CISO Broadcom Corporation
Geoff Aranoff serves as Broadcom Corporation’s CISO. Aranoff is responsible for Broadcom’s enterprise security strategy including monitoring and control systems and risk management for intellectual property protection. Broadcom has more than 12,000 employees around the world and the number one IP portfolio among fabless semiconductor companies as ranked by IEEE.
Aranoff leads an organization responsible for adopting and enforcing policies for internal and external risk management; IT security including network, application, endpoint and storage security; and electronic discovery. Aranoff is also responsible for forensics for ongoing security investigations. Aranoff has been Broadcom’s CISO for more than eight years during which time has also served as Broadcom’s chief privacy officer. In this role he led the organization through a comprehensive Safe Harbor Certification program to ensure adherence to EU privacy directives. Aranoff joined Broadcom in 1999 from the entertainment industry where he worked for Warner Brothers and Disney in Windows-based standards and support.
Aranoff launched his career after serving for six years in the U.S. Marine Corp reserve.
CISO Toyota Motor Sales North America, Inc.
Bently Au is the CISO for Toyota Motor Sales, USA Inc., the marketing, sales, distribution and customer service arm of Toyota, Lexus and Scion. He established the enterprise information security program, with overall responsibility for information risk management, security compliance, threat management and education and awareness. His team also provides consultative services to high-risk business areas as well as security incident and investigation services.
Au's information security experience broadened from a technical focus on network security in 1997 to include privacy, investigations, policy and standards development, and SOX compliance. In his 21 years at Toyota he has held positions in application development and IT research and development, giving him a wide breadth of experience, business knowledge and relationships that facilitate the teamwork needed to advance information security initiatives. Au earned a B.S. in mathematics from University of California, Los Angeles and also holds CISSP and CISM certifications.
CTO RSA, The Security Division of EMC
Tim Belcher is RSA’s CTO, responsible for the company’s overall product vision, development and technology roadmap. Belcher has worked in information security for more than 20 years, providing security to the largest financial services organizations as well as intelligence, defense, federal entities. Belcher has founded two companies, Riptech and NetWitness, which was sold to RSA in 2011. Ernst & Young recognized him as “Entrepreneur of the Year” in 2001.
CISO Creative Artists Agency
Jeff Blair has been with Creative Artists Agency for the past 13 years, currently serving as CISO. In this capacity, he heads information risk management efforts, with responsibilities for the management and implementation of information security, identity and IT legal compliance services. Previously, Blair has held consulting positions with Sprint and Bell Aliant.
Executive Director, Information Security USAA
Tom Clark is executive director of information security at USAA. In this executive leadership role, he is responsible for managing information security risk across the internal technology architecture and the extended USAA supply chain. Clark also has responsibility for strategic and operational leadership of member security capabilities and the USAA Privacy Office.
Since joining USAA in 2005, Clark has served in executive leadership roles in channel management, enterprise business operations and USAA Bank. Prior to joining USAA, he served in multiple business and technology leadership roles at Bank of America. He was also previously CIO of BankUnited in Miami, Florida.
Clark obtained his MBA from University of Florida and his BBA in Finance from University of Texas at Austin.
Georges De Moura
Director, IS/IT Infrastructure and Security Thales USA Thales Group
Georges De Moura is the director of IS and IT infrastructure and security for Thales USA. De Moura has more than 15 years of experience leading organizations in all areas of IT infrastructure and security including global IT operations for Thales USA business units, data center management as well as managing and developing IT security. He was recognized for efficiently managing operational strategies and directed countrywide implementation projects flawlessly while consistently delivering desired results and increasing the end-user satisfaction. He also produced substantial core savings, optimized systems and successfully utilized technology to maximize business efficiency. De Moura is currently focusing on a new information security officer role for Thales USA and developing a comprehensive strategy that includes enterprise threat and risk management, countrywide cloud strategy and policy and a security training and awareness program.
CISO Las Vegas Sands Corp.
Phillip J. Ferraro was selected as the VP and global CISO for the Las Vegas Sands Corp in May 2013. In this role, Ferraro is responsible for all aspects of the global cybersecurity program, including strategic planning, global cyberoperations, security architecture and engineering, as well as PCI, SOX and gaming compliance.
