Keynote speakers
May 8, 2012
Douglas Hubbard | The Failure of Risk Management
Douglas Hubbard is founder of Hubbard Decision Research and creator of Applied Information Economics (AIE) method. His career has focused on the application of AIE to solve current business issues facing today’s corporations. With more than 22 years of consulting experience, Hubbard provides risk/return analyses of critical projects, investments and other management decisions in the insurance, banking, utilities, government, entertainment media, military logistics and manufacturing industries. Hubbard is also the author of three books: “How to Measure Anything: Finding the Value of Intangibles in Business,” “The Failure of Risk Management: Why It’s Broken and How to Fix It,” and most recently, “Pulse: The New Science of Harnessing Internet Buzz to Track Threats and Opportunities.” Hubbard’s career has focuses on the application of AIE to solve current business issues facing today’s corporations. Hubbard’s session description.
May 9, 2012
Jon Gordon | Mobile & Social: A Transformation
Jon Gordon is an editor at Minnesota Public Radio News, one of the leading public radio operations in the United States. He is responsible for strategy and execution of social media, audience engagement and distribution of news for mobile platforms. He created, produced and hosted “Future Tense,” a daily tech-themed radio report that aired on public radio stations across the country from 1996 to 2010. From his base in San Francisco, Gordon’s job on “Future Tense” was to present the most important and interesting technology news and information in a simple, straightforward manner. Gordon’s work has been recognized by the Associated Press, the Corporation for Public Broadcasting, The Northwest Broadcast News Association and the UCLA’s Anderson School of Business. Gordon’s session description.
Session speakers
Chris Andrews | Solving Data Breach Points of Egress with Analysis
Christopher Andrews provides expert computer forensic, incident response and technology consulting services to Kroll clients. Andrews conducts forensic analysis, acquires and preserves computer media and performs data recovery on electronic media. In addition, he conducts investigations involving the analysis of electronic media for litigation and is often called upon to provide expert testimony. Prior to joining Kroll, Andrews worked as a special agent with the Northern California Computer Crimes Task Force. He was also a District Attorney Investigator in Humboldt County, California. Chris’s session description.
Wade Baker | 2012 Data Breach Investigations Report (DBIR)
Wade Baker manages the Risk Intelligence team for Verizon. In this role, he oversees the collection, analysis, and delivery of data relevant to understanding and managing information risk. Baker has nearly 15 years of experience in the IT and security fields, with a background spanning technical, research, development, and managerial roles. Prior to his tenure at Verizon, he spent 5 years on the faculty of two major research universities, most recently in the Pamplin College of Business at Virginia Tech. Wade’s session description.
John Benninghoff | Behavioral Security Modeling
John Benninghoff started his information security career when he was asked to build and deploy a Network IDS using free software (SHADOW and OpenBSD) after returning from a SANS conference in 1998. John has worked as a network security engineer, security architect, and senior manager, and now provides consulting services through his company, Transvasive Security. John holds CISSP and CISM Certifications, and received the CISM Worldwide Excellence Award for earning the top score on the December 2005 CISM Exam. John’s session description.
Andrew Borene | From American Frontlines to Assembly Lines: U.S. Innovation & Competition in a Global Robotics Revolution
Andrew Borene is Executive Director of Robotics Alley™ and Director & Counsel at ReconRobotics. Andrew is a former Associate Deputy General Counsel with the U.S. Department of Defense and has taught as adjunct faculty at the Humphrey Institute of Public Affairs. He served on active duty as a U.S. Marine intelligence officer with the 1st Marine Division, including combat service in Iraq, and time as the executive officer for its Headquarters & Service Company at Camp Pendleton. During law school, he was a judicial extern in the chambers of Judge John Tunheim, U.S. District Court, Minnesota. In 2009, he was awarded a U.S. Department of State funded fellowship as an Emerging American Leader for the study of post-conflict peace-building in Northern Ireland. Andrew is a Director at Large with the FBI’s InfraGard Alliance Minnesota Executive Board where he assists the organization’s leadership in issues related to law, intelligence, information sharing, critical infrastructure protection and national security. He is also an alumnus of the Minnesota High Tech Association’s ACE Leadership Program, and founding editor of the American Bar Association’s “U.S. Intelligence Community Law Sourcebook”. Andrew holds a J.D. (University of Minnesota) and a B.A. in Economics (Macalester College). Andrew’s session description.
