SecureWorld Seattle 2023

Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

My magic spans numerous industries where I've led teams to new worlds. I speak tech and love geeks. I'm the bridge between business and technology. I eat risk for breakfast yet am passionate to the pixel. I inspire new thinking and brand everything. Experts seek me out and people want to be part of what I create. I forged the role of CIO where it hadn't existed and I spark joy in the hearts of many.

As a technology leader with 15 years of experience, Thanh develops IT strategic plans, creates governance frameworks and processes, and aligns IT organization priorities with business strategy. He leads digital transformation to create innovative business models, optimize technology capabilities, and develop competitive advantages. His deep expertise in executing complex IT projects enables him to design and execute roadmaps that modernize legacy technology and maximize business performance.

Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.

Sabino Marquez' approach to leading cybersecurity as a ‘Trust Product Practice’ has led to substantial returns on security investments, higher value-generation velocity, and enhanced equity valuations. Sabino leads the Trust Product organization as a go-to-market leader, working alongside the productive business to enable and defend value, and transforming stakeholder Trust into a powerful tool for competitive differentiation. Within his key areas of focus, Sabino ensures robust protection mechanisms are in place for stakeholder interests while also leveraging organizational Trust as a distinct advantage in a competitive market landscape. His work has not only brought him recognition as ‘2023 C100 Winner’, but he is also an esteemed thought leader who frequently shares insights in Security Magazine, The Wall Street Journal, and Cyber Security Tribe.

Ron Watters currently serves as the Region X (WA, OR, AK, ID) Cybersecurity Advisor for the Stakeholder Engagement and Cyber Infrastructure Resilience Division of the Office of Cybersecurity and Communications (CS&C) National Protection and Programs Directorate (NPPD). Based in Seattle, WA, he supports the Department of Homeland Security (DHS) mission of strengthening the security and resilience of the nation's critical infrastructure. His program coordinates cyber preparedness, risk mitigation and incident response, and provides cyber security resources, including assessments, to the nation's sixteen critical infrastructure sectors and state, local, tribal, and territorial government entities. Prior to joining DHS, Watters served 27 years with the U.S. Navy and Naval Reserve as a Submarine Sonar Technician and Diver, retiring from the US Navy in 2007. Recalled to Active duty following 9/11, he was offered a position as the Deputy, Information Systems Management Officer with the 4th Marine Corps recruiting District in New Cumberland, PA. He rose to the position of S-6 before leaving in 2009 to take a position as the Chief, Information Assurance Division, Network Enterprise Center Ft Irwin, CA. Watters remained in that position until leaving to become the Branch Manager of the Cybersecurity Branch of the Puget Sound Naval Shipyard in March of 2016 and, soon after, as the Region X Cybersecurity advisor in June of 2017, which he currently holds.

Michael is the Founder and Managing Partner at Rezolvrizk (pronounced “resolve risk”), a boutique risk management firm specializing in assisting companies in resolving their physical security, information security, investigative, and conduct management risks. Rezolvrizk clients span a wide range of businesses and industries to include brand name industry leading organizations, fortune 500 organizations, start-ups, biomedical, financial, high-tech, healthcare, legal, logistics, and software.

For the last eight years, Michael has also proudly served as a preferred subcontractor and Senior Security Consultant for Washington-based Premier Risk Solutions LLC.

Michael specializes in assessing physical security and related risk management programs such as information technology/cyber (Computer Incident Response Plans & Teams - CIRT) and then collaborating with organizations in the development and implementation of security program components and service provider solutions which both minimize risks and add real business value to the organization.

Michael is a vetted member of the International Association of Professional Security Consultants, and he maintains certifications as a Certified Information Systems Security Professional - CISSP, Certified Protection Professional - CPP, Senior Professional in Human Resources and Society for Human Resources Management Senior Certified Professional. He has a Bachelors in Criminology and Criminal Justice from the University of Texas at Arlington and a Master of Science in Business from the University of Maryland University College.

Experienced Information Security Professional with a demonstrated history of working in the retail industry. Skilled in Operations Management, Sales, Management, Point of Sale (POS) / Fuel Systems, and Inventory Control. Strive to find ways information security can enable and support business and operations teams with solutions. Actively support public/private partnerships with local and federal agencies with emphases on infrastructure, cyber security and community outreach.

Rachelle joined the S2 Team having been a senior threat intelligence researcher analyst at one of the world's biggest retail brands, Nike. She specializes in e-crime and Russian threat actor tracking. In her free time, she enjoys frustrating baddies as a member of the Cryptolaemus group.

