W. HORD TIPTON

CISSP-ISSEP, CAP, CISA

Executive Director, (ISC)²

MR. TIPTON is the Executive Director for (ISC)², the largest not-for-profit membership body of certified information security professionals worldwide, with over 85,000 members in more than 135 countries.  In his current role, he is responsible for overseeing the management team and guiding the organization’s strategic direction in accordance with the (ISC)2 Board of Directors. Before joining (ISC)², he served for five years as the Chief Information Officer (CIO) for the U.S. Department of the Interior, and received the Distinguished Rank Award from the President of the United States, the highest lifetime award attainable by a federal civil servant.

MENG-CHOW KANG, PHD, CISSP

Chief Security Advisor, Microsoft Greater China Region

Convener, ISO/IEC JTC1 SC27 WG4 – Security Controls & Services

Board Member, SCIPP International Advisory Board

Board Member, (ISC)2 Asia Advisory Board

Co-chair, Regional Asia Information Security Exchange (RAISE) Forum

Based in Beijing, Meng-Chow has been a practicing information security professional for more than 20 years, with field experience spanning from technical to management in the various security and risk management roles in the Singapore government, major multi-nationals financial institutions, and security and technology providers.

Meng-Chow has been contributing to the development and adoption of international standards relating to information security since 1998, and initiated the formation of the Regional Asia Information Security Standards (RAISS) Forum in 2004, which has since completed seven meetings and started the development of a number of regionally focused standards deployment guides, and serving as a platform contributing to international standards development in ISO and ITU-T.

In August 2005, Meng-Chow was presented the accolade “IT Evangelist of the Year 2005” by the Singapore National Infocomm Competency Council (NICC) in recognition of his work and contribution to the IT security community and standards arena. Meng-Chow was also the recipient of the “Distinguished Award” and “Distinguish Partner Award” from the Standards, Productivity and Innovation Board (SPRING Singapore) in September 2005, and August 2008, respectively, for his continuous efforts and leadership in shaping the IT security standardization landscape in Singapore.

Meng-Chow received his MSc degree in Information Security from the Royal Holloway and Bedford New College, University of London, and completed his PhD in Information Security Risk Management at the Southern Cross University, Australia. He has been a Certified Information Systems Security Professional (CISSP) since 1998.

Mr. Errol Weiss is an executive vice president with Citigroup’s IT Risk and Program Management office and brings over 20 years of experience in Information Security to this corporate level position.  Mr. Weiss helps ensure that Citigroup receives the most thorough and highest quality threat intelligence from numerous sources including commercial providers and US Government intelligence operations.  He also ensures that threat information is delivered to the right person within Citigroup – an international organization with nearly 400,000 employees.  Formerly a senior network security analyst for the National Security Agency, Mr. Weiss was responsible for conducting vulnerability analyses and penetrations of highly classified US Government computers and network systems.  He assisted in the security engineering and design of secure systems that were capable of resisting deliberate and/or unintentional attack.  Mr. Weiss has more than 10 years of experience delivering and managing Professional IT Security Services to Fortune 100 companies including Managed Security Services, Security Product Implementations and Secure Network Designs.

Mr. Weiss is a named inventor on the patent for the Information Sharing and Analysis Center (ISAC).  Today, he is an active user of ISAC services and also serves as advisor to the FS/ISAC Board of Directors and volunteers on several committees where he provides guidance on business processes, operational improvements and membership marketing initiatives.

Mr. Weiss has presented technically at numerous national and international forums and has received accolades for his technical work in penetrations and assessments of computer networks.  Mr. Weiss has a M.S. in Technical Management from Johns Hopkins University and a B.S. in Computer Engineering from Bucknell University.

MICHEL E. KABAY, PhD, CISSP-ISSMP began programming computers in assembly language in 1965. In 1976, he received his PhD from Dartmouth College in applied statistics and invertebrate zoology and taught biology, statistics and programming as a university professor in Canada and overseas. In 1979, he joined a computer team for a new 4GL and RDBMS in the U.S. and then joined Hewlett-Packard Canada in 1980 as an operating systems and database performance specialist, winning the Systems Engineer of the Year Award in 1982.

