Speakers at the Enterprise Risk / Security Management - Governance/Risk/Compliance Conference

Marcin Budzik
Over the last year, in the new role as the Company’s IT Security & Compliance Officer, at Fort Dearborn Company, who faces new challenges, including Data Security, Risk Management and Disaster Recovery.  During the tenure with Fort Dearborn, Marcin instigated a number of programs and initiatives including rigid Problem and Change Management, Risk Management and Systems Monitoring. Lead company’s first Disaster Recovery program which resulted a first comprehensive DR Plan and an off-site DR location.  Current challenges include moving to a new DR site and re-evaluating DR requirements from a risk based and business impact analysis perspectives. Between 1994 and 1998 worked for non-for-profit and telecommunication sectors in technical roles including infrastructure consulting, UNIX and Networking.  Through out his career, Marcin has been a holder of key industry certifications, including CNE, MSCE, ITIL and most recently CISSP.  He is member of Association of Computing Machinery, IT Infrastructure Association, and ISC square.  He also holds a BA in Computer Science Northeaster University and graduate degree in Information Systems Management from Roosevelt University. In spare time, Marcin spends time with his family, but also he is not a stranger to scuba and wind surfing.  He is also an aspiring marathoner.
 
Sarah Buerger
Sarah Buerger is the Director of Security Governance and Risk Management at CNA Insurance, a commercial property and casualty insurer based in Chicago. Sarah’s responsibilities include risk assessment, security awareness, IT compliance and controls and audit liaison. Prior to CNA, Sarah was in product management and product development at Ameritech (now AT&T) and was an auditor at Arthur Andersen & Co. in Chicago. Sarah holds a CIPP/IT designation, has an MBA from the Kellogg School of Management at Northwestern and a BS in Accounting from the University of Illinois in Urbana.Bio information goes here.
Joseph Burkard
Joe Burkard is currently the Director of Global IT Security and Risk Management at Baxter International. In this role Joe is responsible for the Global IT Security strategy, policies and governance; Continuity and application recovery; and IT Operations Risk assessment, risk management and reporting. He has over 15 years experience as an Information Technology Risk Consultant, IT Auditor and Information Security practitioner, and he has worked with multiple industries and organizations including Arthur Andersen LLP, Protiviti Inc. and Miller Brewing. Joe is a CISA, CISM and CISSP and is currently pursuing his MBA at the Lake Forest Graduate School of Management. He has previously been a featured speaker at the ISACA 2004 CACS and 2006 Security Management conferences.

 

Drake Cody
 Drake Cody leads the Risk Management group at Allstate Insurance Corporation (AIC). Drake has 15 years of progressive IT and security experience and has been part of numerous key enterprise level security projects and initiatives enhancing Allstate's defense in depth approach to security. Drake has directed the development of the overall Risk Management practice for AIC that has been crucial in managing risk levels through effective security base-lining, metrics and effective risk management framework implementations. Drake also maintains the integrity and security of the corporation's data and systems through proactive management of Application Security, Vulnerability Management, Security Event Analysis, Computer Incident Response, Data leakage prevention (DLP), Electronic Discovery, Records Management and Computer Forensics practices.
 
Michael Gabriel
Michael Gabriel has been employed by Career Education Corporation, a $1.8B for-profit, post-secondary education services company, since 2004 when he was tasked with building an information security program from the ground up. Michael came to CEC from a background in the global investment banking industry, where he provided security management and engineering since 1995. He has also practiced in the security consulting field, including a stint as an interim security director for an Internet banking startup. Michael is sought out for speaking engagements on information security topics and is a frequent contributor to security-related articles.
John Germain
John Germain is the Director of IT Security for ITT Corporation, focusing on building and maintaining IT Security Operational capabilities and designing the overall IT Security Architecture for ITT's global, multi-industry footprint. John is responsible for managing the corporation’s Security Operations Center and heads the Security Engineering team which tests and evaluates new technologies. He also has primary responsibility for Enterprise Security Architecture as a member of the corporation’s Enterprise Architecture team. Previous roles within ITT include supporting and managing the corporate Network Management Center where he established the initial framework for security operations as ITT transitioned its IT to a centrally managed shared services organization. Prior to ITT, John worked as an IT Business Analyst for a mid-size manufacturing company and worked as an IT Consultant with broad experience supporting various Directory Services and Network Security implementations.
Mark Guth

Mark Guth, Manager of IS Security at Nicor Gas, has over 20 years of Management experience in the IT arena. Strong background in telecommunications, network, and operational management for companies such as LaSalle Partners, Ameritech, and Comdisco. For the past 5 years, my Nicor Gas focus has been on operational management, internal controls process development, Security, and Disaster Recovery.

