CSA Legal Information Center: Program Materials for Cloud Trust Seminar

This Event is Sponsored By:

The following link provides access to additional CSA/CLIC research material:

Registration & Networking 8:15 – 8:45am
Welcome & Introduction 8:45 – 9:00am
Dave Cullinane, Chairman of the Board, CSA Dave Cullinane is the Chairman of the Cloud Security Alliance – a global alliance of industry security professionals created to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Dave is also the CEO of Security Starfish, LLC – an alliance of industry security professionals designed to effectively address cybercrime through collaborative intelligence research and preventive actions. Prior to Security Starfish he was the CISO and VP of Global Fraud, Risk and Security for eBay for 5+ years. Prior to joining eBay, Dave was the CISO for the sixth largest bank in the United States and the largest Thrift in the world. He has more than 30 years of security experience and has been awarded the Certified Information Systems Security Professional (CISSP), Certified Business Continuity Professional (CBCP) and Certified Protection Professional (CPP).

He is the past President and past Chairman of the IT-ISAC – an organization for sharing security related information across companies in the IT industry. He served as a member of the IT Sector Coordinating Council and the National Council of ISACs. He is an ISSA Fellow, and has been elected to the ISSA Hall of Fame. He is a member of the International Association of Privacy Professionals, served on ASIS International’s CSO Roundtable Committee and is on the Editorial Advisory Board of CSO Magazine and SC Magazine. He was awarded SC Magazine’s Global Award as Chief Security Officer of the Year for 2005 and CSO Magazine’s 2006 Compass Award as a “Visionary Leader of the Security Profession.” In 2012 he was awarded SecureWorld’s first Lifetime Achievement Award for his outstanding contributions to the advancement of the information security community.

Legal and Regulatory Background 9:00 – 9:45am
Francoise Gilbert, Managing Director, IT Law Group Francoise Gilbert, founder and managing director of the IT Law Group (www.itlawgroup.com), is an internationally recognized thought leader and expert in information privacy and security law. She regularly advises public companies and other businesses on a variety of information privacy, security, cloud computing, and big data matters.

Named Best Lawyers’ “2014 San Francisco Lawyer of the Year for Information Technology Law,” Francoise was also recently selected as one of the “2013 Northern California’s Top Attorneys.” Her work and leadership in the information privacy and security field has received consistent accolades from ComputerWorld (listed as one of the top privacy advisers), Ethisphere (listed as one of the country’s three “lawyers who matter” in the privacy field). She has been repeatedly recognized by the prestigious Chambers USA, Chambers Global, The Best Lawyers in America, and Who’s Who in E-Commerce as one of the leading lawyers in the information law field.

Francoise is the primary author and editor of the reference two-volume treatise Global Privacy and Security Law, http://www.globalprivacybook.com (3,000 pages, 2-volume, Aspen Publishers / Wolters Kluwer Law and Business), which is an in-depth analysis of the data protection laws of 66 countries. She co-chairs the PLI Privacy & Security Law Institute, and is a contributing expert to TechTarget’s SearchCloudSecurity.com.


Panel: Tools for Evaluating and Measuring Data Handling Practices
 9:45 – 10:30am
Daniele Catteddu, Managing Director EMEA, CSA Daniele is the Managing Director, EMEA, in Cloud Security Alliance, where he is responsible for the definition and execution of the company strategy in EU, Middle East and Africa. He also leads CSA participation in FP7 projects, coordinates European CSA Chapters research projects and manage the relations with European public institutions. In past worked at ENISA (European Network and Information Security Agency), as Expert, where he was responsible of projects in the areas of Resilience and Critical Information Infrastructure Protection (CIIP). Daniele is the author of the study: “Security and Resilience in Governmental Clouds” as well as co-author of the reports: “Cloud Computing: Benefits, risks and recommendations for information security” and “Cloud Computing: Information Assurance Framework”. He is chair or member of various national and international security expert groups on cloud computing security and privacy.
John Di Maria, ISO Product Manager, British Standards Institution John DiMaria is the ISO Product Manager for BSI Group America Inc and Co-Chair of the CSA OCF and CTP Working Groups and member of the CSA SME working group. He has 28 years of successful experience in standards and Management System Development, including Information Security, EMS and Quality Assurance. John is responsible for overseeing, product roll-out, and client/sales education. He is a product spokesperson for BSI Group America, Inc. regarding all product standards covering Risk, Quality, Sustainability and Regulatory Compliance.

