Cloud 101CircleEventsBlog

CCSK Early Adopters

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

Lars Albert

IT-Security Consultant, Office of the CISO – ACS, A Xerox Company

Lars is a Data Privacy regulations expert with a strong IT infrastructure and support background that is working in his 6’th year in IT-Security and Compliance mainly in HR & Learning Management outsourcing environments.

Why I took CCSK ? “Especially considering the Data Privacy regulations around the globe Cloud computing is a topic no one can allow to pass him.“

Bradley Anstis

VP Technical Strategy, M86 Security

Bradley is responsible for Technical Strategy at M86 Security and primary spokesperson for the company on aspects related to the evolution of the technical and strategic product direction beyond the immediate roadmap. In this role he evaluates new technologies and products that could enhance or extend the core M86 product line, a recent example being the acquisition of the behavioral malware technology from Avinti, Inc. Bradley also heads up the M86 Security Labs which provides 24/7 monitoring of email and Internet traffic to ensure that M86 keeps ahead of emerging threats, security trends and market requirements to provide solutions that protect customers from the latest threats and attacks to their electronic communication channels. Bradley is a 20 year veteran of the IT industry and previously was VP of Products at Marshal. Prior to that, he held various technical management positions with Protocom Development Systems and Citrix in Asia Pacific.

Jean-François Audenard

Cloud Security Advisor, Orange Business Services

Jean-François is the Cloud Security Advisor at Orange Business Services. He works together with the product marketing, engineering, projects and security teams to build and deliver secure cloud computing services.

Jean-François held various security positions within Orange Business Services ; he designed and established a methodology to formally integrate risk-management in products and services. He pioneered the Umbrella service to protect datacenters and customer’s against Internet denial of service attacks. Previously, he was in charge of operational security of the France MPLS Business-VPN backbone.

Jean-François is certified ISO 27001 Lead Auditor, he regularly blogs and post videos on the Orange Business Services Security blog and WebTV. He’s a IEEE computer society member since more than 13 years.

Shadab Ayoobi

Security Architect, Tieto Corporation

Shadab is working as a security architect for cloud technology with Tieto. He as 4 years of experience in IT security. His area of expertise includes designing security solutions, Enterprise risk management, Security architecture review, BCP/DR design and vulnerability assessment. He also hold ISO 27001 Lead Auditor,CEH,ITIL V3 Foundation,MCSE,CCNA certifications.

Daniel Baird

Solution Architect

Daniel is an Infrastructure Architect who has always had a focus on security. An academic background in Aeronautical Engineering gave him a solid grounding in safety/security and technology which segued nicely into designing and building high end IT infrastructure. His career has been predominantly in Telecommunications.

Although at risk of being called a Cloud Hipster, he says he was drawing clouds in network diagrams way before Cloud became a buzzword.

Siddharth Bajaj

Technical Director, Symantec Corporation

Siddharth has been with VeriSign and now Symantec since 1999 in a variety of technical roles. He was involved in the development of the VeriSign PKI services platform as well as the early conceptualization and architecture of the more recent products such as VeriSign Identity Protection (VIP). Most recently, Siddharth has been involved in researching new technologies in areas of Internet Trust, Identity and Authentication; and how these can be applied to solve problems in verticals such as healthcare, online content and cloud computing.

Siddharth also represents Symantec in various standards bodies including Cloud Security Alliance, IETF and OASIS. He has also been a driving force in the Initiative for Open AuTHentication (OATH) from the beginning, and currently chairs the Joint Coordination Committee. He is the co-author of several standards (WS-Federation) and Internet Drafts (OCRA, ThraudReport).

Douglas W. Barbin, CPA, CISSP, PCI-QSA, CCSK

Director, Assurance and Compliance Services, SAS 70 Solutions – A CPA & PCI-QSA Firm

With nearly 15 years of experience in security and compliance, Doug is responsible for integrated audit and compliance services at SAS 70 Solutions. He is responsible for developing integrated assessment services as well as overseeing audits that span SAS 70, SSAE 16, PCI, SysTrust, ISO 27001, and other standards. The firm’s clients include leading cloud service providers from high-security colocation providers to SaaS-based payment applications and transaction processing entities. After beginning his career in forensic accounting, he spent the next ten years in the trenches of information security, including head of product management for VeriSign’s Managed Security Services business. His diverse career has allowed him to understand the unique perspectives of auditor, consultant, and service provider. Doug moderates the Pragmatic Auditor’s Blog and is currently co-chair of standards sub-group for

Anthony Barkley

Security Strategist, Symantec Security Business Practice | Symantec Corporation

Anthony Barkley is an accomplished information security practitioner working in IT across multiple industries for 17 years and over a decade with his primary focus on security for large enterprise and service provider infrastructure. At Symantec, Anthony is responsible for security strategy and direction, industry trends, threat landscape, best practices as well as trusted advisor to security executives, senior management and executives of our customers across the Southeast. He is an extension of Symantec’s CTO Office and works closely with the business unit executives to focus on the real-world IT security challenges our customer face to drive Symantec’s overall security direction. Anthony joined the Security Strategist organization after leading the national principal organization for Symantec’s Enterprise Security Practice (ESP) for over 2 years. Engaging with our top clients, Anthony took a leadership role throughout the business lifecycle to perform business development, engagement management, and security program analysis for strategic initiatives. During this time he also held a leadership role in the development and deployment of the Symantec Security Program Assessment (SSPA) and the Symantec Security Management Model (SSMM).

Shayne P. Bates


Shayne is an internationally recognized security executive with a rare combination of achievement in the information, physical and homeland security disciplines. He collaborates with stakeholders on a global scale, including clients, colleagues, government and law enforcement agencies, and serves as a key strategic business partner to executive teams.

With security practitioner expertise, Shayne also has extensive experience in security product sales and operations. In 2010 Shayne led the development of the ASIS International Whitepaper entitled “Cloud Computing & Software-as-a-Service for Security Professionals.” In a recent Vice President of Strategic Partnerships role, Shayne helped create the business strategy of a cloud-based provider delivering hosted physical security technologies. Shayne periodically blogs at and writes his own column, “Cloud 9,” in the International Security Buyers Guide.

Ajay Bhutkar

Security Architect Cloud Computing, CEH, CHFI, SFCP | Tieto Software Technologies Private Limited

Ajay is Information Security Architect with more than 7 years of experience in designing, building and implementing various types of Enterprise security solutions and also in Risk Management. He is also involved to train Mumbai Police for Cyber Security.

My current role is to help my company to understand risks associated with cloud computing and work with cloud providers on security controls for remediation. In addition to holding the CCSK, I am also an ISO 27001 Lead auditor, CEH (Certified Ethical Hacker), CHFI (Computer Hacking Forensic Investigator) certification holder


Professional Services Manager, Verizon Consulting Services, Verizon Business

Ken has 29 years experience in the security industry. He is responsible for providing governance, risk, and compliance (GRC) solutions. These areas include ISO 27001/2, NERC-CIP, PCI, and HITRUST. Ken is also part of Verizon’s cloud and virtual environment security team and represents Verizon in the Cloud Security Alliance (CSA). He has built teams for customers’ security programs in the pharmaceutical, manufacturing, retail, and government. Ken has written a number of articles and has co-authored 10 books that include The Ultimate Security Survey series. Recently, he contributed to CSA’s Consensus Assessment and helped develop American Society for Industrial Security’s (ASIS) “Information Asset Protection Guideline”. Ken is located in the Seattle, Washington area.

