IMI Security Symposium - Speaker Profiles
Morning Keynote Speaker
Dave Marcus currently serves as Director of Security Research and Communications for McAfee® Avert® Labs, focusing on bringing McAfee's extensive security research to McAfee's customers and the greater security community. Mr. Marcus formerly served as Senior Security Evangelist and Strategist for McAfee, with more than ten years of technical experience in network solutions, information technology security, network performance and integration, e-learning solutions, in addition to management and consulting. Mr. Marcus' current focus at McAfee Avert Labs includes PR, media and thought leadership responsibilities, serving as blogmaster for McAfee Avert Labs Security Blog, a Technorati 10K Blog, as well as being co-host of AudioParasitics - The Official PodCast of McAfee Avert Labs. Mr. Marcus also has responsibilities for all publications from Avert Labs, such as Avert Labs' journal of security vision The McAfee Security Journal. Prior to joining McAfee, Mr. Marcus has held leadership and consulting positions focusing on information technology security services, network solutions, enterprise management, knowledge engineering and management, information technology, research & development program management, and has provided professional consulting services. His industry experience crosses all IT-based industries with a determined focus on advanced intelligence gathering, digital forensic analysis, as well as intrusion detection/prevention and analysis on both the network and host. Mr. Marcus is also a Qualified Expert Witness in Computer Forensics and Computer Security as well as being one of the most highly sought after speakers on all levels of information security.
Mr. Marcus has worked for Ajilon Consulting, SmartForce The E-Learning Company, cbtSystems, HAS, Inc., CompuSOLVE, Inc., and prior to joining McAfee served as President and Senior Security Engineer of SecureNET's Network Security Practice.
Mr. Marcus holds a Bachelor of Arts degree in Philosophy from Florida Atlantic University. He has countless hours of industry specific training, including Advanced Intrusion Analysis Methods, as well as Penetration Testing/Vulnerability Assessment and Computer Forensics.
Lunch Keynote Speaker
Patrick Gray joined Cisco Systems as its Senior Security Strategist after serving as the Director of X-Force Operations, Office of the Chief Technology Officer, Internet Security Systems, Inc. (ISS). Gray also comes to Cisco Systems after twenty years of service with the Federal Bureau of Investigation. Upon his retirement from the FBI in November 2001, he joined Internet Security Systems and created the X-Force Internet Threat Intelligence Center and thereafter was Director of the Penetration Testing and Emergency Response Teams until his promotion to the X-Force R & D Team. As a result of his service with the FBI, and the Internet Threat Intelligence Center, he has first-hand knowledge of the hacking community, its aims and methodologies as they attack government, ecommerce, energy and financial entities relentlessly.
Prior to joining Internet Security Systems, Gray served as a Special Agent with the Federal Bureau of Investigation for twenty years and has served in Baltimore, Maryland, Daytona Beach, Florida, Washington, D.C. and Atlanta, Georgia. Gray was also assigned as a Supervisory Special Agent at FBI Headquarters, Washington, D.C. in the Intelligence Division where he was responsible for global counterintelligence investigations. While serving in the Washington, D.C. area, Gray was seconded to the National Security Agency where he was responsible for an FBI group that provided operational support to the Intelligence Community.
He was transferred to Atlanta in 1988 to assume Supervisory Duties for the FBI’s Drug and Violent Gang Program in Georgia. In 1994, he assumed the duties as the Supervisor of the Technical Services Squad and served as the Acting Assistant Special Agent in Charge of the FBI in Georgia in 1996 and 1997 during the time of the spree of terrorist bombings at Centennial Olympic Park and two subsequent bombings at two women’s clinics in Alabama and Georgia.
Gray was assigned as Supervisor of the Special Operations Group in 1994 which ultimately morphed into one of the FBI’s first regional Cyber Crime Squads; and was a member of the FBI’s elite Computer Assistance Response Team as a Forensic Examiner. He has investigated cases involving financial institutions, government agencies, commercial businesses and colleges and universities. He was also assigned to the investigation of the September 11 attacks. He was the Coordinator of the Atlanta Chapter of InfraGard, an alliance between the public and private sectors for the sharing of information regarding technology security issues. He grew the Atlanta Chapter of InfraGard into the largest chapter nationally. He continues to work closely with the FBI, other U.S. Government agencies, the Department of Homeland Security and the White House.
