Click on a speakers name to view their Bio.
As well as providing consulting services to key clients, as President and CEO Geoff Besko has responsibility for the leadership and general management of Seccuris Inc., a Canadian information security consultancy and solution provider.
Previously, Geoff was the Deputy Chief Information Officer at the Winnipeg Regional Health Authority where he had general management responsibilities for the e-Health Services Division. Prior to his position with the WRHA, he was a Solution Architect and Senior Consultant with EDS Inc. where he specialized in enterprise architecture, IT strategy, and service management best practices consulting.
At Seccuris, Geoff has provided consulting services in the areas of information security strategy, security architecture, and security information management for a number of clients. He has taught at the University of Manitoba as a sessional instructor in the undergraduate and MBA programs on data communications, IT strategy, and other general management information system topics. Along with his training in Enterprise Architecture development, Geoff also holds his CISSP, CISM, CGEIT, ITIL IT Service Manager Certification, PCI Qualified Security Assessor and SABSA Chartered Practitioner, along with MBA and BA (Honours) degrees from the University of Manitoba.
|
As well as leading transformation programmes for big financials, as managing director I have responsibility for the leadership and general management of Ideas to Interconnect (i-to-i), a Dutch independent Consultancy firm specialized in Business & IT Alignment.
Prior to my current position, for 14 years, I was Program manager and manager of sourcing deals where I have been successful in making models and best practices work in complex organizations.
At current, i-to-i is, jointly with authors of SABSA, developing Enterprise Information Risk services. The emphasis is on the contribution of these services to realizing Business objectives and actually establishing the impact the Business requires. I am currently leading a project where a SABSA service is implemented at a major global organisation.
|
Jon Colombo is a regular Cosac speaker. He is an Executive Consultant with Capgemini’s UK Security Consulting Practice where he specialises in Strategy, Management and Governance.
Jon started work as an archaeologist, with degrees from London and Oxford. In the mid '80s he moved into the field of IT, gaining an MBA from City University in 1993. In the early 90's he switched to Business Continuity, setting up the function at Smith New Court Securities. He has worked in 'pure' Information Security roles for the last 15 years, setting up and running Information Security functions at United Friendly Insurance and WestLB AG, London, before moving to Capgemini in 2003, where he has worked in a variety of roles, tending to focus on the Health Sector.
Jon is a qualified CISSP, CISM, MBCI, and CLAS consultant. He publishes and speaks on a variety of Information Security topics.
|
Mary is an accomplished, result-oriented, hands-on professional with a progressive track record of demonstrated success in complex, fast-paced, varied technical and business environments. Mary is an expert in product, infrastructure development, and enterprise architecture development, who has stepped into a leadership role to drive new business, leveraging her practical experience and formal training.
Mary is currently an adjunct instructor for Saint Mary’s University of Minnesota teaching in the Schools of Graduate and Professional Studies in the Information Technology Management Program, as well as the Information Technology School of ITT Technical. Mary has been a speaker at the Minnesota Telecommunications Association annual meetings (2005, 2006) speaking on converged technologies.
|
Pascal de Koning MSc SCF CISSP TOGAF has more than ten years experience in information security. Pascal has comprehensive knowledge of software security. In the past he has conducted many technical security assessments on information systems in finance, healthcare and public sector. Besides this, he has thorough knowledge of Public Key Infrastructure (PKI) solutions. As a senior security consultant at Getronics he's currently involved in defining and implementing security solutions that best fit the customer needs.
The edge between business processes and information security is his field. For this he makes use of Security Architecture (SABSA). His experience is that the business drive approach helps to a) improve communication with the customer, b) get a better view on security requirements, and c) get commitment for a proposal. This leads to higher quality and more business.
|
Simon Gunning CFE direct's DigiLog's technical services including voice analysis and call centre risk solution packages, (forensic tape analysis, third party screening, interview assessments), investigation support and training, investigations, IT security awareness training. Digilog has a strong presence in insurance, banking, police and government, accountancy, human resource departments and call centres.
|
David Hafele is a Senior Enterprise Security Architect for Northrop Grumman supporting the Department of Justice. Prior to this, Mr. Hafele served the Department of the Army as a Senior Information System Security Engineer. Mr. Hafele’s principal interests focus on the integration of Enterprise Architecture with Enterprise Security Architecture as well as helping customers understand operational business risk. Mr. Hafele is a SABSA Chartered Practitioner in Architecture Design (SCPA), a Chartered Practitioner in Risk Management and Governance (SCPR), a Certified Enterprise Architect (CEA), and a Certified Information Systems Security Professional with a concentration of Information Systems Security Engineering (CISSP-ISSEP). Mr.Hafele is also a part-time lecturer for the FEAC Institute on Enterprise Security Architecture.
|
Wilbert Hofstede is an information security professional with over 20 years of security experience as security specialist, architect, and manager. He is CISA, CISM and CISSP certified, holds 2 master degrees in Information Security Technology and Management from the Technical University of Eindhoven, and lectures at the University of Antwerp Management School.