Prior to his current position, Ferraro was the CISO for DRS Technologies, responsible for strategic and tactical planning and compliance with the Defense Security Service industrial security program requirements. He also served as the CISO for the FCC, where he successfully transformed the FCC cybersecurity program into a cybersecurity center of excellence in the federal government.
Prior to the FCC, Ferraro served as the CISO in the Department of Defense for the U.S. Army and Europe, where he was instrumental in revitalizing the cybersecurity program. Prior to his position in Europe, Ferraro served in the same role for the United States Southern Command and took USSOUTHCOM’s FISMA rating from one of the lowest of all combatant commands, services and agencies to the highest rating possible in just over one year.
Ferraro retired from the U.S. Army in 1995 following a distinguished career in U.S. Army Special Forces.
CISO Mattel, Inc.
Todd Friedman is a versatile leader with more than twenty years experience in information security and IT management. He currently leads global information security for Mattel, the worldwide leader in the design, manufacture and marketing of toys and family products.
Friedman has spent more than twenty years in IT, previously in the insurance and entertainment industries, where he led numerous functions, including infrastructure planning and management, systems integration, PMO, project management, governance, compliance, and for the past decade, information security. Prior to joining Mattel in 2012, Friedman was SVP and CISO of Universal Music Group, the world largest music company.
A native of Los Angeles, he holds an MBA degree from UCLA and a B.A. degree from UCSD in history, with minors in psychology and biology. Friedman has the following certifications: CISSP, CISM, CRISC and CIPP.
AVP IT Security & CISO Molina Healthcare, Inc.
Sudhakar Gummadi is the AVP and CISO at Molina Healthcare Inc. As CISO, Gummadi manages and leads the enterprise security information technology department.
Gummadi has extensive experience in IT security and worked in various security roles at other companies. He has more than 20 years of experience in the information technology field, specializing in areas of information security and technical management. Gummadi previously worked for companies like Symantec and EDS Corporation.
He holds a master’s degree in public administration and a master’s degree in computer science. He is also a certified CISO executive from Carnegie Mellon University, a CISSP from ISC2, an ISACA member and a Governing Body member for the Southern California CISO Executive Summit.
VP & CSPO Intel Corporation
Malcolm Harkins is VP and CSPO at Intel Corporation, responsible for managing the risk, controls, privacy, security and other related compliance activities for all of Intel’s information assets, products and services.
Before becoming Intel’s first CSPO, Harkin was the CISO. Harkins also held roles in finance, procurement and various business operations. Harkins has managed IT benchmarking efforts and Sarbanes Oxley systems compliance efforts; acted as the profit and loss manager for the flash product group at Intel; was the general manager of enterprise capabilities; and worked in an Intel business venture focusing on e-commerce hosting.
Harkins previously taught at the CIO institute at the UCLA Anderson School of Business. He has received numerous awards and recognitions, including excellence in the field of security award at the 2010 RSA conference; 2012 Top 100 Information Technology Leader by Computerworld; (ISC)2 2012 Information Security Leadership Award; and Top 10 Breakaway Security Leader at the 2013 Global CISO Executive Summit. Harkins is a frequent speaker at industry events and author of “Managing Risk and Information Security, Protect to Enable.”
Harkins received his bachelor’s degree in economics from the University of California at Irvine and an MBA in finance and accounting from the University of California at Davis.
Security & Investigations Manager Aera Energy LLC
John Hester is the security and investigations manager for Aera Energy LLC, a joint venture of Shell and ExxonMobil. Hester leads Aera’s physical and cybersecurity efforts and has done so since 2002. He and his team are responsible for protecting Aera’s people and assets, including the all-important information asset. During Hester’s 36 years with Aera and Shell, he has also managed their respective IT infrastructures. Prior to that, he worked in numerous petroleum engineering and management roles for Shell. He graduated from Rice University with a B.S. in electrical engineering and an MBA from the University of Texas.
