Conference Sessions

Ron Woerner has over 17 years of experience in the security industry. He has been quoted in CSO, SC, and Information Security magazines and has been a noted speaker at security conferences throughout the U.S. including the RSA, CSI, and NebraskaCERT Security Conferences. He has been employed as an Air Force Intelligence Officer, the Information Security Officer for the Nebraska Department of Roads, a UNIX administrator for the Mutual of Omaha Companies, and the Lead Security Engineer for CSG Systems and ConAgra Foods. He is now the Security Compliance Manager for TD Ameritrade. Ron earned a Bachelors degree from Michigan State University and a Masters degree from Syracuse University in Information Systems. He was awarded the CISSP security certification in August of 2001, the NSA IAM certification in August of 2003, the Certified Ethical Hacker (CEH) designation in December 2005 and is a Certified Forensics Investigator.

Brad Smith (RN, ASCIE, BS-Psy MCNPS, CISSP, NSA-IAM) started his computer training in 1971 and is still going strong. Living in the North West, Brad is currently working as a private practice informatics nurse helping rural and frontier medical facilities comply HIPAA. His company, the Computer Institute of the Rockies was selected as the 2005 Microsoft Small Business Solution Partner of the Year for its innovative and cost effective business solutions. He is a frequent speaker at the national medical and security conferences, where he makes complex ideas simple to grasp. Brad is known for his high-energy style of presenting and the real-world experiences he shares during these sessions. He values an active session where everyone is encouraged to share their ideas.

Michael Metzler has 25 years of experience in Computer Science, Computer Networking and Security. He has delivered consulting service internationally that includes expertise and experience in security policy, security planning, network design and troubleshooting. Mr. Metzler has designed global networks for Fortune 500 customers and provided network security services for many major corporations, as well as for the United States and foreign government agencies. As a consultant, he has specialized in security policy, global network designs, enterprise networking strategies, and network security for customers that include major airlines, automobile manufacturers, aerospace and aircraft manufacturers, power utilities, pharmaceutical companies, petroleum companies, regional and global telecommunications providers, computer hardware, software manufacturers and government customers including network design and security work on Capitol Hill and at the White House, as well as with the Department of Defense. He has been a Certified Information Systems Security Professional (CISSP) since 1998, is a Certified Information Security Manager (CISM), and a member of FBI InfraGard. As a speaker, he has presented computer networking and security seminars worldwide at customer locations and public conferences including Computer Security Institute (CSI), NetWorld+InterOP, Internet World and Electronic Commerce Expo, International Computer Security Association (ICSA), and previous Digital Equipment Computer User Society (DECUS) events. His current projects include Information Assurance of aircraft data networks; providing system engineering, specifications, and security architecture for Internet and broadband networking aboard commercial airlines and U.S. Government aircraft; as well as counseling commercial enterprises in developing security programs to reduce risk related to Personally Identifiable Information and to meet Payment Card Industry Data Security Standards (PCI/DSS).

Mr. Paul Harker is a respected professional with distinguished 12-year career analyzing, designing, implementing and managing Information Systems Security infrastructures for large global businesses and government institutions across multi-platform environments. He has developed consulting methodologies that focus on compliance with security industry standards such as the former Visa CISP, MasterCard SDP, ISO17799 and the current Payment Card Industry (PCI) Data Security Standards. He has an MBA from the University of Washington, and is a Certified Information Systems Security Professional (CISSP), a Certified Information Security Manager (CISM) , as well as a Project Management Professional (PMP)

Editor Sara Peters joined the Computer Security Institute (CSI) in 2005, taking on a security beat that includes both policy issues (like Web vulnerability disclosure legislation and the Payment Card Industry Data Security Standard) and technological issues (like Windows Vista security and third-party patching). Prior to her work in information security, she served as associate director of communications at Princeton University's School of Engineering and Applied Science, writing and editing their quarterly magazine. She began her reporting career in a small newspaper chain after graduating from Rutgers University with a B.A. degree in journalism.

Jahan Moreh is the chief security architect at Sigaba. In this role, Jahan works with Sigaba's internal development staff and external customers to implement practical security strategies in Sigaba's product line. Moreh is co-holder of US patents 6158007, 6584564, and 69593636, all related to information security. He has testified before the Social Security Administration commission on the issues regarding privacy protection of citizens in face of information availability on the Internet. Moreh is a frequent speaker at major conferences and has published numerous papers and articles. In addition, Jahan Moreh is a senior member of teaching staff at the Department of Engineering and Information Science at UCLA, where he teaches classes in Distributed Systems Security.