James Christiansen is Netskope’s vice president of cloud security transformation and leader of the Global Chief Strategy Office. He is focused on enhancing Netskope’s global clients understand the challenges and solutions of cloud deployments by helping drive thought leadership in cloud security transformation.

James brings extensive expertise as a global leader in information security. Prior to joining Netskope, he was vice president CISO at Teradata where he led the global security, physical, and information security teams. Previously, James was vice president of information risk management at Optiv, chief information risk officer for Evantix, and CISO at Experian Americas, General Motors, and Visa International.

As a sought-after expert speaker on security, James has been featured at numerous prestigious events, including the Business Roundtable, Research Board, American Bar Association, American Banker, the RSA Conference, BankInfoSecurity, ISSA, ISACA, HIMSS, and MIS Training Institute. He has also been featured in The New York Times and quoted as an expert in USA Today, The Wall Street Journal, Reuters, United States Cybersecurity Magazine, Bloomberg, and Healthcare IT News.

James is a patent inventor and has received three innovation awards in cyber security, GRC, and cloud computing. He is the author of the Internet Survival Series and contributing author of CISO Essentials, as well as numerous industry papers.

Andrew Baker built a base of skills starting with the earliest implementations of 4th Generation Languages, originator of operator company wide voice mail systems, to seeing the product development and deployment of the first off switch Home Location Register and Authentication Center (HLR/AC) which dramatically improved AT&T’s call handling and significant reduction in early cell phone fraud. Andy’s entrepreneurial skills were honed by co-founding a small start-up in the mid 1990’s whose primary focus was the distribution and least cost routing of corporate fax traffic via internal WAN technology.

Over the past 15 years, he brought disruptive technologies to market such as the first E911 system deployed nationwide at Sprint in support of the E911 location mandate. That experience earned him the reputation of being a location based services expert where he was able to consult with a number of start-ups using location for various commercial endeavors. Most recently, he adapted his technical and selling skills to the fast growing area of Cyber Threat Intelligence systems executing the go to market strategy at Narus Inc. (a Boeing Company). Success in sales through out the last 15 years put him in the top percentile of revenue generators for his companies and gave him access to many executive level individuals within the Telecommunications and internet industries.

Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.

Lana is a motivated and results-oriented leader with 20+ years of international experience.

She is experienced in supervising and training teams, building global enterprise-wide programs from the ground up, and leading, planning & executing projects in a variety of industries, ranging from aviation to software, to manufacturing, to telecom and education. She has over 23 years of team management and technology experience, with 19 years of strong contributions to the privacy, security and risk management space at Alaska Airlines Group, Microsoft and Ernst & Young, and with 18 years of training, communications and marketing experience at Alaska Airlines, Microsoft, Ernst & Young, Boeing, PacifiCorp and SCS.

She has earned and been awarded the Six Sigma, CIPP, CIPM, CISA and ITIL Foundations certifications, and is a member of the Digital Marketing Association, Institute of Internal Auditors, the International Association of Privacy Professionals, as well as the IT Compliance Institute. She has an MBA in International Business.

Experienced Data Privacy and Compliance Attorney, with a focus on Incident Response, and data analysis and classification standards. Background in criminal law, European Union law, and international law.

Alex Vitruk advises clients in complex data privacy and cybersecurity matters, offering practical solutions to help companies comply with rapidly evolving privacy and data protection laws and defending class actions in this cutting-edge space. Alex advises and defends clients across different industries on multifaceted issues such as biometric privacy, artificial intelligence, pixel-related technologies and HIPAA compliance. He has secured positive outcomes for clients pre-litigation, as well as in federal and state courts on a wide range of dispositive motions and class action issues, at both trial and appellate levels. Alex also has substantial experience defending clients in securities, consumer protection, ERISA and employment class actions.

Alex is experienced in managing cases through all phases of litigation and arbitration, authoring key briefs and motions, arguing motions in court, taking and defending depositions and negotiating settlements. Alex keeps client interests at the forefront of his practice, and clients look to Alex for creative solutions to complex legal questions, often in matters of first impression or involving splits of authority.

As a Certified Information Privacy Professional (CIPP/US, E), Alex combines his knowledge of data privacy and cybersecurity laws with relevant litigation experience to help clients navigate the multifaceted legal issues concerning the privacy and security of their users’ information and content.

Privacy Consulting Director with Blueprint Technologies- Over 10 years of international consulting and industry experience, with Fortune 500 clients across US and Europe. Consulting Practice Lead including Managed Services for Strategy and Risk, focused on clients in Technology, Retail and Payment sectors.

Possess a strong understanding of cross-service linkages between business strategy, processes, controls & technology, with experience advising CPOs of several Fortune 500 clients.

