Click on a speakers name to view their Bio.

Dave Barnett

Commercial Director
Chris Blunt

Consulting Partner
(New Zealand)
John Czaplewski

Head of Professional Services
David Lynas Consulting
Pascal de Koning

Senior Security Consultant
(The Netherlands)
Mary Dunphy

Program Manager
Efrain Gonzalez

Enterprise Security Architect
Rob Hale

Lockheed Martin
G. Mark Hardy

National Security Corporation
Richard Hollis

Chief Executive Officer
Risk Factory
Lynette Hornung

Senior Privacy & Enterprise
Security Architecture Manager
Turner Consulting Group
Zbynek Houska

Security Consultant
Espion Group
Jaco Jacobs

Security Manager
(The Netherlands)
Silvia Knittl

IAM Solution Architect
Jason Kobes

Principal Cyber Architect
& Research Scientist
Kobes Infosec
Lisa Lorenzin

Principal Solutions Architect
Pulse Secure
David Lynas

COSAC Chairman
& CEO SABSA Institute
(Northern Ireland)
John O’Leary

O’Leary Management Education
Muhammed Z. Omarjee

Enterprise Security Architect
Standard Bank
(South Africa)
Conor O’Neill

Senior Security Consultant
Richard Peasley

Director of Enterprise
Solution Architecture
Blue Coat Systems
Matthew Pemble

Technical Director
Goucher Consulting
Vernon Poole

Head of Business Consultancy
Michael Price

Senior Consultant
Axenic Ltd
(New Zealand)
Mark Rasch

Chief Security Evangelist
Fabio Rosa

Senior Consulting Architect
Blue Coat Systems
Helvi Salminen

Information Security Manager
Gemalto Oy
Char Sample

William Schultz

Enterprise Architect
Vanderbilt University
John Sherwood

Head of SABSA Academy
SABSA Institute
Jacoba Sieders

Head of I&AM
(The Netherlands)
Pieter Siedsma

Security Architect
ING Bank
(The Netherlands)
Werner Thalmeier

Director Security Solutions
Esther van Luit

Cybersecurity Consultant
(The Netherlands)
Marc Verboven

Security Architect
ING Bank
Maarten van Wieren

Senior Manager
(The Netherlands)

    Dave Barnett Commercial Director, Zscaler (UK)    

Dave has worked in IT for 18 years, in security for 11 of those, he is a Commercial Director at Zscaler. Previously he has been security strategy director at Symantec and held similar roles at Thales eSecurity and McAfee prior to this. Dave currently works for zscaler a web security company as commercial director for the UK and Ireland. Dave is the co-author for PAS555 the UK’s national standard for Cyber Security.


    Chris Blunt Consulting Partner, Axenic (New Zealand)    

Chris is a Consulting Partner at Axenic Ltd, an independent security consultancy he co-founded in 2009. He is passionate about developing and delivering pragmatic information security strategies and architectures to ensure that they enable and support his clients in achieving their business goals and objectives.

Chris has a Masters in Information Management (MIM) and holds SCPA, SCPR, CISSP, CRISC, CISM, CISA and ISO/IEC 27001:2013 Lead Auditor certifications.


    John Czaplewski Head of Professional Services, David Lynas Consulting (USA)    

John Czaplewski has more than 14 years experience providing security program, risk management, and security assessment services to US federal agencies and commercial enterprises internationally.

He currently works as Head of Professional Services for David Lynas Consulting, leading the global consulting practice as well as regularly delivering SABSA Foundation and Practitioner training. He is also a Trustee of the Board of Directors of The SABSA Institute, SABSA's governing body.

John's areas of experience and expertise include: enterprise security architecture, enterprise risk management, NIST Cybersecurity and Risk Management Frameworks, cyber security for critical infrastructure protection, security solution architecture and design, FISMA compliance for the commercial sector, FISMA compliance readiness review, planning, implementation, and assessment, Security Authorization (Certification & Accreditation), Cloud Security, FedRAMP, and leveraging the large body of NIST-developed guidance and standards for commercial, non-profit, and state and local government.


