Conference Speakers

Bruce Schneier
Security Luminary

Bruce Schneier is an internationally renowned security technologist and author. His first bestseller, Applied Cryptography, explained how the arcane science of secret codes actually works, and was described by Wired as "The book the National Security Agency wanted never to be published." His book on computer and network security, Secrets and Lies, was called by Fortune "[a] jewel box of little surprises you can actually use." His latest book, Beyond Fear, tackles the problems of security from the small to the large: personal safety, crime, corporate security, national security. Schneier also publishes a free monthly newsletter, Crypto-Gram, with over 100,000 readers. In its seven years of regular publication, Crypto-Gram has become one of the most widely read forums for free-wheeling discussions, pointed critiques, and serious debate about security. As head curmudgeon at the table, Schneier explains, debunks, and draws lessons from security stories that make the news.

Regularly quoted in the media, Schneier has written op ed pieces for several major newspapers, and has testified on security before the United States Congress on many occasions. He is the founder and CTO of managed security services firm Counterpane Internet Security Inc.

Howard A. Schmidt
President & CEO, R & H Security Consulting LLC

Howard Schmidt has had a long distinguished career in defense, law enforcement and corporate security spanning almost 40 years. Most recently, he was the chief security strategist for the US CERT Partners Program for the National Cyber Security Division, Department of Homeland Security. He also served as VP, CISO and chief security strategist for eBay. He retired from the White House after 31 years of public service in local and federal government. He was appointed by President Bush as the vice chair of the president's Critical Infrastructure Protection Board and as the special adviser for Cyberspace Security for the White House in December 2001. He assumed the role as the chair in January 2003 until his retirement in May 2003. Prior to the White House, Howard was CSO for Microsoft Corp. Before Microsoft, Schmidt was a supervisory special agent and director of the Air Force Office of Special Investigations (AFOSI) Computer Forensic Lab and Computer Crime and Information Warfare Division. While there, he established the first dedicated computer forensic lab in the government. He is regularly featured on CNN, CNBC and Fox TV. He is a co-author of the Black Book on Corporate Security and author of Patrolling CyberSpace, Lessons Learned from a Lifetime in Data Security.

Eugene H. Spafford
Executive Director of the Purdue University Center for Education and Research in Information Assurance and Security (CERIAS)

Eugene Spafford is one of the most senior and recognized leaders in the field of computing. He has an on-going record of accomplishment as a senior advisor and consultant on issues of security, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies, including Microsoft, Intel, Unisys, the US Air Force, the National Security Agency, the GAO, the Federal Bureau of Investigation, the National Science Foundation, the Department of Energy, and two Presidents of the United States. With nearly three decades of experience as a researcher and instructor, Professor Spafford has worked in software engineering, reliable distributed computing, host and network security, digital forensics, computing policy, and computing curriculum design. Spafford serves on a number of advisory and editorial boards, and has been honored several times for his writing, research, and teaching on issues of security and ethics.

David Litchfield
Renowned Security Expert

David Litchfield leads the world in the discovery and publication of computer security vulnerabilities. This outstanding research was recognized by Information Security magazine who voted him as 'The World's Best Bug Hunter' for 2003. To date, Litchfield has found over 150 vulnerabilities in many of today's popular products from the major software companies (the majority in Microsoft, Oracle). He is also the original author for the entire suite of security assessment tools available from NGSSoftware. This includes the flagship vulnerability scanner Typhon III, the range of database auditing tools NGSSquirrel for SQL Server, NGSSquirrel for Oracle, OraScan and Domino Scan II.

Litchfield founded a company named Cerberus Information Security which was acquired by @stake in July 2000. A year and a half later he founded Next Generation Security Software with five colleagues from @stake. He is the author of various software packages, and also of many technical documents on security issues. Litchfield is the author of the Oracle Hacker's Handbook and is a co-author of The Database Hacker's Handbook, The Shellcoder's Handbook and SQL Server Security.