 
Daniel M. Harris
Danny is with Aon's Information Security Services group, and is instrumental in the development and refinement of corporate security policies, standards, and procedures. Specializing in security awareness training, Danny is responsible for the delivery of key security awareness training for the organization, as well as for the development, implementation, and maintenance of the corporate technical information security website. Danny's involvement also includes security audits, security vulnerability and risk assessments on Aon's Internet connections, E-commerce sites, and internal systems. Additionally, he functions as a consulting engineer and architect for secure network systems, with extensive involvement in the deployment of E-Mail content filtering and virus scanning at Aon. Danny is a key member of Aon's Information Security Incident Response Team, where he assists with incident handling. He also evaluates and recommends security products for Aon. Danny also teaches in the Computer Security and Forensics Investigation program at Wilbur Wright College in Chicago and has been an instructor with the SANS Institute for five years. 
Chris John
Chris is the Vice President of IT Risk & Controls for M&I Bank where he is responsible for IT governance, risk and compliance. Chris was selected to chair M&I’s initial Social Media Policy Committee in 2009. This was a cross-functional corporate team charged with creating a social media policy that balanced the business needs of this emerging topic with the bank's legal and regulatory requirements. The resulting policy was approved by the Enterprise Risk Committee and the Board of Directors on the first attempt. Chris serves on the company's operational Social Media Committee in a similar capacity. His career started with a background in finance and accounting where he held positions in Internal Audit for a regional bank, in public accounting with a Big 4 firm, and in corporate reporting for a Fortune 500 company. Chris' career moved into IS and IT where he served as a consultant for a global firm, as an IT Audit Manager, as an Information Security Specialist, and in his current position. All of the IT positions have involved the risk, control and/or security of information systems and technology. Chris is a CISM, CISA, CGEIT and CPA. He also holds a B.B.A. degree from the University of Wisconsin - Whitewater and a M.S. degree from the University of Wisconsin - Milwaukee.
Paul Kunas
Mr. Kunas is the IT Security Governance and Strategy Manager for Exelon Corporation, one of the nation’s leading power utility companies. Mr. Kunas is a CISSP with over 13 years of information security experience consulting and implementing leading edge solutions. Mr. Kunas is responsible for corporate IT security policy and governance decisions to support overall IT risk management within his organization. Mr. Kunas has experience with risk management, vulnerability management, network security, identity and access management, incident response, and other security domains. Mr. Kunas holds a MS in Information and Communication Science from Ball State University.  
Elizabeth Martin
Elizabeth Martin is the Director of Security Services with Redlegg and is responsible for the development and delivery of the Risk Management practice. Elizabeth's tenure includes Arthur Andersen, IBM Internet Security Systems, and Trustwave. She has nearly 15 years experience in the Information Security, Compliance, and Risk Management industry and her expertise lies with assessing organizations and assisting with the development of a strategic approach to Information Security. Ms. Martin has extensive experience delivering Compliance Gap Assessments and Audits, Risk Assessments, Vulnerability Assessments, Policy Framework Development, and Solution Design and Deployments in the automotive, retail, financial, healthcare, government, and managed security services verticals.  
David Ogbolumani
 David Ogbolumani is Director, Global IT Security at the Kellogg Company where he focuses primarily on technology risk management, regulatory compliance, and defining organizational security requirements. David has worked on IT Operations, Network Security, Systems Auditing and Project Management for several leading organizations including GE, Abbott Lab, BP-Amoco, World Bank, Northern Trust Bank, JP Morgan, Aon Corp, Phillips Electronics, CNA Insurance, SunGard Data Systems and the US Government. He holds a Bachelor of Architecture Degree from Louisiana Tech University, a Masters degree in Information Technology and Management from Illinois Institute of Technology and a certificate in Information Systems Project Management from Northwestern University. David also holds the CIA, CISA, CISM and CISSP designations. He is an accomplished speaker, who has made presentations on IT Security and Compliance at Conferences and Symposium for the Institute of Internal Auditors and the MIS Training Institute, amongst others.
Arti Arora Raman  
Arti heads a team responsible for product planning, design, management and marketing, plus partner and advisor programs for the Company. Arti brings product vision, operational skills, and the proven ability to attract world class experts to emerging companies. Arti joined Agiliance from Critical Research Group (CRG), a firm she founded in 2005 to help young companies receive product and market feedback from senior executives at F500 companies. Prior to CRG, Arti co-founded Liquid Engines with Dr. Edward Lazear (Chief Economist at the White House, Professor at Stanford University). There Arti's team designed the first multi-year tax and cashflow optimization application for legal entities, and she attracted renowned tax luminaries and two Noble Prize economists as advisors. Liquid Engines (TRI) raised $22M during her tenure as CEO then head of product/business development. Prior to Liquid Engines, Arti was Director of Customer Care at Zamba, a CRM professional services organization acquired by TSC. There she created the Customer Care Coefficient, a systematic method to assess the quality of customer care and return from investment in CRM Systems. Arti received her MBA from the William E Simon Graduate School of Business and her Bachelors in Economics from Delhi University, India.
Joe Slone Joe is the Chief Architect and Sr. Director Security at 1SYNC, the worlds largest GDSN Data Pool which provides supply chain solution to suppliers and retailers. Joe is responsible for leading all aspects of the company’s enterprise architecture and security program, including strategy and design of application and infrastructure components. He leads technology innovation to support business growth goals & strategies, including the development of in-house security expertise, policies, governance, implementation and representing security to customers, and has made security a competitive differentiator for the company.
 