Jarret Brachman | Impostors, Insiders and Intruders: Mitigating the Threat from Within
Dr. Jarret Brachman is a leading expert on extremist movements. He began his career at the Central Intelligence Agency and went on to become the founding Director of Research at West Point’s Combating Terrorism Center. In 2008, Brachman published his first book, Global Jihadism and returned to his hometown to launch a new program on security at NDSU. Brachman advises clients on issues related to counterterrorism and violent extremism across the U.S. intelligence, military and law enforcement communities. Brachman has testified before Congressional subcommittees, the British House of Lords and has appeared in nearly every major print and television media outlet. Jarret’s session description.
Karl Brophey | Behavioral Security Modeling
Karl Brophey provides IT strategy, leadership, and architecture services at Brophey Consulting. He has held diverse roles across IT and Product Development, leading data-intensive system development and integration intitiatives for industries including healthcare, financial services, business services, and government, from start-ups to multinationals. Karl focuses on facilitating communications between groups – business and technology, development and infrastructure, organizations and their clients and vendors. He believes understanding the different needs and ways of thinking of business staff, architects, analysts, developers, and testers is critical to delivering solutions that effectively meet the business’ needs. Karl’s session description.
Barry Caplin | #*%! my CISO Says
Barry has been the Chief Information Security Officer for the MN Dept. of Human Services since 2003. He is responsible for information security and security technologies department-wide including the development and implementation HIPAA compliant security policy and security architecture. Barry has more than 25 years of experience in information technology and security. He holds an MS in applied mathematics from Virginia Polytechnic Institute (aka Virginia Tech), and the CISSP, ISSMP, CISA, and CISM certifications. He is a soccer coach in Apple Valley and serves on the soccer boards of the Valley United Soccer Club and Valley Athletic Association as director of coaching. Barry’s session description.
Special Agent Robert Cameron | Cyber Crime: They Will Not Stop for Lunch
In 1995 Robert Cameron joined the Navy as a Cryptologist. He served at the National Security Agency, leading an engineering team responsible for the installation and accreditation of networks. Upon leaving the Navy, Robert worked as an Information Systems Security Engineer for Booz Allen Hamilton. In 2002, Robert took a Special Agent position with the FBI. Since that time, he has operated as a case agent specializing in the investigation of internet related criminal violations, counter-terrorism, and counter-espionage matters. He has extensive experience in international operations, incident response, and the development and implementation of honeypots and wireless networks. Robert’s session description.
Tom Cocchiarella | Discussing Security with (Non-Security) Management
Tom has more than 30 years IT cxperience, from Engineer to VP – IT, Security VAR & Consultant, Owner of Fragneto’s, Inc. to serving on the Board of Directors of FBI InfraGard (MN) and being an alumnus of FBI Citizens Academy. Tom is also a member Ramsey County CERT, CISM and Certified Homeland Security Leve III. Tom’s session description.
Steve Currie | Scenario Analysis: Moving Beyond Penetration Testing
Steve Currie is a manager in Ernst & Young’s IT Risk Transformation practice in Minneapolis, focusing on Information Security governance and process development. Steve has recently worked on projects running Security Operations Centers, pro-active malware detection, and information security scenario analysis. Steve is a founding member of the Cloud Security Alliance Chapter of Minnesota and holds CISM and CISA certifications. Steve’s session description.
Miles Edmundson | Darts, Dice, and Monte Carlo
Miles has over 10 years in the information security space. He began his career performing technical penetration tests for financial services clients. From there, he moved to internal vulnerability testing and social engineering engagements. He spent three years as Carlson’s Information Security Manager and for the last 4.5 years has been the Information Security Officer at Rural Community Insurance Services, a company owned by Wells Fargo. Miles’ session description.