    Pascal de Koning Senior Security Consultant, Ideas-to-Interconnect (The Netherlands)    

Pascal de Koning MSc CISSP SCF is a Senior Security Consultant with i-to-i. He is active participant of The Open Group TOGAF-SABSA integration work and has worked on information security projects for the Dutch central government, European Union and KPN, to name just a few. Pascal is a frequent speaker at conferences on the topics of Cyber Security and Enterprise Security Architecture. In his free time, Pascal likes to design and build solar air heaters.


    Mary Dunphy Program Manager, Vendor Solutions & Integrations, Google (USA)

Mary is Program Manager for Vendor Solutions/Integrations for Google headquarters in Mountain View, CA

Mary is the former CTO for Pro-Tec Design where clients included DHS, MSP, Best Buy Corp headquarters, City of Minneapolis, FBI and many departments at all levels of government. She also provided consulting services such as project/program management for Attorney General Settlement Agreement, Office of the Comptroller of the Currency as well as National Servicing Standards for Wells Fargo Bank. GLBA encryption remediation project for Target Corporation, Portfolio Manager for Cargill and USBank -Network Services and Program Manager for USBank Security Assessment -Application and Devices.

Mary has earned a Masters in Information Technology Management from Saint Mary’s University and is on the adjunct faculty there. On hiatis from the pursuit of her PhD in Management and Decision Sciences (currently in the EBD phase).

Mary holds a SABSA Practitioner certificate among many other industry certifications and has previously presented at several annual COSAC conferences.


    Efrain Gonzalez Enterprise Security Architect (USA)    

Efrain Gonzalez is an Enterprise Security Architect currently employed in the financial industry.

Efrain comes from a network engineering background and has over 20 years of information security experience. Areas of specialization include enterprise security architecture, network security, Smart Grid cybersecurity, and regulatory compliance. Most recently, Efrain worked for Marengo Systems, a cybersecurity and compliance consulting firm in Southern California. Efrain recently completed a Systems Engineering certification program through the University of California at Irvine and has a new found appreciation for the application of systems engineering principles to information security especially as they pertain to emergent properties of complex systems.

Efrain is a Distinguished Toastmaster (DTM) and has spoken at COSAC on the subject of Emergent Security. He has also spoken at various conferences such as Grid-Interop, Grid Week and CS Week on the topic of Smart Grid cybersecurity. Efrain is a certified SABSA Chartered Security Architect at the foundation and practitioner levels (SCF, SCPA and SCPR). Efrain is currently working toward his SABSA Master (SCM) certification. Efrain holds a Bachelor of Science degree in Electrical Engineering from Stanford University.


    Rob Hale Lockheed Martin (USA)    

Rob is a Lockheed Martin Fellow with over 25 years of experience in information systems and security. During his career he has been responsible for conducting and supporting information assurance and cyber security activities for federal, state, and commercial organizations in the defense, law enforcement, financial services, utility and healthcare industries. Additionally, he has designed and implemented secure networks to support nuclear emergency response teams in the Former Soviet Union, to support secure e-banking applications for three of the top five banks in the United States, and to enforce privacy laws for a Swiss private bank. Since joining Lockheed, Rob has led security architecture and certification and accreditation efforts for customers in the law enforcement and intelligence communities.  He is currently leading information assurance research and development activities for Lockheed’s Mission Systems Development group in the areas of embedded hardware security, anti-tamper technologies, self-defending and self-healing networks, secure virtual architectures and disparate event correlation technologies. Prior to coming to Lockheed Martin, Rob led efforts to develop the Security Architecture and Implementation methodologies for Ernst & Young and KPMG, serving as the National Leader of Security Architecture Services for Ernst & Young’s eSecurity Services Practice and the Global Lead for Enterprise Identity Management for KPMG. Additionally, Rob led Information Technology audit teams in support of financial audits and Sarbanes-Oxley compliance teams at both Ernst & Young LLP and KPMG LLP.  Rob has been an active contributor and presenter at numerous industry conferences and round tables and has a Master’s Degree in Information Assurance.  In addition to pursuing a doctoral degree in Cyber Security, Rob has achieved multiple industry certifications including the CISSP-ISSAP, Certified Ethical Hacker and the Lockheed Martin IISA certification in Information Assurance.


