CSO Perspectives 2010
Ed Bellis
Ed is responsible for the protection and security of all information and electronic assets as well as IT compliance across the wide array of business units that make up Orbitz Worldwide on a global basis. These assets include Orbitz, CheapTickets, eBookers, Away.com, HotelClub, RatesToGo, and Orbitz for Business. With over 15 years of experience in information security and technology, Ed has worked with and been involved in protecting information assets at several Fortune 500 companies. Prior to joining Orbitz, Ed served as VP of Corporate Information Security for Bank of America within their Global Corporate and Investment Banking division. His credentials also include several security technology and management roles at organizations such as Ernst & Young, Ford Motor Company, and Young & Rubicam. Ed is a CISSP, CISM, a contributor to the ISM Community, and a member of ISC2, ISACA and the Chicago chapter of OWASP.
0Bob Bragdon
CSO magazine
As the publisher of CSO (Chief Security Officer) magazine, the world's leading information resources for security executives, Bragdon manages the full CSO product line, including csoonline.com, CSO magazine and CSO events. He works closely with industry vendors, enterprise security executives, government officials and law enforcement agencies in identifying and addressing the challenges of today's complex security and risk management environments. A frequent speaker and panel moderator on enterprise and national security issues, Bragdon has presented and keynoted at numerous industry events. Prior to his current role at CSO magazine, he served as Vice President of Event Marketing and Sales for COMDEX at Key3Media Events. Bragdon has also held various management positions in marketing, sales and product development at SOFTBANK, Ziff-Davis and Cahners Publishing. He is a member of the ASIS International and a graduate of Bowdoin College with a BA in Government and International Relations.
0Bill Brenner
Senior Editor
CSO Magazine
Roland Cloutier
VP and CSO


