- March 16-17, 2010
- Majestic Hotel and Spa
- Passeig de Gràcia, 68
- Barcelona, Spain
Thank you for attending SecureCloud 2010!
SecureCloud 2010 Presentations
Download here (updated 23 Mar, missing Philippe Courtot, Dave Cullinane and Pamela Harbour speech transcript. Will update site when received)
About SecureCloud 2010
SecureCloud 2010 is a premier educational and networking event hosted by the European Network and Information Security Agency, the Cloud Security Alliance and ISACA, three of the leading organizations shaping the future of Cloud Computing Security. It is the first event to focus specifically on state of the art practices to promote security, privacy and trust within cloud computing from technical, assurance and governance perspectives. This event is a unique opportunity not only to learn, but to make important global contacts and participate in interactive strategy sessions
January 26, 2010: We are pleased to have the IEEE joining us as a conference organizer, leading our cloud standards discussions
SecureCloud 2010 will feature presentations by thought leaders from industry, academia and government, including keynote speeches by Pamela Jones Harbour, Commissioner, US Federal Trade Commission; Dave Cullinane, CISO at eBay, Inc., and Chairman of the Board of the CSA, and Dr Udo Helmbrecht, Executive Director of ENISA.
Day 1, March 16
|8:45 – 9:30||Registration|
|9:30 – 10:10||Keynote Speaker: Dr Udo Helmbrecht, Executive Director of ENISA.|
|10:15 – 11:15||Track One: Alexander Seger (Council of Europe) - Security and Data Protection in the Cloud
Vishal Khera (US Federal Reserve Bank) - Planning for Cloud Implementations
|Track Two: Phil Dunkelberger (PGP Corporation) - 40 Years of Cloud Computing
Dominik Birk and Dr. Christoph Wegener (Horst Goertz Institute for IT Security) - Forensics 2.0: Challenges in the Cloud
|11:15 – 11:30||Coffee Break|
|11:30 – 12:00||Track One: Wendy Goucher (Idrach Ltd) - In the cloud, out of mind: The challenge of caring about virtual data||Track Two: Ajit Jaokar (Futuretext) - Mobile Cloud Computing: Issues and Risks from a Security Privacy Perspective|
|12:05 – 13:00||Track One: Panel - Cloud Legal Issues - Moderated by Dov Yoran (MetroSITE Group), Carolyn Herzog (Symantec), Cynthia O'Donoghue (Reed Smith, LLP), Paolo Balboni, (Baker & McKenzie), David Snead (attorney and counselor)||Track Two: Panel - Data Assurance - Moderated by Ramsés Gallego (Entel), Nadeem Bukhari (Kinamik), Gorka Sadowski (LogLogic), Phil Dunkelberger (PGP Corporation)|
|13:00 – 14:15||Lunch|
|14:15 – 14:55||Track One: Bernd Grobauer (Siemens CERT) - Towards a Cloud Specific Risk Analysis Framework||Track Two: Joram Borenstein (RSA) - Fighting Fraud from the Cloud: Metrics War-Stories from the Past 5 Years
|15:00 – 15:45||Track One: Cloud Security Alliance Metrics Working Group - Overview of CSA Metrics Framework - Lynn Terwoerds (Cloud Security Alliance), Caroline Wong (eBay), Betsy Nichols (PlexLogic LLC)||Track Two: Thomas Schreck (Siemens AG) - Towards Incident Handling in the Cloud: Challenges and Approaches|
|15:45 – 16:00||Coffee Break|
|16:00 – 17:25||Track One: Panel Government Uses of Cloud - Moderated by Giles Hogben (ENISA), Ben Katsumi (IPA), Marcos Gómez, (Inteco), Kim Jongpyo (KISA), Tim Grance (NIST)||Track Two: Jesus Molina (Fujitsu Laboratories of America) - Practical Applications of Trusted Computing in the Cloud|
|17:30 – 18:00||Keynote Speaker: Philippe Courtot, CEO, Qualys|
|18:00 – 18:30||Track Two: Michael Sutton (Zscaler) - CSA Top Threats Research|
Day 2, March 17
|9:30 – 10:10||Keynote Speaker: Pamela Jones Harbour, Commissioner, US Federal Trade Commission|
|10:15 – 11:00||Track One: Randolph Barr (Qualys) - How to Gain Comfort in Losing Control in the Cloud||Track Two: Lior Cohen (Juniper Networks) - Securing the Cloud Infrastructure: A Network Centric Approach|
|11:00 – 11:15||Coffee Break|
|11:15 – 12:15||Track One: IEEE Panel - Better Cloud Living through Standards - Moderated by John Viega (McAfee), Tim Grance (NIST), Gianluca D'Antonio (ISMS)||Track Two: Panel - Identity Management in the Cloud - Moderated by Jesús Luna (Barcelona Digital Technology Centre), Tobias Dussa (KIT-CERT), Kurt Anderson (Pfizer), Marcus Lasance (Verizon)|
|12:20 – 13:00||Track One: Marc Andersen (Danish National IT Telecommunications Agency) - Avoiding Governmental Mist in Cloud Computing - Designing for ICT-Security and Privacy||Track Two: Maryann Hondo (IBM WebSphere Technology Institute) - Securing Inter-Cloud Communication|