James Blake, CISSP / CISM / CCSK

Group Chief Security Officer, Mimecast

James has over two decade’s experience in building security and business continuity frameworks from the ground up based on ISO 27001, BS 25999 and COBIT frameworks. James has overall responsibility for information security for internal IT infrastructure across nearly a dozen countries; platforms in strategic partners such as Iron Mountain and Cable & Wireless; and Mimecast’s own service delivery platform, which supports in excess of 600,000 paying subscribers.

John Bobrek

IT Security Manager, Bechtel

John is an Information Security Architect with 12 years experience in security solution design and implementation. He has been involved in all areas of Bechtel’s information security program but has recently been focusing on security policy development as it relates to the cloud, business continuity, and identity management.


CSO, Cloud Security Director, Cyber Security Director at Soluciones Orion

Jaime has 15 years of experience on IT Security applied to Communications and Computers. He served as Chief Computer Security Officer and CTO in the Navy, where he helps producing the Information Security policies instructed and leads the Research & Development team on ITSEC and the teams enforcing the correct implementation of the Computer Security.

On 2010 he retired from the Navy to join Soluciones Orion, leading company on security and Cloud Computing, as CSO, Cloud Security and Cyber Security Director, from there he is helping the Cloud strategy by training new professionals on Cloud Security and by providing his previous experience on new Cloud designs and implementations in Chile, Perú, Argentina and Colombia.

Lewis Brodnax, CISSP

Director of Technology Solutions, Williams & Garcia LLC

What has become an enduring love of computer security for Lewis began over a decade ago at Duke University in a special topics seminar in Number Theory and Cryptography. Since then he has held Architect level security and infrastructure positions with companies ranging in size from early stage startups to the Global Fortune 25. Currently, Lewis leads the Technology Solutions Practice with Williams & Garcia, a boutique infrastructure and security consulting company based in Atlanta, GA.

Lewis holds 14 intermediate or advanced certifications from eight different certifying bodies covering security, data forensics, storage and data networking, cloud computing, databases, operating systems, hardware and emergency medical response. In addition to being a lifetime member of ASDFED, Lewis is the VP of Programming for the Atlanta InfraGard Member’s Alliance and the Treasurer of the Atlanta Chapter of the HTCIA. In his spare time he volunteers with Alpharetta Fire Corps and CERT, and he lectures on topics ranging from disaster preparedness for children to the Advanced Persistent Threat.

Fernando Cabal

Systems Architect - Consultant, CGI

Fernando is a seasoned IT professional with over 15 years of experience in operations, design and implementation of Internet Solution Providers infrastructures, systems security and custom monitoring tools. With an extensive background in Networking, Linux and Windows systems administration, his experience include work architecting and operating mission critical environments for high volume eCommerce web sites, Mobile Internet gateways and small to large business IT datacenters.

Having participated and conducted various datacenter virtualization projects in the past 3 years, the security aspects and the evolution of Infrastructure as a Service is the main point of interest for Fernando who now plays an active role in the development of CGI’s Cloud Computing solutions. These offerings include both Private and Public IaaS services which are made available to CGI clients.

Carlos Cerda C. , CCSK

ISO, Chilean Navy

Carlos Cerda has over 10 years of experience in Unix systems and networking and +2 years of experience in IT security. He currently works as Information Security Officer in the Chilean Navy.

Bhaskar Chandramouli

Security Strategy and Risk Management Consultant, Accenture Services Pvt. Ltd.

7+ years of experience spanning in Service Delivery, Service Management and Governance, BCP/DR design, Policy Development, & Governance, Contract management and risk management.

Cloud offers incredible opportunities for businesses today and is essential to facilitate innovation in this changing business environment. CCSK is good recognition for me enables me to demonstrate my knowledge across the spectrum of cloud security.

John C. Checco, CISSP / CSSLP / CCSK

Founder & CTO, bioChec

John is founder of Checco Services, Inc., an information security consulting firm that also markets award-winning bioChec™ keystroke biometric solutions. Prior to founding Checco Services Inc., his past experience encompassed R&D of cutting edge technologies from NYNEX Science & Technology Division, Pitney Bowes Advanced Concepts & Technology, and the IBM T. J. Watson Research Center. He received a BS (Computer Science / Mathematics) and MBA (Information Systems) from Pace University.

John currently holds CCSK (Certification in Cloud Security Knowledge), CISSP (Certified Information Systems Security Professional) and CSSLP (Certified Secure Software Lifecycle Professional) certifications, is a contributing member of the Advisory / Content Committee of the WSTA (Wall Street Technology Association), a secure member of Infragard, and active member of ASIS (American Society for Industrial Security), ISSA (Information Systems Security Association) and OWASP (Open Web Application Security Project).

Matthew Chiodi

Sr. Security Architect in the Solutions Network group at Deloitte Consulting LLP

Matthew Chiodi is a Sr. Security Architect in the Solutions Network group at Deloitte Consulting LLP and also serves on the InfraGard Philadelphia Chapter board as Vice President.

Since joining Deloitte in 2005 Matthew’s primary focus has been helping both clients and practitioners to translate complex business requirements into secure and reliable IT solutions. Most recently his work has been in the Cloud Computing space exploring the unique risk / reward relationship that this evolutionary technology offers. He has over ten years of professional experience and his interests are in the areas of Identity and Access Management, Cloud Computing and data centric security. Matthew received a B.S. in Business Information Systems from Messiah College in 2000. He has been a Certified Information Systems Security Professional (CISSP) since 2003 and a member of InfraGard since 2005.

Alan Clark

Senior Manager, Engineering, Industry Initiatives and Emerging Standards, Novell, Inc.

A Senior Staff member of Novell’s Linux Business Unit focused on Industry Initiatives and emerging standards with 20 years of experience as a Software Engineer devoted to the research and development of operating systems and distributed multi-platform server services.

William Ferguson


William serves as a subject matter expert for complex Information Assurance and Security Engineering efforts worldwide. His areas of expertise range from executive level risk management policy integration to packet level analysis in support of black box penetration testing. This unique range of skills has directly contributed to the deployment of secure global networks, cloud initiatives and the development of large scale assurance platforms. As a CCSK with intimate knowledge of foreign network infrastructures and practices he continues to help foster a better view into the globalized challenges of secure cloud computing for clients worldwide.

Gareth Fletcher

Solution Architect, OneNet Limited

Gareth has been with OneNet for more than two years. Gareth’s expertise encompasses a wide range of technologies including messaging, virtualisation, and networking. A key area of responsibly for Gareth is OneNet’s monitoring environment which provides pre-emptive alerting, capacity management, as well as detailed modelling of critical systems. Gareth is also involved in the continuous evaluation and application of emerging technologies within OneNet.

Luke Forsyth

Vice President, Security & Compliance Services, Europe, CA Technologies

Luke Forsyth is a Certified Information Systems Security Professional (CISSP) with more than ten years consulting experience, including senior and leadership roles. This experience has included risk/benefit analysis, risk management, governance, cryptography, cloud security, identity management and standards implementation. Industry sector experience includes government, telecommunications, financial services, commodities and manufacturing.

Ramsés Gallego

CCSK, CISM, CGEIT, CISSP, SCPM, ITIL, COBIT(f), Six Sigma Black Belt Certified General Manager, Entel Security & Risk Management

Ramsés is a +15 year security professional with deep expertise in the Risk Management and Governance areas. After being in CA Technologies (formerly known as Computer Associates) for 8 years and also being Regional Manager for SurfControl in Spain and Portugal, Ramsés is now General Manager of the Security and Risk Management practice at Entel It Consulting where he strategizes the vision of the area and oversees the deployment of services. Ramsés have been serving for three year in ISACA’s CISM Certification Committee and is now a member of the CGEIT Certification Committee. He is honored to be the Chair for ISACA’s ISRM Conference, CISM Director at the Barcelona Chapter and part of the Program Committee for the event SecureCloud 2010 that took place in Barcelona. He is also part of the ISACA’s CISM PATF Task Force as well as he is serving in the Guidance & Practices Committee. Ramsés believes that the cloud offers incredible opportunities for businesses today and is essential to facilitate innovation in this changing business environment. But they also have the potential to alter the world as we know it and accreditations like CCSK will help to define a common body of knowledge and prepare the ground for a solid and robut cloud understanding.

