SecureWorld New York City 2023

Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

Tom Brennan is the CIO of the national law firm Mandelbaum Barrett PC and leads the U.S. arm of CREST International. In this role, he works with government and commercial organizations to optimize the value of CREST as a cybersecurity accreditation body and industry standards advocate, particularly for companies in the Cybersecurity & Infrastructure Security Agency’s 16 critical infrastructure sectors which are vital to U.S. security, national economy, and public health and safety. As CREST USA Chairman, Brennan spearheads strategic plans for CREST USA’s organizational growth while also serving as an industry evangelist and educator on the value of using accredited cybersecurity products and professionals to improve consumer privacy, security, and protection worldwide.

As a proud U.S. Marine veteran, Brennan became involved with CREST International in 2016 while serving the Global Board of Directors for the Open Web Application Security Project (OWASP). Seeing similar goals, he became more active in the CREST organization and was nominated to lead the organization’s U.S. Advisory in 2019. Over his career, Brennan has amassed security expertise across the cybersecurity spectrum, including penetration testing, vulnerability assessment, application security, threat intelligence, and more. In addition to being CREST USA Chairman, he is the Chief Information Officer of the national law firm Mandelbaum Barrett, overseeing critical infrastructure, privacy, and security operations. He is also an Advisory Board Member of the information services advisory Gerson Lehrman Group, a Cyber Fellows Advisory Council Member, a Member of the Information Technology Advisory Committee of the County College of Morris, a Senior Advisor and Industry Advisory Board Member of the New Jersey Institute of Technology, and a Cyber Fellows Advisory Council Member of the NYU Tandon School of Engineering.

Founder of a strategic risk consultancy after serving 26 years in the US Air Force, Cedric Leighton oversaw numerous critical intelligence missions throughout his career. He served at US Special Operations Command, the Joint Staff and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star.

Currently, Cedric advises multinational businesses on cyber attacks and the management of complex global strategies to reduce risk and unpredictability.

Taylor M. Crotty leads Cyber Administration at BlackRock, with responsibility for Cyber Diligence, Cyber Governance, Cyber Partnerships, Cyber Training & Awareness including the Firm's cyber resilience initiatives, and Business Management activities across Information Security, including fiscal management, talent management, and strategic project management.

Prior to assuming her current role, Taylor was the Global Head of Cyber Resilience & Data Protection, responsible for preparing BlackRock and key partners critical to BlackRock’s business operations to respond to a cyber event, and optimizing the protection of Firm and Client information. Taylor also previously led BlackRock's Supply Chain Security program where she was responsible for improving the security of outsourced workflows through contracting and conducting security assessments. Ms. Crotty earned an Electrical Engineering degree from the University of Michigan College of Engineering.

Arlenee Lopez-Ferguson is a dynamic cybersecurity professional with proven expertise in strategizing, developing, and leading change across organizations.

She is currently the Chief Information Security Officer at Pendulum Holdings, LLC, a strategic investment and advisory platform that seeks to accelerate opportunity and value creation for founders and leaders of color. Prior to Pendulum, she served as the CISO and Compliance Administration Manager at Summit Trail Advisors, LLC, a Registered Investment Advisory firm. At Summit Trail, Ms. Lopez-Ferguson was responsible for the governance and oversight of the compliance and cybersecurity programs including the development, implementation, and enforcement of the firm's policies and procedures. Further, in 2010, she acted as the Chief of Staff to the Chief Operating Officer of Barclays Wealth, and Secretary to the Global Wealth Investment Committee. She earned a BA in Criminal Justice from John Jay College and, most recently, a Certificate of Cyber Security Risk Management from Harvard.

Beyond her professional achievements, Arlenee embraces her roles as a wife and proud "boy mom" of two. As a New Yorker, she is passionate about giving back to her often-underserved community. She is an avid mentor, dedicating much of her free time to guiding and supporting young women aspiring to enter the financial, tech, legal, and compliance fields.

Alex Abramov is senior leader in Technology and Cyber Governance, Risk, and Compliance with strong track record of accomplishments across all three lines of defense - Controls, Risk, and Audit. He had created and led highly effective IT and Cyber risk management programs that addressed regulatory requirements and enabled business growth, expansion, and acquisitions.

As the Head of Information and Cyber Risk at Santander Capital Markets, he had built an IRM function and led Information and Cyber Risk team. Previously Alex has served as a Director of Information Risk at Bank of New York Mellon, Technology Risk Controller and Lead IRM at JP Morgan, Practice Leader for IT Governance and Compliance and IT Audit Lead at EY, and a Head of Application Development and a DISO at Bristol-Myers Squibb.

