Speakers

Luis Alonso Albir
PCI QSA, CISA, 27001 Lead Auditor, Grupo SIA
Mr. Alonso Albir is the Lead QSA in Grupo SIA and the main expert in GRC modeling and solutions, including GRC management solutions, risk assessment methodologies and tools and standards unification. He also work for the Centre Spatial Guyanais as in flight safety engineer.

Claire Allen
Projects Coordinator, Suresite Group Ltd.

Ms. Allen has over 7 years’ experience in the card processing industry. Her primary project is to manage the rollout of PCI Compliance to a network of over 1,500 small merchants, encompassing a range of different card processing solutions. A key part of this project is to educate the merchants and increase their understanding of PCI DSS requirements with an aim of helping them reach, record and maintain compliance. As a result of working on this project with our acquirer, Ms. Allen became a member of the PCI SSC Small Merchant Business Task Force.

Anthony Amore
Director of Security and Chief Investigator, Isabella Stewart Gardner Museum
Mr. Amore is an expert in security matters, especially those related to cultural property and homeland security.  Presently, he is Director of Security and Chief Investigator at the Isabella Stewart Gardner Museum, where he is charged with the ongoing efforts to recover thirteen works of art stolen from the museum on March 18, 1990.

In 2011, he co-authored the Wall Street Journal true-crime bestseller Stealing Rembrandts: The Untold Stories of Notorious Art Heists.  His second book, The Art of the Con: The Most Notorious Fakes, Frauds and Forgeries in the Art World was published in 2015 and was a New York Times Crime Bestseller.

In addition, he is a columnist for The Observer writing on art theft and security. He has been a lecturer in homeland security at Fisher College and provides analysis on issues related to security and terrorism for a number local and national news outlets, including the BBC, NBC News, NPR, CNN, FOX, and others.

His work as security director has been highlighted in the book Art and Crime: Exploring the Dark Side of the Art World , which describes him as “among the most innovative, and most effective, museum security directors in the world”.

While with the Department of Homeland Security/TSA, he was nominated by his superiors for a Service to America Medal in 2002 and 2003.

​Anthony has fifteen years of national security, law, intelligence, and crisis management experience with federal government agencies. He was instrumental in the reorganization and regionalization of national homeland security efforts post-September 11th and was the FAA’s lead agent responding to the attempted terrorist attack by Richard Reid, the so-called “Shoe Bomber” in December 2001.

Jacob Ansari
QSA (P2PE), PA-QSA (P2PE), CISSP, Director Schellman & Company, LLC

Mr. Ansari’s career spans over 15 years of security assessment services, including leading and performing assessments for PCI DSS, PA-DSS and PCI P2PE, application security assessments, penetration testing, forensic examinations and secure software development practices. Mr. Ansari has performed payment card security compliance assessments since the payment card brands operated their own standards prior to the advent of the PCI DSS. He speaks regularly to a variety of audiences on matters of information security, incident response and payment card compliance strategy.

Andrew Barratt
QSA, PA QSA, P2PE QSA, PA-P2PE QSA Managing Principal, Coalfire Systems, Inc

Mr. Barratt is among the most experienced PCI DSS QSAs in Europe. He leads the global delivery of application security and technical validation services as well as Coalfire’s cyber security services internationally.

Mr. Barratt is actively involved with a number of technology companies, software vendors, payment processors, acquiring banks, insurance underwriters and other complex service providers with sector experience in financial services, oil and gas, retail, software, cloud and technology.

Natasja Bolton
Senior Acquirer Support QSA, Sysnet Global Solutions

Ms. Bolton is one of Sysnet’s managing consultants, within their Cyber Risk Services division. In her role as Senior Acquirer Support QSA, Ms. Bolton engages with Sysnet’s acquiring clients and their merchants, providing guidance and support on payment security and the PCI standards. Ms. Bolton spends a lot of time helping merchants understand PCI DSS and how it applies to their business. Ms. Bolton’s role encompasses consultancy, as well as information security and payment security advocacy through industry participation (such as her participation in the PCI Small Merchant Taskforce), direct client interaction and development of articles and whitepapers published on the Sysnet website. She also delivers technical pre-sales support and provides payment security specialist input to Sysnet’s product and marketing teams.

