Gaissa header

Speaker Bios & Presentation Abstracts

Sam Aiello
"Effective Role of CyberSecurity Leaders"

1. "Learning to Speak the Language"
2. Challenges surrounding contextual information security
3. "Compliant does not mean secure"
4. Due care (action) and due diligence (research) on the part of Sr Mgmt.

Sam is an accomplished, industry-recognized, technology optimization, digital transformation and customer experience expert. His background is in: strategy & planning, governance, operations, and enterprise architecture. He’s worked in the industry for over 25 years, with roles in information technology, telecommunications and information security as executive, manager and practitioner.

He’s experienced in consulting across industry verticals, quantifying current and emerging risk, building internal cooperation and executive buy-in, and developing organizational strategies. He’s been involved in numerous convergence & software implementations, large scale rollouts of industrial and process control systems, and development of information security policy for many international and US enterprises.

Sam has guest lectured at Georgia State University, presented at ISACA conferences, and taught the Communications & Network Security domain of the CISSP exam review course. He’s a frequent speaker and session facilitator on the topics of IT risk management and corporate governance. He holds many industry and network certifications including CISSP. He is a member of ISACA, ISSA, ISC², AIMA. He holds an MBA in finance, BA in Industrial Education and working on an MSc in Information Security Leadership.

^ Top of page

Back to Agenda


Faisal Ansari
"Today is May 24, 2018. Are you ready for tomorrow?"

Yet another set of compliance mandates, aka, GDPR, has been thrusted upon the global business community. But unlike the time of GLBA, SOX, PCI, FFIEC, this time, clear lines have been drawn on the financial impact of non-compliance.

Join Faisal Ansari with Trustmarq, as he debunks some of the myths regarding GDPR, describes some of the most effective first few steps to take (if you haven’t started or just getting around to it), engage in a roundtable-style dialog with other participants on how they are dealing with GDPR compliance, and learn how addressing GDPR can systemically help your Cyber Security cause.

Govern Your Data to Fully Capitalize on Your Cyber Security Investments. Get Your Money’s Worth for a Change. Pun intended.

Mr. Ansari is an experienced business leader and a technology practitioner, with a success record of establishing and operating globally recognized programs and operational capabilities for Fortune 500 businesses across numerous industry verticals.

Faisal's primary domain expertise include Cyber Security, Risk & Compliance, Business Resiliency, IT Strategy & Transformation, and Portfolio, Program, & Project Management. He has a proven track record focusing on Strategy, Baselining/Benchmarking, Enterprise Architecture, Service Transformation, and Process Improvement.

In his 20+ years of career successes, Faisal has consistently enabled businesses in fulfillment of their business imperatives. He has a proven ability to champion organizational change and sustained growth. As a skilled negotiator, relationship-builder, and an effective leader; Faisal is accustomed to engaging at all organizational levels.

Mr. Ansari has contributed to authorship of several industry standards and frameworks such as from ISO and NIST, and is an exam question writer for CISSP, CISM, CRISC, and PMP. He is a regular speaker and industry presenter.

^ Top of page

Back to Agenda


Nasir Bilal
Infinite Resources
"Leveraging MindMeid in the Palo Alto Networks Ecosystem"

In order to prevent successful cyberattacks, many organizations collect indicators of compromise (IOCs)from various threat intelligence providers with the intent of creating new controls for their security devices.
Unfortunately, legacy approaches to aggregation and enforcement are highly manual in nature, oftencreating complex workflows and extending the time needed to identify and validate which IOCs should beblocked.
Now security organizations can leverage MineMeld, an open-source application that streamlines the aggregation, enforcement and sharing of threat intelligence. MineMeld is available for all users directly on GitHub, as well as pre-built virtual machines (VMs) for easy deployment. With an extensible modular architecture, anyone can add to the MineMeld functionality by contributing code to the open-source repository.
In order to prevent successful cyberattacks, many organizations collect indicators of compromise (IOCs)from various threat intelligence providers with the intent of creating new controls for their security devices.
Unfortunately, legacy approaches to aggregation and enforcement are highly manual in nature, oftencreating complex workflows and extending the time needed to identify and validate which IOCs should beblocked.
Now security organizations can leverage MineMeld, an open-source application that streamlines the aggregation, enforcement and sharing of threat intelligence. MineMeld is available for all users directly on GitHub, as well as pre-built virtual machines (VMs) for easy deployment. With an extensible modular architecture, anyone can add to the MineMeld functionality by contributing code to the open-source repository.