Alex has served as the President of ISACA New York Metropolitan Chapter 2017-2019, and as a member of the Board of Directors since 2007. He is a recipient of 2022 and 2023 ISACA NYM Helping Hands Awards for “Outstanding Service for the President, Board, and Membership.”

Alex holds a Masters in Electrical Engineering (Robotics and Automation), an MBA, and CISA, CGEIT, and CRISC certifications. He has co-authored several books (including “Cyber Risk,” “Governance, Compliance and Supervision in the Capital Markets,” and “The Cyber Elephant in the Boardroom”) and has presented at over 30 conferences in North America and Europe on topics of Information and Technology Risk.

Albert Caballero is a patented cybersecurity expert, systems integrator, and published technologist with a passion for security engineering, cloud computing, and threat intelligence. Currently Field CISO at SentinelOne, he has acted as Global Head of Security Engineering at Warner Bros. Discovery and BISO with WarnerMedia and ATT. Co-founded Trapezoid, a cybersecurity software company focused on firmware integrity management, and was Technical Product Manager in the SIEM space for what is now Tripwire Log Center. He has also run a large security operations center at Terremark, a Verizon managed services provider, helping defend government agencies and corporate entities by leading incident response teams and conducting forensic investigations at scale alongside Kroll and other major security services firms.

Tamika Bass is an Information Security professional with more than 17 years’ experience in information security, including information security governance and risk management. Tamika is passionate about improving communication and understanding of information security in the industry. Tamika is an active speaker, college professor and enjoys spending her time educating technical staff on the importance of communicating effectively in the Information Technology space. Tamika holds the following certifications: CISA,CRISC, HCISPP, CBCP.

Vlad Brodsky is the Chief Information Security Officer and SVP of IT Operations and Infrastructure at OTC Markets Group, a regulated publicly traded financial institution that operates the world’s largest OTC equity electronic marketplace.

Vlad has a bachelor’s in computer science and economics from Brandeis University, an MBA from NYU Stern and CRISC, CDPSE, CCISO, CISSP, DDN Boardroom QTE, PMP, FINRA Series 7, 24, and 99 certifications and licenses.

He is also a New Metro InfraGard Board Member, an EC Council CCISO Exam Committee member and an Advisory Board Member at VigiTrust Global and HMG Strategy.

Peter is the head of Information Security for CTBC Bank New York branch, where he oversees the Cyber Security Program. With more than 25 years of experience in financial services, information security, and information technology, Peter has expertise in cybersecurity governance, risk management, and cybersecurity technologies.

Matt Hillary is the Vice President of Security and CISO at Drata—a continuous security and compliance automation company—where he oversees Drata’s global security, IT, compliance, and privacy strategy and programs. With 15+ years of security experience, Matt has a track record of building and leading exceptional security programs. He has been in a number of security leadership roles, including Senior Vice President of Systems and Security and CISO at Lumio, CISO at Weave, VP, Security and CISO at Workfront, VP of Security at Instructure, and other lead security roles at MX, Adobe, and Amazon Web Services. Matt’s areas of expertise include risk management, IT governance, security, compliance, identity and access management, application security, data protection, and much more. Outside of work, Matt enjoys traveling with his wife, making fun memories with his four kids, and experiencing all this amazing world has to offer.

With over 13 years of experience working in Unix and Cybersecurity teams in Fortune 500 companies, Saketh currently is responsible for Pre-sales, Architecture and Strategic Accounts in Americas. Prior to SSH, Saketh spent most of time in enterprise architecture and evaluating solutions that are eventually deployed into Production along with Deployment Strategy. Saketh enjoys talking about security topics, best practices, and user experiences with different software solutions.

Andrew has more than 10 years of experience in strategic alliances at BitSight and Recorded Future, currently leading the WithSecure Product and Services commercial and sales engineering teams in North America.

Chris currently works for Palo Alto Networks in R&D, helping customers stay ahead of threat actors and helping our products stay customer focused. His experience with UEBA and IAM helped drive the ITDR module to not only focus on Identity based attacks, but also the entire Identity lifecycle helping to improve outcomes for customers and detections for Insider Threat programs across the globe. He loves talking to customers about SIEM, Security Operations, and the analyst experience which allows him to learn and adjust accordingly. Never an expert, always a student.

