Kyle Adams
Lead Software Architect, Mykonos LLC

Dennis Allen
Technical Staff, CERT

Chen Arbel
Director, Authentication Systems, SafeNet Inc.

Chen Arbel is a seasoned security industry expert with more than 15 years of information security and digital rights management experience, Chen has served in key development roles leading to uniquely powerful innovations that effectively align IT security technology with real-life business objectives. Playing a leading role in the implementation of strong authentication within some of the world’s largest organizations, Chen has worked in all major industries on strategic initiatives that deliver clear business advantages through unmatched technology.

He has spoken at numerous industry events, including SD West 2007, SD West 2006, SLAM, ISSA conferences, and the National Retail Federation’s Customer Data Security Executive event and is on the PCI Knowledge Base Panel of Experts at www.knowpci.com. He also leads SafeNet’s participation in the SAFE™ Product Certification Program (SPCP) – a program administered by SAFE-BioPharma Association, an industry group that manages the SAFE™ digital identity standard for the pharmaceutical and healthcare industries. Chen currently serves as the Director of Authentication at SafeNet, Inc., for its award-winning authentication solutions. Prior to joining SafeNet, Chen served as Vice President of Strategic Development for Aladdin Knowledge Systems, held a classified technology position for the Israeli government in North America and served as Captain for the Israeli Defense Force (IDF) where he gained extensive information security experience. Chen holds a bachelor’s and master’s degree in computer science from the New York Institute of Technology.

Rick Basile
Senior Director, Technical Services, Fortinet Inc.

Rick Basile, Senior Director, Technical Services at Fortinet, has more than 20 years of industrial and information security experience, coupled with extensive networking and telecommunications expertise in the commercial, service provider and federal markets. Mr. Basile spent eight years in the United States Air Force as a Security Specialist and Computer and Switching Systems Specialist. Upon leaving active duty in 1997, he spent the next four years in the networking and security integration space with SBC Data Communications. He later entered the vendor community with CoSine Communications, a provider of virtualized security services, before joining Fortinet. As the Senior Director, Technical Services at Fortinet he is responsible for the pre sales field engineering resources as well as the post sales support organization for North America, South America and Australia.

Shahriar Beigi
Managing Director, Risk Mosaic

Jean Paul (JP) Bourget
BS IT, RIT 2005; MS Computer Security and Information Assurance, RIT 2008; CISSP; MCSE, CSSA

Andrea Cogliati*, ***
OWASP

Todd Colvin
Director of Enterprise Data Security, Paychex

Todd Colvin is the Director of Enterprise Data Security for Paychex, Inc, a Payroll, Human Resource and Employee Benefits service provider. In this role, he has international responsibility for the protection of all corporate and client information assets.

Prior to joining Paychex, Inc, Mr. Colvin was the Homeland Security Manager for Sprint and served on numerous Washington, D.C.-based committees-including the President's National Security Telecommunications Advisory Committee (NSTAC), the Network Security Information Exchange and was the resident representative to the National Coordinating Center for Telecommunications (NCC) and the Telecom ISAC. In this role, Mr. Colvin was responsible for the coordination of communications restoration during the hostile 2004 Atlantic hurricane season. When not responding to National Security or Emergency Preparedness (NS/EP) events, Mr. Colvin participated in several task forces including the TRUSTED ACCESS TASK FORCE to address Screening, Credentialing, and Perimeter Access Controls. Additionally, he developed and delivered a report addressing communications preparedness for National Special Security Events (NSSE).

Mr. Colvin has presented at the APA National Congress and the Rochester Security Summit where his unique perspective on information security risks and protective measures is eye-opening and motivational.

Mr. Colvin is a dedicated security professional that holds many certifications including the CPP, CISSP, CISA, CISM and GSNA. Mr. Colvin also holds a bachelors degree in Information Security and Assurance.

Joel Cort*
Information Risk Management, Xerox

Mr. Cort is a security professional with CISSP Certification and a Lead ISO 27001 auditor, currently working for Xerox Corporation in the IM division Information Risk Management organization.  Mr. Cort received his graduate degree in software engineering at Harvard University. Mr. Cort has been employee for some leaders in the computer industry such as Lotus Development Comp., IBM and currently at Xerox Corporation. Prior to Xerox, Mr. Cort worked with Buffalo-based, Computer Task Group company, travelling around the country and consulting on security and network technologies during the explosion of the world wide web. Mr. Cort has also helped companies with the security issues of major strategic shifts and enterprise reengineering solutions.