As the newly appointed CSO of ADP, Roland Cloutier brings one of the world's largest providers of business outsourcing solutions a wealth of global protection and security leadership experience, including the management of strategic converged security and business protection programs.
Prior to ADP, Mr. Cloutier served as Vice President and CSO of EMC, where he spearheaded protection of the company's worldwide business operations including leadership of all information, business risk, crisis management, and investigative security operations, across both the commercial and government sectors.
Mr. Cloutier has held executive security management roles at consulting and managed security service organizations and has more than nine years experience in federal law enforcement.
Mr. Cloutier is active in industry development and is on the Advisory Boards for Vigilance Corp and Core Security Technologies, and ADP’s board representative for the National Cyber Security Alliance Council.
Eric Cowperthwaite
Providence Health & Services
Eric Cowperthwaite has more than 20 years experience as a security practitioner and leader, including nine years in healthcare security. As chief security officer for Providence Health & Services, a large Catholic not-for-profit healthcare organization with more than 25 hospitals in the Pacific Northwest and Alaska, Eric is responsible for providing strategic and operational leadership in the management and delivery of enterprise security. Previously, Eric was the Security & Privacy Officer for Medi-Cal (contracted from EDS), the state of California's Title XIX Medicaid Insurance program, among other EDS assignments. Eric served in the US Army for a decade. Eric is a member of a variety of industry organizations, including the Pacific Northwest CISO Forum, the ISSA CISO Executive Forum Steering Committee and the Security Executive Council. He has been asked to speak on security topics by a variety of organizations, including the Department of Homeland Security, Gartner, ISSA and SANS. Eric is a 2008 Computerworld Premier 100 IT Leaders honoree.
Sam Curry
Vice President, Product Management and Strategy
RSA, The Security Division of EMC
Sam Curry is the chief technology officer for the Go-to-Market arm of RSA, The Security Division of EMC. Sam has more than 18 years of experience in security product management, marketing, product development, quality assurance, support, sales and marketing. He has also has been a cryptographer, researcher and writer. Prior to his current role, he was vice president of Product Management for two years, where he lead and set the strategic direction for all aspects of product management for RSA’s solutions. Prior to joining to RSA, Sam was vice president of Product Management and Marketing for a broad information security management portfolio at CA and also held various executive roles at McAfee including chief security architect as well as leading Product Marketing and Product Management. Earlier, he was a founder of one and a first employee in another successful technology company. Sam holds a B.A. in English from the University of Massachusetts and a B.S. in Physics from Mount Allison University.
Francis D'Addario
Emeritus Faculty Lead, Security Executive Council; Principal, Crime Prevention Associates
Francis D'Addario is the Security Executive Council's Emeritus Faculty lead for Strategic Protection Influence and Innovation. He is also a Principal of Crime Prevention Associates, a strategic all-hazards risk and mitigation firm founded in 1986. Francis served as the vice president of Partner and Asset Protection for the Starbucks Coffee Co. (1997-2009); director of loss prevention for Hardees Food Systems (1990-1997); and director of security for Jerrico Inc. (1981-1990), where his teams endeavored to "protect people, secure assets, contribute margin" for global markets. They are credited with benchmarked results for crime prevention, profit contribution, professional engagement and violence avoidance. His team has been recognized as the best performing distributed support function. Francis has more than 20 years in public safety and strategic security management. He is a Certified Protection Professional, Fraud Examiner, Community Emergency Responder, Food Defense Coordinator and Coffee Master. D'Addario's publications include Not a Moment to Lose... Influencing Global Security One Community at a Time (Security Executive Council, 2010) The Managers Violence Survival Guide (CPA 1995) and Loss Prevention through Crime Analysis (Crime Prevention Institute/Butterworth's, 1989). Francis co-designed LossVision, a copyrighted risk reporting, investigations, and asset recovery software tool; and Safe and Sound, an interactive ‘workplace violence' training curriculum marketed by Learning Dynamics. He co-chaired the business committee for Three Projects/One Community a $29 million capital campaign providing West Seattle with permanently affordable food distribution, social services, low income housing, and art facilities. Francis was recognized as one of the ‘25 Most Influential' thought leaders by Security Magazine. He served as a project team member for ISO 28001, an international supply chain security standard. He is the recipient of additional recognitions including the CSO (Chief Security Officer) Magazine ‘Compass' for protection innovation, the National Food Service Security Council's ‘Lifetime Achievement' and the ‘Spirit of Starbucks,' pursuant to Nisqually Earthquake evacuation and business recovery.
Jeff DiPrimio
Global Security Operations Manager

Jeff DiPrimio is the Operations Manager of Global Risk and a leader in the physical security program that includes the management of the Global Security Service Center. The Global Risk team combines Physical Security, Information Security, Product Security, Business Continuity as well as Risk Management. Genzyme develops, manufactures and markets a range of innovative health care products and services that make a major positive impact on the lives of patients around the world.

Jeff has nine years of experience in the security industry prior to Genzyme. He performed in various roles in and out of the Security industry, including a previous employment with Wellington Management, Parametric Technology Corporation and Law Enforcement where he acted in multiple non-management and management positions. Jeff is actively involved in several professional associations, including public/private partnership security initiatives.

