Please check back for ongoing updates
Please check back for ongoing updates
Jacob Ansari, Manager, Schellman & Company, Inc.
Mr. Ansari performs and manages PCI DSS assessments. Additionally, Jacob oversees other Payment Card Industry assessment services, namely PA-DSS and P2PE. Jacob’s career spans over fifteen years of information security consulting and assessment services, including network and application security assessments, penetration testing, forensic examinations, security code review, and information security expertise in support of legal matters. Jacob has performed payment card security compliance assessments since the payment card brands operated their own standards prior to the advent of PCI DSS. Jacob speaks regularly to a variety of audiences on matters of information security, incident response, and payment card compliance strategy.
Gareth Bowker, Director of Training Programs, PCI Security Standards Council
Mr. Bowker joined PCI SSC in April 2012, bringing 15 years of experience from the information security field. He initially started as a software developer and soon specialized in secure web application development processes. This led to him joining a PCI ASV company in 2005 where he worked as a penetration tester and consultant, becoming a QSA in 2006, followed by a PA-QSA in 2008. Mr. Bowker has worked with many large financial institutions and merchants on projects around PCI DSS, risk management, data loss prevention as well as conducting forensic and breach investigations. Mr. Bowker is a CISSP and holds a B.Sc. degree.
Michael Christodoulides, VP Payment Security (Third Party Risk), Barclaycard.
Mr. Christodoulides represents Barclaycard as a Board of Advisor to the PCI SSC, is co-chair of the PCI SSC Small Merchant Taskforce and also a PCI SSC Internal Security Assessor. In his daily role, Mr. Christodoulides delivers subject matter expertise and thought leadership, in order to mitigate risks that may threaten the security of payments. Mr. Christodoulides is a proud winner of the Barclaycard Champions Award for Service and Excellence, not once but twice! Data and Cyber security has become a top priority for merchants of all sizes, and small businesses in particular should feel empowered to take action and stay ahead of malicious and criminal intent. At Barclaycard we have 50 years of experience to help make the complex simple for businesses of all sizes.
Tim Cormier, Manager for Device Standards, PCI Security Standards Council
Mr. Cormier is a seasoned POS industry insider with over 30 years of experience and has worked with small, medium and large clients across the retail, banking, hospitality and transportation sectors. He oversaw multiple client engagement projects from the systems design concept to the complete rollout for all types of electronic payment solutions including Terminal Management Services, magnetic stripe, contactless, and mobile payment transactions. Prior to joining the PCI council, Mr. Cormier held a Director of POS Systems with Ingenico and other engineering positions with VeriFone and Hypercom where he developed high-speed payment solutions for retailers and the bank card industry clients. Mr. Cormier has earned multiple industry designations including Certified Information Security Professional (CISSP), Certified Wireless Network Administrator (CWSP). He is an U.S. AIR FORCE veteran.
Brandy Cumberland Director of Assessor Quality Management (AQM) Programs, PCI Security Standards Council
Ms. Cumberland joined the Council in July 2011 and leads the administration and ongoing operations of the quality management components to support the PCI SSC’s Programs, most notably the Qualified Security Assessor (QSA), Payment Application Qualified Security Assessor (PA-QSA), and Point-to-Point Encryption (PCI P2PE) Programs. Prior to her work with the AQM team, Ms. Cumberland has held positions in quality assurance in the payment security industry, public education, management and retail banking. Ms. Cumberland is a graduate of the University of Houston and holds the CISSP designation.
John Elliott, Head of Payment Security, easyJet
Mr. Elliott is a pragmatic cybersecurity, payments and privacy specialist. He is a passionate advocate for the integration of cyber security with business objectives at both a personal and organisational level. His current research aims to improve cybersecurity assurance in contractual and regulatory relationships
John has experienced PCI DSS from all dimensions. He is currently at one of the largest European e-commerce retailers, has was once a QSA and also worked for one of the card brands where he was a member of the technical working groups of the Payment Card Industry Security Standards Council and actively contributed to the development of many PCI standards including PCI DSS. He is a Chartered Fellow of the BCS, holds professional certifications in risk, privacy and security, and is a Pluralsight author.
Leon Fell, CPA, CIA, CMA, CISA, CITP, Director of Solutions Standards, PCI Security Standards Council
Mr. Fell is the chairperson of the Council’s PIN Transaction Security (PTS) Working Group. The PTS Working Group is responsible for the management of the security requirements, testing process and approvals for two types of devices – Point of Interaction (POI) and Hardware Security Modules (HSMs). In addition, the group is responsible for the management of PIN Security Requirements, which include processes implemented for the management of cryptographic keys and equipment in connection with the acquisition of PIN based transactions. Mr. Fell also chairs the Card Production Working Group which manages the physical and logical security requirements associated with the production of payment cards. Mr. Fell has over 20 years of information security experience in the payment and energy industries, as well as separate consulting engagements.
Berny Goodheart , Standards Manager, PCI Security Standards Council
Mr. Goodheart is a computer scientist and author. He is best known fo his books about Internet and Unix technologies. He started working with Unix in 1977 for Root Computers and Digitus. In 1987 he emigrated to Australia and initially worked for NEC before moving to Tandem Computers where he remained for 14 years during its merger with Compaq and then Hewlett-Packard. He returned to Britain in 1996. His most notable achievement upon his return was at Sun Microsystems where he was Project Manager and Chief Technical Architect for project Janus: an in-kernel Linux binary emulation and compatibility layer for Solaris 10 x 86 and AMD64 which has since appeared in OpenSolaris. He has also developed Ultra Density Optical disk based file systems on Linux-based servers for Plasmon and was the technical architect behind the Seagate Object-based Storage Device design. In 2005 he co-founded Secure Electrans Ltd and as CTO, developed a PCI compliant POI device for accepting utility payments in the home. He then took up position at Huawei as Director of R&D for mobile and tablet devices based in Helsinki and during his tenure was a member of the ARM Linaro technical steering Committee.