    G. Mark Hardy President, National Security Corporation (USA)    

G. Mark Hardy serves as President of National Security Corporation, an information security management consulting firm he founded in 1988. He has been providing cyber security expertise to government, military, and commercial clients for over 30 years, and is the author of over 100 articles and presentations on security, privacy, and leadership. He serves on the U.S. National Science Foundation's CyberWATCH Advisory Board, and is a retired U.S. Navy Captain. He wrote and taught information operations curriculum for NATO military officers. A graduate of Northwestern University and the U.S. Army War College, he holds a BS in Computer Science, a BA in Mathematics, a Masters in Business Administration, a Masters in Strategic Studies, and is designated as a Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM).


    Richard Hollis Chief Executive Officer, Risk Factory (UK)    

Richard Hollis has been the Chief Executive Officer/Receptionist at Risk Factory Ltd since its inception and hasn’t had a night’s sleep since. His dream if he could remember it, is to design and deliver simple, cost-effective information risk management services that don’t stick to the roof of your mouth.

Born at a very young age, he was voted “Most Likely to Take a Life” at Our Lady of Perpetual Guilt Elementary School in 1968. A gifted child, Richard took up amateur dentistry at age 7 and was performing extractions and routine root canals on friends and neighbourhood cats throughout middle school. Turning down the coveted “Nijinsky Scholarship” from the Bolshoi Ballet in 1973, Richard wrote the original screenplay for “Star Wars” but refused screen credit due to “creative differences” with Carry Fisher. After a brief stint with the Black Panthers in the late 70s, he worked as a deckhand on the Calypso for Jacques Cousteau until his dismissal for refusing to smoke and wear one of those little French swimsuits.

Over the course of his career Richard has served as a professional hairstylist, a prison guard in a women’s correctional facility, a Domino’s Pizza “Cheese Technician”, a freelance bounty hunter, a rodeo clown and a neutron particle accelerator physicist all while pursuing his lifelong obsession with origami.

A man of mystery and power, whose power is exceeded only by his mystery, Richard has presented to hundreds of audiences across the world on a wide variety of information risk management and bridal cake design techniques. As a recognised industry authority, he has plagiarised numerous articles and white papers and can calculate π to two decimal places. He has also appeared in a variety of news, television and print media including the BBC, MSNBC, Jerry Springer, the Home Shopping Network, Keeping Up With the Kardashians, Quaker Kickboxing Quarterly, Guns & Ammo magazine and others. Every mistake he ever made in life got him to where he is now.


    Lynette Hornung Senior Privacy & Enterprise Security Architecture Manager, Turner Consulting Group (USA)    

Lynette Hornung-Kobes is currently a Senior Privacy and Enterprise Security Architecture Manager with Turner Consulting Group. I have my CIPP (Certified Information Privacy Professional) and SABSA SCF (Foundation) and SCPA and SCPR (Practitioner’s in Architecture and Design and Risk Management) Certifications. I have a Master of Science in Information Assurance from Iowa State University, a NSA Center of Excellence, as well as a Master of Arts in Political Science from Iowa State University. I have provided project leadership to a variety of Department of Justice components, including the Office of the Solicitor General, Interpol and the Office of the Chief Information Officer with security and privacy services. I have worked with a variety of federal agencies, including OMB and Treasury. I am applying enterprise security architecture, privacy and security solutions and services in my current position.

I was a contributing author to two books on Identity Theft by Dr. Steffen Schmidt and Michael McCoy, including “Who is You?” and “The Silent Crime: What You Need to Know About Identity Theft”. I have been an invited speaker at various computer security conferences, including COSAC, NetSec, the Computer Security Institute and the Cyber Information Security Conference where she has presented on various topics dealing with security and privacy. She was top speaker at the Cyber Information Security Conference.


    Zbynek Houska Security Consultant, Espion Group (Ireland)    

Zbynek Houska is an information security professional with 12+ years of hands on experience in enterprise / data centre and service provider networking, programming, network and system security. He is currently specialising in infrastructure penetration testing, security testing and reviews at Espion. Zbynek holds MSc. in Information Security.


    Silvia Knittl IAM Solution Architect, Accessec (Germany)    

Dr. Silvia Knittl is an Identity & Access Management (IAM) Solution Architect at the accessec GmbH. She has over ten years of experience in this field and a comprehensive knowledge both of management and governance aspects of IAM. For several years she was responsible for IAM and IT service management at the Leibniz Supercomputing Centre – supporting the whole application lifecycle starting from design, to implementation, running and maintenance. She holds a doctoral degree from the Technische Universität Müchen and a diploma in Informatics from the Ludwig-Maximilians-Universität München. Her main focus now is on business-driven security architecture based on standards like SABSA, COBIT or TOGAF. She wrote several IT-related articles and is invited regularly as a speaker at seminars or conferences.


