continuity Planning (BCP). He is the President of Strategic BCP, Inc., a BCP software and consulting company dedicated to developing highly effective BCP Programs through the use of its proprietary ResilienceONE software tool. Frank’s 15+ years of BCP experience includes stints as a consultant with the Big 4, a Project Management and Technology Solutions Champion at the U.S. Department of the Treasury, and a strategic consultant for several large, multinational corporations. Frank’s session description.
Seth Peter | Enterprise Vulnerability Management: Trends and Guidance
Seth Peter is a founder and the CTO of NetSPI, an information security consulting firm with offices in New York and Minneapolis. Mr. Peter has over 16 years of information security consulting experience and has worked with over 200 organizations. Prior to founding NetSPI, Mr. Peter was a founder of the computer forensics team at Kroll Ontrack, where he provided expert witness testimony and depositions regarding high-profile computer security cases.
Gunnar Peterson | Process Not Outcomes – Architecture Risk Management Capturing the Upside and Avoiding the Downside
Gunnar Peterson is a Managing Principal at Arctec Group. He is focused on distributed-systems security architecture. Gunnar is an internationally recognized software security expert, frequently published, an Associate Editor for IEEE Security & Privacy Journal on Building Security In, a contributor to the SEI and DHS Build Security In portal on software security, a Visiting Scientist at Carnegie Mellon Software Engineering Institute, a contributor to several OWASP projects, an IANS faculty member, contributing analyst at Securosis, and an in-demand speaker at security conferences. He maintains a popular information security blog at http://1raindrop.typepad.com. Gunnar’s session description.
Louise Popyk (Centrify) | Centralizing Identity, Policy and Privilege to Strengthen Security
Louise Popyk has over 12 years of experience in information security, with a focus on authentication, access control, authorization and encryption. She also possesses experience in computer infrastructure design and implementation, messaging and computer programming in cross-platform environments. She has held senior positions at Centrify, Entrust, and EDS. Louise’s expertise is translating common technical challenges across customer industry verticals into new products or new product features. Louise attained her CISSP certification in 1999.
Mary Poquette | What’s Hot & What’s Not: Screening & Security
Mary is Chief Compliance and Security Officer for Verifications, Inc., a global provider of employment screening, onboarding, and related services. She is a licensed private investigator in CA, UT, AZ, CT, and VT; and is a Certified Information Privacy Professional. A 17-year industry veteran, she is a recognized expert in employment screening and compliance. She is a former Co-Chair and member of the Board of Directors of the National Association of the Professional Background Screeners (NAPBS) and is currently a member of the NAPBS Governance Committee. Mary’s session description.
Kevin Riggins | Cloud Computing 101 | TL:DR Guide to Cloud Computing
Kevin works for a fortune 500 financial services company where he is the data security architect. This includes database security, cloud computing, data leakage, and information centric security. Kevin blogs at http://infosecramblings.com, is a management team member of the Society of Information Risk Analysts and speaks regularly at conference and association meetings. Kevin’s Cloud Computing 101 session description. Kevin’s TL:DR Guide to Cloud Computer session description.
Joe Rogalski (Symantec) | Mitigating Risk in the Era of APTs and Mobile Computing
Joe is an accomplished Technology and Security Professional with over 18 years experience developing world class programs and delivering technology-based solutions to support business needs. He has served in a variety of technical and management positions during his career including Assistant Vice President of Information Security Risk Management. Joe is a Certified Information Systems Security Professional (CISSP, 2010), Certified Information Security Manager (CISM, 2006) as well as the CISM being Certified in Risk and Information Systems Control (CRISC, 2010.)
Mike Rothman | Seeing through the Clouds: Tactics to Deal with Limited Cloud Visibility
Mike Rothman, President of independent research firm Securosis, specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and compliance. Mike’s bold perspectives and irreverent style make him one of security’s most sought after speakers and commentators. After 20 years in and around security, he’s one of the guys who “knows where the bodies are buried” in the space. Mike is the author of “The Pragmatic CSO,” which introduces technically oriented security professionals to the nuances of what is required to be a senior security professional. Mike’s session description.
