Select Presentations Available Now

---

NYS Cyber Security Conference Presenters

Special Agent Dan Alfin
FBI

Dan has been with the FBI for 2 years and is a member of the Albany violent crime and Cyber squads. His case work includes gangs and child predators but focuses mainly on Cyber intrusions. As a member of the Albany Cyber squad, Dan has been involved with several complex intrusion investigations with victims and subjects located throughout the country and all over the world. Before joining the FBI, Dan worked as a Field Engineer for Raytheon at the Naval Undersea Warfare Center. He has a degree in Information Technology from Florida State University.

James Antonakos, A+, Network+, and Security+, ACE
Broome Community College

James L. Antonakos is a Distinguished Professor of Computer Science at Broome Community College, where he has taught since 1984. James teaches both in the classroom and online in classes covering electricity and electronics, computer networking, computer security and forensics, information management, and computer graphics and simulation. James is the designer and director of the new 2-year AAS Degree in Computer Security and Forensics at Broome Community College. James is also an online instructor and faculty advisor for Excelsior College and an online instructor for Sullivan University. James has extensive industrial work experience as well, in electronic manufacturing for both commercial and military products and consults with many local companies in the area of computer networking and information security. James is the author or co-author of over 40 books on computers, networking, electronics, and technology. He is also A+, Network+, and Security+ certified by CompTIA and ACE certified by AccessData.

Special Agent Jeff Barrette
FBI

Special Agent Jeff Barrette is a member of the FBI Albany violent crime and cyber squad. He holds a bachelor's degree from the University of Connecticut in Computer Science & Engineering. After obtaining his degree, Jeff developed banking software for approximately three years. Jeff then became a Police Officer for the City of Orlando for approximately four years as a member of the violent crime tactical squad. Following his time at the police department, Jeff decided to merge his educational background and work experience and became a Special Agent investigating cyber intrusions.

Susan W. Brenner
R.O.I Legal Group, Pllc

Susan W. Brenner is the NCR Distinguished Professor of Law and Technology at the University of Dayton School of Law in Dayton, Ohio, and an acknowledged expert on cybercrime, cyberterrorism and cyberwarfare. She has spoken at numerous events -- including two Interpol Cybercrime Conferences and the Department of Homeland Security's Global Cyber Security Conference -- and participated in discussions of national security at events the U.S. Department of State Bureau of Intelligence and Research & National Intelligence Council. She has published Cyber Threats: Emerging Fault Lines of the Nation-States (Oxford University Press, 2009) and numerous law review articles dealing with cyber-threats to national security.

Eric Brohm
Verizon Business

Eric Brohm is a Senior Consultant within the Verizon Business (Cybertrust) Investigative Response Unit. He maintains a breadth of experience within the IT security industry, as well as a significant depth of expertise surrounding incident response and computer forensic analysis. He has led many high profile forensic investigations involving civil as well as criminal matters, for which he maintains a close working relationship with the FBI, Secret Service and the Department of Homeland Security. While his specialty lies in financial crimes, he also is commonly involved with cases in other sectors. Outside of investigations, he works closely with various industries to educate and provide guidance on security best practices such as PCI and others. Eric has also been a chief contributor to the annual Verizon Business Data Breach Investigations Report, the industry's largest compilation and analysis of breach-related data.

Dave Chronister, CEH, CISSP, MCSE, CHFI
Parameter Security

Dave Chronister CEH, CISSP, MCSE, CHFI is Founder and Managing Technology Partner of ethical hacking firm Parameter Security. Growing up in the wild world of 1980's BBS's and early Internet, Dave obtained a unique firsthand look at the mind, motives and methodology of hackers. Dave has provided ethical hacking, auditing, forensics and training to clients world-wide. Dave's expertise has been featured in many media outlets including; Computerworld, Popular Science, Information Security Magazine, St. Louis Post Dispatch and KTVI Fox News, to name a few.

Soo-young Chang
Goldberg Segalla LLP

Soo-young Chang is a trial attorney in Goldberg Segalla LLP's Buffalo, New York office who practices in the areas of Products Liability, Data Security and General Litigation. Starting as a prosecutor in Brooklyn, Mr. Chang led a long-term investigation that dismantled large narcotics-dealing gangs in a major housing project, which was featured on the front page of the New York Times. He has also defended physicians, hospitals and the City of New York against medical malpractice cases.

In 2006, Mr. Chang returned to Buffalo, his hometown, and has defended personal injury suits involving motor vehicle, construction-site, school-site and municipal site accidents. He has also defended medical malpractice and insurance coverage suits. Mr. Chang has obtained numerous jury verdicts throughout Western and Central New York on cases involving multi-million dollar potential verdicts.