Ryan English | 500 days in the Cloud
Ryan English serves as Practice Principal for the HP Enterprise Security Professional Services team. Previously, Ryan was VP of Product Management and Professional Services at Vigilar, and before that, he oversaw product strategy and direction for SPI Dynamics’ Quality Assurance and Developer security products. Ryan has also held several project and product management positions, and assisted in the strategic growth and development of consulting divisions. He holds an MBA from Regis University, and a BS from the University of Alabama. Ryan’s session description.
Lynn Estes | Free & Open Source Software in the Enterprise
Lynn has over 20 years of experience including consulting, system hardening, and application development. He has experience in designing, building, and managing secure systems using both Windows and Linux based platforms. A CISSP since 2005 he also has interest in writing secure code and significant experience in application auditing and configuration management. He currently works at Blue Cross Blue Shield of MN in Technical Infrastructure Services as the Intel systems lead. Lynn’s session description.
David Flora | Fearing the Auditor More Than the Hacker and Security Issues With an International Perspective
As the Principal in the Chicagoland office, Dave brings more than 20 years of business communications experience and expertise to Firestorm. Dave’s vision aligns with Firestorm’s focus on the human impacts of disaster (Every Crisis is a Human Crisis) and goal of building a Culture of Preparedness in the U.S. private sector. Mr. Flora also brings to Firestorm a passion for designing and developing risk mitigation strategies for corporate services centers, such as mail centers, print services and receiving areas for Fortune 1000 companies. David’s session description.
Steven Fox | Hacking Trust: Compromising the Human Machine
Steven F. Fox, CISSP, QSA, ASV is a Security Architecture and Engineering Advisor at the U.S. Department of the Treasury. He also serves on the Board of the Motor City ISSA chapter. Mr. Fox brings a cross-disciplinary perspective to the practice of information security; combining his experience as a security consultant, a Sr. IT Auditor and a systems engineer with principles from behavioral/organizational psychology to address security challenges. His core philosophy – security is about how people interact with machines and information. Mr. Fox holds an MS in Business Information Technology. Steven’s session description.
Evan Francen | 10 Information Security Principles to Live (or die) By
Evan spent more than 15 years as a leading information security professional and corporate leader in both private and public companies. He is well-versed in governmental and industry-specific regulations, standards and guidelines including ISO/IEC 27002 (17799:2005), HIPAA, GLBA, PCI-DSS, FDA CFR Part 11, SOX and COBIT, but also understands the intricacies in aligning compliance with business objectives. Most recently, and prior to establishing FRSecure LLC, Evan established the formal information security programs for two publicly-traded companies. Evan’s session description.
Heather Guse | Using Social Media in a Crisis: Understanding the Tool
Heather is responsible for the Event Management Program at UnitedHealth Group, a leading health care company, serving more than 75 million people worldwide. In this position Heather serves to minimize business disruption from events manage the corporate response to public health emergencies. Prior to this position, Heather provided consulting services in the areas of Information Security, Risk Management, and Business Development. Heather volunteers for and is President of MinnSARDA a volunteer search and rescue organization providing services to public safety agencies with her K9 Tomoe. Heather’s session description.
William Hagestad II | Examining the Chinese Cyber Warfare Threat
Lieutenant Colonel Hagestad has a Master’s of Science in Security Technologies from the College of Computer Engineering, University of Minnesota conferred in 2011. He also has a Bachelor of Arts in Mandarin Chinese, with minor emphasis in Classical Chinese and Modern Japanese while also holding a second Master’s of Science in the Management Of Technology from the Carlson School of Management, University of Minn. William is an internationally recognized subject matter expert on the Chinese People’s Liberation Army & Government Information Warfare. William’s session description.
Rebecca Herold | Cloud Computing in Healthcare: Key Security and Privacy Issues
Rebecca is a widely recognized and respected expert in information privacy, security and compliance. Rebecca has been named in the “Best Privacy Advisors in the World” list all years Computerworld magazine has released their rankings, along with receiving many other awards and recognitions. Rebecca has been leading the NIST Smart Grid privacy subgroup since June, 2009. Rebecca’s Compliance Helper service helps healthcare organizations and their business associates to meet their HIPAA, HITECH and other information security and privacy requirements. Rebecca has been an Adjunct Professor for the Norwich MSIA program since 2004, and she is working on her 15th published book. Rebecca’s session description.