M. Peter Adler is an attorney and the President of InfoCounsel, LLC. Two years ago Peter served as the Interim Chief Information Security Officer at the University of Colorado in Boulder. Last year he fulfilled similar duties for Montgomery College in Rockville, MD. In his security and privacy practice, he assists organizations with governance and legal issues pertaining to information security and privacy compliance. This practice follows a unified approach in providing simultaneous security and privacy compliance with multiple regulatory regimes. The laws, regulations and private standards he works with include the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), the EU Data Protection Directive (including the US ?Safe Harbor? and other derogations), FDA security regulations (21 C.F.R. Part 11), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), the Federal Education Records Protection Act (FERPA), the Federal Information Systems Management Act (FISMA) and the numerous state laws regarding notice of security breaches the Payment Card Industry (PCI) Data Security Standard, and ISO, NIST and FIPS security standards. He also provides legal support during e-discovery and forensics in preparation for litigation.

Kimber recently joined Embarcadero Technologies, bringing more than 10 years experience in the Information Security industry. She started her career at Ernst & Young specializing in IT compliance; helping Fortune 500 organizations meet both regulatory and internal information security requirements. This included developing risk assessment, compliance, policy management, and product evaluation programs. She then spent 5 years at NetIQ, responsible for driving the strategy and marketing around the company?s policy-based security products and sharing her regulatory compliance expertise with customers in all types of industries. She also regularly works with industry analysts from such firms as Gartner, META (now Gartner), and Forrester on these topics. Kimber has a bachelor?s degree in Accounting from Baylor University, an MBA from Michigan State, and has received the Certified Public Accounting, the Certified Information Systems Auditor, and the Certified Information Systems Security Professional designations.

Nicholas Miller is an innovative career entrepreneur who has founded a number of successful private and publicly traded companies in the software, wireless, and Internet sectors. His wide ranging experience as a high technology executive includes over 25 years of direct P & L responsibility, along with extensive experience in sales, marketing and technology start-ups. Miller was one of the first to identify the security threats posed by wireless technology and coined the phrase

Tara Kissoon is a Director within Visa?s Information Security Services where her focus is on security assessments, security management and providing security expertise. She represents Visa on several International Working Groups. Tara has over 15 years experience in various aspects of Information Technology. Tara?s diverse experience includes security reviews of complex network architectures, facilitating multi disciplined risk assessments, conducting various workshops and forums, and leading Information system audits specializing in system development, web architectures, application and database reviews and SOX compliance. Tara taught at Seneca College, where she was responsible for the development, delivery, and evaluation of information technology curriculum. She was appointed to represent her college on several advisory committees and developed the first security course at Seneca College. Tara is a Certified Information System Security Professional (CISSP) and a Certified Information Systems Auditor (CISA) and has achieved various industry certifications.

Mr. Wells is a senior consultant with 19 years (15 years with Getronics) of professional experience in the IT industry and is currently responsible for a team of Infrastructure Engineers engaging in both pre-sales and post-sales opportunities including Network Architecture, Mobile Infrastructures, Unified Communications, and Video Conferencing. Most recently he was responsible for the US Security and Communications Portfolio Practice for North America and has managed large projects for both government and enterprise customers. He was also a key contributor to building the current global solution set for Getronics Network, Server, and Application Management Services. Throughout his career, he has focused on delivering IT services in a consistent, cost effective, and secure manner. This emphasis on security, wireless technologies, and IPT services brought him into the Getronics consulting organization to help distribute industry leading solutions amongst all Getronics services. Mr. Wells has both technical and business knowledge of the operations, delivery, and financial aspects necessary to run an effective ICT organization. He has managed up to 77 people in the ICTC organization, with a $5.1 million budget. Having been involved in the business line delivery most of his career; he brings a unique perspective on what is expected from a supporting organization. This part of the business does not drive the business through technology, but analyzes the business requirements and is a business enabler through technology. His experience in delivering outsourced services to external customers was very integral in beginning Getronics? EWWS/SWWE business initiative. Ultimately with the goal of reducing centralized expense allocations to the individual business lines to help facilitate lower pricing and increased revenue.

