• 2021 NYSCSC: Security in a Virtual Era

    2021 NYS Cyber Security Conference

    June 8 - 9

Presenters

Robert Adams

iSECURE

Bob Adams is the lead security engineer for iSECURE, LLC. a cyber-security company based in Rochester, N.Y. servicing clients nationally throughout the United States. ISECURE delivers enterprise class security services and solutions to various market segments including Medical, Higher Education, Industrial, and Fortune 500 companies.  With over 30 years of experience and a self-professed geek, Bob has spent the majority of his career architecting, installing, securing and auditing networks for ICS-SCADA, HIPAA, and Enterprise Clients. The last 15 years has been spent advocating various compliance frameworks and solutions that enable his clients to operate securely. Not one to admit his age, his first IT Position had him managing Novell Netware 2.x in the mid-eighties. His passion to make cyber security accessible and interesting has led to Bob develop seminars focusing on markets that need more visibility and education. With a never ending curiosity, he loves to research current security trends and conduct exploits, spending far more time in his man cave than is prudent.   When Bob isn't in front of a computer he spends his time as a motorsport announcer and photographer for events throughout North America for several international sanctioning bodies including NASCAR & IMSA.

Shane Allen

Rubrik

Shane Allen brings over 20+ years of experience in technology to Rubrik. He has administered and managed networks ranging from US Navy Submarine data networks, city government, and commercial IT departments. He has been with Rubrik for over 4 and 1/2 years now and has held positions as a Commercial Sales Engineer, Enterprise Sales Engineer, and now a member of Rubrik's Platform Solution Architect team assisting sales teams and customers with technical consultation and providing product feedback and organizational enablement.

Robert Aragao

Micro Focus Government Solutions

Rob Aragao is Chief Security Strategist for the Americas within the Enterprise Security business unit of Micro Focus (merger of Hewlett Packard Enterprise Software). In this role, Mr. Aragao is responsible for working with organizations collaboratively to drive strategic initiatives around cyber security and alignment with business objectives and desired outcomes. He also provides thought leadership and insight regarding the ever-changing global threat landscape.

Prior to joining Micro Focus, Mr. Aragao served as Vice President of Security Strategy at ReliaQuest with responsibilities for driving strategy, innovation and execution of a portfolio of security service offerings focused on the Fortune 1000. Previously, he was with eIQnetworks where he led security operations and services. Prior to eIQnetworks, he was with Altiris (acquired by Symantec), where he led the Worldwide Security Management Division. He has also held leadership roles with Level 3/Genuity, Stream International and Siemens.

Mr. Aragao brings over 20 years of information security experience with an emphasis in security and cyber risk best practices, threat intelligence, security monitoring and regulatory compliance initiatives.

Mr. Aragao's experience has provided him with key insights into the challenges and approaches to combat today's cyber threats. He is a frequent speaker and panel member and has presented at security conferences such as the International Conference on Cyber Security, FBI InfraGuard, SC Congress, Cloud Expo, Harvard IT Summit and other national and regional security events.

He earned a bachelor's degree in Computer Information Systems and Business Management from Bryant University and is a Certified Information Systems Security Professional (CISSP).

Mick Baccio

Splunk

Mick Baccio fell in love with the idea of cyberspace around nine years old after reading Neuromancer, which led him to pursue a career in computer operations with a focus on information security.

Before joining Splunk, he held the title of Chief Information Security Officer at Pete for America, holding the honor of being the first CISO in the history of presidential campaigns. Mick was also the White House Threat Intelligence Branch Chief in both the Obama and Trump administrations and helped create a threat intelligence program during the rollout of the Affordable Care Act at the Department of Health and Human Services.

A US Navy veteran, Mick has also served in cybersecurity and technical roles at the Department of Defense and Centers for Disease Control. As a Global Security Advisor at Splunk, Mick leverages his background and expertise to help customers solve complex security problems. In his spare time, when not posting pictures of food, cats, or Air Jordans to social media, Mick is a Goon at DefCon, and teaches lockpicking.

Laurin Buchanan

Secure Decisions

Laurin Buchanan spent two decades managing IT operations and InfoSec in the corporate sector, most recently for a Fortune 1000 company. She uses that operational background as Principal Investigator at Secure Decisions, where she leads R&D efforts for new and novel solutions to improve cybersecurity decision making by humans for customers such as the Air Force Research Laboratory, the Department of Homeland Security, and the Naval Research Laboratory. Her research projects in cybersecurity education  include development of Comic-BEE, a web application for creating interactive, branching web comics for cybersecurity education and evaluation on any cybersecurity topic, novice to expert. She has twice received funding from the National Science Foundation for research on cybersecurity education for middle school students. Laurin served as a subject matter expert during initial development of the National Initiative for Cybersecurity Education (NICE) Workforce Framework that describes the work of cyber security practitioners and is an active member in the NICE Working Group, currently co-Chair of the K12 Sub Group. She also serves on the Advisory Board for Suffolk County Community College's cybersecurity degree program and as Associate Editor for Practice at the Cybersecurity Skills Journal from the National CyberWatch Center. Laurin is a Certified Information Systems Security Professional and a frequent speaker at conferences and events.

Ashley Campbell

Microsoft

Ashley Campbell is an Enterprise Security Executive responsible for state and local government customers in the Eastern half of the United States.  Ashley spends her time with SLG customers on developing their cybersecurity strategy, helping them understand Microsoft's complete security story, and sharing security product updates. Ashley is a trusted advisor to state CISO's providing technical support, industry trends, IR briefings, opportunities for Microsoft led engagements (OpenHacks, Training programs, etc). Ashley is located in Northern Virginia.

