Top of Page
 

Advisory Councils

Advisory Council Logo

(ISC)²’s Global Advisory Councils represent a group of senior-level information security professionals in their respective region who advise (ISC)² on industry initiatives, policies, views, standards and concerns. The goals of the advisory councils are to offer deeper insights into the needs of the information security community in each respective region; discuss matters of policy or initiatives that drive professional development; provide feedback on (ISC)² programs, activities and opportunities; and make introductions to influential organizations, bodies, institutions within government and industry with which (ISC)² should engage.

(ISC)² currently enlists the expertise of six advisory councils, including the:


Council Members

  • Asia-Pacific Advisory Council (APAC) Asia-Pacific Advisory Council (APAC)
    CHAIR: Dr. Jae-Woo Lee, Fellow of (ISC)², CCFP-KR, CISA, CISM (Korea)

    Chair Professor, Graduate School of International Affairs and Information, Dongguk University

    Dr. Jae Woo Lee is Chair Professor at Dongguk University, and president of the Cyber Forensic Professional Association Korea. He is also chairperson of the (ISC)² APAC and Advisory Board of CISO Association in Seoul. Following his retirement from his position as a major general in the Korean Air Force, Dr Lee pursued his career in the information security profession. He was the first president of the Korean Information Security Agency and an organizer of the Korean National Computerization Agency. He holds a Master of Science degree in systems management from the University of Southern California, U.S.A. and a doctorate degree from Konkuk University in Korea.

    Prinya Hom-anek, CISSP, CSSLP, SSCP, SANS GIAC GCFW, CGEIT, CRISC, CISA, CISM (Thailand)

    President & Founder, ACIS Professional Center

    Mr. Prinya Hom-anek has over 20 years of experience in IT and information security, network and data communications, Internet and network security, information security, fraud and forensic investigation, penetration testing, ISMS, and generic information security consulting in both the public and private sectors. He is recognized as one of Asia-Pacific's leading information security professionals. Mr. Hom-anek founded and serves as the president for the most successful information security training, consulting, and managed security services provider in Thailand - "ACIS Professional Center" or "ACIS". He is also a senior IT and information security consultant for Thailand's government departments and agencies, including the Revenue Department, Ministry of Finance, Department of Special Investigation, Ministry of Justice, National Intelligence Agency, Bank of Thailand and several major banks in Thailand, Metropolitan Waterworks Authority, the Government Pension Fund, National Electronics and Computer Technology Center (NECTEC), and Software Park Thailand, National Science and Technology Development Agency (NSTDA). He currently serves as a senior committee member on various boards, including the (ISC)² Asian Advisory Board, the ISACA Thailand committee, and as secretary of the Thailand Information Security Association (TISA) committee. He has published over 130 information security articles in magazines and newspapers such as eEnterprise, eLeader, Telecom Journal, Thairath, DailyNews, The Nation, and Bangkok Post. He is frequently invited to appear on TV and radio programs and is a visiting lecturer at a number of universities and colleges within Thailand.

    Haruto Kitano, CISSP, JGISP (Japan)

    Senior Manager, Deliotte Tohmatsu Risk Services Co, Ltd.

    Mr. Haruto Kitano is currently senior manager and consultant for Deloitte Tohmatsu Risk Services Co., Ltd. His consulting is focused on security and risk management governance, database security, identity management, regulatory compliance, and privacy. He is currently a committee member of the Database Security Consortium in Japan and a member of (ISC)² Asia-Pacifc Advisory Council. Mr. Kitano has been a vocal professional within the IT security industry in Japan and previously worked as a Telecom and internet networking engineer for 10 years, and at Oracle for 11 years specializing in Database Security and Identity Management. He earned his Master of Informatics from the Institute of Information Security (IISEC), the first Japanese graduate school specializing in information security, where he is researched security management and information protection against internal threat.

    Dr. Melvyn Kuan (Singapore)

    Assistant Director (Ecosystem Development), Cyber Security Agency of Singapore

    Dr. Melvyn Kuan is currently Assistant Director (Ecosystem Development) at the Cyber Security Agency of Singapore (CSA) where he is responsible for professional workforce development planning and programmes. Prior to the CSA, he was Head of Strategy and Digital Economy at the National Research Foundation where he was responsible for the priority setting of research areas and capability development and the development of the Services and Digital Economy R&D strategy. Dr Kuan has also served in various capacities in the former Infocomm Development Authority (IDA) such as the Technology and Planning Group and the Smart Cities Programme Office. Before joining the former IDA, he was pursuing his PhD and was a Teaching Assistant at the Department of Information Systems, National University of Singapore. His work has been published in journals such as Information & Management and Behaviour and Information Technology and; leading Information Systems conferences such as International Conference on Information Systems (ICIS), European Conference on Information Systems (ECIS) and Pacific Asia Conference on Information Systems (PACIS).

    Dr. Jill Slay, PhD, FACS, CP, MIEEE, Fellow of (ISC)², CISSP, CCFP (Australia)

    Professor, Director Australian Centre for Cyber Security, University of New South Wales

    Professor Jill Slay is Director of the Australian Centre for Cyber Security at UNSW Canberra @ ADFA. With long-term funding allocated, this centre is developing critical mass in cross-disciplinary research and teaching in Cyber Security to serve the Australian Government and Defence Force and help strengthen the Digital Economy. She has established an international research reputation in cyber security and has worked in collaboration with many industrial partners. She was made a Member of the Order of Australia (AM) for service to the information technology industry through contributions in the areas of forensic computer science, security, protection of infrastructure and cyber-terrorism. She was made a Fellow of the International Information Systems Security Certification Consortium for her service to the information security industry (and holds their CISSP and CCFP certifications). She has published one book and more than 92 refereed book chapters, journal articles or research papers in information assurance, critical infrastructure protection, security and forensic computing in the last 10 years. She has completed the supervision of 16 PhDs and has been awarded over AUD2 million in Australian Government Category 1 research income, including a Future Fellowship, and AUD 0.5 million in other grants.

    SC Leung, CISSP, CISA, CBCP (Hong Kong)

    Centre Manager, Hong Kong Computer Emergency Response Team Coordination Centre

    Mr. SC Leung is currently the Senior Consultant of the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), supervising the security incident response team and coordinating with local and overseas parties. He has over 20 years of working experience serving banking, Internet solution provider, telecommunication and the consultancy industries. SC Leung holds several information security designations including CISSP, CISA and CBCP. He is a frequent speaker in promoting information security awareness. He had been invited to speak for Hong Kong Monetary Authority, Hong Kong Police Force, Government departments, enterprises, schools and local non-governmental organizations, while he had also spoken in overseas conferences of the (ISC)², APECTEL, CNCERT/CC of China and National University of Singapore. He was given by (ISC)² the President’s Award in 2013 and the Asia-Pacific Information Security Leadership Achievement honouree in 2007 for his voluntary work and product neutral security awareness education to the public. He was the founding member of the Internet Society, Cloud Security Alliance Hong Kong and Macau Chapter and the Professional Information Security Association and had held key positions in these organizations.

