Featured Presenters

• 

  Jeff Kopchik

  Federal Deposit Insurance Corporation

  Jeff Kopchik is a Senior Policy Analyst in the FDIC's Technology Supervision Branch, Division of Risk Management Supervision. He is one of the FDIC's senior staff members primarily responsible for technology supervision. He is involved in monitoring developments in information technology and helping to formulate the FDIC's position. Kopchik was the Team Leader of the working groups that drafted the 2011 FFIEC Supplement to Authentication in an Internet Banking Environment as well as the original 2005 authentication guidance, and was the FDIC's lead representative on the interagency working groups that drafted the 2007 FACTA Red Flags Regulation and Guidelines and 2001 GLBA Guidelines Establishing Information Security Standards.

• 

  David Matthews

  Deputy Chief Information Security Officer for the City of Seattle

  Matthews, deputy chief information security officer for the city of Seattle, co-chairs the U.S.-CERT-sponsored Northwest Alliance for Cybersecurity, which promotes regional cybersecurity programs.

• 

  Donald Saxinger

  Senior Examination Specialist

  Donald Saxinger is the team leader and subject expert for the FDIC's Division of Supervision and Consumer Protection in the area of regulatory IT examinations. He serves as the lead developer of the FDIC's IT examination standards and procedures, IT examiner education, and IT examination oversight. He has authored or contributed to various regulatory policies such as recent policies on business continuity and pandemic planning, authentication, identity theft, spyware, outsourcing, and other emerging technologies. He is also a member of the FFIEC IT Examination Handbook working group.

• 

  Kevin Sullivan

  Investigator, New York State Police

  Kevin Sullivan is an Investigator with the NY State Police and is the state investigations coordinator assigned to the NY HIFCA El Dorado Task Force in Manhattan. He has 20 years of police experience. Inv. Sullivan possesses a Masters in Economic Crime Management and is both a certified anti money laundering specialist and certified anti money laundering professional. He is also the director of AMLtrainer.com.

• 

  Ron Ross

  Senior Computer Scientist & Information Security Researcher, National Institute of Standards and Technology (NIST)

  Ron Ross specializes in security requirements definition, security testing and evaluation and information assurance. He leads NIST's Federal Information Security Management Act Implementation Project, which includes the development of key security standards and guidelines for the federal government and critical information infrastructure. He also heads the Joint Task Force Transformation Initiative Working Group, a joint partnership with NIST, Defense Department, intelligence community and Committee on National Security Systems, to develop a unified information security framework for the federal government. Ross serves as the architect of the risk-management framework that integrates the suite of NIST security standards and guidelines into a comprehensive enterprise security program.

• 

  Melissa E. Hathaway

  President, Hathaway Global Strategies

  Melissa E. Hathaway, who led President Obama's Cyberspace Policy Review and helped develop cybersecurity policy for President George W. Bush, is a senior adviser at the Belfer Center of Harvard University's Kennedy School of Government.

• 

  Joe Rogalski

  SVP, First Niagara Bank

  Joe Rogalski is the information security officer and senior vice president of First Niagara Bank, a top 25 regional bank located in the northeast. He currently holds CISM and CRISC certifications, and he has more than 18 years of experience in technology and security in a variety of technical and management positions. Before joining First Niagara, Rogalski led information security risk management for M&T Bank. Rogalski also frequently speaks about security, risk management and awareness with industry leaders and First Niagara customers.

• 

  Tom Wills

  Senior Risk and Fraud Analyst, Javelin Strategy & Research

  Tom Wills joined Javelin in July 2008 to lead the firm's strategic risk management, security, fraud, and compliance advisory services. He spent the last two and a half decades helping large, global enterprises and financial institutions strategically navigate the challenges of security. His breadth of expertise and global experience will enable Javelin to deepen its support of clients' managing compliance mandates, privacy policies and implementation of business-wide security initiatives. He has served as a director, advisory board member, or strategic consultant for NTT Data Corporation, Wells Fargo Merchant Services, PayCycle.com, Hyundai and several startup ventures in the security arena.

• 

  Patrick D. Howard

  Chief Information Security Officer, Nuclear Regulatory Commission

  Patrick D. Howard serves as the Chief Information Security Officer of the Nuclear Regulatory Commission. He provides vision, leadership and oversight in developing, promulgating and implementing an agency IT security strategy. This organizational change meets the Federal Information Security Management Act (FISMA) requirements as they relate to IT security.

