Morning Keynote
Edward Powers, Principal, Deloitte & Touche LLP, is a leading information security and risk management professional in the financial services industry. The U.S. leader of Deloitte’s Security & Privacy practice for the Financial Services Industry, Ed specializes in helping global financial institutions build information security and IT risk management programs to meet their evolving business and regulatory requirements. He has served many of Deloitte’s most important banking and payment cards clients in the areas of identity management, data protection, and regulatory compliance.
Ed speaks regularly at conferences and in the media and has published several papers on key topics in information security, including Role Based Access Control: A Sensible Approach, The People Dimension of Security and Privacy: Eight Training and Awareness Habits of Highly Effective Organizations, and Mission Critical or Nuisance? How and When to Keep Information Secure.
Ed is a former faculty member in the Marshall School of Business at the University of Southern California, where he taught undergraduate and MBA courses in technology strategy and information risk management.
Speakers
Paul Bartruff, Sr. Systems Engineer, FireEye
Paul is a FireEye Systems Engineer providing hands-on security analysis and engineering, and is currently working on our Federal team. Before FireEye, Paul was an Information Security Engineer at two large defense contractors. He has deep expertise in incident response, malware analysis, forensic analysis, and reverse engineering. He has a Master’s Degree in Information Assurance and graduate certifications in Network Protection, Security Management, and Information Assurance Administration. Paul also has CISSP, CEH, CREA, ACE, and “Security +” certifications.
Harold Byun is a Group Product Manager with Symantec Data Loss Prevention
Harold Bryn’s areas of focus have been the development of an extensible data protection API and the integration of file access monitoring technology into DLP. Prior to joining Symantec, he worked at Riverbed Technology, a company focused on WAN acceleration and data de-duplication. He also has over a decade experience in security architecture, and both InfoSec and IT operations. He holds ITIL and CISSP certifications and earned his MBA from the Haas School of Business at UC Berkeley.
David Samia, Manager – Product Marketing, BMC Software, Inc.
David Samia is leading the IT Cost Transparency and IT Governance, Risk and Compliance solution offerings for BMC Software, Inc. [NYSE: BMCS], a leading provider of enterprise management solutions.
In his role, David focuses on the go to market strategy of global IT Business Management solutions including their integration across all aspects of BMC Software. Other responsibilities include marketing plan development, event execution and field enablement for those solutions.
David maintains a strong development and marketing focus and has been responsible for the successful market entry of a variety of products since he joined BMC in 1998.
Prior to BMC Software, Inc., David was a strategic product architect for a major network outsourcing company and developed advanced solutions for their proactive and predictive network management services. He has over 25 years in Information Technology and is well versed in both network and systems management area.
Luncheon Keynote
Dr. Martin Carmichael, Chief Security Officer, TD Ameritrade
Dr. Martin Carmichael is the Chief Security Officer for TD Ameritrade, responsible for IT security, forensics, security risk management, physical security, IT security engineering, and security compliance with regulatory controls. A highly knowledgeable security executive with more than 20 years experience, he has delivered reliable and cost effective security solutions for global and domestic organizations including McAfee, Asurion, Wells Fargo Bank, NATO, and the Department of Defense. He is an expert in company threat and risk assessment methods, the design of secure environments, security problem solving and blending a business return on investment with corporate information protection needs.
Dr. Carmichael has received several security certifications, including CISSP (ISC2), CISM (ISACA), ISSMP (ISC2) and ISSAP. He also holds clearances with the U.S. Department of Defense and he holds a Doctorate of Computer Science (D.CS) from Colorado Technical University, with his dissertation focused on "Parametric/Non-Parametric Evaluation of Enterprise Security Risk."
Panel Moderators
Peter Poulos, Executive Director, Operational Risk and Business Continuity Management, Morgan Stanley and a WSTA Board Director
Peter is the Global COO of the BCM department, serving as deputy to the Global Head of BCM and managing activities to ensure Morgan Stanley’s compliance with US federal bank regulatory requirements for business continuity and disaster recovery as well as enhancing and managing the firm’s business resiliency risk assessment program for critical third parties/vendors. In addition, Peter is leading the firm’s Operational Risk Metrics Initiative with the goal of creating a consistent approach to the collection, validation, reporting and analysis of various metrics and Key Risk Indicators (KRIs) used to help manage operational risks.
Peter has over 19 years of financial services industry experience heading enterprise-wide business and technology programs as well as having operational line responsibilities in global markets, global custody banking and technology areas. Peter’s leadership skills were tested in crisis events. He was actively involved in managing Credit Suisse’s response to various business disruptive events in New York from 2003 to 2005 and with Morgan Stanley’s response to the terrorist attacks of September 11, 2001. Peter co-managed the effort to recover 700 employees from 3,700 impacted staff based at 2 and 5 World Trade Center. Peter holds a Bachelor's Degree in Economics from the State University of New York in Albany.