Bernard Golden
CEO, Hyperstratus and author, Virtualization for Dummies
Bernard Golden, the cio.com blogger on cloud computing and author of “Virtualization for Dummies,” is CEO of HyperStratus, a Silicon Valley cloud consulting firm that helps its clients plan, design, and implement cloud initiatives. HyperStratus clients include the Silicon Valley Education Foundation, HelloWallet, Sun Microsystems and HP. Besides the Dummies book, Bernard is the author or co-author of two other books on virtualization and cloud computing. He is a popular and engaging presenter, speaking throughout the world at conferences like CloudWorld, Cloud Connect, Structure and EDUCAUSE.
0Omar Khawaja
Global Product Management
Verizon Business
Omar Khawaja has product management responsibility for Verizon Business's global security consulting practice. He has over a decade of experience in the development and management of comprehensive security solutions for enterprises. Omar has designed and implemented mission critical networks and security infrastructures for financial firms, e-commerce environments and government institutions. Omar has also worked with enterprises to identify, classify and assess critical assets to determine business impact of potential threats and develop plans to achieve an acceptable level of risk. In addition, Omar has managed networks for some of the world's largest service providers. Prior to assuming his current role, Omar managed Verizon Business' Vulnerability Assessment Division which is responsible for assessing the security postures of Verizon Business' largest enterprise customers. In his spare time, Omar likes to teach; he holds a faculty position at George Mason University and has developed and taught various networking and security classes throughout Northern Virginia. Omar often presents at the Northern Virginia chapter of ISSA. Omar has an undergraduate degree in Electrical Engineering from Georgia Tech and completed his graduate education at the Darden School of Business. In addition, he also holds several Cisco certifications and is a CISSP.
0Bob Maley
CISO (former)
Commonwealth of Pennsylvania
As chief information security officer for the Commonwealth of Pennsylvania, Bob Maley was responsible for oversight of IT security for all of the state's electronic infrastructure and data. Before undertaking the role in 2005, Bob, a certified CISSP and CISFI, served in IT management for over 20 years at a range of public and private institutions including the Pennsylvania State Senate and House of Representatives, Health Care Cost Containment Council and Hospital & Health System Association. A former law enforcement officer, Bob has experience in areas of security including risk assessment, architecture, design, policy development, deployment, incident response, and enterprise solution deployments in areas including intrusion detection, data protection, compliance and incident reporting.
Tim Matthews
Senior Director
PGP Corp.

Tim Matthews is currently the Senior Director of Product Marketing at PGP Corporation, where he oversees product and marketing strategy for all encryption products. Prior to joining PGP, Tim was Vice President of Marketing at Ipedo, a leading provider of database virtualization software. He was also Director of Product Marketing and Management at RSA Security. While at RSA, he created some of the first industry initiatives to use data encryption in secure e-mail, wireless, and VPN applications. At Digital Equipment Corporation in Tokyo, Tim worked in international sales where he was instrumental in helping US and European multinationals establish their Japanese operations. Tim received a B.S. in Computer Science from Union College in Schenectady, NY.

Punit Minocha
SVP Corporate Development, Datacenter Solutions and Cloud Computing
Trend Micro Inc.
As senior vice president of corporate business development, Punit Minocha is responsible for mergers and acquisitions for the company. As senior vice president of data center solutions and cloud computing, he is responsible for defining and executing the strategic direction for Trend's data center and cloud computing solutions. During his tenure, he has transformed how Trend Micro views M&A activity and has led the company through over a dozen transactions. Punit has been with Trend since 2002 and has held numerous roles including strategic alliances with key vendors like Microsoft and Cisco and driving incubation businesses for the company, where he was chartered with cultivating a steady stream of new businesses for the company. These include data protection and SaaS, which are now among the highest growing businesses for the company. Currently Punit is focused on driving Trend's data center strategy including virtualization security and cloud computing. Prior to joining Trend Micro, Punit was director of business development at Nexsi, an Internet security company. Before that, Punit spent over eight years at Intel in various roles including product management, product marketing, business development and product development. Punit holds a master's degree in electrical engineering from the University of Wisconsin, a master's degree in business administration from the Haas School of Business, University of California, Berkeley, and a bachelor's degree in electrical engineering from the University of New Hampshire.
Bhayesh Patel
Senior Director, Global Risk and Business Resources

Bhavesh Patel is a Senior Director of Global Risk and the senior member of a Security leadership team responsible for the development, implementation, and management of the Genzyme’s global security program. This team combines Physical Security, Information Security, Product Security, Business Continuity as well as Risk Management. Genzyme develops, manufactures and markets a range of innovative health care products and services that make a major positive impact on the lives of patients around the world.

Bhavesh has 15 years of experience in the Security industry prior to Genzyme, he performed in various roles in and out of the Security industry, including a previous employment with First Security Service Corporation where he acted in multiple non-management and management positions. Bhavesh frequently speaks on the topic of security and issues facing biopharmaceutical and health care organizations. He also leads several security technology groups and is active in a variety of professional associations, including public/private partnership security initiatives.