|13:00 – 14:15||Lunch|
|14:15 – 14:40||Track One: Eijiroh Ohki (Kogakuin University) - Possible direction of Cloud Service Certification and Assurance||Track Two: Craig Balding (CloudSecurity.org) - Skylab: How To Create A Simple Security Test Lab With No Hardware|
|14:45 – 15:45||Track One: Panel - Emerging framework for Assurance and Certification - Moderated by Daniele Catteddu (ENISA), Raj Samani (ISSA), Eijiroh Ohki (Kogakuin University), Rolf vom Stein (Jester Secure iT), Adrian Seccombe (Jericho Forum)||Track Two: Theo Dimitrakos (BT) - Virtual Hosting on Federated Clouds|
|15:45 – 16:00||Coffee Break|
|16:00 – 17:25||Panel: Cloud Providers - Moderated by Nils Puhlmann (Zynga), Peter Dickman (Google), Matt Broda (Microsoft), Carl Moses (Amazon)|
|17:30 – 18:00||Keynote Speaker: Dave Cullinane, CISO, eBay, Inc.|
SecureCloud 2010 Speakers
Dr Udo Helmbrecht, Executive Director, ENISA
Dr Udo Helmbrecht was born in 1955, Castrop-Rauxel, North Rhine-Westphalia, Germany. He has more than 30 years of professional, management experience in the IT sector.
His experience has been gained in various sectors of society. This includes e.g. energy industry, insurance company engineering, aviation, defence, and space industry, before becoming President of BSI in 2003. Prior to that, Dr Helmbrecht was Director Information Processing (CIO) at Bayerische Versorgungskammer in Munich, Germany
Pamela Jones Harbour, Commissioner, US Federal Trade Commission
Pamela Jones Harbour, an independent, was sworn in as a Commissioner of the Federal Trade Commission August 4, 2003.
Ms. Harbour joins the FTC from Kaye Scholer LLP where she served as a partner in the litigation department handling antitrust matters. She counseled clients on Internet privacy, e-commerce, consumer protection, and a variety of competition-related matters. Prior to joining Kaye Scholer, Ms. Harbour was New York State Deputy Attorney General and Chief of the Office’s 150-attorney Public Advocacy Division. During her 11-year term in the Attorney General’s office, she argued before the United States Supreme Court on behalf of 35 states in State Oil v. Khan, a landmark price-fixing case. She also successfully represented numerous states in New York v. Reebok, States v. Keds, and States v. Mitsubishi, each resulting in multimillion-dollar national consumer settlements. Among her most notable antitrust cases were New York v. May Department Stores, a successful anti-merger challenge, and States v. Primestar Partners, a consent judgment culminating a four-year multistate investigation of the cable television industry.
Dave Cullinane, CISO, eBay
Dave Cullinane is the CISO for eBay. Prior to joining eBay, Dave was the CISO for Washington Mutual. Prior to Washington Mutual, Dave was a Senior Consultant for nCipher, Inc.; the Director of Information Security for Sun Life of Canada's U.S. operations and helped create Digital Equipment Corporation's Security Consulting Practice.
Dave is the Chairman of the Board of the Cloud Security Alliance. Dave is a Charter Member of the Alliance for Enterprise Security Risk Management (AESRM) – an alliance of security professional associations dedicated to advancing the Profession. He is the current Past International President of the Information Systems Security Association (ISSA); and a Charter Member of the Global Council of Chief Security Officers. He serves on ASIS International's Information Technology Security Committee (ITSC) and is on the Editorial Advisory Board of CSO Magazine and SC Magazine. He was nominated for Information Security Executive of the Year for 2004 and 2005 and awarded SC Magazine's Global Award as Chief Security Officer of the Year for 2005. He was awarded CSO Magazine’s 2006 Compass Award as a "Visionary Leader of the Security Profession".
Philippe Courtot, Chairman and CEO, Qualys
Demonstrating a unique mix of technical vision, marketing and business acumen, Philippe Courtot has repeatedly built innovative companies into industry leaders. As CEO of Qualys, Philippe has worked with thousands of companies to improve their network security. Philippe received the SC Magazine Editor's Award for bringing on demand technology to the network security industry and for co-founding the CSO Interchange to provide a forum for sharing information in the security industry.