Chris Rowland | Make the Leaderboard: Tactics to Achieve Security Performance Measures
Chris R. Rowland currently serves as the Governance, Risk Management & Compliance Services Practice Lead at Aeritae Consulting Group. He has over 20 years of experience in information technology, information security, risk management, and compliance. Chris has led Information Security programs in Fortune 1000 companies, directed Information Security and Infrastructure teams in the deployment and operations of security solutions within complex application and infrastructure environments on a global scale, and served as a strategist, practitioner and trusted advisor to his clients to provide business appropriate Information Security & Risk Management solutions, focused on alignment with the business goals and objectives. Chris’ session description.
Chris Secrest | Grafting PCI into Healthcare Compliance
Chris has over 10 years of computer security experience including design, implementation, consulting, security administration and IT security audit. He has performed security assessment projects for healthcare, pharmaceutical, energy/utility, and retail organizations. Chris is an active participant in the information security community, focusing on the healthcare IT Security. Chris has experience in designing and managing secure networks, systems, and applications. Chris’s session description.
Brian Serra | PCI Myths and Mistakes
Mr. Serra entered the security field in 1992 and has extensive experience including security advisory services, PCI compliance, vulnerability assessments, penetration testing, security architecture, policy development / review and hands-on implementation services. Brianís role is to provide world class security, compliance, and IT risk management consulting services to Accuvant clients, specifically focusing on PCI compliance and controls framework integration. Brian’s session description.
Jeff Schmidt | The Genie’s Out of the Bottle: BYOD Policies That Work
As Global Head, BT’s Business Continuity, Security & Governance unit, Jeff Schmidt is accountable for leading/managing BT’s commercial security business for customers globally. Previously, he was VP, Managed Security Solutions Group, BT N. America, directing BT’s Threat Monitoring & Ethical Hacking services, leading team responsible for protecting customers from hackers, malevolent insiders & virus attacks. Before joining BT in 2007, he was VP for INS’s Ethical Hacking Solutions group where he developed secure enterprise mobility & service oriented security solutions. Jeff’s session description.
Lenny Sharpe | Developing a Global Business Continuity Strategy
Lenny is currently the Manager of the Business Continuity Management team at Target and has more than 15 years of experience as a security, crisis management, and business continuity professional in leadership roles at store and headquarters locations throughout the United States.His focus is leading efforts to mitigate operational risk and minimize business disruptions to Target team members, facilities and technologies globally. In this role, Lenny is responsible for developing the enterprise business continuity strategy as well as implementing and managing programs to support business continuity lifecycle activities. Lenny holds a B.A. in Business Administration, Management from St. Leo University. Lenny’s session description.
Ron Stamboly (Safenet) | Secure Cloud-Based Identities and Transactions
Ron, a Senior Systems Engineer at SafeNet, has over 17 years of Telecommunication and networking equipment experience, along with information security. His areas of expertise include:- Protecting the Identities of users, applications, and servers in information Access.- Securing Transactions through the systems that Process information.- Ensuring Data ownership and control as critical information is Stored anywhere.- Securing critical Communications as information is Shared.Ron’s most recent focus has been on securing cloud computing and virtualized environments. This includes securing and controlling access to cloud applications, along with encrypting virtual volume and instances.
Bryan Strawser | Order from Chaos: Building a Crisis Management Program
Bryan is currently the senior crisis management& business continuity leader for a local Fortune 50 corporation and has over nineteen years of experience as a business & security professional. His areas of responsibility include enterprise business continuity, crisis management, global intelligence, and two global emergency operations centers. Bryan also serves as the Chair, Private Sector Committee, for the National Emergency Management Association. Bryan’s session description.
Robert Sullivan | Unbelievable, Now I Need to Secure the Application?
Robert Sullivan is a consultant, security program leader and instructor. He’s been educated at UW-Madison and the University of St. Thomas and holds CISM, CISA and CISSP certifications. Robert’s session description.
