Jonathan Beck is SVP of Information Security Risk Management at PNC Bank with over 15 years of experience building and managing information and cyber security teams for large financial institutions. Jonathan’s focus is currently developing a quantitative risk analysis program to consistently and efficiently communicate risk in an environment governed by intricate risk management practices and regulatory expectations. He earned his MBA at Case Western Reserve University.
Chip Block, Evolver Inc., has over 30 years of advanced technology research and development experience and has spent the last 14 years in the information assurance and cyber technology arenas. His research has included federal projects with DARPA and the Air Force Research Laboratory (AFRL) in the development of advanced cyber technologies. He is the author of the paper And Then The Accountants Showed Up….How The Insurance Industry Will Drive Cyber Technology. Mr. Block leads new market and technology development at Evolver. Evolver currently supports Security Operations Centers (SOC) for the Federal and commercial markets securing over 12,000 staff, 350,000 customers and billions of dollars of assets. Mr. Block was awarded an R&D 100 award as Co-Principal Investigator in 2003. The R&D 100 award recognizes the 100 most significant product achievements in the world and is awarded by R&D Magazine. He is a graduate of the University of Notre Dame and a certified FAIR analyst.
Dr. Jack Freund has worked in technology and risk for 18 years where he has specialized in cyber risk. Jack's book on quantifying risk (Measuring and Managing Information Risk: A FAIR Approach, coauthored with Jack Jones) was inducted into the Cybersecurity Canon in 2016. Jack’s writings have appeared in the ISSA Journal and he writes a column for the @ISACA newsletter. Jack has been awarded a Doctorate in Information Systems, Masters in Telecom and Project Management, and a BS in CIS. He holds the CISSP, CISA, CISM, CRISC, CIPP, and PMP designations. Jack's academic credentials include being named a Senior Member of the ISSA, IEEE, and ACM, a Visiting Professor, and an Academic Advisory Board member. Currently, Jack is Senior Manager, Cyber Risk Framework at TIAA. and has served on the ISACA CRISC working group since the certification’s inception. You can follow all Jack’s work and writings at riskdr.com.
Mike grew up and worked his entire career in Silicon Valley. After earning his MS degree in electrical engineering from UC Berkeley, he worked as an engineer and manager in numerous hardware and software product development organizations over a nineteen-year career at Hewlett Packard. In 2003 he started his consulting career and has managed numerous information security projects for clients such as Visa in Foster City. In 2009 he completed his MA in economics at San Jose State University and over the last six years has taught undergraduate classes in microeconomics, macroeconomics, critical reasoning and expression in economics, and cost-benefit analysis in the Economics Department there. His affection for technology and social science leads him to research and write about problems that intersect technology, law, and markets and believes that security problems we face now require critical thinking across multiple technical, social, and legal disciplines. Other elements of his life include recent governance service on his city’s Public Safety Commission and on California Hydronics Corporation’s Board. He currently co-chairs the Open Group’s Security Forum and has contributed to three American Bar Association published works and has presented across the country on economics, technology, and security.
Jack is the foremost authority in the field of information risk management. As the Chairman of the FAIR Institute and co-founder and EVP R&D at RiskLens, he continues to lead the way in developing effective and pragmatic ways to manage and quantify information risk. As a three times Chief Information Security Officer (CISO) with forward-thinking financial institutions such as Nationwide Insurance, Huntington Bank and CBC Innovis, he received numerous recognitions for his work, including: the ISSA Excellence in the Field of Security Practices award in 2006; a finalist award for the Information Security Executive of the Year, Central US in 2007; and the CSO Compass Award in 2012, for advancing risk management within the profession. Prior to that, his career included assignments in the military, government intelligence, consulting, as well as the financial and insurance industries. Jack is the author of FAIR, the only international standard VaR model for cybersecurity and enterprise technology. A sought-after thought leader, he recently published 'Measuring and Managing Information Risk: A FAIR Approach' and is a regular speaker at industry conferences.
Ryan Jones is cyber risk professional, a former US Marine, an Olympic weightlifting coach, and comedian. Surprisingly, his eight years of helping organisations quantify their cyber risk exposure in financial terms using FAIR is what makes him most unusual. A comfortable speaker with plenty of experience on stage from The Laugh Factory in Vegas to ISACA gatherings, he brings a unique perspective to the field.
Jeffrey Kutler has worked more than 35 years as a financial journalist, with concentrations including banking and payments, corporate finance, capital markets, financial technology and operations, and cybersecurity. He has been editor-in-chief at the Global Association of Risk Professionals, responsible for its Risk Intelligence coverage – and prior to that Risk Professional magazine – since December 2008. He was previously at Institutional Investor magazine, of which he remains a senior contributing editor and columnist. At II between 2000 and 2008, he served as assistant managing editor, focusing on banking and capital markets technology, as well as U.S. editor. He has also been editor of the weekly Securities Industry News and worked for about 20 years for the daily newspaper American Banker and some of its affiliates, rising to the position of executive editor.
Demetrios (Laz) Lazarikos
Demetrios (Laz) Lazarikos, a recognized visionary for building Information Security, fraud, and big data analytics solutions, is the vArmour Chief Information Security Officer (CISO). Laz has more than 30 years experience in building and supporting some of the largest InfoSec programs for Financial Services, Retail, Hospitality, and Transportation verticals. Laz’s past roles include: IT Security Researcher and Strategist at Blue Lava Consulting, CISO at Sears, CISO at Silver Tail Systems (acquired by RSA/EMC), VP of Strategic Initiatives at ReddShell Corporation (acquired by TrustWave), and a former PCI QSA. Laz is an Adjunct Professor at Pepperdine University's Graziadio School of Business and Management, holds a Master’s in Computer Information Security from the University of Denver, an MBA from Pepperdine University, and has earned several security and compliance certifications.