Gray is also a board certified Homeland Security professional by the American College of Forensic Examiners International; is a member of the Association of Certified Fraud Examiners; the Information Systems Audit and Control Association; InfraGard Atlanta; the Atlanta Chapter of the Information Systems Security Association, and the International Information Systems Forensic Association. He has lectured at Colleges and Universities around the country. He has spoken at numerous technology events around the world to include Gartner Sector 5, Networld Interop, the IT World Congress, CIO Summit, GE Access, Forbes and others. He has been quoted in numerous newspapers, magazine articles and periodicals and makes regular cable television appearances.
Gray is a former Marine having served in Vietnam.
Track Speakers Frank Braun
Dr. Frank Braun is a Lecturer of Business Informatics. He specializes in IT governance, IT security, IT strategy and Project leadership. Dr. Braun has over 20 years of executive level IT management and consulting experience. His research domains include information security, business continuity planning, knowledge management and organizational leadership. He earned his B.S. from Miami University and M.B.A. from Xavier University. He recently received his doctorate degree in management from Case Western Reserve University.Tiffany Braun
Tiffany Braun is the Information Security Officer (ISO) at Spirit of America National Bank (SOANB), where she oversees all information technology audits, information security and business continuity planning. She joined SOANB after working for a local bank as the Information Systems Manager and Information Security Officer. In addition, she teaches part-time in the College of Informatics at Northern Kentucky University.
Tiffany holds a Certified Information Systems Auditor (CISA) certification. She also has a Masters of Accountancy and Masters of Information Systems from Northern Kentucky University, and a Bachelor’s of Science from Indiana University, Bloomington. She has one year of continuing studies in the Executive Doctorate of Management program from Case Western Reserve University, where she focused on research in business continuity and disaster recovery planning. She is also a Certified Flight Instructor.
Steve is a senior managing consultant and service delivery manager for IBM Internet Security Systems (IBM ISS). He has over ten years of operations and project management experience, including extensive knowledge of project planning and strategy, Steve has been responsible for helping IBM ISS’ clients assess, design, manage and implement information protection policies, processes, and enterprise technology deployments.
Steve has broad expertise in security policy and procedure analysis and development, security strategy and deployment planning, security operations management, and security audits and assessments. Steve has driven security management initiatives and provided all levels of policy development across many types of industries, including financial, healthcare, energy, retail, manufacturing, and federal, state, county, and local governments.
Steve previously managed ISS’ national policy practice and helped develop its Payment Card Industry (PCI) assessment practice. Steve currently manages service delivery for IBM ISS’ central region and assists customers in defining project requirements and scope, allocating appropriate resources, and managing overall project costs. He is accountable for the overall results in meeting project objectives and for ensuring high quality engagements. Greg DeBlasio
Dr. De Blasio teaches Business Communication, Public Relations Writing, and PR Case Studies and Campaigns. His research interests include the study of communication campaigns as they relate to social issues and organizational legitimacy.
Greg joined the communication department at NKU in 2004. He earned his Ph.D. in Communication from Wayne State University. He received his M.A. from Pennsylvania State University and his B.A. from William Paterson University.
A past International Association of Business Communicators (IABC) board member and chapter president in Detroit, Greg has provided public relations and marketing communication counsel to clients based in Detroit, New York City and elsewhere.Kelley Ealy
Kelley Ealy is current employed at Cincinnati Bell Technology Solutions as a Security Consultant. She has 10+ years experience in the security field, previously working for a large national healthcare company and a regional insurance company. She has experience in implementing enterprise applications, managing the technical aspects for audit/compliance, designing a secure infrastructure, and developing Security Programs and Disaster Recovery Plans. Kelley holds her CISSP and SANS GSEC certifications.
Charles Frank received his Ph.D. from the University of Virginia in 1975. Dr. Frank has taught at Penn State and Iowa State and worked at Bell Labs. He has been a member of the computer science faculty at Northern Kentucky University since 1979. During the Spring Semester of 2003, Dr. Frank was a Visiting Scholar at the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University. He regularly teaches courses in computer security and computer information technology.