Mr. Cort designed and implemented the assessment process at Xerox to establish the general computer controls for Sarbanes-Oxley compliance.
Mr. Cort assisted in organizing the ground breaking effort to obtain ISO security certifications for various Xerox operations which process customer data.

Mr. Cort has continued to be active in the local security community being one of the founding member of the Rochester chapter of the Information Systems Security Association (ISSA) and providing training seminars on the CISSP certification.

Allison F. Dolan
Program Director, Massachusetts Institute of Technology

Allison F. Dolan is currently Program Director, Protecting Personally Identifiable Information at the Massachusetts Institute of Technology. This program is co-sponsored by the Institute Auditor, and Vice President for Information Services and Technology (IS&T). Previously, Allison spent 10 years in IS&T, including roles as Director of Shared Services - Finance, Administration and HR; and Director of Telephony Services. Allison’s MIT experience was preceded by 20 years of combined information systems, operational, and leadership experience at Eastman Kodak. Allison holds a BA degree from the University of Delaware, with a double major in Computer Science and Economics.

Ralph Durkee*, ***
Durkee Consulting, Inc.

Ralph Durkee had an early start to his 29 year career of Software Development and Security Consulting, when he started his first full time permanent programming job at the age of 18 after already having finishing 2 years of college. About a year after graduating with his BS in CS, Ralph was appointed acting supervisor of a programming team of 5. From there he went on to AT&T Bell Labs to become the lead designer and developer of a real time transaction database system called TUXEDO. Moving back home to Rochester, NY, Ralph started his own security consulting business in 1996. Ralph is also the founder and president for the Rochester, NY Chapter since 2004. He has performed a variety of security audits and software security assessments and secure software development consultations for clients in the Rochester, NY area. His expertise in application security and secure Internet and web services is based on years of both hands-on and technical training experience. He has developed and taught a wide variety of professional security seminars including custom web application security training, and SANS SEC504 - Hacker Techniques. Ralph regularly leads development of a wide variety of security standards such as application security, database encryption and security consulting for compliance with the Payment Card Industry Data Security Standard. Ralph has also led the development of several security benchmarks (standards) for the Center for Internet Security including Red Hat Linux, FreeBSD, Apache, DNS BIND, LDAP and RADIUS. Finally Ralph is served as a chair for the very successful Rochester Security Summit since it started in 2006. Ralph holds the following certifications: CISSP, GSEC, GCIH, GSNA, GPEN.

Jason Falciola
Qualys

Jason Falciola pursues his passion to help clients navigate the intersection of business priorities, technical security challenges, and the regulatory compliance landscape as a Technical Account Manager with Qualys. Jason's areas of expertise include vulnerability management, wireless security, advanced analytics, incident response, and security architecture. He also has strengths in business resilience, web application security, forensic investigations, threat intelligence collection, IT governance, and risk management. Prior to Qualys, Jason held a variety of roles including lead security analyst, architect, and business development manager in the Managed Security Services organization at IBM Internet Security Systems.

Jason has advised many organizations around the world, including government agencies, educational institutions, and firms in the Fortune 1000 and Global 2000. He has trained practitioners from leading global organizations on wireless security. Jason is a regular speaker at domestic and international events including FIRST, InfraGard, InterOp, ISSA, and various IBM conferences.

Jason is an advisory board member for the NJ chapter of the FBI InfraGard Alliance, and is also a member of the US Secret Service Electronic Crimes Task Force (ECTF), the Information Systems Security Association (ISSA), and the Open Web Application Security Project (OWASP). He serves on the SANS GIAC Advisory Board and holds GIAC certifications in Assessing Wireless Networks (GAWN) and Incident Handling (GCIH). Jason received a bachelor's degree in Computer Engineering and a master's degree in Management of Information Systems from the New Jersey Institute of Technology. He has over a decade of professional experience, with the majority of that time focused on security.