Before joining Qualys, Philippe was the Chairman and CEO of Signio, an electronic payment start-up that he repositioned to become a significant e-commerce player. In February 2000, VeriSign acquired Signio for more than a billion dollars. Today, VeriSign's payment division, based on the Signio technology, handles 30% of electronic transaction in the U.S., processing $100-million in daily sales. Prior to Signio, Philippe was President and CEO of Verity, where he re-engineered the company to become the leader in enterprise knowledge retrieval solutions. Under Philippe's direction, the company completed its initial public offering in November 1995. Philippe also turned an unknown company of 12 people, cc:Mail, into the dominant e-mail platform provider, achieving a 40% market share while competing directly against IBM and Microsoft. Acknowledging the market leading position of cc:Mail and the significance of e-mail in corporate environments, Lotus acquired the company in 1991.
Phil Dunkelberger, CEO, PGP Corporation
Phil Dunkelberger has extensive technology and security industry expertise. He served as CEO of PGP Inc., the original PGP software startup, and as vice president of sales at Symantec Corporation. He also served as COO of Vantive Corporation, a vendor of enterprise customer relationship management (CRM) software products and as president and CEO of Embark, a SaaS based college recruitment and admissions software company. Most recently, Dunkelberger served as Entrepreneur-In-Residence at DCM. He serves on the TechNet CEO Cybersecurity Task Force. He is a founding board member of the Cyber Security Industry Alliance (CSIA) and currently serves as the Chairman of the Cybersecurity CxO Council, within TechAmerica. Dunkelberger has a BA in Political Science from Westmont College.
Alexander Seger, Head of Economic Crime Division, Council of Europe
Alexander Seger has been with the Council of Europe (Strasbourg, France) since 1999. He is currently the Head of Economic Crime Division and responsible for the Council of Europe’s cooperation programmes against cybercrime, corruption, money laundering and trafficking in human beings (www.coe.int/economiccrime). From 1989 to 1998 he was with what now is the United Nations Office on Drugs and Crime in Vienna (Austria), Laos and Pakistan and a consultant for German Technical Cooperation (GTZ) in drug control matters. Alexander Seger is from Germany and holds a PhD in political science, law and social anthropology after studies in Heidelberg, Bordeaux and Bonn.
The Council of Europe (www.coe.int) was founded in 1949 and now comprises 47 European countries. Its primary purpose is to promote human rights, democracy and the rule of law. On the basis of these fundamental values, the Council of Europe tries to find shared solutions to major problems such as terrorism, organised crime and corruption, cybercrime, bioethics and cloning, violence against children and women, and trafficking in human beings. International co-operation is the only way to solve the major problems facing society today. While its more than 200 treaties and protocols are aimed at the 47 member states, some important treaties - such as the Convention on Cybercrime - are open for accession by other countries (www.coe.int/cybercrime).
Nils Puhlmann, Chief Security Officer Zynga Game Network
Nils Puhlmann is the Chief Security Officer for Zynga Game Network, the largest social game provider. At Zynga, Puhlmann is leading a converged security department managing all security risks for the company and chairing the Security Risk Committee.
Nils Puhlmann is also the Co-Founder and a member of the Board of the Cloud Security Alliance, a community of over 6,000 security professionals with the goal to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.
Raj Samani, Vice President for Communications, ISSA UK Chapter
Raj is an active member of the Information Security industry, through involvement with numerous initiatives to improve the awareness and application of security. He is currently working as CISO for a large public sector organisation in the UK, having previously worked for and within some of the largest private and public sector organisations in the world.
In addition, Raj is currently the Vice President for Communications in the ISSA UK Chapter, having previously established the UK mentoring programme. He is also on the advisory council for the Infosecurity Europe show, Infosecurity Magazine, and expert on both searchsecurity.co.uk, and infosec portal. He has had numerous security papers published, and appeared on television (ITV and More4). As well as providing assistance in the 2006 RSA Wireless Security Survey and part of the consultation committee for the RIPA Bill (Part 3).
Next to his work Raj has also obtained: CESG Listed Advisor Scheme, (CLAS), Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Microsoft Certified Systems Engineer (MCSE – in NT4, Win2k, Win2003), Check Point Certified Security Administrator (CCSA in NG and 4.1), Check Point Certified Security Expert (CCSE - NG), Citrix Certified Administrator (CCA), QualysGuard Certified, RSA Certified Systems Engineer (SecurID), Cisco Certified Network Administrator (CCNA), as well as a BA (Hons), and MSc.
Nadeem Bukhari CISSP, CISM, VP of Product Strategy, Kinamik Data Integrity
Nadeem has more than 12 years of exclusive experience within the Information Security Industry 8 of which were spent within the management consulting firms of Ernst and Young and Deloitte. Subsequently he has provided strategic information security and risk management consultancy to global blue chip organizations and has held a senior positions within high technology software start-ups.