Ashley previously served as the operations lead for the Microsoft Cyber Alliance at Ernst & Young. She delivered business value sessions and E5 implementations for the firm. Ashley has also served as a cyber security analyst for a DOE nuclear propulsion company. She is a graduate of Lynchburg College where she majored in Economic Crime Prevention & Investigation.

Jon Clay

Trend Micro

Jon Clay has worked in the cybersecurity space for over 23 years. He is responsible for managing marketing messages and external publication of all threat research and intelligence within Trend Micro as well as different core technologies.  As an accomplished public speaker with hundreds of speaking sessions around the globe, Jon focuses on the threat landscape and the use of big data in protecting against today's sophisticated threats. 

Michael Corby

M Corby & Associates, Inc.

Mr. Corby is a highly effective senior executive with a career in several specialties and environments. He uses his effective interpersonal skills supported by his technical background to create highly effective teams in large organizations with revenues in excess of $10B as well as emerging businesses, public service and non-profit entities.  For over 40 years, he has been a security consulting executive and project portfolio includes strategy, application design and architecture, security operations, digital forensics and organizational governance and metrics.  He was a founder of (ISC)2 Inc., the Consortium that developed the Security Common Body of Knowledge and established the CISSP (r) Credential.  Mike is a frequent presenter at the NYS Cyber Security Conference and has created and implemented Security Consulting practice offerings for international service organizations including Netigy, QinetiQ, Gartner, Marsh and CGI.

Mandouh Csintalan

RenaissanceRe

Mandouh is an InfoSec Analyst at RenaissanceRe where he's the firm's lead on the vendor assessment program, cyber awareness program, and drives forward the cyber program's maturity around governance, risk, and control. He was previously with Deutsche Bank where he worked across different departments such as Global Networks Services, the Chief Data Office, and the Chief Information Security Office. While in CISO, he worked closely alongside the Americas CISO to deliver new cyber capabilities, respond to regulatory requirements, deliver the cyber awareness program, and more. He graduated with a B.Sc. in Quantitative Finance from Stevens Institute of Technology in 2015.

Deidre Diamond

CyberSN

Talent and technology visionary, Deidre Diamond, Founder, and CEO of CyberSN and Secure Diversity, has created the largest cybersecurity talent acquisition service and technology firm in the U.S while focusing on the cybersecurity talent shortage, specifically the shortage of women. Deidre's mission is to remove the pain from job searching and matching for everyone. Deidre cares tremendously about people loving where they work and has been working to create cultures that have high Emotional Intelligence (EQ) skills. These skills focus on words and behaviors. Deidre is known in the Diversity/Inclusion (D/I) community as someone who works hard at ensuring words and behaviors are inclusive for all so that inclusive environments can also be diverse environments.

George Freeman

LexisNexis Risk Solutions

George is a subject matter expert for Partners/Integrators as well as customers in government & healthcare. George provides illustrate use cases and workflow designs to mitigate cyberthreats from increasing use of stolen identities and bot attacks. Workflow solutions include ThreatMetrix Digital Identity risk assessment with physical identity verification and step-up authentication via LexisNexis Risk Solutions physical identity products. George works with various LNRS business development teams to define Identity solutions for increasing threats to work-from-home environments and partnering with leading Identity and Access Management (IAM) vendors.

Stephen Gates

Checkmarx

Stephen Gates is an experienced writer, blogger, speaker, and published author with years of hands-on knowledge in information security. He is dedicated to conveying facts, figures, and information that builds awareness of the cybersecurity issues all organizations and consumers face. Stephen has more than 25 years of computer networking and information security experience with a Master of Science Degree in Information Security and Technology Management.

John Gelinne

Deloitte

John Gelinne, CAPT, USN (Ret) is a Managing Director in Deloitte's Cyber Risk Services and is a part of the Resilient practice that helps clients prepare, respond and recover from cyber incidents.  John joined Deloitte after retiring from the U.S. Navy after 30 years of service.  He is responsible for Cyber Incident Response, Cyber War Gaming and building technical resilience services that allow organizations to rapidly adapt and respond to dynamic changes, disruptions, or threats.  Prior to coming to Deloitte, John was a Surface Warfare Officer and held afloat command at various levels including command of USS Hurricane (PC3), USS Kauffman (FFG59) and Commodore, Destroyer Squadron Twenty Two.  Ashore, John served on the Chief of Naval Operations Strategic Studies Group, Chief of Staff, Commander Naval Surface Forces, and Deputy Director, Navy Quadrennial Defense Review.  John's last tour in the Navy was Chief of Staff for U.S. Fleet Cyber Command/U.S. TENTH Fleet, the Navy's lead cyber command.  John has been published in U.S. Naval Institute Proceedings, Deloitte Review, Dark Reading and the Wall Street CIO Journal on topics ranging from building cyber resilience to cyber wargaming.  He was also co-author of Deloitte's recent "Beneath the Surface of a Cyber Attack, a study where he describes the hidden costs associated with a cyber breach.   Selected Experience:  Led numerous restoration and remediation programs in a post cybersecurity event environment to determine root cause, remediate and return the organization to normal operations.  Led a multi-organization cyber incident response workshop and wargame.  This cross organization wargame was the first-of-its-kind in the health care industry and engaged six of the largest health plans in the nation.  The workshop and simulation allowed participants to collaborate and synchronize cyber incident response plans including enhancing communication and escalation paths. Led a multinational Deloitte team at two global banks to improve their ability to recover from data corruption events.  These engagements developed a technology risk strategy to accelerate and improve data corruption recoverability, leveraging existing disaster recovery and business continuity capabilities while also providing recommendations for innovative, offline backup strategies.   