Christofer Hoff
Chief Architect of Security Innovation, Unisys Corporation

Christofer Hoff is Unisys Corporation's chief architect of security innovation. Reporting to the VP of Worldwide Innovation, he collaborates closely with Unisys sales, marketing, the CTO office, Security Pillar for Strategic Program Office (SPO) and key Unisys business unit leaders around the world. Hoff proactively develops strategies for innovation and success as well as unlocking maximum value for the corporation and customers in the area of information security, survivability and assurance. Prior to Unisys, Hoff served as Crossbeam Systems' chief security strategist, responsible for the company's overall security strategy and product management efforts. Prior to joining Crossbeam, Hoff served as the chief information security officer and director of Enterprise Security Services for WesCorp, a $25 Billion Financial Services Cooperative and used his expertise gained as founder and CTO of a national security consulting company which provided services to the Fortune 500 and service provider customers. He is a featured speaker at numerous information security events, holds several security credentials - including CISSP, CISA, CISM, IAM - and is an accomplished and accredited technical instructor.

Dave Dittrich
Senior Security Engineer/Researcher, University of Washington Center for Information Assurance and Cyber Security

Dave Dittrich is a senior security engineer and researcher for the UW Center for Information Assurance and Cybersecurity and the Information School at the University of Washington. He is also a member of the Honeynet Project and Seattle's "Agora" security group. He is most widely known for his research into Distributed Denial of Service (DDoS) attack tools and host network forensics. He has presented talks and courses at dozens of computer security conferences, workshops, and government/private organizations world wide, and co-authored the first complete book on DDoS, titled Internet Denial of Service: Attack and Defense Mechanisms.

Dr. Joel M. Snyder
Senior Partner, Opus One

Joel Snyder is an expert at helping companies build larger, faster, safer and more reliable networks, and has done so since 1981 when he signed on with CompuServe Research and Development. For more than a decade, Snyder has been a member of the ISO and ITU committees that write network standards. As a technical editor for Information Security magazine he has written numerous featured articles and technical reviews on subjects including e-mail security, spam controls and security management systems.

Additionally, Snyder has authored several books, hundreds of articles for technical publications, and has trained thousands of people privately and at conferences around the world on networking, security, messaging and VPNs. He's helped more than 150 companies with their networking, e-mail and security problems, implementing information systems for clients as small as a two-person brokerage house and as large as NASA. Snyder has spoken at many industry events and is among the most popular presenters at previous Information Security Decisions conferences.

Tom Bowers, CISSP, PMP
Managing Director, Security Constructs, LLC

Tom Bowers, who holds Certified Ethical Hacker certifications, is a well known expert on the topics of ethical hacking, penetration testing and protection of the global enterprise. With over 20 years of experience in the field of computer technology and information systems, he brings a real world, pragmatic approach to the business of security based upon his Fortune 100 enterprise experience in both the IT and Global Security functions. Bowers leads the independent think tank and industry analyst group Security Constructs, LLC, specializing in aligning business needs with security architecture, risk assessment and project management on a global scale.

As president of the Philadelphia chapter of Infragard, a non-profit organization consisting of members of the FBI and physical/cyber security professionals from private industry, Bowers leads the second largest chapter in the country of over 600 members. He works closely with law enforcement agencies including the FBI on issues of computer forensics and investigations of security breaches, theft and fraud. As a technical editor of Information Security magazine and SearchSecurity.com, he has authored several white papers, articles and is a highly respected speaker at conferences and webinars.

Jeffrey Reich, CISSP, CHS-III, CTM
Chief Security Officer Rackspace Managed Hosting

Jeffrey Reich has developed a history of entering situations where little to no security infrastructure exists, or an existing system needs updating. He is a security executive with extensive experience in building and leading high performance security teams.

His background includes successful programs that have dealt with security management, security policies, information security, internal controls, physical security, internal investigations, liaison work with local and federal law enforcement, personnel protection, regulatory and audit compliance, business continuity planning, abuse/policy enforcement management, crisis management, general office management, problem management and change control. Reich was a Nominee for 2005 National Information Security Executive of the Year and 2006 Southeast Information Security Executive of the Year, both sponsored by Executive Alliance. In September 2006, he was granted a Foundation Certificate in IT Service Management from The Council for Service Management Education and The Information Systems Examination Board. He has conducted training and served as guest speaker at numerous conferences and seminars.