He is a graduate in Information Technology Security from the University of Westminster, a CISSP and CISM.
Gianluca D'Antonio, CISO FCC Group
Gianluca is Chief Information Security Officer at FCC Group, the parent company of one of Spain's leading construction and service groups. FCC belongs to the Ibex-35 index, which tracks the 35 most important companies on the Spanish Stock Market (www.fcc.es). He’s Founder Member and Chair of the Spanish Association for the Advancement of Information Security (www.ismsforum.es), a not-for-profit organization founded in January 2007, to foster the improvement of Information Security in Spain. ISMS Forum Spain is the Spanish Chapter of the ISMS International User Group (IUG). Member of the Permanent Stakeholders’ Group (PSG) at European Network and Information Security Agency (ENISA). He holds more than 10 years of experience in the field of Information Security Management Systems.
Marcos Gómez, Inteco
Marcos Gómez Hidalgo, 37 years old, Bachelor of Science in Mathematics of the University Complutense of Madrid. He has held different positions of responsibility in Sema Group and Atos Origin. He Worked in Red.es of the Spanish Ministry of Industry, Tourism and Trade, as the person responsible for the Information Systems and the Early Alert Centre of Virus and Information Security. Currently is the Deputy Director of Programmes of INTECO, National Institute of Communication Technologies, depending on the Spanish Ministry of Industry, Tourism and Trade. He manages the line of e-Trust (electronic trust) set by the Plan Avanza, the line that involves among others the services of the IT Incidents Response Centre (INTECO-CERT), the Security Helpdesk for the Internet Users and the Security Show-Room. He is CISA (ISACA) and expert in ISMS.
Since February 2010, Marcos Gómez Hidalgo is a Member of the ENISA Permanent Stakeholders’ Group (PSG). The PSG is composed of 30 high level experts who have been appointed by the Executive Director of ENISA to serve as a sounding board for all relevant stakeholders on issues concerning network and information security. He has also worked as a lecturer of informatics engineering in the University Camilo José Cela of the educational institution SEK, and in various seminars, postgraduate and master courses in the field of information security.
Craig Balding, CloudSecurity.org
Craig Balding is an IT Security Practitioner at a fast paced banking and finance Fortune 500 where he leads a global team of technical security specialists.
He has a decade of hands-on IT Security experience, with over 15 years in the IT industry. He is co-author of “Maximum Security: A Hackers Guide to Protecting Your Network”, CISSP and CISA certified and a British Computing Society Chartered IT Professional (MBCS CITP). He specialises in penetration testing, incident response, forensics, UNIX/Linux and ORACLE security.
Craig founded cloudsecurity.org where he blogs about Cloud Computing and Security. He is frequently asked to comment on Cloud Security issues for both IT and mainstream media (e.g. NPR, BBC). He has presented at Black Hat Europe, eCrime London, the World Cloud Computing Summit, Brucon and RSA Europe.
Angelo Marino, European Commission
Angelo Marino is graduated in computer science at the University of Pisa and obtained his MBA in global ICT management at UBI in Brussels. He worked for 12 years in the private and public sectors covering various roles in the area of software engineering and computer security. In 2002 he joined the European Commission services in the area of software technologies within ICT research programmes.
From March 2004 he is within the unit Trust & Security (ICT Theme) and his main area of activity covers secure, resilient and dependable Complex Information Infrastructure.
Kim Jongpyo, KISA
Kim Jongpyo is Manager of Cloud Computing for the Korean Information & Security Agency, which is exclusively responsible for the revilalizaion of internet services. IP address resource management, dealing with hacking, personal information infringement, responses against illegal spam, and supporting overseas expansions.
He has also been an active member of ITU-T SG17 Q.12 & ISO/IEC JTC1 SC6 WG9 for ASN.1 & RFID Standards.
Adrian Seccombe, Jericho Forum
Adrian Seccombe is a board member of the Jericho Forum and recently retired as Chief Information Security Officer & Senior Enterprise Architect of Eli Lilly and Company. Adrian Seccombe is an Information Technology Leader, with extensive knowledge and practical experience in various I.T., Strategy & Quality Management positions in the United Kingdom, France, and the U.S.A. Originally an electronic engineer with Ferranti Military Systems Division, Adrian then moved to I.T.T. Business Systems Division, before joining Eli Lilly, an international pharmaceutical company, in 1980 as a Telecommunications Analyst.
As Manager of Telecom & Technology Development, Adrian relocated with his family to work at the Lilly headquarters in Indianapolis, Indiana. Then after 4 years, in various management positions, including IT Strategy Manager, he moved to become the IT Director for Lilly ( France ).