Matthew Gardiner

Director, CA Technologies

Matthew Gardiner is a Director working in the Security business unit at CA Technologies. He is a recognized industry leader in the security & Identity and Access Management (IAM) markets worldwide. He is published, blogs, and is interviewed regularly in leading industry media on a wide range of IAM, cloud security, and other security-related topics. He is a member of the Kantara Initiative Board of Trustees. Matthew has a BSEE from the University of Pennsylvania and an SM in Management from MIT’s Sloan School of Management.


Lead Security Advisory Analyst, Advisory Services, Symantec Security Business Practice, Symantec Corporation

Michael Garvin is a seasoned IT professional with over 17 years of experience in a variety of roles in information security, compliance, systems administration, and IT architecture and management. Since joining the Symantec Security Advisory Services organization in 2006 he has been responsible for delivering PCI audits, PCI gap analysis and remediation planning assessments, Symantec Security Program Assessments (SSPA), third party risk assessments, host hardening assessments, and vulnerability management services for Fortune 500 companies. As the Lead Technical QSA for Symantec for North America Michael is responsible for PCI delivery methodology and training and participates with the PCI Scoping SIG. His interest in vulnerability management and metrics had led him to assist clients with developing programs that include targeted remediation planning and program effectiveness goals and metrics.

In addition to his extensive background in information security, Michael also brings with him a wealth of expertise in the UNIX, Linux, and Windows platforms, as well as network design and operational support with the design and build-out of various large-scale hosting facilities. Prior to Symantec his experience includes work architecting and operating solutions at service providers, pre-sales systems engineering for Sun Microsystems, and work at several institutions within the University of North Carolina system. At MCNC Michael supported higher education through work on grid computing using the Globus Toolkit and Sun (now Oracle) Grid Engine, and on virtualization using VMware, Xen, and Solaris Containers (Zones) and Domains. He is a member of the security metrics community as well as local ISSA and ISACA chapters.

Mike Geide

Sr. Security Researcher, Zscaler, Inc.

Mike Geide is a senior security researcher at Zscaler, Inc. – a cloud computing, security software as a service (SaaS) provider. He is responsible for researching, analyzing, and developing mitigation strategies for security threats – particularly threats to Zscaler’s cloud and web-based threats to its customers. He has spoken at several security conferences, including RSA, CanSecWest, and SANS; and his research has been cited in the media, including USA Today, The Register, and Dark Reading. Prior to joining Zscaler, Geide worked in the Federal Government for DHS/US-CERT and then the Internal Revenue Service (IRS) Online Fraud Detection and Prevention team.


Manager Information Security and Risk Management, Concur Technologies

Peter Gregory, CISA, CISSP, DRCE has over 25 years of experience in virtually every role in Business IT departments, including work in government, banking, non-profit, telecommunications and on-demand software businesses. He is the author of twenty-two books on security and technology and has been a technical editor for twenty additional books on security and technology. He has spoken at industry conferences since the 1990s and is regularly featured and interviewed in press and trade publications.

Gregory is on the board of advisors and the lead instructor for the University of Washington certificate program in Information Systems Security, and a lecturer at the NSA-certified University of Washington Certificate Program in Information Security and Risk Management. He is also on the Board of Directors for the Evergreen State Chapter of InfraGard, and the Executive Steering Board for the SecureWorld Expo Conference in Seattle. A founding member of the Pacific CISO Forum, Mr. Gregory is a graduate of the FBI Citizens’ Academy and active in the FBI Citizens’ Academy Alumni Association. Gregory studied electrical engineering and computer science at the University of Nevada, Reno, and is the manager of information security and risk management at Concur, a Redmond, WA based provider of on-demand Employee Spend Management services.

Kaijun Gu


Kaijun Gu has more than 15 years dedication in information security industry with extended experience of being the design or architecture principals for commercial security products, security consultant and technical sales professional as a trusted security subject matter expert and technical advisor for fortune 100 companies. He is an expert on identity and access management solution and successfully delivered services on identity and access Management for many customers.

Cem Gurkok, CISSP / CISA

Threat Intelligence Manager, Terremark, Worldwide, Inc.

Cem Gurkok, CISSP, CISA is the Threat Intelligence Manager in the Secure Information Services team at Terremark Worldwide, Inc. He specializes in cloud computing security, system security architecture, incident response, computer and network forensics, malware analysis, litigation consulting, research and development of security software. He has worked with various Fortune 500 companies throughout the world.

Cem has recently presented at the EuroForensics Conference on Windows Incident Response, has published a paper about automated evidence extraction and malware behavior analysis at the International Security and Cryptology Conference, and has written articles about cloud computing security and incident response for ComputerWorld Online.

Christofer Hoff

Security Engineering and Innovation Team Lead, Bank of America

Hoff has more than 20 years of experience in high-profile global roles in network and information security architecture, engineering, operations and management.


Senior Consultant at VMware

Wade Holmes is a Senior Consultant at VMware. Wade has over 13 years of experience planning, designing, engineering, architecting and supporting complex computing environments of all scopes and sizes. As a member of VMware he works on ensuring the security posture and mitigating the risk of virtualization and cloud solutions. Wade also serves as a member of the VMware Certified Design Expert certification panel.

Before joining VMware, Wade was the first non-VMware employee worldwide to achieve the VMware Certified Design Expert (VCDX) certification. Wade also contributed to the creation of the Center for Internet Security ESX 3.5 Security Benchmark. Wade has obtained many other certifications, including Certified Information Systems Security Professional (CISSP), VMware Certified Professional (VCP4, VCP3, VCP2), NetApp Certified Implementation Engineer (NCIE), NetApp Certified Data Administrator (NCDA), DRI Associate Business Continuity Professional (ABCP), Cisco Certified Network Associate (CCNA), Falconstor Certified Engineer,Virtuozzo Certified Engineer, and Microsoft Certified Professional (MCP).

Quinton Jones

Solution Architect | McAfee

Quinton leads solution business development across McAfee’s Cloud and Content Business Unit and enterprise mobility management. He is engaged in product strategy, business process enablement, public and private training and evangelism and outbound demand generation. Quinton is an ardent security professional with 10 years experience designing security architectures, security metrics, security program management, engagement and project management. He has held roles in business development, sales management, technical account management, audit & advisory and technical consulting at eEye Digital Security, Qualys and Breakwater Security Associates.

Quinton speaks at security conferences and briefings on network and application security domain topics. Quinton holds an MBA from the UCLA Anderson School of Management, a BA from the University of Washington and maintains a CISSP. He is involved with ISSA, Agora, Infragard, University information security curriculum development, and is a board member of the Source Seattle conference.

Santanu Joshi

Senior Security Architect Cloud technology, Tieto Software Technologies Private Limited

8+ years experience in Information security & BCP & DR with prestigious organizations. Currently associated with Tieto Software India, as a Senior Security Architect Cloud technology. With hands-on experience in drafting and implementing security policies, gap remediation, policy compliance, business continuity planning and disaster recovery.