Nasir is an experienced network and security engineer,with deep knowledge of enterprise networking solutions. He is a subject matter expert on the Palo Alto Networks eco system.  He has been in the network and security space since 2009.  At Infinite he deploys Palo Alto Networks firewalls and Panorama (management platform) in a wide variety of environments, from small county school districts to federal research organizations and Fortune 500 companies with data-centers on every continent. 

^ Top of page

Back to Agenda


James Bower
- Quantum Security-
"Pen Testing is Dead: Adapt or Demise"

The ROI provided by a typical penetration test continues to diminish year after year. This can be seen by an ever changing threat landscape where more and more successful breaches are beginning from malicious attachments and links. With these newer threats bypassing perimeter defenses, C levels need to begin looking at their security postures through a different lens.

James Bower is a Managing Partner at Quantum Security - a strategic Threat Hunting and Threat Intelligence consulting firm based in Atlanta, GA. He is also the creator of Engaged Threat, a counter deception technology that aids in the attribution of cyber criminals.

With over 15 years of hands-on Information Security experience, James’s versatility allows him to move seamlessly between the trenches and the board room giving him a truly unique perspective. He has applied his innovative and resourceful background across multiple sectors for a diverse list of Fortune 500 companies. When not consulting James maintains a steadfast focus on advancing various areas of InfoSec including, adversary hunting, threat intelligence, big data, and machine learning.

Since 2015, James has lead the Threat Intelligence and Threat Hunting Meetup Group, where he manages various events and workshops for the Atlanta cyber security community.

^ Top of page

Back to Agenda


Dan Christiansen
"Is Siem Enough?"

In this day and age, a SIEM leveraging threat intelligence only catches many of the known threats. But insider threats and unknown threats can not be caught by traditional detection methods. Unknown threats require unsupervised machine learning to baseline user and device behavior and detect anomalous events. These anomalies can then be aggregated into actionable threats for the security team to review.

Daniel Christiansen has been in the security field since the late 90s.  Dan currently works for Splunk as the Southeast Regional Security SME and focuses on SIEM and User Behavior Analytics for Fortune 500 companies.  Dan also spent six years working on security projects with the Intelligence Community and DoD, focusing on secure mobility, MDM, as well as mobile VPN technology. 

^ Top of page

Back to Agenda


Meenaxi Dave
Gwinnett Tech
"CISO Challenges"

The role of CISO is changing, expected to have a professional toolkit of astute business leader, technical guru and an excellent communicator.  The increasing rate of high profile security breaches have accelerated the evolution of the role of the CISO from one of focusing primarily on the implementation and management of information security technologies, to one of a critical risk management consultant and business strategist.  The advent of game changers like mobile apps, social media, cloud computing to ever-growing list of new regulations and compliance, need are adding complexity to the environment.   Business wargaming is an adaptation of the art of stimulating moves and counter-moves in a commercial setting.  Here is the top 10 list that would help CISOs to carry out tactical and strategic functions to implement a high performance information security program.

Meenaxi Dave is an experienced Information Security educator with proven success developing, delivering and evaluating IT security training programs. She holds her Masters in Computer Science from the University of Memphis in Tennessee and a Diploma in Cybersecurity from Gwinnett Technical College. She also holds professional certifications in CCISO, CISSP, CEH, CEI, COMPTIA Security+, Network+, and Linux+. Currently, she works as an adjunct instructor for Information Security at Gwinnett Technical College and Kennesaw State Continuing Education.  She is on the board for the Technology Association of Georgia (TAG), the Information System Security Association (ISSA) and Infragard.

^ Top of page

Back to Agenda


Russell Eubanks
Federal Reserve Bank
"Now What? A Pragmatic Approach to Effective Breach Response for Leaders"

You read about it all the time and now it has just happened to you - the dreaded data breach. Fast forward to next Friday afternoon at 4:42pm. As a leader, your phone rings and your heart sinks as it is confirmed that you customer database has just been posted online for everyone to see. What intentional steps can a leader take in this moment to help ensure an effective breach response that has just now started!

Russell Eubanks is Vice President and Chief Information Security Officer for the Federal Reserve Bank of Atlanta. He is responsible for developing and executing the Information Security strategy for both the Retail Payments Office and the Atlanta Reserve Bank. Russell has developed information security programs from the ground up and actively seeks opportunities to measurably increase their overall security posture.

Russell is a SANS Certified Instructor, Handler for the SANS Internet Storm Center, Serves on the Editorial Panel for the Critical Security Controls and maintains He holds a bachelor's degree in computer science from the University of Tennessee at Chattanooga along with numerous certifications.