Ben Katsumi, IPA
Ben T. Katsumi is the Researcher IT Security Center, IPA & President and CEO, Information Economy Research Institute. Ben has 15 years of experience in cybersecurity specializing in marketing, market analysis, social and international studies, and security management and governance. His career includes 5 years at IPA as visiting researcher (2005 thru 2010), director at Symantec Japan (2001 thru 2004), consultant at several Japanese firms including Ricoh's affiliated company (2004 until now), sales and marketing manager at Nissin Electric.
Ben is also active in Japan Network Security Association and Japan Information Security Audit Association. A member of Japan Society of Security Mangement and Institute of Digital Forensics. Bachelor digrees in Liberal Arts and Economy from Kyoto University in 1973 and 1975. CISA, ISMS provisional Auditor, Information Security Associate Auditor, Certified information Secuirty Administrator.
Theo Dimitrakos, BT Innovation and Design
Dr Theo Dimitrakos is the Head of Security Architectures at the Security Futures Practice, BT Innovation and Design. He has over fifteen years of research and innovation experience in a wide range of topics relating to Security for Cloud Computing, Identity and Access Management, Service Oriented Architecture (SOA), Web Services and Grid Computing. He also has strong academic background in security risk analysis, formal modelling and applications of semantics and logic in computer science.
Theo has been the scientific coordinator / technical director of the European research projects including BEinGRID (www.beingrid.eu) the largest collaborative research investment in Europe on IT for Business. He is the chair of the IFIP working group on Trust Management (www.ifip.org), an intercontinental community of experts in trust and reputation systems and has been a member of expert advisory groups of UK and European agencies. He has been also steering the product development roadmaps of innovative SMEs in Europe and North America.
Paolo Balboni, Baker & McKenzie
Paolo Balboni is an Associate Lawyer of the ICT/IP Department at Baker & McKenzie (Milan) and Fellow of the European Privacy Association. In 2009 he was selected as legal expert for the working group on Cloud Computing Risk Assessment formed by ENISA (the European Network and Information Security Agency) and he co-authored the related report: Cloud Computing: Benefits, Risks and Recommendations for Information Security. Author of the book “Trustmarks in E-commerce”, he is Research Associate at Tilburg University where he teaches the Master’s course “Liability of Web 2.0 Service Providers”. Paolo Balboni is regularly involved in European Commission Projects related to ICT. He obtained his Law Degree from the University of Bologna and earned a Ph.D. in ICT Comparative Law from Tilburg University. Paolo Balboni is fluent in Italian, English, and Dutch and speaks also German, French and Spanish. More info at: www.paolobalboni.eu.
Wendy Goucher, Idrach Ltd
Wendy Goucher is the Security Empowerment Consultant at Idrach Limited which is a small information security consultancy based in Scotland. She has a background in Social Science and a first career as a management lecturer before she took up a career in information security nearly 4 years ago. Current customers include UK government contractors and large organizations within the finance sector. She also has a monthly column in Computer Fraud and Security Magazine and is part of the Security Culture Project Team for ISACA.
Wendy is also working on a research PhD with Glasgow University that marries her interest in the operational and behavioural aspects of information security with technical solutions.
Jesus Molina, Fujitsu Laboratories of America
Dr. Jesus Molina is a security researcher at Fujitsu Laboratories of America, at the Trusted System Integration Group (TSIG). He is also a founding chair of the authentication working group at the trusted computing group (TCG), where he has been contributing since 2002. His role at Fujitsu Laboratories of America is on the integration of trustworthy technologies into the cloud security ecosystem. As part of these activities he collaborates with members of the RAD lab at the University of California, Berkeley, and with researchers at Palo Alto Research Center (PARC) on technologies in trusted computing and computation-supporting encryption meant to alleviate security concerns in the cloud.
Dr. Molina was the instructor of a graduate course on trustworthy computing at the University of Maryland, and prior to that, he worked in a variety of research projects at the MISSL lab at the University of Maryland, creating patents on hardware auditors for storage and memory. He was also the maintainer of the open source emulator for the trusted platform module, and contributed to other projects related to trustworthy computing. His current research interests include cloud security, trustworthy computing and virtualization. Dr. Molina earned a Ph.D. in Computer Engineering and M.S.
Dominik Birk, Horst Görtz Institute
Dominik Birk is an IT security research assistant at the Horst Görtz Institute for IT Security (HGI) in Bochum, Germany. He currently works in the fields of Cloud Computing Security, Social Network Privacy and Web Security.
