COSAC 2015 Speaker line-up will be displayed once confirmed
please check back soon


Click on a speakers name to view their Bio.

John Arnold

Chief Security Architect
Cap Gemini
Dave Barnett

Commercial Director
Chris Blunt

Consulting Partner
(New Zealand)
Glen Bruce

Managing Specialist
Vicente Aceituno Canal

Managing Director
Andy Clark

Managing Director
Primary Key
Pascal de Koning

Senior Security Consultant
(The Netherlands)
Mary Dunphy

Vendor Solutions & Integrations
Roy Follendore III

Ajit Gaddam

Chief Security Architect
Vince Gallo

Managing Director
Residual Data
Efrain Gonzalez

Enterprise Security Architect
Marengo Systems
David Hafele

Principal Analyst & Enterprise Architect
Whitney, Bradley & Brown
G. Mark Hardy

National Security Corporation
John Hetherton

Information Governance Team Lead
Andrew Hutchinson

Executive Director
of Strategy and Planning
Vanderbilt University
Siân John

Security Strategist
Nima Khamooshi

Chief Enterprise Security Architect
Booz Allen Hamilton
Jason Kobes

Principal Cyber Security Architect
Northrop Grumman
Ian Latter

Bevan Lane

Independent Consultant

(South Africa)
Andrew Lea

Primary Key
Lisa Lorenzin

Principal Solutions Architect
- Security & Mobility
Juniper Networks
David Lynas

COSAC Chairman
& CEO SABSA Institute
(Northern Ireland)
Ross MacKenzie

Head of Security Governance
WestPac Bank
Lunga Newman

Lead Architect
(South Africa)
John O’Leary

O’Leary Management
Mohammed (Mz) Omarjee

Enterprise Security Architect
Standard Bank Group
(South Africa)
Helvi Salminen

William Schultz

Enterprise Architect
Vanderbilt University
John Sherwood

Head of SABSA Academy
SABSA Institute
Maurice Smit

(The Netherlands)
Ross Spelman

Managed Security Services Manager
Richard Stiennon

Chief Research Analyst
IT Harvest
Andrew S. Townley

Founder & Chief Executive
(South Africa)
John Walker

Director CSIRT
& Cyber Forensics
Integral Security Xssurance

    John Arnold Chief Security Architect, Cap Gemini    

John Arnold is a leading-edge computer security specialist, with over 20 years experience in the computer security area where he has been involved in many aspects of security, including architecture, design, assurance, and penetration testing. He has worked in many sectors over his career, particularly Central Government, Finance, and Utilities.  He likes to work on demanding projects, particularly those where he can bring order to security chaos.

He now works as a security consultant for Capgemini, a large global IT services company, where he heads up the security architecture competency in the UK.

He qualified as a SABSA practitioner in 2012 and is strongly influenced by the SABSA approach. He was a board member of the Jericho Forum and a contributor to the Cloud Security Alliance’s guidance on cloud computing security, v2 and v3.

    Dave Barnett Commercial Director, Zscaler    

Dave has worked in IT for 18 years, in security for 11 of those, he is a Commercial Director at Zscaler. Previously he has been security strategy director at Symantec and held similar roles at Thales eSecurity and McAfee prior to this. Dave currently works for zscaler a web security company as commercial director for the UK and Ireland. Dave is the co-author for PAS555 the UK’s national standard for Cyber Security.

    Chris Blunt Consulting Partner, Axenic    

Chris is a Consulting Partner at Axenic Ltd, an independent security consultancy he co-founded in 2009. He is passionate about developing and delivering pragmatic information security strategies and architectures to ensure that they enable and support his clients in achieving their business goals and objectives.

He is currently developing an Enterprise Security Architecture for a government agency using the SABSA Framework. His recent engagements include providing security advice to the New Zealand Government Cloud Program where he wrote the Cloud Computing: Security and Privacy Considerations and Risk Assessment Process: Information Security guidelines, which have been published by the Government Chief Information Officer.

