Introducing the INsecurity Advisory Board
The INsecurity Advisory Board brings together some of the cybersecurity industry’s top leaders, practitioners, and thinkers to offer advice and counsel on the key issues and challenges faced by today’s security practitioners. Advisory Board members provide insight to the Dark Reading editors on topics for sessions, input on potential speakers, and recommendations on how to program the event. The INsecurity team gratefully thanks these industry leaders for their participation.
Paul Brager, Jr. | Technical Product Security Leader, Digital Technology, Baker Hughes, a GE Company
Paul has been a contributing member of the cyber security community for over twenty-three (23) years, with expert level knowledge of security architecture and defense-in-depth design, critical infrastructure/industrial cyber, IoT, and IIoT. He has extensive cyber experience in the oil and gas, manufacturing, power utility, chemical, banking and telecommunications sector. In his current capacity as a Technical Product Security Leader, Digital Technology with Baker Hughes, a GE Company, Paul works closely with oil and gas, energy, and internal clients to integrate cyber security capabilities and strategies into their critical manufacturing and operating infrastructure lifecycles. His efforts enable customers and internal clients to weave defense-in-depth cyber strategies into the overall design of products and solutions, thereby contributing to the oil and gas industry’s ability to have a more defensible posture against some of the world’s most complex adversaries.
Paul holds a Bachelor of Science degree from Texas A&M University in Political Science, with a minor in Business, a Master’s of Science in Administration of Justice and Security (Criminal Justice/Cyber fusion) from the University of Phoenix, and is an Alpha Phi Sigma (National Criminal Justice Honor Society) inductee since 2009. Mr. Brager is CISSP, GICSP and CISM certified, in addition to serving as an adjunct professor with the University of Phoenix, teaching cyber security courses within the IS&T program, and providing course module support to a number of education bodies including InfoSec Institute, and other related endeavors.
Paul is currently involved as an ISA-99 Working Committee member, ICSJWG committee member and contributor, and is a member of ISA, InfraGard (O&G and Power Utility SIGs), OWASP, ISACA, ISC2, NSBE and various other focus groups and cyber-focused organizations. Paul has also provided commentary on a number of cyber security related podcasts and publications that provide insight into threats that may impact critical infrastructure and potential ways to manage them.
Dawn-Marie Hutchinson | Executive Director, Optiv
Dawn-Marie brings 15 years of enterprise information technology experience to her role as an as executive director, executive advisory at Optiv. She is an innovative business partner with extensive experience serving on Enterprise Risk Management teams. Hutchinson is an expert in providing data privacy and security solutions to manage information risk, improve IT governance and strengthen internal controls. Hutchinson's extensive experience in information security and privacy program development has served the healthcare, insurance, retail and higher education sectors.
While serving on the HITRUST working group for Data De-Identification, Dawn-Marie established standards and controls for the anonymization of patient level data and is credited with authoring the white paper for defining those levels, as well as use cases for the secondary uses of medical data. Additionally, she served on the HITRUST Privacy working group tasked with revising the HITRUST Common Security Framework to include additional privacy controls and the inclusion of NIST application recommendations.
Prior to joining Optiv, Dawn-Marie was the chief information security officer at Comm Solutions and also led the information security program at Urban Outfitters, based in Philadelphia. Her tenure in information technology also includes work at Walt Disney World, Co., Banknorth Group, Inc., Independence Blue Cross and Protiviti. Dawn-Marie currently sits on the Cyber Security Canon Committee, was the recipient of the CRM Women's Power 50 award and hold accreditations that include CISM, CRISC, CISA and former Payment Card Industry QSA. She is also a 2013 Master's of Business Administration graduate of the Saint Joseph's University Haub School of Business.
Erin Jacobs | Founding Partner, Urbane Security
Erin founded Urbane Security in 2009 to conquer Information Security and Compliance with boutique attention to detail, delivery, and talent that organizations desperately need in the technical landscape that we all exist in. As a former CIO and CSO, Erin yields her nearly two decades consulting and C-level management experience in managing Urbane’s compliance and strategic advisory delivery teams. Working with all levels of organizations to identify and address business goals and IT challenges.
Through her work, Erin has established several industry best practices and has presented these at numerous high-profile security conferences, including Black Hat, DEF CON, RSA, HITB and countless smaller events. She is also passionate about fostering collaboration between the C-Suite, practitioners that oversee day-to-day security challenges, and the security research community at large to help them learn from each other and ultimately improve our industry.
Fred Kwong | CISO, Delta Dental Plans Association
Fred joined DDPA at the end of May 2016, and has over 15 years of security leadership and management experience. Fred is responsible for establishing and maintaining a corporate-wide information security management program to ensure information assets are adequately protected. He is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements. As the chief information security officer, Fred will proactively work with business units to implement practices that meet defined policies and standards for information security.