Ajit Jaokar, FutureText
Ajit Jaokar is the founder of the London based publishing and research company futuretext (www.futuretext.com) focused on emerging Web and Mobile technologies -including Web 2.0 and Mobile Web 2.0. In 2009-2010, Ajit was nominated as part of the Global Agenda Council on the Future of the Internet by the world economic forum. He hopes to use this opportunity to further extend the pragmatic viewpoint of the evolution of Telecoms networks in an open ecosystem. Ajit is best known for his books Mobile Web 2.0, Social Media Marketing. Two new books ('Open Mobile' and ‘Implementing Mobile Web 2.0’) are being released in 2009. His consulting activities include working with companies to define value propositions across the device, network, Web and Social networking stack spanning both technology and strategy. He has worked with a range of commercial and government organizations globally including The European Union, Telecoms Operators, Device manufacturers, social networking companies and security companies in various strategic and visionary roles.
Ajit chairs Oxford University's Next generation mobile applications panel and conducts a course on Web 2.0, Social networking, Mobile Web 2.0 and LTE services at Oxford University.
Gorka Sadowski, LogLogic
Gorka is involved in all technical and technology-related activities for end-clients and partners in the region of Southern Europe. He is an expert in risk management methodologies and in the use of technology in business processes of large enterprises. Before LogLogic, Gorka was Director of the Security Group for Unisys France, where he managed a team of consultants in security advisory, and was in charge of project management in the integration of complex solutions for global CAC40 corporations.
Gorka spent 15 years in the USA, where he was Director of Emerging Technologies at NetScreen in the Silicon Valley. There, he was in charge of the strategy for technologies that complement NetScreen’s main focus. Gorka also held the position of Director of the Security Group for CTP, a software development firm specialized in the design and implementation of clientserver applications to automate business processes of the largest American companies.
Joram Borenstein, RSA Security
Joram Borenstein is a leading expert in financial crime fraud, identity protection, and authentication, having worked extensively with many of the world’s largest financial institutions to mitigate their fraud losses.
He has instructed FDIC, OCC, OTS, Federal Reserve, and NCUA examiners and his comments have appeared in The New York Times, The Washington Post, American Banker, SC Magazine, Digital Transactions Magazine, The Credit Union Journal, Bank Info Security, IT Pro (Japan), and Enterprise Watch (Japan).
Bernd Grobauer, Siemens CERT
Dr. Bernd Grobauer is a Senior Consultant with Siemens CERT, one of the leading industrial CERTs in Europe. He received an M.Sc. degree in computer science in 1997 from the Munich University of Technology, Germany, and a Ph.D. degree from Aarhus Universitiy, Denmark. When joining Siemens CERT in March 2002, Bernd Grobauer turned his attention from program verification and program transformation -- topics relevant for research towards more dependable systems -- to IT security. Bernd Grobauer leads the research activities of the Siemens CERT services team (topics of which are incident detection handling, malware defense, cloud computing security, etc.) and acts as security consultant regarding security governance topics such as risk management, security architectures, etc.
Bernd Grobauer currently serves on the membership advisory committee of the International Information Integrity Institute (I4, https:i4online.com).
Caroline Wong, eBay
Caroline Wong, CISSP, is the Chief of Staff for the Global Information Security Team at eBay. She has developed eBay's security metrics program from the ground up and has contributed to several industry events and projects, including a speaking on a panel at RSA on Security Metrics and contributing to the CIS Consensus Metrics definitions.
Caroline is currently writing a Beginner's Guide to Security Metrics with McGraw-Hill. Caroline is a member of ISSA and the Executive Women's Forum.
Lynn Terwoerds, Cloud Security Alliance
Lynn Terwoerds has more than 18 years experience in information systems, over half of which has been in information security. She has worked both as a practitioner and a vendor, most recently as Head of Security Architecture, Standards and Infrastructure Engineering for Barclays Bank and prior to that working at Microsoft Corporation for over 8 years in security response and as a Senior Strategist in the Trustworthy Computing group.
Currently, Lynn is focused on cloud security and is an advisor to the MashSSL Alliance.
Betsy Nichols, PlexLogic LLC
Betsy Nichols is the CTO and Co-Founder of PlexLogic LLC which offers a Metrics-On-Demand service called MetricsCenter. Betsy is also the principal author of MetricsML. MetricsCenter implements both a for-profit security metrics web site at www.metricscenter.net as well as an open and free public resource for security metrics at www.MetricsCenter.org. MetricsML is an open, web services-based framework for creating, collaborating, and sharing metric definitions and data.
Betsy is an active participant in many public, community and private enterprise security metrics projects in addition to helping initiate the CSA Metrics working group.
Thomas Schreck, Siemens CERT
Thomas Schreck is a Consultant with Siemens CERT, one of the leading industrial CERTs in Europe. He received an diploma degree in computer science in 2007 from the University of Applied Sciences Landshut, Germany. He joined Siemens CERT in 2007 to work as a IT Security Analyst with the main focus on UNIXLinux Security. His main research activities are the improving of the incident handling process and the enhancement of the current digital forensic capabilities.