For more than 25 years, Grant Asplund has been sharing his insights on how businesses can best protect themselves from sophisticated cyber-attacks in an increasingly complex world. As Check Point’s Evangelist, he travels the world enthralling audiences with his passionate and relational storytelling at conferences like RSA and Next100 CIOs and numerous media interviews. Grant’s wide range of cyber security experience informs his talks, having served in diverse roles ranging from sales, marketing, business development, and senior management for Dome 9, Blue Coat Systems, Neustar, and Altor Networks. As CEO of MetaInfo, he led its acquisition by Neustar. Grant is the host of the CISO Secrets podcast (cp.buzzsprout.com) and the Talking Cloud Podcast (www.talkingcloudpodcast.com) on Cloud security.

15+ years of experience in technology consulting in cybersecurity domain and is an evangelist. His core competencies include - designing enterprise security solution framework to proactively protect organization sensitive data, mapping technology to business, and increasing operational IT efficiency. Tom is a trusted advisor to the CxO's.

Jessica LaBouve, eCPPTv2, CEH, has spent her entire career specializing in offensive security. She started as a penetration tester performing application, network-level assessments, and social engineering. This experience ultimately led her to become a Solutions Architect at Bishop Fox, where she helped facilitate the scoping and sale of offensive security services to a variety of industries and organizations. Jessica is currently a Sales Engineer at Cymulate, a Series C startup with an extended security management platform that enables companies to challenge, assess, and optimize their cybersecurity posture continuously.

Jeff Jones is the Chief Information Security Officer (CISO) for Milliman, Inc., an actuarial consulting and solutions firm headquartered in Seattle. Jeff is responsible for managing the information security program that encompasses 130 Practices in 80 cities, and supports over 8000 clients and more than 500M participants worldwide. Jeff was a CISO finalist at the 2023 Seattle Orbie Awards, featured in Profile Magazine in December 2022, and is a Founding Board member at the University of WA Information School.

Jeff joined Milliman in 2016 and has demonstrated innovative skills advising practices internally, managing cybersecurity and incident response, and representing Milliman’s information security interests with major clients, auditors, and vendors. Jeff came to Milliman following a consulting engagement with Nordstrom. Prior to Nordstrom, Jeff was the Senior Information Security Manager at Black Knight Financial Services, where he managed the internal risk management team and developed information security policies.

Early in his career, Jeff served honorably in the United States Air Force. Jeff brings over thirty years of IT, software development, risk management, and cybersecurity experience to the CISO role, including tenures at IBM, AT&T, ADP, and First American CoreLogic.

Among his four degrees, Jeff earned a Bachelor of Science degree in Computer Science & Engineering from the University of California, Davis, and a Master of Science in Information Technology from Golden Gate University. Jeff has a passion for serving in his community, is a former VP of the 100 Black Men of Sacramento, a non-profit that mentors young men in underserved communities, and he continues to volunteer in the Seattle area.

Balcar has over 18 years of experience in security and extensive knowledge of security research, network penetration testing, incident response and computer forensics. At VMware, he is responsible for the activities of the VMware Carbon Black portfolio, including EDR, App Control, Cloud Endpoint, Cloud Enterprise EDR, Cloud Audit and Remediation and Cloud Managed Detection. He is also a featured speaker at global security conferences, presenting on subjects including security trends, penetration testing, top threats and network security hardening. Balcar is a member of the High Technology Crime Investigation Association.

Mary Greenlee serves as a Field CTO and Principal Solutions Engineer at OKTA, where she leads programs to mitigate the security risks of large-scale integrations of enterprise applications. Her multifaceted expertise in databases, networking protocols, and server systems coupled with her business acumen allows her to address today’s unique cybersecurity challenges holistically and strategically. Mary joined OKTA through its Auth0 acquisition, where she was instrumental in growing its user base and streamlining a significant expansion to its volume of enterprise integrations.

Mike Costello is a strategic planning & design manager based in Olympia, WA. Mike oversees solution architecture, systems engineering, and capacity management to develop effective IT strategies. His expertise in networking, computing, and security allows him to harmonize and integrate diverse infrastructure technologies into comprehensive design solutions. Mike is particularly proud of his role as an innovator in architecting and deploying the state's "highway to the clouds," which bridges on-premise and cloud-based resources. Prior to his work in Washington, Mike successfully served as district chief information officer for the Seattle District Army Corps of Engineers, where he played a key role in maintaining and enhancing critical IT systems.