Min Ju

Security Strategist CCSK, GREM, GPEN, CEH, CISSP, CISA, Security+, Linux+ SEP, MCSE, MCSA, Symantec Security Business Practice | Symantec Corporation

Min Ju is a Security Strategist for Symantec Corporation. Min leads a fast-paced, high-performance Security Business Practice organization that directly supports the business goals of a $6 billion Fortune 500 software company. He is an extension of Symantec’s CTO Office and works closely with Security Business Unit Executives. Min is a passionate security practitioner with 18 years of diverse experience in a broad range of information security domains, web technologies, architecture, infrastructure, networking and development environments. His responsibilities range from security strategy and direction, industry trends, threat landscape, best practices and trusted advisor to security executives, senior management and engineers to large enterprise customers. Prior to this Min worked as the Head of Information Security and Security Architect for CDW Corporation, as an ethical hacking team lead, vulnerability researcher and web architect at Allstate Insurance and a senior consultant at Arthur Andersen in the application integration and Internet teams.

Min has spoken on security at numerous external and internal events throughout his career. Min is a member of Cloud Security Alliance (CSA), ISSA, ISACA, ISC2, SANS Advisory Board, EC-Council, Symantec Protection Center Advisory Council, Symantec Endpoint Security Field Advisory Board (FAB) and established a Symantec Endpoint Security User Group in Chicago. Min also holds a M.B.A. from Keller Graduate School of Management, B.S. from DeVry Institute of Technology, and numerous certifications including CCSK, GREM, GPEN, CEH, CISSP, CISA, Security+, Linux+, MCSE and MCSA.


Director, MIEL e-Security Pvt. Ltd. (

Avinash is a lead instructor / certified trainer for various courses like CISSP, CISA, CISM, BCMS, Cobit Foundation, ISMS Lead Auditor. Many of these courses have been designed by him. He frequently speaks at International Conferences. Some of these are ISACA’s Asia CACS in Dubai, Oman, Kyoto, MEITSEC in Dubai, World Conference on Disaster Management in Toronto, Infosecurity in London, IIA Conference in Dubai

He also holds B.E. (Mechanical), A.M.I.E. (Electronics and Telecommunication) and M.F.M. (Master in Financial Management) degrees.

Nick Kael, CISSP, CCSK, Security+ Certified, CCDP, CCNA, CCSA, MCSE + Security, BCCPP, Bluecoat Blue Knight

Principal Security Strategist, NY Metro, Symantec Corporation- Security Business Practice

Nick Kael is a Senior Security practitioner with over 15 Years in the technology Industry and the last 9 of those dedicated to Information and Network Security. At Symantec Nick is responsible for Security Strategy & direction, an understanding of industry trends, maintain knowledge of the current threat landscape, best practices as well as trusted advisor to security executives, senior management and executives of our large enterprise customers across the New York Metro Area. He is an extension of Symantec’s CTO Office and works closely with the business unit executives. Nick has a broad range of knowledge in information security domains, web technologies, architecture, infrastructure, networking and development environments.

Prior to Symantec Nick held leadership roles in both network and security engineering teams in several telecommunications providers such as MCI, Qwest, Global Crossing & British Telecom where he was also a director in the Managed Security Services in a global scope. Before entering the corporate world Nick served 8 years in the United States Marine Corps as a Team Leader in Force Reconnaissance team where different aspects of Security were vital to operations both on a physical and logical level.

Chuck Kesler, MBA, PMP, PCI-QSA, CCSK

Sr. Manager, Security Advisory Services, Symantec Corporation

With over 20 years of experience as an IT professional, Chuck leads Symantec’s Security Business Practice Advisory Services team. Since joining Symantec in early 2006, he has managed the delivery of hundreds of security-related services projects, including penetration tests, vulnerability assessments, security architecture reviews, PCI assessments, and product enablement services. The majority of these projects have been delivered for large enterprises, including many Fortune 500 clients and government agencies. In addition, Chuck has helped facilitate collaboration within Symantec by serving as a global lead for its Application Security, PCI, and Project Management Communities of Excellence. Prior to joining Symantec, Chuck held management and director-level positions with several firms in the service provider industry. He has been responsible for building security programs from the ground-up, including policy and procedure development, hiring and developing information security staff, and managing security incident response teams.

Rob Kraus

Security Consulting Services, Solutionary, Inc. (

Rob is a Security Consulting Services Manager for Solutionary, Inc. As a manager, he is responsible for conducting various penetration testing activities while also leading a team of penetration testers who perform assessment services for Solutionary’s customers. He is responsible for performing web application security assessments, external and internal penetration testing, social engineering, tools development, and vulnerability research. Rob is also the lead author for the Seven Deadliest Windows Attacks, and co-author for the Seven Deadliest Network Attacks books from Syngress Publishing.

Rob was previously the Remote Security Services Supervisor with Digital Defense, Inc. Rob’s background also includes contracting as a security analyst for AT&T during the initial stages of the AT&T U-verse deployment as well as provisioning, optimizing, and testing OC-192 fiber-optic networks while employed by Nortel Networks.

Ian Krieger

Solution Architect, Telstra Corporation Limited

Ian accidentally fell into the IT world in ’94 and hasn’t left since. He is Solutions Architect with over 15 years of consulting, architecture, design and support experience in the IT services industry covering multiple disciplines; data networks, security, systems and storage.

Ajay Kumar

Security Architect, Accenture

Ajay is an Information Security Architect with 10 years of experience in designing, building and implementing various types of security solutions across the domains. He is having extensive working experience on Data protection, Risk & Compliance, Enterprise security architecture and helped industries like Education, ecommerce, IT, Banking and Insurance & BPOs and helps them achieving their enterprise security objectives and meets the compliance requirements & regularity standards. In addition to holding the CCSK, he is also an ISO 27001 Lead auditor certification holder.

Jonathan Lampe, CISSP / GSNA / CCSK

VP, Product Management, Ipswitch

Jonathan Lampe is VP of Product Management at Ipswitch and is responsible for its WS_FTP, MOVEit, MessageWay and Sendable brands. As the architect and security/regulatory expert behind the MOVEit managed file transfer system, he became a pioneer in file transfer technology during the mid-2000s, and continues to lead initiatives into emerging technologies such as cloud deployments under regulatory conditions and highly distributed secure systems. Today, Jonathan’s solutions power mission-critical, high-exposure transfer deployments at over 1000 enterprises worldwide, including the largest oil, restaurant, financial processor, military and insurance organizations in North America.

Jonathan holds B.S. degrees in Computer Science and Operations Management from Northern Illinois University and an M.B.A. from the University of Wisconsin. His previous security certifications include CISSP, GSNA and GCIA (currently expired) and he currently serves as Ipswitch’s representative to the PCI (Payment Card Industry) Security Standards Council and as a representative to SANS GIAC Advisory Board.

Armando Leite

Executive Advisor, KPMG, LLC

Armando is an Information Security consultant with 12 years experience in designing, building and defeating various types of infrastructures and applications. Armando’s professional focus is on supporting his clients to leverage current and new technologies to maximum business advantage whilst adequately managing associated risks. In addition to holding the CCSK, he is also a CISSP, CISA and currently pursuing a MSc in Information Security at Royal Holloway, University of London, UK.

Prof. Yale Li

Chair for CSA Greater China Regional Coordinating Body

Yale Li has been volunteering for the CSA since 2010. He is currently Chairman of CSA Greater China Region and its Security Coordinating Body. Previously, he served as the Chief Strategy Ambassador and Strategy Advisor for CSA Global, CISO Submit Program Committee Member for CSA APAC, Board Member & Research Director for CSA Seattle Chapter, and Lead/Member for several CSA Workgroups. He is one of the earliest CCSK credential holders.

Yale is a global security thought leader in both industry and academia. With a focus on European governments and telecommunications companies, he has provided technical leadership at Huawei in China since late 2014 as the Chief Cyber Security Expert (VP Level) to cover cyber security evaluation, international CSO, cloud computing and CEO advisory roles. Prior to Huawei, he had been with Microsoft in US for 16 years as the Global Chief Security Architect and China CISO, and worked in areas such as Information Security, Cyber Security, Cloud Security, Windows R&D, and Internet Ops. He came to Microsoft from IBM in Canada where he was the Chief Technology Architect.