He also worked on several IT Security related topics within the IETF and contributed to several Internet Drafts.
Lior Cohen, Juniper Networks
As a Sr. Solutions Architect and Manager at Juniper Networks, Lior Cohen is responsible for developing reference architectures and best practices utilizing Juniper products. He has been designing and building datacenter networks and security solutions for over a decade and has helped several Fortune 500 companies develop risk mitigation strategies and implement datacenter network & security infrastructure solutions. Prior to joining Juniper, Lior was Chief Technology Officer for a privately held information security consulting firm where he led multi-national consulting and auditing engagements for the financial services and real estate sectors. He also filled various roles at Check Point Software, including leading the company's Solutions Center. Lior holds a Bachelor's degree in Economics and Information Systems from Tel-Aviv University.
Eijiroh Ohki, Kogakuin University
Eijiroh Ohki is a professor of Faculty of Informatics at Kogakuin University. Ohki was previously CISO of IBM Business Consulting Services K.K. and was a member of IBM Academy of Technology, and IBM Distinguished Engineer. Ohki is one of the core members of METI sponsored industry-government-academia study group for years.
He is also vice-president of Japan Society of Security Management
Tobias Dussa, University of Karlsruhe
Tobias Dussa has studied Computer Sciences at the University of Karlsruhe. He received a diploma degnee with a specialization in Computer Networks and IT Security as well as Particle Physics and Data Analysis. For his diploma thesis, he has worked on authentication mechanisms in grid computing. After finishing his degree, he has worked as a systems architect and systems administrator of several high-performance compute clusters at the Scientific Supercomputing Centre Karlsruhe. He later moved on to become the backup leader of the CERT of the newly-founded Karlsruhe Institute of Technology.
He is working on security aspects of various research projects within grid and cloud as well as traditional high-performance computing, the most current projects being OpenCirrus and the HPC cluster management project KITE.
Kurt Anderson, Pfizer
Kurt Anderson is responsible for the Business Technology systems that support Global Operations at Pfizer. Kurt was instrumental in deploying Smart Card technology, allowing for digital signature, remote authentication, as well as physical and logical access. Kurt is also responsible for the systems which allow Pfizer's population to move seamlessly between locations. Most recently, Kurt's responsibilities expanded to include Telepresence, a high fidelity video conferencing solution, globally for Pfizer. Kurt’s most recent initiatives involve developing a Center of Excellence for SaaS at Pfizer. Similarly, he is conducting an evaluation of the entire application portfolio looking for opportunities for Cloud Computing and SaaS conversion of traditional platforms and applications.
Kurt has worked in technology all of his adult life. He spent 6 years aboard the USS Michigan, operating the nuclear reactor which provided propulsion and electrical power for the submarine. Kurt spent several years working in roles of increasing responsibility in the civilian nuclear power industry. Switching from engineering to software, Kurt managed teams whose responsibility it was to convert Windows based software into an early version of SaaS, or Software as a Service, for the Insurance industry.
David Snead, Attorney at Law
Mr. Snead is an attorney in private practice in Washington D.C. His practice focuses exclusively on representing companies and other entities active in the internet infrastructure. In his 13 years in this area, Mr. Snead has represented these companies both in-house and as outside counsel. He has clients in the U.S., Europe, India and the former Soviet Union. They include multinationals, middle tier hosting companies, and two guys, a server, a T-1 and a huge MasterCard balance. He has broken down complex legal issues for internet professionals at over 100 conferences. His views on the impact of Federal legislation on small-to-medium internet businesses have been quoted in the Washington Post and San Jose Mercury News. He is also a columnist and blogger for the Web Host Industry Review. His transnational Internet experience has been recognized as the sole U.S. legal representative to the European Union’s Network & Information Security Agency’s Group on Cloud Computing Security. Mr. Snead received his J.D. in 1991 from Georgetown University Law Center, his B.A. in 1987 in International Affairs from Trinity University. He is a member of the bars of the District of Columbia and State of New Mexico.
Marcus Lasance, Verizon Business
Marcus Lasance is a principal consultant on the topic of Identity and Access Management at Verizon Business. He is in charge of defining Verizon’s new cloud-based user centric identity management services. From 2002 to 2007 Marcus was on the Board of Directors of Maxware AS in Norway and the products he helped develop are now part of the SAP Netweaver product set.
He experience ranges from developing HR systems, through X.500, LDAP, Meta Directories, life cycle management to provisioning. Marcus is a graduate from Nijenrode University and RSM Rotterdam School of Management is well known in the Identity and Access Management Industry and worked in this area long before the term IAM was even invented.
Marc Andersen, Danish National IT Telecommunication Agency
Marc Andersen has spent the last six years in information security. He currently holds the position of Security Analyst at the Danish GovCERT based at the Danish National IT Telecommunication Agency. Past experience includes building a security service utilizing Cloud Computing technology, penetration testing for large multinational customers, and general information security consulting.