Jim Reavis
Cloud Security Alliance
Jim Reavis has worked in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist for many years. Jim is helping shape the future of information security as co-founder, executive director and driving force of the Cloud Security Alliance, which aims to promote the use of best practices for providing security assurance within cloud computing. Jim is also the president of Reavis Consulting Group LLC, where he advises security companies, large enterprises and other organizations on the implications of new trends such as Cloud and how to take advantage of them. Jim occasionally blogs at Risk Bloggers. Jim previously served as executive director and has been an international board member for the ISSA. He was a co-founder of the Alliance for Enterprise Security Risk Management, a partnership between the ISSA, ISACA and ASIS, formed to address the enterprise risk issues associated with the convergence of logical and traditional security. Jim currently serves in an advisory capacity for many of the industry's most successful companies. Jim is also a partner with the MetroSITE Group.
Jonathan Richardson
The Black Swan Group, Ltd.
John Richardson is an attorney and consultant in negotiation, decision science and organizational behavior. He teaches law and business students at Harvard, MIT and BC.

An Associate of the Harvard Negotiation Project, he was co-author, with Howard Raiffa, of Negotiation Analysis: the Science and Art of Collaborative Decision-Making. He worked with leaders in the FBI’s Crisis Negotiation Unit to systematize Bureau negotiation policy to share it with allied governments. Currently he works with retired FBI hostage negotiators to teach crisis negotiation to security forces in Abu Dhabi.

Private clients include Goldman Sachs, Morgan Stanley, Microsoft, Boeing and General Mills. He has a practice offering transactional advice on specific negotiations, mainly to hedge fund managers.

Public sector clients include Bir Zeit University, the Archdiocese of Medellin, Columbia, the Citadel, the New York Bar Association and the Department of Justice’s National Advocacy Center

Formerly a partner at Anderson Kill in New York, he received his JD from Harvard and an MA in Organizational Studies from Boston College.

Howard A. Schmidt CISSP, CSSLP
Special Assistant to the President and Cybersecurity Coordinator

Howard A. Schmidt has had a long distinguished career in defense, law enforcement, and corporate security spanning more than 40 years. He brings together the talents of business, defense, intelligence, law enforcement, privacy, academia and international relations through his distinguished career. He currently is Special Assistant to the President and the Cybersecurity Coordinator for the federal government. In this role Mr. Schmidt is responsible for coordinating interagency cybersecurity policy development and implementation and is responsible coordinating engagement with federal, state, local, international and private sector cybersecurity partners.

He served as an augmented member to the President Clinton’s Committee of Advisors on Science and Technology (PCAST) in the formation of an Institute for Information Infrastructure Protection (I3P).   He has testified before congressional committees on computer security and cybercrime, and has been instrumental in the creation of public and private partnerships and information-sharing initiatives. He is regularly featured on cable, broadcast and international media as an expert about cyber-security and critical infrastructure protection and business implications related to this topic. He is a co-author of the Black Book on Corporate Security and author of “Patrolling Cyber Space, Lessons Learned from a Lifetime in Data Security.” He has received numerous awards and recognitions from government and private industry including the CSO Magazine “Compass Award” , Baseline Magazine’s “The 50 Most Influential People in Business IT” as well as the Federal 100 Award to name just a few.

Mr. Schmidt has been a member of the Information Security Privacy Advisory Board (ISPAB) to advise the National Institute of Standards and Technology (NIST), the Secretary of Commerce and the Director of the Office of Management and Budget on information security and privacy issues. He has also been a member of the Permanent Stakeholders Group (PSG) for the European Network Information Security Agency (ENISA).  He was a member of the High Level Experts Group (HLEG) for the ITU and the Global Cyber-security Agenda (GCA). 
Mr. Schmidt holds a bachelor’s degree in business administration (BSBA) and a master’s degree in organizational management (MAOM) from the University of Phoenix.  He also holds an Honorary Doctorate degree in Humane Letters.  Howard was an Adjunct Professor at GA Tech, GTISC, Professor of Research at Idaho State University and Adjunct Distinguished Fellowwith Carnegie Mellon’s CyLab and a Distinguished Fellow of the Ponemon Privacy Institute.