• 

  Tom Walsh, CISSP

  President - Tom Walsh Consulting

  Tom Walsh, CISSP, is president of Tom Walsh Consulting, an Overland Park, Kan.-based firm that advises healthcare organizations on risk management strategies. He has conducted numerous courses on HIPAA compliance. Walsh serves as information security officer at San Antonio Community Hospital on an outsourced basis. He is one of the authors of a new book, "Information Security in Healthcare: Managing Risk," published by the Healthcare Information and Management Systems Society.

• 

  Bill Sewall

  Bill Sewall is an Information security, compliance and risk management specialist with 30 years experience as a corporate attorney and general counsel, CIO, information security officer, and operational risk manager. Most recently, Sewall spent 10 years as a senior executive information security officer in Citigroup, including management of the IS training and awareness program and responsibility for the Citigroup IS Policy and Standards.

• 

  Matthew Speare

  Senior Vice President of Information Technology, M&T Bank

  Matthew Speare is responsible for Information Technology Operations, Telecommunications and Networking, Platform Design and Support, Information Security and IT Risk Management, and Business Continuity Planning and Disaster Recovery.

• 

  Sharon Finney

  Corporate Data Security Officer, Adventist Health System

  Sharon Finney, CISM, CISSP, is the corporate data security officer for the 37-hospital Adventist Health System, where she sets the data security strategy to ensure the confidentiality, integrity and availability of the organization's information assets.

• 

  Terrell Herzig

  CISO, UAB Medicine

  Terrell Herzig heads a team of security specialists at the delivery system, which includes a 1,000-bed hospital and numerous outpatient facilities throughout the state. He is editor the book, "Information Security in Healthcare: Managing Risk," published by the Healthcare Information and Management Systems Society. He speaks widely on the topic of securing mobile devices.

• 

  Christopher Hourihan

  Programs & Operations Manager, Health Information Trust Alliance

  At HITRUST, Hourihan leads the ongoing development of the Common Security Framework (CSF) and CSF Assurance Program. The framework helps organizations demonstrate security and comply with various regulations, including the HITECH Act and HIPAA. Before joining HITRUST, Hourihan worked at PricewaterhouseCooper's security advisory practice, focusing on healthcare.

• 

  Rebecca Herold, CISSP, CISM, CISA, CIPP, FLMI

  CEO, The Privacy Professor

  Rebecca has over two decades of experience in information, security, privacy and compliance, including training and awareness. Rebecca is working on her 15th published book, the 2nd edition of "The Practical Guide to HIPAA Privacy and Security Compliance," and has written over 200 published articles. Rebecca has spoken at industry conferences and seminars hundreds of times. Rebecca is partner in Compliance Helper (http://www.compliancehelper.com), providing HIPAA/HITECH compliance services for covered entities and business associates. Rebecca has been an adjunct professor for the Norwich University Master of Science in Information Assurance program since 2004 and was recently named the #3 best privacy advisor in the world by Computerworld magazine.

• 

  Marilyn Lamar

  Partner, Liss & Lamar

  Marilyn Lamar, a partner at the law firm Liss & Lamar, has more than 20 years of experience in corporate and information technology law, including electronic health records, health information exchanges, personal health records and HIPAA and HITECH Act privacy and security issues. Her practice includes a broad range of outsourcing, licensing and other technology transactions on behalf of hospitals, health plans, health information exchanges, group purchasing exchanges and technology companies. The attorney is a director of the American Health Lawyers Association and serves on its quality council. She formerly was a capital partner at McDermott, Will & Emery LLP, where she chaired the health law information technology practice group.

• 

  Christopher Paidhrin

  IT Security Compliance Officer, Southwest Washington Medical Center

  Christopher Paidhrin is the IT security compliance officer for PeaceHealth Southwest Medical Center, Vancouver, Wash. He has worked for many years in IT and business operations in higher education, the private sector and entrepreneurial environments, where he has held numerous director-level positions. Paidhrin has received recognition, nominations and awards for IT service excellence, and he has presented at numerous industry events.