Mr. Andersen holds a M.Sc. in Physics and several certifications including the CISSP and Certified Expert Penetration Tester (CEPT) certifications.
Maryann Hondo, IBM
Maryann Hondo is a Senior Technical Staff Member in the WebSphere Technology Institute at IBM with a focus on Security and Hybrid Cloud Computing. Maryann previously worked in IBM’s DataPower team and in the enterprise services organization with a focus on SOA enablement for security. Maryann is a co-author of the WS-Security, WS-Trust, WS-SecureConversation, WS-Policy and WS-Federation specifications.
She joined IBMLotus in 1996 working on Java security, PKIX, Lotus e-Suite. Her pre-IBM employment background includes working for HP on DCE and PKI based Single SignOn, working for Digital on a B1CMW operating system and ATT Bell Labs working on B2 Unix operating system.
Randy Barr, Qualys
As Chief Security Officer (CSO) of Qualys, Randy is responsible for security, risk management and business continuity planning of the QualysGuard platform used by thousands of organizations worldwide. Randy has over 13 years of information technology and leadership experience.
Prior to joining Qualys, he was the Information Security Officer at Yodlee responsible for insuring a high-level security posture of Yodlee's Internet based financial services.
Cynthia O'Donoghue, European Corporate Group
Cynthia O'Donoghue is a partner in the European Corporate Group and a core member of the firm's multi-disciplinary Outsourcing Group. Cynthia specialises in large, complex IT and business process outsourcing transactions and advises on all aspects of sourcing and procurement-related transactions for both customers and service providers in the health care/life sciences, financial services, technology and telecommunications sectors. She has advised on the global roll out of a cloud solution in the life sciences sector. She regularly advises on development and management; e-commerce, including hosting and content management; systems integration; and telecommunications. Cynthia also advises on European and global data privacy directives and legislation, including compliance, advice on cross-border transfers of personal data, internet-based marketing, IT and organisational security and development of privacy and data retention policies.
Mrs. O'Donoghue has a J.D. from University of California, Davis, an LL.M. from the University of Edinburgh and received her B.A. from Arizona State University. She is a qualified English solicitor and member of the New York bar.
Carolyn Herzog, Symantec
Carolyn Herzog is the head of legal for Symantec Corporation's Europe, Middle East and Africa region, based out of the UK. In this capacity, Carolyn manages legal strategies for Symantec's business in the region including Consumer and Enterprise business enablement as well as corporate, litigation, regulatory and compliance matters. Prior to this role, Carolyn supported other areas of Symantec's business, based out of the Washington, DC area.
Before joining Symantec in December, 2000, Carolyn was the General Counsel for AXENT Technologies, and worked in the international development arena, both in the non-profit sector and with the World Bank.
Tim Grance, NIST
Tim Grance is a senior computer scientist in the Information Technology Laboratory at the National Institute of Standards and Technology. He leads a team of researchers in the Systems and Network Security Group and is engaged in a broad research program focused on such topics as cloud computing, access control, identity management, vulnerability analysis, privacy protections, security metrics, protocol security, smart cards, and wireless/mobile device security. He is also the Program Manager for Cyber and Network Security (CNS) Program and exercises broad technical and programmatic oversight over the NIST CNS portfolio. This portfolio includes high profile projects such as the NIST Hash Competition, Cloud Computing, Security Content Automation Protocol (SCAP), Protocol Security (DNS, BGP, IPv6), Combinatorial Testing, and the National Vulnerability Database.
He has extensive public and private experience in accounting, law enforcement, counter-intelligence, and computer security. He has written on diverse topics including incident handling, intrusion detection, privacy, metrics, contingency planning, forensics, and identity management. He was named in 2003 to the Fed 100 by Federal Computer Week as one of the most influential people in Information Technology for the US Government. He is also is a two-time recipient of the highest award from the US Department of Commerce - a Gold Medal, from the Secretary of Commerce.
SecureCloud 2010 Attendee Registration
Registration is now closed. If you are still interested in attending, contact us here
SecureCloud 2010 Hotel Information
SecureCloud 2010 will be held at the Majestic Hotel & Spa Barcelona. Special room rates of €139 euros are available through February 10, 2010. Reservation form can be downloaded here (doc | pdf), or contact the hotel, referencing ENISA GROUP.
The Majestic Hotel & Spa Barcelona was built in 1918 and provides ultimate luxury, renowned quality of service and prime location in the center of Passeig de Gràcia. Surrounded by fine brand shopping, historical Gaudi masterpieces and outdoor restaurants, cafés and tapas bars, the Majestic is only 10 minutes walk to Plaza Catalunya and the popular Rambla.
View Larger Map