Managing Consultant - Data Security and Privacy Practice FishNet Security
Jason Hicks is responsible for managing FishNet Security’s global data security and privacy practice. This includes services including data security product implementation, data lifecycle analysis, sensitive data discovery, data classification, data security and privacy program development, data security and privacy risk assessments and risk management. Prior to his role at FishNet Security enabling clients to establish comprehensive information security solutions, Hicks was responsible for product security at a major medical device maker. His specialties include security program development, privacy program development, software development security, medical device security, penetration testing, ISO 27001 certification, vulnerability management, physical security program development, investigations/forensics, policy and procedure development, incident response, HIPAA security/privacy and disaster recovery. Hicks holds a master’s degree in information technology and is a CISSP, HISP and CICP.
Co-Founder & CTO PhishMe
Aaron Higbee is the co-founder and CTO of PhishMe Inc. directing all aspects of development and research that drives the feature set of this market-leading solution. The PhishMe method for awareness training was incubated from consulting services provided by Intrepidus Group, a company that Higbee co-founded with Rohyt Belani in 2007. Higbee remains on the board of directors for Intrepidus Group.
Before PhishMe and Intrepidus Group, Higbee served as principal consultant for McAfee’s foundstone division, where he was a lead instructor and known for his ability to mentor and develop junior consultants into expert penetration testers. Prior to his seven years of consulting experience, Higbee worked for large Internet service providers, handling security and abuse incidents, subpoena compliance and datacenter security.
Higbee enjoys the diverse personalities in the information security community and is known for building creative environments needed to promote rich personal and professional development. His creative touch is evident in the unique way he recruits and retains talent.
Higbee is a speaker at regional conferences and associations as well large conferences such as BlackHat, DefCon and Shmoocon. His expert opinion is a valuable resource for many media outlets interested in security.
SVP & CISO Universal Music Group
Arthur Lessard is SVP and CISO for Universal Music Group. He is responsible for developing and implementing policy and practices to protect UMG’s intellectual property and other critical business information, as well as leading the company’s IT security group, establishing data security policy, ensuring compliance, implementing information security best practices and developing a blueprint for information security throughout the enterprise.
Lessard brings more than 15 years of experience in IT and security, including building and leading information security and risk management teams in support of maturing the overall security posture of an organization.
Prior to UMG, Lessard worked at Mattel as CISO, responsible for information security governance, architecture and operations for the global organization. His background also includes serving as head of worldwide security and network infrastructure for Technicolor, responsible for the protection of customer content and intellectual property throughout the various Technicolor services organizations. He also led The Walt Disney Company’s IT security policy and strategy organization, was head of IT security architecture for Disney and served as director of security and network infrastructure for Questia Media Inc.
Lessard received his Ph.D. from UCLA in computer networking and has developed and taught information security courses for UCLA’s computer science department.
Software Engineer Johns Hopkins University Applied Physics Laboratory
Margaret Lospinuso is a research computer scientist at the Johns Hopkins University Applied Physics Lab. At the lab, she works on projects related to cybersecurity, both APL-sponsored independent research and projects sponsored by the U.S. government. Prior to joining APL, she worked at the National Security Agency from 1986 until her retirement in 2010. While at NSA she served in a number of positions, leading work on integrated circuit design and test, software analysis, and cybersecurity. She served as a senior subject matter expert for cybersecurity research from 1998—2010.
Principal Client Svcs. PwC
Gary Loveland is a principal in PricewaterhouseCoopers' advisory practice and is part of the leadership team for PwC's global security practice. Loveland has deep experience in IT, cybersecurity and risk management, as well as extensive hands-on security management and implementation experience. He has functioned as a data security officer and has worked closely with executive management teams to recommend and implement security strategies in large-scale business environments. Loveland has worked extensively with the key vendors in the security industry to deploy security solutions to solve business needs. His experience also includes network, Internet and enterprise security solutions.
Director, IT Security Trident USA Health
A highly accomplished information security leader with more than 15 years of experience protecting information assets, risk management, incident management and compliance management, Dan Meacham is recognized as a top contributor to the information security community through support and advisory board membership at the University of Dallas, Texas A & M University, UCLA Extensions and VHA.
Meacham’s enterprise-wide security and risk management strategies set the standard for enterprise security operations in large public, private and not-for-profit organizations. Meacham has managed domestic and international investigation teams and budgets. Some of his career highlights include developing a national information security architecture model for healthcare, CISO finalist for the United Nation’s World Health Organization (2006) and transforming a 32% PCI compliance program to 97% compliance in less than 12 months. Meacham is a founding Co-Chair of the Evanta Southern California CISO Executive Summit.