Rob Fuller
Penetration Tester

Rob Fuller is a Penetration Tester in Washington DC. He is a cast member of the video podcast Hak.5 and is very active in the open source community as a thought provoker, reviewer and sometimes even a coder. He has worked on projects like nUbuntu, Jasager, the Hak5 USB Switchblade, The Academy video tutorial site, and the Metasploit Unleashed course from Offensive Security. Rob also ran the Hak5 open radio station for 3 years until it was incorporated into the Openaire Project, of which he is still a contributing member. His professional experience extends from his time on active duty in the United States Marine Corps, first as a CCNA instructor, then a MARCERT member and team lead, and finally becoming one of the few Enterprise Security Planners for the Marine Corps. He has worked with devices and software that run gambit in the security realm. He has the Security+, C|EH, and Offensive Security Certified Professional certifications. But the one title that he holds above the rest is United States Marine

Erik Heisler
Technology Specialist, AXA Equitable Life Insurance Company

Erik Heisler is a security infrastructure architect for AXA Equitable Life Insurance Company, a subsidiary of The AXA Group - one of the largest global financial institutions in the world. In his current role at AXA, Erik is responsible for designing and implementing enterprise security solutions for AXA in the US. Erik has over ten years experience in the information security field. He has obtained a M.S. in Telecommunications & Network Management from Syracuse University and an M.B.A. from LeMoyne College. Erik holds the following certifications: CISA, CISM, CISSP, GISP, GSEC, SSCP.

David Hochhauser
Vice President, CA

CA Vice President, David Hochhauser, is an experienced executive in the IT industry. In his position with CA and formally with Eurekify where he was responsible for North American operations, he has met with many analysts and dozens of customers at all stages of role and compliance management. David uses that experience to guide the company and customers.

Prior to joining CA and his work with Eurekify, David managed world-wide marketing and business development for Shunra, an innovative and fast growing network and application performance management software company. David was previously the head of brand-marketing responsible for marketing and product strategy and programs for Computer Associates Unicenter family of infrastructure management solutions. David was with CA for 4 years, initially as head of their corporate market strategy group after a 16 year career at IBM where he held a variety of positions in security and e-commerce business units, and IT strategy consulting. He has extensive experience in all aspects of business, including development,marketing, strategy and sales as well as defining solutions for customers across a broad range of industries. David has a Masters of Science in Physics from New York University and graduated from the State University of New York at Binghamton with a Bachelors degree in Chemistry.

Ted Husted
NimbleUser

Christopher B. Karr
President ÜberGuard Information Security

Christopher Karr is the President of ÜberGuard Information Security Consulting, LLC, a data security consulting practice. ÜberGuard specializes in information systems security services such as vulnerability assessments, penetration testing, HIPAA and GLBA compliance, web site security assessments, employee security awareness training, security policy development, social engineering and general data security consulting. Mr. Karr has more than 15 years of experience in computer security. Prior to founding ÜberGuard in 2002, he served as a Sr. Systems Engineer at the Symantec Corporation and also served as a data security consultant to Eastman Kodak and the Xerox Corporation. Mr. Karr is very experienced in information security as well as Best Practices and he holds the prestigious CISSP (Certified Information Systems Security Professional) certification.

Richard Luckett
President SYSTMS of NY, Inc.

Richard Luckett is the president of SYSTMS of NY, Inc. (http://systmsny.net) a leading Microsoft Gold Partner providing professional services, managed services and training solutions. Richard is a MCSE, MCT, MCITP and MCTS with specializations in security and messaging with over 15 years experience as an IT professional. Richard is a Microsoft Certified Trainer with more than nine years Exchange Server instructional experience. He was awarded the Exchange Most Valuable Professional (MVP) distinction by Microsoft. Richard is an accomplished author including Microsoft Exchange Server 2007: The Complete Reference by McGraw Hill and is the course director of seven best selling Exchange courses for Global Knowledge, Inc. Richard is a contributor to the SearchExchange.com website at TechTarget and is their resident Exchange expert for questions on Spam and Security.

Stephen Marchewitz
Chief Strategy Officer, SecureState

As the Chief Strategy Officer, Stephen Marchewitz is tasked with creating, communicating, executing, and sustaining strategic initiatives within SecureState. Steve is sought after to drive immediate as well as long-term results, and to objectively address issues that are barriers to action. Steve ensures decisions have both a strong strategic rationale as well as a financial one.  Prior to joining SecureState, Steve spent time in the financial industry, working with Ernst & Young, and the software industry with CA and Oracle. There he learned the necessary tools to provide client satisfaction, while participating in sales, marketing, client relationships, decision support and project management.  He has more than ten years of experience in multiple aspects of information systems, with specific expertise in information assurance. Steve attended the University of Michigan where he obtained a Bachelor’s of Arts in Business Communications and Statistics. He later earned a Master’s of Business Administration from Case Western Reserve University.