Chris has a Masters in Information Management (MIM) and holds SCPA, SCPR, CISSP, CRISC, CISM and CISA certifications. He is currently working on his SABSA Master Thesis, which he hopes to have completed before he attends COSAC.

    Glen Bruce Managing Specialist, Deloitte    

Glen Bruce is focused on Security Strategies, Architectures and Policies supporting business and governments in their approach to managing information security risk. He has over 39 years of in-depth experience in information security consulting, systems management and technical positions. He has lead many information security engagements, where he has helped clients establish effective strategies, governance, architectures, policies and infrastructure implementations in support of both business and technical requirements. He is also the co-author of the book, "Security in Distributed Computing: Did You Lock the Door" published by Prentice-Hall. His experience and knowledge has taken him around the world to assist organizations with information security issues.

Glen is a Certified Information Systems Security Professional (CISSP), a Certified Information Security Manager (CISM), certified in Risk and Information Systems Control (CRISC), a trained ISO 27001 Lead Auditor, a certified ITIL practitioner and is a SABSA Certified Practitioner in Risk Management and Governance (SCPR) and Architecture Design (SCPA).

    Vicente Aceituno Canal Managing Director, Inovement

President of the Spanish chapter of the Information Security Systems Association; Member of the Security Forum Steering Committee of The Open Group; Secretary of the Spanish Chapter of the Association of Enterprise Architects; ISMS Forum Member; Managing Director of Inovement Spain; R&D Director of ISQWorld, experienced Information Security Manager and Consultant with broad experience in outsourcing of security services and research. His focus is information security outsourcing, management and related fields like metrics and certification of ISMS.

    Andy Clark Managing Director, Primary Key    

Andrew's career in the information security industry started in 1984 when he joined Open Computer Security as Research & Development Manager for the company's range of commercial encryption products aimed at the banking and finance sector. Subsequently he joined Logica's Secure Systems Division where he was responsible for the business and technical success of a range of secure programmes in the government sector. Since the mid 1990's he has been involved in five new business start-ups in secure systems development and analysis and computer and cryptographic forensics. In 2010 he left Detica, where he was Head of Forensics, to found his latest venture, Primary Key Associates Limited, a multidisciplinary team that specialises in addressing a wide range of information security and forensics challenges from physical to cyber security. His current research interests include the challenges of successfully acquiring and forensically analysing increasing levels of data stored in mobile and cloud based systems. He is an experienced expert witness and has prepared and given evidence in chief in a wide range of civil and criminal cases in the UK courts. He maintains a particular interest in cryptographic research and served on the Board of Directors of the International Association for Cryptologic Research (I.A.C.R.) for seventeen years. The membership elected him Vice President between 1995 and 2001 and subsequently elected him President of the Association between 2002 and 2007. In 2010 he was awarded Fellowship of I.A.C.R. He is a co-author of the book 'Enterprise Security Architecture: A Business Driven Approach'. He is a Director and Trustee of The National Museum of Computing at Bletchley Park.


    Pascal de Koning Senior Security Consultant, Ideas-to-Interconnect    

Pascal de Koning MSc CISSP SCF is a Senior Security Consultant with Ideas to Interconnect. He is active participant of The Open Group TOGAF-SABSA integration work and has worked on information security projects for the Dutch central government, European Union and KPN, to name just a few. Pascal is a frequent speaker at conferences on the topics of Cyber Security and Enterprise Security Architecture. When not working, Pascal loves to go running.

    Mary Dunphy Program Manager, Vendor Solutions & Integrations, Google    

Mary is Program Manager for Vendor Solutions/Integrations for Google heaadquarters in Mountain View, CA

Mary is the former CTO for Pro-Tec Design where clients included DHS, MSP, Best Buy Corp headquarters, City of Minneapolis, FBI and many departments at all levels of government. She also provided consulting services such as project/program management for Attorney General Settlement Agreement, Office of the Comptroller of the Currency as well as National Servicing Standards for Wells Fargo Bank. GLBA encryption remediation project for Target Corporation, Portfolio Manager for Cargill and USBank -Network Services and currently Program Manager for USBank Security Assesment -Application and Device.