Dean Hyers | Winning Presence for Make-or-Break Moments
Dean Hyers began making movies as a teenager, became an entrepreneur in his twenties, and has stayed on these twin paths all his life. Upon graduating from Gustavus Adolphus College, Dean launched his own interactive media company, Digital Café, as his entrée into the movie business. Through Digital Café, Dean developed commercial software products, and directed electronic promotions for mainstream Hollywood blockbusters like Godzilla, Mighty Morphin’ Power Rangers: the Movie, and Die Hard III. Upon selling Digital Café to advertising heavy-hitter Campell Mithun in 1999, Dean returned to the director’s chair with his debut feature, Bill’s Gun Shop, which he also produced. The film was released through Warner Bros, after Dean took top honors at the SMMASH Film Festival and won Minnesota’s top directing prize, the DL Maberry Award for Directing. Dean began teaching acting and emotion-control skills to government undercover agents from the United States and Canada, and then formed SagePresence, where he speaks professionally and trains business professionals to design messages and master their presence under pressure when they speak, pitch new-business, manage clients, and lead teams. Dean’s session description.
Alex Hutton | New School Risk Management: Theory Driven Practice
Alex Hutton is a big fan of trying to understand security and risk through metrics and models. Currently, Alex is the Director of Risk & Governance for a large bank. A former principal for Research & Intelligence with the Verizon Business RISK Team, Alex also helped produce the Verizon DBIRs, the Verizon’s PCIR, was responsible for the VERIS data collection and analysis efforts, & developed information risk models for their Cybertrust services. Alex is the veteran of several security start-ups and constantly contributes to non-profit security associations. Alex’s session description.
Matt Hynes | Scenario Analysis: Moving Beyond Penetration Testing
Since 1996, Matt has helped companies better manage information risk and transform security organizations & processes. He leads the Information Security Advisory practice for Ernst & Young’s Midwest region. Matt is a frequent speaker at industry events on security-related topics and is a guest lecturer at the U of M. He is the past President of the Minnesota chapter of ISACA. Matt’s session description.
Michael Kelly | Can We Build Successful Vulnerability Management Programs? Yes!
Michael has been an Information Security professional for over 16 years. He has worked with small startup IT management and security companies as well as large, Fortune 50 corporations. Michael’s work spans all areas of applications, systems and network management and security. Currently, Michael is responsible for the design, development and ongoing evolution of the IT Threat and Vulnerability Management program for a Fortune 100 retailer. Finally, Michael is active in the IT Security community both locally within the Twin Cites as well as nationally, and has spoken at national ASIS and ISC2 sponsored conferences. Michael’s session description.
Stephen Kerns | Assessing Your Mobile Applications
Steve has over 25 years of computer security experience including consulting, application development, database administration, and system administration. He has experience in designing and managing secure systems and applications. In more recent years, he has been working on code reviews, mobile applications, web application, and database assessment projects as an Information Security Consultant. Other areas of focus include PCI assessments and PA-DSS validation. Stephen’s session description.
Fred Klapetzky | What to do when your management doesn’t want to complete a BIA?
Fred Klapetzky, managing director at Marsh Risk Consulting, is the firm’s practice leader for the U.S. Business Continuity Management Practice. Klapetzky has performed technology and business continuity assessments/evaluations/planning for numerous clients. Klapetzky has also completed data center redesigns, consolidations, insourcing and outsourcing projects. He has integrated NIMS and ICS components into plans for airports, colleges and universities and manufacturing companies. Klapetzky was also a pioneer in computer crime investigations and helped develop many of the methods and techniques in use today by federal, state and local law enforcement.
Yan Kravchenko | Enough on Mobile Problems, What About Solutions?
Yan Kravchenko is currently a Director of Consulting for NetSPI. Yan has over 14 years of consulting experience in IT and Information Security, specializing in security program development and management, IT audit, and assisting organizations in security initiatives. Yan is a founding member of the local HITRUST SIG and has extensive experience working with healthcare organizations. Yan’s session description.