Raj Goel

Brainlink International, Inc.

Raj Goel, CISSP, is an author, entrepreneur, IT expert and industry leader that specializes in the field of cyber security and privacy law. As founder of Brainlink, Raj has spent more than 20 years developing proven IT solutions for a range of high-profile clients in the financial, construction, architectural and property management industries.    His uniquely developed SOPCulture Process (winner of 2015 SmartCEO's Culture Award) has changed the way his clients think about documentation by showing them how to develop processes for documentation of each and every task, allowing them to rapidly increase productivity, eliminate redundancies and increase quality of service to their clients.    As a 25+ year veteran of the tech industry, Raj has promoted awareness of surveillance & privacy through his published books, which include:    UNPLUGGED Luddites' Guide To Cybersecurity  The Most Important Secrets To Getting Great Results From IT.

Sanjay Goel

University at Albany - School of Business (SUNY)

Sanjay Goel is a Professor and Chair of the Information Security and Digital Forensics Department in the School of Business and the Director of the Center for Forensics Analytics Complexity Energy Transportation and Security. He is also the Director of the Digital Forensics BS and MS Programs at the University which he started. Dr. Goel received his Ph.D. in Mechanical Engineering from RPI. His research interests include information security, cyber warfare, music piracy, complex systems, security behavior, and cyber physical systems. His research on self-organizing systems includes traffic light coordination, smart grid and social networks. He is actively engaged in policy efforts on cyber security norms, CBMs, and cyber treaties. He co-authored the "Smart Grid Vision:2020" and the accompanying technology roadmap. In his prior work at General Electric Global Research he has extensive experience in design of power and aircraft turbines.

Ben Goodman

ForgeRock

Ben Goodman is a certified information systems security professional (CISSP). He currently serves as the senior vice president of global business and corporate development at ForgeRock. In his current role Ben is responsible for corporate development, global strategic partnership, and technology ecosystem efforts across the enterprise. Additionally, he leads ForgeRock's ecosystem development team to support and extend the company's industry-leading technology ecosystem. Ben was the architect of New York City's first LDAP and Identity framework implementation and has been working with New York State public sector customers for over twenty years.

F. Paul Greene

Harter, Secrest, and Emery, LLP.

As chair of law firm Harter, Secrest, and Emery's Privacy and Data Security practice group, F. Paul Greene counsels clients of all sizes in a wide range of industries, many of which have to comply with strict data privacy regulations.  Paul helps clients with pre-breach preparation and risk management, including security and vulnerability assessments, policy and procedure review, breach response planning and drills, as well as board and management education on cyber risk issues. After the breach, Paul, his team, and the team's professional consultants provide a full array of breach coach and response services, including breach response and remediation, crisis management and communication, internal and governmental investigations, breach notification, and potential litigation or regulatory action.  Paul's clients have included long-term and health care providers, insurers, and groups; Fortune 100 companies; a major credit card and travel-related services company; an international shipping and logistics company; an international printing and packaging company; a health care trade association; an agricultural cooperative; a public water authority; design professionals and construction companies; automotive dealers of all sizes; as well as closely held businesses and individuals.

Tom Grimes

Infoblox

Tom Grimes is a Cyber Security Specialist for Infoblox.  Tom brings over 25 years of networking and security experience.  Previously, Tom has worked as a networking/security specialist for Cisco, Proofpoint, Carbon Black and Forsythe.  Tom is currently finishing up his Masters in Cybersecurity with a concentration in Malware Analysis.  With over 25 years of experience in developing security solutions for Service Providers, Public Sector and Enterprise customers, Tom helps customers not only understand the technical, but also the business impacts of cyber-attacks and how to help mitigate those threats, specifically with a focus on DNS. 

Bil Harmer

SecureAuth

Bil has been in the IT industry for 30+ years. He has been at the forefront of the Internet since 1995 and his work in security began in 1998. He has led security for Startups, Government, and well-established Financial Institutions. In 2007 he pioneered the use of the SAS70 coupled with ISO to create a trusted security audit methodology used by the SaaS industry until the introduction of the SOC2. He has presented on Security and Privacy in Canada, Europe, and the US at conferences such as RSA, ISSA, GrrCon and the Cloud Security Alliance. He has been interviewed by and has written for various publications such as Forbes, Dark Reading, Data Informed, The Belfast Telegraph and Security Intelligence. His vision and technical abilities have been used on advisory boards for Adallom, Trust Science, ShieldX, Resolve, Integris and SiberXchange. He has served as Chief Security Officer for GoodData, VP Security & Global Privacy Officer for the Cloud Division of SAP, the Americas CISO for Zscaler and now serves as CISO and Chief Evangelist for SecureAuth.