Pierre Chassigneux
EVP Project & Risk Management Division, Groupement des Cartes Bancaires

Mr. Chassigneux holds degrees in Information Systems Security and National Defense studies. He started his career as an engineer in the French Defense Ministry and after in the French Information Systems Security Agency. He then joined Gemplus as the manager of e-signature Department and then joined Cartes Bancaires.

Michael Christodoulides
CISM, CISA, CRISC, Vice President, Security and Fraud Product Team, Barclaycard

Mr. Christodoulides represents Barclaycard on the Board of Advisors to the PCI SSC, is co-chair of the PCI SSC Small Merchant Business.

Taskforce and also a PCI SSC Internal Security Assessor. In his daily role, Mr. Christodoulides delivers subject matter expertise and thought leadership, in order to mitigate risks that may threaten the security of payments. Mr. Christodoulides is a proud winner of the Barclaycard Champions Award for Service and Excellence, not once but twice! Data and Cybersecurity has become a top priority for merchants of all sizes, and small businesses in particular should feel empowered to take action and stay ahead of malicious and criminal intent. At Barclaycard we have over 50 years of experience helping to make the complex simple for businesses of all sizes.

Tim Cormier
Manager for Device Standards, PCI Security Standards Council

Mr. Cormier is a seasoned POS industry insider with over 30 years of experience, Mr. Cormier has worked with small, medium and large size clients across retail, banking, hospitality and transportation sectors. He oversaw multiple client engagement projects from the systems design concept to the complete rollout for all types of electronic payment solutions including Terminal Management Services, magnetic stripe, contactless, and mobile payment transactions. Prior to joining the PCI council, Mr. Cormier held a Director of POS Systems with Ingenico and other engineering positions with VeriFone and Hypercom where he developed high-speed payment solutions for retailers and the bank card industry clients. Mr. Cormier has earned multiple industry designations including Certified Information Security Professional (CISSP), Certified Wireless Network Administrator (CWSP). He is an U.S. AIR FORCE veteran.

Karen Czack
Vice President of Industry Engagement and Regulation within the Global Network Business, American Express and PCI SSC Executive Committee Chairperson

 Ms. Czack leads a team of network professionals who work with industry partners to create and maintain payment standards with the primary goal of increasing payment security, facilitating global interoperability, enhancing user experience, and ensuring compatibility of payment products with acceptance devices.

Joseph Feiman
Chief Innovation Officer, Veracode

Mr. Feiman is responsible for advanced technologies that drive innovative security strategies. He is a recognized industry leader with nearly two decades’ experience in application development and security, analyzing the markets for Gartner Research. Prior to joining Veracode at the end of 2015, Mr. Feiman was a research VP and Gartner Fellow, leading application and data security research. He is widely credited with shaping application security markets. He is a member of the PCI SSC Software Security Task Force (SSTF) charged with developing a new PCI Software Security Standard (S3).

Tony Gee
Security Consultant, Pen Test Partners LLP

Mr. Gee has been working in IT security for over nine years, both as a security consultant within Finance and at the technology provider for the world-leading Oyster system in London. Mr. Gee speaks widely on computer security and highlighting vulnerabilities in smart devices, and he takes pleasure in helping people understand the risks to their online presence and how to respond to threats to better protect themselves, their families and the business.

Gary Glover
CISSP, QSA, PA-QSA, CISA, Vice President of Assessments, SecurityMetrics

Mr. Glover has worked in the IT security industry as a QSA for over 10 years. Before that, he spent 10+ years in as a software engineer at Novell, McDonnell Douglas, and other startups. Mr. Glover is the author of two US patents, and received a Masters of Science degree in Mechanical Engineering from Brigham Young University.

Peter Gore
Intel Systems Manager, McColl’s Retail Group

Mr. Gore joined McColl’s Retail Group (then TM Retail) in 1999 as IT Development Team Leader. Prior to joining McColl’s Mr. Gore spent 14 years as Programme Manager in the field of military avionics.