Mary has earned a Masters in Information Technology Management from Saint Mary’s University and is on the adjunct faculty there. On hiatis from the pursuit of her PhD in Management and Decision Sciences (currently in the EBD phase).

Mary holds a SABSA Practitioner certificate among many other industry certifications and has previously attended the 17th annual COSAC conference.

I have always been more attracted to working with big fundamental problems than wealth and positions with important titles. I would like to think I remain true as an artist, writer, poet and free thinker who believes leading our future involves the development resolution of theory and the development to language to support thinking, embracing complexity leads to a more intelligent utilization of resources, and that security is not the same thing as secrecy. I am a firm believer that because of technology matrix management is more important today than vertical management and that organizations have not caught up. I also believe that society has no choice but to improve our applied technological philosophies because the existence of humanity depends on it.

Most recently I have been a member of the Department of Homeland Security Architects, Chief Information Officer, and Chief of IT Biosurveillance, Subject Matter Expert for the DHS NextGen collaboration, and Senior IT Analyst.

I hold four United States Patents include one in transmission safety and 3 in cryptography.

My past employment has included:

  • United States Army Secondary Reference Physical Standards Laboratory Calibration, Electronic Calibration Transfer team, Missile Calibration transfer team. Management of MARS station AB4CC in South Korea. Developed the physical standards calibration requirements the Electronic, Microwave and Physical Standards Secondary Reference Calibration Laboratory in Saudi Arabia and for the International F16 program.
  • System Control (SYSCON) and Electronic Warfare Officer brought the first use of a personal computer into tactical training at Fort Bragg. Worked in the US Army Spectrum Monitoring facility in the Pentagon.
  • Central Intelligence Agency were as a staff Scientist I was responsible for reviewing and evaluating advanced technologies as part of the Office of Research and Development.
  • Taught advance graduate courses in cryptographic and computer security, forensics and wireless robotics for 10 years at George Mason University.

    Ajit Gaddam Chief Security Architect, VISA    

Ajit Gaddam currently holds the role of Chief Security Architect at Visa Inc. His security career started with offensive sec (won at BlackHat) and malware research (winner at multiple IDA Pro Global competitions) before settling in on defending the fort. In a prior role before Visa, he built the data protection program from scratch to finish at a Fortune 100 company. He held other senior roles at various tech and financial firms before that role including founding two startups.

He is an active participant in various open source and security architecture standards bodies. Buy him a drink and he can share insights on how he scored a perfect 100 in the SABSA Security Architect tests.

    Vince Gallo Managing Director, Residual Data    

Vince has been actively developing security technology since 1979 ranging from commercial and high-grade hardware, through to software based cryptography. The skills acquired thus have been applied to both the protection of information and, by viewing the other side of the same problem, to examine means for extraction of information both to analyse content and advise on improved methods of protection. After a career largely built on small companies Inforenz, his most recent startup, was acquired by Detica in 2006 where he continued to work on security analysis and implementation.

Vince has presented at international conferences for most of his career, and in particular is pleased to have been able to present his work at COSAC on several occasions, commencing in 1997. He is particularly proud of receiving the COSAC Award in 2002. Vince is delighted to return to COSAC this year and will share his ideas and opinions accumulated after a full career as a security industry player and watcher.

    Efrain Gonzalez Enterprise Security Architect, Marengo Systems    

Efrain Gonzalez is an Enterprise Security Architect and Principal Consultant for Marengo Systems, a cybersecurity and compliance consulting firm.