Reg Harnish

Reg Harnish is a serial entrepreneur, nationally-recognized cybersecurity expert, keynote speaker, author and founder and Board Director of GreyCastle Security, a leading provider of cybersecurity risk, compliance, certification and privacy services.  Reg has been practicing cybersecurity for nearly two decades. His experiences, skills and perspectives have established him as a highly-respected thought-leader. He has held senior cybersecurity and executive leadership positions for numerous organizations, including the Center for Internet Security, Autotask (acquired by Datto) and SynQuest (acquired by Viewlocity).  Reg is regularly featured in Time Magazine, Forbes, The Washington Post, CBS Nightly News, CIO Magazine, Dark Reading, Software Magazine, ComputerWorld, InfoWorld and numerous other media outlets.  Reg is a nationally-recognized speaker and has presented at countless industry and security conferences. His thoughtful and sometimes provocative perspectives on business, leadership and cybersecurity have made him a highly sought-after keynote speaker.   In addition, Reg is a fellow of the National Cybersecurity Institute, a research center in Washington, DC; was recently recognized as the Cybersecurity Consultant of the Year in North America by the Cybersecurity Excellence Awards for both 2018 and 2017; has co-authored several books on cybersecurity awareness and is a regular content contributor to the Forbes Technology Council; serves as a cybersecurity advisor to numerous colleges and universities; was recognized by MARCOM as an innovator in cybersecurity communications; is Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and an ITIL Foundations certified.

Alex Holden

Hold Security, LLC

Alex Holden is the founder and CISO of Hold Security, LLC. Under his leadership, Hold Security played a pivotal role in information security and threat intelligence, becoming one of the most recognizable names in its field. Holden is credited with the discovery of many high-profile breaches including Adobe Systems, JPMorgan Chase, Yahoo, and many other high-profile breaches. Mr. Holden researches minds and techniques of cyber criminals and helps our society to build better defenses against cyber-attacks.

Leonard Jacobs

Netsecuris LLC

Leonard Jacobs is President/CEO of Netsecuris LLC, a leading Managed Cyber Defense and Incident Response Provider specializing in providing cyber security protections to the utilities, financial services, manufacturing, and government sectors. Leonard founded Netsecuris in July 2000. Leonard has 37 years of hands-on technology management experience including over 23 years in cyber security. He has spoken on many cyber security topics at conferences and has written many cyber security whitepapers.  Leonard is considered an expert in Industrial Control System cyber security. His first employment was with a major minicomputer manufacturer, which was a major supplier of industrial control systems to power plants and steel mills. Leonard was previously employed as field engineer for several biomedical systems manufacturers, an IT Manager in healthcare, a CISO at a major financial institution, and various roles at a major utility working mostly on industrial control systems cyber security. He holds a MS degree in Cybersecurity Technology from University of Maryland, an MBA degree from University of Phoenix, and BA degree from University of Florida. He holds a CISSP certification from ISC2 and Certified SCADA Security Architect certification from IACRB.  Leonard serves on various U.S. government-funded cyber security working groups tackling major cyber security issues.  He has previously served as an Instructor at Minnesota Cyber Range managed by Metropolitan State University and has taught cybersecurity certification exam preparation courses there.  He has participated in National Guard cybersecurity exercises as a civilian consultant.  Leonard developed a 13 week Cyber Security Analyst practical curriculum.

Ondrej Krehel

LIFARS

Ondrej Krehel, CEO & Founder of LIFARS is recognized world-wide for his Digital Forensic expertise and Ethical Hacking. He actively participates in many high-profile engagements around the world whereby his proprietary methodology is leveraged to achieve the most rapid root-cause analysis and remediation. He is a former lecturer at FBI Training Academy and Chief Information Security Officer of IDT911, the nation's premier identity theft recovery and data breach management service. He previously led forensic investigations and cybersecurity consulting at Stroz Friedberg encompassing US government engagements and missions, including military cyber special operations. With two decades of experience in computer security and forensics, Mr. Krehel has conducted a wide range of expert witness testimonies, red team exercises, cyber resilience matters, investigations, including data breached through computer intrusions, theft of intellectual property, massive deletions, defragmentation, advanced file recovery and carvings, anti-money laundering, financial fraud, mathematical modeling and computer hacking. He holds an Ph.D. in Computer Forensics from Police Academy in Bratislava, and M.S. degree in Mathematical Physics from Comenius University in Bratislava and an Engineering Diploma from Technical University in Zvolen, Slovakia. Krehel is a frequent speaker at industry events and author on matters related to information security and computer forensics. His work has received attention from CNN, ABC, BBC, Reuters, The Wall Street Journal and The New York Times.

Dave Lewis

Duo Security at Cisco

Dave Lewis has 25 years of industry experience. He has extensive experience in IT security operations and management including a decade dealing with critical infrastructure security. Lewis is a Global Advisory CISO for Duo Security (now part of Cisco). He is the founder of the security site Liquidmatrix Security Digest and cohost of the Liquidmatrix podcast as well as the host of the Plaintext and Murder Board podcasts. Lewis serves on the advisory boards for several firms. He is currently enrolled in a graduate program at Harvard University. Lewis writes columns for Daily Swig, Forbes and several other publications.

Neal Maguire

Verizon

Neal Maguire is the Investigations Manager for the Verizon Threat Research Advisory Center (VTRAC). In this role, Neal is chiefly responsible for managing the conduct of computer forensic investigations, analysis, data recovery, case-load intelligence and IT investigative work related to delivery of the team's book of business, including all matters related to PCI / PFI investigations, liaising with the payment card brands and providing advisory consulting services to client senior management and the C-suite.

Prior to joining the VTRAC Team, he was the Business Leader of Payment Systems Integrity for MasterCard International. In his role at MasterCard, Neal was responsible for the global development, leadership and management of the MasterCard Account Data Compromise (ADC) Program managing MasterCard's incident response to payment card breaches globally.   

Neal is an active public speaker, discussing various topics ranging from high-level cyber security best practices to C-suite executive briefings. He has been a contributing author to the Verizon Data Breach Investigations Report (DBIR) and routinely presents the DBIR report and its findings to audiences and at conferences on a global basis.   

Neal holds a MBA from the Hagan School of Business at Iona College and a Bachelor's degree in Economics from Fordham University. 