Marlowe Cochran has been working in the IT field for over 30 years, with 20 plus years in information security roles. He has worked in a multitude of sectors from government to health care. In his current role at the New York State Department of Education, he is the Chief Information Security Officer. Marlowe currently collaborates with internal and external stakeholders in regard to modernizing technology and data sharing; he oversees data risk assessment/management, incident response, the development of policies/procedures, and manages the overall risk posture of the agency.

Chris currently works for Palo Alto Networks in R&D, helping customers stay ahead of threat actors and helping our products stay customer focused. His experience with UEBA and IAM helped drive the ITDR module to not only focus on Identity based attacks, but also the entire Identity lifecycle helping to improve outcomes for customers and detections for Insider Threat programs across the globe. He loves talking to customers about SIEM, Security Operations, and the analyst experience which allows him to learn and adjust accordingly. Never an expert, always a student.

Tomás Maldonado is the Chief Information Security Officer (CISO) at the National Football League (NFL).  He is globally responsible for leading the information security program for the League and its entities.  Maldonado has over 23 years of experience in this area, having led global information security teams and programs at several large international organizations.

Prior to Joining the NFL, Maldonado was the CISO at International Flavors & Fragrances where he was globally responsible for establishing and leading the Cybersecurity & Technology Risk Management business unit.

Maldonado was also an executive director and CISO for the corporate sector of JPMorgan Chase, where he established and shaped the future direction of the security program and focus for the line of business. He was also a VP of technology risk management at Goldman Sachs where he worked on several key initiatives namely creating and leading the data loss protection program. He had additional opportunities at Schroders where he was the network security officer, Ernst & Young and Bloomberg LP.

Maldonado serves as an advisory board member to several innovative companies. He has several industry recognizable certifications: he is a CISSP, a CISM, a CDPSE, and a CRISC. He also holds a Bachelor of Science in computer science from Fordham University.

Sara Ricci is an accomplished executive with a proven track record in global leadership roles, building new capabilities and enhancing organizational resilience. She is experienced in Risk Management and Technology Enablement in highly regulated financial and energy sectors. Sara excels at building trust and credibility with executives, clearly communicating risk concepts and strategies in non-technical terms to help drive business results.

As a Risk and Resilience leader, Sara leverages prior experience as Head of Information Risk Governance and Resilience at HBC and senior leadership roles at HCL Technologies, New York Power Authority, JP Morgan Chase, Citi, Bank of America and UBS.
She has led global implementations of governance, risk management and compliance programs, aligning risk and reward with business strategy, specializing in Operational Risk, IT Risk, Information Security, Business Continuity, Enterprise Risk, Third Party Risk, Operational Resilience, Enterprise Resource Planning, Software development and Business Process improvements.

Sara actively collaborates across organizations and helped develop industry guidance for the financial and energy sectors, including maturity models in Resilience and Cybersecurity, whitepapers and benchmarking studies in Risk Appetite and Resiliency.

MBA (Finance and Management), CRISC CDPSE CBCP HSEEP SCR

Robert Mazzocchi was the Vice President Identity & Access Management for Global Information Security & Compliance at AIG for 16 years. In this role, he had corporate responsibly for the implementation of the AIG’s Identity & Access Management Strategy and Program across AIG’s global business lines.

Prior to joining AIG, Mr. Mazzocchi held positions in Financial Services for 24 years as Vice President and CISO for the 16th largest bank in the U.S. Vice President of Loan Origination and Servicing, Payments processing, Retail Support and Operations, Internal and External Fraud detection.

Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

Accomplished Business and Technology professional with over a decade focused on strategic account software sales, advanced enterprise software applications, modeling, business process optimization, solution development and software implementation. Strong technical and business acumen with the ability to execute a wide range of strategies designed to generate impressive results. Skilled at breaking down communication barriers and promoting cross functional cooperation. Broad knowledge of international and cultural backgrounds.

Jeff Edstrom is the Director of Infrastructure Security at AccessIT Group (AITG). Jeff is a cybersecurity leader with over twenty years of experience managing infrastructure, security, compliance and support teams across North America and Europe. Jeff enjoys solving complex problems, getting to the root cause and deploying robust solutions that take advantage of his experience and unique insight. His career has led him to work with everything from large multinationals to extreme growth unicorn startups and everything in between. This breadth of experience allows Jeff to do more than suggest solutions to immediate issues, but rather address challenges holistically, saving costs and undue complexity.