Yale is currently Senior Fellow & Adjunct Professor at Xi’an Jiaotong University and Visiting Professor at Nanjing University of Telecommunications & Posts. He was also Ph.D. Supervisor at University of Washington, Honorary Professor at Peking University, and Visiting Scholar at Beihang University. He was the ICCSM Programme Chairman, RecordsInTheCloud.Org Collaborator, and advisor/speaker for several government agencies and labs such as US Nist and China CEPREI Certification Body. Yale had background in Physics as research assistant to CERN’s Nobel Prize and Rutherford Medal laureates. He has also authored several books and many articles.

Thomas Loczewski

Senior Manager Advisory Services, Ernst & Young GmbH, Germany

Thomas is a Senior Manager at Ernst & Young and currently works out of Frankfurt, Germany holding a lead role in the field of cloud assurance and advisory services. His qualifications include passing the CISA and CISSP exams, being a certified ITIL professional and SAP solution consultant.

Thomas has 12 years of experience in IT auditing and IT consulting. He has achieved a master degree in business administration in Germany and a computer science degree in the United States. Thomas has been acting as an IT-Security consultant at Deloitte & Touche’s Enterprise Risk Services before joining the Advisory Services at Ernst & Young in mid-2000. He has advised numerous CFO’s, CIO’s and CISO’s in the fields of IT-related strategy, governance, processes, internal controls, auditing, ERP advisory and information security – both nationally as well as internationally, at both smaller organizations and large global enterprises. Thomas is focusing on the cloud computing spectrum of services, including e.g. use case evaluations, risk assessments, provider selection support, transformation activities, and providing assurance based on established criteria for provider as well as user organizations.

Justin Lute

Security Architect, Solutions Engineering | ACADIA

Justin is a Security Architect in the Solutions Engineering organization at ACADIA (a joint venture of EMC, Cisco, VMware, and Intel), in support of the VCE coalition. He moved into ACADIA in October 2010 from the vSpecialist team in EMC’s VMware Technology Alliance group, having spent two-and-a-half years as a Technology Consultant for the RSA security division before that stint. He has been employed by ACADIA/EMC/RSA since 2007 and has been working in information technology and security since 1998. Prior to EMC/RSA, Justin spent six years with Verizon in managed network and security services and pre-sales consulting.

Justin is a graduate of the Ohio State University (BA, History) and holds a Certificate in Computer Security Foundations from Stanford University. He is also a CISSP and has earned a wide range of industry technical certifications from RSA, VMware, Cisco, Microsoft, Novell, and many others. An active blogger at, he has been a frequent presenter at RSA marketing events.

Phillip Mahan, CISSP, CISA, CIPP, CCSK

Founding Principal, Talion, LLC

Phillip Mahan is an Information Security and Privacy professional who has spent a decade and a half within the Fortune 50. As a consultant, he has created Governance documents for small and medium-sized businesses and given countless training sessions on various aspects of Information Security. Phillip is a member of the American Society for Digital Forensics and eDiscovery (ASDFED), the American Society for Industrial Security (ASIS), and the Information Systems Audit and Control Association (ISACA). He is the Atlanta KnowledgeNet Chair for the International Association of Privacy Professionals (IAPP), and the 1st Vice President of the Atlanta chapter of the High Technology Crime Investigation Association (HTCIA),. His experience is rooted in various business sectors, including Retail, Petrochemical, Insurance, and Finance.


Founder/Principal, nControl, LLC

Steve Markey is the Founder/Principal of nControl, a Data Security and Privacy consulting firm based in Philadelphia. He has over 10 years of experience in the technology sector and has served as a: Chief Technology Officer (CTO), Chief Information Security Officer (CISO), IT Project Manager, and Senior Consultant. His industry experience includes: Healthcare, Financial Services, Government, Insurance, and Business Services.


Office of the CISO - ACS, A Xerox Company

Working as an Information Security Architect with 10 Years experience, CISA, CISM and CISSP designations are now augmented with the latest available industry qualification. James chose the CCSK, to demonstrate his level of competence in unravelling the risks and complexities of doing business in the Cloud.


CEO, One Enterprise Consulting Group, LLC ( and Founder, Cyber Security Central (

Matthew Metheny is an experienced IT professional and business leader in areas of IT Governance, IT Security (Engineering and Compliance), Program Management, System Engineering, Software Development, System Architecture, Enterprise Architecture, and Business Process Improvement.

Matthew focuses his efforts on expanding the “best practices” of IT Security across multiple domains to include Security Compliance, IT Governance, Financial Compliance, Security Engineering, System Development & Design, Systems Integration, Program and Project Management, Network Infrastructure, Knowledge Management, Business Process Engineering, and Software and Security Maturity Models. He primarily focuses his efforts on compliance and standards development to achieve a cost-optimization of multilateral and multilayer security and risk management processes.

Beau Monday, CISSP, GSEC

Information Security Analyst at a global financial firm

Beau has been in the IT industry for well over 20 years, with a specific Information Security focus for nearly 10 of those years. While currently doing risk assessment work for a large financial firm, Beau has recently helped define a cloud strategy for T-Mobile USA, oversaw the information security program at a learning management company using a SaaS-style cloud deployment strategy, and contributed to 2 domains in the most recent revision of Cloud Security Alliance’s “Security Guidance for Critical Areas of Focus in Cloud Computing.” Beau also frequently comments on information security topics at his website,, and selected writings have been published from time to time in online magazines.

Jean Morissette, CISSP, CCSK

Senior Security Architect, PricewaterhouseCoopers LLP (

Jean is a proven solution-oriented consultant specializing in the delivery of security, identity and access management (idM) solutions. He has solid hands-on implementation experience and over ten years in enterprise directory services, access management, and reduced sign-on solutions (eSSO/Web SSO). He is well versed in strong authentication, password management, and user life cycle management solutions. He regularly manages projects and clients, ensuring customer satisfaction and project delivery.

Jean augments his proven consulting background in IdM with more than 20 years of technology integration experience across a variety of platforms. He is currently a member of the PricewaterhouseCoopers LLC, Technology Consulting group.

Bill Narin

Entrepreneur, Founder, Ikena

Bill specializes business development in networked markets. His professoinal focus is on the introduction of disruptive technologies, innovative business models, and helping firms efficiently achieve a significant share of their TAM. He has worked extensively with distributed scalable platforms, licensed hypervisor software to leading telecom and network equipment manufacturers and played a key role in the launch of the broadband industry. He holds a masters from the Sloan School of Management at MIT.

Bill chose to gain CCSK certification because cloud deployments bring such a diverse range of security concerns to center stage. He believes addressing these concerns early and effectively will prove crucial to overall adoption and to individual firms seeking competitive advantage.

Derek Nash

Information Security Architect, Midwave Corporation

Derek is an information security architect with 10+ years of experience. His experience has varied from technical implementations to penetration testing and risk assessments to security architecture. He now assists his clients in evaluating cloud computing security strategies and cloud provider service offerings

Pete Nicoletti


Price Oden, CISSP

Principal Security Architect, Microsoft Corporation

Price Oden, CISSP is a Principal Security Architect at Microsoft with 16 years’ of IT and Information Security experience. Prior to joining Microsoft in 2000, he was a Security Risk Manager at Hewlett Packard. Capabilities include Risk Management, Policy development, Compliance and Strategic Planning. Under the CIO and CISO, Price is currently focused on Information Security activities involving the use of cloud services by the Microsoft Enterprise.