Andrew Johnson is a Solutions Architect based in Olympia, WA. Andrew serves as the Principal Architect overseeing the state’s adoption of zero trust, Secure Access Service Edge, SD-WAN, and Secure Service Edge. Andrew is responsible to interconnect state government with cloud-based resources and external business partners. Andrew spearheads the state's adoption of new technologies enabling state government to leverage cutting-edge technology in serving the residents of Washington State. Additionally, Andrew modernized the state's DNS system, transitioning it to a hybrid DNS solution that handles both on-premise and cloud-based queries. Andrew is a retired Army Signal Warrant Officer.

Tim Gallo is the Head of Global Solutions Architects at Google, he specializes in Cyber Threat Intelligence and Risk everything from Intelligence Operations and Cyber Threat Profile development to risk based analytic approaches to Security Operations. He Joined Google Cloud through the acquisition of Mandiant by Google in 2022, he had spent 5 years at Mandiant prior to the acquisition in a variety of field facing roles covering the aforementioned topics. Before joining Mandiant, Tim leveraged his over 20 years’ experience in information security and intelligence operations to aid in the development and deployment of a number of solutions. Including building client and organizational expertise in Intelligence Led Security and Business Operations. This included the development and product management of some of the first cyber intelligence solutions ever brought to market. These solutions have included threat and vulnerability management tools, IOC prediction algorithms, intelligence services, and strategic intelligence consulting. Today he spends his days helping clients understand the importance of Intelligence as a guiding principle for building out effective security processes and operations and helping clients and vendors find ways to leverage technologies responsibly to build their cyber defense centers and security operations practices. Every once in a while he can be found out in the desert, sometimes on his Harley with a flamethrower, sometimes with just a flamethrower

Over 30 years of professional information security experience in 30 countries across various disciplines, technical areas and market segments. Holds key industry certifications including CISSP #409644, F5 and Imperva WAF, Microsoft ISA, CheckPoint, CSI Encryption, and WhiteHat web security analyst. Also serves on the board of Silicon Valley ISSA and participated in several industry consortiums.

Previously worked at leading companies including SAIC, Nokia, Juniper Networks and White Hat Security before transitioning into security consulting for various startups with Zisher Infosec, which became part of SEC Consult America in 2017. SEC Consult was subsequently acquired by Atos in late 2021. Founded secureCENTRX, a boutique information security consultancy focused on serving Managed Service Providers. Currently Principal Security Practitioner with Horizon3.ai focused on elevating customers and the product.

With more than 20 years of cross-functional knowledge and experience focusing on data security, compliance, risk management, cloud adoption, digital transformation, and modern application architectures, Ariel (Ari) Weil leads Cyera’s go-to-market (GTM) efforts as the Vice President of GTM Strategy. As a hands-on executive, Ari brings his knowledge and expertise across multiple operational disciplines to Cyera’s customers as they navigate the evolving landscape of data risk and governance.

William serves as the leader of AAA Washington’s information security and compliance efforts. He is responsible to establish a responsive, dynamic, and flexible cybersecurity program to meet continually changing information security, regulatory, and compliance needs in the organization.  William has been with AAA Washington since August of 2017. Other roles that William serves in the company include coordinating business continuity program activities and leading the company through emerging privacy legislation management.

In the evenings, William instructs graduate and undergraduate cybersecurity courses at the University of Washington and The Penn State University. William completed his Bachelor of Science in Computer Science from the U.S. Military Academy at West Point. He subsequently earned a Masters in Management Information Systems and an MBA from the University of Maryland. In December of 2018, he completed his Doctorate of Philosophy in Cybersecurity and Information Assurance from Capella University.

Prior to William starting at AAA Washington, he served five years as the Manager of IT Security Engineering at Puget Sound Energy. Prior to that, he also served as the regional CISO for Providence Health and Services. He has also served in similar positions with Alaska USA Federal Credit Union, Chugach Electric Association, and the State of Alaska, Department of Public Safety.

William served in the U.S. Army from 1990 to 1996 as an officer in the Infantry and is a combat veteran for Operation Desert Storm.

David Sigman has spent the last 20 years working with enterprise customers to make informed decisions about their cybersecurity challenges. He is a passionate cybersecurity evangelist and likes working closely with customers on turning endless alerts into actions through the power of automation. When not working, David likes to spend time playing guitar or exploring the Pacific Northwest with his family and four-legged friends.

Cynthia Damian is the Chief Information Security Officer at Valon Technologies, an up and coming fintech company innovating the financial and homeowner industry through technology. Cynthia has over 20 years of experience in cybersecurity and risk management holding security leadership and practitioner roles across small to large scale, global organizations including top Fortune companies. She is a mission-driven, people-centric security leader focused on making an impact through building, maturing and innovating cybersecurity and risk organizations with a track record of effectively managing risk and driving high-value outcomes for the business – protecting companies, employees and customers.