Tony Martin-Vegue is a 20-year technology industry veteran who started out as a Windows 3.1 phone support technician and worked his way up by running network cabling through ceilings, winning (and losing) in the late-90’s early 2000’s dot-com bubble and leading network operations teams. In the more recent past, Tony has worked in the financial services sector helping firms establish frameworks for enterprise risk assessments, developed advanced threat modeling tools, educated on risk analysis techniques and consulted on security for large-scale IT projects. Tony currently works at a Bay Area financial institution leading their security risk management program. Tony holds a Bachelor of Science in Business Economics from the University of San Francisco and holds many certifications including CISSP, CISM and CEH. Tony lives in the San Francisco Bay Area, is a father of two and enjoys swimming and biking in his free time.
Isaiah brings extensive experience helping organizations establish mature information security programs through the implementation of FAIR. As part of the RiskLens team, Isaiah works with Fortune 500 companies to train practitioners on FAIR, integrate FAIR into business processes, and operationalize risk programs. As a former network and systems security analyst, social engineer, and penetration tester, Isaiah brings a unique set of skills and experiences to the realm of cybersecurity risk management.
Jasper Ossentjuk self-funded his education working as a pizza delivery driver, an award winning chef and a seasonal worker in the Alaskan commercial fishing industry. He started his technology career as a consultant in the Financial Services practice at Andersen Consulting. He worked at HSBC for a dozen years where he led international teams spanning the globe. He is currently Senior Vice President and Global Chief Information Security Officer at TransUnion. Jasper graduated from the University of Arizona with a Bachelor’s Degree in Management Information Systems and from The George Washington University with a Master’s Degree in Project Management.
Steve Reznik is an Operational Risk Management Director at ADP where he manages the operational risk program for payroll operations in North America. Over the last five years Steve has embedded FAIR principles into the ADP operational risk management framework while automating procedures for risk issue management and building quantitative risk analysis capability. Steve’s prior roles include IT Risk Management Consultant with PricewaterhouseCoopers, IT Audit at Prudential Financial, and U.S. Air Force Officer with assignments at the Pentagon and Ballistic Missile Organization. Steve holds a M.S. degree in Mathematics from the University of North Texas.
Nicola (Nick) Sanna
Nick is the CEO of RiskLens and is responsible for the definition and the execution of the company strategy, messaging, and go-to-market plans. In 2015, Nick championed the creation of a nonprofit expert organization focused on helping organizations manage information and operational risk from the business perspective. As such, Nick serves as the President of the FAIR Institute to help Risk Officers and CISOs get a seat at the business table by leveraging the FAIR standard. A serial entrepreneur, Nick's passion is to help the industry close the gap that separates IT from the business and sees RiskLens as one of the companies that can help fulfill that vision. Prior to RiskLens, Nick contributed to closing that gap as CEO of Netuitive, a leading IT Operations Analytics (ITOA) software company and as CEO of e-Security, the pioneering Security Information and Event Monitoring (SIEM) company that was ultimately sold to Novell. Earlier, Nick contributed to the growth of ASG from $9m to $150m as VP EMEA and as COO, and acted as the VP Sales and Marketing for Amplitude Int'l, the n.1 French antivirus co. at that time whose product got acquired by Symantec. Nick is a regular lecturer at universities across the US on the subject of social entrepreneurship and is an advisory board member of the business school at CUA. Nick is fluent in 5 languages and received a masters degree in Economics and Trade from the University of Rome La Sapienza.
Kelly Uhrich is an energetic and pragmatic executive with 28 years of technology and security experience deeply rooted in the financial services industry. As KeyBank’s Deputy Chief Information Security Officer Kelly is responsible for the corporate Information and Cybersecurity Program; ensuring a cost effective risk management approach is taken to protecting the bank’s information assets and technologies while maintaining adherence to strict industry regulations. Kelly attended DeSales University and is a Certified Information Systems Security Professional (CISSP).
Chad is the VP of Customer Success and oversees RiskLens professional services, training and customer support. Chad developed a deep passion about risk management working with both domestic and international clients across multiple industries. Chad brings extensive knowledge and experience with Quantitative Risk Analysis (via FAIR) and Risk Program design & implementation. He further draws upon multiple years of experience with IT auditing & security consulting within the “Big 4” professional services firms. Outside of risk management, his experience spans across internal/external audits, security reviews (including segregation of duties), compliance benchmarking and readiness, post-implementation project risk reviews, and application deployment projects. Chad adds value to his clients through his deep knowledge and understanding of financial and IT security risks, his auditing experience across multiple industries, and through leveraging his prior experience as a software engineer designing & developing application solutions. Chad is an alumnus of Ohio University. Follow him on Twitter @chadweinman.
Evan Wheeler is an expert in information security and operational risk management for organizations in many critical infrastructure sectors. Wheeler has extensive experience presenting business resilience and cyberthreat profiles to board committees, managing international teams, working directly with regulators and overseeing security operations. He is a specialist in building and running risk programs for organizations in highly regulated environments. He earned an M.S. in information assurance at Northeastern University. He also served as a course author and lecturer for graduate programs at Clark University, Northeastern University and the SANS Institute. He published a book, Security Risk Management: Building an Information Security Risk Management Program from the Ground Up.