Now as McColl’s IT Systems Manager, Mr. Gore is responsible for the development of bespoke, and the integration of proprietary, IT business systems. In 2013 he led McColl’s to PCI compliance and more recently managed the migration of the entire Store estate to the Worldpay Total P2PE card payment solution.

Mathieu Gorge
CEO and Founder, Vigitrust

Mr. Gorge has been involved with the security industry for the last 15 years. In 2003 he identified a gap in the market to provide pro-active consultancy services around key legal aspects of corporate security such as compliance with international data protection legislation as well as industry security frameworks. He started VigiTrust, which enables organisations to achieve and maintain compliance PCI-DSS, PA-DSS, HIPAA and ISO 27001.

Alan Gutierrez-Arana
Director, Risk Advisory Services, National Leader Payment Card Industry (PCI) Services, RSM US, LLP

Mr. Gutierrez-Arana has over 20 years of experience providing IT security and controls assessments, and regulatory compliance consulting for a broad range of consumer services, insurance, banking, finance, and government. He specializes in Payment Card Industry (PCI) controls assessment and compliance, federal and state IT regulatory compliance (PCI-DSS, SOX, HIPAA-HITECH, FFIEC), IT controls design, disaster recovery, IT outsourcing and off-shoring. His client portfolio includes Fortune 100 and Fortune 500 companies, with locations in Asia, Latin America, Europe and the U.S.

Adam Heczko
Security Engineer, Mirantis Inc.

Mr. Heczko helps build OpenStack clouds as a Principal Security Architect at Mirantis. He is a systems engineer in the Mirantis Cloud Platform with a focus on improving information security in OpenStack deployments. He holds multiple (ISC) 2 certifications and has helped multiple Mirantis customers to secure their virtualized Linux environments.

Outside OpenStack, Mr. Heczko has contributed to several open-source projects including Kubernetes and is a member of Kubernetes Vulnerability Management Team. He enjoys spending his free time with his wife and children cycling and traveling.

Lauren Holloway
Director of Standards Coordination, PCI Security Standards Council

Ms. Holloway’s role includes coordinating PCI SSC’s efforts for the Small Merchant Business Task Force as well as working closely with the various PCI teams to drive consistency and alignment across the standards and supporting programs. She joined PCI SSC in 2010 as the Director of Data Security Standards. Prior to joining the Council, Ms. Holloway led and coordinated Visa’s efforts for PCI DSS and PA-DSS and related programs for several years. Ms. Holloway’s extensive information security and audit background includes managing information security at an internet payment gateway, consulting with a Big 4 audit firm, and conducting and managing internal audits for computer systems at a Fortune 500 company. Ms. Holloway holds the CISSP, CISM, and CISA designations.

Stacy Hughes
CITP, CRISC, CGMA, PCI ISA, PCIP, CISM, SVP, Risk and Compliance, Global Payments

Ms. Hughes serves as SVP – IT Governance, Risk and Compliance for Global Payments Inc. (GPN), a leading worldwide provider of payment technology services. Headquartered in Atlanta with more than 8,500 employees worldwide, GPN is a member of the S&P 500 with merchants and partners in 30 countries throughout North America, Europe, the Asia-Pacific region and Brazil. Ms. Hughes has worldwide responsibility for the IT and Security compliance functions – external (e.g. PCI, SOX), merchant, and payment. Ms. Hughes also represents GPN on the PCI Security Standards Council Board of Advisors.

Andrew Jamieson
Technical Manager, Underwriters Laboratories

Mr. Jamieson has been working in the security of payment systems for over 20 years, spending half of his time making devices and the other half breaking devices. During this time he has worked with many different security evaluation methods, such as Common Criteria, FIPS140-2, ISO13491, and PCI everything (DSS, PA-DSS, PTS, P2PE, ASV, PIN). Andrew works in the Security Group of Underwriters Laboratories Consumer division, having previously managed the Device, Audit and Standards area. He holds a bachelors degree in Electrical Engineering, and a Masters Degree in Information Security.