Cynthia has worked across diverse industries including companies such as Twitter/X, Salesforce, T-Mobile, and Starbucks. She also serves as a Board member, advisor, and mentor for various professional organizations in the security and tech community and is passionate about enabling diversity, equity and inclusion in the field one step at a time.

Marie Olson is an internationally recognized leader for her expertise in global regulatory compliance, privacy engineering, cybersecurity, digital governance, and risk management. Marie is a Fellow in Information Privacy (FIP). She also holds four other privacy certifications (CIPP/US, CIPP/E, CIPM, CDPSE), and two information security certifications (CISSP and CIPM). She has a Master of Science degree in computer science from Pacific Lutheran University and a Bachelor of Arts degree in mathematics from the University of Washington.
Marie recently retired in December 2023 from The Boeing Company after more than 36 years. In her last role, she served as Deputy Chief Privacy Officer for the Boeing Company.

Marie was selected by executive leadership to build the privacy team for Boeing in 2007, including hiring and training the team, defining the strategy and risk and control framework, and overseeing program implementation for Boeing’s global group of companies. Prior to establishing the privacy program, Marie was a Sr. Manager in Information Security. She managed a variety of functions including Information Governance and Compliance, Risk Management, Vulnerability Assessments, Business Continuity, Security Quality Assurance, and Government Programs Security Support.

Marie continues to be an active member of the Privacy and Security communities as a mentor, sought after speaker, thought leader, volunteer, cyber-safety instructor, and advisory board/committee member.

Joan Ross is a respected industry thought leader who develops advanced security strategies, publishes and speaks on implementing threat intelligence. Joan is a former Chief Security Officer for two technology companies, coming up the security ranks as an encryption engineer and cloud security architect. As an early CISSP holder from back in the 1990’s, she maintains a number security and privacy certifications and earned her Masters of Science degree in design and engineering focusing on incident response with the U.S. Coast Guard.

Passionate risk and security leader committed to safeguarding the digital landscape with extensive experience in critical infrastructure. Experienced in regulatory compliance across the United States, Europe, and Asia. My passion lies in shaping strategic directions and implementing robust controls meticulously tailored to meet regulatory requirements.

Beyond my technical expertise, I'm devoted to advancing the role of women in security. I actively promote inclusivity in the workplace and offer mentorship to empower aspiring professionals.

Let's unite our strengths and collaborate to create a safer world together.

Mike Sheward is Head of Security at Xeal, an EV Charging hardware startup. Mike has around 18 years experience building security programs. Originally from the UK where he worked mostly in penetration testing and digital forensics, Mike moved to the US in 2011, where he has been focused on running security teams for SaaS companies ever since. Mike has written a mixture of fiction and non-fiction books, including the InfoSec Diaries series, which features stories based on real life digital forensics cases, pen tests and security incidents, as well as the non-fiction titles, "Security Operations in Practice" and "Hands-on Incident Response and Digital Forensics".

Tony is a knowledgeable technical professional with 25+ years of experience developing, integrating, and leading technology projects for enterprise customers. He is effective in sales engineering, Internet security, project management, and computer networking. A skilled life-long student of managing the personal and technical challenges that arise from building something new.

Cliff Steinhauer is a passionate information security and privacy professional. Currently based in Seattle, he has over a decade of experience in sales, marketing, and project management. With the National Cybersecurity Alliance, Cliff works to direct community engagement through live events, educates through thought leadership, and runs the Cybersecurity program for NCA. Cliff enjoys sharing the message of securing your digital life, protecting information systems and the people that run them, and mentoring young folks to promote interest in the field.​

Zabrina McIntyre is a Director with KPMG focusing on large scale cybersecurity transformations for clients with a focus on compliance. She holds the CISSP and PMP certifications and is working on her PCI QSA. She is a dedicated supporter of Women in Cybersecurity (WiCyS) and is currently on the leadership board for the Business Information Security Officer (BISO) Affiliate.

Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

Mr. Petru is the President of the Washington State InfraGard Chapter and a Fellow of the British Computer Society, The Chartered Institute for IT. He is an innovative, and technically sophisticated professional, offering substantial years of broad-based experience in evaluating large corporate systems. Powered with a comprehensive background in development and implementation, he has authored more than forty-seven different courses based on AIX, Encryption, Linux, Networking, Security, and Virtualization technologies, teaching to an audience of tens of thousands around the world for the past twenty-five years. Mr. Petru has spent more than two years in Ukraine over the past 20 years and has seen much change. Equipped with a proven track record of success in designing and implementing system and policy based on Confidentiality, Integrity, and Availability, to meet business continuity and disaster recovery for long-range strategic plans of Fortune 100 Companies. Mr. Petru is armed with stellar qualifications in all facets of project lifecycle development, from initial analysis and conceptual design to implementation, quality review, and enhancement to optimize operational efficiencies that improve business and IT operations.