    Wansuck Yi, CISSP (Korea)

    Director, Infrastructure Protection Division, Korea Internet & Security Agency

    Wan S. Yi is a director, Infrastructure Protection Division in Korea Internet and Security Agency (KISA). He received BS degree in Computer Science from Virginia Polytechnic Institute and State University in US. He also received MS degree in information security from Dongguk University and Ph.D. in computer engineering from SungKyunKwan University in Korea. Since 2014, he is an adjunct professor at SungKyunKwan University. He served in a variety of important career building assignments including Director of IT Security Planning Team, IT Security Evaluation Team, IT Service Security Team and CIP Team. Finally, he served as the VP of Internet Incident Prevention Division and International Cooperation Group. Before joining KISA, he worked for Hyundai Information Technology, LTD. During his military service, he was an Aide de Camp for Deputy Commander in Chief, ROK/US Combined Forces Command. He retired from service in 1994 as a Korean Air Force lieutenant. His award includes two ROK/US CFC DCINC Awards (1993, 1994), US Army Achievement medal (1993) and commendation Medal (1993), National Intelligence Service Award (2000), ISC² ISLA (2008), ISC² Presidential Award (2008), Minister of Public Affairs and Security Award (2009), and ROK President Award (2012).

    Dr. Kamlesh Bajaj, Ph D (India)

    Mentor Professor, NIIT University

    Dr. Kamlesh Bajaj holds a Ph.D. (Physics) from McMaster University, Canada; and a Masters degree in Physics from the University of Delhi. He is a Fellow of the National Academy of Sciences (FNASc), and a Fellow of the Institution of Electronics Engineers (FIETE). He is also a Distinguished Fellow, EastWest Institute, New York. Dr. Bajaj was the Founder CEO of Data Security Council of India – an industry initiative - in cyber security and data privacy. At DSCI, Dr. Bajaj guided the development of best practices Frameworks for data security and privacy protection. He has served on various Government Committees on cyber security, privacy and ICT, and contributed to the activities of global bodies like OECD and EWI. He was also the Founder Director of the Indian Computer Emergency Response Team (CERT-In); he directed the cyber security initiatives in the government. He has published and lectured extensively on the IT Act 2000, cyber security and cyber crimes, privacy and data protection, Internet governance, e-commerce, digital signatures, in national and international journals and conferences. He has authored two books, and co-authored two books. Dr Bajaj also helped set up the techno-legal infrastructure for PKI in the country. He also served as Global Head, Information Risk Management Consulting Practice, Tata Consultancy Services.

  • Europe Middle East and Africa Advisory Council (EAC) Europe Middle East and Africa Advisory Council (EAC)
    CO-CHAIR: Dr. Yiannis Pavlosoglou, PhD, CISSP

    Dr Yiannis Pavlosoglou is currently the Strategic Change Manager for Operational Resilience at global financial services firm UBS, where he is responsible for shaping and implementing the strategy in areas such as the service catalogue and target operating model. He is currently Co-chair of the (ISC)² EMEA Advisory Council. Prior to UBS, Yiannis has held positions in organisations such as Verizon and Ounce Labs. As well as having a PhD in Information Security and a CISSP certification, Yiannis’ career and expertise spans several disciplines, from penetration testing, to teaching developers how to write code, designing routing protocols for ad-hoc networks, and also assisting in large scale financial platforms to ensure that they are secure. Yiannis has also held the chair of the Global Industry Committee for the Open Web Application Security Project (OWASP) leading a number of projects within that space.

    CO-CHAIR: Yves Le Roux, CISSP, CISM

    After his graduation from Paris University in 1970, Yves Le Roux worked in the Rothschild Group where, among others tasks, he was in charge of the network security and other security related issues. In 1981, he joined the French Ministry of Industry where he was in charge of the Open Systems Standardization programs. In 1986, he took the position of European Information Security Manager at Digital Equipment. Then, he joined the security research and development team. In 1999, he went to Entrust Technologies, PKI software editor. In 2003, Yves joined Computer Associates Int. as a Technology Strategist. He has co-authored three books on security. He is a lecturer at ISEP (Paris Graduate Engineering School) and spoke in many conferences (e.g. SecureCloud 2012, Insights 2013, ISSE 2013, IAPP Europe 2013, EUROCACS/ISRM 2014).

    Geoff Harris, CISSP, CCP SIRA , ITPC, B.Sc. (Hons), Dip(EE), CEng

    Geoff Harris is the CEO of Alderbridge, providing specialist information security consulting and recruitment services. Alderbridge has worked with over 30,000 professionals since its formation in 1997 and has contributed to the 2013 Global Information Security Workforce Study. Geoff Harris is a Director on the International Board of the Information Systems Security Association (ISSA), was one of the founding members of ISSA-UK in 2003 and the ISSA-UK President from 2007 – 2010. Geoff is a member of many leading security executive advisory boards, all helping to develop the cyber security profession globally. Geoff has served on the (ISC)² European Advisory Board since 2011.In 2013, Geoff co-authored a report commissioned by e-skills UK “Career Analysis into Cyber Security: New & Evolving Occupations.” Geoff is an adviser to the ISSA Cybersecurity Career Lifecycle and Information Cybersecurity Consortium Education & Professional Development programmes. With a background in secure military communications systems; Geoff is a UK CLAS (CESG Listed Adviser Scheme) consultant and provides information security professional services to HMG and private sector organisations.

    Dr. Christopher Laing, CISSP

    Dr. Christopher Laing is a Teaching Fellow [Research Informed Learning] and Digital Security Researcher at Northumbria University. He also acts as an Information Security Risk Management Consultant for the European Network & Information Security Agency, and was one of the founders of GCHQ/EPSRC CyberSecurity Research Institute. He holds a PhD in Secure Decision Making from the University of Bristol and is a Fellow of the IET, and a Senior Fellow of the Higher Education Academy. His research focuses on emergent complex behaviour in information infrastructures, with a particular interest in the security threats to, and vulnerabilities that exist within Industrial Control Systems.

    Bola Rotibi

    Bola Rotibi Research Director at Creative Intellect Consulting, has over 22 years of industry experience spanning engineering, software development and IT analysis. She is a highly experienced analyst focused on software development technologies, applications, processes and market trends. In 2008 and 2009 Bola Rotibi was voted one of the top three analysts covering the software development and delivery market and industry by the influential IIAR (Institute of Industry Analyst Relations) group. Over the years as an analyst, Bola has built an extensive portfolio of authored, in-depth product review/evaluations, technology reviews, strategy reports and competitive analysis reports. Bola’s technology expertise include, Security Software development (technologies, product and processes), in particular, Application lifecycle management strategies for a variety of platforms (Mobile, Server, Desktop, Web etc.); software modelling, testing and performance. Other areas of expertise include Web 2.0 and Rich Interactive/Internet Applications; Mobile applications and device platforms and IT sourcing for software development projects; enterprise architecture, IT Governance and business management and embedded systems development. Bola has authored a number of reports that have particularly focused on User Centric Services and Applications within the connected environment. Bola is regularly sought after to provide input into and drive vendor and product selection decision processes. She has acted as an advisor to many leading IT providers.

    Paco "Brian" Hope, CISSP, CSSLP

    Principal Consultant at Cigital, Paco Hope is a Principal Consultant in Cigital's London office and is a recognised expert in the field of software security. He has worked with many of the world’s leading organisations to help them create secure software. His experience spans mobile operating systems, lottery systems, trading platforms, online retail, and online poker. While at Cigital he has also participated in the Building Security In Maturity Model (BSIMM), helping to firms to measure and better understand security in their software lifecycle. He is the author of two security books, a frequent conference speaker, and a regular online author.