• 

  Kate Borten

  CISSP, CISM, President - The Marblehead Group

  Kate Borten, CISSP, CISM, is president of The Marblehead Group, Inc. in Marblehead, Mass. Borten provides technical and management expertise, information security knowledge, and an insider's understanding of the world of healthcare. She is a nationally recognized expert and frequent speaker on the topics of HIPAA and health information privacy and security. She is also the author of Guide to HIPAA Security Risk Analysis (2004) and HIPAA Security Made Simple (HCPro, Inc. 2003), a contributor to newsletters on HIPAA privacy and security, and three-year chair of HealthSec, an annual conference on information security in healthcare.

• 

  E.J. Hilbert

  Former FBI Special Agent

  E.J. Hilbert is a former FBI Special Agent specializing in international hacking, carding and fraud teams. He has trained law enforcement representatives throughout the U.S., Canada, the United Kingdom, Belarus, Russia and the Ukraine. E.J. served as the agent in charge of the investigations into the intrusions of over 300 financial institutions, two major telecoms and multiple U.S. government agencies. He served on the first joint Russian-U.S. Criminal Working Group. E.J. spent the final years with the FBI chasing Al Qaeda via their online communications networks, eventually bringing Treason charges against the American Al Qaeda spokesman Adam Gadahn.

• 

  Paul Smocer

  VP Security, BITS

  Paul Smocer was hired in early 2008 by BITS, a division of the Financial Services Roundtable, to lead its security program. Smocer has over 30 years' experience in security and control functions, most recently focusing on technology risk management at The Bank of New York Mellon and leading information security at the former Mellon Financial. While at Bank of New York Mellon and at Mellon, Smocer was actively engaged with BITS as a member of its Vendor Management Working Group, as 2005 Chair of its Security Steering Committee, and as 2004 Chair of its Operational Risk Committee.

• 

  Mike Urban

  Director of Portfolio Management, Fiserv

  Mike Urban is the director of portfolio management for Fiserv, where he analyzes financial crime issues and trends for improvements in fraud detection and AML monitoring. Urban has more than 15 years of experience in financial crime management and co-invented Card Alert Services, an ATM-network and debit-card fraud detection service later acquired by FICO. Before joining Card Alert Services, Urban worked for Electronic Payment Services Inc., now owned by First Data Corp., where he developed and managed projects for data analysis using data warehousing and OLAP analytical techniques. Urban's industry recognition includes GASA Crime Fighter of the Year 2005 and ATMIA Most Influential Member of the Year 2004.

• 

  Markus Jakobsson

  Dr. Markus Jakobsson is Associate Professor at Indiana University's School of Informatics Dr. Jakobsson is also Associate Director of the Center of Applied Cybersecurity Research, and founder of RavenWhite, Inc. He is the inventor or co-inventor of more than fifty patents, has served as the Vice President of the International Financial Cryptography Association, and is a Research Fellow of the Anti-Phishing Working Group. Prior to his current position, he was Principal Research Scientist at RSA Laboratories, a member of technical staff at Bell Laboratories, and Adjunct Professor at New York University. His latest book, Phishing and Countermeasures was released last year. Professor Jakobsson researches fraud, social engineering and phishing, and the prevention of these attacks. He has laid the foundations to the discipline of how to perform experiments to assess risk arising from sociotechnical vulnerabilities in the context of current and potential future user interfaces. He consults to the financial industry and heads the efforts at www.stop-phishing.com.

• 

  Randy Sabett

  Privacy Attorney

  Randy V. Sabett, CISSP, is a partner in the Washington, D.C. office of Sonnenschein Nath & Rosenthal LLP, where he is a member of the Internet, Communications & Data Protection Practice. He counsels clients on information security, privacy, IT licensing, and patents, dealing with such issues as Public Key Infrastructure (PKI), digital and electronic signatures, federated identity, HIPAA, Gramm-Leach-Bliley, Sarbanes-Oxley, state and federal information security and privacy laws, identity theft and security breaches. Mr. Sabett served as a Commissioner for the Commission on Cyber Security for the 44th Presidency.

• 

  Linda Coven

  Head of Online Banking Channel Solutions, Silicon Valley Bank

  Ms. Coven is a 20 year veteran of the banking industry who developed and manages the online banking platform for Silicon Valley Bank. With over 7 years experience at SVB, she serves as strategic advisor to the company's executives and steering committee related to products and services that will help further the commercial bank's strategic objectives and address client needs. Prior to SVB, Ms. Coven held product manager roles with Imperial Bank and BankBoston. She earned a BS in Business from Western Michigan University and studied Political Science at UC Santa Barbara.