As preparation for the masters thesis, ‘Know Your Enemy, to reduce the likelihood of targeted attacks’, he did extensive research in the domain of threat agents and how this knowledge could be used to mitigate the risks of being a targeted.
|
Richard Hollis is the Chief Executive Officer for Orthus Ltd, a European information security risk management consulting firm specialising in providing effective, independent information risk management services. As a Certified Information Security Manager (CISM), Certified Protection Professional (CPP) and a Payment Card Industry (PCI) Qualified Security Assessor (QSA), Richard possesses extensive hands on skills and experience in designing, implementing and managing and auditing information security programs.
Over the course of his career Richard has served as Director of Security for Phillips, Paris, and Deputy Director of Security for the US Embassy Moscow Reconstruction Project as well as a variety of sensitive security positions within the US government and military. In addition to his work with Orthus, Richard serves on several security technology company boards and security industry advisory councils.
A celebrated public speaker, Richard has presented to hundreds of audiences across the world on a wide variety of information risk management topics and techniques. As a recognised industry authority, he has published numerous articles and white papers. He has also appeared on national and international broadcast news as well as being cited in a wide range of press including the BBC, MSNBC, Radio 4, the Financial Times, Time magazine and various others.
|
Lynette Hornung-Kobes is currently a Senior Computer Security and Privacy Consultant with Northrop Grumman Information Systems. She has supported a variety of Department of Justice components, including the Office of the Solicitor General, Interpol and the Office of the Chief Information Officer with security and privacy services. She also recently worked on a project with DOJ and OMB where she served in a liaison role between the two agencies on their joint project. She was an IT Security Specialist with the Department of Justice prior to joining Northrop Grumman where she worked on Certification and Accreditation on an enterprise level for the Public Key Infrastructure. She has the SABSA Foundation for Enterprise Security Architecture Certification and is pursuing the CIPP, Certified Information Privacy Professional.
Lynette was a contributing author to two books on Identity Theft by Dr. Steffen Schmidt and Michael McCoy, including *Who is You? *and *The Silent Crime: What You Need to Know About Identity Theft*. She has been an invited speaker at various computer security conferences, including NetSec, the Computer Security Institute and the Cyber Information Security Conference where she has presented on various topics dealing with security and privacy. She was top speaker at the Cyber Information Security Conference.
|
Jason Kobes, MSIA, CEA, SCPR, CISSP. Jason works as a Senior Computer Security Architect in Washington, DC for Northrop Grumman Information Systems, where he supports the Chief Information Security Officer for the Department of Justice. Jason has a Master's of Science in Information Assurance (MSIA) from Iowa State's NSA Certified Center of Excellence and a Bachelor's of Science in Computer Science from Iowa State University.
Jason's areas of research are accountable anonymity systems and applying enterprise security architecture. Jason is advisor to the Northrop Grumman, Purdue University research project. Jason has recently spoke about security, enterprise security architecture and business process improvement methods at The First SABSA World Congress, the Computer Security Institute (CSI ) annual conferences and the Cyber Information Security Conference (CISCON). Jason also is an instructor for the Federated Enterprise Architecture Institute where he teaches Enterprise Security Architecture.
Jason has been worked in the security field for 11 years and has been involved in the implementation, architecture and security of many large enterprise projects.
|
Jeffrey A. Livermore, PhD is an Associate Professor at Walsh College. He teaches in the BIT, Information Assurance, and Doctorate of Management in Executive Leadership programs and is currently researching the ethics of teaching information security. He can be reached at jlivermore@walshcollege.edu.
Jeff has 20 years experience working with IBM'S IMS and DB2 Data Base Management Systems; and has designed and supported data bases at J.L. Hudson, Michigan Consolidated Gas Company, EDS, Volkswagen of American, and Ford Motor Company.