Samuel Chun, CISSP
HP

Samuel Chun is the director of the Cyber Security Practice for HP Enterprise Services U.S. Public Sector. He is responsible for the strategy, portfolio development and industry messaging of cyber security services and solutions for U.S. Public Sector clients. He is also the lead subject matter expert for cyber security policy for HP Global Government Affairs. Chun joined EDS, now HP, in 2008 from the joint program office of the Secure Information Sharing Architecture Alliance (SISA), a security consortium led by Microsoft, Cisco, and EMC for the global government market. Previously he was the director of information assurance for the Enterprise Technical Services Division of TechTeam Government Solutions where he served for 10 years in a variety of internal and external security roles, including leading the company's compliance to the Sarbanes-Oxley Act of 2002. He was also an infrastructure consultant for SRA International.

Chun holds a variety of industry certifications, including being a Certified Information Systems Security Professional (CISSP). He is an industry authority on information security and a prolific writer having been published in nearly twenty books and periodicals including the Information Security Management Handbook series, of which he serves as a regular contributor. He has also had articles published in works such as the Homeland Defense Journal, IT Security Magazine, Roll Call, and Government Security News. Chun is a regular speaker at industry conferences and cyber security policy workshops and legislative briefings in Washington, DC. He recently provided expert testimony on the "State of Federal Information Security" at a hearing before the House Subcommittee on Government Management, Organization and Procurement. Chun is a graduate of the Johns Hopkins University in Baltimore, Md., where he received both his Bachelor's and Master's degrees in psychology.

Leo Clarke
R.O.I Legal Group, Pllc

Leo L. Clarke has been a nationally recognized expert in cyber-risk assessment and management for over 15 years. He has advised insurance companies, technology companies, and main street businesses on managing e-commerce, Internet and other cyber-exposures. He has written books and scholarly articles on the economic and legal aspects of cyber-risk and cyber-warfare, and he has presented papers at conferences throughout the U.S. and in Canada, Switzerland and Dubai.

Michael Corby, PMP, GPM, CCP, CISSP, CBCP
M Corby & Associates, Inc.

Michael Corby has over 42 years of experience in IT strategy, operations, development and security. He has successfully managed large projects, developed flexible IT infrastructures and sound security organizations for hundreds of the world's most successful organizations. He was instrumental in founding the organization that established the Information Security professional credential CISSP. In 1992, Mike was named the first recipient of the Computer Security Institute's Lifetime Achievement Award.

A frequent global speaker and author for conferences in the US and Internationally, he formerly held executive positions with several global consulting organizations including Marsh & McLennan, Netigy (net' - ih - gee) Corporation, QinetiQ (kih - net' - ick) and Gartner Consulting. He was formerly CIO for a division of Ashland Oil and for Bain & Company. A business owner for over 20 years (M Corby & Associates, Inc.) and community supporter, he has established a reputation for creativity and excellence in technology and its application to business needs. He is a certified Project Management Professional (PMP), a Certified Gartner Project Manager, and has attained proficiency level in I/T Process Control Architecture. Mike is a graduate of Worcester Polytechnic Institute (WPI), is a faculty member for the MSIA (Masters of Science - Information Assurance) program at Norwich University and the Bentley College MBA program. He is also a Certified Computer Professional (CCP) and Certified Information Systems Security Professional (CISSP) and a Certified Business Continuity Professional (CBCP). Mike is a frequent speaker, author and Advisory Board member for several corporations. He serves as committee chairman with the Worcester, Massachusetts, Regional Chamber of Commerce. He is one of the industry leaders in security for government, private, and non-profit sectors dedicated to promoting security awareness and accountability at all organizational levels.

Sam Curry
RSA

Sam Curry is Chief Technology Officer, Marketing at RSA, The Security Division of EMC. Mr. Curry has more than 18 years of experience in security product management and development, marketing, quality assurance, customer support and sales. Mr. Curry has also been a cryptographer and researcher and is a regular contributor to Internet Banking Security. Prior to his current role, Mr. Curry was Vice President of Product Management where he led the strategic direction for all RSA solutions. Prior to joining RSA, Mr. Curry was Vice President of Product Management and Marketing for a broad information security management portfolio at CA. Previously, Mr. Curry was also Chief Security Architect and led Product Marketing and Product Management at McAfee. Earlier, Mr. Curry was a founder of one and a first employee in another successful technology company. Mr. Curry is a frequent speaker at industry events and has been quoted in Forbes, Bloomberg, CNET, Technology Review, PC World and Computerworld. He has also appeared on Tech TV, CNN and MSNBC. Mr. Curry holds a B.A. in English from the University of Massachusetts and a B.S. in Physics from Mount Allison University.

Ken Estes, CISSP
CGI Federal

Ken Estes has been working in the computer industry since 1995. Formerly a Microsoft Certified Trainer, Mr. Estes attained a Bachelor of Science in Computer Science from Indiana University of Pennsylvania and a Master of Science in Information Assurance from Norwich University. Mr. Estes currently works as a senior consultant at CGI Federal. Ken Estes also holds the CISSP certification.

