SecureCloud 2012

SecureCloud 2012

Keynote Speakers

Robert Bohn

Robert Bohn
Reference Architecture Lead for the NIST Cloud Computing Program - Applied and Computational Sciences Division in NIST/ITL

Robert Bohn, of the Applied and Computational Sciences Division in NIST/ITL, serves as the Reference Architecture Lead for the NIST Cloud Computing Program. In this role, he works with industrial, academic and other government stakeholders to develop a high-level vendor neutral reference architecture and taxonomy under the NIST Strategy for Developing a US Government Cloud Computing Technology Roadmap. This architecture will be used as a frame of reference to facilitate communication, illustrate and understand how clouds services and components fit together.

Bob was a member of the National Coordination Office of the Networking and Information Technology Research and Development (NITRD) and served as the program as the Technical Coordinator for the High End Computing Interagency Working Group (HEC-IWG) and Human-Computer Interaction and Information Management Coordinating Group (HCI&IM CG) and composed entries in the President’s Annual NITRD Budget Supplements.

He was a recipient of a National Science Foundation fellowship at NASA Ames Research Center in Moffett Field, CA, received Ph.D. and Master of Science degrees in Physical Chemistry from the University of Virginia, a Master’s Certificate in Project Management from George Washington University School of Business and Public Management, and a Bachelor of Science degree in Chemistry from the University of Illinois.

Dr. Carl-Christian Buhr

Dr. Carl-Christian Buhr
European Commission, Cabinet Member of Vice-President Neelie Kroes

An economist and computer scientist, Dr. Buhr is a member of the cabinet of Digital Agenda Commissioner and EU Commission Vice-President Neelie Kroes. Among others, he advises her on the developing European Cloud Computing Strategy, Data protection, Standardisation and interoperability policies as well as ICT research policy. He previously dealt with antitrust and merger control investigations by the Commission, such as the Microsoft antitrust case and the Oracle/Sun Microsystems merger.

Billy Hawkes

Billy Hawkes
Irish Data Protection Commissioner

Billy Hawkes was appointed as Irish Data Protection Commissioner in 2005 for a five-year term. He was re-appointed in 2010 for a further 5 years.

Prior to his appointment, he worked as a Civil Servant in a number of Government Departments, including Finance, Foreign Affairs and Enterprise, Trade and Employment.

Eran Feigenbaum

Eran Feigenbaum
Director of Security, Google Apps, Google

As the Director of Security for Google Enterprise, Eran defines and implements security strategy for Google's suite of solutions of Enterprise Products.

Prior to joining Google in 2007, Eran was the US Chief Information Security Officer for PricewaterhouseCoopers(PwC). At PwC, he led a team responsible for all aspects of network, server, application, and desktop computer security, as well as security policies, architectures, standards and enforcement. Earlier, Eran spent several years designing and implementing high-performance cryptosystems for electronic commerce solutions for Fortune 1000 clients and government agencies.

Eran holds a bachelor's degree in electrical and computer engineering from the University of California at Irvine, and an MBA from Pepperdine University. In his spare time, he enjoys performing magic and mentalism and was featured on the NBC television show Phenomenon

Nils Puhlmann

Nils Puhlmann
Co-founder of CSA | Chief Security Officer, Zynga’s Security Department

As Chief Security Officer, Nils Puhlmann leads Zynga’s converged security department, managing all security risks for the company and chairing the Security Risk Committee. Before joining Zynga, Puhlmann served as Chief Security Officer of Qualys. Puhlmann has held information security positions at Electronic Arts, Robert Half International, Mindjet Corp, and Adobe Systems. He also held senior positions at Nortel Networks and START Amadeus, and was an independent security consultant with clients such as the State of California. He maintains numerous security certifications, including CISSP-ISSMP and CISM. He has held several Board of Directors positions (ISACA Silicon Valley, OVAL), is a current Director on the International Board of Directors of ISSA, is a member of the CSO Interchange, the CISO Executive Council and a subject matter expert for ISACA and ISC2. He was also a member of the Advisory Council for the CISO Forum of ISSA.


Dave Asprey
Vice President of Cloud Security at Trend Micro

Dave Asprey brings more than 15 years experience to his position of Vice President of Cloud Security at Trend Micro. In this role, Mr. Asprey helps to shape the company’s cloud strategy, focusing specifically on expanding a Cloud Security Alliance partner ecosystem; participating in cloud security organizations; and cultivating Trend Micro partnerships with cloud security vendors.

Prior to joining Trend Micro, Mr. Asprey was an Entrepreneur in Residence at Trinity Ventures, focused on early stage investment opportunities with companies in the cloud and virtualization markets. Previously, he served as Vice President of Technology and Business and Corporate Development at Blue Coat Systems. He also served as Vice President of Marketing and Technology Strategy at UK-based virtual appliance company Zeus Technology. Other professional roles have included Director of Product Management for Acceleration and WAN Optimization NetScaler and, when that company was acquired by Citrix, responsibility for strategic planning for Citrix’s virtualization business unit, reporting directly to the CTO. He was also held senior management positions at Speedera Networks (now Akamai); Exodus Communications (now Savvis); and the University of California at Santa Cruz.

Dave Asprey holds degrees in computer science from the University of California, Santa Barbara and holds a master of business administration degree from the University of Pennsylvania’s Wharton School of Business.

--> Paolo Balboni

Paolo Balboni
Director of European Privacy Association and Founding Partner at ICT Legal Consulting

Director of European Privacy Association, Cloud Computing Sector Director and responsible for Foreign Affairs of Italian Institute for Privacy, Lawyer admitted at the Bar in Milan specialised in ICT, new technologies law and personal data protection, Paolo Balboni is partner at ICT Legal Consulting. He provides legal advice to multinational companies, especially concerning personal data protection, e-contracts, e-commerce, e-marketing, advertising, cloud computing, Web 2.0 service providers’ liability, Internet content providers’ liability, e-signatures, digital retention of documents and intellectual property rights. He also advises celebrities on privacy and copyright matters.