    Jaco Jacobs Security Manager, Accenture (The Netherlands)    

Jaco has been a “security guy” for around 17 years during which time he has provided security services to a number of companies in Africa, Europe, the Middle East and the US on behalf of companies such as ISS, Symantec, IBM and Accenture, where he is currently part of the security practice in the Netherlands. A large part of his career at IBM and Accenture was spent developing security IP and services and he also co-authored two Redbooks while at IBM.


    Jason Kobes Principal Cyber Architect & Research Scientist, Kobes Infosec (USA)    

Jason Kobes works as a Principal Cyber Architect & Research Scientist. Jason has over eighteen years of experience concentrated in information systems design analytics, business/mission security architecture, enterprise risk management, information assurance research, and business consulting. Jason has a Master's of Science in Information Assurance (MSIA) and a Bachelor's of Science in Computer Science from Iowa State University. Jason holds a SABSA Practitioner of Risk and Governance as well as Architecture. Jason's areas of research are cloud security architecture, accountable anonymity systems and applying actionable enterprise security architecture. Jason has recently spoken about security, enterprise security architecture and business process & architecture improvement methods at the SABSA World Congress, the Computer Security Institute (CSI) annual conferences and the Cyber Information Security Conference (CISCON). Jason also is an Enterprise Security Architecture instructor for the Zachman/FEAC Institute, SABSAcourses and Cyber Academy.


    Lisa Lorenzin Principal Solutions Architect, Pulse Secure (USA)    

Lisa Lorenzin is a Principal Solutions Architect with Pulse Secure, specializing in security and mobility solutions, and co-chair of Trusted Network Connect, a work group of the Trusted Computing Group that defines an open architecture and standards for endpoint integrity and network security. She has worked in a variety of Internet-related roles since 1994, with more than a decade of that focused on network and information security, and is currently concentrating on enterprise security including network segmentation, end-to-end identity-based access control, and integration of mobile security.


    David Lynas COSAC Chairman & CEO SABSA Institute (Northern Ireland)    

David Lynas, the COSAC Founder and Chairman, is currently enjoying his thirty-third year of experience in Information Security, during which he has been invited to provide strategic advice to governments and industry clients on every continent. A globally renowned Enterprise Security Architect, Security Strategist, and Thought-Leader, he has been awarded Fellowship of the British Computer Society and is the only non-American ever to be honoured with the prestigious Computer Security Institute Lifetime Achievement Award.

He is the co-author of SABSA (the world’s leading free-use, open-source Security Architecture Methodology) and the CEO of the SABSA Institute charged with providing assurance and confidence over the competencies of SABSA Security Architects.

A widely-published author and commentator, his articles have appeared in publications such as CSI Alert, Information Security Bulletin and the BCS publication Information Security Now. He has served on the editorial board of Computers & Security magazine and has authored a series of opinion columns for SC Magazine. David has been quoted widely in the media and major trade and broadsheet press, including: BBC Television, BBC Radio Ulster, Independent Television News, The Irish Times, ITs Monday, Wired.com, CIO Magazine, Technology Ireland, Korea News and the Harvard Business Review.


    John O’Leary President, O’Leary Management Education (USA)    

John O'Leary, CISSP, is President of O’Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John was the recipient of the 2004 COSAC award and the 2006 EuroSec Prix de Fidelite. He has never been convicted of anything really serious or run for public office.


    Muhammed Z. Omarjee Enterprise Security Architect, Standard Bank (South Africa)    

Muhammed Zubayr (Mz) Omarjee is an Enterprise Security Architect,  that is responsible for the Information Security Architecture practice within the Enterprise Technology Architecture and Design(ETAD) division of Standard Bank Group, South Africa. In this capacity, he plays a pivotal role  as a change agent, driving a transformation strategy to re-shape the  information security practice as  a business driven and risk oriented discipline to support various lines of business units across 17 countries, both regionally and globally.