Suprotik Ghose, CISA, CISM, CISSP, CRISC, CCSK, ITIL
Microsoft Corporation

Suprotik Ghose has over twenty years of progressive, professional engineering and technology management experience, predominantly in the area of infosec policy, privacy, compliance and risk. He is currently the Principal CyberSecurity Strategist within Microsoft's National Security Group. He is responsible for delivering innovative cyber-solutions leveraging Microsoft's global security expertise. For 8 years, Suprotik was the Head of Information Security at the Financial Industry Regulatory Authority (FINRA), the largest non-governmental regulator for the financial securities industry. He had oversight responsibility for the security of applications, systems, databases and networks. In addition, he formulated the organization's data protection and application security strategy, ensured regulatory compliance and periodically interfaced with federal and quasi-governmental organizations.

In 2000, Suprotik co-founded a venture-backed software company focused on network and security change management. Previously, Suprotik was Senior Manager of AT&T's Security Consulting team responsible for defining and implementing the security management of SWIFT's Secure IP Network that connected 7500 financial institutions in 200+ countries moving 10M messages daily. Prior to AT&T, Suprotik worked for Citibank for over 6 years as Vice President and Chief Security Architect within Citibank's Information Security group. Suprotik is a CISA, CISM, CISSP, CRISC, CCSK and ITIL certified. He holds a MBA from Illinois and an undergraduate electrical engineering degree. In his spare time, Suprotik coaches a State Champion FLL Robotics team and he is also active as an adult leader in the local Boy Scouts troop.

Raj Goel, CISSP
Brainlink International, Inc.

Raj Goel, CISSP, is an IT and information security expert with over 20 years of experience developing security solutions for the banking, financial services, health care, and pharmaceutical industries. A well-known authority on regulations and compliance issues, Raj has presented at information security conferences across the USA and Canada. He is a regular speaker on PCI/CISP, HIPAA, Sarbanes-Oxley, and other technology and business issues, and he has addressed a diverse audience of technologists, policy-makers, front-line workers, and corporate executives. Raj works with Small-to-Medium Businesses (SMBs 10-200 employees) to grow their revenues & profitability. He also works with hospitals and regional medical centers across the north east (NY, Vermont, New Hampshire, Maine, Pennsylvania) in helping them meet HIPAA compliance requirements and utilizing Health Information Systems (HIS) effectively. His articles have appeared in Information Security Magazine, published by ISC2 and Commercial Property News. He has also appeared as an IT Security Expert on PBS NIGHTLY BUSINESS REVIEW.

Reg Harnish, CISSP, CISM, ITIL
Independent Security Consultant

Reg Harnish is a security specialist with extensive experience in security solutions for Financial Services, Healthcare and Higher Education organizations, focusing on implementations of ISO and NIST standards ranging from Risk Management and regulatory compliance to network, application and physical security. With nearly 10 years of Information Security experience, Reg works to promote awareness, establish security fundamentals and reduce risk for all customers.

Michael G Harrison
Application Risk Service
MetLife IT Risk and Compliance Unit
mharrison2@metlife.com

Michael Harrison is responsible for enhancing and managing the current vendor assessment process, application vulnerability testing program, privacy scanning, and ethical hacking on critical applications, to ensure that MetLife and its applications are in compliance with company IT Policies and Standards.

In 2001, Michael began his current role at MetLife. The role required detailed IT Policy creation and revision, as well as performing internal Security Assessments on MetLife Applications. In 2002, the role was expanded to develop the basis for the current Service Provider Assessment Program (MORE Process). This task allowed him the time to develop an understanding of the increased risks of migrating application and business operations to an externally hosted or outsource provider. The MORE (MetLife Overall Risk Evaluation) Process has expanded from 100 Service Providers in scope to nearly 900 to date. The process requires MetLife perform due diligence reviews of Service Providers for services being offered by one or more entities to MetLife or MetLife subsidiary. It encompasses a review of several risk categories including but not limited to Personnel Practices, Network and Operations Controls, Data privacy, Physical Security and Environmental controls and Incident Response.

Michael graduated from the University of Albany with BS in History degree in 1996.

Robert Heverly
Albany Law School of Union University

Robert Heverly is an Assistant Professor of Law at Albany Law School. Professor Heverly has taught as a Visiting Professor of Law at Michigan State University, as Lecturer in Law and Director of the LL.M. in Information, Technology & Intellectual Property Law at England's University of East Anglia, and as Guest Lecturer in the Common Law at University of Trier (Germany). He started his legal career with the Government Law Center of Albany Law School, and has served as Resident Fellow at the Information Society Project of Yale Law School.