^ Top of page

Back to Agenda


Mark Gelhardt
"The White House and its Dependable Security"

Talk about The White House and its Physical Security and its Information Technology Security – what makes it DEPENDABLE and how can you transfer that same type of thinking to what you do in your business.

Mark has over 35 years of experience in providing Executive Level management in the area Information Technology and Information Security fields as a CIO, CSO, and CISO.  

Mark started his working career in the Army and retired as a Colonel (select).  At the pinnacle of Mark’s career he was nominated and selection to work at the White House as the CIO/CISO equivalent, supporting President Clinton, the VP, the White House Staff, and the U.S. Secret Service managing all the classified automation and telecommunications for the Executive Branch.

Since retiring from the Army, Mark has held several executive leadership positions; CIO/CSO for World Airways/Global Areo Logistics (US largest long haul charter airline), Deputy CIO of Global Operations/CISO for InterCall/West (World’s largest conferencing company), CISO for TravelClick (SAS in the hospitality space), Acting/Interim CISO for the Georgia Lottery and NCR. 

Currently Mark is the AVP, Cyber Risk Remediation for US Bank/Elavon.  Mark has been with US Bank/Elavon for 2 half years.  Elavon is one of the top five Credit Card processor in the world

^ Top of page

Back to Agenda


Malakondayya Gorantla
"Crypto in the Enterprise"

Cryptography is a powerful tool that helps an enterprise to achieve its information security goals and meet the compliance requirements. While there are many read-to-use cryptographic solutions available, evaluating and choosing the right solution/product is a complicated task for information security practitioners. The goal of this talk is to provide an overview of enterprise –level cryptographic products and discuss how such a product should be evaluated against the vendor’s claims.

The talk will first outline typical enterprise cryptographic solutions, both hardware and software, that encrypt data at different layers and states. The best practices for key management will be discussed as well. The second part of talk will focus on a typical use-case for application level encryption in an enterprise and describe the development and deployment life-cycles of a security product that aims to satisfy the use case. As we look at each stage in these life-cycles, we will discuss what an enterprise security architect should look for when evaluating a security product that implements cryptography.

Dr. Malakondayya Choudary Gorantla is a Security Architect with WaveStrong Inc, where he primarily focusses on cryptography and key management solutions for enterprise. He previously worked as a Cryptography Architect at CipherCloud Inc, where he was responsible for continuous innovation and secure implementation of cryptographic protocols. Over the last 12 years, He worked in multiple roles in different organizations and has all-round information security experience in research, design, development and consulting. Dr. Gorantla has a PhD in Cryptographic protocols from Queensland University of Technology, Brisbane, Australia and CISSP from (ISC)2.

^ Top of page

Back to Agenda


Mike Gotham
"Hunting Advanced Persistent Threats"

Sophisticated attackers are responsible for some of the worst information security breaches ever.  These Advanced Persistent Threats are some of the most concerning threats information security professionals can face.  This session will discuss APT Tools, Techniques and Processes and how to hunt for them.  This session will also detail best and worst practices while defending against these attackers.

Mike Gotham is an Advisory Systems Engineer covering the RSA NetWitness Suite. Gotham holds multiple third-party security certifications and has worked with a range of customers in different verticals.  He is versed in both endpoint and network forensics as well as some of the latest attacker tools and techniques.  Prior to joining RSA, he worked as a Systems Engineer covering VMWare and Cisco portfolios.

^ Top of page

Back to Agenda


Joe Gray
Sword & Shield
"There is Hope in Defending Against It"

Ransomware is possibly the single greatest technical threat to an organization. New vectors are being used almost daily with new exploit kits and phishing campaigns abundantly enabling them. This talk discusses the various types and motives behind malware and takes a deeper dive into the infection vectors in terms of files types, patterns of attack, and characteristics. Emphasis is placed upon integrating with the Incident Response plans and two ransomware variants are deconstructed to show possible Indicators of Compromise that would enable security professionals to detect and prevent such infections.

The talk transitions into an interactive discussion as to whether antivirus is dead and then addresses mitigation strategies, both technical and non-technical in nature. The conclusion is a discussion about integration with training, culture, threat intelligence, and incident response, business continuity, disaster recovery, contingency, and continuity of operations plans.

Joe Gray joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Joe is an Enterprise Security Consultant at Sword and Shield Enterprise Security in Knoxville, TN. Joe also maintains his own  Blog and Podcast called Advanced Persistent Security. He is also in the SANS Instructor Development pipeline, teaching SANS Security 504: Hacker Tools, Techniques, Exploits, and Incident Handling. In his spare time, Joe enjoys reading news relevant to information security, attending information security conferences, contributing blogs to various outlets, bass fishing, and flying his drone.