Efrain comes from a network engineering background and has over 20 years of information security experience. Areas of specialization include network security, Smart Grid cybersecurity, and regulatory compliance. Most recently, Efrain worked for Southern California Edison where he was the lead cybersecurity architect for major enterprise initiatives such as a large ERP/SAP implementation and Smart Grid projects.

Efrain recently completed a Systems Engineering certification program through the University of California at Irvine and has a new found appreciation for the application of systems engineering principles to information security especially as they pertain to emergent properties of complex systems.

Efrain is a Distinguished Toastmaster (DTM) and has spoken at various conferences such as Grid-Interop, Grid Week and CS Week on the topic of Smart Grid cybersecurity. Efrain is a Certified Information Systems Security Professional (CISSP) and a certified SABSA Chartered Security Architect at the foundation level (SCF). Efrain is currently working toward his SABSA Practitioner (SCP) and Master (SCM) certifications. Efrain holds a Bachelor of Science degree in Electrical Engineering from Stanford University.

    David Hafele Principal Analyst & Enterprise Architect, Whitney, Bradley & Brown    

David Hafele is a Principal Analyst and Enterprise Architect with Whitney, Bradley & Brown INC. Prior to this, Mr. Hafele was a Senior Cyber Security Architect for Northrop Grumman supporting the Department of Defense, he has also served the Department of Justice as a Senior Enterprise Security Architect. Mr. Hafele’s principal interest focuses on the integration of Enterprise Architecture with Enterprise Security Architecture as well as helping customers understand operational business risk. Mr. Hafele is also interested in the integration of architectural modeling standards for use in both SABSA® and TOGAF®. Mr. Hafele is a SABSA® Chartered Practitioner in Architecture Design (SCPA), a Chartered Practitioner in Risk Management and Governance (SCPR), a Certified Enterprise Architect (CEA), a TOGAF® Version 9 Certified Architect and a Certified Information Systems Security Professional with a concentration of Information Systems Security Engineering (CISSP-ISSEP). Mr. Hafele is also a part-time lecturer for the FEAC Institute on Enterprise Security Architecture and for TOGAF® version 9.

    G. Mark Hardy President, National Security Corporation    

G. Mark Hardy serves as President of National Security Corporation, an information security management consulting firm he founded in 1988. He has been providing cyber security expertise to government, military, and commercial clients for over 30 years, and is the author of over 100 articles and presentations on security, privacy, and leadership. He serves on the U.S. National Science Foundation's CyberWATCH Advisory Board, and is a retired U.S. Navy Captain. He wrote and taught information operations curriculum for NATO military officers. A graduate of Northwestern University and the U.S. Army War College, he holds a BS in Computer Science, a BA in Mathematics, a Masters in Business Administration, a Masters in Strategic Studies, and is designated as a Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM).

    John Hetherton Information Governance Team Lead, Espion    

John is the Information Governance team lead and a practicing PCI QSA and has been with Espion for three years. With eight years information security experience across a broad range of industry verticals, John brings first-hand experience of how the web application security landscape has changed and applies his personal knowledge to this talk.

    Andrew Hutchinson Executive Director of IT Strategy and Planning, Vanderbilt University    

Andrew is the Executive Director of IT Strategy and Planning at Vanderbilt University in Nashville, Tennessee. He has 21 years of professional experience in IT, and 31 years if you count time spend tying up a home phone with a 300 baud modem in the 1980s. Prior to his current role, he directed Vanderbilt’s Service Management department and Network Security group. Before coming to Vanderbilt, Andrew was a Senior Security Engineer at a managed security services organization in Michigan which provided security consulting and managed intrusion detection and prevention services to financial and governmental clients, and was the owner of a systems integration consultancy.

Andrew holds a Certified Information Systems Security Professional (CISSP) certification, ITIL Operational Support and Analysis certificate, and a SABSA-SCF (Foundation) certificate. When not working, he coaches baseball, ties flies, and occasionally makes a trip to the mountains to use those flies.