• 

  Evelyn Royer

  Vice President Risk Management & Support Services, Purdue Employees Federal Credit Union

  Evelyn joined the credit union in 1994 as the internal auditor and was promoted to accounting manager a few years later until she was chosen to develop the risk management department in 2002. In 2005 Evelyn became vice president to oversee collections, compliance, internal audit and servicing for loans, deposits and plastic products. Evelyn is a licensed CPA and certified by CUNA (the Credit Union National Association) as a CUCE or Credit Union Compliance Expert.

• 

  William Henley

  SVP - Regulation, BITS

  As SVP - Regulation at BITS, Henley manages relationships with federal regulators, outlines policy positions on operations and technology issues, and provides subject matter expertise on regulator issues. Previously, he served as the Director of IT Examinations for the Office of Thrift Supervision, where he was the agency's principal advisor regarding the development, implementation and maintenance of policies, procedures and guidelines pertaining to the examination and supervision of saving associations in the area of Information Technology (IT) and Technology Risk Management, including electronic banking activities. Henley was the OTS representative to the FFIEC IT Subcommittee, serving as Chair from April 2009 to June 2010. Prior to joining the OTS, he spent 17 years with the FDIC.

• 

  Anton Chuvakin

  Author, PCI Expert

  Dr. Anton Chuvakin is a recognized security expert in the field of log management and PCI DSS compliance. He is an author of books "Security Warrior" and "PCI Compliance" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, correlation, data analysis, PCI DSS, and security management.

• 

  David Garrett

  Fraud and Operational Controls Analyst

  After stints as a Police Detective and Corporate Security Investigator, Garrett was recruited to establish a fraud prevention unit for AT&T Universal Card Services (now Citibank), a start-up credit card business in Jacksonville, Fla. After 10 years, he joined the sales and operational support team at ACI Worldwide, where he led risk solutions for ACI in Asia-Pacific and the Americas. During his career, Garrett has consulted more than 40 financial institutions about fraud detection and prevention.

• 

  Eric Cole

  Security Expert, SANS Institute Faculty Fellow

  Eric Cole is an industry-recognized security expert and has authored several books, including Hackers Beware, Hiding in Plain Site, Network Security Bible and Insider Threat (with Sandra Ring). He is an inventor who holds more than 20 patents. Cole serves on the Commission on Cybersecurity for the 44th President and is actively involved with the SANS Technology Institute and SANS working with students, teaching and maintaining and developing courseware.

• 

  David Navetta

  Founding Partner, Information Law Group

  David Navetta is one of the Founding Partners of the Information Law Group. David has practiced law for over twelve years, including technology, privacy, information security and intellectual property law. He is also a Certified Information Privacy Professional through the International Association of Privacy Professionals. David currently serves as a Co-Chair of the American Bar Association's Information Security Committee, and is also Co-Chair of the PCI Legal Risk and Liability Working Group. Mr. Navetta previously served as the Chairman of the ABA's Information Security Committee's Information Security Contracting & Risk Management Working Group.

• 

  Dixie Baker, Ph.D.

  SVP & Technical Fellow, SAIC

  Dixie Baker, Ph.D., is a senior vice president and technical fellow at Science Applications International Corporation (SAIC), where she serves as the chief technology officer of the health and life sciences practice. Dr. Baker has worked in high-assurance computing and information protection for more than three decades; for the past 16 years, she has applied her skills to health challenges. In 2009, she became a federal adviser when she was appointed to the Health Information Technology Standards Committee and was selected to chair the Privacy and Security Workgroup of that Committee. In addition, she serves on the Privacy and Security Tiger Team of the HIT Policy Committee.

• 

  George Tubin

  Banking and Security Analyst

  George Tubin is a former Senior Research Director for TowerGroup's Delivery Channels and Financial Information Security research services. His areas of expertise include consumer online banking, online fraud and identity theft prevention, information security strategy and customer authentication, as well as mobile banking and contact center strategies and technologies.