He ran his own consulting firm, JINBU Corporation, from 1986 to 1998, specializing in operations management, facilities security, and corporate security policy development and implementation. He served as Director of Education for the National Computer Security Association (NCSA, later ICSA and the TruSecure) from 1990 to 1999 and then worked with the AtomicTangerine where he supported the International Institute for Information Integrity® (I-4®). He earned his CISSP designation in 1997.

Since 1986, he has published over 950 articles in operations management and security, written a college textbook on enterprise security (McGraw-Hill,  1996), and served as Technical Editor of the 4th Edition of the Computer Security Handbook ( Wiley, 2002). He writes two security-management columns a week distributed by Network World and is working on the 5th edition of the Computer Security Handbook for release in Winter 2008.

He has been a speaker at the United States War College, the Pentagon, NATO HQ, and at NATO Counterintelligence training in Germany. He was inducted into the ISSA Hall of Fame in December 2004 and earned his ISSMP designation from ( ISC)2 in November 2005. Dr. Kabay is the Program Director of the Master's Program in Information Assurance and is the CTO of the School of Graduate Studies at Norwich University, Northfield, VT 05663-1035 USA.

MR. STEPHEN R. KATZ, CISSP has been directly involved in establishing, building and directing Information Security and privacy functions for over twenty-five years. He is the founder and President of Security Risk Solutions, an information security company providing consulting and advisory services to major, mid-size, startup and venture capital companies. Steve is an Executive Advisor to Deloitte, is on the board of Directors of nCircle Inc, on the Technology Advisory Board of Phoenix Technologies and is of the Advisory Board of CSO Magazine. Steve is also a member of the (ISC)2 Americas Advisory Board for Information Systems Security.

Steve organized and managed the Information Security Program at JP Morgan for ten years. In 1995, he joined Citicorp/Citigroup after the Russian hacking incident. At Citi, Steve was the industry’s first Chief Information Security Officer. He spent the next six years directing Citigroup’s global Corporate Information Security office. Steve then joined Merrill Lynch as their Chief Information Security and privacy Officer, where he organized and instituted the company-wide privacy and security program.

Steve has testified before Congress an numerous information security issues and in 1998 was appointed Financial services sector Coordinator for Critical Infrastructure Protection by the Secretary of the Treasury. He was also the first  Chairman of the Financial Services Information Sharing and Analysis Center (FS/ISAC) and is an Advisor to the FS/ISAC Board of Directors.

MR. KEVIN MANDIA ,CISSP is an internationally recognized expert in the field of information security. He has over fifteen years of experience, beginning in the military as a computer security officer at the Pentagon. He has assisted attorneys, corporations, and government organizations with matters involving information security compliance, complex litigation support, computer forensics, expert testimony, network attack and penetration testing. Mr. Mandia established Mandiant specifically to bring together a core group of industry leaders on this field and solve client’s most difficult information security challenges.

Prior to forming Mandiant, Kevin built the computer forensics and investigations group at Foundstone from its infancy to a multi-million dollar global practice that performed civil litigation support and incident response services. As technical and investigative lead, Mr. Mandia responded on-site to dozens of computer security incidents yearly. He assisted numerous financial services and large organizations in handling and discretely resolving computer security incidents. He also led Foundstone’s computer forensic examiners in supporting numerous criminal and civil cases. He has provided expert testimony on matters involving theft of intellectual property and international computer intrusion cases.