He is the former Chief Information Officer of the Barbara Ann Karmanos Cancer Institute. The Institute is one of the National Cancer Institute's designated Comprehensive Cancer Centers combining research with patient education and treatment. Prior to working at the Karmanos Cancer Institute, Jeff worked at American Community Mutual Insurance company, Holley Carburetor, Harper-Grace Hospitals and American/SCI Inc. Jeff was a staff manager at American/SCI and performed consulting/contracting work at the big three automotive firms.
Jeff holds a Post-Doctoral Fellowship from the University of Maryland University College; a PhD from Nova Southeastern University; an MSA from Central Michigan University; and a BS from Wayne State University.
|
Lisa Lorenzin is a Principal Solutions Architect with Juniper Networks, specializing in security solutions, and a contributing member of Trusted Network Connect (TNC), a work group of the Trusted Computing Group (TCG) that defines an open architecture and standards for endpoint integrity and network access control. She has worked in a variety of Internet-related roles for the past 15 years, primarily focused on network and information security. Her experience in data center, government and enterprise environments, as well as her active participation in standards bodies and user groups, has brought her a thorough understanding of the challenges network administrators and users face in today's world of expanding regulations and increasing security threats.
|
David Lynas SCM, FBCS, CITP, the COSAC Founder and Chairman, is currently enjoying his twenty-seventh year of experience in Information Security, during which he has been invited to provide strategic advice to governments and industry clients on every continent. A globally renowned Enterprise Security Architect, Security Strategist, and Thought-Leader, he has been awarded Fellowship of the British Computer Society and is the only non-American ever to be honoured with the prestigious Computer Security Institute Lifetime Achievement Award.
He is the co-author of SABSA (the world’s leading free-use, open-source Security Architecture Methodology) and the CEO of the SABSA Institute charged with providing assurance and confidence over the competencies of SABSA Security Architects.
A widely-published author and commentator, his articles have appeared in publications such as CSI Alert, Information Security Bulletin and the BCS publication Information Security Now. He is on the editorial board of Computers & Security magazine and has authored a series of opinion columns for SC Magazine. David has been quoted widely in the media and major trade and broadsheet press, including: BBC Television, BBC Radio Ulster, Independent Television News, The Irish Times, ITs Monday, Wired.com, CIO Magazine, Technology Ireland, Korea News and the Harvard Business Review.
|
John O'Leary, CISSP, is President of O’Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John was the recipient of the 2004 COSAC award and the 2006 EuroSec Prix de Fidelite. He has never been convicted of anything really serious or run for public office.
|
Derek O'Neill, CISSP, SSCP, is an Information Security specialist currently employed by AIB, having previously worked for Microsoft, Gateway and Chevron. In a variety of development, network infrastructure and sys-admin roles Derek has spent 14 years skirting the rules, and the last 4 years trying to enforce them.
After failing to make the grade as a drummer, prop forward, fireman or accountancy student, Derek decided on a career in Information Systems, as a nice indoor job with no heavy lifting.
|
Máirtín O’Sullivan is an information risk and compliance consultant with seven years experience in information security. Máirtín works with an independent consultancy practice called Espion in Dublin, Ireland.
Máirtín has extensive experience in performing information risk management, web application security reviews and assisting organisations in aligning their information security posture with their business objectives. He has worked across a wide range of industry verticals, including government, financial, education and technology.
Máirtín has written and contributed to a number of articles for publications and websites such as the Sunday Business Post, Computerscope, Public Sector Times, Techcentral and (In)secure.
This session is derived from the thesis written by Máirtín submitted as part of the requirements for the degree of MSc in Information Security with Royal Holloway, University of London.
|
Simon Pascoe CISSP (Certified Information Systems Security Professional) is Security Architect Reporting to BT’s Chief Security Architect . He is part of the Security Design and Consultancy team within the BT Security Practice and as such is involved in the design of secure e-commerce applications, OSS systems and ICT Government contracts.
He is based at BT’s Advanced Communications Technology Centre Adastral Park, Martlesham Heath. He has more than fourteen years experience with IT Security with the past ten specialising in Internet Security, Secure Web Hosting ,e-commerce, secure application design, IDS/IPS technologies, Enterprise Security Architectures (ESA) and now cloud computing and virtualization technologies and solutions.