    Peter Drabwell, CISSP, ISSAP, CISA

    Peter Drabwell is Senior Analyst - IT Risk Planning & Assessment at Credit Suisse. Peter is recognized as a qualified security expert with experience working in global organisations, telecommunications networks, and the finance sector. The scope of his work includes e-commerce, global standards, cross border, compliance, audit, risk analysis and business oriented IT security solutions. He played an active role in the infrastructure integration efforts following the purchases of ABN AMRO by the consortium of RBS/Fortis/Santander and the purchase of Prime Fund Solutions from ABN AMRO/Fortis by Credit Suisse. He is also vice-president of the ISACA London Chapter. On the EAB, Peter Drabwell is keen to work on redressing the skills gap in information security, and to work with other professional bodies on areas of mutual benefit.

    Sofiane Chafai, CISSP

    Sofiane Chafai is Managing Director of MFC Advisory, a consultancy based in Algeria led by former CIO’s and CISO’s with more than 20 years of experience working within global companies. Previously, Sofiane was IT Risk Assurance Manager at Ernst & Young Algeria, CISSP, CISA and Prince2 certified, (ISC)² and ISACA active member, charter member of the Algeria Information Security Association. Information Security expert with over 15 years’ experience in managing ICT and Security project, system implementation, security program and business continuity management for a large international companies in Middle East and North Africa in Banking, Telecom, Government services, Oil & gas industries. The scope of his work includes governance, risk management, compliance, audit and business resilience, contributor to numerous magazines and speaker in international conferences.

    Tamer Gamali, CISSP, CISA

    Tamer Gamali currently heads up the Group Technology Risk and Business Continuity Management function for Kuwait Finance House (KFH). Prior to joining KFH, Tamer was the Group CISO at the National Bank of Kuwait responsible for ensuring the security of information systems and services, as well as the integrity and confidentiality of customer and employee information. Tamer also managed the corporate security function for the Group. Previous to this, Tamer was head of security services for KPMG. He joined the Middle East practice from London to help define and establish one of the first security practices in the Middle East. Tamer also sits on the advisory board of several companies operating in the IT Governance and Certification sectors. He is the President and co-founder of the (ISC)² chapter in Kuwait, and an executive member of the US OSAC (Overseas Security Advisory Committee) for the US Embassy in Kuwait. Previously, Tamer was a security specialist for Intel Corporation working in the online services division supporting global blue chip companies. With 19 years of experience in Information Security, Tamar is both a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Auditor (CISA). He graduated from Sussex University (UK), and earned an MSc with distinction in advanced systems from Kingston University (UK).

    Rainer Rehm, CISSP, CISM

    Rainer Rehm is Information Security Officer Security Architectat MAN, where he is responsible for the management of the Information Security Office and Information Security Management Systems. Mr. Rehm is one of the founding members of The (ISC)² Chapter Germany, which has local groups active in Düsseldorf, Berlin and Munich and is a member of the Alliance for Cybersecurity, an initiative from BSI and Bitkom. Mr. Rehm is an official (ISC)² instructor and also regularly contributes to the development and maintenance of the (ISC)² CBK, a compendium of cyber, information, software and infrastructure security topics that underpin (ISC)²’s credentials. He previously held a senior post in information security with Nokia Siemens Networks, and worked as a consultant serving international clients with CompuServe and Softlab. In addition, he teaches information security and data protection at German adult education centers in in Munich. He studied information technology at the University of Munich.

  • Latin America Advisory Council (LAAC) Latin America Advisory Council (LAAC)
    CHAIR: Kleber Candido de Melo, CISSP (Brazil)

    Founder and Senior Consultant, KCMelo Consulting

    Kleber Melo has 27 years of experience in IT, Information Security, Business Continuity and Fraud Prevention leading local and regional multidisciplinary teams of employees, contractors and suppliers. He provided strategic support for secure development of new products, providing enterprise solutions for information protection, vulnerability assessment, encryption, server hardening policy, forensic, ethical hacking, security architecture, card encryption solutions and polices. Project management experience, leading national and international teams to select and deploy information security solutions. Knower of infrastructure technologies (firewall, proxy, identity management, DLP, behavior score, adaptive authentication, web filter, HSM encryption, cloud, etc.), security management and systems development controls. Conference speaker and College professor since 1999 CISSP certified since 2003, serving ISC² as Co-Chair for LA Advisory Board since the program started, and as ISLA judge in 2011 and 2013. Career path started at IBM and followed by Sudameris, HSBC and Original Banks in Brasil as CSO. Founder of KCMelo Consulting in 2011 providing security consulting service to brazilian market. English and Spanish fluently Native Portuguese.

    CO-CHAIR: Gerardo Castillo, CISSP (Costa Rica)

    IT Infrastructure Manager for Latin America, National Instruments Costa Rica

    Seasoned Information Security professional with close to 9 years of international experience managing IT, Information Security, and Business Continuity programmes over a broad variety of industries. Proven experience implementing and operating world-class IT processes that focus on end-to-end service delivery, customer satisfaction, vendor management, and risk management. Currently Gerardo is the Latin-American IT Infrastructure Manager for National Instruments from this position he is influencing change to ensure Information Security best practices are adopted. Gerardo holds a Bachelor's Degree in Electronics Engineering from the Instituto Tecnológico de Costa Rica and a Master’s Degree in Information Technology Management from the Universidad Nacional. He has been a Certified Information Systems Security Professional (CISSP) since 2007 and a Certified Business Continuity Professional since 2008.

    Gabriel Bergel, CISSP, CISM (Chile)

    Head of IT Security, ING

    Gabriel Bergel is currently head of IT security for ING in Chile with nine years of experience in the information security field. His experience includes: consulting; project management; security engineering; and information security leadership. He is also founder and organizer of the 8.8 Computer Security Conference, founding member and current President of the ISSA Chile Chapter, member of the Academic Committee of Segurinfo Chile, and member of the board of CSA Chile. He has conducted information security courses, speeches, workshops and forums in different institutions, universities and events in Chile and throughout Latin America.

    Daniel Diniz, CISSP (Brazil)

    Information Security Officer, MAC

    Daniel Diniz has worked in information security, auditing and related disciplines for the Brazilian government and within the Brazilian information technology services sector for more than 15 years. He is currently information security officer at an engineering & construction company. He is part of the pioneering group of Brazilian CISSPs. He is a member of the (ISC)2 Latin American Advisory Board and volunteers as the head of Safe and Secure Online (SSO) Program committee in Brazil. Daniel is working hard to bring the SSO to his country to benefit Brazilian children and teens using the Internet.

    Geraldo Fonseca, CISSP (Brazil)

    Corporate Information Security Officer, ONS

    Geraldo Fonseca has 10+ years of experience as an Information Security Manager, working for such industries as energy, manufacturing, insurance and government. He holds a major degree in Computer Sciences in Catholic University of Rio de Janeiro (PUC-RJ) and has been a CISSP since 2008.