During his career, Mr. Mandia has become an extremely experienced instructor. He has developed specialized classes for the Federal Bureau of Investigations, and personally trained over four-hundred FBI agents in investigating computer crime. He Has also developed specialized training for the United States Attorney’s Office, United States Secret Service, United States Air Force, State Department, the Royal Canadian Mounted Police, and other government agencies. He has trained at the FBI Academy, the National Advocacy Center, and the Federal Law Enforcement Training Center. He developed classes approved by the Continuing Legal Education (CLE) boards in the States of Virginia, New York, and California, and has trained hundreds of attorneys in the technical aspects of computer forensics and network intrusions. In addition to training law enforcement and attorneys, Kevin has provided on-site training at numerous Fortune 500 organizations. He has been a professional lecturer at Carnegie Mellon University and currently teaches courses at The George Washington University.

Mr. Mandia os co-author of Incident Response: Performing Computer Forensics (McGraw-Hill, 2003) and Incident Response: Investigating Computer Crime (McGraw-Hill, 2001). He has also written articles for SC Magazine and The International Journal of Cyber Crime. As a noted expert and author, Mr. Mandia is frequently invited to speak at a variety of forums, from legal conferences to technical security forums. He is regularly scheduled to present at Black Hat, Networld+Interop, TechnoSecurity, and the High Technology Crime Investigators Association. Mr. Mandia continues to advance the state-of-the-industry by presenting well-received articles and books. Kevin holds a Master of Science in Forensic Science from the George Washington University. He is a Certified Information Systems Security Professional, and has held government security clearances at the Top Secret and higher levels.

MR. SEAN MOSHIR is the founder and current CEO, as well as the Chairman of CellTrust Corporation. During the course of his career, Moshir has focused exclusively on strategic network, enterprise security, and Secure Mobile Information Management (SMIM) software and services that support consumer and business process integrity and optimization. Moshir is also a leading authority on IT security, having founded today’s leading security patch and vulnerability management software company PatchLink™ Corporation ( now Lumension Security) in 1991 and led the Company’s successful growth strategy.

Moshir has led several industry changing technology initiatives including the creation of ManageWare, the world’s first network management language, which he then sold the trade name and rights to IBM. In the early nineties, he co-developed one of the very first network anti-virus VAPs for Central Point Software, which was  eventually acquired by Symantec Corporation. Moshir then created sophisticated network tests called NetBasic which he licensed and then sold to Novell. In 2001, Moshir sold IT management provider Altiris (now Symantec) a system management software program designed for UNIX/Linus operation systems. Just a few years later in 2004, Moshir’s Patchlink Update™ was licensed to Novell.

As founder of the security patch management space, Moshir led Patchlink’s hyper growth aggressively increasing personnel from 18 to over 200 employees and global expansion to the United Kingdom, Australia and Singapore resulting in a 25-fold increase in sales revenue. Mr. Moshir has received recognition and honors from industry and business publications such as Network World, Network Computing, Software Magazine, IT Security, The Wall Street Journal, Forbes, and Inc.

Moshir passionately advocates CellTrust’s core mission to collaborate with the mobile community with the end result of providing an intelligent environment for the trusted and convenient exchange of relevant, often highly confidential and personal data between businesses and consumers via the mobile device.

MR. BILL MURRAY, CISSP is an executive consultant for Cybertrust Corporation and Associate Professor at the Naval Postgraduate School. He is a Certified Information Security Professional (CISSP) and chairman of the governance and Professional Practices committees of (ISC)2, the certifying body. Bill is an advisor on the Board of directors of the New York Metropolitan Chapter of ISSA. He has more than fifty years experience in information technology and more than forty years in security. During more than twenty-five years with IBM, his management responsibilities included development of access control programs, advising IBM customers on security, and the articulation of the IBM security product plan. He is the author of the IBM publication Information System Security Controls and Procedures.

Mr. Murray has made significant contributions to the literature and the practice of information security. He is a popular speaker on such topics as network security architecture, encryption, PKI, and Secure Electronic Commerce. He is a founding member of the International Committee to establish the  “Generally Accepted System Security Principles” (GSSP, now referred to as the GASSP) as called for in the National Research Council’s Report: Computers at Risk. Bill remains as an active member of this committee. He is a founder and board member of the Colloquium on Information System Security Education (CISSE).