^ Top of page

Back to Agenda

Bruno Haring
"Navigating China Cybersecurity Regulations"

China's new Cybersecurity Law is significantly impacting the way companies are doing business in China. We will discuss how companies are addressing the following questions: What are the key elements and implementation requirements of the law? How do they apply to multinational companies doing business in China? What are the key challenges companies are facing and how can you navigate them?

Bruno is a Director and Market Leader with PwC's Cybersecurity and Privacy practice based in Atlanta, GA. With over twenty one years of experience, both nationally and internationally, in cybersecurity and IT risk management and transformation, Bruno helps Fortune 500 organizations navigate and address cybersecurity, IT and governance risks resulting in improved business performance and value.

Bruno focuses in emerging technology and digital risks by working with the Board, C-level suite and Internal Audit tackle information security as a business issue and to improve the organization’s cybersecurity defensible posture and risk management program disciplines. Bruno has a strong background in assessing and implementing cybersecurity, privacy, IT risk, business resiliency, vendor risk, and data protection programs; and delivering third party assurance and IT Internal Audit engagements. Bruno also leads teams in penetration testing and vulnerability assessments, threat modeling, and secure adoption of Cloud based solutions.

Bruno is a proven practice leader, has published thought leadership, is a frequent speaker at various professional associations, and also helps organizations implement and assess against various security, regulatory and compliance frameworks, including ISO27001/2, COBIT, NIST, GDPR, PCI, ISF, and HIPAA. In addition, Bruno has significant experience in the supervision of large scale IT initiatives, and advisory oversight of technology integration engagements.

Prior to joining PwC, Bruno served as an Information Security and IT Risk advisor and competency leader in EY's Advisory practice and in Andersen’s (formerly Arthur Andersen) Business Consulting practice, and in the Global Technology Integration Services group in Andersen Consulting (now Accenture) where he had lead application and data architecture design and development responsibilities nationally.

^ Top of page

Back to Agenda

Sean Henry
"How to Run a Successful Bug Bounty Program"

Now in its third iteration, Bugcrowd’s State of Bug Bounty Report mines data from more than 600 managed programs, providing an unparalleled look into the global bug bounty economy.

The 2017 State of Bug Bounty Report, to learn how crowdsourced security assessments are helping security teams protect their mobile and web applications, hardware, and external networks.

Sean Henry has a total of 11 years of experience in the cybersecurity industry. Sean is most known for his work at Rapid7 where he was a key sales leader tied to the explosive east coast growth. Originally, Sean started off in the staffing worked and ended up joining forces with Deidre Diamond to launch CyberSN in Boston. CyberSN is a national cybersecurity staffing company.

Sean is very connected in the security community and has a wide depth of experience building sales teams.

In the past Sean has presented at a variety of ISSA, ISC2 & OWASP events around the east coast. ISC's Portland chapter has recognized Sean for his contributions through the years.

^ Top of page

Back to Agenda


Barry Herrin
Herrin Healthcare Law
"Cyber-Risk, Cyber Insurance and Human Resource Issues in Cyber Space"

The Health Care Industry Cybersecurity Task Force in its June 2017 Final Report recommended a “holistic strategy” that supports both business AND clinical objectives within the healthcare industry. The problem most healthcare enterprises face in acting holistically is that cybersecurity is kept in its own silo, using a unique framework to analyze risk that does not easily translate into return in investment for the technology spend, while the rest of the risk management decisions almost exclusively use dollars saved or financial measurements of risk avoided. This seminar will explain how to apply the NIST Risk Management Framework to the healthcare system as a whole, utilizing people and processes (not just technology) to address both cybersecurity risk as well as other health care business and clinical risks – in effect, using the framework to apply to all risk management analyses and mitigation strategies in advance of unpublished Revision 5 to NIST SP 800-53, which purports to do exactly that.

Barry Herrin is the Founder of Herrin Health Law, P.C., a boutique law practice dedicated to the needs of health care providers.  He regularly represents health care providers in all segments of the industry and advises on a wide variety of regulatory and operational issues, including hospital and health care operations and compliance, medical information privacy and confidentiality, cybersecurity and data breach response, and the formation of provider collaborations for population health and managed care contracting.  He is admitted to the bars of Florida, Georgia, and North Carolina. Mr. Herrin is a Fellow of the American College of Healthcare Executives and a Fellow of the American Health Information Management Association. He also holds a certificate in cybersecurity from Georgia Tech.

Mr. Herrin received both his undergraduate and law degrees from Georgia State University in Atlanta, graduating each time with honors.  He has served as a faculty member for numerous state and national meetings and symposia across the country and has authored or co-authored numerous articles on health law compliance for regional and national publications. 