    Walmir Freitas, CISSP (Brazil)

    Managing Director, Accenture

    Walmir Freitas is currently Managing Director at Accenture with over 20 years of experience in Information Technology, including 18 years in Information Security, IT Governance, IT Auditing and Risk Management in Brazil and a global intra-company assignment to North America. Extensive experience in Consulting Services, including over 14 years in Deloitte and close to two years in EY. He was also CISO in Fidelity information Services (FIS) and IT Auditing and Internal Controls for Brazilian Mercantile & Futures Exchange (BM&F). Walmir holds the CISSP credential for over 15 years. Additionally, he holds other relevant certifications in the field of information security.

    Jefferson Gutierrez, CISSP (Colombia)

    Manager, Risk Consulting, KPMG Advisory Services Ltda

    Jefferson Gutierrez is currently in charge of the Information Protection Advisory Services for KPMG’s practice in Colombia, where he is responsible for overseeing information security engagements, including vulnerability assessments, risk analysis, security audits, secure infrastructure design, forensic analysis and corporate policy review & development. He is a professional focused on risk management and information security governance with hands-on experience in risk analysis, security audits, corporate policy review & development, information security architecture review and design, vulnerability assessments, ethical hacking and ISO/IEC 17799:2005 compliance engagements.

    Nelson Novaes, CISSP, CISM, CBCP, ITIL, MBA (Brazil)

    Superintendent, Holding Itaú Unibanco S.A

    Nelson Novaes Neto is an entrepreneur, engineer, holds postgraduate in InfoSec by University of São Paulo, MBA by FGV and Master’s degree in Experimental Psychology by PUC/SP. He has broad experience in internet industry, product development, internet security and research. He also has several international certifications. He is a superintendent at Holding Itaú Unibanco S.A, the largest financial conglomerate in LATAM and present in more than 25 countries. For over a decade, Novaes was CSO of UOL Group, the biggest online service and Internet service provider in LATAM.

    Ramiro Rodrigues, CISSP (Brazil)

    Chief Information Security Officer, Experian Latin America

    Ramiro Rodrigues is the Chief Security Officer for Experian Serasa Latin America. Formerly Chief Information Security Officer at DocuSign Latin America also former Chief Security Officer for BT- British Telecom Latin America. With more than 15 years of experience in risk management, compliance, internal controls, cyber security and corporate security. Experience in information security with managerial and hands-on expertise in security technologies, process, policies and architecture to protect complex business digital assets. Responsible for the overall company security and risk posture – both internally as well as customers facing by creating value and delivering trust to online business

    Ezequiel M. Sallis, CISSP, CEH, MBCI, QCS (Argentina)

    Senior In formation Security Specialist, Root-Secure Director

    Ezequiel Sallis is currently a director at Root-Secure, where he is in charge of the research and development, specifically, innovation in education and services orientated on information security. With over 10 years of experience, Mr. Sallis is an instructor for various international certifications in Latin America and has carried out many consultancy projects related to the ISO 27000 family of standards, with the Security Analysis (Vulnerability Assessment, Penetration Test and Ethical Hacking). He is currently Vice President of the ISSA chapter in Buenos Aires Argentina and is co-author of Ethical Hacking - a Methodological Focus for Professionals. He provides free security awareness sessions for school-age children and their families.

  • North America Advisory Council (NAAC) North America Advisory Council (NAAC)
    Diana-Lynn Contesti

    Diana-Lynn Contesti is currently an independent contractor focusing on Security Architecture and Critical Infrastructure and has over thirty years of computer security experience. Previously, Ms. Contesti was the CISO for a Fortune 500 company. Ms. Contesti is the co-author of the first edition of the SSCP Study Guide and has done security presentations globally. She served on the (ISC)2 Board of Directors and during her tenure, she held various positions including Chairperson of the (ISC)2 Board of Directors, Treasurer, Secretary and lead a number of committees. Ms. Contesti played a key role in the implementation of the Women's Scholarship. In January, 2017, Ms. Contesti was named to the Fifty Top Women in Internet Security. She holds multiple certifications including the CISSP, ISSAP, ISSMP, SSCP and CSSLP.

    Trey Ford

    Trey Ford is the Head of Trust at Heroku, a division of Salesforce. Heroku’s Trust organization is responsible for the service reliability engineering and information security of the platform. Over the last 15 years, Ford ran Black Hat events worldwide as General Manager, and provided services ranging from strategy, incident response, product management, PCI QSA and security engineering for a variety for industry leaders including Rapid7, Zynga, McAfee, FishNet Security and WhiteHat Security.

    Erin Jacobs

    Erin Jacobs is the Founding Partner at Urbane Security. A BBS Sysop from the early 90’s turned business major, musician turned DJ, IT geek turned corporate sell-out CIO and that wasn’t challenging enough, so she founded @UrbaneSec in 2009 to conquer Information Security and Compliance with boutique attention to detail, delivery, and talent that organizations desperately need in the technical landscape that we all exist in. Through her work, Erin has established several industry best practices and has presented these at numerous high-profile security conferences, including Black Hat, RSA, HITB and countless smaller events. She is also passionate about fostering collaboration between the C-Suite, practitioners that oversee day-to-day security challenges, and the security research community at large to help them learn from each other and ultimately improve our industry.

    Gurdeep Kaur

    Gurdeep Kaur is the Chief Security Architect for AIG. She is an accomplished information security professional with over 20 years of experience in IT and 15 years of core experience in Enterprise IT Security Management. She served as the President of the (ISC)² New Jersey Chapter from 2012-2015. She is also the member of Cloud Security Alliance Enterprise Advisory Board. She received her Bachelor’s Degree in Electrical Engineering from Delhi College of Engineering in New Delhi, India. She holds multiple certifications including CISSP-ISSAP, CISA and CCSK. Gurdeep firmly believes that in today's digital world, it takes a village to secure a village. She actively collaborates with other security and like-minded organizations, to help raise awareness about cyber security threats among the business users as well as local communities.

    Glenn Leifheit

    Glenn Leifheit is a Senior Security Engineering Program Manager within the Microsoft Information Security and Risk Management (ISRM) organization where he currently leads large cross-company security initiatives. Glenn has over 22 years of experience in technology including software, financial and healthcare industries. Prior to his current role Glenn worked at FICO and was responsible for the build-out of the FICO’s Application Security and PCI programs. Glenn's experience covers providing C-level security guidance, acting as a cross-team business security liaison, driving static code analysis across the enterprise, leading application security and PCI programs, as well as architecture and design of large scale applications and associated infrastructure. Glenn is an advocate for building a strong technology community; he co-founded TechMasters, a Toastmasters club designed to build technical speaker skills within the Toastmasters framework. His passion is connecting technologists with the soft skills they need: public speaking, giving and receiving feedback and asking more informed questions. Glenn is also a past member of the (ISC)2 Application Security Advisory Council (ASAC).

    James McQuiggan

    James R. McQuiggan, CISSP is a Product & Solutions Security Officer for the Siemens Wind Service Americas organization providing strategy and policies for its SCADA products including Incident Handling, Vulnerability Management, and regulatory best practices. With over 15 years working at Siemens, James has supported the multiple energy divisions groups on NERC CIP regulations and other industry security topics. As part of the Americas Information Security team, he managed the global Information Security Awareness program including an Ambassador program across nine divisions utilizing employees from the business to support Information Security policies and awareness. James became a member of (ISC)² in 2008 and has been a volunteer of the Safe and Secure Online Program for the Center for Cyber Education & Safety since 2010. In 2016, he received the (ISC)² President’s Award and was the finalist for the (ISC)² Community Awareness award in 2015. James is also a father of two teenage daughters and continues to make sure they are safe and secure online while using their smartphones and social media.