He has considerable experience in the following areas: IT, media & entertainment, e-Health, fashion and banking. He is the author of the book ‘Trustmarks in E-commerce’, Paolo Balboni is a Research Associate for Tilburg University (The Netherlands), where he lectures at the master course “Liability of Web 2.0 Service Providers”. As a legal counsel chosen for projects of European Network and Information Security Agency (ENISA) on ‘Cloud Computing Risk Assessment’, ‘Security and Resilience in Governmental Clouds’, 'Procure Secure' and ‘Common Assurance Maturity Model – Beyond the Cloud (CAMM)’, Paolo Balboni is often involved in European Commission studies on new technologies and data protection, and also participates on several speaking engagements at international conferences on these matters.

He obtained his Law degree with distinction from the University of Bologna in 2002, Ph.D. from Tilburg University (the Netherlands) in 2008 by defending a thesis on Comparative ICT Law titled: Trustmarks: Third-Party Liability of Trustmarks Organisations in Europe. He speaks fluent Italian, English and Dutch and has a good knowledge of German, French and Spanish.

Anirban Basu

Anirban Basu
Tokai University

Dr. Anirban Basu is a Post-doctoral Researcher at Kikuchi lab at Tokai University working on a Japanese Ministry of Internal Affairs and Communications funded project in collaboration with Waseda University, Hitachi, NEC and KDDI; and also a Visiting Research Fellow at the University of Sussex. He holds a Ph.D. in Computer Science and a Bachelor of Engineering (Hons.) in Computer Systems Engineering from the University of Sussex. His research interests are in computational trust management, privacy and security and peer-to-peer networks. He is particularly active within the IFIPTM computational trust management community. He has several years of experience with academic research at the University of Sussex as a Visiting Research Fellow and as part of two EPSRC funded and one EU IST FP5 funded research projects. He can be reached at [email protected].

Arnd Böken

Arnd Böken
Partner, Graf von Westphalen, Berlin, Germany

Arnd Böken, lawyer and notary, is a partner with the Graf von Westphalen law firm in Berlin. Practicing in IT law since 1993 and in information privacy law since 2002, Arnd advises IT companies and customers on Cloud- and SaaS-Agreements, data protection and IT compliance. He is frequently published, most recently including "Cloud computing in the banking sector", "Patriot Act and cloud computing" (iX Magazin, issue 1/2012), and "Developing and successfully implementing cloud strategies - ways into the cloud" (iX-Magazin, issue 4/2011).

Dominik Birk

Dominik Birk
Security Researcher, Horst Goertz Institute for IT Security

Dominik Birk is working as a security consultant for a global acting financial services group in Zurich, Switzerland. Besides his professional employment, Dominik is a Ph.D. student in the field of Cloud Computing Security & Forensics. He holds a M.Sc. degree in IT Security from the Ruhr-University Bochum, Germany. Until 2011, he also worked as a research assistant at the Horst Goertz Institute for IT Security (HGI), provided web security training and worked as a freelancing security consultant.

Sven Bugiel

Sven Bugiel

Sven Bugiel is a predoctoral researcher at the System Security Lab at Technische Universität Darmstadt / Center for Advanced Security Research Darmstadt. His research focus is on trusted computing, mobile (operating system) security, Cloud computing security, and the interconnection of the same. He holds two Master of Science degrees in Security and Mobile Computing from Royal Institute of Technology Stockholm and Technical University of Denmark respectively.

Nadeem Bukhari

Nadeem Bukhari
VP PRoduct Strategy, Kinamik Data Integrity

Nadeem has more than 14 years of exclusive Information Security experience within leading management consulting organizations and tier 1 financial services firms providing information security risk management consultancy and implementations of ISO27001 certifications.

He has spoken at many leading conferences, contributed to books, whitepapers, and standards with specialist focus on integrity of electronically stored information. Nadeem is a graduate in Information Security from the University of Westminster, an ISC2 Certified Information Systems Security Professional and an ISACA Certified Information Security Manager.

Ilias Chantzos

Ilias Chantzos
Senior Director, Symantec Government Affairs – EMEA and APJ

Ilias Chantzos is Senior Director of Symantec’s Government Affairs programmes for Europe, Middle East & Africa as well as the Asia Pacific and Japan regions. He is based in Brussels. Chantzos represents Symantec before government bodies, national authorities and international organisations advising on public policy issues with particular regard to IT security and data risk management and availability.

Prior to joining Symantec in 2004, Chantzos worked as legal and policy officer in the Directorate General Information Society of the European Commission focusing on information security policy. He covered the council of Europe Cybercrime Convention and the Framework Decision on Attacks against Information Systems. In addition, he managed a number of EU legislative initiatives relevant to information society and security, including directives on Privacy on Electronic Communications, the Data Retention Directive and the European Network and Information Security Agency (ENISA). He also represented the European Commission in various international debates and conferences.

Chantzos holds a law degree from the University of Thessaloniki and a Masters degree in Computers and Communication Law from the University of London and is a member of the Athens Bar. He serves as Vice-President of the Executive Board of TechAmerica Europe and appointed member of the Permanent Stakeholders Group of ENISA for a second consecutive term. Chantzos chaired for two consecutive terms the European policy council of the Business Software Alliance. He speaks Greek, English, Dutch and German and is a member of the Oostakker Kickboxing Club and the Greek Circle, a thought leadership club in Brussels.

Nick Coleman

Nick Coleman
Global Cloud Security Leader for IBM within the services organisation

Nick Coleman is the Global Cloud Security Leader for IBM within the services organisation. He is responsible for leading in IBM in securing cloud computing worldwide. Prior to this he was the UK Government Reviewer of Security and authored the "Coleman Report' published in 2008 by the Cabinet Office. He is an appointed advisor to the EU Network and Information Security Agency (ENISA) serving on the Permanent Stakeholders Group. He is a fellow of the Institution of Engineering and Technology(IET) and a Fellow of the British Computer Society (BCS). He holds an MBA with distinction from Manchester Business School.