Together with 15 years of experience in the banking and IT sectors,  Muhammed Zubayr(Mz) has architected and delivered a  diverse portfolio of successful  IT projects, ranging from innovative mobile and speech banking solutions, been instrumental in key enterprise wide IT initiatives  as it relates to establishing an enterprise architecture practice, defined strategies and sequenced roadmaps for replacing legacy mainframe core banking  platforms, drove the  implementation of  a strategic enterprise wide Identity and Access Management initiative, as well as designed  a  multi-channel architecture aiming to integrate vertical and horizontal business domains within Standard Bank.

As part of an international team Muhammed Zubayr(Mz) has written extensively, and has contributed to the global IT community by co-authoring a couple of  technical  books and research  papers on the subject of  Pervasive and Mobile Technologies in the early 2000's. Furthermore,  he has also been invited as a guest speaker to local and international conferences, as well as being  nominated as an intra-company workshop facilitator to provide thought leadership on  applying emerging architectural practices to solve banking related IT challenges.


    Conor O’Neill Senior Security Consultant, Espion (Ireland)    

Conor is a senior security consultant with Espion and has been with the company for over a year. With 8 years information security experience, including 5 years as a CREST certified penetration tester, Conor will make use of his real-life experiences to present this talk.


    Richard Peasley Director of Enterprise Solution Architecture, Blue Coat Systems (USA)    

Richard Peasley, Director of Enterprise Solution Architecture for Blue Coat Systems Inc, has over 33 years of Industry experience primarily in security and enterprise systems management. Richard has worked for Control Data, EDI-Soutions, CapGemini, Gateway, and most recently BMC Software before joining Blue Coat in 2013. He has personally directed and delivered professinal services to many of the Global Forbes 500. He has writen and published several books and holds 5 Patents as well as ESCA and CHFI certifications. Past experience also includes IT service management certification training in ITIL V2 V3, and is an ITIL Expert.


    Matthew Pemble Technical Director, Goucher Consulting (UK)    

Matthew Pemble is a recognised leader in information security, particularly in governance, incident management and compliance. Having worked in the consultancy, government and finance sectors, dealing with the operation security of a major international bank and with the security requirements of billion-dollar projects, he is expert in the aligning of information security with innovative business solutions.

A regular speaker at international conferences and a regular author for professional journals, the trade and mainstream press, he is a visiting lecturer at a number of UK universities and an industry expert on online banking security.

Matthew specialises in assisting organisations to develop operational security models to fulfil complex regulatory and contractual requirements and to ensure that business can operate effectively within the chosen controls framework. Working with executive, risk and technology managers, as well as with compliance teams and CSOs / CISOs, he helps to deliver pragmatic and effective operational security. He also acts as a usability and product development advisor to a number of security vendors, having helped to develop market leading products in the vulnerability analysis, risk management and internet security fields.

With over 20 years of experience in security, his clients include international financial organisations, government and military, health, manufacturing and service sector organisations. He has worked in the United States, Europe, the Middle East and the Pacific Rim, delivering training, risk analysis and business services, as well as specialist security consultancy.

A Fellow of the British Computer Society, Chartered Engineer, Member of the Institute of Information Security Professionals and of the Institute for Engineering and Technology, Matthew takes an active role in the development of the security profession and supports future professionals through a number of school, university and professional mentoring programmes. He has a BEng in Electrical and Electronic Engineering from Heriot-Watt University in Edinburgh, and is a qualified CISSP and ISO 27001 Lead Auditor.


    Vernon Poole Head of Business Consultancy, Sapphire (UK)    

Vernon is Head of Business Consultancy, at Sapphire – a leading UK Trusted Security Integrator, addressing information governance and all best practice standards on information security management and associated areas (including ISO27000 series; ITIL; & COBIT).

He is a member of ISACA’s COBIT 5 Task Force, a CISM/CRISC/CGEIT trainer and a frequent speaker at ISACA global conferences. He is a thought leader on Business Model for Information Security (BMIS). He was the EuroCACS/ISRM Conference Taskforce Leader in 2013.

Vernon is a subject matter expert on a wide range of topics, from Information Security Governance, ISO27001, COBIT5 and BCP. He is also a respected CISM & CRISC trainer for ISACA in UK/Europe.