Mr. Herrin is an Eagle Scout and volunteers his time to the Boy Scouts of America, in which he serves as chair of the Religious Relationships Committee of the Northeast Georgia Council, and to The United Methodist Church, for which he acts as Coordinator of Scouting Ministries throughout the Southeastern Jurisdictional Area. For his community service and good works, he was commissioned as a Kentucky Colonel in 2012. He recently retired from the United States Air Force Auxiliary, in which he served as the Chief Judge Advocate for 6 years, at the rank of colonel.

^ Top of page

Back to Agenda


Charles Herring
"People > Machine"

Cybersecurity Incident Response has only been a part of human history for a couple of decades. Over the short course of time, industry leaders, analysts and vendors have put a heavy focus on the importance of technology solving problems within the craft. In this presentation, we will examine the preeminent importance of the craftsman over his tools and the role tools should play in making the world safer. Topics covered in the presentation are:- History of Incident Response- Algorithms, Machine Learning, Cognition and AI and their roles in successful IR- The importance of developed playbooks in effective response- Reducing noise using Playbook Automation (and it’s limits)- Adapting time tested approaches from Law Enforcement to improve success.

Charles’ dedication to maturing the craft of InfoSec is built on a diverse career path across the industry. He started his career in InfoSec in the US Navy in 2002 serving as the Network Security Officer at the US Naval Postgraduate School. After leaving active duty, he was a contributing product reviewer for InfoWorld magazine focusing on network security products. Charles spent 7 years running Herring Consulting, a company dedicated to process orchestration, data sharing, and marketing. In 2012, Charles joined the Lancope team as a pre-sales engineer, promoted to Consulting Security Architect and later as Strategic Account Manager. Charles founded WitFoo to address systemic issues in Incident Response in 2016. He speaks at security conferences around the country including GrrCon, BSides and ISSA.

^ Top of page

Back to Agenda


Mark Kerrison
"Change Control Vs. Change Management"

It is impossible to retain any sort of secure environment if changes are allowed to take place without some sort of control! Simply put, without ‘Change Control’ it is impossible to be certain that changes happening are not harmful. The problem with Change Control is it’s hard work. There are thousands of changes happening all the time and try as we might to introduce good Change Management, unplanned changes still seem to happen at a rate that makes it almost impossible to keep track.

Mark Kerrison has been the Chief Executive Officer of New Net Technologies since January 2008 & has been involved in assisting IT companies grow for the past 25 years. Mark has helped to grow organizations from start up to eventual trade sale & has held senior leadership positions at Cable & Wireless and Allen Systems group prior to helping launch New Net Technologies in 2005.

As the CEO at New Net Technologies, Mark works closely with all departments within the business to ensure NNT is optimized to continue to bring innovative cyber security solutions to market as well as ensuring that the correct process exists to facilitate successful deployments and ongoing superior solution value for all customers.

Mark has numerous interests, including his role as Director of one of Florida’s largest not for profit Youth Soccer organizations. In his spare time Mark attempts to keep fit by training for and participating in various running, swimming and cycling events including Triathlons.


^ Top of page

Back to Agenda


Herb Mattord & Michael Whitman
"CyberSecurity Workforce - Perspective & Trends"

In a constantly evolving threat landscape, it is an ever growing challenge to find and retain qualified cybersecurity staff. This talk will explore the size of the expected shortfall, review the critical skills needed in the future workforce, and talk about what is being done to deliver more qualified candidates for employers consideration.

Herbert Mattord, Ph.D., CISM, CISSP completed 26 years of IT industry experience before joining the faculty at Kennesaw State University in 2002. He was the Manager of Corporate Information Technology Security at Georgia-Pacific Corporation, where much of his practical knowledge in information security was acquired. He is currently on the Faculty at Kennesaw State University with the rank of Associate professor where he teaches undergraduate courses in Information Security and graduate courses in Information Systems. He serves as the Assistant Chair of the Department of Information Systems and Associate Director of the KSU Center for Information Security Education . He is the co-author of several books published by Course Technology and an active researcher in information security management topics.

Mike Whitman (Ph.D., CISM, CISSP) is a Professor of Information Security and Assurance in the Department of Information Systems, Michael J. Coles College of Business at Kennesaw State University, GA.  He is also the Executive Director of the Center for Information Security Education.  Dr. Whitman’s current teaching and research interests include information security governance, risk management and policy and computer-use ethics.  He has published over 50 articles on these topics, many in the top journals in his field.  He has delivered dozens of presentations on information security at national and regional conferences and has authored 10 textbooks on a variety of security topics.