Masaki Ogawa

Senior Consultant, CCSK, CISSP, CISA, CISM, PCI QSA, GPEN, MBA, Verizon Business

Masaki has 10+ years work experience in the IT security industry. He, as a senior consultant, is responsible for providing information risk management, security risk assessment, and threat and vulnerability management as well as performing project management, integration services, and e-business solutions covering all aspects of Security and Privacy. His proficiency in information security has been brought by broad experiences ranging from sales to technical support, implementation to management. Masaki has been involved in a number of professional security service engagements in which he had to interface with the clients, understand the requirements, assess the security risks, align client expectations and formulate appropriate solutions. The CCSK enabled him to demonstrate the knowledge in the security space within Cloud Computing.

Wayne Pauley

Director, EMC Corporation

Pauley has over 25 years of technology experience combining business with technology as an executive including Engineering, Product Marketing/Management, Channel and Sales Business Development, and Professional Services. Pauley is also a doctoral candidate at Nova Southeastern University focusing on information security, privacy, risk, and cloud computing and has authored several peer reviewed papers on Cloud Computing. Pauley is very active with the IEEE Computer Society, the IAPP, and is an adjunct professor at Franklin Pierce University’s Graduate School.

Bill Perlowitz

Vice President of Advanced Technology, Apptis, inc.

Bill has over 25 years of dynamic technical and management leadership in support of U.S. Federal departments and agencies. He possesses outstanding strategic and tactical skills, extensive expertise in developing and delivering service offerings that align technology with mission critical objectives including: enterprise transformation / integration by using patterns; cloud computing, virtualization, Web services, Service-Oriented Architecture, and Enterprise Service Bus. Bill is a visionary and resourceful problem-solver with demonstrated talent for quickly identifying and resolving complex challenges. Bill is currently Chairman of TechAmerica’s committee on Public Sector Cloud Computing, which focuses on standards development, Certification and Accreditation, and government-wide adoption of cloud computing services.

Paul Petefish

Security Consulting Services, Solutionary, Inc.

Paul Petefish is a Security Consultant for Solutionary, Inc., and has spent the past seven years of his life immersed in IT security. He regularly performs internal/external penetration assessments, web application security assessments, security architecture reviews, and wireless access testing across all major industries. Paul is also responsible for penetration testing and web application security assessment methodology development and maintenance.

Paul was one of the contributors to the Open Web Application Security Project (OWASP) 2010 Top 10 Most Critical Web Application Security Risks, released in November 2009. He has also spoken at a number of information security conferences and groups including NebraskaCERT’s Cyber Security Forum, OWASP Chicago, and the Computer Security Institute’s (CSI) annual conference.

Julio Graziano Pontes

Service Manager, True Access Consulting S.A.

Professional with more than 10 years of experience in information security solutions design and implemantation, Julio has been managing and promoting information security practices in areas such as Information Security Architecture, Identity Management, Security Operations Center and IT-GRC.

Julio believes that to enable business to embrace the Internet while protecting valuable company information, the industry needs new IT security models and initiatives like CSA, are driving and influencing the development of secure architectures, technology solutions, and implementation approaches to enable safe, secure collaborative inter-working between enterprises, business partners, customers and suppliers.

Keith Prabhu

Executive Director, Confidis

Keith has over 14 years of work experience, in the areas of Information Technology, Business Continuity and Risk Management. His earlier experience has been with KPMG, Deloitte, HSBC Software, Arthur Andersen and HCL Infosystems. He has worked extensively in the IT Security and BCM space with private and public agencies including the Reserve Bank of India, Mumbai Police and BMC.

Keith is a Master of Business (Australia) from Victoria University, Melbourne, Australia. He is a Certified Information Systems Security Professional (‘CISSP’), Certified Information Systems Auditor (‘CISA’), Certificate of Cloud Security Knowledge (‘CCSK’) and Member of Business Continuity Institute of UK (‘MBCI’).

Martin Pueblas, CCIE, CISSP, MBA, CCSK

Lead Security Architect, VCE (venture of Cisco, EMC and VMware)

Martin is a professional with over eighteen years of experience in the information security and networking industries. In his role as Lead Security Architect, Martin oversees the security aspects of the VCE’s Vblock Infrastructure Packages. Prior to joining VCE, Martin was a Technical Leader at Cisco, where he led a number of security initiatives including the new Cisco SAFE Architecture. During his thirteen-year tenure at Cisco, Martin held a variety of technical positions in engineering, marketing and customer support. He authored a number of white papers, presented at industry conferences, and engaged with customers around the globe. Martin’s technology contributions include a technology patent and the definition of the VPN load-balancing feature used on IOS platforms and the Cisco Content Switching Module. Martin also authored the security chapters of the Cisco Press book titled “Data Center Fundamentals” (ISBN: 1587050234).

Rajeev R

Technical Lead, Ernst & Young Global Shared Services,Technopark

Rajeev is part of Infrastructure Management Group at Ernst & Young Global Shared Services,located at Technopark, Trivandrum, India. He holds a bachelor degree in Electronics & Communication Engineering with CCSK, CISSP, SSCP, RHCE, ITILv3, CCSA certifications.

He has 5+ years of experience in IT infrastructure design, Implementation, support and maintenance. His areas of expertise includes voice & video solutions, perimeter security & VPN,WAN acceleration solutions, datacenter management, IT security & compliance management, IT process management, DR/BCP and Cloud computing.

Archie Reed, CISSP, CCSK

HP Chief Technologist – Cloud Security

Archie Reed is HP Chief Technologist for Cloud Security. He is a 20 year experienced manager and technologist, offering a wide range of leadership, architecture, product, R&D and implementation experience gained in high profile environments. Archie has worked to deliver both commercial and internal business solutions, as well as managed both engineering and corporate development for hosted (150M+ user) multi-tenant (10K+) service provider. Archie has been an Industry advisor for multiple organizations, including Digital ID World (2003-8), Identity Engines (2005-8), and OASIS (DSML, XACAML). Archie is a regular speaker at executive events, conferences and analyst meetings on topics including Security, Privacy, Cloud Computing, Identity Management and Business Technology Optimization. Archie is a published author including “The Definitive Guide to Identity Management” (Realtime Publishers 2003), “Migrating to Windows 2000 and Exchange 2000” (Realtime Publishers, 2001), and “Implementing Directory Services” McGraw Hill (2000), alongside many white-papers and magazine articles. Archie has a new book “Silver Clouds, Dark Linings – A Concise Guide to Cloud Services”.

Jean-Yann Riviere

Cybersecurity Architect, CISSP, CISM, CRISC, CCSK, OSCP, Investissement Québec, Canada

After a Master’s degree in IT engineering specialized in IT security, i worked on securing IT projects for French governmental entities and also for large international companies. I have extensive experiences on traditional IT security, from the data security to the security governance. I also have experience on SaaS security as i have worked as security consultant for a large company in the adoption of the Google Apps service in a secure way.

Mike Rósa

Principal Sales Engineer,

Mike has been selling cloud solutions since 2005 and CRM since 1997. After finishing B-school in 1992, he started his professional career working in R&D. As the product matured, he went into the field and has been there ever since. Mike has 14 years of public sector pre-sales experience. After opening Storage Computer’s federal office, he moved over into software. Mike was Clarify’s first dedicated public sector pre-sales engineer and years later, a key member of Siebel’s fledgling public sector team. Weeks before the Oracle acquisition, Mike moved over to, as their first public sector sales engineer. As a security specialist, Mike supports the public sector team, selling cloud solutions into Federal, State, and Local Governments.

Ronald F. del Rosario

Technical Account Manager & VoIP Engineer, Five9 Inc.