Barret Lane | ECHO Presentation
Barret W.S. Lane, J.D. is the CEO of Lane Consulting, LLC and principal attorney of the Law Office of Barret W.S. Lane. Mr. Lane served as a trial lawyer and as a member of the Minneapolis City Council. Mr. Lane holds a Minnesota Emergency Manager’s certificate and is a member of the Minnesota All-Hazard Incident Management Team.
Jeffrey Locketz | New More Relevant Examinations to Former SAS 70 Audits
Jeff is a Partner at Lurie Besikof Lapidus & Company, LLP. LBL Technology Partners is a Division of Lurie Besikof Lapidus & Company, LLP that performs information technology audit and assurance engagements, IT governance consulting, IT strategic planning, IT controls development, information security assessments and planning, and business continuity planning. Jeff is a member of the American Institute of Certified Public Accountants, the Minnesota Society of CPAs, ISACA, the Project Management Institute (PMI), and the Institute of Internal Auditors. Jeffrey’s session description.
Nancy Lyons | People Online: Security, Privacy and Reputation @the Office and @Home
Think strategically, act thoughtfully, be a good human. Nancy works at the intersection of technology, community and people. As a leader and technologist, she creates solutions that further community and business goals by meeting the needs of individuals. Her guiding philosophy is that a human-centered approach to technology is the only way to get results that make a difference. Problem solving is about empowerment: motivated people create good products. Nancy supports clients and teams by fostering a collaborative, idea-driven culture that nurtures creativity and brainpower. Nancy is President/CEO of Clockwork Active Media, a leading digital agency specializing in designing and developing business solutions. She speaks nationally about work culture, social media, technology and leadership. She’s been recognized for her role as owner and CEO of Clockwork by the Minneapolis/St. Paul Business Journal and gives back to the community by serving on the Board of Directors at The Family Equality Council. Nancy’s session description.
Pete Machalek | Winning Presence for Make-or-Break Moments
Pete Machalek is co-founder of SagePresence, a partnership of filmmakers who offer their expertise in message and performance to professionals and organizations. Since 2001, SagePresence has delivered presentations, workshops and coaching to help clients generate confident and influential “stage presence” to win their audiences over, everywhere from the networking floor to the speaker’s podium. Pete’s session description.
Marc Maiffret | There is no Bigger Data Than Your Big Security Data
Marc Maiffret co-founded eEye Digital Security in 1998 and returned to the company in July 2010 as Chief Technology Officer. Marc is an industry expert in network security and has accepted three separate invitations to testify before the United States Congress on matters of national cybersecurity and critical infrastructure protection. Marc famously discovered the first Microsoft computer worm, “CodeRed” and was named one of People Magazine’s 30 People Under 30. Marc’s session description.
David Mann | How to Speak Like a Human Being
David Mann is a speaker, trainer, and professional actor/director. He has spoken at General Mills, Mayo Health System, Boston Scientific, Merrill Lynch, The Hartford, and many other companies. He is on the faculty of the National Institute for Trial Advocacy, and has taught persuasive presentation technique through storytelling at Loyola and Lousiana State University. David has also performed or directed plays at the Guthrie Theater and Children’s Theatre Company, and was awarded a Bush Artist Fellowship for Storytelling. David’s session description.
Lillian McDonald | ECHO Presentation
Lillian McDonald is the founding Executive Director for ECHO. Prior to working with ECHO, she coordinated risks and crisis communication response plans, media relations, and public relations for Ramsey County Public Health. Ms. McDonald worked for over 20 years as a news reporter, producer and assignment editor for major market radio and television stations KARE-11 and KMSP-9.
David Mortman | Pragmatic Cloud Security
Chief Security Architect at enStratus and Contributing Analyst at Securosis. Former Director, Security and Operations, C3 and CISO at Siebel Systems. Regularly speaks, at Blackhat, Defcon, RSA and SourceBoston. Spoke at Secure360 as well. Advisory Boards include Qualys and Igie. Does Security, Privacy, Compliance, Ops, Cloud. Bakes, cooks, juggles. David’s session description.