Russell L. Jones, CISSP, CISA, CIPP
Partner AERS - Security & Privacy Services Deloitte & Touche LLP

Russell Jones has significant experience working with his clients in the development of information security programs, system security architectures, network security vulnerability analysis and penetration testing, privacy and data protection programs and role-based access control (RBAC) design and deployment. He has practical experience applying security frameworks such as ISO 17799:2005 and ISO 15408 against real world environments. Jones also specializes in integrating third-party security products with complex e-Commerce and ERP applications and related infrastructures.

Jones has more than 15 years of experience in the design, architecture, implementation and deployment of identity management solutions, encryption solutions, and distributed architecture application solutions. He has delivered IT Risk and Control services including broad assessments of process/control effectiveness and/or maturity for the various functional areas of IT along with identification of gaps and risks, deeper assessment. Jones has practical experience assessing security gaps and applying control frameworks such as COSO and COBIT ver 3.2 against SAP R/3, Oracle ERP and Peoplesoft 8.X and IT General Computer Control environments. Jones has been published numerous times in periodicals such as the ISACA Journal, Information Security Magazine, ISC2Information Systems Security Journal and the Journal of Health Information Management (JHIM).

Richard E. Mackey, ISACA, CISM
Vice President, SystemExperts

Richard E. "Dick" Mackey is regarded as one of the industry's foremost authorities on distributed computing infrastructure and security. He has advised leading Wall Street firms on overall security architecture, virtual private networks, enterprise wide authentication, and intrusion detection and analysis. He also has unmatched expertise in the Open Software Foundation Distributed Computing Environment.

Prior to joining the consultancy SystemExperts, he was the director of collaborative development for The Open Group (the merger of the Open Software Foundation and X/Open), where he was responsible for the integration of Microsoft's ActiveX Core with DCE and DCE Release 1.2. Mackey has been a frequent speaker at major conferences such as Giga, USENIX, Uniforum and Networld + Interop.

Lenny Zeltser
Security Consulting Manager, SAVVIS

Lenny Zeltser has co-authored a number of security books, as well as contributed to Malware: Fighting Malicious Code. As an instructor at the SANS Institute, he created a course on analyzing malicious software. He also leads the New York security consulting team at SAVVIS, provider of IT infrastructure and hosting services, and is a handler at SANS Internet Storm Center. His professional experience spans business and technological functions, particularly in areas related to IT risk management, information security and business continuity. Zeltser is one of the few individuals in the world who has earned the highly-regarded GIAC Security Expert (GSE) designation.

Sasan Hamidi, Ph.D, CISSP, CISM, CISA
Chief Security Officer, Interval International

Sasan Hamidi is currently the chief security officer for Interval International, a global vacation and timeshare exchange company headquartered in Miami. Interval is a company under the umbrella of InterActive Corp. with sister organizations such as Expedia, HSH, Hotels.com, TicketMaster, Lendingtree, HotWire and a host of others.

David Mortman, CISSP
CSO In-Residence, Echelon One

David Mortman is a thought leader in the information security community and provides his counsel to Echelon One's clients. Previously, Mortman was chief information security officer for Siebel Systems, Inc., where he was responsible for Siebel Systems' worldwide IT security program and led Siebel's product security and privacy efforts.

Prior to Siebel, Mortman was manager of IT security at Network Associates where, in addition to managing data security he deployed and tested all of their security products before they were released to customers.

A CISSP, member of USENIX/SAGE and ISSA, and a repeat speaker at the RSA security conferences, Mortman is a member of the Executive Security Action Forum and has been a panelist at InfoSecurity 2003. He has spoken at Blackhat and Defcon several times. Mortman sits on a variety of advisory boards including Qualys, Teros, and Sygate.

Stephen Bonner
Head of Information Risk Management, Barclays

An Information Security magazine Security 7 winner in 2006, Stephen Bonner leads the Information Risk Management team across the whole Barclays group.