Professor Heverly's primary areas of teaching and research revolve around technology, information, property, and intellectual property. He has published in the Berkeley Technology Law Journal, the Michigan State Law Review, and the MIT Press, and has works forthcoming in I/S: A Journal of Law and Policy for the Information Society and the Georgetown Journal of International Law. Professor Heverly is an Affiliated Faculty Fellow with the Information Society Project at Yale Law School, serves as a member of the Editorial Board of I/S: A Journal of Law and Society for the Information Age, and while it was in operation served as a member of the Legal Experts Panel of the Carnegie Mellon based Institute for the Study of Information and Technology in Society (InSITeS). In addition, he is a member of the Working Group on Property, Citizenship and Social Entrepreneurism at Syracuse University, and is involved in the Democracy Design Workshop at New York Law School. Robert has also served on the Board of Editors of the International Journal of Communications Law & Policy. Professor Heverly holds degrees from Yale Law School (LL.M.), Albany Law School (JD), and the State University of New York College at Oswego (BA).

Gerard Johansen, CISSP
SSC, Inc.

Gerard T. Johansen is SSC's Manager of Information Assurance. He is a Certified Information Systems Security Professional (CISSP) through ISC2 and specializes in Risk Management, Digital Forensics and Incident Response. Prior to joining SSC, Gerard spent ten years in law enforcement working at both the state and federal level with four years experience in digital investigations.

Gerard Johansen has experience in developing a wide range of security processes that integrate physical and cyber security elements. In addition to Gerard Johansen's Information Assurance experience, he has provided Executive Protection and Security Assessments for high net-worth clients. Gerard Johansen has attended a wide range of training programs provided by leading government and private organizations. In addition, Gerard Johansen has developed training programs for law enforcement agencies specifically related to Digital Crime and Investigations. Gerard Johansen is a graduate of Western Connecticut State University with a BS in Justice and Law Administration as well as a MS in Information Assurance from Norwich University. Gerard Johansen is a member of ASIS International, Infragard, ISSA, ISC2 and Western Connecticut State University's Center for Financial Fraud and Information Security where he is frequently requested to deliver lectures and training programs to a wide variety of audiences.

Ken Kaminski, CISSP, GCFA, GAWN, GPEN, GCIA
Cisco Systems

Ken Kaminski is the Security Architect for the Northeastern United States specializing in Cisco Security Products and Technologies for large enterprise and global accounts. He has been a member of the Security Advisory Council at Cisco that drives security training and programs for Cisco's Security Systems Engineers and provides customer feature requirements to Cisco Engineering. He teaches and speaks often on security related topics including Cisco Networkers and other industry forums. Prior positions include Consulting Systems Engineer for Voice, Video, and WAN technologies at Cisco Systems. He was one of the first Consulting Systems Engineers at Cisco. Prior to that, he was the Senior Systems Engineer for a startup company in the carrier ATM switching market. He was also a Telecommunications Officer in the US Army. Ken has his CISSP, GCFA, GAWN, GPEN and GCIA along with a BA and MA from Boston University.

Mike Klepper, CISSP, CISM, QSA, PA-QSA
AT&T Consulting Solutions

Mike Klepper is the National Application Security Practice Director at AT&T Consulting Solutions. Mike leads the Application Security Practice within AT&T's worldwide consulting business. AT&T Consulting specializes in the planning, design and complex integration phases of IP based communications. Specific practice focus includes: Advanced Infrastructure, Convergence & Contact Center, Data Center, Security, Unified Communications & Collaboration and IT Service Management. Mike joined the AT&T Consulting team through the acquisition of the VeriSign, Inc. Global Security Consulting business, which was completed in October of 2009.

Mike is responsible for working to drive the on-going development and delivery of AT&T's application security service offerings. AT&T Consulting has delivered application security assessment services in the US, Europe, Asia, Latin America and the Middle East. These services are delivered globally out of offices in the US and UK. Mike joined VeriSign in 2004 with the acquisition of Guardent, Inc.; a security start-up headquartered in the Boston area. Prior to Guardent, Mike was a member of the Strategic Security Services (S3) team for Deloitte & Touche. In this role he was responsible for scoping and delivering client service engagements focusing on penetration testing, secure network design, and application security. Before becoming a consultant Mike spent seven years in the Value-Added Reseller (VAR) market performing network and application installation, troubleshooting, and design. Mike earned his BS in Information Systems from the University of Idaho. His current certifications include Certified Information System Security Professional (CISSP) certification, Certified Information Security Manager (CISM), and both Qualified Security Assessor (QSA) and Payment Application Qualified Security Assessor (PA-QSA) for the Payment Card Industry.

Larry Kovnat
Manager, Product Security
Xerox Office Group

Larry Kovnat serves as Manager of Product Security for Xerox Global Product Delivery Group (GPDG), where he is responsible for embedded systems and software application security in Xerox products. He is responsible for developing and promoting the overall security strategy of Xerox products. Now in his 33rd year at Xerox, Kovnat has held managerial and engineering development positions in the fields of electronic hardware and system software. Since taking on the position of Product Security Manager in 2002, Kovnat has led the introduction of a security development lifecycle within GPDG. Kovnat also directs Common Criteria certification of Xerox devices.