^ Top of page

Back to Agenda

David Nolan
"Achieving Security Buy-in: Change the Approach Not the Culture"

We all have heard the ideal approach of “changing your company’s security culture;” however, many of us have experienced the pains of trying to instill a traditional information security program into a unique culture. So why not change your approach instead of focusing on the culture? In this talk we will cover the common information security pitfalls including becoming a “Compliance Hammer”, the “Chicken Littles”, and the “Approval Police.” You will be shown approaches to overcoming these pitfalls and shifting security to being a strategic partner and enabler. Through real-life examples, we will discuss aligning your information security program and organization with an agile company’s unique culture, risk tolerance, and industry norms. Attendees will leave understanding the short and long term payoffs of aligning your security program to your company’s unique culture.

As Director of Information Security at Aaron’s Inc., David is accountable for information security leadership, strategy, budget, and operational excellence. He is a servant-leader and mentor to a robust team of information security professionals and managers covering Application Security; Incident Response; Governance Risk and Compliance; and Endpoint/Information Protection.

David has more than 15 years in the information technology industry in various roles.  He has previously served as an Manager of the Threat, Attack and Penetration testing services team, Application Security Architect, deployment manager for SAP deployments, and various lead developer roles for Caterpillar Inc.  He has additionally held positions at companies including State Farm Insurance and the Central Intelligence Agency.

David is a regular speaker at colleges, corporations and industry conferences including the ISC2 Security Congress and ISACA conferences and various advisory boards.

^ Top of page

Back to Agenda

Calvin Nobles
- Independent -
"The Human Element of Cybersecurity"

The aim of this presentation is to emphasize the lack of scientific processes, frameworks, and models to capitalize on human factors in cyber security. The continuous integration of technology accompanied by (a) advanced persistent threats, (b) ransomware attacks, (c) data breaches, and (d) cyber-attacks increases and threatens the complexity of cyber security operations. The discourse surrounding human performance in cyber security remains a relevant topic; nevertheless, the scientific underpinning remains deficient. Human error is the primary contributing factor that leads to malicious activity in cyber security. Other domains such as aviation, healthcare, and nuclear power have capitalized on human factors to reduce accidents and to identify critical phases of operations; consequently, the cyber security sector trails behind the above-mentioned industries in leveraging human factors. Included are examples of conceptual processes, models, and frameworks to influence cyber leaders and professionals to mandate the integration of human factors in cyber security.

Dr. Nobles is a national security leader and educator with more than 15 years of experience. Culminating a career of military service at the national level in 2017, he is currently a cyber security leader and cyber consultant. He serves as an adjunct faculty at the University of Maryland University College (MBA Program) and Indian Wesleyan University (MBA and Cyber Programs). Calvin is actively involved in the cyber community volunteering with multiple professional associations conducting national security research. Calvin is the author of the book, Exploring the Implications of Implementing Technologically Advanced Aircraft in General Aviation.

As a national security expert, Dr. Nobles has fulfilled various operational and leadership positions. First he served as a Cyber and Cryptologic Planner, thereafter, he served as the Deputy Director of Operations, Deputy Director for Strategy and Governance, Director of National Operations, Chief Security Officer, Chief Cryptologic Officer, and Director Cyber Intelligence Support.

Dr. Nobles’ indispensable vision to achieve strategic business goals through high technical acumen, judicious use of resources, and technology integration initiatives enabled the achievement of organizational objectives. Calvin is known as an architectural change expert; he led three enterprise-level solutions and transformations by decoupling operational and policy management from technology development to improve coordination and the execution of national security operations. He planned and coordinated a national level prototype project that enabled the U.S. to gain the technological advantage, which established the precedent for leveraging emerging technologies on a global scale. Dr. Nobles served as an advisor to senior executives where he led efforts to optimize the utilization of cyberspace analysts, developed business continuity procedures and disaster recovery, improved information security management, and automated technology integration. Calvin displayed executive-level leadership that cultivated strategic change through a devised plan to leverage national, tactical, and cost-of-the-shelf technologies that increased threat warning and aided intelligence efforts.

Among his many interests is continuing as a strategic leader and the cyber community outreach. He works with several national level cyber councils and working groups to shape national policy. Dr. Nobles routinely attends cyber conferences and serves as keynote speaker, panel member, or present research. Calvin is highly sought by different organizations for consultancy support on cyber security topics.