Henry Jiang is a seasoned cybersecurity professional with extensive experience and expertise in securing software-as-a-service (SaaS) companies. As the Chief Information Security Officer (CISO) at Diligent Corporation, Henry is responsible for developing and implementing robust security strategies that protect the company's valuable assets, data, and infrastructure.

Prior to joining Diligent, Henry held various leadership roles in the financial services industry, serving as the CISO at Oppenheimer & Co. and as the Head of Cyber Risk at Societe Generale Corporate and Investment Banking (USA). He has also contributed to the cybersecurity community as an active member of customer advisory boards for several cybersecurity companies. Henry shares his knowledge and insights through his blog posts, book chapters, and podcasts. Henry holds the Certified Information Systems Security Professional (CISSP) certification, demonstrating his commitment to excellence in the field of cybersecurity.

With more than 17 years’ experience in the cybersecurity field, Robyn has led five organizations in their transformation from no security program or a minimal security program to a mature security organization. Starting with an organization that needed to achieve NIST compliance to survive, moving to a large financial firm, and then into the retail industry, Robyn has been instrumental in achieving continuous risk reduction for all these organizations. These risk reductions allowed her to move to her next challenge while leaving a team that was set up to succeed and continue their maturity journey. This includes not only cybersecurity but also the IT risk, IT compliance, and when it came, privacy disciplines.

Currently responsible for security, IT risk, IT compliance, and privacy at the Knitwell Group, Robyn has been asked to lead the IT Operations team, as well. This adds the Service Desk, Identity and Access, Major Incident Response, Production Control, and Operations to her responsibilities, which is a little bit of back to the future for her, as she started her journey on the Help Desk and in Professional Services, prior to making the move into the security field.

Andy is a seasoned cybersecurity professional with more than 20 years in the field. At the Walt Disney Company, Andy was a compliance and security architect, managing solutions for Disney's broad portfolio of businesses. He moved on to be a solutions architect for MobileIron and now Lookout, where he has been for the past five years.

David has been with Team Cymru since 2007. Prior, he served in the U.S. Marine Corps as a Non-Commissioned Officer. He then worked at Indiana University where he helped to build some of the most powerful computational systems of their day. He transitioned to cybersecurity and helped launch the Research and Education Networking ISAC. At Team Cymru, he has been an engineering leader, a Community Services team member, and a security analyst. David led efforts to secure the firm's intelligence infrastructure and established processes the firm relies on today. Currently, David assists CSIRT teams worldwide and fosters data sharing partnerships.

With a dynamic career spanning 20 years, including seven years at prestigious luxury retail company, Louis Vuitton. Davin Darnt currently excels as the Chief Information Security Officer (CISO) for the Americas region. His journey in the company has been marked by significant leadership roles, including Head of IT Operations and Head of Technical Projects, where he honed his expertise in steering complex IT initiatives and strategies.

In his current role as CISO, Davin is at the forefront of defining and implementing robust security protocols, safeguarding the company's digital assets against evolving cyber threats. His approach combines cutting-edge technology with a deep understanding of the unique challenges in the luxury retail sector, ensuring both resilience and compliance.

Previously, Davin has led diverse, high-performing teams across Service Delivery, Systems Engineering, Digital Workplace and Mobile & Collaborative technologies . His leadership style is deeply influenced by his time in the United States Marine Corps (USMC), where he developed an ethos of discipline, adaptability, and unwavering commitment to excellence. He holds multiple certifications including CISSP, CCSP & CSM designations.

Davin's ability to navigate the complex intersection of technology, security, and luxury retail has not only driven operational efficiencies but has also significantly contributed to the company's reputation for innovation and customer trust. His visionary leadership continues to be a pivotal asset in the company's ongoing success and digital transformation journey.

Afzal Khan is a distinguished leader in the field of technology security and risk management, bringing over 26 years of expertise to his role. Currently serving at OPKO, he provides strategic direction and guidance on technology risk management, IT, OT, and cybersecurity, ensuring compliance with IT regulatory standards across domestic and international entities. Afzal's extensive experience includes notable positions such as the Global Head of IT Security, Risk Management & Compliance at Everest Reinsurance, where he led critical projects and built robust organizational teams. He holds 7 security and risk management certifications, including CISSP, CISA, and CRISC, underscoring his deep knowledge in the field. Afzal is renowned for his visionary approach, aiming to establish a secure technology platform aligned with business objectives, emphasizing a business-focused and risk-based approach to security decisions. His dedication to operational excellence and adaptability in the face of disruptive technologies have made him a trusted leader in the industry.

Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.