Barclays Capital has a balance sheet of over 560 billion with offices in 25 countries, and over 8,000 employees. Bonner is responsible for protecting the information of the staff around the globe. His company operates under the control of 46 different regulatory bodies including SEC, FSA and MAS.

As head of information risk management, Bonner safeguards the integrity and security of Barclays Capital's data, infrastructure and applications. He leads the team to identify and fix exposures to information risk (viruses, hackers, inappropriate permissions, etc.) and handles any potential incidents and computer forensic investigations.

Pete Lindstrom
Senior Analyst, Burton Group

Pete Lindstrom covers security metrics, risk management, Web 2.0/SOA/Web services security, securing new technologies (virtual, grid, nanotech, etc.) for Burton group. He has conducted numerous security audits and security consulting projects at Fortune 500 companies including American Home Products (Wyeth) and GMAC Mortgage, and the United States Marine Corps as a consultant for Coopers & Lybrand (now PriceWaterhouseCoopers). He was the former research director for Spire Security. Prior to that, he was an analyst with Hurwitz Group. Lindstrom is a frequent industry IT speaker and contributing writer on security topics. He serves on the editorial advisory board of Information Security magazine and is a Certified Information Systems Security Professional (CISSP) and former Certified Information Systems Auditor (CISA).

Trent Henry, CISSP
Senior Analyst, Burton Group

Trent Henry has over 15 years of experience in information technology working at companies including Identrus, Digital Signature Trust, Ameritech and Apple Computer. His past work includes PKI industry security management and technology research, Internet server and protocol product development, and operations leadership of large-scale network and distributed systems deployments. Henry has participated in security standards bodies including X9 and Internet Engineering Task Force (IETF) and contributed to the first Common Criteria Protection Profile slated to become an ANSI standard.

Andrew Jaquith
Program Manager, Yankee Group

Andrew Jaquith has 15 years of IT experience and is the program manager for Yankee Group's Enabling Technologies Enterprise group, with expertise in portable digital identity and web application security. Jaquith drives Yankee Group's security research agenda and researches disruptive technologies that enable tomorrow's "Anywhere Enterprises" to secure their information assets. His application security and metrics research has been featured in publications such as CIO, CSO and the IEEE Journal for Security and Privacy. In addition, Jaquith is the co-developer of a popular open source wiki software package. He is also the author of the recently released Pearson Addison-Wesley book, called Security Metrics: Replacing Fear, Uncertainty and Doubt.

Elizabeth Quinlan
MCT, MCSE-Security, CISSP Technical Lead HynesITe

Beth Quinlan (CISSP, MCSE-Security, MCT) is a trainer/consultant who has specialized in infrastructure technologies and security design for over 12 years. Quinlan has spent the past four years traveling worldwide on behalf of Microsoft Product Teams in which she trained internal Microsoft engineers, partners and customers on ISA Server, Antigen, Exchange Hosted Services, RMS, Forefront Security Products and other security-related topics. Quinlan has spoken at events for Microsoft and others, written courseware for a variety of clients, and developed hands-on labs for Microsoft. She is the authored of the ISA Server 2006 Reviewer's Guide along with other Security white papers. Most recently she was the project manager for Instructor-Led labs at TechEd 2007 and Hands-on Labs for Microsoft's TechReady5 conference.

Ernest N. Hayden
CISSP CEH CISO/Manager Enterprise Information Security, Port of Seattle

As CISO of one of the nation's largest combined airport and seaport operations, Ernest Hayden is responsible for information security policy and practices, business continuity/disaster recovery planning, and privacy issues for the Port. While working for the Port, Hayden co-chaired a large, regional critical infrastructure protection exercise called Blue Cascades II and was invited to speak at the National Association of Attorneys General at the request of Washington State Attorney General Rob McKenna. Hayden was profiled in a cover story in Information Security magazine for his work with the CISO of the City of Seattle. Hayden also published a chapter on Cybercrime's Impact on Information Security, in the Oxford University Press Cybercrime and Security Legal Series. Prior to his arrival at the Port he held several significant management positions in both the business management and the information security management arenas including president & CEO of MCM Enterprise of Bellevue, Washington, IT security lead for the Seattle Justice Information System in the Seattle Municipal Courts and Seattle Police Department.

