SecureWorld St. Louis 2018

Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker, and author. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington D.C. to Moscow. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. In 2017, Dan was awarded the cybersecurity breakthrough CISO of the year for global security products and services companies.

He led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO), and Chief Information Security Officer (CISO) roles in Michigan.

Dan currently serves as the CSO and Chief Strategist for Security Mentor, Inc., where he leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting, and workshops for end-users, managers, and executives in the public and private sectors. He has advised senior leaders at the White House, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses, and non-profit institutions.

Dan has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

He is the author of two books: "Virtual Integrity: Faithfully Navigating the Brave New Web" and "BYOD For You: The Guide to Bring Your Own Device to Work." He is the co-author of the upcoming (November 2021) Wiley book, "Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from the Inevitable."

Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

Kurt is a computer forensics and incident response consultant and an Assistant Professor of Cybersecurity at Maryville University. He has been in the IT field for nearly 20 years, with the last 11 focused on information security.

Dave Hartley serves as a ‘Virtual CIO’ and ‘Virtual CISO’ helping clients with technology strategy and projects including strategic roadmap development, third party risk management including SOC reports, cyber risk assessments and cybersecurity programs, and digital transformation including cloud, mobile, etc. Dave joined UHY in 2015 following six years serving as the VP/Chief Information Officer for Arch Coal, the 2nd largest publicly traded coal company in the US, and 20 years of Big 4 consulting and auditing experience. Dave’s experience as a public-company CIO combined with a background as a CPA, CISA and auditor enables him to bring unique insights into today’s technology, cybersecurity and business challenges. He is a frequent speaker at technology and cybersecurity conferences and seminars.

James Norberg was formerly the Information Risk Management Director at Express Scripts and has been in the Technology field since 2002. His areas of responsibility include the Security Operations Center, Incident Response, eDiscovery, and Cyber Threat Intel & Hunting. He earned his undergrad from Drury University and MBA from Texas A&M. Currently James and his family reside in the St. Louis area.

David Strom is one of the leading experts on network and Internet technologies and has written and spoken extensively on topics such as VOIP, convergence, email, cloud computing, network management, internet applications, wireless, and Web services for more than 30 years. He was the founding editor-in-chief of Network Computing magazine, writes for Network World, SearchSecurity.com, and SecurityIntelligence.com, and curates the Inside Security email newsletter.

Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management (RIM) framework.

Ponemon Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University’s CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Corporation.

Dr. Ponemon consults with leading multinational organizations on global privacy management programs. He has extensive knowledge of regulatory frameworks for managing privacy and data security, including financial services, healthcare, pharmaceutical, telecom, and internet. Dr. Ponemon was appointed to the Advisory Committee for Online Access & Security for the United States Federal Trade Commission. He was appointed by the White House to the Data Privacy and Integrity Advisory Committee for the Department of Homeland Security. He was also an appointed to two California State task forces on privacy and data security laws.

Dr. Ponemon earned his Ph.D. at Union College in Schenectady, New York. He has a Master’s degree from Harvard University, and attended the doctoral program in system sciences at Carnegie Mellon University. He earned his Bachelor's with Highest Distinction from the University of Arizona. He is a Certified Public Accountant and a Certified Information Privacy Professional.

Randy Raw is Chief Information Security Officer at Veterans United Home Loans in Columbia, Missouri. He has more than 25 years of experience in both public entities and private industry, having built several Information Security programs from the ground up. He is a proponent of risk-based, layered security measures that utilize both preventative and detective approaches to achieve the right solution for the organization. Randy is a CISSP and is active in the Central Missouri InfoSec community. He has spoken at SecureWorld on many technical topics and turns his focus towards helping others move from the technical trenches to a leadership role.

Joe Olerich is a Systems Engineer for Radware. He works on the front lines designing cutting-edge security solutions to aid organizations in defending against the growing threat landscape. Over his 15 years of experience, Joe has engaged in a variety of roles, from designing networks and managing infrastructure, to running network and application security for a healthcare SaaS organization. He has a degree in Management Information Systems from Kansas State University, and can be found cheering loudly during any Wildcat sporting event.

Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management (RIM) framework.

Ponemon Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University’s CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Corporation.

Dr. Ponemon consults with leading multinational organizations on global privacy management programs. He has extensive knowledge of regulatory frameworks for managing privacy and data security, including financial services, healthcare, pharmaceutical, telecom, and internet. Dr. Ponemon was appointed to the Advisory Committee for Online Access & Security for the United States Federal Trade Commission. He was appointed by the White House to the Data Privacy and Integrity Advisory Committee for the Department of Homeland Security. He was also an appointed to two California State task forces on privacy and data security laws.

Dr. Ponemon earned his Ph.D. at Union College in Schenectady, New York. He has a Master’s degree from Harvard University, and attended the doctoral program in system sciences at Carnegie Mellon University. He earned his Bachelor's with Highest Distinction from the University of Arizona. He is a Certified Public Accountant and a Certified Information Privacy Professional.

John Fahey is a technical consultant with over 25 years of experience in infrastructure and security solutions. John’s career spans healthcare, telecommunications, and software manufacturers such as EMC, Intel Security, McAfee and Splunk prior to his current role as Product Security Specialist with Infoblox’s BloxOne Threat Defense solution. John has spent the last decade focused on helping to improve the lives of security analysts and security operations teams using software solutions, data analytics and automation. Today, John focuses on DNS as the real perimeter of security and on helping to improve security posture by automating DNS data for visibility, threat detection and as a mitigating control.

Brian Gorenc is the Director of Vulnerability Research with Trend Micro. In this role, Brian leads the Zero Day Initiative (ZDI) program, which represents the world's largest vendor-agnostic bug bounty program. His focus includes analyzing and performing root-cause analysis on hundreds of zero-day vulnerabilities submitted by ZDI researchers from around the world. The ZDI works to expose and remediate weaknesses in the world's most popular software. Brian is also responsible for organizing and adjudicating the ever-popular Pwn2Own hacking competitions.

Brian has been with ZDI since 2012, continually working on discovering new vulnerabilities, analyzing attack techniques, and identifying vulnerability trends. His work has led to the discovery and remediation of numerous critical vulnerabilities in Microsoft, Adobe, Oracle, open source, SCADA systems, and embedded devices. He has presented at numerous security conferences, such as Black Hat, DEF CON, Breakpoint, Ruxcon, PacSec, REcon, and RSA. More recently, Brian led the team that was awarded the Microsoft Mitigation Bypass Bounty and Blue Hat Bonus for Defense Bounty, which resulted in $125,000 being donated to STEM programs. During his leadership, the Zero Day Initiative program has coordinated the disclosure of over 3,000 Zero Day vulnerabilities.

John DiMaria has 30 years of successful experience in Standards and Management System Development, including Information Systems, Business Continuity, and Quality. John was one of the innovators and co-founders of the CSA STAR program for cloud providers, a contributing author of the American Bar Association’s Cybersecurity Handbook, and a working group member and key contributor to the NIST Cybersecurity Framework. He currently manages all facets of the CSA STAR Program which includes security, privacy, continuous monitoring, and development of new solutions.

With a background in broadcasting and operational security, Alex specializes in secure communications and education, awareness program development, the psychology of social engineering, human-based risk mitigation, and behavior analytics. She has over 12 years of experience developing and implementing security awareness, communication, and education strategies in Fortune 50/100 companies and other global enterprises. Alex is OPSEC Manager II Certified by the U.S. Army and the Joint Information Operations Warfare Center (JIOWC). She volunteers with local law enforcement agencies educating parents, community groups, and youth organizations on information security and social media safety in her free time.