Jeremy King
International Director, PCI Security Standards Council

Mr. King leads the Council’s efforts in increasing adoption and awareness of the PCI security standards internationally. In this role, Mr. King works closely with the Council and representatives of its policy-setting executive committee from American Express, Discover, JCB International, MasterCard, and Visa, Inc. His chief responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SSC managed standards through all international markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences, and meetings with key stakeholders. He also serves as a resource for Approved Scanning Vendors (ASVs), Qualified Security Assessors (QSAs), Internal Security Assessors (ISAs), PCI Forensic Investigators (PFIs), and related staff in supporting regional training, certification, and testing programs.

Mauro Lance
Chief Operating Officer, PCI Security Standards Council

Mr. Lance is responsible for the day to day operations, business strategy, investments and growth of the Council. He leads the creation and implementation of programs and world-class processes for certification, assessor quality management and training, critical to the Council’s mission of increasing payment card security globally through adoption of the PCI Security Standards.  Most recently, Mr. Lance held leadership positions at the MIT Media Lab and the World Wide Web Consortium, and was a founding director of the Web Foundation. He is a Fulbright Scholar and holds a Master’s degree in Business Administration from Suffolk University, and a Bachelor’s degree in Business Administration from the Pontificia Universidad Católica de Valparaiso. Mr. Lance has lived and worked in Chile, China, France, and the United States.

Troy Leach
CISSP, CISA, Chief Technology Officer, PCI Security Standards Council

Mr. Leach partners with Council representatives, Participating Organizations and industry leaders to develop comprehensive standards and strategies to secure payment card data and its supporting infrastructure.

He is a subject matter expert on payment security and has testified on several occasions before various House and Senate Congressional committees.  Mr. Leach also provides guidance and security expertise to a multitude of U.S. and international government entities as well as law enforcement.  Mr. Leach serves on several advisory boards such as ANSI X9, Merchant Acquirer Committee and contributes to online communities such as BankInfoSecurity and CSO Online.  Mr. Leach is often quoted in cybersecurity news stories and has been quoted by news organizations including the Washington Post and Wall Street Journal.

Tracey L. Long
Senior Payment Security PCI DSS Compliance Manager, WorldPay

Ms. Long leads the merchant PCI Compliance programmes on behalf of the largest global acquirer, Worldpay. She has a wealth of experience in PCI compliance, account data compromises and card scheme relationships. She is responsible for managing Worldpay’s PCI compliance programmes for their corporate customers, and she has oversight of their small merchant compliance programme. She has been a serving member of the PCI SSC Board of Advisors since 2015, and she is happy to be trying to shape the future of the standards for the benefit of all.

John Markh
Standards Manager, PCI Security Standards Council

Mr. Markh is a Standards Manager with the PCI Security Standards Council.  His role includes technical contributions to PCI security standards and related efforts, as well as serving as the current chair of the Cloud Special Interest Group. Prior to joining the Council, Mr Markh has worked in various consulting positions across Europe, North America and the Middle East, ranging from performing complex hands on security assessments to, managing a diverse security services portfolio, and leading a team of highly skilled consultants.

Mr. Markh has over 15 years of experience in information security encompassing compliance, threat and risk management, security assessments, digital forensic, application security and emerging technologies such as IoT and Blockchain. Mr Markh holds an MSc degree in Computer Security, BSc in Software Engineering and is a Payment Card Industry Professional.

Mark Meissner
VP, Public Relations, PCI Security Standards Council

Mr. Meissner works closely with the Council’s leadership team to develop communications strategies that promote the PCI Security Standards and the priority initiatives of the Council globally and with a wide range of stakeholders. Mr. Meissner brings more than two decades of experience in helping Fortune 500 companies, elected officials, trade associations and high profile individuals navigate a myriad of communications challenges in the global marketplace. Over the years Mark has worked with many high-profile clients in engaging with major news organizations such as USA Today, The Washington Post, 60 Minutes, The New York Times, The Wall Street Journal, CNN, and The Times of London.

