Speaker Information

The Central Ohio InfoSec Summit is proud to present the following lineup of speakers and topics

Jerrod Brennan, Security Analyst, Large Global Retailer

Sustainable PCI Compliance (or "There and Back Again")

 Compliance... the necessary evil of information security. Vendors love the business it generates, infosec pros love the budget it generates, and everyone else hates it for slowing them down. But come on... there has to be a better way to do it, right? Can't we be compliant AND secure, without being a pain in everyone's @$$? This presentation delves into developing a sustainable, secure, and relatively painless compliance organization. (Since Jerod works in retail, the presentation illustrates the process with PCI as the driving force behind that development.)

Jerod Brennen is an information security guy who actually enjoys walking the tightrope between "techie" and "suit." Having worked in IT as a hardware tech, software support tech, ecom developer, and ultimately infosec analyst, Jerod has jumped around enough to realize that infosec is by far the most entertaining (to him, anyway). To avoid ever getting a full night's sleep, Jerod also enjoys wrestling around with his three kids, providing his wife with a laundry list of reasons as to why "wrestling around is good for them," and writing & shooting low-budget indie movies with the Columbus film community.

Back to top

Clarke Cummings

Addressing Information Security Impact Before Project Implementation

 Many organizations understand the need for implementing security measures to protect themselves, their business partners, shareholders, and customers. However, too many organizations fail to take into account the cost of security mechanisms to their end-user community. Incorporating a review of end-user impact can have dramatic gains in gaining buy in to the information security program by the end-user community and management, thereby improving security for the organization. This presentation will review the benefits of such a program and how one might integrate it into their organization.

Back to top

Darrik Cupps, CISSP, CCNP, CCDP, MCSE, QSA, Senior Consultant, Audit and Compliance

PCI Currents

In reaction to Payment Card Industry (PCI) compliance efforts, many companies are asking themselves two questions: Should sensitive cardholder data (CHD) be outsourced? If not, then how do virtual technologies fit into the PCI Data Security Standard (DSS)? The presentation will examine each question and provide current insights into how these issues should be approached within your organization. Continual information security compliance is the responsibility of each organization and learning how to manage critical decisions, like the ones that will be discussed, will help grow any information security program successfully.

As a Senior Security Consultant for SecureState, Darrik Cupps conducts assessments and audits for several clients. With over six years of experience in Computer Systems Architecture, application development, network infrastructure, information security and project management, Cupps has conducted consulted with numerous Fortune 1000 companies in the areas of information security, audit, governance and network security. As a Certified QSA for the PCI DSS, Darrik leverages his experience to help companies gain compliance to the standard with as little affect on clients as possible.

Back to top

Jack Jones

Jack has been employed in technology for the past twenty-five years, and has specialized in information security and risk management for eighteen years. During this time, he’s worked in the military, government intelligence, consulting, as well as the financial and insurance industries. Jack spent over five years as CISO for a Fortune 100 financial services company where his work was recognized at the 2006 RSA Conference with ISSA’s Excellence in the Field of Security Practices award. In 2007 he was selected as a finalist for the Information Security Executive of the Year, Central United States. As an invited member of an international ISACA task force, Jack is helping to develop global standards for IT risk management in the enterprise. He also regularly speaks at national conferences and is the creator and author of Factor Analysis of Information Risk (FAIR).

Back to top

Michel E. Kabay, PhD, CISSP-ISSMP

Information assurance in an open network environment

 This presentation will discuss the key issues of security management of electronic communications in an open environment. Topics include:
  • Critical questions
  • Company Web sites
  • Data leakage
  • Trade secrets
  • Defamation E-mail using the name of the company: distribution and content
  • Moderated and unmoderated lists
  • Professional behavior
  • Personal blogs
  • Social networks
  • Selling products and services in an acceptable manner
  • Spam
  • Responsibility for infringement of criminal law
M. E. Kabay began programming computers in assembly language in 1965. In 1976, he received his PhD from Dartmouth College in applied statistics and invertebrate zoology and taught biology, statistics and programming as a university professor in Canada and overseas. In 1979, he joined a compiler team for a new 4GL and RDBMS in the U.S. and then joined Hewlett-Packard Canada in 1980 as an operating systems and database performance specialist, winning the Systems Engineer of the Year Award in 1982. He ran his own consulting firm, JINBU Corporation, from 1986 to 1998, specializing in operations management, facilities security, and corporate security policy development and implementation. He served as Director of Education for the National Computer Security Association (NCSA, later ICSA and then TruSecure) from 1990 to 1999 and then worked with AtomicTangerine where he supported the International Institute for Information Integrity® (I-4®). He earned his CISSP designation in 1997. Since 1986, he has published over 950 articles in operations management and security, written a college textbook on enterprise security (McGraw-Hill, 1996), and served as Technical Editor of the 4th Edition of the Computer Security Handbook (Wiley, 2002). He writes two security-management columns a week distributed by Network World and is working on the 5th Edition of the Computer Security Handbook for release in Winter 2008. He has been a speaker at the United States War College, the Pentagon, NATO HQ, and at NATO Counterintelligence training in Germany. He was inducted into the ISSA Hall of Fame in December 2004 and earned his ISSMP designation in November 2005. Dr Kabay is the Program Director of the Master's Program in Information Assurance and the CTO of the School of Graduate Studies at Norwich University, Northfield, VT 05663-1035 USA.