Ten years of combined Information Technology (IT) experience; working for 6 years now in one of the pioneer Software-as-a-Service (SaaS) companies based in the Bay Area as a customer-facing VoIP Engineer and Technical Account Manager. Started as the “go-to-guy” in troubleshooting major connectivity and Quality of Service issues experienced by customers. Subject matter expert (SME) in Secure VoIP implementation and deployment for enterprise and strategic customers adhering to well-known Information Technology governance controls and mandates such as ISO/IEC27002, PCI-DSS, Sarbanes-Oxley Act and HIPAA.

Helps in creating security-related requirements, features and improvements in the development of a Java-based VoIP application. Ensuring adherence to secure coding standards and guidelines in the industry such as various Software Security Development Lifecycle (SDL) Models, the Open Web Application Security Project (OWASP) and National Institute of Standards and Technology (NIST) recommendations. A big fan of the free Metasploit Framework, Nessus, NMAP and Wireshark in accomplishing my daily tasks

Robert Rounsavall

Director for Secure Information Services, Terremark Worldwide, Inc.

Robert Rounsavall joined Terremark Worldwide, Inc. in January 2007 and is currently Director for Secure Information Services. Mr. Rounsavall works on commercial and federal projects and is recently spending much of his time on cloud computing, virtualization security, malware analysis, and memory forensics on Terremark’s Cisco UCS based IaaS platform. In his previous role he was responsible for designing the security architecture and building out the Security Operations Center for Terremark’s collocation, hosting, and cloud customers. He built and deployed the first Portable Security Operations Center which allows for full visibility into extremely large enterprise networks also known as SOC In A Box. Aside from his work at Terremark, Mr. Rounsavall is a Service Provider Subject Matter Expert for the Cloud Security Alliance. He is conducting research on incident response and notification in cloud environments. He is a published contributing author, has a patent pending for total network visibility, and has presented at a number of conferences including FIRST, Cloud Connect, and SANS. Prior to Terremark, Mr. Rounsavall was a product manager for a Security Information Event Management firm in South Florida and served as a Navy Chief Cryptologic Technician.

Saundra Kae Rubel, CIPP, CIPP/IT, CCSK, CHP, CHSS

Data Protection, Security and Privacy, currently with NetApp

Saundra has the distinction of being the first woman to be listed on the CCSK early adopter page. Involved in information technology for longer than she wants to admit, additionally she has over 10 years’ experience in implementing privacy management practices into business processes. She specializes in security and data protection issues and has served as a member of the California Office of Privacy Protection Task Force on California Information-Sharing Disclosures and Privacy Policy Statements. A member of CSA, IAPP, ISACA, ISACA, ITTC, ECFT, InfraGard and HTCIA, Ms. Rubel works with organizations to ensure their business practices meet international data protection regulations.

Rob Rudloff, CISSP, PMP, QSA

Managing Director for Security Consulting Services at Solutionary

Rob Rudloff is the Managing Director for Security Consulting Services at Solutionary. He leads strategic services development, oversees day to day project delivery, provides quality assurance on consulting deliverables, and manages the consulting team. Rob is a key member of Solutionary’s Healthcare Security Services team providing EMR monitoring solutions and HIPAA, HITECH, and HITRUST consulting services. Rob has over 16 years of professional IT and IT Security experience focused primarily on enterprise security consulting in the healthcare, financial and retail industries. Rob is a Certified Information Systems Security Professional (CISSP), certified Project Management Professional (PMP), and a Qualified Security Assessor (QSA).

Scott C. Sanchez

Chief Security Officer, ScaleUp Technologies

Scott C. Sanchez, CISSP is Chief Security Officer at ScaleUp Technologies and a frequent writer and speaker on the topic of secure cloud computing. Mr. Sanchez brings with him nearly 20 years of leadership experience managing global security and strategy programs for companies like Goldman Sachs and Bristol-Myers Squibb. Scott has also had success as an entrepreneur; having founded and profitably sold both a security consulting firm and a medical software company. Follow Scott on Twitter at @scottsanchez or on his blog

Clint M. Sand

Director, Security Strategy & Advisory, Symantec

Clint M. Sand is an Information Security professional with extensive experience in multiple security domains for over 15 years. In his current position at Symantec, he leads the Americas Security Strategy & Advisory organization which is the functional CTO office for Symantec’s Security Business Practice; a 500+ million dollar security business. In this role he is responsible for security thought leadership, best practice sharing, and regularly meets with Symantec customer CISO and Architect-level individuals to focus on understanding real-world IT security challenges to drive Symantec’s overall security direction.

Prior to coming to Symantec, Clint lead the security consulting practice for Siemens Business Services and held a CTO position for DTS, a consulting firm focused on information security. Clint is an active presenter and panelist at many international and regional Northeast security forums and conferences on subjects such as: Virtualization and Security, Cloud security, and Security Event/Information Management

Chirag Shah

Security Strategy & Risk Management Consultant, Accenture Services Pvt.Ltd

Chirag is an experienced Security Consultant within Accenture Technology Consulting. He has nearly 8.5 years of IT experience with a focus on designing and developing security solutions including solutions for clients in the financial, chemical & technology services domain. His area of expertise includes Identity and Access Management, Information Security Management, Infrastructure Security; Application Security & Risk Management .He holds a Bachelors degree in Computer Science and Security Certification like CISSP, CEH, ACC (Archer Certified Consultant) & QualysGuard Certified Professional. Chirag believes that the security in cloud offering has incredible opportunities for businesses today. CCSK will help to define a common body of knowledge and prepare the ground for a solid and robut cloud (security) understanding.


Security Consultant, Starcom Group Pty Limited

Sunil Sharma is an information security professional with more than fourteen years IT industry experience. His primary focus on security solutions and services for enterprise and government organisations spans more than ten years. In his current role, Sunil leads the information security consulting service for Starcom Group in Sydney. He is also responsible for building the Cloud Security Consulting service at Starcom, which will be provided for current and potential clients. Sunil is a subject matter expert on security risk assessments, security consulting, ISO 27001 and governance risk and compliance solutions. He holds B.S (Information Systems) and numerous certifications including CISSP, CISM, CISA, ISO 27001 LI, ITIL Foundation, STS (Control Compliance Suite and Symantec Security Information Manager), RCSE (Envision Technology), CCSA, CCNA and WCSE(Websense). Sunil also instructs the CISA review course at ISACA Sydney chapter, and is an active member of AISA (Australian Information Security Association).

Gaurav Sharma

Information Management Student, SPJAIN Institute of Management & Research, Mumbai INDIA

Gaurav has 5 years of work experience in Business Development and Pre Sales functions for IT solutions / Products & services. He has worked with companies like Wipro and CMC Limited and has handled telecom, defense and Government sectors at different times in his career. Currently he is doing his PG in information management (PGPM) from SPJIMR, India and is all set to return to the industry in January. He holds about 20+ certifications from Cisco, HP, Citrix, ITIL etc and CCSK will serve as an excellent recognition for his interest in cloud computing and managing its associated risks.

Thomas Shaw, Esq., Attorney at law, CPA, CRISC, CIPP, CISM, ERMP, CFF, CISA, CGEIT and CCSK

Information Law Practitioner

Thomas J. Shaw, Esq. is based in Tokyo, Japan and works with corporations in Asia and the U.S. on information law (data privacy, info security, e-discovery/litigation readiness), Internet law (cloud computing, intellectual property, e-commerce), international transactional law, compliance, information governance, and litigation and technology risk assessment and reduction. He is the editor and author of several American Bar Association technology law publications, including the Information Security & Privacy News and the EDDE Journal and the forthcoming book on global information security and privacy law for executives, lawyers and technologists. He can be reached via email at [email protected] and on the web at

Perminder Singh

Senior Consultant, Deloitte Consulting.