Michael J. Miller
VP, Global Security and Federal Programs, Global Crossing

Mike Miller, VP of Global Security and Federal Programs, has been with Global Crossing for twelve years. Mike was instrumental in developing and implementing a converged security solution for Global Crossing, combining network security, Information Services security and physical security into one organization.

Mike is also responsible for managing Global Crossing’s security operations center (SOC) that supports its Managed Security Services customers.

In 2003, Mike led the implementation of Global Crossing’s Network Security Agreement (NSA) with the Department of Homeland Security, Dept. of Justice, Dept. of Defense, and the Federal Bureau of Investigations. The NSA protects the US governments interest in the telecommunications industry from a foreign ownership. The NSA is an industry leading agreement, setting high security standards for Global Crossing to implement and be audited annually.

Mike is a Certified Information Systems Security Professional (CISSP), President of the Rochester InfraGard Members Alliance, a member of the Project Exile executive committee, and a member of the Rochester K-12 Cyber Security and Ethics initiative. Mike has a Master’s certificate in Project Management from George Washington University, a Bachelors’ degree in Accounting from St. John Fisher College, and an Associates’ in Applied Science in Accounting from Finger Lakes Community College.

Larry Pesce, CCNA, GCFA Silver, GAWN Gold

Larry is the Manager for Information Services Security, Disaster Recovery and Identity Management at a mid-sized healthcare organization in New England. In the last 13 years in the computer industry, Larry has become a jack of all trades; PC repair, Network Engineering, Web Design, Non-Linear Audio and Video production and Computer Security. Larry is also gainfully employed as a Penetration Tester / Ethical Hacker with PaulDotCom Enterprises, and leads the research efforts in many areas, including projects such as "Evil" USB thumb drives, hiding rogue access points, and tinkering with wireless, RFID, Cellular SIM cards and metadata. Together Paul and Larry co-authored "Linksys WRT54G Ultimate Hacking" from Syngress Publishing, and Larry has also presented at Shmoocon 4 and DEFCON 16, and was a contributing author to "How to Cheat at Configuring Open Source Security Tools" and "Wireshark and Ethereal" from Syngress Publishing. A graduate of Roger Williams University in Computer Information Systems, Larry is currently exploring his options for graduate education. In addition to his industry experience, Larry is also a Security Evangelist and co-host for the PaulDotCom Security Weekly podcast at http://pauldotcom.com. More of Larry's writing, guides and rants can be found on his blog www.haxorthematrix.com and the SANS Reading Room.

Bruce Potter
CTO, Ponte Technologies

Jack M. Redfield
Manager Information Security and Compliance, Constellation Brands Inc.

Jack has over 12 years of information security and regulatory compliance experience. He has established comprehensive information security programs at Rochester Gas and Electric Corp. and currently, at Constellation Brands Inc. as well as leading the first successful Sarbanes Oxley audit review for Student Loan Corp (Citibank). In addition to policy and compliance program implementation, Jack has led the following initiatives:

• development of Role Based Security access control programs
• development of a Business Impact Analysis for implementation of a Disaster Recovery program
• directed network and website penetration tests, as well as follow-up remediation work
• development of vulnerability management process for both network configuration and website development
• established event/incident escalation procedures
• development of user information security awareness programs
• led system security reviews and access controls for both acquisitions and divestitures.

Jack obtained his Master of Science degree in Information Security from James Madison University and his Bachelor of Science in Business Administration from Rochester Institute of Technology.

Jason Ross
BT/INS Ethical Hacking COE

Jason has been performing application, host, and network based attack and penetration testing for over 5 years, and has more than 10 years experience hardening systems and IP networks. For the past 4 years he has been an active member in a number of vetted security groups to research malware and contain emerging internet threats. In his spare time, he runs the Rochester DefCon Group, DC585.

Aaron Sanders
Info. Sec. Mgr. Xerox Global Services

Aaron Sanders, CISSP, CSSLP, CSOX, is an Information Security Manager for the Global Technology & Offering Development (GTOD) organization in Xerox Global Services. He verifies secure Web application development and hosting by performing threat modeling and security testing against product offerings. He also assists with required compliance initiatives.