John has been featured in many publications concerning various topics regarding information security, sustainability and business continuity such as Computer World, Quality Magazine, Continuity Insights, ABA Banking Journal, CPM Magazine, and Disaster Recovery Journal, contributor to the American Bar Association Cybersecurity Guidebook, key contributor to the NIST Cybersecurity Framework and featured on the cover of PENTEST Magazine.


Becky Swain, Cloud Assurance Director, PricewaterhouseCoopers LLP
Networking Break 10:30 – 10:45am
Case Studies: How Leading Companies Build Trust 10:45 – 12:00pm
Vincent Campitelli, Vice President IT Risk Management, McKesson Corporation Vince is a vice president with McKesson Corporation and is the IT Risk Leader for the US Pharmaceutical division. His role includes the identification, management and monitoring of IT related risks including security, compliance and privacy. Vince is also responsible for McKesson’s enterprise-wide IT Vendor Assurance program.

Prior to joining McKesson, Vince held various leadership roles with major financial service firms with the Internal Audit and Risk Management functions. Vince’s career also included over 12 years as a partner in PriceWaterhouseCoopers specializing in Technology Risk Advisory services.

Vince is a graduate of Penn State University with a degree in Mechanical Engineering and the University of Maryland with an MBA in Operations Research.

Vince is active with various risk management and security organizations, and is co-chair of the recently formed Healthcare Information Working Group of the Cloud Security Alliance.


Shelbi Rombout, Cybersecurity Partnership Executive, US Bank Shelbi is an information technology professional with over 20 years experience in leadership roles within information security, risk management and technology project management. She recently joined U.S. Bank as Partnership Executive for Cybersecurity, leading sector-wide efforts to strengthen public and private partnerships and promoting meaningful national cybersecurity legislation.

Prior to joining U.S. Bank, Shelbi led multiple Information Security and Risk teams at Bank of America. Most recently, she led the Global Information Security compliance program which primarily focused on Payment Card Industry (PCI) Data Security Standards (DSS) and Federal Financial Institutions Examination Council (FFIEC) governance for authentication in internet banking. She previously led the Insider Threat and Behavioral Analysis organizations where strategic direction was developed to implement controls and monitoring tools for mitigating potential disruptions caused by intentional or unintentional insider activity. These roles required the developed partnerships with numerous organizations to align strategies for implementing controls that support multiple compliance/security purposes.

Prior to joining Bank of America, Rombout was a consultant leading multimillion-dollar programs and high-performance teams in a variety of industries, including banking, insurance, retail and energy. She has a track record of success in generating innovative solutions to complex problems, reducing costs, fast-tracking delivery timelines while continually increasing quality.

Shelbi’s extensive experience in project management, deployment scheduling and project estimating proved beneficial to both the PMI College of Scheduling and Troubled Project Specific Interest Group, which she previously held positions on the board of directors. Rombout is seen as an industry leader in project management and has presented at professional conferences internationally.

Shelbi has received numerous accolades for operational excellence, was elected to the PCI Board of Advisors in 2013 as the representative for Bank of America and was nominated in 2010 for the Information Security Executive Southeast award.


Peter McGoff, Senior VP, General Counsel and Corporate Secretary, Box Peter McGoff is SVP, General Counsel and Corporate Secretary of Box, where he leads the legal, compliance and real estate departments and works closely with the senior management team and the Board of Directors.

Before joining Box, he was Senior Vice President and General Counsel of Informatica, where he led legal, real estate, and license-compliance functions and was instrumental in the company’s growth. As leader of the legal department, Peter’s areas of focus included software licensing and contracts, intellectual property, litigation, corporate securities, M&A and corporate governance.

Peter holds a bachelor’s degree from California State University-Sacramento, a J.D. from the University of the Pacific and a LLM in intellectual property law from the London School of Economics.


Peter Reid, Chief Privacy Officer, Hewlett Packard Peter Reid, CIPP, is the Privacy Officer for HP Enterprise Business, responsible for all aspects of privacy across the HP Outsourcing and Enterprise Systems groups. Prior to taking on this role following the acquisition of EDS by HP, he was the EDS Chief Privacy Officer. He has more than 40 years of international experience in the information-technology field, having worked in the U.S., Canada and the U.K. Peter has worked in the privacy arena for the last 14 years and prior to joining EDS in 2001, he was vice president of NCR Corporation’s Privacy Center. At HP and EDS he has helped companies such as 7-Eleven, Nextel and Home Depot in building their privacy programs. He is a recognized expert in privacy, particularly in the areas of customer relationship management and data warehousing. Peter holds a B.Sc. in mathematics from the University of Sussex in Brighton, England. He resides in Frisco, Texas. Downloads:

Adjourn – 12:00pm
This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.