Please check back for ongoing updates.


Lib de Veyra, Vice President of Emerging Technologies for JCB International
As a member of EMVCo’s Tokenisation Working Group, Lib de Veyra contributes to the development of the EMV® Payment Tokenisation Specifications and supporting programs.


As Vice President of Emerging Technologies for JCB International, Mr. de Veyra is responsible for JCB’s global fraud risk management, which includes its security compliance programs, network fraud and response management to account data compromises. Mr. de Veyra is also a contributor to the PCI Security Standards Council in the development of security standards and programs serving in the Executive Committee, Management Committee and several technical and operational working groups.


Mr. de Veyra has more than 23 years of experience in the payment card industry, in various roles and disciplines including security, risk, compliance, card issuance, merchant acquiring, finance and business planning. Mr. de Veyra holds a Bachelor’s degree in Economics from the University of California, Los Angeles.


Eiji Fukushima, QSA, Division Head of IT Security Consulting & Solutions, NRI SecureTechnologies, Ltd

Mr. Fukushima is on a mission to develop information security consulting and solution business on behalf of NRI SecureTechnologies in the Asia Pacific area. He has a unique 28 year career working in IT solutions development and consultation. He started his career in the Nomura Research Institute, developing enterprise systems for Nomura Securities, then shifted to retail and distribution systems as a development leader and project manager. After taking a leadership role for a system development framework, he went to NRI Pacific in Silicon Valley as a VP of R&D. After coming back from the West Coast, he moved into NRI SecureTechnologies to dedicate himself to information security consultation such as security audit, gap analysis, risk mitigation PM and even some implementation. This experience means that he has comprehensive skills from system planning, consultation, project management, development, implementation and operation.

He received his Bachelor of Economics degree from Waseda University. He is a PCIDSS QSA (qualified security assessor) and CISA (certified information systems auditor). He is proficient both in Japanese and English.


Session: Information Security Trends from Our SOC and Knowledge Base


Laura K. Gray, Director of Communications, PCI Security Standards Council

Ms. Gray develops and executes integrated communications strategies that inform, educate and help PCI Security Standards Council stakeholders take advantage of PCI SSC programs, resources, research and initiatives. Her background includes more than 12 years of global communications and public relations client-side and agency experience in information technology, research, and public policy. Gray is a graduate of Gordon College and the Institute on Political Journalism.


Session: Continuing the Conversation with PCI’s Executive Team – A Panel Discussion


Andrew Henwood, CEO, Foregenix South Africa

Mr. Henwood is the CEO of Foregenix, a cyber security consultancy and solution provider. Foregenix is a PCI QSA, PA-QSA, P2PE and PFI certified company and provides assessment services and innovative, baked-in cyber security solutions globally.

Mr Henwood is a PCI security industry entrepreneur and is active in evangelising and recommending cyber security best practices through experience garnered from over 18 years of work in the field.

Mr Henwood has been involved within the payments industry since 2001, where he assisted in developing the first versions of the payment brand security standards in Europe. Mr Henwood is a frequent public speaker on cyber security topics.


Session: Global Payment Security Trends with a local APAC Perspective


Jeremy King, International Director, PCI Security Standards Council

Mr. King leads the Council’s efforts in increasing adoption and awareness of the PCI Security Standards internationally. In this role, Mr. King works closely with the Council’s General Manager and representatives of its policy-setting executive committee from American Express, Discover, JCB International, MasterCard, and Visa, Inc. His chief responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SSC managed standards through all international markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences, and meetings with key stakeholders. He also serves as a resource for Approved Scanning Vendors (ASVs), Qualified Security Assessors (QSAs), Internal Security Assessors (ISAs), PCI Forensic Investigators (PFIs), and related staff in supporting regional training, certification, and testing programs.


Session: Get Involved and Support Resources Overview


Shreyas Kumar, CISSP, CISA, HCISPP, Senior Security Strategist, Uber Technologies Inc.

Shreyas Kumar is a Senior Security Strategist at Uber. He is the PCI-ISA for Uber. He specializes in the security of payment systems, and vendor security management. Previously he has worked as security strategist and PCI-ISA for Adobe. He holds a Master’s degree in Computer Science from Texas A&M University, College Station. He holds CISSP, CISA and HCISPP certifications.


Session: PCI DSS Learnings from a Hyper-growth Environment


Mauro Lance, Chief Operating Officer, PCI Security Standards Council

Mr. Lance is responsible for the day to day operations, business strategy, investments and growth of the Council. He leads the creation and implementation of programs and world-class processes for certification, assessor quality management and training, critical to the Council’s mission of increasing payment card security globally through adoption of the PCI Security Standards.  Most recently, Mr. Lance held leadership positions at the MIT Media Lab and the World Wide Web Consortium, and was a founding director of the Web Foundation. He is a Fulbright Scholar and holds a Master’s degree in Business Administration from Suffolk University, and a Bachelor’s degree in Business Administration from the Pontificia Universidad Católica de Valparaiso. Mr. Lance has lived and worked in Chile, China, France, and the United States.