Milton H. Luoma, Jr. holds the degrees of Juris Doctor, M.S. in Computer Science, M.B.A., and M.S. in Engineering. He has also completed advanced work in the Ph.D. program in business at the University of Cincinnati. He has practiced law and worked as a business consultant in Minnesota for over 20 years. He has designed and developed the Computer Forensics and Computer Security programs at Fond du Lac Tribal & Community College in Minnesota. He is currently an Assistant Professor teaching Computer Science and Computer Foreniscs at Metropolitan State University in St. Paul, Minnesota. , Previous Speaking Engagements: Midwest Association for Legal Studies in Business Conferences; American Academy for Legal Studies in Business; Keynote Speaker at Northeast Service Cooperative Conference; Fairview Hospital Public Lecture Series; Brenau University Online College Conference; Minnesota State University IT & Wireless Technology Conference Licensed Attorney at Law, State of Minnesota; Graduate Certificate in Computer Forensics, Oregon State University; NTI Computer Forensics Certification

Vicki Luoma holds a Juris Doctor degree and is a candidate for a Ph.D. in Business. She has practiced law and worked as a business consultant in Minnesota for over 25 years. Further, she is a former Vice President of a small business university. She is currently an Assistant Professor in the College of Business at Minnesota State University.

Dr. Logan is an associate professor in the College of Information Technology and Engineering at Marshall University. She has taught information security, computer forensics, multimedia, and cybercrime. She has been an invited speaker at both national and international conferences on security topics. In addition to her academic experience, Dr. Logan has over sixteen years of corporate experience including Assistant Vice President of Information Services at Sanwa Bank, Monterey Park, California. Her research interests include information security, computer forensics, Fourth Amendment issues that apply to the search and seizure of computer media, and the application of computer technology to courtroom presentations.

Ari Takanen, founder and CTO of Codenomicon, has since 1998 been focusing his work on information security issues in next-generation networks and security critical environments. The work of Codenomicon and the University of Oulu aims at ensuring that new technologies are accepted by the general public by providing means of measuring and ensuring quality in networked software. Ari Takanen is one of the people behind the PROTOS research that studied information security and reliability errors in e.g. WAP, SNMP, LDAP, VoIP implementations. His company, Codenomicon Ltd. provides automated tools with a systematic approach to test a multitude of interfaces on mission critical software, including but not limited to VoIP platforms, Internet routing infrastructure and 3G devices. Ari has been speaking at numerous security and testing conferences, and also at leading universities and international corporations. Especially the presentations at commercial companies have shown that that what we do at Codenomicon really matters and makes a change to the information society in general. He has co-authored a book on Voice over IP security (published by Addison-Wesley).

Todd Fitzgerald, CISSP, CISA, CISM serves as a Medicare Systems Security Officer for National Government Services, LLC (NGS), Milwaukee, WI which is the nation?s largest processor of Medicare claims, and subsidiary of WellPoint, Inc. (NYSE:WLP) the nation?s largest health insurer. Todd was named as a finalist for the 2005 Midwest Information Security Executive (ISE) of the Year Award, nominee for the national award, Judge for the 2006/08 central region awards, and has moderated several Executive Alliance Information Security Executive Roundtables. Todd is the co-author of the ISC2 book entitled CISO Leadership: Essential Principles for Success (January, 2008) and has authored articles on Information Security for The 2007 Official ISC2 Guide to the CISSP Exam, The Information Security Handbook Series, The HIPAA Program Reference Book, Managing an Information Security and Privacy Awareness and Training Program, and several other security-related publications. Todd is also a member of the Editorial Board for ISC2 Journal/Information Systems Security Magazine and is frequently called upon to present at national and local conferences. Todd serves on the Board of Directors for the HIPAA Collaborative of Wisconsin, and is an active leader, participant and presenter in multiple industry associations such as Information Systems Security Association (ISSA), Blue Cross Blue Shield Information Security Advisory Group, CMS/Gartner Security Best Practices Group, Workgroup for Electronic Data Interchange (WEDI), Information Systems Audit and Control Association (ISACA), and others. Todd has 28 years of Information Technology experience, including 20 years of management. Prior to joining NGS, Todd held various broad-based senior Information Technology management positions for Fortune 500 organizations such as American Airlines, IMS Health, Zeneca (subsidiary of AstraZeneca Pharmaceuticals), Syngenta, as well as prior positions with Blue Cross Blue Shield of Wisconsin.