Kovnat works with product development teams to ensure that proper engineering due diligence is applied to the security of Xerox devices and software. He and his team facilitate security risk assessments to identify potential security vulnerabilities and eliminate them from the design. His team is responsible for managing the ongoing security maintenance of Xerox products and for publishing security bulletins at www.xerox.com/security. He works collaboratively with the Xerox Innovation Group to bring unique Xerox security technologies to market. Through internal Xerox councils Kovnat works with principals across the corporation to align Xerox strategy around security.

Before becoming Product Security Manager, Kovnat worked on a variety of Xerox product programs and advanced development projects and holds four patents on digital imaging technology.

Kovnat has a Bachelor of Science degree in Physics from Dickinson College in Carlisle, PA and a Masters of Science degree in Physics from the University of Pennsylvania in Philadelphia, PA.

Kovnat holds Certified Information System Security Professional (CISSP) and Certified Information Systems Manager (CISM) credentials.

Aimee Larsen Kirkpatrick
National Cyber Security Alliance (NCSA)

Aimee Larsen Kirkpatrick is the Communication and Outreach Director for the National Cyber Security Alliance (NCSA), a public-private partnership dedicated to helping citizens stay safe and secure online. Ms. Larsen Kirkpatrick develops strategies and programs to fulfill NCSA education and awareness objectives and increase the number of engaged stakeholders to participate in NCSA's mission. She spearheaded a national public affairs campaign to develop a unified message on Internet safety for all citizens. This campaign is supported by the tech industry and government agencies alike. As manager of NCSA's government relations she has overseen the passage of resolutions through both the House of Representatives and the Senate to recognize the importance of the cybersecurity awareness and education and acknowledge October as National Cyber Security Awareness Month. Ms. Larsen Kirkpatrick was instrumental in developing the San Diego Securing Our eCity Model City project, an initiative to engage an entire community around cybersecurity awareness, education and preparedness, Stakeholders in this project include business, law enforcement, education, local, state and federal government, community service organizations, military and industry. Ms. Larsen-Kirkpatrick serves on steering committee and as co-chair of the Public Private Partnership Working Group, helping foster relationships between private and public sectors around this initiative.

Barry Lyons, CISSP
Northrop Grumman

Mr. Lyons is a leading edge Cyber/ Information Assurance (IA) security expert whose experience has focused on the architecture, design, implementation, management and operations of mission critical enterprise systems, airborne solutions, cross domain information sharing solutions, comprehensive identity management solutions (IdM), including the development of leading edge "Need to Know/Need to Share" On Demand Information Delivery solutions used across Intel/DoD markets. Mr. Lyons is also highly skilled in all critical disciplines and activities required for management and oversight of enterprise network and application systems, supporting such customers as the DoD (CCERT, Army, Air Force, JCOS), Intel community (IC), NSA, NRO, DIA, DISA, DHS, DOS, DOJ, DOI, and other agencies. Mr. Lyons is a much sought after, frequent guest speaker at security conferences across the nation. His dynamic, up-beat presentation style makes for an engaging session.

Nasir Memon, PhD
Polytechnic Institute of New York University, New York

Nasir Memon is a Professor in the computer science department at the Polytechnic Institute of New York University, New York. He is the director of the Information Systems and Internet Security (ISIS) lab at Polytechnic (http://isis.poly.edu). Prof. Memon got his BE in Chemical Engineering and MS in Math from BITS, Pilani, India, 1981. He got his MS in Computer Science (1989) and PhD in Computer Science (1992) from the University of Nebraska, Lincoln.

Prof. Memon's research interests include Digital Forensics, Data Compression, Computer and Network Security and Multimedia Computing and Security. He has published more than 250 articles in journals and conference proceedings and holds 6 patents in image compression and security with six more pending application. He has won several awards including the NSF CAREER award and the Jacobs Excellence in Education award. His research has been featured in NBC nightly news, NY Times, MIT Review, Wired.Com, New Science Magazine etc.

He is currently the Editor-in-Chief of the IEEE Transactions on Information Security and Forensics. He was an associate editor for IEEE Transactions on Image Processing, the Journal of Electronic Imaging, the ACM Multimedia Systems Journal, the LNCS Transaction on Data Hiding, IEEE Security and Privacy Magazine, IEEE Signal Processing Magazine and the International Journal on Network Security.

Prof. Memon is the co-founder of Digital Assembly (http://www.digital-assembly.com) and Vivic Networks (http://www.vivic.com), two early stage start-ups in NYU-Poly's incubator. He is a fellow of the IEEE and an IEEE Signal Processing Society distinguished lecturer for the years 2011 and 2012.

Ken Michael, CISSP, CISA, ITIL
Dox Electronics, Inc.

As a physics major in college, Ken knew the potential of technology and began his career in IT. Hired by Victor Computer in Long Island, Ken was the Senior Computer Field Engineer for the Long Island Branch. When Victor closed the branch in 1982, Ken went back to Rochester and founded his own consulting company, Dox Electronics Inc. Ken is known as a security, regulatory compliance, and infrastructure expert, and speaks regularly at events across NYS. Ken leads many security evaluations for companies large and small across New York State. For years, he has been on the forefront of security best practices, network protection methodologies, and the latest vulnerabilities and attacker entry methods. Ken is known for working with business executives, managers, and IT professionals to help increase security posture and awareness across the organization. Ken holds many certifications including his CISSP, CISA, and ITIL Service.