At Sapphire, Vernon has worked with many organisations in developing tailored Information Security Governance models to enable clients to benchmark their information security improvements.

Vernon started in consultancy with Capita and has over 20 years experience in information security management consultancy and training. He has also worked in the public sector and with Aid to Industry (UK audit and security training group)—the latter being acquired by Deloitte which resulted in Vernon becoming the European IS leader performing assignments for blue chip companies across Europe and Middle East, with reviews also in USA & South America.

Vernon is also a founder member of the UK & International 27001 User Groups and a recognized UK adviser to the government and private sector.

Vernon was awarded the John Kuyers Award for Best Speaker/Conference Contributor in 2012 by ISACA.


    Michael Price Senior Consultant, Axenic Ltd (New Zealand)    

Michael is a Consultant at Axenic Ltd. He is enthusiastic about security architecture and exploring how different methodologies and techniques can be used to achieve business outcomes.

Michael has a Postgraduate Diploma in Computer Security and Forensics from the University of Canterbury and holds SCF, CCSK and Information Security Management System (ISMS) Lead Auditor (ISO/IEC 27001:2013).


    Mark Rasch Chief Security Evangelist, Verizon (USA)    

Mark Rasch is the Chief Security Evangelist for Verizon Enterprise Solutions (VES) where he helps develop strategy and messaging for the Information Security team. Rasch’s career spans more than 30 years of corporate and government cybersecurity, computer privacy, regulatory compliance, computer forensics and incident response. He is trained as a lawyer and recognized author of numerous security- and privacy-related articles. He teaches courses in cybersecurity, law, policy and technology at various colleges and Universities including the University of Maryland, George Mason University, Georgetown University, and the American University School of law.

Prior to Verizon, Rasch had worked at cyberlaw editor for SecurityCurrent.com, as Chief Privacy Officer for SAIC, and as Director or Managing Director at various information security consulting companies, including CSC, FTI Consulting, Solutionary, Predictive Systems, and Global Integrity Corp.

Earlier in his career, Rasch was with the U.S. Department of Justice where he led the department’s efforts to investigate and prosecute cyber and high-technology crime, starting the computer crime unit within the Criminal Division’s Fraud Section, efforts which eventually led to the creation of the Computer Crime and Intellectual Property Section of the Criminal Division.

He is a frequent commentator in the media on issues related to information security, appearing on BBC, CBC, Fox News, CNN, NBC News, ABC News, the New York Times, the Wall Street Journal and many other outlets.


    Fabio Rosa Senior Consulting Architect, Blue Coat Systems (USA)    

Fabio Rosa, Senior Consulting Architect for Blue Coat Systems Inc, has over 16 years of experience in security and networking. He gained his professional experience working as a systems engineer and expert at Telefonica, Tellabs Inc and Blue Coat in Latin America. Fabio is currently work on the Enterprise Solution Architecture team at Blue Coat North America leading the development of programs that help customers adopt the best practices in security and networking architecture. Past experience includes security management, penetration testing and network administration.


    Helvi Salminen Information Security Manager, Gemalto Oy, (Finland)    

Helvi Salminen has worked full-time in information security since June 1990, first as security analyst and since April 2000 as information security manager. Before starting information security tasks she has 12 years experience in systems development.

Cooperation with colleagues is an important asset for security professionals. Helvi is founder member of Finnish Information Security Association which celebrated its 10th anniversary in 2007. Helvi is qualified CISA (1992), CISSP (1998), SABSA chartered security architect – foundation level (2008) and was one of the first to achieve Master of Security in 2003 (PD program in Helsinki University of technology lifelong learning centre Dipoli – now part of Aalto University). She has been the program manager of information security training in Dipoli in 2003-2008, and has given presentations in several information security seminars. She was awarded by Finnish Information Security Association as CISO of the year in Finland 2014.


    Char Sample Researcher, Mitre (USA)    

Dr. Char Sample is has over 19 years of experience in the information security industry, and presently works for CERT at Carnegie Mellon University where she supports various cyber efforts. Dr. Sample recently defended her dissertation on “Culture and Computer Network Attack Behaviors” at Capitol College in Laurel, Maryland.“ Other areas of research interest include: Cloud Computing, Anomaly Detection methods, Big Data, and DNS.