John Wolf, Jr. is an Executive Director of Morgan Stanley and Head of Americas Information Security with responsibility for security policy, education and awareness, incident management, data loss prevention, internal and external RFI response, and day to day core operations. John joined the Firm in 1992 as an Analyst in the Internal Audit Department and served in a variety of IT Auditor roles with increasing responsibility throughout his first 13 years with the Firm. He was named Vice President in 1999 and Executive Director in 2002. In August 2005, John joined CA Inc. as Head of IT Compliance. One year later, he returned to Morgan Stanley joining the Information Security Office. John earned a B.S. in Computer Science in 1992 and a M.S in Information Management in 1995 from the Polytechnic Institute of New York University.
Panel Participants
John Checco, Founder, Checco Services, Inc.
John C. Checco is currently an information security consultant at Bloomberg and a Director of Technology Due Diligence at Iris Capital Partners, an M&A firm. He is founder of Checco Services Inc., an information security consulting firm that markets the award-winning bioChec™ keystroke biometric technology. John currently holds CCSK, CISSP and CSSLP certifications, is a member of the Advisory & Content Committee of the WSTA, a board member for InfraGard’s NY Metro Chapter, and has active memberships in ASIS, ISSA and OWASP. He may be reached via email at John.Checco@CheccoServices.com
Timothy Elliott, Technology Consulting, Accenture
Tim is part of Accenture’s Security and Risk Practice with experience in Information security, operational risk management and business continuity organization design and deployment. He has spent most of his 15 + year career managing a variety of executive risk management functions and enterprise technology implementations focusing primarily on the financial services industry. Tim has led financial services industry working groups and has chaired conferences in partnership with various organizations including, the American Bankers Association, Financial Services Roundtable/BITS, ISACA/IIA and the Risk Management Association.
Don Erickson, Senior Vice President, Citi
Don is part of Citi’s O&T Risk Management group and is responsible for leading a Citi-wide initiative to manage and restructure Citi’s IT Policies and Standards. He has spent 7 years managing IT controls at Citi, first as the Head of Information Security for Citi’s Global Wealth Management business and most recently in Corporate O&T managing a series of global IT control programs including developer access to production.
Jody Leber-Pay is an Executive Director at Morgan Stanley
She has 28 years of technology experience that includes development, testing, administration, backups, security, risk, and technical writing. Jody has been at Morgan Stanley for over 12 years and her current role is managing the Global Technology and Data Policy team. Their responsibilities include policy and procedure design, development, measurements, reporting, and training. Jody’s passion is to have roles that require innovation, execution, and teamwork.
Moriah Lazar Hara, CISSP, CISM
VP, Threat Management, Global Information Security, Bank of America
Moriah has over 12 years of Information Security experience working with numerous Fortune 50 companies on their strategic and enterprise security requirements. Her specialties include PCI, where she helped build Visa’s Domestic and International PCI QSA program, Third Party Risk Management at Citigroup and Security Architecture for Microsoft Consulting. Currently in GIS Threat Management, she is working on identifying emerging threat trends in verticals such as Cloud, Mobile Commerce and Social Media. Moriah is involved in FS-ISAC’s quarterly NYC forum and has contributed thought leadership to the Financial Services Sector Coordination Council (FSSCC) for Critical Infrastructure Protection and Homeland Security. Moriah and the Threat Management team are also the creators of a patent-pending risk assessment methodology.
Peter Makohon, Senior Manager, Deloitte & Touche LLP
Peter Makohon is a senior manager in Deloitte’s Security and Privacy practice where he specializes in providing information security consulting services and solutions. Prior to joining Deloitte in 2009, Peter spent 14 years working for one of the nation’s top 5 banks where he served in a variety of technology leadership positions. Peter has extensive cyber security expertise that is based on a strong working knowledge of data networking technologies that was first leveraged during the Internet worm outbreaks of 2001. Peter currently serves as the national technical leader for Deloitte’s Cyber Threat Intelligence service offering. Peter also has over 20 years of industry expertise in areas such as information security, vulnerability management, risk management, merger migration planning and execution, data network engineering, application performance management, and business continuity planning. Peter presently serves on the US banking industry’s Financial Services Sector Coordinating Council (FSSCC).
Gijo Mathew is Vice President of Security Strategy and Marketing at CA Technologies
He leverages more than ten years of software development and security experience to interpret customer needs, drive security awareness and implement business-centric security strategies within enterprise organizations. In his current role he ensures that CA security management solutions reflect customer needs, market requirements and industry standards. Gijo is a Certified Information Systems Security Professional (CISSP) and uses his experience and knowledge to help organizations master the art of security by balancing business needs and risks. His expertise extends into many areas of security including Data Loss Prevention, Access Management, Cloud Security, and Identity Management. Gijo holds a B.S. in Computer Science from Ithaca College and a M.S. in Management Information Systems from Boston University.
Gene Zafrin is a Vice President in the Goldman Sachs Technology Risk department.
He has 20 years of Technology experience that includes software development, venture capital and management consulting. In his current role he manages the Policies and Standards program which covers over 100 firm wide policies, standards, guidelines and other documents.