He was the Security Design Authority for BT’s Internet Data Centres for six years and for 3 years was the Chief Security Architect for BT’s London NHS Capital Care Alliance Project . This project delivered the applications to all the NHS Trusts in London as part of the NHS National Program for IT (NPfIT)
He is the founding author of BT’s Internet Security Strategy document, author of BT’s cloud computing security strategy and BT’s technical Cloud Computing Security standard. He is the companies cloud security Subject matter expert (SME), has delivered webinars on the subject and written internal papers for use by BT’s Cloud development programmes. He is a subject matter expert who contributed to the ENISA paper ‘Cloud Computing Risk Assessment’ please see :-
http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment
|
Mark D. Rasch, Esq. is the co-founder and Principal at SecureITExperts, Inc., a premier information security and privacy consulting company. He is a lawyer, and a recognized expert in the areas of protecting critical data and complying with laws, regulations and policies related to data protection, privacy, incident response and criminal law. He has worked for several technology companies, including FTI Consulting, Solutionary, Inc., and SAIC and was for almost 10 years the founder and head of the United States Department of Justice’s Computer Crime Unit, responsible for investigation and prosecution of computer and high-technology crimes, including the investigations of Kevin Poulesn, Kevin Mitnick and the prosecution of Robert Tappan Morris. He has taught courses in law and technology at Utica College, James Madison University, the University of Fairfax, the Washington College of Law at the American University, at George Washington University, at Catholic University School of Law and has lectured at Stanford University and Harvard University and Harvard Law School.
|
Dr. Eugene Schultz, CISM, CISSP, is the Chief Technology Officer at Emagined Security, an information security consultancy based in San Carlos, California. He is the author/co-author of five books, one on Unix security, another on Internet security, a third on Windows NT/2000 security, a fourth on incident response, and the latest on intrusion detection and prevention. He has also written over 120 published papers. Gene was the Editor-in-Chief of _Computers and Security_ from 2002 - 2007, is currently on the editorial board for this journal, and is an associate editor of _Network Security_. He is also a SANS instructor, senior SANS analyst, member of the SANS NewsBites editorial board, co-author of the 2005 and 2006 Certified Information Security Manager preparation materials, and is on the technical advisory board of three companies.
Gene has previously managed an information security practice as well as a national incident response team. He has also been professor of computer science at several universities and is retired from the University of California at Berkeley. He has received the NASA Technical Excellence Award, the Department of Energy Excellence Award, the ISACA John Kuyers Best Speaker/Best Conference Contributor Award, the Vanguard Conference Top Gun Award (for best presenter) twice, the Vanguard Chairman's Award, and the National Information Systems Security Conference Best Paper Award. A Distinguished Fellow of the Information Systems Security Association (ISSA), Gene has also been named to the ISSA Hall of Fame and has received ISSA's Professional Achievement and Honor Roll Awards.
While at Lawrence Livermore National Laboratory he founded and managed of the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC). He is also a co-founder of FIRST, the Forum of Incident Response and Security Teams. He is currently a member of the accreditation board of the Institute of Information Security Professionals (IISP). Dr. Schultz has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases.
|
John Sherwood BSc MSc CEng FBCS FIMC CMC CITP CISSP is a Director of idRisk with responsibility for developing the firm’s offerings in Operational Risk and Compliance Management. He has more than 36 years experience as an information-systems professional, the last 22 of which have been as a specialist in operational risk management and information security. He is also a leading expert in enterprise security architectures and information assurance and is the Chief Architect and main author of the SABSA methodology (see www.sabsa.org). The great majority of this experience is in the banking and financial services industry, but covers also aerospace, chemicals, media, oil & gas, retailing, government, military and telecommunications. John is a well-known speaker and author and has worked in many countries across Western and Eastern Europe, Scandinavia, North America, the Middle East, Australia, Africa and South East Asia.
|
Dr Malcolm Shore started his career in IT at International Computers Ltd (ICL) in 1969 prior to studying for his BSc in Computer Science and Mathematics at London University. He joined the New Zealand State Services Commission in 1974 and in 1976 took a commission in the RNZAF where he served as Chief Systems Programmer at Defence EDP and Staff Officer Policy & Plans in Defence Headquarters. On retiring from The RNZAF he took a position with the Government Communications Security Bureau where he became Director Information Systems Security. During this period he undertook research for his PhD in Information Systems Security at Otago University. Dr Shore is now Head of Security at Telecom NZ where he is responsible for Group end-to-end security.
|
Brad Smith, RN, ASCIE, BS-Psy MCNPS, CISSP, NSA-IAM became fascinated with computers in 1972 and hasn't burned out yet! In 1996 his software "2the BedSide" was a national Microsoft / HIMSS award winner. His company, the Computer Institute of the Rockies was selected as the 2005 Microsoft Small Business Solution Partner of the Year for their innovative and cost effective security solution for small business.