    William Schultz Enterprise Architect, Vanderbilt University (USA)    

Bill Schultz is an enterprise architect who has worked in the Information Technology field for over 13 years, with the past 8 focusing on Enterprise Architecture, Security Architecture, Risk Management, and Compliance. This work has involved building a security program, a risk management program and the development of strategic organizational architectures and technical system architectures. Bill has led multiple risk management and security architecture initiatives to build secure systems that meet compliance with Federal, Healthcare, or Payment Card Industry Standards. His focus is on using strategic architecture and risk management frameworks to design and implement secure and compliant IT systems that will enable the organization to meet business objectives.

He has presented on his work with FISMA compliance, enterprise risk management, and security architecture at both national and international conferences. Bill currently volunteers for the SABSA Institute and is actively working with peers to lead initiatives aimed at improving the security architecture community and mentor new members. Bill has earned a Master's of Science in Computer Information Systems. His certifications include the Certified Information System Security Professional (CISSP), SABSA Foundation (SCF), SABSA Risk, Assurance, and Governance Practitioner {SCPR), and SABSA Architecture and Design (SCPA) credentials. Bill was the first professional in the USA to gain the SABSA Master (SCM) credential.


    John Sherwood Head of SABSA Academy, SABSA Institute (UK)    

John Sherwood is a Consulting Fellow at Sherwood Associates Limited bv in The Netherlands, where he is the thought-leader in the development and deployment of information risk management services. He is also the Head of the SABSA Academy at The SABSA Institute. He has 40 years experience as an information-systems professional, the last 26 of which have been as a specialist in operational risk management and information security. He is also a leading expert in enterprise security architectures and information assurance and is the Chief Architect and main author of the SABSA methodology (see www.sabsa.org). The great majority of this experience is in the banking and financial services industry, but covers also aerospace, chemicals, construction management, media, oil & gas, retailing, government, military and telecommunications. John is a well-known speaker and author and has worked in many countries across Western and Eastern Europe, Scandinavia, North America, the Middle East, Australia, Africa and South East Asia.


    Malcolm Shore Technical Director Applied Intelligence, ISS, BAE Systems (Australia)    

Dr Shore was born in England and started his IT career with International Computers Ltd. He emigrated to New Zealand and served in the RNZAF as an IT specialist in applications, mainframe systems programming, and policy. On retiring from the RNZAF he headed the Information Security Division at the Government Communications Security Bureau, and concurrently completed his PhD in information security. During this time he was responsible for the introduction of ISO 27000 and the Common Criteria into New Zealand.

After heading the design and development of commercial landline, satellite, and radio encryption products in an electronics startup in Christchurch, New Zealand, Dr Shore took the position of Head of Security at Telecom NZ where he introduced ISO 27011 and the SABSA frameworks, and was responsible for the Sarbanes Oxley and PCI security compliance activities. Dr Shore relocated to Australia in 2011 where he was Principal Security Officer at the Australian National Broadband Network Company for three years. He is now Technical Director (Australia) at BAE Systems Applied Intelligence.

Dr Shore has held an adjunct position as Senior Fellow at Canterbury University, Christchurch and is currently an adjunct Professor at Deakin University, Melbourne and at the Australian Defence Force Academy campus of the University of New South Wales. He is also the Director of Education for the Australian Information Security Association and is an author on cybersecurity issues for Lynda.com.


    Jacoba Sieders Head of I&AM, ABN AMRO Bank (Netherlands)    

Drs. Jacoba Sieders - security architect and certified auditor - dedicated to Identity- and Access Management 15 years ago in a global role for the ING Group. After that she lead the global security integration team for Rabobank International. In her current position as global Head Identity- & Access Management in the Corporate Information Security Office at ABN AMRO Bank, she is accountable for all digital identities and digital access management for both customers and employees throughout the bank worldwide. Her experience ranges from setting up global identity infrastructures, creating one e-id for a multinational bank across 60 countries, developing the related legal data protection framework, introducing role-based, developing models for functional management, data quality, and attribute based access management for Service Oriented Architectures and data centric security. Jacoba is also knowledgeable on European and international privacy legislation. She is a member of the advisory board of the platform IDNext, an independent European think-tank focusing on all relevant areas related to digital identities, is involved in the EU Digital Agenda Initiatives, and is driving innovation and new concepts for identity strategies within, but also outside ABN AMRO Bank.