He has been recognized as a founder of the systems audit field and by Information Security Magazine as a Pioneer in Computer Security. In 1987, he received the Fitzgerald Memorial award for leadership in data security. In 1989, he received the Joseph J. Wasserman Award for contributions to security, audit and control. In 1995, he received a Lifetime Achievement Award from the Computer Security Institute. In 1999, he was enrolled in the ISSA Hall of Fame in recognition of his outstanding contribution to the information security community. In 2007, he received the Harold F. Tipton Award in recognition of his lifetime achievement and contribution. He holds a Bachelor Science Degree in Business Administration from Louisiana State University. He is a graduate of the Jesuit Preparatory High School of New Orleans.

HOWARD A. SCHMIDT, CISSP, CISM

On December 21, 2009, the White House announced that Schmidt had been appointed to the Executive Office of the President of the United States to serve as the Cyber-Security Coordinator of the Obama Administration. This position is known more commonly as the "Cybersecurity Czar" position.

Schmidt holds a bachelor's degree in business administration (BSBA) and a master’s degree in organizational management (MAOM) from the University of Phoenix. He also holds an honorary doctorate degree in humane letters. Schmidt’s certifications include CISSP and CISM.] He is a professor of practice at the Georgia Institute of Technology's GTISC, professor of research at Idaho State University, adjunct distinguished fellow with Carnegie Mellon's CyLab, and a distinguished fellow with the Ponemon Institute.

Previously, Schmidt served as a cyber-adviser in President George W. Bush's White House and has served as chief security strategist for the US CERT Partners Program for the National Cyber Security Division through Carnegie Mellon University, in support of the Department of Homeland Security. He has served as vice president and chief information security officer and chief security strategist for eBay.

In May 2003, Schmidt retired from the White House after 31 years of public service in local and federal government. After the 9/11 attacks, he was appointed by President Bush as the vice chair of the President’s Critical Infrastructure Protection Board and as the special adviser for cyberspace security for the White House in December 2001.

While at the White House, he assisted in the creation of the US National Strategy to Secure CyberSpace. He assumed the role as the chair in January 2003 until his retirement in May 2003, when he joined eBay.

In 1997, Schmidt joined Microsoft, as the director of information security, chief information security officer (CISO), and chief security officer (CSO). He was the co-founder of the Trustworthy Computing Security Strategies Group.

In 1994, Schmidt was a supervisory special agent and director of the Air Force Office of Special Investigations (AFOSI)Computer Forensic Lab and Computer Crime and Information Warfare Division.[17] In 1996, while serving in that position, he established the first dedicated computer forensic lab in the government, which was the basis for the formation of the Defense Computer Forensic Laboratory (DCFL).

Prior to the AFOSI in 1994, Schmidt was with the FBI at the National Drug Intelligence Center, where he headed the Computer Exploitation Team. Before working at the FBI, Schmidt was a city police officer from 1983 to 1994 for the Chandler Police Department in Arizona where he served on the SWAT team and the Organized Crime and Drug Enforcement Unit, and formed and led the Special Enforcement Team.

Schmidt began his government service in the United States Air Force in 1967, where he studied chemical weapons, high explosives, and nuclear weapons while attending munitions school. Between 1968 and 1974, Schmidt completed three tours of duty in Southeast Asia during the Vietnam War. He left active military duty in 1974 when started his civil service career at the Gila Bend Air Force Auxiliary Field, since renamed as the Barry M. Goldwater Air Force Range and served as chief of transportation and deputy director of resource management until 1982.

He served in the Arizona Air National Guard with the 161st Communications Squadron based at Phoenix International Airport, from 1989 until 1998. In 1998, Schmidt transferred to the U.S. Army Reserves as a special agent, Criminal Investigation Division, where he continues to serve and is currently assigned to the Computer Crime Investigations Unit (CCIU). He has also served with the 315th MP Det (CID) at Ft. Lawton in WA. He has testified as an expert witness in federal and military courts in the areas of computer crime, computer forensics and Internet crime

Schmidt was the first president of the Information Technology Information Sharing and Analysis Center.[23] He is a former executive board member of the International Organization of Computer Evidence, and served as the co-chairman of the Federal Computer Investigations Committee.