Andy Dancer

Andy Dancer
Chief Technology Officer for EMEA at Trend Micro

Andy Dancer is Chief Technology Officer for EMEA at Trend Micro, a global leader in Internet content security. Andy joined TrendMicro through its acquisition of Identum, where he served as CEO, CTO and Board Director, responsible for developing the company's pairing based cryptographic technology, as well as its desktop and gateway email encryption products. On joining TrendMicro Andy worked initially to integrate the Identum technologies and then to concept and develop Trend Micro’s flagship cloud encryption solution - "SecureCloud". As EMEA CTO Andy splits his time between Customers, Partners and Media work. Earlier in his career, Andy worked with British Gas plc, WH Smith plc, before founding and successfully exiting a series of technology companies. He holds a degree in Applied Mathematics and Business Studies.

Alice Decker
Core Technology Product Manager, Trend Micro

Alice Decker coordinates correlation research for Trend Micro's cloud-based IP, URL, and file reputation services. Alice graduated from University of Al. I. Cuza in Rumania with degree in physical chemistry. She exchanged the physics with computer science after she relocated to Germany. As MCSD (Microsoft Certificated Solution Developer) certificated she worked as software developer. She developed in C++ and other object oriented languages for insurance and logistic software providers. Alice joined Trend Micro in 2001 as Virus Analyst working in second level of antivirus support. During this time she extended her domain of activity to application of computer forensics, malware behavior research and co-relation of core technologies in developing of customized security solutions. Since 2007 Alice has been a senior researcher and analyst with Trend Micro's cloud-based Smart Protection Network.

Russell Dietz
Vice President & Chief Technology Officer Corporate Vice President & Chief Technology Officer, SafeNet

Russell Dietz joined SafeNet in February 2009 as Corporate Vice President and Chief Technology Officer (CTO). In this role, Mr. Dietz, leads the strategic positioning and migration of new technologies into SafeNet’s highly successful solutions portfolio.

Mr. Dietz brings more than 27 years of industry experience. He has held the CTO position for multiple high-tech companies, including Hifn, Inc., where he led company efforts in defining the next generation of security, service, and network processing solutions, and Apptitude, where he drove the vision, strategy, and architecture of the application and flow classification solutions, MeterFlow and MeterWorks.

Mr. Dietz was the founder and Vice President of Engineering for Technically Elite, and previously held various management and technical spots at Magnavox Electronic Systems and Digital Equipment Corporation, and was a technical author for Digital News and Review technical journal.

Mr. Dietz is an active member of the Network Processing Forum (former chairperson), Internet Engineering Task Force (IETF), Institute of Electrical and Electronics Engineers (IEEE), Optical Internetworking Forum (OIF), and the Cloud Computing Interoperability Forum (CCIF). He has been awarded more than 20 patents in network and traffic behavior and analysis in the United States, European Union, Japan and China.

Dr. Fadi El-Moussa
Senior Security Researcher, BT

Dr Fadi El-Moussa is Senior Security Researcher at BT Innovate and Design, the R&D part of BT where he looks at fundamental security challenges facing enterprise level infrastructures, including, but not limited to Malware detection and prevention and protection of critical networks and systems against cyberattacks.

He is the subject matter expert on emerging threats targeting applications and systems on virtual and cloud environments, including vulnerability analysis, advanced anti-evasion techniques, host intrusion prevention and detection, and malware propagation containment. Fadi works together with security and cloud vendors, platform and product architects, in order to deliver innovative solutions that improve the protection of hosted applications in BT’s or partner virtual data centres and cloud infrastructures and networks and to validate these solutions with early adopters.

He has been the technical lead in several BT innovation projects and BT partner collaborations in these areas, he has been contributing to corporate policy standards, and he has been offering technical consultancy to BT and BT’s partners.

He has an MSc and a PhD from the University of Salford (UK) in Data Telecommunications and Networks. His PhD was in new methods for detecting and mitigating Malware and DDoS attacks. He also has a BSc in Computer Engineering from AL-Ahliyya Amman University, Jordan.

Dr. Thomas Endres

Dr. Thomas Endres
EuroCIO, former CIO Lufthansa

Thomas Endres was until recently the Chief Information Officer at Lufthansa - in this position he was responsible for the strategic IT alignment and corporate services for Lufthansa and the Lufthansa group airlines. Endres graduated in Materials Science and Ceramic Engineering at the University of Erlangen-Nuremberg and at Alfred University, New York. His PhD research involved laser and surface technology.

Before joining Lufthansa, Thomas Endres worked for BMW's central Materials Division, he was a management trainee at Audi, and he worked as Manager Human Resources and Programme Process Development at Eurofighter in Munich.

Dr. Niels Fallenbeck

Dr. Niels Fallenbeck
Fraunhofer AISEC

Niels holds a Ph.D. from the University of Marburg, Germany, and has been working for several years in the area of distributed systems and cloud computing. During his Ph.D. he has been working in numerous nationally and internationally funded Grid- and cloud computing projects in different industrial key sectors such as the automotive and financial services industry.

After working for Ernst & Young in the IT risk and assurance line, he joined Fraunhofer AISEC in 2011. He is head of the Cloud Security Lab where he coordinates several research activities in the field of SOA and cloud computing. Moreover, he is head of the Cloud Computing Competence Center for Security (c4s). Niels is co-founder and board member of the Cloud Security Alliance (CSA) German Chapter. He is also a member of ACM and GI (Germany).

Dr. Jesus Luna Garcia

Dr. Jesus Luna Garcia
Senior Researcher, Technical University of Darmstadt

Dr. Jesús Luna received his Bachelor’s degree in Telecommunications Engineering from the "Instituto Politécnico Nacional" (IPN, Mexico 1995), a Master’s degree in Computer Science from the "Tecnológico de Monterrey" (ITESM CEM, Mexico 2002) and a PhD in Computer Architecture from the "Universidad Politécnica de Cataluña" (UPC, Spain 2008).