James D. Pompilio
InfraGard Albany

Mr. Pompilio is currently VP of InfraGard Albany. InfraGard is a partnership between the FBI and the private sector; businesses, academic institutions, state and local law enforcement agencies, and other participants with whom the FBI have developed a relationship of trust and credibility in the exchange of information concerning various terrorism, intelligence, criminal, and security matters in an effort to promote the protection of our nations critical infrastructure; both physical and cyber.

Mr. Pompilio has over 20 years of extensive experience within the technology arena focusing on IT operations with functional knowledge and practical experience with data and physical security systems management, application and product development, project management, business development, sales and marketing. He currently holds the position of CIO and ISO of a New England based mutual bank holding company that counts 3 community savings banks, 2 insurance companies and a broker dealer amongst its holdings.

Ken Privette
Digital Evidence Institute

Ken is a digital forensics and e-discovery consultant. He developed and manages egovdiscovery.org, "Government's Portal for E-discovery and Forensics," a resource for digital discovery research and thought leadership in government. Ken retired last fall as the Director of the Computer Crimes Unit at the United States Postal Service Office of Inspector General. His technical team of agents and forensic analysts supported more than 500 investigators. He and his team pioneered state-of-the-art initiatives such as remote forensics and the development of digital discovery tools such as an online digital discovery collaboration tool for sharing, parsing and searching digital evidence.

Ken spent much of his professional life as a Special Agent with the Naval Criminal Investigative Service both overseas and state-side where he conducted investigations involving computer crime, terrorism, and counterintelligence matters. He has worked in assignments at the Department of Defense Computer Emergency Response Team and served as an instructor in the Computer Forensics, Investigation and Response course for the SANS Institute. Lastly, Ken is proud to have served of the past two years as a Chairperson with the Digital Forensics Certification Board (DFCB.org), a NIJ funded digital forensics certification open to public and private sectors.

Brian Reilly

Brian Reilly is an Application Penetration Tester with experience assessing web, mobile, and client/server applications. He previously worked for Symantec Corporation, where he provided incident response and security operations services to a large government organization. While at Symantec, he was an active participant in the Symantec Vulnerability Research program and has worked with software vendors to responsibly disclose numerous application security flaws. His formative years in information security were spent in Higher Education, fighting the good fight to secure a multi-gigabit open network full of faculty, staff, students, and malware. He holds degrees from Georgetown University and the George Washington University.

Deborah Snyder, CISSP, GIAC, GSLC, PMP
Chief Information Security Officer
NYS Office of Temporary and Disability Assistance (OTDA), Division of Legal Affairs

Ms. Snyder has over 25 years of experience in human services delivery and information systems management, meeting business needs through the innovative use of technology, mission-critical redesign and modernization projects, and strategic policy and planning initiatives. In her current role, she manages the agency's Information Security Office and oversees all aspects of its comprehensive Information Security Assurance Program – a portfolio of information security governance, risk and compliance management initiatives.

Ms. Snyder has championed and led efforts to strengthen her agency's and the State's information security posture, and advance the information security professional community of practice. She recently received the 2010 New York State Forum Award for Excellence in Government Information Services, for outstanding contributions to New York State's IT community, and the essential spirit and value of collaboration and volunteerism. In 2009, she was the inaugural recipient of the New York State Cyber Security Award, recognizing individuals for outstanding contributions and accomplishments in the field of cyber security. She was also the 2008 Information Security Executive Northeast People's Choice Award Winner. She recently co-authored a book entitled "SECURE – Insights from the people who keep information safe," which outlines industry leader insights and offers perspective on what's top-of-mind today in information security.

Ms. Snyder is a graduate of the State University of New York, and has completed postgraduate work in information security assurance, incident management, digital evidence and forensics. She is a certified Project Management Professional (PMP), and holds several industry certifications including Certified Information Systems Security Professional (CISSP), and SANS Global Information Assurance Certification in Security Leadership (GSLC). She serves as Co-Chair of the NYS Forum's Security Work Group, and is a member of the Project Management Institute, InfraGard National Members Alliance, Information Systems Security Association (ISSA), Information Systems Audit and Control Association (ISACA), and the Institute of Internal Auditors (IIA). She teaches and is a frequent speaker at prominent forums including the Government Technology Conference (GTC), NYS Cyber Security Conference, CIO Academy, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) National Webcast Initiative, on information security and risk management topics critical to executive-level, senior business and IT professionals.