Cybersecurity, Director for Critical Infrastructure Protection White House National Security Staff
As part of the White House National Security Staff, Samara Moore is the director for cybersecurity critical infrastructure protection, coordinating across the federal government and partnering with the private sector on efforts to strengthen cybersecurity for all critical infrastructure sectors. Prior to joining the National Security Staff, Moore worked as the senior information technology and cybersecurity advisor at the Department of Energy, focused on cybersecurity for the energy sector and managing public-private partnerships. She also played a key role in IT and cybersecurity governance for the DOE. While at DOE, Moore led the development of the electricity sector cybersecurity capability maturity model, which is being used both domestically and internationally. She has worked as a consultant, systems engineer and IT manager and has performed security assessments, managed security operations and security planning for government agencies as well as private industry.
Moore received a bachelor’s degree from Virginia Tech in accounting and information systems and a master’s degree from the George Washington University in engineering management systems engineering, where she is currently an adjunct professor.
Sr. Research Scientist Pacific Northwest National Laboratory
Elena Peterson is a senior research scientist at the Pacific Northwest National Laboratory.
She has 24 years of experience in software development, data management and program development in many areas including bioinformatics, physics, computational chemistry and cybersecurity.
She is currently the principal investigator for the MLSTONES project, which applies algorithms and tools from the biological sciences to create new and innovative solutions to relevant cybersecurity problems, thus merging two of her main interests. She continues to focus on research and development in major national security interests as well as maintaining work in the fundamental sciences.
Program Manager – Transition to Practice- Cyber Security Division U.S. Department of Homeland Security
Michael Pozmantier is the program manager for Transition to Practice in the Cyber Security Division within the Science and Technology Directorate of the U.S. Department of Homeland Security. The Transition to Practice program works to transition federally funded cybersecurity research to broad utilization through partnerships and commercialization in order to strengthen the cybersecurity of the nation.
Prior to managing the Transition to Practice program, Pozmantier worked in the DHS S&T OCIO for eight years and at the Department of Veterans Affairs for two years. During this time, he was responsible for managing network development and deployment projects, software re-engineering projects, data center consolidations, cybersecurity pilots and an inter-departmental information sharing initiative for the care of Wounded Warriors.
Pozmantier graduated from University of Texas at Austin with a B.A. in government.
Chief Security Strategist & SVP Blue Coat Systems, Inc.
Dr. Hugh Thompson is chief security strategist and SVP at Blue Coat and a leading force in the information security industry. He has more than a decade of experience creating methodologies that help organizations build demonstrably more secure systems and has co-authored three books on the topic. In 2006 he was named one of the Top 5 Most Influential Thinkers in IT Security by SC Magazine. For the past three years, Thompson has served as the program committee chairman for RSA conference, the world’s largest information security gathering, where he is responsible for guiding the technical content at both the U.S. and European RSA conferences. He also sits on the editorial board of IEEE Security and Privacy Magazine.
Thompson holds a B.S., M.S. and Ph.D. in applied mathematics from the Florida Institute of Technology. For the past few years he has been an adjunct professor at Columbia University, where he taught a graduate course that explored cutting-edge techniques for secure software development and software vulnerability exploitation.
VP of Products Vormetric, Inc.
Derek Tumulak is VP of products for Vormetric. He joined the company in 2012, bringing product management and engineering expertise from more than 15 years in the information security industry. As head of the product management organization, Tumulak is responsible for product direction and strategy, working closely with Vormetric’s enterprise, government and cloud service customers to develop and deliver products that meet their data security needs in the face of a rapidly intensifying threat landscape and the corporate mandate to leverage cloud technologies.
Tumulak has deep domain expertise, having spent three years as VP of product management for enterprise data protection at SafeNet. He also served as VP of product management and engineering for Ingrian, where he helped grow the company from an early-stage startup to a leading provider of data security and compliance solutions for enterprises, financial services, retail businesses and healthcare organizations. Tumulak holds a bachelor’s degree in computer engineering from the University of Waterloo in Canada.