He was a postdoctoral researcher with the CoreGRID Network of Excellence (Greece/Cyprus, 2008-2009) and has more than 15 years of experience in the field of computer security, working with public and private companies and universities in Mexico and southern Europe including "Banco de México", "Universidad Tecnológica de Mexico", "SeMarket" and "Barcelona Digital CT". Since 2009 is an active member of the "Cloud Security Alliance" (CSA) and in 2010 co-founded its Spanish Chapter (CSA-ES). Currently he is In charge of DEEDS' security research group (chaired by Prof. Neeraj Suri at TU Darmstadt) with special focus on security metrics, Cloud computing, P2P and WSN. The goal of his research is to create a metrics framework to improve the security and dependability in IT ecosystems. He is also a researcher with EU FP7 funded ABC4Trust project, performing tasks related with the use of attribute based credentials to preserve user's privacy while improving overall authentication and authorization.

Teaching activities include co-advising PhD, MSc and research seminar students in the area of VANET's security, WSN's privacy and Cloud security metrics. Dr. Luna is also in charge of TU Darmstadt's research seminar “Security Metrics in Cloud Computing” (since April-2011).

Jorge Gasós

Jorge Gasós
Head of Sector for Trust and Security in the European Commission’s Information Society and Media Directorate-General

Jorge Gasós is head of sector for Trust and Security in the European Commission’s Information Society and Media Directorate-General. He held previous positions in the areas of Software / Cloud Computing, Grid Technologies and eBusiness of the IST research programme. Before joining the European Commission, Jorge Gasós held research positions in Spain, Japan and Belgium, mainly in the areas of artificial intelligence and robotics. He holds a PhD in Computer Science from the Polytechnic University of Madrid (Spain).

Matthew Goodrich

Matthew Goodrich
Program Manager for the Federal Risk and Authorization Management Program (FedRAMP) at the US General Services Administration (GSA)

Mr. Goodrich is the program manager for the Federal Risk and Authorization Management Program (FedRAMP) at the US General Services Administration (GSA).

Mr. Goodrich began his career in the US Government as a Presidential Management Fellow (PMF). Mr. Goodrich currently works on the Federal Cloud Computing Initiative at GSA. He has served as project manager for, helped in the creation of multiple cloud procurements, and led the development the Federal Risk and Authorization Management Program (FedRAMP). Additionally, Mr. Goodrich also worked under the US Federal CIO in the e-Government office in the Office of Management and Budget (OMB) in the Executive Office of the President of the United States. During his tenure at OMB, Mr. Goodrich focused his efforts on government-wide cloud computing policy issues and helped oversee agency IT portfolios.

Mr. Goodrich also led the effort in creating tactical guidance for US government agencies in addressing barriers to the effective acquisition of cloud computing services. The white paper "Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service" was published by the US CIO and CAO Council as well as the Federal Cloud Compliance Committee.

Mr. Goodrich has a BBA in Computer Information Systems from the University of Miami in Coral Gables, Florida and a Juris Doctor from the University of Denver in Denver, Colorado.

Waldemar Grudzien

Waldemar Grudzien
Direktor, Bundesverband deutscher Banken e.V. (Association of German Banks)

Studied electrical engineering at Berlin Technical University and business studies at the Berlin School of Economics. Holds a doctorate in the former subject. After working as a process engineer at Berlin’s water company and at Berlin Technical University’s Institute for Machine Tools and Factory Management, Mr Grudzien joined the Association of German Banks in October 2001. He works in the Retail Banking and Banking Technology Department, where he is responsible for security issues associated with card-based payment systems, approval processes, IT security, Biometry and Security Strategy.

--> Dennis Heinson

Dennis Heinson
Ph.D. candidate at the Universität Kassel

Dennis Heinson holds Law degrees from the University of Münster, Germany and the University of Californa, Los Angeles. In 2010, he was admitted to the New York State Bar as an Attorney-at-Law. He is author of a number of academic articles on topics covering as internal investigations, IT Forensics and privacy. He was expert member to the Enisa working group on Cloud Security and contributor to the study "Security and Resilience in Governmental Clouds". Currently, Mr. Heinson is a Ph.D. candidate at the Universität Kassel in Germany.

Markus Hennig

Markus Hennig
CTO, Astaro GmbH & Co. KG, a Sophos Company

Markus co-founded Astaro in early 2000 and run R&D as CTO. Mid 2011 Sophos Ltd. bought Astaro. As with his previous duties for Astaro, he is now responsible for research, new technologies and products for network security with Sophos. Markus has over twenty years of experience in open source and network security and is an active member of the Linux community. In his previous career, he was Chief Technology Officer of a local internet service provider, where he built up the company's managed security business. Markus studied computer science at the Martin-Luther-Universität Halle-Wittenberg and Technical University of Karlsruhe.

Giles Hogben

Giles Hogben

Dr Giles Hogben is an ENISA information expert specialising in cloud security. He works at the European Network and Information Security Agency in Greece. He led ENISA's 2012 study on Procure secure: a guide to monitoring of security service levels in cloud contracts, as well as ENISA's 2009 report Cloud Computing: Benefits, Risks and Recommendations for Information Security. He has led numerous studies on other network and information security topics including botnets, social network security and European identity card privacy. Before joining ENISA, he was a researcher at the Joint Research Centre in Ispra, Italy and led work on private credentials. He has a PhD in Computer Science from Gdansk University of Technology in Poland and graduated from Oxford University, UK in 1994 in Physics and Philosophy.

John van Huijgevoort

John van Huijgevoort
Senior Security Advisor for the National Cyber Security Centre

“After studying Computer Science in Eindhoven, John van Huijgevoort fulfilled his military service at the Royal Navy Reserve in Den Helder as system administrator of a quality control system. After his military service he joined Capgemini. His career followed the traditional path from programmer to technical designer and in the beginning of his career he also performed as a help desk employee and system administrator.

Soon after he became a Trainer/Coach at the Capgemini Academy and during this period he was involved in developing and teaching a broad range of information security courses.

Thereafter he worked as a team member in several projects in implementing information security in both governmental and commercial organizations. He has a broad experience in the field of information security. His strength lies in translating theory into practice and his approach to problems is result-oriented.