Before joining the PCI Security Standards Council, Meissner was the Founder and President of MJM Strategies, a strategic communications consulting firm.

Meissner began his career in the world of politics working on the staffs of  U.S. Senator Evan Bayh (D-IN) and U.S. Representative Tim Roemer (D-IN). Meissner served as Campaign Manager for Representative Roemer’s successful 1994 re-election campaign. Mark was a candidate for U.S. Congress in 2002, finishing second among a crowded field of five better known candidates for Indiana’s 2nd Congressional District.

Meissner teaches as an Adjunct Professor at The George Washington University Graduate School of Political Management (GSPM) where he has served on the faculty for more than a decade. Meissner holds a Master’s Degree from The American University and a Bachelor’s Degree from Indiana University.

Albert Morell
QSA, Director and Co-founder, A2SECURE

Mr. Morell, with over 12 years’ experience in IT security and a solid technical background in engineering, electronic commerce and cryptography, left the telecom industry to undertake the entrepreneurial endeavor of co-founding a cybersecurity venture focused on PCI-DSS.

A2SECURE has since bestowed some of the European leading companies, notably among payment gateway and tourism industries, with a landmark service upon information and corporate security, as well as consultancy and guidance geared towards regulatory compliance.

Lina Muriel Beltran
Sales, Marketing & Product Development Director, Sipay Plus

Ms. Muriel Beltran is the Sales, Marketing and Product Development Director at Sipay Plus, with an IE MBA. She is a proven expert with more than 10 years of experience in marketing, innovation and customer experience to identify market and consumer trends, insights and opportunities. Ms. Muriel Beltran has been the Sales, Marketing and Product Development Director at Sipay since 2014. She is responsible for developing secure, innovative, omnichannel and customer focused products and services for Sipay.

Yusuf Musaji
CEO Yusufali & Associates (Y&A)

Mr. Musaji is widely published in IT, Financial and Security journals and has authored two books, Auditing and Security and Auditing the Implementation and Operation of ERP Systems.

Y&A (www.ya-cpa.com) is an ISC2, PCIDSS, PCAOB, Fed Ramp and AICPA registered USA based CPA public accounting firm. Its focus remains helping its clients attain superior long-term profitability and growth through well managed and well controlled Technology, Systems and Processes.

Sarah Nicholson
PCIP, FIET, BEng Hons, Security Policy, Risk and Compliance Manager, BT PLC

Ms. Nicholson is currently responsible for security policy, risk and compliance within BT. She has nearly 20 years’ experience within the IT Security arena, with the past six years directing PCI compliance for BT Group.

Christopher Novak
Director, Investigative Response, Verizon RISK Team

Mr. Novak is a co-founder and the Director of the Verizon Investigative Response Unit – a division of the Verizon RISK Team. He is an internationally recognized expert in the field of Investigative Response and Computer Forensics. He has been involved with information security for over 15 years. Christopher has assisted corporations, government agencies, and attorneys with all matters involving computer forensics, fraud investigations, and crisis management. He has testified as an expert witness in various matters and before such bodies as the Supreme Court of the State of New York. He has also briefed United States congressional committees such as Senate Banking, House Financial Services, Senate Commerce, House Energy & Commerce, Senate Judiciary, House Homeland Security and Senate Homeland Security & Government Affairs.

He has been an advisor on dozens of high-profile intrusion and data breach investigations around the globe. He works closely with local, state and federal law enforcement agencies as well as joint investigative operations coordinated with foreign law enforcement.

Christopher has worked in various consulting positions within Verizon; from individually contributing to a larger tactical response team to his current position, where he manages a global team of highly skilled consultants. Each of these teams around the world maintains experts in various fields of study and practice, such as forensic analysis, malware reverse engineering, threat intelligence analysis and threat actor attribution, among others… Christopher specializes in high-level crisis and emergency response matters and is regularly consulting with executives from Fortune 500 companies with regard to pre-planning for such situations as well as leading active crisis response matters and liaising with external partners.