Steve Sullivan

Steve Sullivan is the Director of Information Technology and Chief Security Officer for Central DuPage Hospital located in Winfield, IL, with convenient care centers and physician offices throughout DuPage County. Central DuPage Hospital is the third largest employer in DuPage County and has been named as a Top 100 Most Wired and Wireless Hospital by Hospital & Health Networks. Steve's role and responsibilities encompass information security, business continuity and disaster recovery. His broad background includes over 20 years in the IT industry from computer/software sales, technical support, programming, product development, change management, project management, IT team management and regulatory compliance issues regarding JCAHO, HIPAA and PCI.

 
Stefan Wahe  
Stefan has been dedicated to developing organizational security and security architecture in Higher Education since 2001. During this time he has developed knowledge and experience in (1) developing and implementing security policies; (2) identifying IT security threats and risks; and (3) identifying and implementing technical and procedural controls. Stefan currently leads a team to secure the enterprise business applications of the University of Wisconsin-Madison and The University of Wisconsin System. During Stefan's career he has work to develop and implement standards for Identity Management through InCommon and Internet2. He also was the primary author of The Open Groups paper titled "Enterprise Security Architecture: A Policy Driven Approach".  
Jay Weber
Jay Weber is a Manager at Zenith Infotech.  
Karl F. Wehden
Karl F. Wehden is the Information Governance Strategist at IBM.Karl Wehden has over 12 years of experience in the high technology and finance sectors. Karl has served as an Information Security Officer for a major investment bank, a national program director for Oracle, and has delivered major initiatives both as part of the business and as a trusted partner. Karl brings a proven track record of developing highly relevant engagement strategies for security and infrastructure technologies. Karl works with customers in highly regulated industries worldwide for IBM, developing and targeting usage of control frameworks and programs for Information Governance. In the course of Karl’s career, he developed one of the early insider threat management practices at a US investment bank from detection, incident management, forensic evidence capture. Karl was an early pioneer in the use of in memory data processing technology for high frequency trading applications for real time trade risk management. Additionally Karl bootstrapped the financial services practices for several successful software companies. Karl started his technical career at a DARPA funded research organization for advanced uses of real time simulations (C2/C3).