Chris Mullins | Practical Measures for Measuring Security
Chris Mullins is an experienced software industry executive with a strong competency in regulatory compliance and information security. Chris’ session description.
Ryan Naraine | The Internals of Identity-theft Attacks
Ryan Naraine is a Senior Security Evangelist in Kaspersky Lab’s Global Research and Analysis Team. He has extensive experience in computer security user education. He specializes in operating system and third-party application vulnerabilities, zero-day attacks, social engineering and social networking threats, and issues related to responsible vulnerability disclosure. Ryan has monitored security and hacker attack trends for over 10 years, writing for eWEEK magazine, PC World. He currently manages and edits ZDNet’s Zero Day blog. Ryan’s session description.
Deviant Ollam | Physical Security on the Front Lines
While paying the bills as a security auditor and penetration testing consultant with his company, The CORE Group, Deviant Ollam is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. Every year at DEFCON and ShmooCon Deviant runs the Lockpicking Village, and he has conducted physical security training sessions at Black Hat, DeepSec, ToorCon, GovCERT, AusCERT, HackCon, ShakaCon, HackInTheBox, CanSecWest, ekoparty, and the United States Military Academy at West Point. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th. Deviant’s session description.
Erik Pakieser, MnCEM, CBCP | New Federal Business Continuity Guidelines
Erik has been working in public safety and law enforcement since 1988. His diverse background includes military police, law enforcement, corrections, and professional security. He is currently the Business Continuity Coordinator for the Minnesota Department of Transportation and a Principal Consultant with QSI Training, a security consulting company. Erik’s session description.
Frank Perlmutter | The Downfall of the BC Professional: Setting Up a Personal Plan to Quit Bad Habits and Shine at Your Organization
Frank Perlmutter, CBCP, is a nationally renowned speaker with more than a decade of experience in Business Continuity Planning (BCP). He is the President of Strategic BCP, Inc., a BCP software and consulting company dedicated to developing highly effective BCP Programs through the use of its proprietary ResilienceONE software tool. Frank’s 15+ years of BCP experience includes stints as a consultant with the Big 4, a Project Management and Technology Solutions Champion at the U.S. Department of the Treasury, and a strategic consultant for several large, multinational corporations. Frank’s session description.
Mary Poquette | What’s Hot & What’s Not: Screening & Security
Mary is Chief Compliance and Security Officer for Verifications, Inc., a global provider of employment screening, onboarding, and related services. She is a licensed private investigator in CA, UT, AZ, CT, and VT; and is a Certified Information Privacy Professional. A 17-year industry veteran, she is a recognized expert in employment screening and compliance. She is a former Co-Chair and member of the Board of Directors of the National Association of the Professional Background Screeners (NAPBS) and is currently a member of the NAPBS Governance Committee. Mary’s session description.
Kevin Riggins | Cloud Computing 101
Karl works for a fortune 500 financial services company where he is the data security architect. This includes database security, cloud computing, data leakage, and information centric security. Karl blogs at http://infosecramblings.com, is a management team member of the Society of Information Risk Analysts and speaks regularly at conference and association meetings. Kevin’s session description.
Mike Rothman | Seeing through the Clouds: Tactics to Deal with Limited Cloud Visibility
Mike Rothman, President of independent research firm Securosis, specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and compliance. Mike’s bold perspectives and irreverent style make him one of security’s most sought after speakers and commentators. After 20 years in and around security, he’s one of the guys who “knows where the bodies are buried” in the space. Mike is the author of “The Pragmatic CSO,” which introduces technically oriented security professionals to the nuances of what is required to be a senior security professional. Mike’s session description.
Chris Secrest | Grafting PCI into Healthcare Compliance
Chris has over 10 years of computer security experience including design, implementation, consulting, security administration and IT security audit. He has performed security assessment projects for healthcare, pharmaceutical, energy/utility, and retail organizations. Chris is an active participant in the information security community, focusing on the healthcare IT Security. Chris has experience in designing and managing secure networks, systems, and applications. Chris’s session description.