0Derek Slater
Editor in Chief
CSO Magazine
Slater writes and edits features for CSO and helps set the magazine's editorial direction. He also manages the Movers and Shakers section of the website. Particular interests include security metrics, research and benchmarking, and the (inevitable yet reluctant) convergence of the information security and corporate security disciplines. Prior to CSO's launch in 2002, Slater wrote for CIO Magazine for six years. He has also worked as an editor at Computerworld and at Ziff-Davis Interactive. He holds a BA in Linguistics and German from the University of North Carolina at Chapel Hill.
Mark Small
VP, Enterprise Sales
Mark is responsible for overseeing the enterprise regions for Websense. In this role, Mark drives sales and customer satisfaction for large and mid-size enterprises. Mark brings expertise and a broad perspective from nine years of executive sales, product, M&A, and industry experience in IT security, plus a diverse career across multiple industry segments and technology. Prior to joining Websense, Mark was VP of Sales, Americas for Code Green Networks. Mark was a senior VP of Sales at McAfee, Inc., where his responsibilities included enterprise security sales, emerging products, and the government, health and education vertical markets. Mark also held key positions in sales, sales management and strategic alliances in his career at Oracle Corp. Mark is a graduate of the University of California, Davis.
Jeff M. Spivey CPP
Security Risk Management
Jeff M. Spivey, a career security professional, is President of Security Risk Management, Inc. (SRM), a security consulting firm headquartered in Charlotte, North Carolina providing a unique perspective of Security’s role in Enterprise Risk Management. He is also Vice President of RiskIQ a leading edge Risk Intelligence service using semantic analysis of open source information globally…any language. Jeff holds the highest certifications in the security management profession, being Board Certified as a Certified Protection Professional (CPP) and a Physical Security Professional (PSP) by ASIS International. The author of articles in professional journals; Jeff has been a featured speaker at various security, risk management, criminal investigation and counter-terrorism conferences worldwide.
Michael Theis
Executive Director of Insider Threat Strategies
Mr. Theis was the first ever Cyber-Counterintelligence Program Manager for the National Reconnaissance Office and the chief of Cyber-CI investigations. He has more than 25 years of experience as a counterintelligence special agent supporting the Intelligence Community and 30 years of concurrent computer systems engineering experience. He was responsible for overseeing the CI aspects of all information systems that supported NRO programs and activities, to include detecting and deterring insider threats. Prior to September 11, 2001, Mr. Theis spent several years as a senior executive in the private sector. He was a highly sought consultant for the Fortune 500, specializing in network systems engineering and network system security focused on corporate espionage and insider threat detection and countermeasures.
Todd Thiemann
Senior Director, Datacenter Security Marketing
Trend Micro Inc.
Todd Thiemann has been with Trend Micro for nearly eight years. Todd is responsible for global marketing of Trend Micro’s products and technologies designed to secure data center information including virtualization and cloud security, DLP and encryption. Todd is also co-chair of the Cloud Security Alliance Solution Provider Forum.
Keith Waldorf
Doctor Dispense
With more than 20 years of industry experience, Keith Waldorf brings a wide range of technical and operational knowledge to his current role of COO for Doctor Dispense. Doctor Dispense delivers a breakthrough solution for in-house real-time Electronic Point-of-Care Dispensing through a turnkey platform that provides all of the features necessary to manage a mediation and e-prescribing dispensing program. The primary focus of Keith's group is to expand electronic billing, e-prescribing, compliance and integration services of the Doctor Dispense solution.

Keith is a former Managing Partner with Finale Business Solutions, CTO of Captus Networks, and Senior Software Engineer with Cisco Systems and MCI Telecommunications.