Since the beginning of 2010, John has been working for GOVCERT.NL as a security advisor. The National Cyber Security Centre (NCSC) commenced operations on 1 January 2012. GOVCERT.NL, the former Computer Emergency Response Team of the Dutch government, will be incorporated in the new centre. The NCSC cooperates in enhancing the defensibility of the Dutch society in the digital domain. Our goal is to realize a safe, open and stable information society by sharing knowledge, offering insight and also offering a proper action perspective.

John is, among other things, involved in writing white papers, factsheets and articles for the Security Alert Service. His main points of interest with NCSC are smartphone/tablets, cloud computing and security.

John was co-author of the books "Information Security Management Advanced" and "Network & Internet Security Advanced", theory and assignment material based on the I-Tracks exam of the same name. He also acts as an examiner on behalf of EXIN for the I-Tracks module "Information Security Management Expert"

He is since 2011 board member of the Netherlands CSA Chapter heading up the Research & Development section.

John’s hobbies are travelling with his wife, sports, visiting games of Tilburg soccer club Willem II and of course his work.”

Monika Josi

Monika Josi
Chief Security Advisor, EMEA, Microsoft

Monika Josi has joined Microsoft as Chief Security Advisor EMEA in January 2011. In this role, she leads a team of national Chief Security Advisors across EMEA who work with organizations in the commercial and public sector on information technology issues and strategies related to security, risk management and compliance. Monika has 20+ years of experience in IT across various domains and industries including consulting and auditing. Most recent to joining Microsoft, she was Global Head of Information Governance and Management Policies and Frameworks for a multi-national pharmaceutical company.

Ari Juels

Ari Juels

Dr. Ari Juels is Chief Scientist of RSA, The Security Division of EMC, where he has worked since 1996. He oversees RSA's research program and advises on the science behind its technology strategy and vision. Visit for more information.

Ben T. Katsumi

Ben T. Katsumi
Chief Researcher IT Security Center, IPA & President and CEO, Information Economy Research Institute

Ben has 18years of experience in cybersecurity specializing in marketing, market analysis, social and international studies, and security management and governance. His career includes 7 years at IPA as visiting researcher (2005 thru 2012), consultant at several Japanese firms including Ricoh's affiliated company (2004 thru 2008), director at Symantec Japan (2001 thru 2004), sales and marketing manager at Nissin Electric (1994 thru 2001).

Ben is one of the founders and board members of CSA Japan Chapter. He is also active in Japan Network Security Association where he is a board member, an officer and chair of Market Analysis WG. He is also a member of Japan Society of Security Management, and Institute of Digital Forensics. Bachelor degrees in Liberal Arts and Economy from Kyoto University in 1973 and 1975. CISA, Information Security Associate Auditor, Certified Information Security Administrator.

Mark Lange

--> Yves Le Roux

Yves Le Roux
Principal Consultant, CA Technologies

After his graduation from Paris University in 1970, he worked in the Rothschild Group where, among others tasks, he was in charge of the network security and other security related issues. In 1981, he joined the French Ministry of Industry where he was in charge of the Open Systems Standardization programs. In 1986, he took the position of European Information Security Manager at Digital Equipment. Then, he joined the security research and development team. In 1999, he went to Entrust Technologies, PKI software editor. In 2003, Yves joined Computer Associates Int.

He has co-authored three books on security. He was a lecturer at Paris University and spoke in many conferences (e.g. ISMC USA 2008, ISMF 2008, RSA Europe 2009, ISRMC Europe 2009).He was member of the European Network and Information Security Agency (ENISA) Permanent Stakeholders’ Group (PSG) He is member of the ISACA External Relationship Committee and the ISACA Cloud Computing Task Force. He was a member of the drafting committee of the Cloud Security Alliance Cloud Controls Matrix

Alain Pannetrat

Alain Pannetrat
Senior IT Specialist, CNIL | Article 29 Working Party

Alain Pannetrat is a Senior IT Specialist of the CNIL, the French data protection authority. His main interests are cryptography, biometrics, RFID, internet voting and online targeted advertising.

He is a member of the Technology Subgroup of the Article 29 Working Party, which explores data protection issues related to new technologies.

Before joining the CNIL, Alain Pannetrat was an IT Security consultant specialized in credit and debit smartcard systems. He received a PhD in Computer Sciences after conducting research at Eurecom on novel cryptographic protocols for IP multicast security.

David Pollington

David Pollington
Director of International Security Relations, Microsoft

David Pollington is responsible for major national and international security relationships on behalf of Microsoft’s Trustworthy Computing Security group. He represents the security science, response and engineering teams that assess the threats and assure the security of Microsoft’s products and services, in policy matters with Governments and Institutions. David is a cofounder of Microsoft’s Global Security Strategy and Diplomacy team who engage on matters of Cyber Security around the world.

After 20 years in IT with experience in areas as diverse as oil exploration, cartography, flight testing, building a consultancy practice and outsourcing; David joined Microsoft in 2002 with a focus on Microsoft’s evolving commitment to IT security in UK Government relationships. He enabled the UK to be among the first countries to join Microsoft’s Government Security Program and worked with UK Law Enforcement to improve child protection online. A few years later, David joined Microsoft’s corporate Trustworthy Computing division to develop cyber security relationships with major Governments and Institutions around the world.

In the course of his work, David has built relationships and facilitated the cyber security debate in major Commonwealth countries and many institutions including: EU, ENISA, OECD, IGF, ITU and IMPACT. He is also concerned with Critical Infrastructure Protection and for 2 years, was Chair of the Vendor Security Information Exchange, part of the UK’s Centre for the Protection of the National Infrastructure.

Joseph A. Rivela

Joseph A. Rivela
Associate Director, Protiviti Inc.

Joseph A. Rivela is an Associate Director in Protiviti’s IT Security & Data Privacy Solutions practice. Based in New York City, he has managed and delivered security services to a variety of clients in financial services, insurance, healthcare and life sciences, media, and higher education.

He provides clients with expertise in security assessments, IS governance / ISO 27001 strategy development, IT risk management, and privacy compliance services. Joseph has led the development of enterprise-wide security incident response frameworks, delivered security training to leaders of industry and Fortune 500 companies, and has been engaged frequently as an incident coordinator to manage various interstate response teams following the identification of potential security breach’s.