    Marie Olson

    Marie Olson is the Deputy Chief Privacy Officer for The Boeing Company. Prior to being selected to build the Global Privacy Team for Boeing, Marie was a Sr. Manager in Information Security responsible for Computing & Information Security Policy and Compliance Management. Marie has been with Boeing over 29 years, during which time she has managed a variety of other functions including Government Programs Security Support, Security Quality Assurance, and Vulnerability Assessments. Marie is nationally recognized for her expertise in global regulatory compliance issues, technical and business process safeguarding strategies, and meeting the challenges of balancing enterprise privacy and security issues with business realities. She has presented on a variety of privacy and security topics at industry events and with various organizations and government agencies. Marie holds a Master of Science degree in computer science from Pacific Lutheran University and a Bachelor of Arts degree in mathematics from the University of Washington. She is a Certified Information Privacy Professional (CIPP/US) and a Certified Information Privacy Manager (CIPM). She also holds two internationally-recognized security certifications: Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM). Marie is also currently serving on the International Information Systems Security Certification Consortium (ISC²) Advisory Board of the Americas and is also the Chairperson of the Privacy Special Interest Group for the Information Security Forum (ISF).

  • U.S. Government Advisory Council (USGAC) U.S. Government Advisory Council (USGAC)
    This distinguished group of volunteer advisors provides insight and advice to the (ISC)² executive management team on government policies and programs that affect the cybersecurity profession and on certifications for U.S. cybersecurity professionals. Additionally, it sponsors community outreach initiatives such as the (ISC)² Government Information Security Leadership Awards (GISLAs), the (ISC)² U.S. Government Advisory Council Executive Writers Bureau (GAC EWB) and the CyberSecureGov annual training event.

    The (ISC)² USGAC is one of several (ISC)² advisory councils representing cybersecurity professionals worldwide. Other councils advise on cybersecurity workforce issues specific to North America, Latin America, Europe, Middle East and Africa (EMEA) and Asia-Pacific.

    CHAIR: Wesley Simpson

    (ISC)² Chief Operating Officer

    Mr. Simpson has more than 25 years of business experience including positions in IT, product management, policy and procedure development, budgeting, vendor negotiations, and client development and relationships for Turner Broadcasting System, Delta Airlines, Bank of America, IBM and Fidelity Investments. Mr. Simpson has been responsible for leading the development of IT organizations and global services, while also working in the field of software development and digital asset management for various Fortune 500 companies. As COO, Mr. Simpson oversees the operational aspects of contracts with all business partners, collaborates with the Chief Executive Officer and senior management to support (ISC)² programs and services, and is responsible for the development and implementation of a business template for the regional offices. Mr. Simpson holds a B.S. in Accounting from the University of Massachusetts and various technical certifications.

    CO-CHAIR: Leo F. Scanlon, CISSP

    Deputy CISO, U.S. Department of Health and Human Services (HHS)/HHS Senior Cybersecurity Advisor for the Healthcare Sector

    Mr. Scanlon is the Deputy CISO, U.S. Department of Health and Human Services, and is the agency Senior Cybersecurity Advisor for the Healthcare Sector. Prior to joining HHS, Mr. Scanlon was director of IT security staff and CISO for the U.S. National Archives and Records administration (NARA). In addition to Mr. Scanlon¹s CISO duties, he served as a NARA observer to the Committee on National Security Systems and participated in the Comprehensive National Cybersecurity Initiative (CNCI) Working Group, the Information Security Identity Management Committee (ISIMC) of the CIO Council and the Cloud Computing and Configuration Management Working Group subcommittees of the ISIMC.

    Devon Bryan

    CISSP, CISA, CIPP US/EU, EVP Chief Information Security Officer (CISO), Federal Reserve and Co-Founder and President of International Consortium of Minority Cybersecurity Professionals (ICMCP)

    Devon Bryan is EVP CISO for the Federal Reserve System where he oversees enterprise information security plans, programs and strategies for the FRS. Prior to the FRS, he served as the Global CISO for Fortune 500 leading outsourced payroll provide ADP. Prior to joining ADP in 2011, he served as the Deputy Chief Information Security Officer (CISO) for the Internal Revenue Service (IRS). Devon is Co-Founder & President of the International Consortium of Minority Cybersecurity Professionals (ICMCP), which he launched in an attempt to bridge the ‘great minority cyber divide’ by providing academic scholarships, mentoring and networking programs targeting women and minority cyber security professionals.

    Renee M. Forney, CISSP

    Deputy CIO of Enterprise Operations, Department of Energy

    Mrs. Renee Forney serves as Deputy Chief Information Officer (CIO) for Cybersecurity, where she is responsible for managing the Department of Energy’s (DOE) Enterprise Cybersecurity Program; advising Departmental senior officials on integrating cybersecurity; risk management; and implementing enterprise information resources management across the DOE. Ms. Forney provides executive-level guidance for the interagency on administrative cybersecurity initiatives; including the White House’s Comprehensive National Cybersecurity Initiative, the Defense Industrial Base Sector (for information safeguarding and critical infrastructure protection), and to the Mission Executive Council (for cybersecurity research and development to improve their cybersecurity posture). Prior to DOE, Ms. Forney with the Department of Homeland Security’s (DHS) Executive Director for the Cyber Skills Management Support Initiative, where she was responsible for managing cybersecurity-related projects for the Undersecretary of Management. In this role, she developed the Cyber Management Support Initiative Push Button, which assists hiring managers and HR teams in accurately defining job descriptions for cyber professionals. In conjunction with the Push Button initiative, her efforts were instrumental in developing the Federal Cyber Security Workforce Strategy Plan. Ms. Forney also served as the Branch Chief for the General Services Administration’s (GSA) Business Intelligence Division and led the digital information efforts for the U.S. Presidential Transition Team. Ms. Forney also held a variety of information assurance and technology roles in the private sector, including Division Program Manager for Unisys, and Senior Security Analyst for Telos. Ms. Forney holds a Bachelor of Science from DeVry University and a Master of Science in Engineering Management from George Washington University. She has over 20 years of private and public information technology and program management leadership experience.

    Peter Gouldmann, PMP, CISSP, CISM

    Enterprise Risk Officer for Cyber, Bureau of Information Resource Management, U.S. Department of State

    Mr. Peter Gouldmann is the first Enterprise Risk Officer for Cyber at the U. S. Department of State. In this role he advised executive leadership on risk decisions while developing and directing the implementation of risk management strategies. In previous roles he directed staff responsible for IT security compliance and regulatory reporting, and managed a global, multi-agency IT and IT support consolidation project. He also worked at Thomson Prometric, as Director of Quality and Security, and as Director of Candidate Care.

    Pete's 30+ years of IT and information security experience includes positions in public, private, domestic and global organizations and the United States Air Force. In addition to industry certifications, he holds a Masters Degree in Information Management, a Bachelor of Science in Management, and is a distinguished graduate of the National Defense University's Advanced Management Program.