Perminder is a Sr. Consultant with 10 year of experience in Microsoft based technologies development in .NET platform. He has “First Class with Distinction” in Bachelor of Engineering in Telecommunication from Bangalore University, India in Sep 2001. Current working for New Mexico State’s Unemployment Insurance project and employed by Deloitte Consulting.Prior to coming to Deloitte he has worked with Cap Gemeni,Wipro,AOL and Tesco.

His current passion is Cloud computing and Working with MS Azure and Amazon Webservice framework. He has assisted his clients in leveraging technology and streamlining processes to support the strategic vision of the organization.He has excellent organizational and communication skills and can effectively communicate with multiple team configurations involving various partners, global teams and executive stakeholders, while resolving project issues, risks and conflicts among the stakeholders. He is known for building and maintaining strong customer relations and has been successful in attaining client satisfaction for all of the projects he has worked with.

Tajeshwar Singh

Enterprise Solutions Architect at HCL Technologies

Tajeshwar is an Enterprise Solutions Architect at HCL Technologies and heads the IT architecture & standards group. He is also member of a working group responsible for defining business strategies around cloud computing models at HCL. As part of his current responsibilities, he also works with HCL customers, helping them define their cloud computing strategies & enabling them to adopt cloud computing models.

He is currently holds certification in TOGAF and in the past has held various certifications in the field of Information Security, systems & networking.

Mark Stanislav

Senior Linux Systems Administrator, MNX Solutions

Mark is a Linux systems administrator with 9 years of diverse experience in small business, education, start-up, and corporate information technology. Mark’s passions are information security, scalable infrastructure, and server automation. He is currently finishing his Master’s degree in Network Security at Eastern Michigan University where he also teaches undergraduate Linux courses.

Michael Sutton

VP, Security Research, Zscaler

Michael Sutton has spent more than a decade in the security industry conducting leading-edge research, building teams of world-class researchers and educating others on a variety of security topics. As VP of Security Research, Michael heads Zscaler Labs, the research and development arm of the company. Zscaler Labs is responsible for researching emerging topics in web security and developing innovative security controls, which leverage the Zscaler in-the-cloud model. The team is comprised of researchers with a wealth of experience in the security industry.

Prior to joining Zscaler, Michael was the Security Evangelist for SPI Dynamics where, as an industry expert, he was responsible for researching, publishing and presenting on various security issues. In 2007, SPI Dynamics was acquired by Hewlett-Packard. Previously, Michael was a Research Director at iDefense where he led iDefense Labs, a team responsible for discovering and researching security vulnerabilities in a variety of technologies. iDefense was acquired by VeriSign in 2005. Michael is a frequent speaker at major information security conferences; he is regularly quoted by the media on various information security topics, has authored numerous articles and is the co-author of Fuzzing: Brute Force Vulnerability Discovery, an Addison-Wesley publication. Michael holds degrees from George Washington University and the University of Alberta.

Todd Thiemann

Sr. Director, Trend Micro

Todd is Trend Micro’s primary representative to the CSA and has been responsible for tracking cloud computing trends and establishing product strategies to secure data in public and private clouds. The CCSK enabled him to demonstrate knowledge across the spectrum of cloud security governance and operational domains.

David Torre

Owner, Atomic Fission

An information systems consultant with over 10 years of information technology experience, David has managed information security for both government agencies and well-known public companies. The ability to balance security and business is David’s strong suit, and the CCSK certification further strengthens this ability by providing a standardized and methodical approach to cloud computing risk assessments.

Allen Vance, CISSP

Senior Product Manager, SecureWorks, Inc.

Allen has 25 years of experience in software and systems development, operations, and information security, with organizations in the defense, telecommunications, infosec and semiconductor industries. His functional roles have included development, architecture, operations, manufacturing, strategic alliances/new business development, and product management.

At SecureWorks, he has product management responsibility for a variety of managed security services and for managing related partnerships. His educational background includes computer science and MBA degrees from Georgia Tech, a Green Belt in Lean/Six Sigma, and the CISSP and CCSK certifications. As an officer in the Georgia State Defense Force, he has earned US DoD certifications in DIACAP, Information Assurance, Anti-Terrorism Officer Levels I and II, and OPSEC; and the US DHS FEMA Emergency Management Institute Professional Development Certificate.

Carlos A. Villegas, CCSK

Solutions Consultant, Williams & Garcia LLC

Carlos was introduced to computer security in the mid 1990’s, and his interest and knowledge in the field started to grow from there on through his career in IT. He has knowledge in various aspects of security ranging from secure coding practices and common coding problems impacting security, as well as network, system, and other infrastructure elements and their issues, all the way to the human elements. Carlos currently works with Williams & Garcia, a boutique infrastructure and security consulting company based in Atlanta, GA

David Lilburn Watson, MSc, CISSP, CISA, CISM, CFE, CITP, FBCS

Principal Consultant, Business Compliance & Recovery Management Limited

David has over twenty five years information security experience. He began his career with British Telecom and, prior to becoming an independent consultant in 1989, was employed in the Computer Crime & Security Unit of the Investigation Department. Over the past twenty years, he has specialised in advising client businesses on risk management through effective information security, disaster recovery and business continuity planning.

Over the years, David has provided consultancy and information security training services to clients from a broad spectrum of industry; including the Financial Services Sector (Investment and High Street Banks, Insurance and Reinsurance Companies, Broking Houses); Petrochemical and Pharmaceutical Companies; Utilities and the Public Sector.

He is currently working in the GCC for a Central Bank and Regulator in the areas of information security and quality assurance for Electronic Bill Presentation and Payment (EBPP) systems countrywide.

Tony Weston

Chief Technology Officer, OneNet Limited

In 2003 Tony was appointed Chief Technology Officer of OneNet, and bears responsibility for directing and supporting all aspects of OneNet’s Technical operations and infrastructure, as well as providing leadership and assuming responsibility for technical staff, and ensuring OneNet’s technology continues to meet the highest standards.

James Wickett

Web Systems Engineer, National Instruments

James is a technologist in Austin, TX with a focus on Security and Cloud Computing. He works as a Web Systems Engineer at National Instruments and on a volunteer basis, he is the Vice President of the Austin OWASP Chapter. He holds a Bachelors degree in Management Information Systems from the University of Oklahoma and holds the following certifications: CISSP (Certified Information Systems Security Professional), GCFW (GIAC Certified Firewall Analyst), CCSK (Certificate of Cloud Security Knowledge). Currently, he is excited about the DevOps movement and cloud computing security. You can usually find him online at or at his blog at

Franklin Witter, MBA, CISM, CISSP, Six Sigma Green Belt, CCSK

Security Business Practice | Symantec Corporation

Franklin is a Sr. Lead Security Principal for Symantec Corporation. Franklin has over 15 years of experience and expertise in the areas of Security Strategy, Architecture, Risk Management, Governance and Compliance, Process Improvement, and Security Operations across a wide range of industries such as Insurance, Banking, Finance, Government, and E-Commerce. Franklin has built world-class security teams and programs, provided executive security leadership and cultivated cross-organization support for information security initiatives.

As a Security Principal, Franklin provides key leadership and direction for Symantec’s Security Program Assessment (SSPA) service and serves as a trusted advisor to information security executives across a variety of industries. His responsibilities range from providing guidance for security strategy and direction, governance and compliance, industry security trends and threat landscape evolution, best practices to security executives, business leaders, and IT executives and management to large enterprise customers. Franklin holds an MBA from Auburn University, a BA from Southwest Baptist University, and several industry certifications including CISSP Certification from ISC2 and CISM certification from ISACA. In 2009, Franklin won the ISACA Geographic Excellence Award for North America.