Prior to joining Protiviti, he was responsible for conducting investigations for the New York State Office of the Attorney General’s Internet Bureau. While working at the Internet Bureau, Joseph conducted the in-house investigation of business entities and individuals involved in or associated with a variety of online fraud, including spyware, auction fraud, and phishing schemes.

Joseph earned his bachelor of science degree in economic crime investigation with a concentration in computer security from Utica College of Syracuse University. He is a member of the NY Metro ISSA Board of Directors and maintains the following professional memberships and certifications: Certified Information Systems Security Professional (CISSP); PCI Qualified Security Assessor (QSA); Archer Certified Consultant (ACC); Certified in Digital Forensics, Marshall University; Basic Digital Recovery & Analysis (BDRA); SANS Hacker Techniques, Exploits and Incident Handling (GCIH).

Raj Samani

Raj Samani
VP, Chief Technical Officer for McAfee EMEA

Raj is currently working as the VP, Chief Technical Officer for McAfee EMEA, having previously worked as the Chief Information Security Officer for a large public sector organisation in the UK.

He volunteers as the Cloud Security Alliance EMEA Strategy Advisor, is on the advisory councils for Infosecurity Europe, and Infosecurity Magazine. In addition, Raj was previously the Vice President for Communications in the ISSA UK Chapter, having presided over the award for Chapter communications programme of the year 2008, and 2009.. He has had numerous security papers published, and appeared on television (ITV and More4). As well as providing assistance in the 2006 RSA Wireless Security Survey and part of the consultation committee for the RIPA Bill (Part 3). He is also the founder for the global collaborative project used to evaluate objective measurement of IA maturity known as the Common Assurance Maturity Model (also known as CAMM – please refer to for more details).

He can be found on twitter @Raj_Samani

David Snead

David Snead
Internet Infrastructure Attorney

David Snead’s practice focuses exclusively on representing companies and other entities active in internet infrastructure. In his 18 years in this area, he has represented these companies both in-house and as outside counsel, with clients in over 20 countries. He has broken down complex legal issues at over 100 conferences. His transnational Internet experience has been recognized as the sole U.S. legal representative to the ENISA Group on Cloud Computing Security. Mr. Snead received his J.D. in 1991 from Georgetown University Law Center. He is a member of the bars of the District of Columbia and State of New Mexico.

Marc Vael

Marc Vael
Chief Audit Executive Smals / Chairman Cloud Computing Task Force ISACA

Marc Vael, CISA, CISM, CGEIT, CISSP, is Chief Audit Executive at Smals, a Belgian not-for-profit IT organization with more than 1,800 people working for the Belgian federal government. Marc has more than 20 years of experience in evaluating, designing, implementing and monitoring solutions on risk and information security management, incident and business continuity management, data protection/privacy, and IT audit. An ISACA member for more than 15 years, Marc is also vice president of the ISACA Belgium Chapter, chair of ISACA’s Cloud Computing Task Force and Knowledge Board, member of ISACA’s Strategic Advisory Council, and past chair of the ISACA Communities Committee. He is a visiting lecturer at Antwerp Management School (AMS) since 1997 and a deputy member of the Flemish Privacy Commission since 2010. Marc is a board member for a number of organisations in Belgium.

Rolf Van Roessing

--> Prof. Paulo  Verissimo

Prof. Paulo Verissimo
Prof. University of Lisbon - LaSIGE

Paulo Veríssimo is currently a professor of the Department of Informatics (DI) of the University of Lisboa Faculty of Sciences (, and past Director of LASIGE, a research laboratory of the DI ( He is Fellow of the IEEE and Fellow of the ACM. He is associate editor of the Elsevier Int’l Journal on Critical Infrastructure Protection, and past associate editor of the IEEE Tacs. on Dependable and Secure Computing. He belonged to the European Security & Dependability Advisory Board. He is past Chair of the IEEE Technical Committee on Fault Tolerant Computing and of the Steering Committee of the DSN conference, and belonged to the Executive Board of the CaberNet European Network of Excellence. He was coordinator of the CORTEX IST/FET project ( Paulo Veríssimo leads the Navigators research group of LASIGE, and is currently interested in: architecture, middleware and protocols for distributed, pervasive and embedded systems, in the facets of real-time adaptability and fault/intrusion tolerance. He is author of more than 160 refereed publications in international scientific conferences and journals in the area, and co-author of five books

Mario Vuksan

Mario Vuksan
CEO, ReversingLabs

Mario has been involved in development of advanced security solutions for the last seven years and has rich engineering background spanning the last 20 years. Before founding ReversingLabs, Mario was the Director of Research at Bit9 and one of its founding engineers. He spoke at numerous conferences over the last 6 years including CEIC, Black Hat, RSA, Defcon, Caro Workshop, Virus Bulletin and AVAR Conferences. He is author of numerous blog posts on security and has authored "Protection in Untrusted Environments" chapter for the "Virtualization for Security" book. He coordinates AMTSO Advisory Board and works with IEEE Malware Working Group.

Ian Walden

Ian Walden
Queen's University

Ian Walden is Professor of Information and Communications Law and head of the Institute of Computer and Communications Law in the Centre for Commercial Law Studies, Queen Mary, University of London. His publications include EDI and the Law (1989), Information Technology and the Law (1990), EDI Audit and Control (1993), Cross-border Electronic Banking (2nd ed., 2000), Telecommunications Law Handbook (1997), E-Commerce Law and Practice in Europe (2001), Computer Crimes and Digital Investigations (2007), Media Law and Practice (2009) and Telecommunications Law and Regulation (4th ed., 2012). Ian has been involved in law reform projects for the World Bank, the European Commission, UNCTAD, UNECE and the EBRD, as well as for a number of individual states. Ian was awarded a Council of Europe Human Rights Fellowship (1987-88); was a seconded national expert to the European Commission DG-Industry (1995-96); Board Member and Trustee of the Internet Watch Foundation (2004-09) and on the Executive Board of the UK Council for Child Internet Safety (2010-12). Ian is a solicitor and Of Counsel to Baker & McKenzie. He is currently a member of the Press Complaints Commission.