Troy Leach, CISSP, CISA, Chief Technology Officer, PCI Security Standards Council

Mr. Leach partners with Council representatives, Participating Organizations and industry leaders to develop comprehensive standards and strategies to secure payment card data and the supporting infrastructure. He is a congressional subject matter expert on payment security and the current chairman of the Council’s Standards Committee. Prior to joining the PCI Council, Mr. Leach has held various positions in IT management, software development, systems administration, network engineering, security assessment, forensic analytics and incident response for data compromise. Mr. Leach holds a Master of Science in Telecommunications & Network Management as well as a graduate degree in Information Security Management from Syracuse University.


Session: Security Roadmap for Next Generation of Payments


Session: In-Depth Look at PCI’s Global Standards – Part 2


Mike Matan, Vice President, Network Industry Engagement, Product and Marketing, American Express

Mike Matan is Vice President, Network Industry Engagement, Product Management and Marketing at American Express and is based in New York City.


Mike leads the strategic and technical development of network products and capabilities, such as EMV chip-enabled products, tokenization, American Express SafeKey, contactless, mobile NFC payments and the Amex ATM network.  Mike overseas American Express engagement in payment related standards bodies and is on the executive committee of both EMVCo and PCI  Security Standards Council.


Mike leads a global team and works with American Express partners in North and South America, Europe and Asia.


Previously, Mike held several leadership roles across the American Express Technology division.  Mike holds a degree in Computer Science from Manchester University, England


Session: Bringing it All Together – Regional Insights a Panel Discussion


Mark Meissner, VP, Public Relations, PCI Security Standards Council

Mr. Meissner works closely with the Council’s leadership team to develop communications strategies that promote the PCI Security Standards and the priority initiatives of the Council globally and with a wide range of stakeholders. Mr. Meissner brings more than two decades of experience in helping Fortune 500 companies, elected officials, trade associations and high profile individuals navigate a myriad of communications challenges in the global marketplace. Over the years Mark has worked with many high-profile clients in engaging with major news organizations such as USA Today, The Washington Post, 60 Minutes, The New York Times, The Wall Street Journal, CNN, and The Times of London.


Before joining the PCI Security Standards Council, Meissner was the Founder and President of MJM Strategies, a strategic communications consulting firm.


Meissner began his career in the world of politics working on the staffs of  U.S. Senator Evan Bayh (D-IN) and U.S. Representative Tim Roemer (D-IN). Meissner served as Campaign Manager for Representative Roemer’s successful 1994 re-election campaign. Mark was a candidate for U.S. Congress in 2002, finishing second among a crowded field of five better known candidates for Indiana’s 2nd Congressional District.


Meissner teaches as an Adjunct Professor at The George Washington University Graduate School of Political Management (GSPM) where he has served on the faculty for more than a decade. Meissner holds a Master’s Degree from The American University and a Bachelor’s Degree from Indiana University.


Session: Get Involved and Support Resources Overview


Stephen W. Orfei, General Manager, PCI Security Standards Council

Mr. Orfei leads the PCI Security Standards Council in its mission to educate, empower and protect payment data globally, working closely with merchants, acquirers, financial institutions, security practitioners, law enforcement and other key stakeholders across the global payment eco-system.


Mr. Orfei is a recognized industry expert in global payment platforms, e-commerce, mobile payments, transit and cybersecurity. He is called on regularly for his expertise by government, law enforcement, industry groups and the media. Mr. Orfei has testified before the U.S. Congress as a cybersecurity expert, served as a representative of the United States at the G7 Roma Lyon group of world leaders on card crimes, participated in U.S. Presidential Cybersecurity Summits, and has played a leading role in global Acquirer Meetings and PCI Community Meetings around the world.  Orfei regularly meets with top U.S. government officials from a range of agencies to discuss cybersecurity and provide strategic guidance.


A holder of several payments industry patents and awards, Mr. Orfei’s career spans senior posts at several high-profile companies including MCI International, a global telecommunications corporation, where as Director of International Marketing, he oversaw marketing for international business with direct revenue responsibility for over $400 million. Following his successful 13 years of service at MCI International, Orfei spent 14 years at MasterCard Worldwide, a global payments & technology company as Senior Vice-President Emerging Payment Platforms.


In his role at MasterCard, Orfei managed all aspects of development, implementation, and deployment of emerging payment platforms across Global Products and Services. Among his many achievements, Orfei led the entrepreneurial initiative to design, build and demonstrate (NYC-MTA) the next generation of Automated Fare Collection Systems for the transit industry.  The initiative was awarded the prestigious NYU Rubin Center Transportation Industry Innovation Award.


Prior to his leadership of the PCI Security Standards Council, Mr. Orfei served as a security consultant where he led a highly credentialed security team to defend “high value targets” from cyber-attacks.


