SPEAKERS AT THE ENTERPRISE RISK / SECURITY

MANGEMENT CONFERENCE – OCTOBER 6, 2022

Neba Ambe, Director of Information Systems, City of Chicago

Neba Ambe heads the Governance Risk and Compliance (GRC), in the City of Chicago’s Information Security Office. He is responsible for the strategic development, implementation, and maintenance of the department’s GRC program. Over 22 years of work history focused on security review and analysis of applications/systems in development and production, the establishment of a governance framework for information security, operationalizing compliance, and policy management. He has a passion, taking a systems approach, for aligning data flow maps and processes with business goals, applicable regulations, and standards.

 

He has packaged a tool set for risk identification, assessment, and analysis that includes a data flow diagram as the fundamental to building secured systems and the speedy security review of applications. Most recently, he designed an internal virtual bi-monthly series for promoting a comprehensive awareness of the risk and compliance activities of data protection and security in the city workforce aimed at strengthening the personal accountability of users.

 

Neba holds a doctorate degree in Technology and Systems Management from Michigan State University. 

 

 

Bob Ertl, Sr. Director, Kiteworks 

 

 

Bob brings over 20 years of enterprise software product marketing, consulting, and product management experience, covering compliance and security, unstructured and structured content, and analytics. Prior to joining Kiteworks in 2014, he brought innovative business intelligence and data warehousing products to market at Oracle, Hyperion, Brio, and several start-ups, and led implementation projects across a variety of industries.

 

 

Paul Kunas, Information Security Governance Risk and Compliance, Accenture

 

Paul Kunas is the Executive Director, Information Security GRC at Accenture responsible for information security governance, compliance, and risk management. He was previously with Sidley Austin, a global law firm, as the Global Director of Information Security and Risk Management. Prior to Sidley, he was the IT Security Governance and Strategy Senior Manager for Exelon Corporation, one of the nation’s leading power utility companies. Paul’s career journey started with Accenture in 1997 where through Senior Manager he provided information security consulting to fortune 500 companies.

 

Paul is a CISSP with over 23 years of information security and professional experience consulting and implementing leading edge solutions. He has experience with security organization/program development, risk management, vulnerability management, network security, identity and access management, incident response, and most other security domains. Paul holds a MS in Information and Communication Science from Ball State University.

 

Ricardo Lafosse, Chief Information Security Officer, Kraft Heinz

 

Ricardo Lafosse is chief information security officer for Kraft Heinz. Lafosse is responsible for IT risk governance, OT security, incident management, technical disaster recovery, and determining enterprise-wide security policies and procedures. Lafosse regularly presents on security topics at global conferences, including MirCon, ISACA CACS and Secure World.

 

Prior to his current role, Lafosse was chief information security officer for Morningstar, where he was responsible for providing strategic information security leadership, implementation and governance for the Information Security Program.

 

Lafosse has more than 18 years of experience in information security for the government, banking, legal, healthcare and education sectors. Lafosse began his career in information security consulting in finance.

 

Lafosse holds a Master’s in Information Assurance from Iowa State University. He also holds the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) designations.

MilroyDerek

Derek Milroy, Information Security, U.S. Cellular

 

Derek has been implementing security in corporate environments, as both an internal employee and a consultant, for five years. Although he has implemented firewalls, IDSs, and VPNs for various employers and clients he focuses heavily on securing Microsoft hosts and Domain structures. He has hardened hundreds of hosts in environments ranging from less than a dozen servers to enterprise environments with over 1000 servers and thousands of users. In conjunction with hardening he has also crafted and implemented standards, policies, and procedures to maintain the security of his employer’s / client’s environments.

Jim Mirochnik, CEO & Senior Partner, HALOCK Security Labs

 

Jim Mirochnik has served as the CEO and a Senior Partner at HALOCK Security Labs since 2013. He has over 28 years of technology and management consulting experience. Mirochnik has been a Founder and Partner of multiple companies and holds a double-concentration MBA from the University of Chicago Booth School of Business. He is a seasoned security practitioner and has architected large-scale technology programs exceeding $100 Million in budget. Mirochnik was a contributing author to the DoCRA standard in 2018 and currently is a Board Member on the DoCRA Council.