Craig Spiezle is the Founder and President of AgeLight Advisory & Research Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.

Steve Naphy serves as Morgan Lewis's Chief Information Officer. In his role, Steve concentrates on leveraging data analytics and process to drive efficiency and effectiveness in both business operations and the delivery of legal services. He has over 20 years of experience working in information technology (IT), including previously running information security at the firm for six years. Prior to joining Morgan Lewis, Steve held significant InfoSec roles in the retail and distribution industry. He holds an M.S. in information systems from Widener University and a B.S. from Drexel University.

Philip Conrod has served in various IT leadership roles (Manager, Director, ISO, CISO & SVP/CIO) during his 35-year career for companies like Raytheon Technologies (Sundstrand), Safeco Insurance, CRU (FamilyLife), Kenworth Truck Company, PACCAR, and Darigold. Philip has been a CISM since 2003. Philip currently serves as the CEO of Kidware Software. He has authored, co-authored, and edited more than two dozen Information Technology textbooks. Philip holds a Bachelor's Degree in Computer Information Systems and a Master's certificate in the Essentials of Business Development from Regis University.

Brian is an IT Executive with 29 years of experience from Security Operations and Support, Compliance, Risk Management, Technology Innovation, IT Operations and Supportand. Currently, Brian is a Business Information Security Officer (BISO) supporting multiple business units at Salesforce, delivering security and compliance across our people, process, technology, and data. In addition to this, he has worked in Security and GRC at Starbucks, Microsoft, and Bank of America as well as served as a Cybersecurity Advisor for CREATE.ORG, sat on the Board of Technical Advisors for NODUS technologies, served as an alternate to the PCI-DSS Customer Advisory Council, held CISSP and CISM certifications, and has published 2 books and 3 industry papers on security.

Oren Koren is the Co-Founder and Chief Product Officer of Veriti. Oren brings 19 years of experience in cybersecurity, advanced threat analysis, and product management,. Prior to founding Veriti, Oren was a Senior Product Manager at Check Point Software Technologies, where he led AI-based innovations and advanced data analytics projects redefining threat hunting and SIEM applications. Before Check Point, Oren served for 14 years at the prestigious 8200 unit and was responsible for different cybersecurity activities and research. Oren won the Israeli Security Award and 3 MOD awards for cutting-edge innovations in cyber security.

Glen Sorensen is a Virtual Chief Information Security Officer (vCISO) with Cyber Risk Opportunities. He has worn numerous hats in his career, in areas such as security engineering and architecture, security operations, GRC, and leadership. He has held a variety of roles as an analyst, engineer, consultant, auditor, regulator, and information security officer for a financial institution.

Glen approaches problems with practical solutions that bring good business value and has worked across many sectors, including financial services, healthcare, manufacturing, and others. He has served as a consulting expert in a large legal case involving healthcare and cyber attack detection technology. He has been in IT and security for 15+ years, longer if you count years of misspent youth bending technology and countless hours of roleplaying games. He is a sucker for a good tabletop exercise and serves as an Incident Master for HackBack Gaming, the fun kind of TTX.

Patryk has years of experience in technical support, presenting IT solutions, and sales in a global IT market. He enjoys traveling, meeting, and interacting with different people all around the world. He is highly customer service-driven and likes to build strong relationships with clients.

Ron Watters currently serves as the Region X (WA, OR, AK, ID) Cybersecurity Advisor for the Stakeholder Engagement and Cyber Infrastructure Resilience Division of the Office of Cybersecurity and Communications (CS&C) National Protection and Programs Directorate (NPPD). Based in Seattle, WA, he supports the Department of Homeland Security (DHS) mission of strengthening the security and resilience of the nation's critical infrastructure. His program coordinates cyber preparedness, risk mitigation and incident response, and provides cyber security resources, including assessments, to the nation's sixteen critical infrastructure sectors and state, local, tribal, and territorial government entities. Prior to joining DHS, Watters served 27 years with the U.S. Navy and Naval Reserve as a Submarine Sonar Technician and Diver, retiring from the US Navy in 2007. Recalled to Active duty following 9/11, he was offered a position as the Deputy, Information Systems Management Officer with the 4th Marine Corps recruiting District in New Cumberland, PA. He rose to the position of S-6 before leaving in 2009 to take a position as the Chief, Information Assurance Division, Network Enterprise Center Ft Irwin, CA. Watters remained in that position until leaving to become the Branch Manager of the Cybersecurity Branch of the Puget Sound Naval Shipyard in March of 2016 and, soon after, as the Region X Cybersecurity advisor in June of 2017, which he currently holds.