Orfei is a former U.S. Marine who is active with veteran related charities including the Semper Fi Fund and the Wounded Warrior Project.


Session: PCI’s Strategic Initiatives for 2017


Thanut Pimhataivoot, PCI ISA, ISMS Provisional Auditor, SANS Lethal Forensicator, Ltd.Team Leader, IT Compliance & Audit, NTT Data (Thailand) Co.

Thanut is a security professional currently leading and managing the compliance and audit program at NTT Data Thailand. He has been working closely with several QSAs spanning multiple QSA companies. Leading the company through multiple PCI DSS and PCI PIN security audits at a relatively young age, he brings a fresh perspective into the compliance program. Thanut has a wide hand-on experience in various information security fields including audit, compliance, incident response, cyber forensics, penetration testing, and risk management.


Session: QSA Is Not Your Enemy: How Working with a Great QSA Can Help Strengthen Your PCI DSS Compliance Program into “Business as Usual”


Narendra Sahoo, QSA, CISSP, CISA, CRISC, Director, VISTA InfoSec

Mr. Sahoo carries over 24 years of experience in the IT industry, out of which the last 12 years has been dedicated to VISTA InfoSec. His professional qualifications include PCI QSA, CISA, CISSP, CRISC, ISO 27001 Lead Assessor. Starting off as an assembly language programmer, with the advent of networking and the Internet in India, he moved on into networking and IT management of which InfoSec was a natural progression.


A very well versed professional with proficiency in globally recognized standards such as ISO27001, PCI DSS, ITIL/ISO 20000, COBIT and many international regulations such as HIPAA, CSV, SOX, SSAE16, SOC, etc., Mr.Sahoo has  conducted IT consulting and assessments for large Banks, Software development organizations, Banks, Research & Development companies and BPOs in India and overseas. Well versed with  strategy development and an astute Technical background, he has audited, designed and strategized for a  wide variety of Information security and networking technologies. He has provided consulting services for premier organizations such as Tata Group, Shell Oil, Cipla, numerous payment processing organisations and a host of banks including the Reserve Bank of India and the Indian armed forces.


Session: PCI DSS and the Cloud


Ahmed Selim, Professional Service Manager, Security Meter

Ahmed is Professional Service Manager at SecurityMeter. Throughout 15 years of working for major regional security companies, he conducted a wide range of security services and deployment for major entities in the MENA Region including consultancy, strategic planning and organizational shift over. His early career in IT gave him the opportunity to have wide range of IT Domain and qualified him to focus on Security consultancy.


Session: Mobile Payments: Challenges & Actions


Swati Sharma, QSA, CISSP, CISM, BT Plc., Senior Specialist Security/PCI QSA

Swati has started her corporate career with PCI QSAC and has been playing significant roles in PCI industry e.g. PCI consultant, Project manager, PCI QA, PCI Trainer & Auditor. Over last seven years she has helped organisations to achieve PCI compliance in a cost effective yet secure way. Expertise in innovative compliance solutions in evolving technological environment like cloud. Swati has successfully conducted assessments for PCI at leading PG, Banks, TTP, IT & ITes orgs in different geographies including the US, Middle EAST and APAC region.


Session: Migrating from SSL and Early TLS -Real-time Challenges, Issues and How To Overcome Them as a Merchant & Service Provider

Michael Thompson

Michael Thompson, ISC2 CISSP, ISSAP, ISSMP, CSSLP, Standards Manager, PCI Security Standards Council

Mr. Thompson’s role includes technical contributions to PCI Standards and related efforts, as well as serving as the current chair of the PCI SSC’s Point-to-Point Encryption working group. Prior to joining the Council, Mr. Thompson spent the last 13 years involved in security-sensitive and safety-critical engineering roles. Mr. Thompson is listed on five U.S. patents from previous collaborations.


Session: In-Depth Look at PCI’s Global Standards – Part 1


Chalee Vorakulpipat, CISSP, CISA, PMP, National Electronics and Computer Technology Center (NECTEC), Thailand

Mr. Vorakulpipat earned B.Eng. degree in electronics engineering from King Mongkut’s Institute of Technology, Ladkrabang,  M.S. degree in information technology from Kasetsart University, and PhD degree in information systems from the University of Salford. He is currently the head of Cybersecurity Laboratory, National Electronics and Computer Technology Center (NECTEC), Thailand. He has been involved in several projects in information security (including ThaiCERT), National e-Science, mobile device management, social networking sites, ubiquitous computing, context-aware computing, e-health, and mobile application development. He has over thirty refereed publications in these areas. He also serves as a subcommittee member on issues regarding national information security of Thailand. In his academic role, he works as a lecturer for information systems courses at several universities across Thailand. He holds professional certificates including CISSP, CISA, PMP and IRCA (ISMS Lead Auditor).


Session: Security Awareness, Policies, Practices and Challenges

Pin It on Pinterest