^ Top of page

Back to Agenda

Joe Opacki
"What Happened to The Business Model for Phishing"

After identifying nearly one million confirmed phishing sites in 2016, a transformative event can be identified which clearly identifies a significant deviation in threat actor motivations. The empirical evidence shows a shift in targeting that is solely based on the widespread adoption of email as a username and the prolific epidemic of password reuse. Further, of the nearly 30,000 phishing kits collected during mitigation operations during the last year showed that nearly one third of them utilized some form of anti-analysis and anti-crawling techniques. This presentation will focus on the analytic judgements that were a result of the empirical research which points to the transformation as well as a technical review of the new phishing tactics used by phishing threat actors and their use of anti-analysis techniques.

Joseph Opacki is responsible for threat research, analysis and intelligence at PhishLabs. Prior to joining PhishLabs, Mr. Opacki was the Senior Director of Global Research at iSIGHT Partners and was also an Adjunct Professor at George Mason University where he taught malware reverse engineering in the Master of Computer Forensics program. Mr. Opacki has also participated in several industry advisory councils to include the Cybersecurity Curriculum Advisory Council at the University of Maryland University College. Before his career in the private sector, Mr. Opacki was the malware reverse engineering Subject Matter Expert (SME) and the Technical Director of advanced digital forensics in the Operational Technology Division at the Federal Bureau of Investigation.

^ Top of page

Back to Agenda

Benjamin Powell
"Understanding Your Digital Attack Surface and Detecting & Mitigating External Threats"

Organizations have spent massive amounts of money to protect the perimeter of their networks, but if your business exists on the internet, there really is no perimeter. In this presentation, we'll discuss Digital Footprints in understanding your company’s external attack surface. We will discuss social, mobile, web attacks and analyze and review lessons learned recently publicized attacks (Polish banking institutions, Apache Struts Vulnerability or WannaCry ransomware.  The speed of business and cybercrime isn't slowing down, so how can you be prepared to address and defend against these types of threats?  Attend our session to find out how.

Mr. Benjamin Powell is the Technical Marketing Manager at RiskIQ.  He has worked in IT for the last 30 years, focused on IT security for the last 13 years.  Prior to RiskIQ he was a founding employee at AccelOps a SIEM company where he ran Professional Services and Product Marketing.  Benjamin has worked and managed IT and cyber security teams in numerous industries (State government, international airport, port district, education, biotech, file encryption software, and financial services)

^ Top of page

Back to Agenda


Sarah Powers & Eileen Filmus
"The Business of Privacy"

The privacy landscape changes constantly. With each generation sharing more and more personal information online, it can be a challenge for businesses in the e-commerce, retail, and information industries to understand why their sharing or handling of data could be a serious violation of privacy. What the business sees are limits and loss, not the liability. Running a security governance program is not just about protecting the company, associates, and employees from external threats and risks. Internal risks must be considered as well. To effectively run this program, an understanding between security and the business must be reached. The business needs to know and understand the risks that they could be introducing with their projects, and security must also understand how saying no, could limit the growth and potential of the business. A balance must be reached, both sides must be heard. With two different goals, how do you keep the company in agreement on what is or is not important for future growth?

Eileen has served as virtual CISO, conducted Privacy Impact Assessments, built robust governance programs, developed meaningful awareness training content, and formalized operational processes.

Eileen has developed expertise in a number of frameworks including PCI DSS, SOC-II, ISO 27001/2, Cloud Security Alliance’s CCM, and HIPAA. In addition to driving security programs, she also prepares clients for compliance audits by creating or enhancing policies and procedures, addressing contractual security obligations, as well as performing assessments to determine organizations’ security risk posture by evaluating the effectiveness of their information security management programs.

Sarah Powers is an information security consultant with many years of experience in the governance, risk, and compliance space. She has a strong background in Privacy, Compliance, and understanding the threats and needs that businesses face.

Serving as virtual CISO for clients, Sarah has shaped and directed the governance program of companies, improving upon their Incident Response practices, strengthening access controls, ensuring compliance with standards such as PCI, ISO 27001/2, and HIPAA, and improving overall security awareness by implementing training and exercises including around Incident Response.

By conducting compliance assessments, Sarah has been able to ensure that companies remain in compliance with HIPAA, PCI, and both national and international Privacy Regulations.

^ Top of page

Back to Agenda

Steven Rosing
"Are There Security Threats Lurking in Your Application Code?"

Learn why Application Layer Vulnerabilities can potentially be the single largest threat to the security of your data and the solutions and best practices for managing this critical security hazard.