Allen Scalise*
President, Great Lakes Networks LLC

Allen is responsible for vision, leadership, and direction of the network security practice and founded Great Lakes Networks LLC in 2005. Allen has twenty years experience in IT; ten years in security and worked for two San Francisco based security startups, including CoSine Communications, which specialized in security with virtualized routing, held a national position at Frontier Communications and was Regional Director at SBC (now AT&T Enterprise Solutions), a national network integrator, where he managed P&L, six multi-state offices and a remote workforce.  Allen graduated with a bachelors degree from Allegheny College in PA, is a co-founder and President of the Rochester Chapter of ISSA, this year's Security Summit Chair, was inducted into the ISSA Honor Roll in April 2009 at RSA Conference, a member of InfraGard Alliance, Incident Response Management Instructor and Executive Committee member of the Regional Cyber Safety, Security and Ethics Initiative.

Paul Schofield
Senior Security Engineer, Imperva, Inc.

Eugene Shustef
Development Manager Xerox Global Services

Ed Skoudis
Co-founder and Senior Security Analyst with InGuardians

Mr. Skoudis is co-founder and a Senior Security Analyst with InGuardians, a Washington DC based information security consulting firm. Ed teaches SANS Security 504, "Hacker Techniques, Exploits and Incident Handling," and 517, "Cutting Edge Hacking Techniques," on a regular basis. Ed's expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues. He has performed numerous security assessments, provided detailed expert witness services in cases involving major credit card theft, and responded to computer attacks for clients in the financial, high technology, healthcare, and other industries. Ed conducted a demonstration of hacker techniques against financial institutions for the United States Senate and is a frequent speaker on issues associated with hacker tools and defenses. He has published several articles on these topics, as well as the books Counter Hack Reloaded and Malware: Fighting Malicious Code. Ed was also awarded 2004, 2005, and 2006 Microsoft MVP awards for Windows Server Security, and is an alumnus of the Honeynet Project. Previous to InGuardians, Ed served as a security consultant with International Network Services (INS), Predictive Systems, Global Integrity, SAIC, and Bell Communications Research (Bellcore).

Peter Spier CISSP, CISM, PMP, QSA**
Senior Risk Management Consultant, Fortrex Technologies

Peter Spier is President of the ISACA Western New York Chapter and the Rochester Security Summit Business Track Chairman. This is his fourth year helping to organize and plan our event. Peter attained his graduate degree from Syracuse University's School of Information Studies. In addition to over 12 years of experience, he is a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), certified Project Management Professional (PMP), and a Qualified Security Assessor (QSA); among other credentials.

Henry J. Sprafkin CISSP, QSA
Director of Security Solutions, SunGard Availability Services

Mr. Sprafkin, CISSP, QSA is an accomplished presenter and information security professional. He has presented at Networld+InterOp, (ISC)2 Leadership Conferences, and multiple ISSA events. He holds his MBA in management from the American Intercontinental Unversity and is an expert in security architecture and business process/compliance.

Michael Starks
Immutable Security

Michael Starks, CISSP, GSNA, CISA, is a security professional specializing in host-based security, IDS, log analysis and compliance. He has designed and built solutions for HIPAA, ISO 27001 and PCI programs, led security awareness training and advised large companies in areas of technical security. He is a founding member of the Rochester, NY chapter of ISSA and is currently on the ISSA Ethics committee. Michael can be found at his blog, www.immutablesecurity.com, discussing information security, privacy and personal liberty. He currently resides in Ft Worth Texas with this wife and young daughter.

Mark Trinidad
Product Manager, Application Security, Inc.

Mark Trinidad is a Product Manager at Application Security, Inc. He is responsible for the direction of AppDetectivePro, all scanning technology, and the vulnerability knowledgebase for all products. Over the years, Mark has established trusted partnerships with IT auditors and security professionals, working with them to understand how database audit and security controls fit into audit and compliance frameworks. He has spoken at various ISSA, ISACA, and OWASP chapters around the country, is a frequent DefCon attendee, and an active committee member of the ISACA and ISSA New York Metro chapters.

Mark holds a BS in MIS and Marketing from Drexel University.

*ISSA Rochester Chapter Officer

**ISACA Western NY Chapter Officer

***OWASP Chapter Officer