Brian Serra | PCI Myths and Mistakes
Mr. Serra entered the security field in 1992 and has extensive experience including security advisory services, PCI compliance, vulnerability assessments, penetration testing, security architecture, policy development / review and hands-on implementation services. Brianís role is to provide world class security, compliance, and IT risk management consulting services to Accuvant clients, specifically focusing on PCI compliance and controls framework integration. Brian’s session description.
Jeff Schmidt | The Genie’s Out of the Bottle: BYOD Policies That Work
As Global Head, BT’s Business Continuity, Security & Governance unit, Jeff Schmidt is accountable for leading/managing BT’s commercial security business for customers globally. Previously, he was VP, Managed Security Solutions Group, BT N. America, directing BT’s Threat Monitoring & Ethical Hacking services, leading team responsible for protecting customers from hackers, malevolent insiders & virus attacks. Before joining BT in 2007, he was VP for INS’s Ethical Hacking Solutions group where he developed secure enterprise mobility & service oriented security solutions. Jeff’s session description.
Bryan Strawser | Order from Chaos: Building a Crisis Management Program
Bryan is currently the Senior Group Manager, Global Crisis Management for Target, and has over eighteen years of experience as a business & security professional. His areas of responsibility include business continuity management, crisis operations, global intelligence, and Target’s corporate command center. Bryan also serves as the Chair, Private Sector Committee, for the National Emergency Management Association. Bryan’s session description.
Robert Sullivan | Unbelievable, Now I Need to Secure the Application?
Robert Sullivan is a consultant, security program leader and instructor. He’s been educated at UW-Madison and the University of St. Thomas and holds CISM, CISA and CISSP certifications. Robert’s session description.
Patrick Tatro | Principles of Patrolling for Information Security
Patrick works for Assurity River Group as an Information Security Consultant conducting vulnerability assessments and penetration tests. He first started in security consulting at LarsonAllen. Patrick also served as an Infantry Officer in the Minnesota National Guard. While in the National Guard he served 16 months in Iraq as an Infantry Platoon Leader. During that time he was awarded a Bronze Star, Purple Heart, two Army Commendation medals, and the Combat Infantry Badge. Patrick’s session description.
Kevin Thompson | Holistic and Flexible Risk Management
Kevin Thompson (CISSP) is the information security manager for a large state university and a member of the board of directors for the Society of Information Risk Analysts. Kevin has enjoyed a 15-year IT career in education, health care, and the military. Kevin has spoken at Secure360, the Minnesota Government Technology Symposium, and the LabMan conference and is known for presenting in a relaxed, informal style. Kevin’s session description.
Ben Tomhave | Back to Basics: Pragmatic Risk Management For the 99%
Ben Tomhave, MS, CISSP, helps global enterprises, SMBs and service partners unlock the real promise of integrated governance, risk and compliance in his current role as Principal Consultant for LockPath, a market-changing GRC software company. A distinguished author and experienced speaker, he currently serves on the OWASP NoVA chapter board and as the co-vice-chair of the ABA InfoSec Committee. He is also a member of ISSA and the IEEE Computer Society, and earned a MS in Engineering Management from The George Washington University with an InfoSec Management concentration. Ben’s session description.
Christopher Veltsos | Are We There Yet? Information Security Grows Up
Chris Veltsos is an associate professor in the Department of Computer Information Science at Minnesota State University, Mankato where he regularly teaches Information Security and Information Warfare classes. Beyond the classroom, Chris is also very active in the security community, engaging with community groups and business leaders. Chris has presented at regional and national conferences, and provided input for groups like NIST, ISACA and the SANS NewsBites newsletter. Chris regularly consults in the field, including performing security assessments of academic institutions for the Advance IT Minnesota center. You can find him online at @DrInfoSec. Christopher’s session description.
Ryan Wakeham | Enterprise Vulnerability Management: Trends and Guidance
Ryan Wakeham is the practice lead for NetSPI’s assessment team, which specializes in vulnerability assessment and penetration testing services. Additionally, Ryan has substantial experience in assessing and developing information security programs across industries ranging from financial services and healthcare to energy and retail. Ryan’s session description.