Christopher is an active public speaker, discussing various topics ranging from high-level best practices to executive-level crisis management. He has been a contributing member of the Verizon Data Breach Investigations Report since its first publication in 2008 and has been featured in such media outlets as The Wall Street Journal, ABC News, American Banker, and many others. Christopher is an active member among multiple industry trade groups and a frequent guest lecturer at universities. He also serves as an advisor for many industry-related associations in an effort to further promote cybersecurity awareness and education as well as working closely with organizations as it relates to various policy initiatives on the topic of cybersecurity.

Christopher holds a Bachelor of Science Degree in Computer Engineering from Rensselaer Polytechnic Institute.

Adetokunbo Omotosho
Managing Consultant, Infoprive

Mr. Omotosho is an experienced information technology and information security management executive with experience of driving seamless technology service delivery and enabling security solutions for a major national transaction processing company, banks payment providers, merchants and other organisations. He has been consulting on Payment Card Industry Data Security Standard (PCI DSS) since 2007 and was the program manager for the first PCI DSS compliance in Nigeria in 2009. He is presently a QSA with Infoprive, a pure play information security organization.

Sam Pfanstiel
MBA, CISSP, CISM, QSA (P2PE), ETA CPP, Solution Principal, Coalfire

Mr. Pfanstiel has over 20 years of IT management and security experience, and has served as CEO, CIO, and IT Director for multiple payments-driven technology enterprises. As Solution Principal at Coalfire, Mr. Pfanstiel works to design cybersecurity advisory and assessment consulting services that address unique organizational risks and regulatory compliance requirements. Mr. Pfanstiel’s extensive payments experience includes PCI DSS, P2PE, card brand compliance, fraud, application security, mobile security, cloud and IoT.

Ralph Spencer Poore
Director, Emerging Standards, PCI Security Standards Council

Mr. Poore has over 35 years of information security experience, including more than 20 years of applied cryptography. He has written extensively on information security and cryptography. His work is cited in academic papers, national standards, professional journals, and books. He came to PCI SSC from a small business that was a QSAC, where he was a QSA. In various capacities, he has designed and led teams of developers in cryptographic system projects, resulting in patents of systems based on cryptography. He is also a long-time member of International Association for Cryptologic Research (IACR). Mr. Poore also supported classified government projects and has assisted in the development of cryptanalytic tools. He has extensive experience in financial services industry and in the development of national and international standards. He is an ISSA Distinguish Fellow and an ACM Senior Member, and has received numerous awards for his professional work. Mr. Poore holds the following certifications: PCIP, CFE, CISA, CISSP, CHS-III.

Jeff Skiles
Co-Pilot of U.S. Airways Flight 1549, “The Miracle on the Hudson”

“No terrible thoughts went through my head, none at all. I didn’t worry that I might not live through this—and no pilot would. Unless the situation is completely out of your control, there’s always something you can do.”

On a bright, 20-degree afternoon in January, US Airways Flight 1549 accelerated down New York La Guardia Airport’s main runway, loaded with 155 passengers and crew, headed skywards for Charlotte, NC. Everything was normal until First Officer Jeff Skiles spotted a formation of Canada geese almost directly ahead. In a matter of seconds, he heard numerous thunks as the birds impacted the aircraft. Both engines immediately failed. Captain Chesley Sullenberger took over flying the plane and lowered the nose down to retain airspeed. Within seconds, the pilots made the decision that returning to LaGuardia was simply not possible—they’d have to fly over densely populated areas and there was no guarantee that they’d make it. Surrounded by nothing but skyscrapers and neighborhoods, they decided to head to the only open, flat space available—the Hudson River. Jeff Skiles details the lessons, training, and scenarios that led to the “Miracle on the Hudson” and what businesses can take away from it with a great sense of humor and natural storytelling ability.

Adapt, React, and Don’t Fear a Change of Course. The son of two pilots, Skiles started flying at the age of 16 and has logged over 21,000 hours in the sky. Skiles has spent the last 30 years as a US Airways pilot and his lifetime of experiences contributed to the astounding outcome. The perfect landing was not a fluke; it was the result of intense training, preparation, and the lessons learned from other pilots’ successes and failures.