Michael Stiglianese
R.O.I Legal Group, Pllc

Michael Stiglianese successfully operated as Citigroup's Chief IT Risk Officer for Global Information Security and Continuity of Business Programs. Reporting to executive leadership including Citigroup's CEO, Board of Directors and regulatory agencies, he led numerous oversight committees across diverse, corporate and global business units. Mike also held a variety of positions within Citigroup, including CFO of its Financial Institutions, Global Transaction Services and Operations and Technology groups. As a result of his finance background, Mike approaches risk from a business perspective, balancing risk mitigation with a return on investment focus. He frequently speaks on the subject of risk management, most recently at Columbia University and NYU School of Business. Mike has also served as a facilitator at the U.S.-sponsored National Cyber Leap Year Summit.

John Streufert
U.S. Department of State

John Streufert joined the Department of State team in July 2006 as the Chief Information Security Officer and Deputy Chief Information Officer for Information Security. Since arriving at State he lowered a material weakness on IT Security to a deficiency and raised the IT Security grade from an F to a B as assessed by OMB and Congress. In July 2008 at Mr. Streufert's request, the Department began providing letter grades monthly to executives and technical managers on progress in lowering IT security risk based on correcting scanned vulnerabilities and configuration weaknesses. This program resulted in the reduction of 89% of the measured risk in 12 months enterprise-wide with a security metrics program administered by a coalition of 11 technical organizations.

Mr. Streufert worked at the US Agency for International Development (USAID) from 1997 until 2006 in multiple information technology positions beginning as Director of Information Resources Management and ending as the acting CIO for three years. In 2004 Mr. Streufert received the Distinguished Presidential Rank award and obtained the highest IT security score of the federal government as assessed by Congress. In 2005 USAID was again recognized by Congress for its IT security score among federal organizations with a record 100 of 100 possible points. Internal to USAID from 2001 to 2006, the technology functions under his supervision were rated with the highest customer service in the Agency by independently administered surveys of employee satisfaction. In other roles for USAID he was the Year 2000 Date Change Program Manager and the USAID Information Systems Security Officer.

Mr. Streufert was a graduate of the Maxwell School of Public Administration, Syracuse University (MPA) in 1985 and St. Olaf College (B.A.) in 1979.

Brian J. Tillett, CISSP
Symantec Corporation

Brian J. Tillett is responsible for the Symantec Security Strategy across Public Sector.

As a security practitioner with 17 years in the IT and Voice Security industries, Brian is a contributor at Public Sector focused conferences, symposiums, and forums as a speaker/presenter on relevant real world IT security topics. He meets regularly with Federal, State, and Local Government; and Public Education, CxO executives, directors, and key personnel to focus on understanding and meeting real-world IT security challenges specific to the Public Sector enterprise. Being aligned with the Symantec Security Business Practice and CTO office, he drives this feedback directly to Symantec business unit leaders in order to strengthen the connections between Symantec's solutions and strategic Public Sector enterprise goals.

Prior to Symantec, Brian was with Vericept Corporation; becoming well versed in the Public Sector DLP space. He spent 5 years with SecureLogix Corporation as Federal Technical Director supporting TDM Voice and VoIP security technologies. Previous positions also include Fujitsu supporting TDM Voice, VoIP, Messaging, IVR and CTI technologies; as well as contractor to the US Department of Defense and several intelligence organizations designing and deploying secure communications and computing centers. Brian's career began with the United States Air Force, assigned to the Air Force Pentagon Communications Agency; ultimately managing the Pentagon Secure Crypto Telecom Facility.

Throughout his career, Brian has supported organizations including: USAF, USN, USMC, USA, Departments of Homeland Security, Energy, Transportation, Veterans Affairs, Treasury and State, Defense Information Systems Agency, US Postal Service, White House Communications Agency, Joint Chiefs of Staff, Executive Office of the President, US Senate, US Congress, Missile Defense Agency, United Nations, Office of the Secretary of Defense, various intelligence organizations, Lockheed Martin Corporation, and British Ministry of Defence.

Brian continues to maintain a DoD Top Secret Clearance.

Stephen Treglia
Absolute Software Corporation

Stephen recently concluded a 30-year career as a prosecutor (in Monroe, Queens and Nassau Counties in New York), having created and supervised one of the first computer crime units from 1997-2010. He currently is Legal Counsel to the Recovery Section of Absolute Software Corporation, a Vancouver-based creator of tracking software for mobile devices. As such, Stephen oversees legal compliance relevant to Absolute's staff who assist law enforcement in the recovery of stolen mobile devices, as well as liaisons with law enforcement world-wide to further the re-acquisition of such stolen devices.

Stephen is a renowned nationwide lecturer, teacher and writer on a variety of subjects related to the topics of search and seizure practices and law, as well as the law related to computer forensics and the acquisition of electronic communications. He writes a regular column for the Technology Law section of the New York Law Journal, and has made similar contributions to the newsletters of the National Association of Attorneys General (NAAG), the High Technology Crime Investigation Association (HTCIA), and the New York Prosecutors Training Institute (NYPTI). For the last 6 years, he has routinely assisted in training new forensic examiners with the FBI's Computer Analysis Response Team by playing the role of both prosecutor and defense attorney in Moot Court Training sessions organized by the FBI.