• 

  Kim Peretti

  J.D., LL.M., CISSP, PricewaterhouseCoopers

  Peretti helps clients respond to significant cyberattacks and breaches, as well as advise clients on how to reduce risks related to cybersecurity.

  Before joining PwC, Peretti was a senior counselor with the Department of Justice's Criminal Division in the Computer Crime and Intellectual Property Section. She brings extensive experience in investigating, prosecuting, managing, coordinating, and advising organizations on issues related to multi-district, multi-agency computer crimes both domestically and internationally.

• 

  Lester Rosen

  Lester S. Rosen is an attorney at law and President of Employment Screening Resources (www.ESRcheck.com), a national background screening company located in California. A former deputy District Attorney and criminal defense attorney, Rosen has taught criminal law and procedure at the University of California Hastings College of the Law. His jury trials have included murder, death penalty and federal cases.

• 

  Mac McMillan

  Co-Founder & CEO, CynergisTek Inc.

  Mac McMillan is co-founder and CEO CynergisTek Inc., an Austin, Texas-based firm specializing in information security and regulatory compliance. He has more than 30 years of federal and private sector experience in managing and delivering information security services. He is chair of the Healthcare Information and Management Systems Society's Privacy & Security Steering Committee. He was a contributing author and editor for the HIMSS book, "Information Security in Healthcare: Managing Risk."

• 

  Philip Alexander

  CISSP - ISSMP, MCSE - MCT, MPA

  Philip Alexander began his career back in the late 1980s while serving in the U.S. military. Since then he has worked in both the public and private sectors in positions including; engineer, project manager, security architect, and IT director. He currently works as an Information Security Officer for a major U.S. financial institution.

  Phil is also an avid public speaker, and regularly presents at security conferences around the country and abroad. He has published a number of information security articles as well. Phil is also the author of Data Breach Disclosure Laws - a State by State Perspective. His second book, Information Security: A Manager's Guide to Thwarting Data Thieves and Hackers was published in 2008.

• 

  Stephen R. Katz, CISSP

  President of Security Risk Solutions

  For over twenty-five years, Katz has been directly involved in establishing, building and directing Information Security and Privacy functions. He is the founder and President of Security Risk Solutions, an information security company providing consulting and advisory services to major, mid-size, startup and venture capital companies. Katz is an Executive Advisor to Deloitte, is on the Board of Directors of nCircle Inc, and Avior Computing and on the Advisory Boards of Voltage Security and Veracode. Katz is also a member of the (ISC)² Americas Advisory Board for Information Systems Security.

• 

  Steven Jones

  Vice President, Director Information Security, Synovus Financial Corp.

  As Director Information Security of Synovus Financial, Steven Jones holds responsibility for the company's organizational policy, risk management, security awareness, identity management, disaster recovery, and other areas of risk management. As a member of senior management, he aids in technology planning, regulatory compliance, business solution delivery, policy, and strategy. Mr. Jones joined Synovus Financial in 1995 before becoming Vice President, Director of Network Research & Development in 1999 and ultimately, Vice President Director Information Security in June 2001.

• 

  John P. Pironti

  John P. Pironti is the Chief Information Risk Strategist for Archer Technologies. In this role, John consults with Fortune 1000 executives on IT-GRC and information security issues and initiatives, evangelizes product concepts in the marketplace to gather feedback, and collaborates with Archer's product experts to translate industry needs into technology solutions.

• 

  James Christiansen

  Prior to joining Evantix, James was Chief Information Security Officer for Experian Solutions. James joined Experian after serving as Chief Information Security Officer for General Motors. Prior to joining GM, James leveraged his years of security experience to provide global leadership to Visa International. James has been featured in the New York Times as one of the new leaders in information security. He has an MBA in International Management, BS in Business Management and is the author of the "Internet Survival Series," contributing author of "CISO Essentials" and numerous industry papers.

• 

  Steve Neville

  Director of Identity Products, Entrust

  Steve joined Entrust in 1999, and has played a consistent leadership role in Entrust's product evolution and innovation. Working closely with customers and key departments such as R&D, sales and marketing, Steve is passionate about ensuring that Entrust fields market-driven, innovative products. As Director, Identity Products & Solutions at Entrust, Steve draws on his more than 15 years' hi-tech marketing and product management experience to specifically drive the strategic direction of authentication and fraud detection solutions.