Patrick Tatro | Principles of Patrolling for Information Security
Patrick works for Assurity River Group as an Information Security Consultant conducting vulnerability assessments and penetration tests. He first started in security consulting at LarsonAllen. Patrick also served as an Infantry Officer in the Minnesota National Guard. While in the National Guard he served 16 months in Iraq as an Infantry Platoon Leader. During that time he was awarded a Bronze Star, Purple Heart, two Army Commendation medals, and the Combat Infantry Badge. Patrick’s session description.
Kevin Thompson | Holistic and Flexible Risk Management
Kevin Thompson (CISSP) is the information security manager for a large state university and a member of the board of directors for the Society of Information Risk Analysts. Kevin has enjoyed a 15-year IT career in education, health care, and the military. Kevin has spoken at Secure360, the Minnesota Government Technology Symposium, and the LabMan conference and is known for presenting in a relaxed, informal style. Kevin’s session description.
Ben Tomhave | Back to Basics: Pragmatic Risk Management For the 99%
Ben Tomhave, MS, CISSP, helps global enterprises, SMBs and service partners unlock the real promise of integrated governance, risk and compliance in his current role as Principal Consultant for LockPath, a market-changing GRC software company. A distinguished author and experienced speaker, he currently serves on the OWASP NoVA chapter board and as the co-vice-chair of the ABA InfoSec Committee. He is also a member of ISSA and the IEEE Computer Society, and earned a MS in Engineering Management from The George Washington University with an InfoSec Management concentration. Ben’s session description.
Christopher Veltsos | Are We There Yet? Information Security Grows Up
Chris Veltsos is an associate professor in the Department of Computer Information Science at Minnesota State University, Mankato where he regularly teaches Information Security and Information Warfare classes. Beyond the classroom, Chris is also very active in the security community, engaging with community groups and business leaders. Chris has presented at regional and national conferences, and provided input for groups like NIST, ISACA and the SANS NewsBites newsletter. Chris regularly consults in the field, including performing security assessments of academic institutions for the Advance IT Minnesota center. You can find him online at @DrInfoSec. Christopher’s session description.
Ryan Wakeham | Enterprise Vulnerability Management: Trends and Guidance
Ryan Wakeham is the practice lead for NetSPI’s assessment team, which specializes in vulnerability assessment and penetration testing services. Additionally, Ryan has substantial experience in assessing and developing information security programs across industries ranging from financial services and healthcare to energy and retail. Ryan’s session description.
Dan Walters | Stopping Next-Generation Threat Protection
Dan Walters is a Sr. Systems Consulting Engineer for FireEye, where he helps enterprise customers research and protect against zero-day, targeted malware attacks. Dan has 15 years industry experience in information technology and has focused on Information Security since 2002. Before joining FireEye, Dan spent his last 6 years implementing web and email security solutions for large enterprise and ISP customers at IronPort Systems, which was acquired by Cisco in 2007.
Aaron Wampach | Reverse engineer the flag – Taking hacking to the classroom
Aaron Wampach has been active in the field of technology for 15 years. In the last 8 years, he has focused primarily on the area of Information Assurance. He holds both a CISSP and a CISM certification and is currently a PhD Candidate finishing his dissertation on Information Assurance Education. In his spare time, he is an active member of the local Information Assurance community, volunteering his time in the local ISSA chapter board of directors and teaching computer forensics classes. Aaron’s session description.
Chris Wysopal (Veracode) | Data Mining a Mountain of Zero Day Vulnerabilities
Chris Wysopal, Veracode’s CTO and Co-Founder, is responsible for the company’s software security analysis capabilities. In 2008 he was named one of InfoWorld’s Top 25 CTO’s and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He is an author of L0phtCrack and netcat for Windows. He is the lead author of “The Art of Software Security Testing” published by Addison-Wesley.
Chad Weinstein | The Ethics of Engagement and Trust
Charles A. (Chad) Weinstein is president of Ethical Leaders in Action (ELA). In that capacity, Weinstein works to develop outstanding leaders in law enforcement and fire service agencies, health care providers, and businesses. His work is based on the core idea that ethics is more than avoiding wrongdoing: ethical leaders pursue greatness. Weinstein has been an educator and consultant for more than 20 years. He is adjunct faculty to the Carlson School of Management (U of MN), and an instructor for the MN BCA. Weinstein holds a PhD and MA in ethics from the U of MN. Chad’s session description.