This is the 12th time in the last 13 years that Stephen has lectured at the OCS's Annual Conference. He has also been a recurring lecturer for the FBI, ICE, NAAG, National District Attorney Association, American Prosecutors Research Institute, National White Collar Crime Center, New York Judicial Institute, HTCIA, NYPTI, and various state and local law enforcement agencies. He has also lectured at St. John's School of Law, Albany Law School, Dowling College, and York College.

Jacob Valletta
RIT

Jacob Valletta is a student in Information Security and Forensics at Rochester Institute of Technology. Jacob has strong interests in programming, network security, reverse engineering security auditing and intrusion detection and has been doing research on covert channel methods for future publication.

Erika Voss, CORM
CGI Federal

Erika has been delivering NIMS ICS courses throughout Washington State as a Master Trainer for how to understand, implement, and execute the Incident Command System. Erika has been an Instructor for the Continuity of Operations/Emergency Management curriculum for over 10 years holding the CORM certification from The ICOR in two areas of expertise: Technology Infrastructure and Emergency Management. Erika started the ISSA Rainier Chapter in Tacoma, Washington and served as the President interim. Erika has delivered at CPM West, and also various Instructor Training statewide for Washington State Government Agencies in Incident Response, Table Top Exercises, and Cyberstorm III.

John Weinschenk
Cenzic

John Weinschenk is a technology executive who has led several companies to unprecedented success. John's career is marked by an unusually broad background in both engineering and business. John has led technical groups in key security and enterprise software firms, and has brought his in-depth understanding of the latest technologies, market dynamics, and business models to leadership roles in business-strategy and marketing divisions at leading corporations.

Maxim Weinstein
StopBadware

Maxim Weinstein has been leading StopBadware since 2007. He has spoken on malware policy and user education at conferences hosted by the Federal Trade Commission, the Anti-Spyware Coalition, and the Messaging Anti-Abuse Working Group. He also serves on the Massachusetts Educational Technology Advisory Council, the advisory board of the Anti Malware Testing Standards Organization (AMTSO), the K-12 working group of the National Cyber Security Alliance, and the IEEE ICSG malware working group. In 2009, he was recognized by SC Magazine as one of the year's information security luminaries. Prior to joining StopBadware, Maxim worked in a variety of positions involving technology, communications, education, and leadership across a range of industries. Most recently, he served as technology director and national management team member of Year Up, a Fast Company Social Capital Award winner. Maxim is a graduate of Tufts University, from which he earned a masters degree in teaching and a bachelors degree in quantitative economics and environmental studies.

Chris Wysopal
VeraCode
Co-Founder and Chief Technology Officer

Chris Wysopal, co-founder and chief technology officer of Veracode, is responsible for the security analysis capabilities of Veracode technology. Mr. Wysopal is recognized as an expert and a well known speaker in the information security field and was recently named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by the editorial staffs of eWeek, CIO Insight and Baseline Magazine.

He has given keynotes at computer security events and has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. He also has spoken as the keynote at West Point, to the Defense Information Systems Agency (DISA) and before the International Financial Futures and Options Exchange in London. His opinions on Internet security are highly sought after and most major print and media outlets have featured stories on Mr. Wysopal and his work.

Mr. Wysopal's groundbreaking work in 2002 while at the company @stake was instrumental in developing industry guidelines for responsibly disclosing software security vulnerabilities. Mr. Wysopal, along with Steve Christey of MITRE, proposed an IETF RFC identified as the "Responsible Vulnerability Disclosure Process," which became the foundation for the Organization for Internet Safety (OIS). Mr. Wysopal is a founder of OIS, which established industry standards for the responsible disclosure of Internet security vulnerabilities.

Mr. Wysopal is co-author of the award winning password auditing and recovery application @stake LC (L0phtCrack) which is currently used by more than 6,000 government, military and corporate organizations worldwide.

Mr. Wysopal began his career as a principal software engineer at Lotus Development Corporation where, in the mid 90's, with the rise of the Internet, he realized the critical need for secure software. He and his colleagues then created the first security research think tank known as L0pht Heavy Industries, which was later acquired by @stake in 1999. He became the manager of @stake's Research Group and later became @stake's vice president of research and development where he led a world class team of security researchers tackling the problem of automating the process for finding and disclosing security vulnerabilities in software. He also managed @stake's products group to develop new security tools focused on wireless, infrastructure and application security.

In 2004, when @stake was acquired by Symantec, Mr. Wysopal became its director of development and was responsible for the engineering team that built binary analysis technology to find vulnerabilities in software.

Mr. Wysopal wrote The Art of Software Security Testing: Identifying Security Flaws, published by Addison Wesley and Symantec Press in December 2006.

Mr. Wysopal earned his Bachelor of Science Degree in Computer and Systems Engineering from Rensselaer Polytechnic Institute in Troy, New York.