Skiles believes that life changes all around you, and if you can’t adapt and change with it, you can’t succeed. He attributes the success of the emergency landing on the Hudson to the extensive training that all members of a flight crew experience. From the mechanics and the maintenance workers to the people who write the emergency protocols and the flight attendants, he believes that every level of the US Airways organization is responsible for the outcome on January 15, 2009. While he and Captain Sullenberger piloted the plane to a safe landing, the success was a group effort representing the contributions of an entire organization.

Jo Smith
PCI Business Analyst, Worldpay

Ms. Smith joined Worldpay in early 2014 bringing a wealth of experience in compliance and data security. Prior to Worldpay she spent 12 years at Next Group Plc working predominantly in Information Security which included their PCI programme. Before Next, Ms. Smith’s first job was working in payments at HSBC. She holds a BA Hons degree in History.

Now as one of a team of consultants Ms. Smith is responsible for working with some of the largest organisations globally ensuring accurate reporting to the Card Brands on their PCI compliance position. She is also responsible for writing & publishing Worldpay’s, PCI in the Spotlight quarterly newsletter as well as providing technical support and assistance to both her colleagues and customers on the more complex requirements of PCI.

Emma Sutcliffe
Senior Director, Data Security Standards, PCI Security Standards Council

Ms. Sutcliffe oversees a number of PCI security standards, including the PCI DSS and PA-DSS. Ms. Sutcliffe chairs PCI SSC’s Technical Working Group (TWG) and the Tokenization Working Group, where she works closely with the Payment Brands and Affiliate members to develop standards, supporting documentation, and guidance papers. Ms. Sutcliffe has over 15 years’ information security experience and is a current CISSP, CISM, and CISA.

Elizabeth Terry
CISSP, PMP, PCIP, Advanced Research Manager

Ms. Terry has over 20 years’ experience in the payment card industry including over 15 years managing enterprise projects encompassing PCI Compliance, security, system design, implementation, and replacement and most recently standards development initiatives at PCI SSC. Her responsibilities for the Council include research and development of new standards or updates to existing standards to address market changes as well as liaising with other regulatory bodies, vendors, labs and academia. Elizabeth is also the chair for the Mobile Task Force. Ms. Terry holds a Master’s in Business Administration and a Bachelor’s in Computer Science.

Michael Thompson
Standards Manager, PCI Security Standards Council

Mr. Thompson is a Standards Manager, where his role includes technical contributions to PCI standards and related efforts, as well as serving as the current chair of the PCI SSC’s Point-to-Point Encryption working group. Prior to joining the Council, Mr. Thompson has spent the last 10 years involved in security-sensitive and safety-critical engineering roles. Mr. Thompson holds the ISC2 CISSP, ISSAP, ISSMP, and CSSLP designations, as well as being listed on 5 U.S. patents from previous collaborations.

Nigel Tranter
Vice President, Payment Software Company (PSC)

Mr. Tranter has years of security and procedure experience. He has extensive knowledge of developing and auditing web-site application security systems and assessment processes. Mr. Tranter has deployed enterprise level computing infrastructures for both software development and web applications developing and implementing corporate policies and procedures for a number of certification standards.

Marie-Christine Vittet
Data Risk Manager, AccorHotels

Mrs. Vittet is in charge of the PCI DSS Program for AccorHotels Group (more than 4,100 hotels in 92 countries). With the new GDPR (General Data Protection Regulation), her role has been extended to “sensitive data,” and she participates now on the data compliance construction site as Data Risk Manager. From this position, she coordinates the annual assessment process and animates the worldwide community to follow local headquarters and hotels compliance. In the central working team, her mission is to adapt operational processes to achieve compliance.

She has spent 20 years in the hospitality industry and she specializes in the management of complex projects and scope; more precisely, during times of major restructuring changes in organizations. She initiated and directed many technological innovation projects for the IHC Group and Dorchester Collection, always oriented toward customer service.