He served as a board member for the CyberCrime Advisory Board of the National White Collar Crime Center, and was a distinguished special lecturer at the University of New Haven, Conn., teaching a graduate certificate course in forensic computing. He has also taught courses for the FBI and DEA on the use of computers and law enforcement investigations.

He served as an augmented member to the President's Committee of Advisors on Science and Technology in the formation of an Institute for Information Infrastructure Protection.

MARK D. RASCH, Esq. joined FTI as managing director in the Technology practice in February 2007. He brings over 24 years of experience in the information security field, having served for nine years as the head of the United States Department of Justice computer crime unit, and having prosecuted key cases involving computer crime, hacking, computer fraud and computer viruses.  As managing director at FTI, Mr. Rasch will be focused on helping clients in the areas of computer security, privacy and incident response. 

Mr. Rasch has spent the last 15 years consulting with commercial and governmental clients on matters related to computer security, regulatory compliance, and electronic evidence handling and computer incident response. For the past 3 years he was the senior vice president and chief security counsel and Solutionary. Prior to Solutionary, Mr. Rasch helped establish the SAIC Center for Information Protection (CIP), a business unit within SAIC dedicated to commercial information security consulting. Starting with 9 people, the CIP developed first into Global Integrity Corporation, a wholly owned SAIC subsidiary, and then was acquired by Predictive Systems, Inc. Prior to that, he was in private practice with the Washington, D.C. office of Arent, Fox, Kintner, Plotkin & Kahn. 

While at the Department of Justice, he was responsible for investigations of computer hacking cases including those of the so-called “Hanover Hacker” ring, Kevin Mitnick and the prosecution of Robert T. Morris, author of the Cornell Internet Worm in 1988. He helped the FBI and Treasury Department develop their original procedures on handling electronic evidence. He created and taught classes at the FBI Academy and the Federal Law Enforcement Training Center on electronic crime and evidence. 

He has taught evidence law at the Catholic University School of Law, and white collar and computer crime at the American University School of Law. He has taught other computer and privacy law courses and incident response classes at the University of Fairfax, George Washington University, George Mason University, and James Madison University. He has also lectured at Stanford University, Harvard University and Harvard Law School. 

Mr. Rasch is frequently featured in news media on issues related to technology, security and privacy including. He has appeared on or been quoted by NBC News, MSNBC, Fox News, CNN, The New York Times, Forbes, PBS, The Washington Post, NPR and other national and international media. He writes a monthly column in Symantec’s Security Focus online magazine on issues related to law and technology and is a regular contributor to Wired magazine.

DARNELL WASHINGTON, CISSP Is the President and Chief Executive Officer of  SecureXperts, Incorporated with over 25 years of    professional information technology experience and is actively involved in the design of secure network information technology architectures. He maintains technical certifications in Microsoft, Novell, and Citrix operating systems, and is a Certified Information Systems Security Professional (CISSP).

Within the past year, Mr. Washington was the winner in the Tech America/Technology Association of Georgia Spirit of Endeavor Awards for Technology Innovation, and received two awards in the ISC2 Information Security Leadership Awards (ISLA) for the Americas in the Sr. Information Security Professional and Information Security Practitioner Categories. 

He specializes in high assurance secure network architecture design and deployment, and data encryption using advanced Public Key Infrastructure technologies, and is the inventor of patented device encryption technologies used in Federal and military cloud hosted video surveillance platforms, as well commercial and  enterprise public and private environments.

He has served as a subject matter on the information assurance forum with the National Security Agency, and as a contract instructor for the US Department of Homeland Security Federal Law Enforcement Training Center. SecureXperts is currently engaged in the US Department of Homeland Security Mentor Protégé Program providing cyber security, video surveillance, and secure physical access control consulting and solutions integration services