Yogesh Malhotra

Global Risk Management Network, LLC

Dr. 'Yogi' has pioneered multiple Digital Transformation Practices, Technologies, Ventures, and, Teams with worldwide clients and patrons such as Goldman Sachs, Google, IBM, Intel, Ogilvy, Harvard, and, MIT. His ventures and practices guide and lead worldwide firms and governments including global IT leaders such as Microsoft founder Bill Gates and U.S. Army, Navy, Air Force, and, AFRL CIOs. They are reviewed worldwide as global R&D, industry practices, and, e-learning benchmarks for Business-Information Technology ('BizTech') convergence such as by Business Week, Fortune, Fast Company, Inc., Wall Street Journal, New York Times, Chief Executive, Computerworld, Information Week, and, CIO Magazine. He recently led 200 global industry executives from firms such as Google and Microsoft in executing strategic deployment of Artificial Intelligence (AI) technologies for the Massachusetts Institute of Technology (MIT) Sloan School of Management and the MIT Computer Science & AI Lab Management & Leadership program. In addition to pioneering CEO-CxO Practices, Technologies, Ventures, and, Teams in AI, Machine Learning (ML), Deep Learning, Natural Language Processing (NLP), and, Robotic Process Automation (RPA), his R&D driven leadership builds and leads global industry practices in AI-ML, Quant, Cyber, Crypto, and, Quantum Computing technologies via venues such as Princeton Quant Trading, FinTech & Block Chain-Crypto conferences sponsored by Princeton University, Goldman Sachs and Citadel; New York State Cyber Security conferences sponsored by the New York State (NYS) Governor and CIO; and, Armed Forces Communication and Electronics Association (AFCEA) C4I & Cyber Conference sponsored by the U.S. Air Force Research Lab (AFRL).

Matt Malone

Vistrada

Matt Malone has over 15 years of proven experience within the information security realm. Mr. Malone has assisted customers both pre-hack / incident (secure) and post hack (limit exposure and minimize damages) Mr. Malone has worked with national acquiring banks to reduce or eliminate fines levied against his clients.  Mr. Malone has consulted with the FBI and NYPD Cyber Crimes Division on security threats and attacks assisting with investigation, documentation and pursuit of offenders.  Mr. Malone has gained valuable experience working with both small and enterprise corporations serving on several advisory boards. Additionally, Mr. Malone is a sought-after speaker and writer who has published and been featured in national publications such as Wired and CIO Magazine, as well as appeared in several national newscasts on CNBC Squakbox, NBC nightly News, FOX Money, NPR all things considered.

Carl Mazzanti

eMazzanti Technologies

Carl Mazzanti is the Co-founder and President of eMazzanti Technologies, Microsoft's 4X Partner of the Year, NJ Business of the Year, 8X Inc. 5000 list honoree and the ranked NYC Area MSP. His company specializes in IT security, cloud solutions, multi-site implementations, outsourced network management, remote monitoring, and support.   A frequent business conference speaker and technology talk show guest, Carl has often contributed at Microsoft-focused events, including the Microsoft Worldwide Partner Conference (Inspire). His clients have been featured in over 60 Microsoft videos and case studies.

Mark McIntyre

Microsoft

Mark McIntyre is a Chief Security Advisor in Microsoft's Security Solutions Area.  Mark supports US and allied governments' information assurance and cybersecurity efforts by helping CISO and mission teams modernize their security, compliance and identity strategies and investments.  Focusing on areas like Zero Trust, cloud-first identity and SOC operations, Mark helps CISOs understand Microsoft's perspectives on the evolving cyber threat landscape and how Microsoft defends its enterprise, employees, and users around the world.  Mark is based in Bellevue, WA.

Mark previously ran the Government Security Program, Microsoft's global trust and transparency initiative for information assurance and national security bodies.  Mark also the Security Cooperation Program, Microsoft's cyber threat-information sharing program for global CERTs; and the Child Exploitation Tracking System (CETS) initiative, through which Microsoft partnered with international law enforcement to combat the online sexual exploitation of children.

Mark joined Microsoft in June 2007, after 11 years in the US government working on counterterrorism, information operations and regional security issues.  Mark has an MA from the University of Washington, a BA from the University of Wisconsin, and a certificate in Korean language from Yonsei University, Seoul, Korea.  He also holds CISSP and CCSP designations from ICS2.

Jeff Miller

Arctic Wolf Networks

Jeff is a unique blend of engineer, teacher and evangelist for all things cybersecurity. His roots in cybersecurity stem from his engineering degree and tenure at the nation's second largest law firm where he defended against ransomware, the hacktivist group Anonymous, and distributed denial of service attacks. Jeff educates organizations on how to adhere to security regulations and cybersecurity best practices around cybersecurity.

Shehzad Mirza

Global Cyber Alliance

Shehzad Mirza is the Director of Operations for the Global Cyber Alliance (GCA),   an international nonprofit dedicated to eradicating cyber risk. He is responsible for the strategic and operational oversight of all facets of GCA's information technology.  Prior to joining GCA, Shehzad was a manager in the Advisory Services practice, as part of the security monitoring group, of Ernst & Young LLP. He also served as Senior Director of Security Operations at the Center for Internet Security (CIS), an internationally recognized not-for-profit organization that provides cybersecurity services and support to state, local, tribal, and territorial governments throughout the United States.  He was responsible for managing the security operations, which included a 24x7 security operations center (SOC) consisting of security analysts and Intel analysts providing cybersecurity and detection/notification services to all state and local governments across the United States for the Multi-State Information Sharing and Analysis Center (MS-ISAC). Shehzad started his career in cybersecurity as a consultant with Symantec working and managing a 24x7 security operations center (SOC) for the State of New York.  He started as an analyst and within four years managed the SOC.