Back to top

Mark Rasch

Mark D. Rasch joined FTI as managing director in the Technology practice in February 2007. He brings over 24 years of experience in the information security field, having served for nine years as the head of the United States Department of Justice computer crime unit, and having prosecuted key cases involving computer crime, hacking, computer fraud and computer viruses. As managing director at FTI, Mr. Rasch will be focused on helping clients in the areas of computer security, privacy and incident response.

Mr. Rasch has spent the last 15 years consulting with commercial and governmental clients on matters related to computer security, regulatory compliance, and electronic evidence handling and computer incident response. For the past 3 years he was the senior vice president and chief security counsel and Solutionary. Prior to Solutionary, Mr. Rasch helped establish the SAIC Center for Information Protection (CIP), a business unit within SAIC dedicated to commercial information security consulting. Starting with 9 people, the CIP developed first into Global Integrity Corporation, a wholly owned SAIC subsidiary, and then was acquired by Predictive Systems, Inc. Prior to that, he was in private practice with the Washington, D.C. office of Arent, Fox, Kintner, Plotkin & Kahn.

While at the Department of Justice, he was responsible for investigations of computer hacking cases including those of the so-called “Hannover Hacker” ring, Kevin Mitnick and was the lead prosecutor in United States v. Robert T. Morris, against author of the Cornell Internet Worm in 1988. He helped the FBI and Treasury Department develop their original procedures on handling electronic evidence. He created and taught classes at the FBI Academy and the Federal Law Enforcement Training Center on electronic crime and evidence. He also investigated, prosecuted and handled appeals on complex white-collar criminal cases involving consumer protection fraud, banking and securities fraud, insider-trading, public corruption, Department of Defense procurement and contract fraud, counter-intelligence matters, export control, pharmaceutical fraud, and violations of federal mail fraud, wire fraud, tax fraud and Foreign Corrupt Practices Act laws. He was co-counsel in United States v. Lyndon LaRouche, as well as complex cases against organized crime figures.

He has taught evidence law at the Catholic University School of Law, and white collar and computer crime at the American University School of Law. He has taught other computer and privacy law courses and incident response classes at the University of Fairfax, George Washington University, George Mason University, and James Madison University. He has also lectured at Stanford University, Harvard University and Harvard Law School.

Mr. Rasch is frequently featured in news media on issues related to technology, security and privacy including. He has appeared on or been quoted by NBC News, MSNBC, Fox News, CNN, The New York Times, Forbes, PBS, The Washington Post, NPR and other national and international media. He writes a monthly column in Symantec’s Security Focus online magazine on issues related to law and technology and is a regular contributor to Wired magazine.

Back to top

John Rockwood

John has extensive experience (since 1985) in information systems management and information security management systems. Leadership and management experience since 1983. Over 7years experience in customer and liaison service (Information Systems Security) to foreign nationals in Europe, Middle East, and Southwest Asia.
> John is currently at The Scotts Miracle-Gro Company as Manager, Information Security responsible for developing, deploying, and maintaining the security infrastructure and safeguard information against accidental or unauthorized modification, destruction, or disclosure. Additionally responsible for ensuring compliance with Sarbanes-Oxley Act, PCI DSS, HIPAA, and other National and International regulations.

Back to top

Howard Schmidt

Howard A. Schmidt has had a long distinguished career in defense, law enforcement and corporate security spanning almost 40 years. Schmidt has served as Vice President and Chief Information Security Officer and Chief Security Strategist for online auction giant eBay. Howard Schmidt most recently served in the position of Chief Security Strategist for the US CERT Partners Program for the National Cyber Security Division, Department of Homeland Security.

Howard Schmidt retired from the White House after 31 years of public service in local and federal government. He was appointed by President Bush as the Vice Chair of the President's Critical Infrastructure Protection Board and as the Special Adviser for Cyberspace Security for the White House in December 2001. He assumed the role as the Chair in January 2003 until his retirement in May 2003.

Prior to the White House, Howard Schmidt was chief security officer for Microsoft Corp., where his duties included CISO, CSO and forming and directing the Trustworthy Computing Security Strategies Group.

Before Microsoft, Mr. Howard Schmidt was a supervisory special agent and director of the Air Force Office of Special Investigations (AFOSI) Computer Forensic Lab and Computer Crime and Information Warfare Division. While there, he established the first dedicated computer forensic lab in the government.

Before AFOSI, Mr. Howard Schmidt was with the FBI at the National Drug Intelligence Center, where he headed the Computer Exploitation Team. He is recognized as one of the pioneers in the field of computer forensics and computer evidence collection. Before working at the FBI, Mr. Howard Schmidt was a city police officer from 1983 to 1994 for the Chandler Police Department in Arizona.

Mr. Howard Schmidt served with the U.S. Air Force in various roles from 1967 to 1983, both in active duty and in the civil service. He had served in the Arizona Air National Guard from 1989 until 1998 when he transferred to the U.S. Army Reserves as a Special Agent, Criminal Investigation Division where he continues to serve. He has testified as an expert witness in federal and military courts in the areas of computer crime, computer forensics and Internet crime.

Mr. Howard Schmidt had also served as the international president of the Information Systems Security Association (ISSA) and the first president of the Information Technology Information Sharing and Analysis Center (IT-ISAC). He is a former executive board member of the International Organization of Computer Evidence, and served as the co-chairman of the Federal Computer Investigations Committee. He is a member of the American Academy of Forensic Scientists. He serves as an advisory board member for the Technical Research Institute of the National White Collar Crime Center, and was a distinguished special lecturer at the University of New Haven, Conn., teaching a graduate certificate course in forensic computing.

Howard Schmidt served as an augmented member to the President's Committee of Advisors on Science and Technology in the formation of an Institute for Information Infrastructure Protection. He has testified before congressional committees on computer security and cyber crime, and has been instrumental in the creation of public and private partnerships and information-sharing initiatives. He is regularly featured on CNN, CNBC, Fox TV as well as a number of local media outlets talking about cyber-security. He is a co-author of the Black Book on Corporate Security.

Mr. Howard Schmidt has been appointed to the Information Security Privacy Advisory Board (ISPAB) to advise the National Institute of Standards and Technology (NIST), the Secretary of Commerce and the Director of the Office of Management and Budget on information security and privacy issues pertaining to Federal Government information systems, including thorough review of proposed standards and guidelines developed by NIST.

Howard Schmidt holds board positions on a number of corporate boards in both an advisory and director positions and recently has assumed the role as Chairman of the Board for Electronics Lifestyle Integration (ELI).

Mr. Howard Schmidt holds a bachelor's degree in business administration (BSBA) and a master's degree in organizational management (MAOM) from the University of Phoenix. He also holds an Honorary Doctorate degree in Humane Letters. Howard Schmidt is an Adjunct Professor at GA Tech with the GTISC.

Back to top

Dr. Herbert Thompson

Hugh Thompson received his Ph.D. in Applied Mathematics from Florida Institute of Technology. and holds a CISSP certificate. He was an adjunct professor at Florida Tech in Melbourne, Florida and worked for Security Innovation Inc, where he gained experience training security testers and software developers for well-known software companies including Microsoft, Cisco, IBM, VISA, Hewlett Packard, Symantec, ING and SAP.

In 2006, Thompson assisted in four hack tests for the nonprofit election watchdog group Black Box Voting. Two of his tests involved altering election results reports on the Diebold GEMS central tally machines. Thompson also assisted Harri Hursti in the Black Box Voting projects in Leon County, Florida and Emery County, Utah. Thompson's GEMS central tabulator hack was achieved by inserting a Visual Basic script onto the GEMS server machine at election headquarters. Both the Visual Basic script hack by Thompson and the memory card hack by Hursti Hack can be seen in HBO's "Hacking Democracy" where Hursti and Thompson hacked in to Diebold Election Systems's voting machines and central tabulator system in Leon County, Florida proving its vulnerability.

Thompson has also been featured on The Red Tape Chronicles on MSNBC and on CNN's Lou Dobbs

Back to top

Bob West

Bob is responsible for creating and executing Echelon One’s corporate strategy. He has over 23 years of experience in information security, physical security, awareness, strategic planning, governance, organizational change, relationship management, computer network design, implementation and management.

Bob is a frequent speaker on the subject of information security and on the advisory board for Agilance, Security Growth Partners, TriCipher and Trusteer. He is on the board of directors for the Cincinnati Information Systems Security Association (ISSA), the University of Cincinnati’s College of Information Technology Adviosry Board and has also been on Securent’s advisory board (acquired by Cisco), a member of RSA Security’s Customer Advisory Council, and the ISS Customer Advisory Council. He is also been quoted in many periodicals including the Wall Street Journal and BusinessWeek.

Previously, Bob was Chief Information Security Officer (CISO) at Fifth Third Bank in Cincinnati where he was responsible for the enterprise information security strategy. Prior to joining Fifth Third, Bob worked for Bank One in Columbus where he held several key leadership roles, including Information Security Officer for Bank One's Retail Group. Prior to joining Bank One, Bob was a manager with Ernst & Young’s Information Security Services practice in Chicago, and a Senior Systems Officer with Citicorp International in New York and Chicago.

Bob received the 2004 Digital ID World Conference award for Balancing Innovation and Reality, and a 2004 InfoWorld 100 Award for implementing cross-company authentication using SAML. Bob graduated from Michigan State University with a Bachelor of Arts in German and then received his Master of Science in Management Information Systems from North Central College.

Back to top