Stephen Rosing is an Application Security Architect and a member of the Quality and Security Assurance team at SAP, Americas.  In this role he helps our customers learn about and leverage the SAP Quality and Security solutions.  Stephen has over 20 years of deep technical experience and is a subject matter expert in areas that include the Software Development Life-Cycle, Application Security, QA and Risk Management, Application Modeling and Performance and Scalability Testing.  Prior to joining SAP eight years ago, he held technical pre-sales, architect and director roles at Siebel, Segue, FocusFrame and Mercury Interactive.

^ Top of page

Back to Agenda

John Rostern
NCC Group
"Assessing GDPR Compliance"

- An overview of the GDPR and the changes it will bring
- Things you can do now to prepare
- A closer look at the requirement for incident reporting
- Best practice advice for building a robust incident response plan
- The General Data Protection Regulation (GDPR) has now been confirmed so it is time for businesses across Europe to take stock and prepare.
- The GDPR will harmonise and replace all Data Protection laws across Europe. This focuses on giving new rights to individuals which will have a significant impact on businesses across all areas throughout the data lifecycle.
- A look at the forensics of an incident and how to protect evidence

John Rostern is the Vice President of NCC Group North America's Governance and Risk Management practice, providing security advisory services in the fields of risk and architecture, security management, due diligence and compliance to industry standards (PCI DSS, ISO 2700x series, NIST 800, etc.). John has more than 35 years of diverse experience in audit, information security and information technology. His areas of expertise include IT audit, technology risk assessment & management, IT strategic planning & governance, architecture, information security, operations, applications development, telecommunications, networking, data center design and business continuity planning. John is a subject matter expert in the areas of data loss prevention, intrusion detection, encryption and incident response and has published articles on a variety of topics related to technology risk.

^ Top of page

Back to Agenda


Mateo Valles
"Insider Threats"

The threats from those “already inside the fence” continue to exact significant damage to our companies, either through sabotage or the theft of trade secrets / classified information / PII.  Tailored to the specific audience, this PPT presentation will provide an analysis of prior cases, highlight the need for an Insider Threat Mitigation Program, and discuss what such a Program looks like.  Attendees will gain an appreciation for the need for an Insider Threat Mitigation Program and how to begin the process of initiating and /or improving an existing mitigation program.

Matteo Valles has been a Special Agent with the FBI for 30 years.  His office of assignments included Anchorage, AK;    Boston, MA;  Washington D.C.;  Gulfport, MS;  Vienna, Austria;   Nairobi, Kenya; and now Atlanta, GA. 

Matteo held leadership positions within the FBI, in both domestic and international offices, for 14 years.  Prior to Atlanta, he was stationed overseas for 5 years covering 14 countries throughout Central Europe and East Africa.  As the Attaché based in Nairobi, he was responsible for all FBI operations in Somalia, Kenya, Rwanda, and other East African countries.

Matteo has experience in all FBI investigative programs, with emphasis on Violent Crimes, Counter Intelligence, and Complex Financial Fraud.  He is currently the Strategic Partnership Coordinator for the FBI responsible for outreach efforts with private companies throughout Georgia.  His extensive and diverse experiences with the FBI around the world have positioned him to increase awareness within the private sector on matters such as the Insider Threat, Theft of Trade Secrets, Foreign Intelligence Recruitment Efforts, Counter Proliferation, and The Active Shooter.

Matteo is a Certified Public Accountant, and prior to joining the FBI he worked with a “Big-Four” public accounting firm focused on independent auditing and internal control evaluations.

^ Top of page

Back to Agenda


Keyaan Williams
ISSA International
"Perspectives from ISSA International"

This presentation opens the Metro Atlanta ISSA conference. Keyaan will highlight the value of ISSA membership and provide insight for the future of the ISSA from an international perspective.

Keyaan is a longtime member both the physical security and the information security community. His security career began with service in the US Army as a chemical weapons specialist. Afterward, he ran security programs at the Centers for Disease Control and Prevention (CDC), he led a CISO program that influenced the certification and training of hundreds of CISOs globally, and he currently works as a security consultant who helps clients solve their risk management and governance problems. His professional experience has been the foundation for his desire to be a champion for the for the ISSA and its mission to develop and connect security leaders globally. Keyaan is the past president of the Metro Atlanta ISSA, an ISSA CISO Forum, and ISSA Fellow. He continues to provide mentoring, coaching, and support to ISSA chapters and ISSA members who are the voice of the information security profession.

^ Top of page

Back to Agenda


Diamond Sponsor

Mission Critical Logo

Ruby Sponsors

24by7 Security

Rapid 7







Phishlabs Logo

DUO Logo

Cybereason Logo

Saltworks Logo

RSA Logo

Sparity Logo

Skybox Logo

Wavestrong Logo

Securonix Logo

Cybriant Logo

Checkmarx Logo