Lisa Lorenzin is a Principal Solutions Architect with Juniper Networks, specializing in security solutions, and a contributing member of Trusted Network Connect (TNC), a work group of the Trusted Computing Group (TCG) that defines an open architecture and standards for endpoint integrity and network access control. She has worked in a variety of Internet-related roles for the past 13 years, with more than a decade of that focused on network and information security. Lorenzin's experience in data center, government and enterprise environments, as well as her active participation and service in local user groups, has brought her a thorough understanding of the challenges network administrators and users face in today's world of expanding regulations and increasing security threats.

Mr. Conorich is the Global Solutions Manager for IBM Global Services? Managed Security Services. In this capacity, he has responsibility for developing new security offerings, insuring that the current offerings are standardized globally, and all training of new members of the MSS team worldwide in how to do "Ethical Hacking" and service delivery. Mr. Conorich teaches people how to use the latest vulnerability testing tools to monitor Internet and Internet connections and develop vulnerably assessments suggesting security related improvements. Mr. Conorich is also actively engaged in the research of bugs and vulnerabilities in computer operating systems and Internet protocols and is involved in the development of customized alerts notifying clients of new potential risks to security. Mr. Conorich has over 30 years of experience with computer security holding a variety of management positions. He joined IBM in 1997. Prior to coming to IBM, he was a Principal Security Analyst with AXENT Technologies, Inc., a leading vendor of computer security applications and services. For over five years, he analyzed customer?s enterprise security requirements and helped them find practical business solutions. He was, also, AXENT's UNIX security products manager, where he designed and managed AXENT's UNIX security product offerings.

Tom Prunier is a Computer System Security Analyst for Lockheed Martin. Tom is currently contracted to the Federal Bureau of Investigations as a Cyber Crimes Investigation Instructor and a certified Intrusion incident handler. Tom previously was a Detective and a member of the Internet Crimes Against Children?s Task Force for the State of Kansas and has investigated a wide variety of computer related crimes at the Local, State, and Federal Level. Tom has responded to numerous incidents in an investigative and computer forensic capacity. Tom has a Master of Arts in Computer Information Management and is an Associate Professor at Southwestern College in the fields of Criminal Justice, Computer Science, and Security Management.

Dr. Anita D?Amico is the Director of Secure Decisions, a division of Applied Visions, Inc. in Northport, NY. She is both a human factors psychologist and an information security specialist. Her research, publications, and teaching have been in the areas of: situational awareness, particularly improving decision-making through visualization; information security and information warfare; cognitive analysis; operational fatigue; and research methods. All Dr. D?Amico?s research projects stress the development of visualizations that can be rapidly transitioned into real operational environments for real-world evaluation and early adoption.

Branden R. Williams could easily be described as one of the industry?s leading experts but that title does not encompass his robust talents. With four active professional certifications, a list of publications, more than a decade of experience, and an enviable knowledge of technology he has earned the respect of global, top named clients and industry insiders. Yet, Williams is much more than an IT expert, his astute understanding of business has enabled him to create innovative solutions that align with key organizational objectives. This rare combination of technology and business expertise has resulted in Williams becoming a sought after Information Technology and Strategy Leader by the world?s foremost corporate executives. Equally impressive is Williams high energy, results oriented business style. Williams is firmly committed to partnering with organizations to maximize profitability and opportunity. Williams has a steadfast belief that IT and IT security should support and contribute to an organization. Utilizing his keen business insights and ability to communicate with technical and non-technical audiences, he has been able to collaborate with corporations to analyze, develop and implement enterprise wide solutions that support key business drivers. Williams has worked with clients in the financial, retail, healthcare, manufacturing, utilities, transportation, service provision and industrial sectors. He currently manages a multi-million dollar consulting practice while leading a global team of 80 certified Qualified Security Assessors (QSAs). Williams holds an MBA in Supply Chain Management and Logistics from the University of Dallas where he is also a graduate level Adjunct Professor consistently ranked in the top 10% of professors. He is a Lifetime Member of Pi Sigma Epsilon, and Founding Member of The Michelangelo Group Security Alliance. Williams is also a sought after speaker and author.