Agenda Day 1

Time Plenary Track 1 Track 2
8:15-8:45 Registration

Welcome note

  • Jim Reavis - CSA & Michael Waidner - Fraunhofer SIT (Conference Chairs)
  • Giles Hogben - ENISA & Ahmad-Reza Sadeghi- Fraunhofer SIT (Program Co-Chairs)

Intro and Keynote 1

  • Introduction by Ahmad-Reza Sadeghi - Fraunhofer CASED
  • Carl Buhr - European Commission - Cabinet Member of Vice-President Neelie Kroes

Panel: European data protection - what do the changes mean for cloud computing?

  • Moderated by Michael Waidner - Fraunhofer SIT
  • Billy Hawkes - Irish Data Protection Officer
  • Yves Le Roux - Principal Consultant - CA Technologies
  • Alain Pannetrat - Senior IT Specialist, CNIL | Article 29 Working Party
  • Paolo Balboni - European Privacy Association

Cloud Technologies 1

  • Session Chair: Marnix Dekker - ENISA
  • Sven Bugiel
    Subtleties Matter: Usage Model of Cloud App Stores
  • Ari Juels - Chief Scientist of RSA, The Security Division of EMC
    Security in the Cloud: From the Mythological to the Merely Counterintuitive
  • Anirban Basu - Tokai University
    Practical privacy using Homomorphic Encryption - Myth or Reality
10:45-11:15 Coffee Break

Panel: Global infrastructure, national laws - international differences and cloud computing

  • Moderated by Daniele Catteddu - CSA
  • Ilias Chantzos - Senior Director, Symantec Government Affairs – EMEA and APJ
  • David Snead - Internet Infrastructure Attorney
  • Antonio Mauro - University of Modena and Reggio Emilia
  • David Pollington, Director of International Security Relations, Microsoft

Panel: Cloud Security User Perspective

  • Moderated by Yoran Dov - CSA / MetroSITE Group
  • Thomas Endres - EuroCIO, former CIO Lufthansa
  • Pam Fusco - Booz, Allen
  • John Meakin - Global Head of Security Solutions & Architecture at Deutsche Bank
  • Stephan Bohnengel - Sr. Systems Engineer - Security and Compliance Specialist at Bitkom / VMware

Panel: The Positive Impact of Cloud Computing on Security

  • Moderated by Phil Dunkelberger
13:15-14:15 Lunch

Keynote 2

  • Introduction by Giles Hogben - ENISA
  • Billy Hawkes - Irish Data Protection Commissioner

Government Policy on Cloud Security

  • Session Chair: Daniele Catteddu - CSA
  • Jorge Gasos - European Commission
    European Cloud Computing Strategy
  • John van Huijgevoort - Senior Security Advisor for the National Cyber Security Centre
    Cloud computing security in the Dutch Government
  • Matt Goodrich - Program Manager for the Federal Risk and Authorization Management Program (FedRAMP) at the US General Services Administration (GSA)
  • Nick Coleman - Global Cloud Security Leader, IBM
    Delivering and assuring Security in the Public Sector: applying this to Cloud.

Forensics and Investigations

  • Session Chair: Yoran Dov - CSA / MetroSITE Group
  • Owen O'Connor
    Forensics in the Cloud
  • Matthias Maier - System Engineer - LogLogic, GmbH
    Manage Trust in the Cloud with Intelligent Log Data Management: Security and Performance Transparency for Public and Enterprise Private Clouds
  • Dominik Birk - Security Researcher - Horst Goertz Institute for IT Security
    Dennis Heinson - Researcher at the Universität Kassel
    Stranger in the Cloud - Legal and Technical Issues of Forensic Investigations
  • Nadeem Bukhari - VP PRoduct Strategy - Kinamik Data Integrity
    David Snead - Internet Infrastructure Attorney
    Legally and Technically Prepared for Cloud Services
16:15-16:45 Coffee Break

Incident Management

  • Session Chair: Marnix Dekker - ENISA
  • Ben T. Katsumi - Chief Researcher IT Security Center, IPA & President and CEO, Information Economy Research Institute
    How Cloud Survived the Quake and Served People
  • Joseph A. Rivela - Associate Director - Protiviti Inc.
    Preparing an Effective Response to Vendor Incidents
  • Rolf Van Roessing - ISACA

Cloud Technologies 2

  • Session Chair: Philippe Masconet - CETIC
  • Russell Dietz - Safenet
    Hardware Security Modules and Secure Key Management in the Cloud
  • Dr. Srijith Krishnan Nair - Senior Researcher, BT
    On the Security of Data Stored in the Cloud
  • Steve Markey - Principal - nControl
    Securing Databases in the Cloud.
  • Ben Matzkel
    Commercially Viable Encryption in the Cloud

Agenda Day 2

Time Plenary Track 1 Track 2
8:30-9:00 Registration

Keynote 3

  • Introduction by Jim Reavis - CSA
  • Eran Feigenbaum - Head of Security - Google Apps
    Is Cloud Computing the End of Security and Privacy As We Know It?

SLAs and Monitoring

  • Session Chair: Michael Herfert - Frauhofer SIT
  • Giles Hogben - ENISA
    Procure Secure: Continuous Security Monitoring vs Hoping for the Best
  • Dr. Jesus Luna - Senior Researcher, Technical University of Darmstadt
    Quantifiable End-to-End Security for Cloud Trustworthiness
  • Dr. Niels Fallenbeck - Fraunhofer AISEC
    Monitoring Compliance in Cloud Computing Infrastructures
  • Ian Walden - Queen's University
    Contracting for Legal Security

Virtualisation Security

  • Session Chair: Theo Dimitrakos - British Telecom
  • Dr. Fadi El-Moussa - Senior Security Researcher - BT
    Protecting Systems and Applications on Virtual Data Centres and in the Cloud: Challenges, Emerging Solutions and Lessons Learnt
  • Andy Dancer - Chief Technology Officer for EMEA at Trend Micro
    Just say no: When to virtualise
  • Markus Hennig - CTO - Astaro GmbH & Co. KG, a Sophos Company
    Security for customer instances and (virtual) networks in the Cloud
11:15-11:30 Coffee Break

Panel: Cloud Provider Panel - The World According To...