Patrick J. Woods serves as the Chief Information Security Officer for the Missouri State Highway Patrol (MSHP) and the Assistant Director for Cybersecurity & Technology in the Patrol's Criminal Justice Information Services (CJIS) Division. In this capacity, Patrick directs the Patrol's cybersecurity and technology efforts to include network, data center, PC Support as well as the Cybersecurity Operations, Audit and Intelligence units. He currently serves on the FBI's Advisory Policy Board, Security and Access Subcommittee where he leads a task force aimed at addressing issues with law enforcement's use of the cloud. Patrick holds a Bachelor of Science degree in Criminal Justice, a Master of Science Degree in Cybersecurity and is a Doctoral Candidate awaiting publication of his dissertation of the defense of U.S. State and Local Law Enforcement agencies against the negative impacts of hacktivist attacks.

Tighe Burke is a Partner and Cybersecurity Practice Lead with Jobplex Inc. in Denver, securing the next-generation of leaders on behalf of technology clients around the globe. Tighe has developed powerful domain expertise executing searches for InfoSec functional roles as well as on behalf of security providers.

He previously spent 5 years as a search consultant in Silicon Valley, and is regularly sought out by the brightest minds in technology to conduct hard-to-fill positions across the security landscape. Tighe has deep experience working with both early-stage and public companies to identify their current and future security leaders.

Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker, and author. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington D.C. to Moscow. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. In 2017, Dan was awarded the cybersecurity breakthrough CISO of the year for global security products and services companies.

He led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO), and Chief Information Security Officer (CISO) roles in Michigan.

Dan currently serves as the CSO and Chief Strategist for Security Mentor, Inc., where he leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting, and workshops for end-users, managers, and executives in the public and private sectors. He has advised senior leaders at the White House, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses, and non-profit institutions.

Dan has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

He is the author of two books: "Virtual Integrity: Faithfully Navigating the Brave New Web" and "BYOD For You: The Guide to Bring Your Own Device to Work." He is the co-author of the upcoming (November 2021) Wiley book, "Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from the Inevitable."

Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker, and author. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington D.C. to Moscow. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. In 2017, Dan was awarded the cybersecurity breakthrough CISO of the year for global security products and services companies.

He led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO), and Chief Information Security Officer (CISO) roles in Michigan.

Dan currently serves as the CSO and Chief Strategist for Security Mentor, Inc., where he leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting, and workshops for end-users, managers, and executives in the public and private sectors. He has advised senior leaders at the White House, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses, and non-profit institutions.

Dan has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

He is the author of two books: "Virtual Integrity: Faithfully Navigating the Brave New Web" and "BYOD For You: The Guide to Bring Your Own Device to Work." He is the co-author of the upcoming (November 2021) Wiley book, "Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from the Inevitable."

Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

Timothy M. Grace, CIA, CISA, CISM, CRISC, Director of Technology Risk Advisory Services - As the Technology Risk Advisory Services leader for Mueller Prost. Tim brings more than 30 years of business experience delivering solutions that drive business innovation, optimization, and change within world class organizations. He is a leader in the fields of cybersecurity, information technology, internal audit, privacy, compliance, and risk management. Tim has brought best practices to global organizations and helped drive solutions that strengthen and enhance current technology practices. Through innovation and process improvement, Tim has been able to drive change to ensure organizations remain focused on key business issues. His deep information technology background and deep understanding of business processes allowed him to bring technology and business processes together.

Over 35 years of security, technology, and business leadership experience with expertise in delivering complete, effective, and strategic security solutions across a breadth of industries, including those with regulatory requirements as well as Secret/Top Secret environments. Proven expertise in DLP solutions across industries including global deployments and product integrations (300K+ endpoints in multiple geographic regions/200+ policy across multiple detection scope), developed and transitioned teams with vertical and horizontal strategies, developed DLP as a Service programs, compliance and regulatory requirement assurances and deliverables that align metrics to business goals. Actively developed user groups, hack- and install-fests and other technology-based outreach projects. Indecisive between battle royale and last player standing.