His paper “Getting a Hook on Phishing” with Laurie Werner of Miami University won a Distinguished Paper Award at ISECON 2007. At SIGCSE’08, Dr. Frank has presented workshops in secure programming and software security with Dr. James Walden. He has guided a number of undergraduate research projects. His latest project with Justin Billig and Yuri Danilchencko resulted in a paper “Evaluation of Google Hacking” that will be presented at InfoSecCD’08. Doyle Friskney
Extensive experience in leadership positions associated with IT. Successfully established working partnerships with University of Kentucky administrators, faculty, and students. Responsible for all administrative, research, and instructional computing systems and services campus-wide. Worked to develop the communications infrastructure at the University. Successfully coordinated the deployment of the voice systems, wide area networks, and local area networks. Currently deploying an extensive campus-wide wireless infrastructure. Provide comprehensive security services for a research university that supports a medical center. A broad educational and business background provides a sound foundation to ensure success, interfacing technology and personnel to complement contemporary challenges in today’s marketplace. Lisa Gallagher
Lisa Gallagher, BSEE, CISM serves as HIMSS’ Senior Director of Privacy and Security. In this role, she is responsible for all of the privacy and security programs and volunteer Steering Committee, Task Force and five Work Groups. As well, Ms. Gallagher provides privacy and security content support for HIMSS’ Federal and State Government relations/advocacy work.
With more than 25 years of experience consulting in security engineering, hardware design and software development, Ms. Gallagher is a thought leader with respect to the practical application of security techniques and standards as well as privacy and security policy in today's health care environment.
Before joining HIMSS, she served as the Certification Development Director for the Certification Commission for Health Information Technology (CCHIT), where she helped develop the product certification program for electronic health record (EHR) products.
In a past position as Senior Vice President of the Health Information Technology Department at URAC, an independent, nonprofit healthcare accreditation organization, Ms. Gallagher created and managed a series of information technology-focused healthcare accreditation programs, including the HIPAA Privacy and Security Accreditations.
Ms. Gallagher has a Bachelor of Science degree in Electrical Engineering, is a certified trust technology evaluator (NSA), and is a Certified Information Security Manager (CISM) (ISACA). Trey Grayson
Secretary of State Trey Grayson was elected to office in November of 2003 in his first run for political office and at the time of his election was the youngest Secretary of State in the country. In 2007, he became one of only two Republican state-wide elected constitutional officers to win a second consecutive term in modern history. Since taking office, Grayson has quickly become a national leader in elections, civics, business services, and government innovation.
Grayson has modernized the Office of the Secretary of State by bringing more services online, enhanced Kentucky’s election laws through several legislative packages, and revived the civic mission of schools in Kentucky by leading the effort to restore civics education in the classroom. Frank Molsberry
Frank Molsberry is a Technologist in Dell's Office of the CTO with a focus on Security Architecture and Technology. In that role he supports the current engineering efforts for incorporating security hardware and software into Dell products, works with the various security technology companies to evaluate and influence current and planned offerings, and participates with standards organizations such as the Trusted Computing Group (TCG) in the definition of future security standards.
Prior to his current position, Mr. Molsberry helped found Dell’s Workstation Architecture and Development team and, more recently, the Enterprise Architecture and Technology Group. In all, he has over 25 years of management and engineering experience in advanced system software development and PC system architectures. Frank has a Bachelor's degree in Computer Science from the University of Texas at Austin and has a number of patents in the area of computer security. He does regular customer briefings on emerging technology trends.
Marco Morana serves as a leader of the OWASP Cincinnati Chapter where he is actively involved in evangelize on web application security through presentations at local chapter meetings as well as outside the USA. Marco is also active contributor to OWASP projects: he is currently contributing to write the OWASP threat modeling methodology for the source code review guide and the latest version of the OWASP security testing guide. Besides contributing to OWASP, Marco works as Technology Information Security Officer for a large financial organization with key roles in defining the web application security roadmap and activities, documenting security standards and guidelines, lead security assessments for software security as well as training software developers and project managers on software security and information security processes.
In the past, Marco served as senior security consultant and independent consultant where his responsibilities included providing software security services for several clients in the banking, telecommunication, computers and financial business sectors. Besides security consulting, Marco had a career in the software industry as security technologist with responsibility to design and to develop business critical security software products for several FORTUNE 500 companies as well for the US Government (i.e. NASA).
Marco work on software security is referred in the 2007 State Of the Art report by the Information Assurance Technology Analysis Center (IATAC). For his computer security work on S/MIME secure email for NASA in 1999 Marco received the Space Act Award and a patent.
Marco strategic work on application and software security is widely published on In-secure magazine, Secure Enterprise, ISSA Journal and the C/C++ Users journal. Marco posts on software security strategies on his blog. Scott Paisley
Scott Paisley serves as a Principal Security Architect for IBM Internet Security Systems. With more than 20 years of systems integration, networking and security expertise, Paisley is responsible for architecting business security solutions to defend and protect against IT threats.
Prior to joining IBM Internet Security Systems, Paisley held technical and management positions at the National Institute of Standards and Technology. There he worked on systems integration products, web design, systems administration and Internet technologies.