    Siân John Security Strategist, Symantec    

Siân John CISM, CISSP is a Security Strategist at Symantec. She is responsible for discussing security strategy and management issues at a senior level with customers and researching / discussing security issues with customers and the press. Siân brings nearly 20 years experience experience in IT and security to Symantec. Having designed and implemented risk management and security solutions for many customers across all sectors.

    Nima Khamooshi Booz Allen Hamilton     

Mr. Khamooshi is a Chief Enterprise Security Architect with Booz Allen Hamilton joining the firm in 2008. He holds a B.S.B.A. in Information Systems and a Master of Science in Cybersecurity. He has an extensive IT and project management background specializing in IT security. While delivering security consulting services, he has been aligned to various clients serving as the Chief Enterprise Security Architect, Information Systems Security Officer (ISSO), and Information Assurance Manager (IAM). Nima has experience in multiple security disciplines including: Security Program Management, Enterprise Security Strategy Development, Enterprise Security Architecture, full spectrum System Security Engineering, security in the Systems Development Lifecycles (SDLC), IT Risk management, Certification and Accreditation (C&A), Assessment and Authorization (A&A), IT auditing, Security and Vulnerability assessments, and systems hardening - among others.

Nima has given annual talks on IT security, proper implementation techniques, best practices, and has authored numerous security whitepapers. He has been featured in industry magazines and as a best practices success story. He has also been recognized as a Subject Matter Expert (SME) in the IT/IT security fields and sat on the Executive Advisory Board for CompTIA (the Computing Technology Industry Association). In addition to his many other accomplishments he is also certified through numerous technical organizations holding, A+, Network+, Server+, Security+, MCP, MCSA, MCSE, OSCP, CEH, MBCI, ITIL-F, CISSP, SABSA Chartered Security Architect Foundations, SABSA Chartered Practitioner in Risk, Governance and Assurance, SABSA Chartered Practitioner – Security Architectural Design, ISO 27001 provisional auditor, CRISC, and PMP designations.

    Jason Kobes Principal Cyber Security Architect, Northrop Grumman    

Jason Kobes works as a Principal Cyber Architect & Research Scientist in Washington, DC for Northrop Grumman Corporation. Jason has over seventeen years of experience concentrated in information systems design analytics, business/mission security architecture, enterprise risk management, information assurance research, and business consulting. Jason has a Master's of Science in Information Assurance (MSIA) and a Bachelor's of Science in Computer Science from Iowa State University. Jason holds a SABSA Practitioner of Risk and Governance as well as Architecture. Jason's areas of research are cloud security architecture, accountable anonymity systems and applying actionable enterprise security architecture. Jason has recently spoken about security, enterprise security architecture and business process & architecture improvement methods at the SABSA World Congress, the Computer Security Institute (CSI) annual conferences and the Cyber Information Security Conference (CISCON). Jason also is an Enterprise Security Architecture instructor for the Zachman/FEAC Institute.

With more than 20 years in IT and over 15 of those in Security, Ian has worked across the Aerospace, Education, Finance, Government, Health and Telecommunications industries, in a number of multidisciplinary roles from Support to Systems Administration, from Security Officer to Pen-Tester and from Architect to his current Technical Governance Lead role. If he had spare time, Ian would be programming on any of the dozens of hobby software and robotics projects that remain unfinished, including the Barbie Car that he promised his daughter.

    Bevan Lane Independent Consultant    

Bevan Lane is a information security consultant who has 15 years of experience in forensics, it auditing and information security consulting. He has consulted throughout the world from Europe to China dealing with information security issues and pain points for large and smaller organisations, specializing in security compliance and regulatory issues. Bevan has presented at conferences around the world and is a trainer for major international training houses.

He has most ISACA certifications and a couple of others (CISSP) to add to his repertoire, some he has for being old and others he actually wrote exams for...

    Andrew Lea Director, Primary Key    

Andrew read Natural Sciences at Cambridge, followed by a Diploma in Computer Science at London University.

