Panel 1: Building a Security Culture
Aaron Bedra is Chief Security Officer at Eligible, where he works to protect sensitive healthcare information. He is the creator of Repsheet, an open source threat intelligence framework. He has spoken around the world on software, security, and leadership, and he is the co-author of Programming Clojure, 2nd Edition.
John Downey is the Security Lead at Braintree, a company that provides development tools and support to help businesses accept payments online. He has worked on Braintree’s highly available infrastructure and integrations into the banking system. In his free time, he contributes to open source projects and mentors high school students in the FIRST Robotics Competition.
Arlan McMillan is the Chief Information Security Officer and HIPAA Security Officer for United Airlines. He has over 20 years of experience in information technology and security. Prior to joining United, he was the CISO and HIPAA Security Officer for the City of Chicago, and he previously led global teams delivering security services to Fortune 500 companies in roles such as the head of Symantec’s MSSP Global Analysis group and Global Head of Information Security Operations for ABN AMRO, LaSalle Bank. He is the current FBI-InfraGard Chicago Area Transportation Security Chief and was recognized as the 2014 “CISO of the Year” by the members of the ISSA, AITP, and FBI-InfraGard chapters.
Marc Varner is Corporate Vice President and Global Chief Information Security Officer for McDonald’s Corporation. In this role, he has responsibility for the protection of the company’s information assets, as well as the strategy and implementation of all identity and access management systems for the worldwide organization. He has more than 20 years of experience in the technical, operational, and program management aspects of information security, privacy, and architecture. Prior to his current position, he led security and architecture functions in the professional services industry at Deloitte Global, and Navigant Consulting, as well as in the financial services sector with Discover Financial/Morgan Stanley. He also worked at Arthur Andersen, where he directed the development of the firm’s information security program in the EMEIA region.
Panel 2: Integrating Security into the Development Pipeline
Michael Allen is the Chief Information Security Officer for Morningstar. He is responsible for setting enterprise security strategy, software and product security, and disaster recovery. Recently, his efforts have focused on rugged DevOps, the cloud, and integrating security methodologies into the software development lifecycle. He has more than 15 years of experience in information technology for the finance, banking, start-up, education, and telecommunications sectors. He holds the Certified Information Systems Security Professional (CISSP) designation and is part of the leadership team for the Chicago OWASP Chapter.
Matt Konda is the Founder and Chief Executive Officer of Jemurai and Chair of the OWASP Global Board of Directors. He is experienced building application security programs and delivering secure development training, application penetration testing, secure code review, security unit tests, and automation to inject security into the software development lifecycle. He is the project leader for the OWASP Pipeline project, which seeks to be the glue that ties security tools into the development process. At Jemurai, he is bringing together security pros and developers to solve security challenges in positive, fun, and creative new ways.
Alex Lock is a Senior Software Engineer on the Application Security team at Groupon. There, he is spearheading the efforts to inject static code analysis into the development lifecycle. He is the creator and primary author of Codeburner, and the co-author of OWASP Pipeline, both of which are open source tools developed to help aggregate and triage static analysis results as part of a continuous integration process. Prior to joining the security team at Groupon, he led the company’s production systems engineering group. Before joining Groupon, he worked as a Systems Architect and Engineer at companies including Orbitz, Wireless Generation, and Earthlink/Mindspring.
Lyle Sudin is a Manager in the Mandiant Consulting Services division of FireEye. He has more than 15 years of experience in cybersecurity, working for Mandiant, HERE (formerly Nokia/NAVTEQ), and BBN Technologies. He recently joined Mandiant, where he focuses on strategic security consulting, security program buildout, and incident response. At HERE, he ran over 100 application security project reviews, built a program to include security into the software development lifecycle, and helped to achieve ISO 27001 certification. He spent 12 years at BBN, culminating in running his own cybersecurity R&D projects as a Principal Investigator.