He is a frequent speaker at many security events, such as CSI, Interop, HIMSS and COSAC. Brad is also known as “theNURSE” doing presentations on Social Engineering, Interview and Interrogation, and virus construction based on Biomimicy at conferences such as Defcon and CIScon.
Brad has developed the skill to make complex ideas simple to grasp. His high-energy style of presenting and the real-world experiences he shares during these sessions makes Brad an entertaining and educational speaker on security.
|
Don Smith has worked in the IT industry for 18 years, starting his IT career with the groundbreaking Edinburgh University spin-off, Vision Group. After a successful flotation, Vision was acquired by STMicroelectronics where ultimately Don became responsible for security architecture and operations for this $8 billion enterprise. During his time at ST in Geneva, Don also worked on successfully integrating 14 acquisitions across 26 sites on three continents.
Don joined dns on returning to Scotland in 2005 and was instrumental in the construction of the dns identity management practice and the evolution of the dns MSS service portfolio. Don is regarded as an expert in the field of Identity and Access Management (IAM).
After the SecureWorks acquisition of dns in December 2009, Don now focuses on bringing SecureWorks’ threat intelligence and security messages to European clients as well as continuing to provide leadership across the varied technologies and application areas represented by the IAM umbrella.
|
Mike has been involved in Information Security and, previously, Computer Audit since the mid 1980s, largely working within the financial services sector. A number of years were spent as an independent consultant where his work involved managing the Information Security Department of a number of investment banks.
Since 2003, Mike has been a Senior Security Consultant with Ultima Risk Management, a UK based risk management consultancy. His work includes helping clients in achieving certification to ISO 27001, developing business continuity strategies and plans (including certification to BS 25999) and implementing data protection management systems.
Mike is also accredited by the British Computer Society to deliver the training for their ISEB qualifications, Practitioner Certificate in Information Risk Management, Practitioner Certificate in BCM and Certificate in Information Security Management Principles. Mike is qualified in these ISEB certificates and is an MBCI. A regular presenter at COSAC over the past 10 years, Mike was the recipient of the COSAC Award in 2006.
|
Richard Stiennon, is a security industry analyst. He writes the security blog ThreatChaos.com which is syndicated by InfoSecIsland and Forbes.com. He is the founder of IT-Harvest, an independent analyst firm that researches the 1,200 IT security vendors. He has held executive positions at Fortinet and Webroot Software. He was VP Research at Gartner, Inc. and Manager of Technical Risk Services at PricewaterhouseCoopers. He is the author of Surviving Cyberwar (Rowman&Littlefield, 2010).
Mr. Stiennon has presented in 28 countries on six continents his speaking engagements have included:
- AUSCert 2010
- RSA Conference 2009, 2010
- COSAC 2009
- FDIC 4th Annual Technology Conference
- Gartner symposia in Orlando, Denver, San Diego, San Francisco, Washington DC, Cannes, Tokyo, Mexico City, Sao Palo, and Tel Aviv
Mr. Stiennon earned a B.S. in Aerospace Engineering from the University of Michigan. He holds two patents.
|
Andrew S. Townley is the Founder and Managing Director of Archistry Limited, a professional services firm dedicated to helping clients find innovative ways to unlock hidden organizational value. He is an international speaker and author of several papers and articles on Enterprise Architecture, SOA and Information Assurance. Andrew has extensive experience in the Mobile & Wireless Telecommunications, Public Sector, Financial Services and Software industries and has worked with top-tier professional services firms including BearingPoint and Deloitte in delivering multi-million Euro projects.
Andrew is an active member of the SOA, Security and Knowledge Management communities, including holding the CISSP security certification and regularly speaking on these topics at conferences such as COSAC, worldwide OASIS events, InfoSeCon, InfoSecWeek and the SOA for E-Government conference hosted by the U.S. Federal SOA Community of Practice.
|
Tom Trusty is a banking security consultant and Information Systems Auditor. He has consulted to banks in Australia, New Zealand, Thailand, Hong Kong, China and the United States, and has been continuously involved with IBM mainframes since graduating with a degree in Mathematics from the University of Texas in 1980.
|
All content on this web site © 2010 COSAC
- All Rights Reserved -
|
|