Steve is a global cybersecurity executive helping organizations prevent, prepare for, and respond to a cyberattack. Over 20 years in cybersecurity, Steve has worked with the leaders in cybersecurity including Palo Alto Networks, Accenture, and PwC. He has served hundreds of organizations around the world, envisioned, and launched multiple new cybersecurity businesses, and led over 2,000 cyber professionals to grow their careers in cybersecurity.

Scott M. Giordano is an attorney with more than 25 years of legal, technology, and risk management consulting experience. IAPP Fellow, CISSP, CCSP, Scott is also former General Counsel at Spirion LLC, where he specialized in global data protection, tech, compliance, investigations, governance, and risk. Scott is a member of the bar in Washington state, California, and the District of Columbia.

Ian serves as the Cybersecurity State Coordinator for the State of Washington for CISA, based in Olympia, WA. He supports the Department of Homeland Security (DHS) mission of strengthening the security and resilience of the nation’s critical infrastructure.

His program coordinates cyber preparedness, risk mitigation, and incident response, and provides cybersecurity resources, including assessments, to the state, local, tribal, and territorial government entities and the nation’s 16 critical infrastructure sectors. As the Cybersecurity State Coordinator for Washington State, Ian works with state agencies, counties, and cities/towns to help them shore up their cybersecurity by partnering with them on assessments and offering CISA technical services. Through these partnerships he builds and cultivates relationships and trust throughout the state.

Prior to joining DHS and CISA, Ian worked in both IT and cybersecurity for over 25 years. He started as an Intelligence Specialist in the U.S. Navy, right out of high school and then transitioned to the University of Washington, Bothell, and earned his B.S. in Computing and Software Systems in 2002. Upon graduating college he got a commission in the U.S. Air Force and worked as a Communication Officer at Offutt AFB in Nebraska. After separating from the Air Force in 2006, Ian took a civilian job doing cybersecurity, software development, and cyberspace planning for USSTRATCOM. During his time at USSTRATCOM, Ian earned his master’s degree in Cybersecurity from Bellevue University in Bellevue, Nebraska. Ian was the first student to graduate from Bellevue University’s Masters in Cybersecurity program in 2012. In 2015, Ian and his family decided to move home to the Northwest and took a job at the Puget Sound Naval Shipyard as a Cybersecurity Engineer. After a promotion and a year of working as the Platform IT (Operational Technology) Branch Manager, he accepted a position as a Cybersecurity Advisor position within CISA. After a year of interviews, security checks and waiting, he was brought on as the Cybersecurity State Coordinator for the state of Washington in March of 2021.

Ian maintains his Certified Information Systems Security Professional (CISSP) certification, since 2014.

Marie Olson is an internationally recognized leader for her expertise in global regulatory compliance, privacy engineering, cybersecurity, digital governance, and risk management. Marie is a Fellow in Information Privacy (FIP). She also holds four other privacy certifications (CIPP/US, CIPP/E, CIPM, CDPSE), and two information security certifications (CISSP and CIPM). She has a Master of Science degree in computer science from Pacific Lutheran University and a Bachelor of Arts degree in mathematics from the University of Washington.
Marie recently retired in December 2023 from The Boeing Company after more than 36 years. In her last role, she served as Deputy Chief Privacy Officer for the Boeing Company.

Marie was selected by executive leadership to build the privacy team for Boeing in 2007, including hiring and training the team, defining the strategy and risk and control framework, and overseeing program implementation for Boeing’s global group of companies. Prior to establishing the privacy program, Marie was a Sr. Manager in Information Security. She managed a variety of functions including Information Governance and Compliance, Risk Management, Vulnerability Assessments, Business Continuity, Security Quality Assurance, and Government Programs Security Support.

Marie continues to be an active member of the Privacy and Security communities as a mentor, sought after speaker, thought leader, volunteer, cyber-safety instructor, and advisory board/committee member.

Kevin has more than 25 years of experience in threat intelligence and information security. He was the VP of cybersecurity operations and governance at IOActive.com, a retired NSA intelligence officer, the former director of Windows security architecture at Microsoft, and shipped Windows 10 (not by myself). He holds the CISM, CISSP, CGEIT security certifications.