Prior to DDPA, Fred served as director of security strategy and architecture for Farmers Insurance, a subsidiary of Zurich Insurance. He was accountable for Zurich's global privilege access program, developed their three-year cyber strategy and roadmap, and led the effort to launch Zurich's first risk management program. Prior to his time at Farmers/Zurich, Fred worked for US Cellular and was accountable for their security practice, where he also led efforts to bring US Cellular into PCI 3.0 compliance for the first time.
Fred is a highly recognized thought leader in security and is often asked to speak and chair at national/international security conferences. Fred has earned the CISSP, CISA, CISM, PMP and ITILv3f certifications and is Yellow-Belt certified in Six Sigma. Fred also serves as an adjunct faculty member at Roosevelt and Benedictine Universities. He received his Bachelor of Arts in psychology and professional communications, Master of Business Administration in management information systems from Roosevelt University, and holds his doctorate in organization development from Benedictine University.
Paul Kurtz | Founder and CEO, TruSTAR
Paul is an internationally recognized expert on cybersecurity and the co-founder and CEO of TruSTAR Technology. Paul began working on cybersecurity at the White House in the late 1990s. He served in senior positions relating to critical infrastructure and counterterrorism on the White House's National Security and Homeland Security Councils under Presidents Clinton and Bush.
After leaving government, Paul has held numerous private sector cybersecurity positions including founding the Cyber Security Industry Alliance (Acquired by Tech America), Executive Director of SAFECode, Managing Partner of Good Harbor Consulting in Abu Dhabi, and CISO of CyberPoint International.
Paul's work in intelligence analysis, counterterrorism, critical infrastructure protection, and non-proliferation of weapons of mass destruction influenced his approach to cybersecurity. Specifically, the fields highlighted the need to build an exchange platform which addresses barriers to sharing information--bureaucratic, legal, and market risk and concerns--while providing immediate value to operators defending networks.
Roselle Safran | President, Rosint Labs
Roselle Safran is a cybersecurity consultant with over a decade of experience in cybersecurity and related fields. As President of Rosint Labs, she provides operational and strategic advice and direction to cybersecurity teams, leaders, and startups. She is a frequent speaker on cybersecurity topics at conferences, in webinars and in podcasts. Previously Roselle co-founded and was the CEO of Uplevel Security, an incident response technology company that enables enterprises to effectively utilize their incoming and historical data to respond to cyber attacks rapidly and accurately. Roselle led the startup as it grew from a product concept to a venture-backed company with Fortune 1000 customers and a host of prestigious industry accolades.
Before founding Uplevel, Roselle was the Cybersecurity Operations Branch Chief at the Executive Office of the President. There she managed the 24x7 Security Operations Center that protected and defended the White House's network. Her responsibilities included managing the investigation of suspected network intrusions, coordinating the mitigation of high severity vulnerabilities, and developing strategic initiates to bolster defensive capabilities, improve network visibility and accelerate response times. Prior to the Executive Office of the President, Roselle managed daily operations activities for cybersecurity analysis teams at the Department of Homeland Security's US-CERT and was instrumental in building two cyber threat intelligence platforms: one used internally by all of the US-CERT analysts and one used by over 50 federal departments and agencies.
Roselle's previous industry experience includes extensive work in computer forensics, incident response, electronic data collection and Internet investigations. She has handled cyber crime cases involving network intrusions, theft of intellectual property, software piracy, spamming activities, defamation, regulatory violations, and various types of fraud. Roselle was named one of the Trending 40 Power Women of DC Tech for 2016. She holds a Certified Information Systems Security Professional (CISSP) certification and a Bachelor of Science in Engineering degree from Princeton University.
John Sawyer | Associate Director of Services, IOActive
John is the Associate Director of Services and Red Team Lead at IOActive. He leads the red team operations performing multi-vector, chained attacks across physical, technical, and human elements to demonstrate operational and business risks to clients in all verticals. John has an extensive background in intrusion analysis, forensics, and incident response. He is member of the winning team from DEF CON 14’s and 15’s Capture the Flag competition, co-founder of the University of Florida Student Infosec Team, and founder of SwampSec. John is also a respected author and trainer for organizations including Dark Reading and InformationWeek Magazine, Interop, BruCON, OWASP AppSec DC, SANS, and B-Sides Jacksonville.
Greg Touhill | President, Cyxtera Federal Group; Former CISO, US Federal Government
Greg Touhill, President of the Cyxtera Federal Group, is one of the nation's premier cybersecurity and information technology senior executives. A highly experienced leader of large, complex, diverse, and global cybersecurity and information technology operations, Greg was selected by President Obama as the US government's first Chief Information Security Officer (CISO). His other civilian government service includes duties as the Deputy Assistant Secretary for Cybersecurity and Communications in the US Department of Homeland Security and as Director of the National Cybersecurity and Communications Integration Center where he led national programs to protect the United States and its critical infrastructure. Greg is a retired Air Force general officer, a highly-decorated combat leader, an accomplished author and public speaker, a former American diplomat, and a senior executive with documented high levels of success on the battlefield and in the boardroom.