Aaron Wampach | Reverse engineer the flag – Taking hacking to the classroom
Aaron Wampach has been active in the field of technology for 15 years. In the last 8 years, he has focused primarily on the area of Information Assurance. He holds both a CISSP and a CISM certification and is currently a PhD Candidate finishing his dissertation on Information Assurance Education. In his spare time, he is an active member of the local Information Assurance community, volunteering his time in the local ISSA chapter board of directors and teaching computer forensics classes. Aaron’s session description.
Chad Weinstein | The Ethics of Engagement and Trust
Charles A. (Chad) Weinstein is president of Ethical Leaders in Action (ELA). In that capacity, Weinstein works to develop outstanding leaders in law enforcement and fire service agencies, health care providers, and businesses. His work is based on the core idea that ethics is more than avoiding wrongdoing: ethical leaders pursue greatness. Weinstein has been an educator and consultant for more than 20 years. He is adjunct faculty to the Carlson School of Management (U of MN), and an instructor for the MN BCA. Weinstein holds a PhD and MA in ethics from the U of MN. Chad’s session description.
Jacob West | Software Security Goes Mobile
Jacob West is Director, Software Security Research for HP Enterprise Security. West is a world-recognized expert on software security and brings a technical understanding of the languages and frameworks used to build software together with extensive knowledge about how real-world systems fail. In 2007, he co-authored the book “Secure Programming with Static Analysis” with colleague and Fortify founder Brian Chess. Today, the book remains the only comprehensive guide to static analysis and shows developers how it can be used to avoid the most dangerous vulnerabilities in code. West is a frequent speaker at industry events, including RSA Conference, Black Hat, Defcon and OWASP, among others. A graduate of the University of California, Berkeley, West holds dual-degrees in Computer Science and French and resides in San Francisco, California. Jacob’s session description.
Evan Wheeler | Risk Management – Beyond the Smoke & Mirrors
Evan Wheeler leads the information security risk management effort as a Director of Corporate Information Security for Omgeo, and previously spent six years as a Security Consultant for the U.S. Dept. of Defense. As a complement to this diverse experience in the field, he has earned a Master of Science in Information Assurance from the National Security Agency certified program at Northeastern University. Currently, he continues to contribute to the security industry as an instructor at Northeastern University and a course author for the SANS Institute. Evan’s session description.
Meghan Wilker |People Online: Security, Privacy and Reputation @the Office and @Home
Meghan specializes in using strategy, technology and process to bring people and products together. Her public speaking, writing and outreach guides individuals and businesses to develop smart digital products. Whether she’s managing a team or mentoring students, she believes that technology creates endless opportunities to make life easier and to produce meaningful connections. She empowers users to proactively engage with the web by being aware, educated, and attentive and spearheads dialogue that drives evolution within the interactive community. Meghan is the VP, Managing Director at Clockwork Active Media, a digital agency specializing in designing and developing business solutions. She’s a contributing writer at GTDtimes.com, creator of Summerofdresses.com, and was named as a “Woman to Watch” by the Minneapolis/St. Paul Business Journal. Meghan’s session description.
Rodnie Williams | Millennials at Work: New Risks or Strong Assets?
Founder and CEO of North Arrow Group and 360∞ Stay Safeô, Rodnie Williams is a nationally recognized expert and speaker in the areas of security, safety and risk management. During his 25-year career, he has delivered results and profitability for small businesses and Fortune 100 companies. He is highly regarded as a change agent with skills in quickly identifying and creatively solving strategic and organizational problems through teambuilding and collaboration. Rodnie’s session description.
Ron Woerner | Security: Don’t forget the people!
Ron Woerner, CISSP is a noted speaker and writer in the Security industry and is the Director of Cybersecurity Studies at Bellevue University. He has over 20 years IT and Security experience and has worked for multiple Midwest companies. Ron earned degrees from Michigan State University and Syracuse University. He loves to talk to others who are passionate about Security and Privacy. Ron’s session description.