    Pieter Siedsma Security Architect, ING Bank (Netherlands)    

Pieter is a security architect who uses a practical approach to handle the old and the new threats (are they really new???) to the digital world. He currently works for the CISO office of ING and before that he worked in various other parts of ING including, CCERT, Insurance, the technical design authority.

Pieter was the first certified SABSA practitioner in the Netherlands, and he uses SABSA as a source of inspiration. Pieter uses COSAC for many years to convince himself that he is not completely nuts.


    Werner Thalmeier Director Security Solutions EMEA & CALA, Radware (Germany)    

Werner Thalmeier is active in the IT industry for over 20 years, with extensive field experience of work with vendors, customers, technology partners and resellers in various management and engineering positions.

As Director of Security Solutions EMEA & CALA Werner Thalmeier is responsible to drive the Security Product Strategy for Radware in EMEA and work closely with partners, customers and the IT Security community.

Before joining Radware Werner Thalmeier was heading the global product management team at M86 Security as VP of Product Management and was responsible for the overall security product strategy. At Finjan he was also VP of Product Management and responsible for the global Secure Web Gateway business and as Director of global Sales Engineering he managed the world wide SE team. Prior to that, Werner acquired a vast experience on customer sites as CIO. Mr. Thalmeier holds a degree in communication engineering.


    Esther van Luit Cybersecurity Consultant, Deloitte (The Netherlands)    

Esther van Luit is a cybersecurity consultant for Deloitte Netherlands. Combining hands on experience in the cybersecurity industry with university degrees in Economics and Management, she understands how to tie boardroom discussions and business needs to cybersecurity. Esther specializes in the Cybersecurity as a Social Construct, looking at developments in Cyber as a field, human error, security awareness and Cybersecurity policy making. Together with her colleagues at Deloitte, she is part of the project seeking to turn the WEF’s Cyber Value-at-Risk concept into an implementable cybersecurity environment assessment with quantifiable results. Furthermore, by continuing her (by origin, Master Thesis) research on skill gaps and skill acquisition methodologies in her current cybersecurity career, she seeks to build a methodology and framework for defining cybersecurity skills in high demand, and ways to address the excessive demand for cybersecurity talent in the job market. Lastly, she is actively involved in stimulating participation of women and of those with a non-IT background in the cybersecurity sector, based on the view that increased diversity will make for a healthier cybersecurity industry. As a young and ambitious woman in cybersecurity, she hopes to bring unusual and unorthodox points of view to this symposium.


    Marc Verboven Security Architect, ING Bank (Belgium)    

Marc Verboven is an experienced IT security architect with over 30 years of experience. After obtaining a PhD in Physics in he worked in process information and process control with Dow Chemical at Terneuzen (NL). After eight years in this challenging environment Marc changed course and joined a consultancy company, Cimad that became later part of IBM. Here he witnessed the start of the internet and all the related technologies and interesting evolutions that have lead us to the current state of cybersecurity. In IBM Marc was also one of the first European consultants trained in IBM's security methodology.

In 1999 he left IBM to work for Ubizen, a high tech company specialized in the field of developing products in the area of Identity & Access Management. During this period Marc also worked for one year in the US subsidiary of Ubizen. After returning to Belgium in 2001 he decided to leave Ubizen temporarily for one year to try out a career as an independent consultant, specialised in e-business and security solutions. In January 2003 he finally joined ING where he started working on projects in the area of Retail & Commercial Banking Channels, acting both as a security & application architect. Since 2006 Marc is member of the Enterprise Architecture group of ING with continued focus on the area of Risk & Security. Currently the focus of Marc is on developing reference architectures that balance global governance versus local solutions."


    Maarten van Wieren Senior Manager, Deloitte (The Netherlands)    

Maarten van Wieren is a senior manager in the Risk Advisory practice of Deloitte, based in The Netherlands. He contributed to the World Economic Forum working group on cyber risk quantification and leads the cyber risk quantification team, which combines financial risk modelling approaches with analytics methods as well as cyber risk management insights. His experience stems from consulting work as well as from working for a major international insurance company. He holds a PhD in theoretical physics, specializing in complex systems.


Copyright © 2015 COSAC - All Rights Reserved -