  • Moderated by Ramses Gallego - Quest Software/ISACA
  • CJ Moses - General Manager, World Wide Public Sector Cloud, Amazon Web Services
  • Eran Feigenbaum, Head of Security - Google Apps
  • Monika Josi
  • Yves LeRoux
    CA Technologies

Panel: Measuring security in a cloud-enabled organization full of consumer devices

  • Moderated by Giles Hogben - ENISA
  • Alice Decker - Core Technology Product Manager, Trend Micro
  • Mario Vuksan - CEO, ReversingLabs
  • Simon Edwards - Dennis Technology Labs
  • Ferenc Leitold - Veszprog Ltd
  • Marcus Klische - BlackBerry Security Advisory Team, RIM
12:45-13:45 Lunch

Governance, Risk and Compliance

  • Session Chair: Gerhard Eschelbeck - Sophos
  • Raj Samani - VP, Chief Technical Officer for McAfee EMEA
    ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security.
  • Marc Vael - Chief Audit Executive Smals / Chairman Cloud Computing Task Force ISACA
    Why you should already be in the cloud today!
  • Monika Josi - Chief Security Advisor, EMEA - Microsoft
    Creating a Standard Response to Request for Information using CCM.

Sensitive Services in the Cloud

  • Session Chair: Ben Katsumi - IPA
  • Prof. Paulo Verissimo - University of Lisbon - LaSIGE
    TCLOUDS: Architectural Resilience in Cloud Computing
  • Arnd Böken - Partner, Graf von Westphalen, Berlin, Germany
  • Andrea Manieri - Project Director of the VENUS-C project and Project Manager of the ERINA+ Support Action
    Secure Clouds for smart Governments
15:30-16:00 Coffee Break

Keynote 4

  • Introduction by Ben Katsumi - IPA
  • Robert Bohn, NIST
    NIST Cloud Computing Program - Highlights & Next Steps

Closing Remarks

  • Jim Reavis - CSA & Michael Waidner - Fraunhofer SIT

About SecureCloud 2012

Download presentations from the event!

SecureCloud 2012 is a premier educational and networking event on cloud computing security and privacy, hosted and organized by Cloud Security Alliance (CSA), the European Network and Information Security Agency (ENISA), CASED/Fraunhofer SIT and ISACA, four of the leading organisations shaping the future of cloud computing security.

SecureCloud 2012 is the only European conference to focus specifically on cloud computing security. It provides a unique opportunity for political and corporate decision-makers, CEO, CTO, CISOs, business leaders, and information security practitioners not only to learn, but also to make important global contacts and to participate in interactive strategy sessions with high level experts in cloud computing security. SecureCloud 2012 will have a special focus on the legal and policy aspects of cloud computing security.

Programme Committee

The programme committee of SecureCloud 2012 is

  • Avner Algom, IGT
  • Paolo Balboni , EPA - ICT Legal Consulting
  • Daniele Catteddu, EMEA Managing Director, CSA
  • Theo Dimitrakos, British Telecom
  • Marnix Dekker, ENISA
  • Gerhard Eschelbeck, CTO & SVP at Sophos
  • Ramses Gallego, Quest Software/ISACA
  • Andrea Glorioso, European Commission, DG INFSO
  • Ron Hale, ISACA
  • Giles Hogben, ENISA (chair)
  • Brian Honan, BHConsulting
  • Ben Katsumi, IPA, Japan
  • Philippe Massonet, CETIC, Belgium
  • Manuel Medina, ENISA
  • Jim Reavis (Conference co-chair), CSA
  • Ahmad-Reza Sadeghi (PC co-chair), Fraunhofer CASED
  • Michael Waidner (Conference co-chair), Fraunhofer SIT
  • Colin Watson, Watson Hall
  • Lorenzo Valeri, Louis University of Rome
  • Dov Yoran, CSA / MetroSITE Group

Event Partner

SecureCloud 2012 has been organized in partnership with isits AG International School of IT Security.

Contact Information

For general questions send an email to: [email protected]

For press enquiries and a press kit send an email to: [email protected]

Sponsorship Information

For details on sponsorship opportunities, please download the SecureCloud 2012 Conference Sponsorship Information document.

Gold Sponsors

Standard Sponsors

Download Presentations

Presenter Day # / Track # Title Download
Carl-Christian Buhr Day 1 / Keynote The European Cloud Computing Strategy Slideshare
Billy Hawkes Day 1 / Keynote Data Protection in the Cloud – unclouding the Issues Download (ppt)
Alain Pannetrat Day 1 / Track 1 Download (pdf)
Jorge Gasos Day 1 / Track 1 Towards a European Cloud Computing Strategy Download (pdf)
John van Huijgevoort Day 1 / Track 1 Cloud computing security in the Dutch Government Download (pdf)
Ben T. Katsumi Day 1 / Track 1 How Cloud Survived the Earthquake and Served People Download (pptx)
Anirban Basu Day 1 / Track 2 Practical privacy using homomorphic encryption – a myth or reality? Download (ppt)
Steve Markey Day 1 / Track 2 Securing Databases in the Cloud Download (ppt)
Srijith Nair Day 1 / Track 2 On the Security of Data Stored in the Cloud Download (ppt)
Robert Bohn Day 2 / Keynote NIST Cloud Computing Program – Highlights & Next Steps Download (pptx)
Giles Hogben Day 2 / Track 1 PROCURE SECURE | Continuous monitoring for public sector cloud services Download (pptx)
Dr. Jesus Luna Day 2 / Track 1 QUantifiable End-to-end SecuriTy for Cloud Trustworthiness Download (ppt)
Andy Dancer Day 2 / Track 2 10 Reasons Not to Virtualize Download (ppt)
Paolo Verissimo Day 2 / Track 2 Architectural Resilience in Cloud Computing Download (pdf)
Fadi El-Moussa Day 2 / Track 2 Protecting systems and applications on virtual data centres and in the cloud: challenges, emerging solutions and lessons learnt Download (pptx)