Chris Montgomery

Proofpoint

As a Solutions Architect, Mr. Montgomery serves as global evangelist for Proofpoint's advanced security portfolio, including threat intelligence, advanced threat sandboxing, security orchestration, and related technologies.  He assists large enterprises in understanding the threat landscape, and how to design an effective security architecture to effectively manage risk.  Mr. Montgomery is a CCIE, and holds a number of other industry certifications, including CISSP and ITIL.

Matt Nielsen

GE Research

Matt Nielsen is a Principal Scientist in the Controls and Optimization organization at GE Research, where he leads several programs on cyber-physical security.  He attended undergraduate school at Alma College receiving a B.S in Physics and later in 1998 received his PhD in Physics from Rensselaer Polytechnic Institute. After graduation, he joined General Electric to work on a variety of efforts from electronic packaging to wide band gap semiconductors. He later led a large research program developing technology in photonics, more specifically ultra-fast optical communications and three-dimensional optical storage materials and systems. For nearly ten years, Dr. Nielsen has been developing and using Digital Twins for a wide range of applications from optical devices, electric vehicles and large-scale combined cycle power plants.  Currently, he is leading three US Dept of Energy grant programs to develop cyber-physical security for critical infrastructure.

The NYS Forum Information Security Workgroup Panel


William J. Malik

Trend Micro

Bill helps clients achieve an effective information security posture spanning endpoints, networks, servers, cloud, and the Internet of Things.  This involves technology, policy, procedures, and impacts acquisition/development through deployment, operations, maintenance, and replacement or retirement.

During his four-decade IT career, Bill has worked as an application programmer with the John Hancock Insurance company; an OS developer, tester, and planner with IBM; a research director and manager at Gartner for the Information Security Strategies service and the Application Integration and Middleware service, and served as CTO of Waveset, an identity management vendor acquired by Sun. He ran his own consulting business providing information security, disaster recovery, identity management, and enterprise solution architecture services for clients including Motorola, AIG, and Silver Lake Partners. Bill has over 160 publications and has spoken at numerous events worldwide.

Bill attended MIT, majoring in Mathematics. He is a member of CT InfraGard and ISACA.

Shawn Rahn

CDW-G

Shawn Rahn has led emerging technology innovation as a systems integrator, developer, and manufacturer the last 20+ years.  Beginning as an R&S network engineer, Shawn has led multiple startup advanced technology and engineering businesses ranging from wireless and mobility solutions, hardware design and manufacturing, agile software development teams, and most recently built a unique IoT practice Cisco and Intel consider to be the pioneering IoT solution provider noting, "This team did IoT before we called it IoT."  Shawn's mission is to reinforce the message that, ever since we invented the wheel, technology has one primary objective; improve our quality of life.

Scott Rogler

NYS Office of Temporary and Disability Assistance (OTDA)

Scott Rogler is the Chief Information Security Officer for the NYS Office of Temporary and Disability Assistance (OTDA), a position he has held since February 2018. In his role, he guides the OTDA's Information Security Office's comprehensive governance, risk management and compliance programs.  He is responsible for providing strategic leadership and vision, and assuring business-aligned, risk-based investments that maximize business opportunity and minimize information security risk for the agency.

Mr. Rogler has extensive experience in government program administration, information technology and cyber security policy. He actively supports the agencies efforts to enhance the secure delivery of government services. He has been recognized for excellence in public programs and outstanding contributions to the field of cyber security.  Prior to his work at OTDA, Mr. Rogler was the Manager of Secure Architecture and Engineering for the New Your State Enterprise Information Security Office (EISO), a position he has held from January 2013 to 2018. At EISO Mr. Rogler was responsible for providing technology risk management, enterprise level technical expertise concentrating on secure systems and engineering. Additionally he provided technical security guidance for the development and practice of the NYS secure systems development lifecycle. He has directed State of New York Agencies and business partners on how to best incorporate critical security controls, standards and policy compliance to align with industry standard frameworks for security, NIST, FIPS, SANS.

Mr. Rogler has over thirty years' experience as a CTO, IT manager and consultant in the private sector, providing IT governance and leadership for clients worldwide ranging from higher education to large healthcare organizations to Fortune 50 corporations. Mr. Rogler has been recognized for his work by being named to the NYS security assessment taskforce, The Gateway National Academic Technical Advisory Board and Aberdeen's Technology Forecasting Consortium. Mr. Rogler has presented nationally on topics ranging from HIPAA, healthcare GIS, Information Security and FISMA, including keynotes at NERCOMP and EDUCAUSE.

Mr. Rogler also holds a variety of industry certifications in systems, security and management.

Rusty Sides

Checkmarx 

Rusty has over 23 years of software development, sales engineering, team management, and security consulting experience.  During this time, Rusty has helped some of the largest organizations in the world in industries ranging from finance, entertainment, and Silicon Valley technology leaders in the private sector to public sector organizations within the DoD, Civilian and Intel communities implement solutions to secure software development life cycles.  Rusty has experience as an ISSM converting programs from DIACAP to RMF to achieve their ATO.  Rusty's background in application security, wide range of programming languages, software architectural design, DevSecOps expertise, and Public Sector knowledge has been an asset to many speaking engagements at government, technology and security conferences internationally.