Paisley is a frequent speaker at leading industry events, such as Forbes CIO Forum, Forbes Risk Management, Interop New York, and InfoSecurity New York.
Paisley holds a bachelor’s degree in computer science from the University of Maryland in Baltimore.
Forensic Examiner, Computer Analysis Response Team
Federal Bureau of Investigation
Mr. Roden is a certified forensic examiner of digital evidence at the Miami Valley Regional Computer Forensics Lab. He examines physical evidence under a documented quality assurance program that includes annual proficiency testing, technical and administrative reviews and adherence to standard operating procedures. Mr. Roden is also a Coordinator of the FBI’s InfraGard program and leads the I-SHIELD Cincinnati Task Force, teaching Internet safety to children and parents.
Ria Farrell Schalnat is a patent attorney with a technology focus in telecommunications, billing, and other software-oriented inventions. Substantive practice includes prosecution, litigation, due diligence reviews and portfolio management. She has a B.S. in Computer Science and worked for several years as a programmer before obtaining her juris doctorate and joining Frost Brown Todd in 1999.
Ms. Schalnat was elected as President of the Cincinnati Intellectual Property Law Association (CincyIP) for the 2008-2009 term. She is also a member of the Intellectual Property Owners Subcommittee on Open Source.
Ms. Schalnat performs pro-bono legal services through Volunteer Lawyers for the Poor in the area of adoption law. She is an amateur chess player and enjoys singing in choirs.
With over 10 years of specific storage security experience, Blair is the Education and Alliances Officer for the SNIA Storage Security Industry Forum, and the Storage Security Evangelist at NetApp focused on information security and, more specifically, storage security. He is responsible for delivering global outbound communications on the state of the storage security market, emerging standards for storage security, Introduction to Encryption, the work being done in the IEEE P1619 and other communities. In addition, Blair works directly with NetApp customers defining the requirements, challenges and benefits of storage security along with the value that NetApp solutions bring to this environment.
Prior to joining NetApp, Blair was with Kasten Chase in a variety of roles including Technology Officer and Business Development Director. From 1996 - 2004 he was the company's primary interface with the National Security Agency's RASP program. Working together with NSA, Kasten Chase created a multifaceted technology solution that supported over 20,000 users requiring access to classified data via mobile laptops. The RASP solution included both encrypting PCMCIA modems and the first laptop security solution certified by NSA to protect classified information. A large part of Blair's role involved educating military, intelligence and other government personnel on aspects of storage and communications security for mobile users in the U.S., and around the world.
A physics major at Wilfrid Laurier University in Waterloo Canada, Blair has continued his education in information security including having attained both CISSP and ISSEP certifications - the latter credential demonstrating competence in the rigorous requirements for information security engineering and currently held by only 300 or so individuals worldwide. Dean Smith
Dean Smith is a Regional Manager in the Information Services Department of Mercy Health Partners, Cincinnati, OH
Dean has been involved in the Healthcare information Services for 32 of his 35 years with Mercy Health Partners. He has held a number of leadership positions in Information Services Department. Dean is presently the organization’s Information Security Officer
Dean received his Bachelor of Science degree from the Thomas More College. Dean also holds a PMP from the Project Management Institute and holds a CCP designation form the ICCP. Dean is also hold an ITIL Foundation Certificate in IT Service Management. James Walden
James Walden is an Assistant Professor of Computer Science at Northern Kentucky University. He is the author of a number of papers on software security and has given talks and workshops on secure programming and software security at a variety of conferences. He teaches graduate and undergraduate classes in information and software security at NKU and offers regular software security workshops to professionals through NKU's Infrastructure Management Institute.
Dr. Walden received his Ph.D. from Carnegie Mellon University in 1997. He then worked at Intel as a software engineer, with a focus on security sensitive applications, for five years. Prior to coming to NKU, he was a Visiting Professor of Computer Science and Engineering at the University of Toledo. Laurie Werner
Laurie Werner received her M.S. in Bioengineering from Polytechnic University in 1978. Laurie has been teaching at Miami University since 1979. She was a member of the Computer Science and Systems Analysis (CSA) department until 2002, when she helped form and then joined the new Department of Computer and Information Technology (CIT). She remains an affiliate in CSA, and teaches courses in both CSA and CIT. She teaches programming courses to majors and non-majors and in the last five years has become the only person to teach Data Communications and Network Security courses to undergraduates at the Hamilton and Middletown campuses of Miami University.