Stephen Dougherty has over a decade of investigative experience. His career as a Financial Fraud Investigator in support of the federal government has played a pivotal role in criminal investigations, surrounding cyber-enabled financial crime, money laundering, human trafficking, identity theft, healthcare fraud, embezzlement, tax/government program fraud, dark web crimes, among others. Stephen’s main area of expertise is combatting money laundering in all its forms. Aside from this, Stephen has been proactive in identifying new and future trends in the world of financial crime. Such trends include the cyber security nexus of financial crimes and its ever-growing relationship in major financial crimes such as Business Email Compromise and the rise of the dark web and the use of virtual currency as a vehicle for facilitation of financial crimes. Stephen has been a leader and a mentor to other investigators teaching them how to uncover fraud internally and externally. Stephen is currently an investigator contracted to the U.S. Secret Service’s Global Investigative Operations Center (GIOC) in Washington D.C.

Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

An experienced professional transitioning from a successful career in occupant protection engineering to technical community management, Anne blends technical expertise with exceptional communication and leadership skills. Her unique background in ensuring the safety and effectiveness of critical civilian and military equipment now informs my approach to building and nurturing resilient, dynamic communities at CREST International.

Leveraging both private industry and government sector experience in disciplines spanning, design & development, test & evaluation, contract management, and research and development, Anne fosters engaging, collaborative environments where synergetic ideas thrive. Her primary focus is on:

• Creating and sustaining an inclusive, informed community dialogue around our latest technologies and initiatives.
• Utilizing technical insights to provide relatable, credible guidance and support to community members.
• Driving engagement through innovative community programs, balancing technical depth with accessibility.
• Ensuring consistent, transparent communication between CREST International and our diverse user base.

Biagio DeSimone is an experienced Solutions Architect with a history of working in the cloud native application space. Skilled in Kubernetes, Containers, Cloud Platforms and Pre-Sales, Biagio is currently an Enterprise Solutions Architect at Aqua Security. In his role, Biagio works to educate organizations on the importance of container and cloud security, and improve their development workflows with DevSecOps.

Robert Kraczek, Global Strategist with One Identity, has more than three decades of security experience, with a specialization in Identity Security. Over the years, Robert has worked with, implemented solutions, and advised customers in all major industries as well as local, state and federal governments. Robert’s responsibilities include working with customers to develop a strategy to solve their security challenges as well as helping set the future direction of the One Identity portfolio.

Frank Simorjay (CISSP, ISSA Distinguished Fellow) is a cloud security and compliance subject matter expert. Frank works for Microsoft Azure global ecosystem organization as the Lead PM of the Azure automation Blueprint program, that includes the PCI automation blueprint. Frank has written an extensive library of papers, and blogs (http://cloudntech.blogspot.com).

Glen Sorensen is a Virtual Chief Information Security Officer (vCISO) with Cyber Risk Opportunities. He has worn numerous hats in his career, in areas such as security engineering and architecture, security operations, GRC, and leadership. He has held a variety of roles as an analyst, engineer, consultant, auditor, regulator, and information security officer for a financial institution.

Glen approaches problems with practical solutions that bring good business value and has worked across many sectors, including financial services, healthcare, manufacturing, and others. He has served as a consulting expert in a large legal case involving healthcare and cyber attack detection technology. He has been in IT and security for 15+ years, longer if you count years of misspent youth bending technology and countless hours of roleplaying games. He is a sucker for a good tabletop exercise and serves as an Incident Master for HackBack Gaming, the fun kind of TTX.

Craig Spiezle is the founder and managing partner of AgeLight Advisory Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.

Jared is a builder and leader of information security teams and products with more than 20 years of learnings. From startups to global enterprises, he's worked across multiple industries with expertise in secure development, risk management, visual story-telling, and consulted across all InfoSec domains. Over the past few years, he's invested in team dynamics and management. Ask him about resources such as Multipliers or Brave New Work! Jared's past work roles include Security Assurance Director at The Walt Disney Company.

Chris Boykin joined CyCognito in 2022, his first job on the vendor side, after spending over 20 years on the VAR side. Starting his career at NASA as an electronics technician, he eventually worked his way into computer networking, where he obtained the coveted CCIE certification. He has spent the last 15 years focusing on cybersecurity, where he led teams of highly skilled consultants to provide solutions to enterprises across the globe. Prior to CyCognito, he was the Chief Technology Officer at Future Com from 2010-2022, which acquired the Houston based company Chris founded in 2002, Got Net Security. He regularly speaks and sits on expert panels at industry conventions and trade shows.

Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.