Jesse Trucks

Splunk

Jesse Trucks has worked in IT and Security operations for over 20 years. In that time, he has worked for the US Department of Energy Oak Ridge National Laboratory (ORNL) and D. E. Shaw Research (DESRES) supporting HPC clusters and supercomputers and at multiple telecoms and managed service providers, as well. Trucks has extensive experience in designing and implementing risk mitigation and security programs, compliance auditing processes and systems, and defensive security operations. He has developed multiple bespoke monitoring and automation systems, and he has implemented a multitude of commercial monitoring, SIEM, and automation systems. Trucks has worked for Splunk for over six years and is also co-founder and Principal of a small elementary school. He resides in Knoxville, TN, where he adores family life, roasting coffee, raising poodles, and amateur radio (callsign N9MOM).


Jim Richberg

Fortinet

Jim Richberg's role as Fortinet's Field CISO for the Public Sector leverages his 35 years' experience driving innovation in cybersecurity and threat intelligence. Before joining Fortinet in 2019, he served as the National Intelligence Manager for Cyber, the senior Federal Executive focused on cyber intelligence for the 17 organizations and 100,000 employees of the US Intelligence Community. He also oversaw implementation of the Comprehensive National Cybersecurity Initiative under Presidents Bush and Obama.

Patrick Robinson

AT&T 

Patrick is part of AT&T's Information Security solutions organization. He is Associate Director - Cybersecurity for the Public Sector markets. He and his team work with governmental organizations to help develop meaningful and impactful solutions to their security challenges. He draws on 15+ years' experience in helping design solutions. 

While he has only been at AT&T 6+ years, he's been involved in Information Security solutions since 1999 when he co-founded a company to research crypto systems and develop software solutions. In seven years, that company patented 23 crypto systems and one hash algorithm.

Another significant project he undertook was to conduct the first risk analysis of America's SCADA systems under a DHS SBIR contract in 2005.  He led the team that analyzed the policies, technologies and people. He reported on vulnerabilities, and recommended remediations to DHS and to Industry.

In 2021 understanding how to secure SCADA systems, and IoT systems, is now a critical skill. 

He works to help customers move from a reactionary model to a proactive model. He helps them understand the benefits of getting and staying ahead of "the curve". 

He writes for and sits on panels for organization such as Government Technology's Special Districts and NASTD, evangelizing cybersecurity. 

He is pleased to be part of AT&T's Cybersecurity operations.

Roselle Safran

KeyCaliber

Roselle Safran is CEO and Founder of KeyCaliber, a technology startup that provides a strategic platform for cybersecurity executives.   Previously, she was President of Rosint Labs, a cybersecurity consultancy to security teams, leaders, and startups, and simultaneously the Entrepreneur in Residence at Lytical Ventures, a venture capital firm that invests in cybersecurity startups. Before that Roselle was the CEO and co-founder of Uplevel Security, which provided incident management and response technology to enterprises, and was acquired by McAfee.   Prior, Roselle managed cybersecurity operations at the Executive Office of the President during the Obama Administration. There she directed the tactical, operational and strategic work of the 24x7 Security Operations Center that protected and defended the White House's network. Before that she managed analysis teams at the Department of Homeland Security's US-CERT and led the development of two cyber threat intelligence platforms there.  Roselle holds a Certified Information Systems Security Professional (CISSP) certification and a Bachelor of Science in Engineering degree from Princeton University.

Mike Semel

Semel Consulting

Mike Semel is a noted thought leader, speaker, blogger, and best-selling author. He is the President and Chief Security Officer of Semel Consulting, focused on HIPAA and other regulations; cyber security; and Business Continuity planning. Mike is a Certified Business Continuity Professional through the Disaster Recovery Institute, a Certified HIPAA Professional, Certified Security Compliance Specialist, and Certified Health IT Specialist. He has owned or managed technology companies for over 35 years; served as Chief Information Officer (CIO) for a hospital and a K-12 school district; and managed operations at an online backup company. Mike has spoken to many audiences including the medical team at the Kennedy Space Center and the New York State Cyber Security conference. He is the best-selling author of How to Avoid HIPAA Headaches.  Mike has created Business Continuity plans for small businesses, healthcare organizations, and financial institutions, including a $ 4 billion federal credit union with 180,000 members. His business continuity plans meet regulatory requirements and have helped businesses survive the Joplin tornado, Hurricane Irene, SuperStorm Sandy, and many smaller disruptions.   He has managed hundreds of HIPAA and regulatory compliance assessments, and Meaningful Use Security Risk Analyses, for doctors, hospitals, labs, nursing homes, home health care, health plans, government agencies, and Business Associates.  Mike has advised over 50 organizations to help them comply with the NY SHIELD Act.

Robert Siciliano

ProtectNowLLC.com

Robert is a security expert and private investigator with 30+ years experience, best selling Amazon.com author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com. Robert has been featured on CNN, Fox News, CNBC, MSNBC, ABC World News Tonight, NBC Nightline, CBS Early Show, Today Show, Good Morning America and in the NY Times, Wall Street Journal, Time Magazine, Fortune, Forbes, Entrepreneur and many more.

His personal mission is to inform, educate and empower people so they can protect themselves and their loved ones from violence and crime in their everyday lives, both in their physical and virtual interactions.

Bob Siegel

Privacy Ref, Inc.