Jacob West | Software Security Goes Mobile
Jacob West is Director, Software Security Research for HP Enterprise Security. West is a world-recognized expert on software security and brings a technical understanding of the languages and frameworks used to build software together with extensive knowledge about how real-world systems fail. In 2007, he co-authored the book “Secure Programming with Static Analysis” with colleague and Fortify founder Brian Chess. Today, the book remains the only comprehensive guide to static analysis and shows developers how it can be used to avoid the most dangerous vulnerabilities in code. West is a frequent speaker at industry events, including RSA Conference, Black Hat, Defcon and OWASP, among others. A graduate of the University of California, Berkeley, West holds dual-degrees in Computer Science and French and resides in San Francisco, California. Jacob’s session description.
Evan Wheeler | Risk Management – Beyond the Smoke & Mirrors
Evan Wheeler leads the information security risk management effort as a Director of Corporate Information Security for Omgeo, and previously spent six years as a Security Consultant for the U.S. Dept. of Defense. As a complement to this diverse experience in the field, he has earned a Master of Science in Information Assurance from the National Security Agency certified program at Northeastern University. Currently, he continues to contribute to the security industry as an instructor at Northeastern University and a course author for the SANS Institute. Evan’s session description.
Meghan Wilker |People Online: Security, Privacy and Reputation @the Office and @Home
Meghan specializes in using strategy, technology and process to bring people and products together. Her public speaking, writing and outreach guides individuals and businesses to develop smart digital products. Whether she’s managing a team or mentoring students, she believes that technology creates endless opportunities to make life easier and to produce meaningful connections. She empowers users to proactively engage with the web by being aware, educated, and attentive and spearheads dialogue that drives evolution within the interactive community. Meghan is the VP, Managing Director at Clockwork Active Media, a digital agency specializing in designing and developing business solutions. She’s a contributing writer at GTDtimes.com, creator of Summerofdresses.com, and was named as a “Woman to Watch” by the Minneapolis/St. Paul Business Journal. Meghan’s session description.
Rodnie Williams | Millennials at Work: New Risks or Strong Assets?
Founder and CEO of North Arrow Group and 360 Stay Safe, Rodnie Williams is a nationally recognized expert and speaker in the areas of security, safety and risk management. During his 25-year career, he has delivered results and profitability for small businesses and Fortune 100 companies. He is highly regarded as a change agent with skills in quickly identifying and creatively solving strategic and organizational problems through teambuilding and collaboration. Rodnie’s session description.
Jason Wright | Future-proof Your Network Against Advancing Cyberthreats
Jason Wright is a Senior Field Marketing Manager for Sourcefire. Through ongoing interactions with customers, partners, and sales team members, Mr. Wright defines product requirements, positioning and go-to-market strategies for Sourcefire’s network security solutions. Previously Mr. Wright led the Security Technologies practice at market research firm Frost & Sullivan where Mr. Wright authored reports and consulted clients on the direction of numerous security technology markets. As an eleven-year veteran of the network security industry, Mr. Wright brings a unique perspective and a critical eye gained from his role as an industry analyst; and is passionate about sharing his experiences with others in the industry. Jason’s session description.
Ron Woerner | Security: Don’t forget the people!
Ron Woerner, CISSP is a noted speaker and writer in the Security industry and is the Director of Cybersecurity Studies at Bellevue University. He has over 20 years IT and Security experience and has worked for multiple Midwest companies. Ron earned degrees from Michigan State University and Syracuse University. He loves to talk to others who are passionate about Security and Privacy. Ron’s session description.
Eng-Wee Yeo | Make the Leaderboard: Tactics to Achieve Security Performance Measures
Eng-Wee Yeo currently serves as a Senior Security Consultant at Aeritae Consulting Group, and has over 15 years of experience in information security, risk, and compliance management. Eng-Wee has worked with many of the Fortune 500 companies based in the Twin Cities on projects including application security, data security, security architecture, compliance readiness, identity and access management, metrics, risk assessments, risk modeling, and vulnerability assessments. Eng-Wee’s session description.