    Pete is an expert in, often speaks and writes about information risk management. He has co-chaired the Committee on National Security Systems Permanent Subcommittee and the (ISC)² Government Advisory Council. He was a member of the NIST Joint Taskforce Transformation Initiative Interagency Working Group producing the major 800 series Special Publications for information security and risk management and is an Assistant Adjunct Professor teaching cybersecurity for the University of Maryland University College.

    Stephanie L. Keith, CISSP

    Chief, Cyber Workforce Strategy & Policy Division, Department of Defense

    Stephanie Keith has over 25 years of government and industry experience specializing in workforce and cybersecurity. Ms. Keith currently serves as the Chief of the Cyber Workforce Strategy & Policy Division for the DoD Chief Information Officer. In this role she is responsible for leading change for the DoD cyber workforce, enabling enterprise level advancements in recruitment, training, and retention. Previously Ms. Keith worked at Defense Information Systems Agency (DISA), providing cybersecurity technical policy support and guidance. She also worked as a Defense contractor providing information security communications, engineering management, and information assurance engineering. Ms. Keith spent three years in the commercial sector on cybersecurity assessment teams evaluating medical and financial institutions. Additionally, she worked as a system security engineer and an information systems security manager in the intelligence community. Ms. Keith launched her career as an active duty service member in the US Army, working in the military intelligence field. Ms. Keith’s is a Certified Information Systems Security Professional (CISSP) and has a Bachelor’s degree with a concentration in psychology from the University of Mary Washington.

    Patrick J. Kelly (PJ), CISSP

    Lecturer, George Washington University

    Patrick J. Kelly is a Critical Infrastructure Policy Analyst at the Office of the Comptroller of the Currency. Prior to joining the OCC, Mr. Kelly was the Senior Official for Privacy and Information Security Branch Chief at the Office of Inspector General for the Department of Health and Human and served as an operations and payment systems analyst at the Board of Governors of the Federal Reserve System. Mr. Kelly is a Lecturer in the Department of Computer Science and a Senior Research Associate in the Cyber Security Policy and Research Institute at George Washington University. Additionally, he is a member of the (ISC)² U.S. Government Advisory Council for Cyber Security and is a contributing author for the (ISC)² HealthCare Information Security and Privacy Practitioners (HCISPP) certification guide. Mr. Kelly attended George Washington University where he was a recipient of the CyberCorps: Scholarship for Service through the National Science Foundation and earned a Masters of Public Policy.

    Shaun Khalfan, CISSP, CEH, Security+, GISP

    Chief Systems Security Officer, Department of Homeland Security, U.S. Customs and Border Protection

    Shaun serves as the Chief Systems Security Officer and senior cybersecurity executive for the largest law enforcement agency in the country, U.S. Customs and Border Protection (CBP). He leads the development and execution of cybersecurity strategy and is responsible for aligning security initiatives with enterprise programs and business objectives, ensuring that systems and information are adequately protected. Prior to joining CBP, Shaun served as the Director of Cybersecurity and Infrastructure with the Department of the Navy (DON) Chief Information Office. He led a team of senior DoD civilians and military officers to deliver strategy, governance, policy, and oversight of Department of the Navy cybersecurity initiatives, to include assessment and authorization, mobility and cloud security, risk management, identity management and cybersecurity strategies. Enabling this consisted of leading efforts within the DON such as computer network defense design and architecture, continuous monitoring, insider threat, and other cyber initiatives across the department. He previously served as the Program Information Security Manager with the Defense Logistics Agency, Defense Information System for Security Acquisition. He developed and led a comprehensive information security program which drove the cyber acquisition strategy, architecture, requirements, policies, and processes for the program. Additionally, he managed the cost, scope, and schedule of specific systems and components within the family of systems and coordinated with stakeholders to develop requirements and deliver solutions. Prior to this, he was the Enterprise Security Operations Manager with the Navy's Military Sealift Command. He led the command’s Network Security Operations Center and managed multiple information security projects. Shaun has successfully led multiple cyber initiatives within the Defense Department and private sector, serves as an advisor on federal technology committees, is a fellow with the American Council for Technology, and an adjunct professor at George Washington University. Shaun received his MBA from George Washington University and is a graduate of the University of Maryland. He is also a Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), DAWIA Acquisition Level III in Information Technology, and a graduate of the DoD Executive Leadership Development Program.

    Christopher Lowe, CISSP, PMP, SES

    Chief Information Security Officer, U.S. Department of Agriculture

    Christopher Lowe was named Chief Information Security Officer (CISO) for USDA in September, 2012. In his role, he leads all aspects of cybersecurity for the entire US Department of Agriculture. Mr. Lowe joined the Office of the CIO in 2009 as the Associate CIO for Security Operations. He provides executive leadership in security operations, compliance, architecture, and risk management, and is responsible for securing USDA networks and systems by collecting, analyzing, integrating and sharing information among the USDA component services. Mr. Lowe coordinates cyber-security situational awareness, resources, and reporting for USDA organizations and personnel in order to protect USDA programs, information and assets. Prior to OCIO, he was the Senior Agency Information Security Officer and the Associate CIO for Infrastructure and Operations at USDA’s Food Safety and Inspection Service (FSIS). He joined FSIS in late 2005, before which he spent eighteen years in international federal IT consulting, most recently as an associate with Booz Allen Hamilton. Mr. Lowe received a B.A. in International Studies from Wheeling Jesuit University. He also holds current professional credentials in both information security (Certified Information System Security Professional (CISSP) and as a Project Management Professional (PMP), and is a member of the federal Senior Executive Service (SES).

    Charles L. (Chuck) McGann, Jr., CISSP, CISM, IAM

    Independent Security Consultant

    Charles L. (Chuck) McGann, Jr., CISSP, CISM, IAM, is an Independent SecurityConsultant focusing on assisting senior management with reviews of existing security programs to assess the impact of growing needs and mandates of compliance and security controls. He is experienced in large scale incident response activity including incident response plan development, testing and implementation. He is the former Chief Cyber Strategist and Director for the Center for Innovation and Growth for Salient CRGT a government contractor providing IT and Security services to DoD, Army, USPS, VA, OPM among other agencies. In that role, McGann worked to leverage CRGT capabilities among the Federal Civilian agencies as well as review emerging vendors for possible partnerships for increasing agency support needs. McGann also served as the Corporate Information Security Officer for the United States Postal Service (USPS). In this capacity, he had the responsibility of securing an intranet that is one of the largest maintained by any organization in the world with over 145,000 workstations and more than 10,000 servers. The USPS infrastructure encompasses over 600 business applications that support all aspects of business operations as well as movement of the mail. In his 27 years with the Postal Service, McGann held numerous positions, entering as Manager, Information Systems for the Springfield, Massachusetts district, and later served as an acting postmaster, business systems analyst, business project leader, distributed systems security specialist and CIRT manager. McGann holds an MBA from Strayer University, a bachelor¹s degree from the University of Massachusetts, and two associate's degrees from Springfield Technical Community College.