Bob Siegel is recognized as a Fellow in Information Privacy by the International Association of Privacy Professionals (IAPP) and a Certified Information Privacy Professional with endorsements for US Private and Public Law (CIPP/US, CIPP/G), European Law (CIPP/E), Canadian Law (CIPP/C), IT Practices (CIPT), and Privacy Program Management (CIPM). He has deep subject matter knowledge surrounding key laws and regulations regarding consumer privacy and information security. He has been a member of the IAPP Certification Advisory Board for its Publications as well a member of their training faculty, having trained over 7,000 privacy professionals. Bob contributed to the creation of the IAPP's Privacy Program Management and European Data Protection classes as a subject matter expert.    Prior to founding Privacy Ref, Bob was the Senior Manager of Worldwide Privacy and Compliance for Staples, Inc. He transitioned a program that focused on PCI DSS compliance to one fully encompassing all aspects of privacy for 90,000 employees across 66 business units in 28 countries. Bob is also an accomplished program management expert with a successful record of achievement in business planning, information privacy, sales support, customer support, application development, and product management. He has a proven record of working with executive teams to convert strategic plans into programs with well-defined, measurable outcomes.

Kelly Miller Smith

Deloitte

Kelly Miller Smith, CISSP, PMP, GCIH is a Cyber Risk Leader helping Federal Executives use Cyber Risk data to make risk-informed security decisions, currently serving as the Cyber Risk Quantification leader for Government and Public Services. He brings extensive leadership experience across several federal government agencies and private companies on issues of risk management, privacy, cybersecurity engineering and analytics, incident response, disaster recovery, business continuity, and cyberthreat intelligence. Kelly is focused primarily in the Government Civil Sector with a specialization in Tax Administration.  He is the co-author of the whitepaper "Beneath the Surface of a Cyberattack: A Deeper Look at Federal Sector Impacts" in addition to several classified publications. Kelly has led projects at agencies such as the Internal Revenue Service, House of Representatives, Ginnie Mae, Defense Media Activity, Census, and the DoD Space Intelligence Office.

These opportunities have allowed him to create security strategy to enhance privacy of Federal Taxpayer Information (FTI) and align with privacy requirements (e.g. IRC 6103); lead cloud security architecture and engineering for one of the largest financial institutions in the world; drive security preparations for audit of $3 trillion financial statement; steer advanced security risk analytics initiatives, using cloud hosted assets to analyze large data sets, address external and insider threats; lead business impact assessment of largest global retirement plan; and spearhead an initiative to reduce mainframe recovery times from 18 days to hours for critical taxpayer submissions processes

 Mr. Smith is a graduate of the Fletcher School at Tufts University in cooperation with Harvard, where he studied International Security and International Business after receiving a BS in Chemistry from Morehouse College. He is also a graduate of the Boardroom Bound(r) Boardology(tm) Institute. Before joining Deloitte, he worked for several organizations,  including Booz Allen Hamilton, Zeltech, the RAND Corporation, Lockheed Martin, and others. These experiences gave him exposure to counterterrorism, homeland security, intelligence, and information management.

Ryan Spelman

CyberClarity360, division of Duff & Phelps

Ryan Spelman is a Senior Manager in the firm's Legal Management Consulting practice and focuses on CyberClarity360(tm), a ground-breaking solution that helps organizations understand and manage their exposure to supply chain cyber risk through a fully transparent scoring system. Ryan has over a decade of senior management experience in homeland security and cyber security.  Ryan joined the firm from the Center for Internet Security (CIS). At CIS Ryan was a Senior Director and the lead for strategic business partnerships, leading negotiations with major insurance companies and associations to endorse the CIS Controls as a recognized risk reducer.  Additionally, he oversaw the creation of risk assessment software at CIS that is being used by insurance companies to underwrite thousands of local governments across the country. He is certified in the CIS Controls.   Previously, Ryan was the Director of the New York State Senate Committee on Veterans', Homeland Security and Military Affairs.  While serving as Committee Director, Ryan led and advised state legislators in developing statewide policies and legislation pertaining to homeland security and veterans, established the Homeland Security Business Roundtable, and represented the State Senate on the development of legislation that established New York State's Division of Homeland Security and Emergency Services (DHSES). Prior to that he worked at the New York State Office of Homeland Security on the Weapons of Mass Destruction Task Force, the United States House of Representatives and the Suffolk County Office of Emergency Management. 

Shashi Talya

Haliburton

Shashi Talya is the Global Product Manager for Drilling Automation at Halliburton and is responsible for the drilling automation product portfolio.  Prior to this, Shashi held various technology leadership roles in Halliburton focused on drilling technologies.  Before Halliburton, Shashi's has worked in the energy, healthcare and aviation industries.  Shashi has over 20 years of technology and product leadership experience.  He holds a B.Tech. (BS) and PhD in Mechanical Engineering.

Mike Tornincasa

Rubrik

Mike Tornincasa is the spirit and energy of Rubrik. Currently the GM of Rubrik X, he was Rubrik's first sales hire 6 years ago. He launched and led Rubrik's worldwide sales initiative as employee 24, quickly recruiting a team of 170+ people. Mike has risen through the ranks as one of the most intelligent, innovative and charismatic leaders at Rubrik. 

Joseph Weiss

Joseph Weiss is an industry expert on control systems and electronic security of control systems, with more than 40 years of experience in the energy industry. Mr. Weiss spent more than 14 years at the Electric Power Research Institute (EPRI), the first 5 years managing the Nuclear Instrumentation and Diagnostics Program. He was responsible for developing many utility industry security primers and implementation guidelines. He was also the EPRI Exploratory Research lead on instrumentation, controls, and communications. Mr. Weiss serves as a member of numerous organizations related to control system security. He served as the Task Force Lead for review of information security impacts on IEEE standards. He is also a Director on ISA's Standards and Practices Board.