He has been applying Artificial Intelligence in the commercial world for most of his professional life, and has co-founded several companies. He is a Director of Primary Key Associates, which uses industrial AI techniques (such as natural language parsing, automatic summarisation, search space traversal for exploring the web, and data analytics) to analyse social media; and Bayesian inferencing techniques for fraud discovery in large datasets. He has also written a system for removing the atmospheric distortion in astronomical images, modelled on the method the human brain-eye system also uses for discerning fine details in marginal conditions.

    Lisa Lorenzin Principal Solutions Architect - Security & Mobility, Juniper Networks    

Lisa Lorenzin is a Principal Solutions Architect with Juniper Networks, specializing in security and mobility solutions, and co-chair of Trusted Network Connect, a work group of the Trusted Computing Group that defines an open architecture and standards for endpoint integrity and network security. She has worked in a variety of Internet-related roles since 1994, with more than a decade of that focused on network and information security, and is currently concentrating on enterprise security including network segmentation, end-to-end identity-based access control, and integration of mobile security.

    David Lynas COSAC Chairman & CEO SABSA Institute    

David Lynas, the COSAC Founder and Chairman, is currently enjoying his thirty-second year of experience in Information Security, during which he has been invited to provide strategic advice to governments and industry clients on every continent. A globally renowned Enterprise Security Architect, Security Strategist, and Thought-Leader, he has been awarded Fellowship of the British Computer Society and is the only non-American ever to be honoured with the prestigious Computer Security Institute Lifetime Achievement Award.

He is the co-author of SABSA (the world’s leading free-use, open-source Security Architecture Methodology) and the CEO of the SABSA Institute charged with providing assurance and confidence over the competencies of SABSA Security Architects.

A widely-published author and commentator, his articles have appeared in publications such as CSI Alert, Information Security Bulletin and the BCS publication Information Security Now. He has served on the editorial board of Computers & Security magazine and has authored a series of opinion columns for SC Magazine. David has been quoted widely in the media and major trade and broadsheet press, including: BBC Television, BBC Radio Ulster, Independent Television News, The Irish Times, ITs Monday,, CIO Magazine, Technology Ireland, Korea News and the Harvard Business Review.

    Ross MacKenzie Head of Security Governance, WestPac Bank    

Ross MacKenzie is the Head of Security Governance at Westpac Banking Group, and is responsible for information security policy, standards, architecture, products, project consulting and regulatory affairs.

Ross has over 15 years of experience in the information security field, and is based in Sydney, Australia. He is also SCF & SCP certified, and has previously presented at the SABSA World Congress in 2009.

    Lunga Newman Lead Architect, Eskom    

Lunga Newman has 16 years experience in the information security discipline, having worked in the Office of the President (1997-2000), the State Information Technology Agency (SITA), Sasfin Bank, Standard Bank, WesBank and Eskom SOC Ltd. He possesses a CISSP and SCF certifcations.

Lunga was a member of the Security Architecture team who designed and implemented Identity and Access Management at Standard Bank. He then went on to develop the WesBank logical access control strategy and design the architecture.

He is presently the Lead Architect on the Enterprise Identity and Access Management Project for Eskom SOC Ltd, with an internal user base of 50,000 and potential external user base in excess of 4 million, including business partners, remote support, customers and job applicants.

    John O’Leary President, O’Leary Management Education    

John O'Leary, CISSP, is President of O’Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John was the recipient of the 2004 COSAC award and the 2006 EuroSec Prix de Fidelite. He has never been convicted of anything really serious or run for public office.

    Mohammed (Mz) Omarjee Enterprise Security Architect, Standard Bank Group    

Muhammed Zubayr(Mz) Omarjee is an Enterprise Security Architect, that is responsible for the Information Security Architecture practice within the Enterprise Technology Architecture and Design(ETAD) division of Standard Bank Group, South Africa. In this capacity, he plays a pivotal role as a change agent, driving a transformation strategy to re-shape the information security practice as a business driven and risk oriented discipline to support various lines of busines units across 17 countries, both regionally and globally.