Panel 3: Considering Security When Working with Third Parties
Erin Jacobs is a Founding Partner at Urbane Security, a vendor-agnostic information security services firm focused on providing innovative defense, sophisticated offense, and refined compliance services. As a former CIO and CSO, she brings more than 15 years of consulting and c-level management experience to managing Urbane’s compliance and strategic advisory delivery teams. She and her teams work with all levels of client organizations to implement solutions for securely driving their businesses forward. She has presented at Black Hat, SOURCE Boston, Cloud Expo, SOURCE Barcelona, and several Security BSides events. She is passionate about fostering collaboration between the CSOs and practitioners that oversee day-to-day security challenges and the security research community.
Jeff Jarmoc is a Lead Product Security Engineer at Salesforce. In this role, he works to ensure that the security and privacy of customer information is maintained throughout Salesforce’s cloud platform. Previously, he worked with Matasano Security (now NCC Group) as a Senior Application Security Consultant, and as a Security Researcher at Dell SecureWorks. He has contributed to several open source security tools. He has presented his original research at several security industry conferences, including Black Hat Europe, Black Hat USA, DEFCON, DerbyCon, 44CON, THOTCON, and others.
Nathan Leong is Corporate Counsel at Microsoft, where he is a trusted advisor in complex cloud computing deals with Fortune 100 global companies and serves as Privacy Subject Matter Co-Lead for North America. He regularly speaks, writes, and advises on global privacy, data protection, information security, cross-border data transfer, healthcare and financial privacy, and export issues in the cloud. He also provides front-line legal support for Microsoft’s multibillion dollar 18-state, U.S. Central Region. He is a national committee chair for the National Asian Pacific American Bar Association, and he co-chairs the Corporate Counsel Committee of CABA-Chicago.
Jon Oberheide is the Co-Founder and Chief Technology Officer of Duo Security, responsible for leading product vision and the Duo Labs advanced research team. Before starting Duo, he was a self-loathing academic, completing his PhD at the University of Michigan in the realm of cloud security. In a prior life, he enjoyed offensive security research and generally hacking the planet. He was recently named to the Forbes “30 under 30” list for his mobile security hijinks.
Panel 4: Recognizing and Addressing Network Security Challenges
Jibran Ilyas is a Director on Stroz Friedberg’s Incident Response Team. He serves as one of the firm’s investigative leads for high-profile data breaches and leverages the experience in the field to the benefit of organizations seeking proactive security services. He has investigated large breaches in the financial, technology, and retail sectors. As a thought leader, he has presented on the topics of computer forensics and cybercrime at several global security conferences, including DEFCON, Black Hat USA, THOTCON, Microsoft Digital Crimes Conference, and SOURCE Barcelona. He is also an Adjunct Lecturer at Northwestern University, teaching its first-ever Digital Forensics and Incident Response course.
Nick Percoco is the Chief Information Security Officer at Uptake. Previously, he served as the Vice President at Rapid7, a publicly held security data analytics company. He co-founded the “I am The Cavalry” movement, a highly regarded grassroots hacker organization that is focused on issues where computer security intersects public safety and human life, and he founded SpiderLabs, the ethical hacking test lab that contributed to Trustwave’s growth. He created THOTCON, a growing annual Chicago hacking conference. He has served as a media spokesperson on CNN, Fox News, CNET, and Forbes.
Sunil Sekhri is a Director in PwC’s Forensic Technology Solutions practice in Chicago, supporting local and global clients in matters addressing internal corporate investigations, accounting fraud, IP theft, data breaches, global Ponzi schemes, and regulatory response. He brings over 16 years of specialized expertise in computer forensics and information security, applying a strong understanding of information technology as it relates to computer forensics, eDiscovery, IT audit, risk management, incident response, cybercrime, and network security. He has led investigations and managed a variety of technical security engagements, including security architecture reviews, security baseline standards development, server configuration reviews, vulnerability assessments, and incident response cases. He holds several certifications, including the EnCase Certified Examiner (EnCE), Certified Computer Examiner (CCE), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), and GIAC Certified Forensic Analyst (GCFA).