Michael Neuman, Chief Information Security Officer, Backstop Solutions Group

 

As an accomplished professional and dynamic leader with hands-on experience defining and implementing security programs for financial services, e-commerce, banking, retail, and software organizations, I excel in regulated environments with my ability to navigate ever-changing needs, improve operations, and continuously drive compliance.

 

I cultivate partnerships and build trusted relationships across global business sectors, including executive-level communications within industry-leading organizations.

 

During my career, I have led onshore and offshore teams, maintaining a high level of performance standards, while simultaneously enhancing operations focused on business solutions and client engagement.

 

Subject Matter Expertise: Security Program Infrastructure, Compliance, Risk Mitigation, Threat Analysis, Enterprise Security, P&L, Team Leadership, SOX, HIPAA, and Technical Problem Solving.

Brian Palmer, Director IT Security & Infrastructure, Ventas

 

Adaptive, customer-focused cyber security and infrastructure executive skilled at delivering projects and services of superior quality; history of leading large, geographically-disbursed teams to meet service level agreements, timelines, and budget targets with solutions that result in improved IT scalability, availability, security, and cost efficiency.

 

 

Highlights of Expertise

  • CISSP and CCSP Certified
  • Global Technology Management
  • Enterprise IT Infrastructure Management
  • Data Center & Network Management
  • IT Security Management
  • ITIL Methodologies
  • Disaster Recovery & Business Continuity
  • Short / Long-Range Strategic Planning
  • Recruiting, Team Building & Training
  • Contract Negotiation / Vendor Relations
  • Budget Management & Cost Reduction
  • Metrics Creation, Analysis & Reporting

Byron Rashed, Vice President, Centripetal

Byron Rashed has over 20 years of industry experience spearheading global marketing and public relations programs in various B2B organizations that target IT security solutions to the enterprise and OEM markets.

 

As Vice President of Marketing at Centripetal, he leads all marketing and PR functions and is part of the senior management team. In his previous role as the Vice President of Global Marketing, Advanced Threat Intelligence for InfoArmor (acquired by Allstate), he was directly responsible for creating and implementing all global marketing and public relations strategies and tactics to develop brand awareness, product positioning and corporate communications.

 

Prior to joining InfoArmor, Mr. Rashed was the director of global marketing and product management at Emerging Threats (acquired by Proofpoint), and has held senior level global marketing positions at Altior, FirstCarbon Solutions and SSH Communications Security, the original developer of the Secure Shell (secsh) protocol, and senior global marketing manager at VPNet Technologies (acquired by Avaya).

 

Mr. Rashed holds a Bachelor of Science degree in industrial engineering from New York University – Polytechnic, and is pursuing a graduate certification in marketing and communications from the University of California, Irvine. He is a member of the Public Relations Society of America, American Marketing Association and Institute of Industrial Engineers.

 

Steve Shelton, CEO, Green Shoe Consulting

 

Steve has a background with Social Emotional Learning, which is an educational framework to help individuals regulate their mental and emotional states, communicate effectively, understand themselves and others and make healthy decisions. Steve is in the process of becoming a Certified Mental Performance Consultant certification (CMPC). This is a highly desired credential training mental skills to perform optimally. 

 

 

Green Shoe Consulting is uniquely suited to help IT Security practitioners learn how to be the best – in the boardroom and living room. Green Shoe Consulting was founded by Steve Shelton after spending 15 years selling enterprise security software. Steve witnessed the challenging demands placed on IT Security practitioners related to their careers, interpersonal relationships and their mental / emotional health.

 

 

The intimate knowledge of stressors and anxieties IT Security practitioners face and a deep understanding of high performant mental skills positions Green Shoe Consulting as a leader in helping executives perform optimally.