Lee Benjamin
Messaging Architect ExchangeGuy Consulting

With over 20 years experience in the messaging industry, Lee Benjamin is an expert on Microsoft Exchange and has in-depth experience in a number of other messaging systems. Since retiring from Microsoft in 1997, he has been a highly sought after consultant for enterprise and medium-sized organizations. He currently specializes in architecture, migration and upgrade advice. He also evaluates and conducts product testing and training. Benjamin is chairman of the largest Exchange user group in the world, The ExchangeServerBoston User Group, and a director for Boston User Groups, an umbrella organization of over 50 user groups in the New England Area. Lee has been an analyst at Ferris Research, and is a regular speaker at industry conferences on topics such as data protection, compliance and e-discovery, messaging security, mobile access and calendaring integration.

Cynthia R. Whitley
Chief Information Security Officer, Allstate Insurance Company

Cynthia R. Whitley is the chief information security officer at Allstate Insurance Company, where she leads the Information Security and Business Continuity organizations. Whitley has previously held various leadership positions in Claims, Operations, Accounting and Human Resources before her current assignment in Information Security. As chief information security officer, Whitley is responsible for implementing security and business continuity programs that deliver value-added processes and technology to meet Allstate's business objectives. In this role, she establishes policy, standards and governance over the implementation of Information Security controls and procedures, as well as end user awareness and education. Recent key initiatives have been the implementation of a vendor risk management program, VISA PCI compliance, and data leakage prevention.

Kelley A. Damore
Editorial Director, Security Media Group

Kelley Damore, editorial director, oversees editorial operations and strategy for all TechTarget Security Media properties, including Information Security magazine, SearchSecurity.com, Information Security Decisions conference and custom editorial and media events. Damore has covered the IT industry for 18 years and has won numerous editorial awards including Jesse H. Neal, ASBPEs and TABPI awards. She previously worked at CMP Media as editor-in-chief of CRN. Damore has also held writing positions as InfoWorld and PC Week. She came to TechTarget from non-profit Oxfam America, where she was the director of its publications and online operations. Damore holds a bachelor's degree from the College of the Holy Cross and a master's degree from Harvard University's Kennedy School of Government.

Michael S. Mimoso
Editor, Information Security magazine

Michael Mimoso is an award-winning journalist who has covered IT since 2000. Mimoso joined Information Security in 2005 as senior editor before becoming editor in July 2006. Prior to joining Information Security, he was a senior editor covering Linux and Web services online for TechTarget and was the first news editor for SearchSecurity.com from 2000-2003. Prior to joining TechTarget, Mimoso was an editor and reporter at several Boston-area newspapers. Mimoso holds a bachelor's degree from Stonehill College.

Dennis G. Fisher
Executive Editor, Security Media Group

Dennis Fisher is the executive editor of the Security Media Group at TechTarget. He oversees all of the news and technical content on SearchSecurity.com and is responsible for the news section of Information Security magazine. He has more than 12 years of journalism experience, and has spent more than seven years covering the security industry. Before joining TechTarget, Fisher spent six years at eWeek, where he served as a senior editor and later as news editor. He has won a number of awards for his reporting, including two national ASBPE awards and the inaugural Carnegie-Mellon University CyLab Cyber Security Journalism Award.

Stefanie McCann
Editorial Events Director, Security Media Group

As editorial events director, Stefanie McCann works with a team of editors to develop content and sessions for TechTarget's Security Media Group's seminars and Information Security Decisions conference. Prior to joining TechTarget's Security Media Group, she was editor-at-large for CIO Decisions, a TechTarget publication. In that role McCann identified trends in the industry, wrote articles for CIO Decisions and SeachCIO.com and spoke at various CIO industry events. She also played a pivotal role in coordinating the CIO Decisions Conference. Prior to joining TechTarget in 2001, McCann spent 12 years at Computerworld. Her accomplishments there included launching the QuickStudy section, an ASBPE Award winner for best regular department in both the regional and national categories, and serving as managing editor of Custom Publishing.