Together with 13 years of experience in the banking and IT sectors, Muhammed Zubayr(Mz) has architected and delivered a diverse portfolio of successful IT projects, ranging from innovative mobile and speech banking solutions, been instrumental in key enterprise wide IT initiatives such as establishing an enterprise architecture practice, defined strategies and sequenced roadmaps for replacing legacy mainframe core banking platforms, drove the implementation of a strategic enterprise wide Identity and Access Management initiative, as well as designed a multi-channel architecture that integrates all vertical and horizontal business domains within Standard Bank.

As part of an international team Muhammed Zubayr(Mz) has written extensively, and has contributed to the global IT community by co-authoring a couple of technical books and research papers on the subject of Pervasive and Mobile Technologies in the early 2000's. Furthermore, he has also been invited as a guest speaker to local conferences, as well as being nominated as an intra-company workshop facilitator to provide thought leadership on applying emerging architectural practices to solve banking related IT challenges.

Helvi Salminen has worked full-time in information security since June 1990, first as security analyst and since April 2000 as information security manager. Before starting information security tasks she has 12 years experience in systems development. Cooperation with colleagues is an important asset for security professionals. Helvi is founder member of Finnish Information Security Association which celebrated its 10th anniversary in 2007. Helvi is qualified CISA (1992), CISSP (1998), SABSA chartered security architect – foundation level (2008) and was one of the first to achieve Master of Security in 2003 (PD program in Helsinki University of technology lifelong learning centre Dipoli – now part of Aalto University). She has been the program manager of information security training in Dipoli in 2003-2008, and has given presentations in several information security seminars.

Helvi has in her work duties a good experience in security certifications. The company where she is working is certified to several security standards. Helvi has had a key role in obtaining and maintaining these security certifications.

    Char Sample CERT, Carnegie Mellon University    

Dr. Char Sample is has over 19 years of experience in the information security industry, and presently works for CERT at Carnegie Mellon University where she supports various cyber efforts. Dr. Sample recently defended her dissertation on “Culture and Computer Network Attack Behaviors” at Capitol College in Laurel, Maryland.“ Other areas of research interest include: Cloud Computing, Anomaly Detection methods, Big Data, and DNS.

    William Schultz Enterprise Architect, Vanderbilt University    

Bill Schultz is an enterprise architect at Vanderbilt University. He has worked in the Information Technology field for over 12 years, with the past 7 being in the Vanderbilt research and medical center community. This work has involved designing, implementing, managing, and securing critical research information technology software and hardware. Currently his focus is on architecting the IT enterprise in a way that will enable the business, is assurable, and is traceable to the organizational mission. He is committed to continuously learning, as well as sharing his experience to help others. He has presented on his work with FISMA compliance, enterprise risk management, and security architecture at national and international conferences, and serves on the FISMA advisory board for the New Born Screening and Translational Research Network. Bill also volunteers for the SABSA Institute and is actively working with peers to lead initiatives aimed at improving the security architecture community. Bill has earned a Master's of Science in Computer Information Systems. His certifications include the Certified Information System Security Professional (CISSP), SABSA Foundation (SCF), and SABSA Risk, Assurance, and Governance Practitioner (SCPR) credentials.

    John Sherwood Head of SABSA Academy, SABSA Institute    

John Sherwood is a Consulting Fellow at Sherwood Associates Limited bv in The Netherlands, where he is the thought-leader in the development and deployment of information risk management services. He is also the Head of the SABSA Academy at The SABSA Institute. He has 40 years experience as an information-systems professional, the last 26 of which have been as a specialist in operational risk management and information security. He is also a leading expert in enterprise security architectures and information assurance and is the Chief Architect and main author of the SABSA methodology (see The great majority of this experience is in the banking and financial services industry, but covers also aerospace, chemicals, construction management, media, oil & gas, retailing, government, military and telecommunications. John is a well-known speaker and author and has worked in many countries across Western and Eastern Europe, Scandinavia, North America, the Middle East, Australia, Africa and South East Asia.