Rex is a strategic and technical leader with more than 25 years of experience in security and privacy, enterprise risk management, security management and operations, IT governance, application development, internal and external audit, regulatory compliance, and controls assurance. He has served as the lead executive with responsibility for planning, budgeting, execution and delivery of cybersecurity assessments, process control assessments, enterprise security roadmaps, incident response, IT governance, IT performance, IT risk assessment, penetration testing and diagnostics. Rex is a retired Army Lieutenant Colonel with the following certifications: CISSP, CISA, CIPT, PCI QSA, and PMP.

Steven Shalita has 20+ years of technology experience across the Enterprise, Cloud and Service Provider technology segments. He has market and technology expertise spanning across Cybersecurity, network security, forensics, SDN/NFV, and IT infrastructure. He has spent a considerable amount of time in the performance monitoring marker and was a key evangelist for adapting network monitoring technology for security use cases to identify zero-attacks. Steven is currently Vice President at Pluribus Networks and is a frequent featured speaker at leading industry events. He has held senior technology marketing leadership positions at NetScout, Check Point Software Technologies, Alcatel-Lucent, Cisco, and HP Networking.

David has been a cybersecurity leader for 12+ years at various global Fortune 100 companies with responsibilities ranging from strategic and tactical planning, architecture, engineering, operational support, process improvements, automation to consulting. He enjoys decomposing complex problems into implementable and sustainable solutions.

JJustin is currently a leader in Information Security for IBM Cloud and Watson Platform. With a background in red teaming and blue teaming over the past ten years, multiple degrees in his field, and SIEM and hacking certifications, he has affected positive change in securing some of the largest environments and cloud deployments in the world today.

Nick Ferrell has been helping Trend Micro customers across the world solve security challenges since 2011 as a senior engineer and professional services consultant. A primary focus of this work has been assisting enterprise organizations achieve a unified, automated, and effective set of security controls across diverse cloud and data center environments that mitigates risk, achieves compliance, and removes manual processes. Each year, Nick speaks to audiences at industry events about the latest in hybrid data center security, best practices, and use cases; bringing Trend Micro's wealth of innovation and experience to bear on real-world security problems.

Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

Steve Brown is an energetic speaker, author, strategist, and advisor with over 30 years of experience in high tech. Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.

Steve is passionate about helping people to imagine and build a better future. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better.

Steve speaks and writes in plain language on how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges. His new book, Hacking Reality, will be published later this year. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets.

Matthew Gioia is Associate Director for IT Security & Compliance at St. Louis Community College where he works with students, faculty, and staff to secure student and employee data. Matthew believes the community is best served with an education partner focused on helping every student establish and work towards achievable goals, and that developing a culture around protecting data and privacy enables this trusted community leader to realize its vision. Matthew has established the information security program at STLCC. He has held his CISSP certification since 2010 and holds a bachelor’s degree in Computer Science from DePaul University.

Jon Stitzel is the Lead Analyst for Cybersecurity Risk Management at Ameren. He is responsible for driving cybersecurity and risk management strategy for business and industrial control system environments, in addition to leading IT and Cybersecurity controls compliance. Jon has over 30 years of experience in the IT industry, including more than 20 years in cybersecurity. He has served as a system administrator, manager, analyst, and consultant in many diverse industries during his cybersecurity career, including energy, manufacturing, financial services, telecommunications, and DOD.

Tam Nguyen is an IEEE and ACM peer-reviewed cybersecurity researcher whose with recent publications on Software Defined Network's security (CSNet - Paris, France), and instructional design evaluation of CEH v10 Online Course (IC4E - Tokyo, JP). Tam's research interests include large-scale cyber threat modeling, cyber behavioral science, and applications of quantum computing in cybersecurity. Tam is a CISSP and is working for the Federal Reserve Bank at Cleveland.

Steve Brown is an energetic speaker, author, strategist, and advisor with over 30 years of experience in high tech. Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.

Steve is passionate about helping people to imagine and build a better future. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better.

Steve speaks and writes in plain language on how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges. His new book, Hacking Reality, will be published later this year. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets.