Global CISO Forum 2017 Speakers

Katherine Fithen has been a leader in information security for more than 20 years. She retired as the Chief Privacy Officer and Director of Governance & Compliance at The Coca-Cola Company in July 2017. Prior to joining The Coca-Cola Company in 2002, Katherine was the Senior Manager of the CSIRT Program at PricewaterhouseCoopers, LLP, and prior to pwc, the Manager of the CERT®. Katherine has earned a Bachelor of Arts in Retail Management, a Master of Arts in Personnel Management, and a Master of Science in Information Science.

Katherine is on several advisory boards for privacy and security. In August 2015, Katherine was listed as one of “Women in IT Security: 10 Power Players”

Brian is responsible for Information Security for Macy’s inc., a Fortune 100 retailer, which includes over 830 department store locations, key corporate sites, internal banking and credit operations, and Macys.com and Bloomingdales.com. Since building the Information Security Organization from the ground up, Brian remains focused on aligning corporate security initiatives with business goals, while showing the value that security brings to the entire organization. In previous roles, with other Fortune 500 companies, Brian has built out security organizations, redesigned and implemented security environments, chaired Security Advisory Boards, and implemented Risk Management processes in order to raise security awareness and educate members of the Board and other executive management. Brian’s background is in IT and Information Security Architecture, Security Operations, Vulnerability Management, Audit and Compliance Governance, and Risk Management.

William “Bill” Miaoulis, CISA, CISM, has more than 25 years of Information Security experience in the Education and Healthcare industries. Bill is currently employed as the CISO for Auburn University his Alma Mater. Miaoulis was the University of Alabama Birmingham (UAB) Medical Center’s first Data (Information) Security Officer, where he instituted the first security and privacy programs from 1992-99. Previously, Bill served as the Director of Information Security for DeKalb Medical, and for 12 years was the Chief Information Security Officer (CISO) for Phoenix Health Systems. Bill also had extensive IT Audit experience in the energy and banking industries.
Miaoulis contributes to the industry by frequently speaking at conferences on security matters, including sessions on Risk Analysis/Risk Management, Creating and Implementing Effective Security Policies, Understanding the HIPAA Security Rule, and Creating Effective Security Incident Response Procedures. Miaoulis has been interviewed and quoted by numerous publications including: SC Magazine, Health Data Management, Briefings on Healthcare Security, Computerworld; and Health Information Compliance Insider. Miaoulis authored the book “Preparing for a HIPAA Security Compliance Assessment” and also has worked on updating the AHIMA Security Practice Briefs.

Richard is a security executive with ~20 years experience ranging from start-ups to global organizations. He is currently the CISO/VP of Trust for Twilio and most recently the VP/GM Cybersecurity and Privacy for GE Healthcare. His background is in Information Security, Digital Risk Management and Product Development with an analytics bent. His current focus is developing quantitatively informed strategies, building agile teams that scale and making digital risk measurable. Likewise, he recently co-authored a decision analysis book called “How To Measure Anything In Cybersecurity Risk” (Wiley 2016) This book targets those looking to improve risk management strategies using predictive analytics.

Tony is the founder and CEO of VerSprite – a global security consulting firm based in Atlanta, GA. He is also the author of Wiley’s Risk Centric Threat Modeling, a book endorsed by the late Cyber Security Coordinator for the White House, Howard Schmidt. The book has been used in universities and enterprises world wide as a means to apply a risk centric approach to application threat modeling. Tony has spoken at numerous OWASP, ISACA, ASIS, ISC2, ISSA, BSides conferences across four continents on the topics of cloud security, risk management, threat modeling, secure software development life cycles, and also conducted various training briefings to both development groups and company executives who need to understand the impact of security programs to business/ product objectives. Tony’s 20 years of IT/IS experience began with hands-on operations in the areas of system administration, network engineering, software development. His IT formation, combined with his work in penetration testing, security engineering, security architecture, application security testing, has served Tony well to speak on realistic challenges and solutions for IT groups and businesses alike in applying realistic security measures to enterprise processes. Tony serves as interim CISO for various startups and mid-size organization and is responsible for the overall build out of these security programs.

Since late 2007, Tony leads the OWASP Atlanta Chapter, where he manages monthly workshops and events for the Atlanta web application security community. He also organizes BSides Atlanta – an underground grassroots un-conference that takes place annually and aims at providing new ideas and real conversations/ solutions around common challenges in InfoSec today.

As CISO of the Nigerian Stock Exchange Ms. Favour Femi-Oyelole brought with her a depth of skills spanning a wide range of industries and sectors. She is incredibly self-driven, motivated, positive, and innovative. She started the information security department from scratch at The Exchange, delivering 20 policies within 6 months of joining. Now managing over 120 such policies, she has consistently raised the bar of security awareness across the organization and market participants. Her interview on the Global CISO Forum will be coming soon!

I have been the technology field for 20 plus years with 17+- of that focusing on Cyber Security. I achieved my CISSP certification in 2006 and C|CISO in 2011.

My responsibilities within Worldpay include working with partners within Security, Infrastructure Technology and Business partners to build a global Threat intelligence and Data Analytics program. Within this program focusing on data sources their relevance to day-to-day business functionality to perform analysis, reporting, and modeling to generate predictive analysis for threats to the organization.

I feel that my mix of technology and security experience provide me with a unique ability to provide both systems expertise as well as deep understanding of security and regulatory compliance within the financial sector.

Throughout my career I have worked for some wonderful and diverse organization such as Worldpay, Travelport, Coca-Cola, Cbeyond (currently Birch Communications), and S1 Corporation (currently ACI WorldWide) to name a few.

Sebastian Hess has been Cyber Risk Engineer for Austria, Germany, and Switzerland of AIG Europe Limited in Frankfurt since June 1, 2017 with responsibility for the strategic further development of Cyber Risk Consulting.

Sebastian Hess is an international business leader with experience in both the military and private sectors and specialization in Information Technology Security and Cyber Defense. He has spent the last 20 years working for high level and highly exposed national and global organizations focusing on protecting their IT environments. He has racked up an impressive record of achievements and advancements on multiple continents.

He started his career as a military officer with the German Air Force, where he rose quickly through the ranks to become responsible for all German information security services through the Northeast and Southern corridors of the U.S. Before leaving the military, he was appointed Chief Information Security Officer for NATO’s International Security Assistance Force (ISAF) in Afghanistan at ISAF Joint Command. He then successfully transitioned into the NATO organization itself, being a member of the team that directed the design and implementation of NATO’s Computer Incident Response Capability, a system that would eventually protect the highly confidential data of the international organization.

In 2015, Sebastian transitioned completely into the private sector. Most recently Sebastian Hess served as Chief Information Security Officer for a leading financial services provider in Belgium.

He holds a Master’s degree in Computer Science from the German Armed Forces University, a Master’s in Executive Leadership from the Georgetown McDonough School of Business, and a LL.M. degree from the Katholieke Universiteit Leuven in Belgium. He is a Certified Chief Information Security Officer (C|CISO) and a Certified Information Systems Security Professional (CISSP), among other professional certifications.

Founder of Security Catalyst, Michael Santarcangelo is sought out for his ability to turn complexity into comprehension. For over two decades, Michael has worked across a diverse set of industries and companies to solve security challenges at the intersection of technology, business, and people. Instead of relying on his knack to get results, he built on his experiences and created a framework for everyone to engage in Straight Talk. Using the Straight Talk Framework, anyone can translate value into understanding. By creating the right connection, they elevate performance and accelerate results. Straight Talk starts with a value proposition, and from it teams find alignment and the pathway to unlock value quicker. Michael continues to elevate others through training, coaching, and consulting.

Over 40 years of experience in providing Executive Level management in the area Information Technology and Information Security fields as a CIO, CSO, and CISO.

Mark started his working career in the Army and retired as a Colonel (select). At the pinnacle of Mark’s career he was nominated and selection to work at the White House as the CIO/CISO equivalent, supporting President Clinton, the VP, the White House Staff, and the U.S. Secret Service managing all the classified automation and telecommunications for the Executive Branch.

Since retiring from the Army, Mark has held several executive leadership positions; CIO/CSO for World Airways/Global Aero Logistics (US largest long haul charter airline), Deputy CIO of Global Operations/CISO for InterCall/West (World’s largest conferencing company), CISO for TravelClick (SAS in the hospitality space), Acting/Interim CISO for the Georgia Lottery and NCR.

Currently Mark is the AVP, Security Engineering and Operations team for US Bank/Elavon. Mark has been with US Bank/Elavon for 3 years. Previous to his current position Mark managed the Cyber Risk Remediation team and before that the Global PCI Compliance for Elavon.

Mr. Heath Renfrow serves as the Chief Information Security Officer, for Army Medicine. He is responsible for providing cyber-security oversight for 48 worldwide medical treatment facilities, 600 medical clinics, 104 dental clinics, 700,000 medical devices, 122,000 facility control devices, and 120,000 personnel. Expert technical expert, and serves as the authority on Cyber Security for all of Army Medicine. He has 18 years of cyber security/information assurance professional experience. He holds Bachelors in Science in Information Technology, and a Master’s of Science in Cyber Studies. Mr. Renfrow also holds numerous industry leading certifications, including Certified Information Systems Security Professional (CISSP), Certified Chief Information Security Officer (C|CISO) and Certified Ethical Hacker (C|EH).

Paul is the CISO at HD Vest Financial Services and has over 16 years of various security experiences that includes time spent as a Special Agent with the Air Force Office of Special Investigations, lead a global information security program for DynCorp International’s logistics and air operations for various government contracts, and led the Drug Enforcement Administration’s Aviation Division vulnerability management program. In addition Paul has been a finalist in 2013, 2014, 2015 and 2016 for Certified CISO of the Year through EC-Council. Paul serves on a variety of Advisor Boards for information security related topics and has a deep dedication to the information security community by mentoring other security professionals.