    Maurice Smit IRSC    

Maurice Smit has over 15 years of experience in the IT Security world. From operating firewalls to development of policies and risk management frameworks. Nowadays he works as an information risk and security consultant for a big company in the Netherlands, and is a SABSA trainer for In his spare time he finds himself applying SABSA to anything that he comes across. He is convinced that 42 is the ultimate answer to life, because it translates to RISK, and the universe was created with the one and only problem solving framework: SABSA.

    Ross Spelman Managed Security Services Manager    

Ross is the Managed Security Services manager in Espion, a board member of the Irish Cloud Security Alliance chapter and holds an MSc in Cloud Computing and the CSA CCSK certification.

Ross delivers cloud security training for Espion and is heavily invested in promoting awareness of the CSA tools and methodologies for assessing cloud risk.

    Richard Stiennon Chief Research Analyst, IT Harvest    

Richard Stiennon is Chief Research Analyst for IT-Harvest, the firm he founded in 2005 to cover the booming IT security industry. He is the author of Surviving Cyberwar (Government Institutes, 2010) and UP and to the RIGHT: Strategy and Tactics of Analyst Influence (IT-Harvest Press, 2012). He writes the Cyber Domain column for and is frequently quoted as a cyber security expert in mainstream media. He advises his clients on cybersecurity strategy. He is also the Executive Editor of and the Senior Fellow at the International Cybersecurity Dialogue. He is a board advisor for the Information Governance Initiative. He was Chief Marketing Officer for Fortinet, Inc. and VP Threat Research at Webroot Software. Prior to that he was VP Research at Gartner, Inc. Stiennon has presented on cyber security threats and defenses in 29 countries on six continents. He is known for his iconoclastic analysis of the security industry and always challenges his audience to question accepted practices in the face of changing cyber threats. He has a B.S. in Aerospace Engineering and is writing his thesis for an MA in War in the Modern World from King’s College, London.

    Andrew S. Townley Founder & Chief Executive, Archistry    

Andrew S. Townley is the founder and Chief Executive of Archistry, a software company connecting people, information and actionable insights to enable exceptional performance. Andrew is a recognized voice of authority in social media, innovation, software architecture, information security, risk management, Service Oriented Architecture (SOA), Enterprise Architecture and managing large-scale technology initiatives. His 20 year professional career is based on applying a unique blend of organizational learning, innovation, leadership and technology expertise to help people understand how the complex interplay of these things influences the overall effectiveness of an organization.

Prior to founding Archistry in 2006, Andrew's experience includes working with a wide-range of organizations in both the U.S. and Europe such as BearingPoint, Deloitte, Informix Software, MobileAware, Nortel, OniWAY, Telefonica, Telenor, Avaya, Nestlé France, the US DoD, the Irish Government and Houghton Mifflin Harcourt.

    John Walker Director CSIRT & Cyber Forensics, Integral Security Xssurance    

Visiting Professor at the School of Science and Technology at Nottingham Trent University (NTU), Visiting Professor/Lecturer at the University of Slavonia[to 2015], CTO and Company, Director of CSIRT, Cyber Forensics, and Research at INTEGRAL SECURITY XASSURNCE Ltd, Practicing Expert Witness, ENISA CEI Listed Expert, Editorial Member of the Cyber Security Research Institute (CRSI), Fellow of the British Computer Society (BCS), Fellow of the Royal Society of the Arts, an Associate Researcher working on a Research Project with the University of Ontario, and a Member, and Advisor to the Forensic Science Society.

John is also a contributor to the Digital Forensics Publication, and is a Member of the Information Security Buzz Expert Panel.

Copyright © 2014 COSAC - All Rights Reserved -