    Christina Phibbs, CISSP

    Lead Cyber Security Engineer, MITRE Corporation

    Christina Phibbs is a Lead Cyber Security Engineer for Strategy, Policy, and Privacy within the Cyber Security Technical Center at the MITRE Corporation. MITRE is a not-for-profit organization operating federally funded research and development centers (FFRDCs) for the government. Her work focuses on cyber security measures of effectiveness and scorecards, security in healthcare, and the cyber security workforce. Christina has more than 20 years of professional experience supporting various government agencies in the areas of computer network defense, cyber threat intelligence analysis, network vulnerability assessments, red teaming, compliance inspections, enterprise-wide systems engineering, cyber incident response and reporting, and strategic planning. She was key in establishing the Information Assurance Technology Analysis Center (IATAC). She was the promotional director for Aircraft Survivability and the IAnewsletter, coordinating the development and production of numerous security technical reports, and establishing and maintaining the community engagement programs for IATAC and the Joint Aircraft Survivability Program. Christina earned an M.S. with distinction in Information Systems and Technology Management from Capella University in 2015, concentrating on Information Assurance and Security, and is currently a doctoral candidate in Information Technology with the same concentration.

    Michael Stoner, CISSP, PMP, GSLC

    Chief Information Security Officer, Civilian Agency

    Mr. Stoner’s expertise is in executing enterprise security programs, establishing and implementing security standards and procedures, ensuring compliance with federal laws and regulations, identifying threats to agency assets and resources, and evaluating methodologies and alternatives for risk mitigation. He has also overseen the proactive prevention, detection, and response to computer security incidents targeting government enterprise information technology assets and data. Before Mr. Stoner began his civil service career, he provided management and technology consulting services to federal government agencies in the areas of information assurance and security. Mr. Stoner has experience in a number of security disciplines with a concentration in incident response, risk analysis, security engineering, and security policy development and compliance. He holds a bachelor’s degree in Computer Science from Ohio Northern University and a master’s degree in Information and Telecommunication Systems from Johns Hopkins University.

    Leo Wong, CISSP, CISM

    Chief Information Security Officer, FCC

    Leo Wong is the Chief Information Security Officer (CISO) for Federal Communications Commission. In his capacity he manages the daily security operations and the compliance and accreditation of systems for the agency. Previously he was the CISO at USDA/Food Nutrition Service where he led efforts in replacing outdated security technologies with new ones that enhanced productivity and risk insight. He also established a new Risk Management program that saved the agency money. He was also previously the CISO for the City of Alexandria where Leo worked with other regional CISOs to develop security policy and procedures in the National Capital Region Interoperable Communications Infrastructure. Leo also enjoys mentoring and teaching future security professionals and was an adjunct professor at GMU. Leo is passionate about changing common perceptions of Government Information Security. Leo enjoys sampling ethnic cuisine and playing basketball. Leo currently resides in the metropolitan DC area with his wife, daughter, son, and two dogs.

    Dr. Robert (Rocky) E. Young, DHSc, PA-C, CISSP-ISSAP/ISSMP, CISM, CHSP, IAM, CHFI, CEH, PMP, CGEIT, CRISC

    Principal Cyber Security Engineer, MITRE Corporation

    Dr. Young is an expert on cyber security, Information Assurance (IA) and Information Operations (IO). He has presented widely on issues and challenges related to the security of wireless/mobile devices, cloud/virtual networks, the cyber workforce, network/systems security principles, safeguards, and practices. Presently he is a Principal Cyber Security Engineer at the MITRE Corporation, a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs). Dr. Young is supporting numerous U.S. Government sponsors with cyber security and cyber medicine initiatives, in addition to supporting numerous corporate endeavors. Previously as a government civilian, he supported the Secretary of Defense as the Director for Cybersecurity and Information Assurance Outreach (CIAO) and Mobile Device Security Division, Office of the DoD Chief Information Officer. Dr. Young has been a professor at National Defense University since 2002. Prior to that, he was Chief of 11th Wing Information Assurance Office, Air Force District of Washington, providing policy guidance, technical support, and security oversight of communication, computers, and classified emissions. Dr. Young retired from the USAF after serving on active duty for 21 years, starting with his enlistment at seventeen from the Upper Peninsula of Michigan. In the beginning of his career he served in the Middle East/Desert Storm, mid-career he was selected to serve as Aircrew for the White House, and ultimately finished up his military career as a Commissioned Federal Medical Officer. He continues to serve as a volunteer in his Medical Officer capacity with the Wounded Warrior Program at the Walter Reed National Military Medical Center and teaches masters-level cyber security courses at the University of Maryland and Syracuse University.

  • U.S. Government EWB Members U.S. Government EWB Members
    CHAIR: Leo F. Scanlon, CISSP

    Deputy CISO, U.S. Department of Health and Human Services(HHS)/HHS Senior Cybersecurity Advisor for the Healthcare Sector

    Mr. Scanlon is the Deputy CISO, U.S. Department of Health and Human Services, and is the agency Senior Cybersecurity Advisor for the Healthcare Sector. Prior to joining HHS, Mr. Scanlon was director of IT security staff and CISO for the U.S. National Archives and Records Administration (NARA). In addition to Mr. Scanlon¹s CISO duties, he served as a NARA observer to the Committee on National Security Systems and participated in the Comprehensive National Cybersecurity Initiative (CNCI) Working Group, the Information Security Identity Management Committee (ISIMC) of the CIO Council and the Cloud Computing and Configuration Management Working Group subcommittees of the ISIMC.

    Dan Waddell, CISSP, CAP, PMP

    Senior VP, Zeneth Technology Partners 

    Mr. Waddell designs and executes strategies in support of Zeneth's rapidly growing federal practice and is also a founding executive in Zeneth's commercial managed security service—ZenOpz. Prior to joining Zeneth he was Managing Director for the North America Region of(ISC)², and served as their Director of U.S. Government Affairs.  He has 25 years of experience in information technology and cybersecurity, with over 20 of those years in management. Mr. Waddell has been a featured guest speaker on cybersecurity issues on both TV and radio shows such as “NBC News4 Midday”, “Government Matters” and “Federal News Radio”, in addition to several conferences across the United States and Canada. In April 2017, he was invited to testify as an expert witness on federal cyber security workforce issues at a subcommittee on information technology hearing for the House Committee on Oversight and Government Reform. Mr. Waddell also chaired the (ISC)² U.S Government and North America Advisory Councils, and the U.S. Government Executive Writers Bureau.  He received the (ISC)² President’s Award in 2013.

    Patrick D. Howard, CISSP, CISM

    Senior Cyber Security Consultant, Kratos SecureInfo, Continuous Diagnostics and Mitigation (CDM) Program Executive, and former CISO at U.S. Nuclear Regulatory Commission

    Patrick D. Howard, CISSP, CISM has served as a senior cyber security consultant at Kratos SecureInfo since March 2012.  Mr. Howard currently serves as SecureInfo’s Continuous Diagnostics and Mitigation (CDM) Program Executive.  He has over 40 years experience in security, including 20 years in the US Army, and has specialized in information security since 1989.  Mr. Howard most recently served as the Chief Information Security Officer (CISO) for the National Science Foundation’s Antarctic Support Contract in Centennial, Colorado until September 2013.  Prior to that assignment he served as CISO for the Nuclear Regulatory Commission in Rockville, Maryland as a member of the US Senior Executive Service (SES) from 2008-2012.  He was also the first CISO appointed at the Department of Housing and Urban Development (HUD) from 2005-2008.  Mr. Howard provided information security consulting support to commercial, government and international clients between 1992-2005 while employed at Troy Systems, Ernst & Young, LLC, Titan Corporation, and QineiQ among other organizations.  He was named a Fed 100 winner in 2007 for his achievement in implementation of the Federal Information Security Management Act (FISMA) by leading HUD to the first “A+” score by a cabinet level Department.  Mr. Howard is the author of three information security books:  The Total CISSP Exam Prep Book, 2002; Beyond Compliance: FISMA Principles and Best Practices, 2011; and The (ISC)² Guide to the CAP® CBK®, 2012.  He is currently working with CRC Press on a fourth book, Principles of Continuous Monitoring: A Risk Management Approach to Cybersecurity with publication planned for 2016.  He has served on the International Information Systems Security Certification Consortium’s (ISC)² Government Advisory Council and is a member of its Executive Writer’s Bureau, which he formerly chaired.  Mr. Howard graduated with a Bachelor’s degree from the University of Oklahoma in 1971 and a Master’s degree from Boston University in 1984.  Mr. Howard resides with his wife Annemarie in Colorado Springs, Colorado.

    Lee Kim, JD, CISSP, CIPP/US, FHIMSS

    Director of Privacy and Security, HIMSS North America

    Ms. Kim is the Director of Privacy and Security at the Healthcare Information and Management Systems Society (HIMSS) North America. Ms. Kim¹s roles include threat analyst, legal analyst, industry thought-leader, collaborator, and liaison, with a focus on health information privacy and information security. Ms. Kim helps to support HIMSS initiatives relevant to policy and technical initiatives at the Federal and Congressional levels. Additionally, as a healthcare and public health (HPH) sector representative, Ms. Kim has assisted with the development of the National Cyber Incident Response Plan and the Baldrige Cybersecurity Excellence Builder. Ms. Kim is a member of the Healthcare and Public Health Sector (HPH) Coordinating Council Cybersecurity Working Group and the SANS Institute Securing the Human Healthcare advisory board. Ms. Kim is a licensed attorney in the District of Columbia and the Commonwealth of Pennsylvania and a registered patent attorney with the United States Patent and Trademark Office. Ms. Kim is an AV peer review rated attorney in the fields of healthcare and intellectual property law. Ms. Kim had previously worked as an attorney in private practice for ten years and for several years as an information technology administrator.

    Lou Magnotti, CISSP

    Principal Consultant, Nautical Security Systems and former CIO, CISO, U.S. House of Representatives and Vice President Cyber Security and CISO, Pentagon Federal Credit Union

    Lou Magnotti is the Vice President of Information Technology Security and Chief Information Security Officer (CISO) for Pentagon Federal Credit Union.  As the CISO, Mr. Magnotti is responsible for the management, development and implementation of the Enterprise Security Program and has a staff of over 20 Security Professionals protecting all information systems from organized cyber threats.  Formerly, Mr. Magnotti was the Chief Information Officer (CIO) for the U.S. House of Representatives.  After nine years as the U.S. House CISO, Lou accepted the role of CIO in April 2008.   The U.S. House Office of the CIO consists of a dynamic team of over 350 information technology (IT) professionals responsible for infrastructure, messaging, security, communications, business applications and Member support.  Lou advocated for all aspects of IT as a value-added business for the House and his team identified opportunities, provided solutions and delivered quality customer service for the U.S. House community, including the 900 Member District Offices.  Mr. Magnotti retired from the U.S. House in November 2011. Lou is a member of the CIO/CISO Executive Councils, Former Chairman the Legislative Branch CIO Committee, a member of the (ISC)² Government Advisory Council for Cyber Security, a member of the Information Systems Security Association, the ASIS Information Asset Protection Committee and on the Board of Advisors to the Security Executive Council.  He earned a Master of Science degree in computer science from James Madison University and has over 30 years of government and industry experience.

    Christina Phibbs, CISSP

    Lead Cyber Security Engineer, MITRE Corporation

    Christina Phibbs is a Lead Cyber Security Engineer for Strategy, Policy, and Privacy within the Cyber Security Technical Center at the MITRE Corporation. MITRE is a not-for-profit organization operating federally funded research and development centers (FFRDCs) for the government. Her work focuses on cyber security measures of effectiveness and scorecards, security in healthcare, and the cyber security workforce. Christina has more than 20 years of professional experience supporting various government agencies in the areas of computer network defense, cyber threat intelligence analysis, network vulnerability assessments, red teaming, compliance inspections, enterprise-wide systems engineering, cyber incident response and reporting, and strategic planning. She was key in establishing the Information Assurance Technology Analysis Center (IATAC). She was the promotional director for Aircraft Survivability and the IAnewsletter, coordinating the development and production of numerous security technical reports, and establishing and maintaining the community engagement programs for IATAC and the Joint Aircraft Survivability Program. Christina earned an M.S. with distinction in Information Systems and Technology Management from Capella University in 2015, concentrating on Information Assurance and Security, and is currently a doctoral candidate in Information Technology with the same concentration.

    Dr. Robert (Rocky) E. Young, DHSc, PA-C, CISSP-ISSAP/ISSMP, CISM, CHSP, IAM, CHFI, CEH, PMP, CGEIT, CRISC

    Principal Cyber Security Engineer, MITRE Corporation

    Dr. Young is an expert on cyber security, Information Assurance (IA) and Information Operations (IO). He has presented widely on issues and challenges related to the security of wireless/mobile devices, cloud/virtual networks, the cyber workforce, network/systems security principles, safeguards, and practices. Presently he is a Principal Cyber Security Engineer at the MITRE Corporation, a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs). Dr. Young is supporting numerous U.S. Government sponsors with cyber security and cyber medicine initiatives, in addition to supporting numerous corporate endeavors. Previously as a government civilian, he supported the Secretary of Defense as the Director for Cybersecurity and Information Assurance Outreach (CIAO) and Mobile Device Security Division, Office of the DoD Chief Information Officer. Dr. Young has been a professor at National Defense University since 2002. Prior to that, he was Chief of 11th Wing Information Assurance Office, Air Force District of Washington, providing policy guidance, technical support, and security oversight of communication, computers, and classified emissions. Dr. Young retired from the USAF after serving on active duty for 21 years, starting with his enlistment at seventeen from the Upper Peninsula of Michigan. In the beginning of his career he served in the Middle East/Desert Storm, mid-career he was selected to serve as Aircrew for the White House, and ultimately finished up his military career as a Commissioned Federal Medical Officer. He continues to serve as a volunteer in his Medical Officer capacity with the Wounded Warrior Program at the Walter Reed National Military Medical Center and teaches masters-level cyber security courses at the University of Maryland and Syracuse University.

    Michael Stoner, CISSP, PMP, GSLC

    Chief Information Security Officer, Civilian Agency

    Mr. Stoner’s expertise is in executing enterprise security programs, establishing and implementing security standards and procedures, ensuring compliance with federal laws and regulations, identifying threats to agency assets and resources, and evaluating methodologies and alternatives for risk mitigation. He has also overseen the proactive prevention, detection, and response to computer security incidents targeting government enterprise information technology assets and data. Before Mr. Stoner began his civil service career, he provided management and technology consulting services to federal government agencies in the areas of information assurance and security. Mr. Stoner has experience in a number of security disciplines with a concentration in incident response, risk analysis, security engineering, and security policy development and compliance. He holds a bachelor’s degree in Computer Science from Ohio Northern University and a master’s degree in Information and Telecommunication Systems from Johns Hopkins University.