He was awarded an Honorary Doctorate in the discipline of Computer Science by Associate Professor John Lions, University of New South Wales, Australia, for his work The Magic Garden Explained, The Internals of Unix System V Release 4 (1995) which, among other things outlines the history of Unix and its Australian connection.
Laura K. Gray, Director of Communications, PCI Security Standards Council
As Director of Communications, Ms. Gray develops and executes integrated communications strategies that inform, educate and help PCI Security Standards Council stakeholders take advantage of PCI SSC programs, resources, research and initiatives. Her background includes more than 12 years of global communications and public relations client-side and agency experience in information technology, research, and public policy. Ms. Gray is a graduate of Gordon College and the Institute on Political Journalism.
Matt Hegarty, PCI Business Partner, Royal Phillips
Mr. Hegarty serves as PCI Business Partner under the Chief Information Security Office (CISO) for Royal Philips (NYSE: PHG, AEX: PHIA), a leading health technology company with more than 140,000 employees operating in over 60 countries. He is responsible for working with all Philips ecommerce business lines in assuring that their credit card processes meet the latest PCI DSS compliance requirements. In addition, he is a team lead in a Philips global payments project, collaborating with the Digital, Finance Operations and Integrated Cyber Security Program groups. Mr. Hegarty is a graduate of Harvard University, where he earned a Bachelor of Arts in Philosophy.
Andrew Henwood, CEO, Foregenix
Mr. Henwood is the CEO of Foregenix, a cyber security consultancy and solution provider. Foregenix is a PCI QSA, PA-QSA, P2PE and PFI certified company and provides assessment services and innovative, baked-in cyber security solutions globally.
Mr Henwood is a PCI security industry entrepreneur and is active in evangelising and recommending cyber security best practices through experience garnered from over 18 years of work in the field.
Mr Henwood has been involved within the payments industry since 2001, where he assisted in developing the first versions of the payment brand security standards in Europe. Mr Henwood is a frequent public speaker on cyber security topics.
Stacy Hughes, Senior Vice President – IT Governance, Risk and Compliance, Global Payments Inc. (NYSE: GPN)
Ms. Hughes serves as Senior Vice President – IT Governance, Risk and Compliance for Global Payments Inc. (NYSE: GPN), a leading worldwide provider of payment technology services. Headquartered in Atlanta with more than 8,500 employees worldwide, Global Payments is a member of the S&P 500 with merchants and partners in 29 countries throughout North America, Europe, the Asia-Pacific region and Brazil. Stacy has worldwide responsibility for the Information Technology and Security Policy Program, compliance functions (PCI-DSS, SSAE 16, SOX, North America Merchant and card scheme compliance), as well as customer security assurance functions for the company.
In addition to being a Certified Public Accountant, Stacy holds the following industry and security certifications: Certified Information Technology Professional (CITP), Certified in Risk and Information Systems Control (CRISC), Chartered Global Management Accountant (CGMA), Payment Card Industry Internal Security Assessor (PCI ISA), Payment Card Industry Professional (PCIP), Certified Chief Information Security Officer (C|CISO) and Certified Information Security Manager (CISM).
Brian Hussey, Global Director of Incident Response & Readiness, Trustwave SpiderLabs
Mr. Hussey leads operations for Incident Response and cyber-investigation engagements across the world. Prior to joining Trustwave, Mr. Hussey led an advanced analytical unit within the FBI tasked with computer forensics for major crimes, network intrusions, malware analysis, counter-terror, and counter-intelligence cyber investigations. He has also acted as an expert witness against Russian cyber mafia, and international credit card fraudsters.
He was the primary designer of the FBI’s advanced technical analysis training for network intrusion and malware analysis. He has delivered this training for special agents in FBI field offices across the United States, as well as internationally for cyber units within the police forces in Ukraine, Estonia, Lithuania, Latvia, Japan, Germany, Moldova, and others. He is also an adjunct Professor of Computer Forensics for George Mason University in the Master of Computer Forensics Program.
Jeremy King, International Director, PCI Security Standards Council
Mr. King leads the Council’s efforts in increasing adoption and awareness of the PCI Standards globally. In this role, Mr. King works closely with the Council’s General Manager and representatives of its policy-setting executive committee from American Express, Discover, JCB International, MasterCard, and Visa, Inc. His chief responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SSC managed standards through all international markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences, and meetings with key stakeholders. He also serves as a resource for Approved Scanning Vendors (ASVs), Qualified Security Assessors (QSAs), Internal Security Assessors (ISAs), PCI Forensic Investigators (PFIs), and related staff in supporting regional training, certification, and testing programs.
Mauro Lance , Chief Operating Officer, PCI Security Standards Council
Mr. Lance is responsible for the day to day operations, business strategy, investments and growth of the Council. He leads the creation and implementation of programs and world-class processes for certification, assessor quality management and training, critical to the Council’s mission of increasing payment card security globally through adoption of the PCI Security Standards.
Troy Leach, CISSP, CISA, Chief Technology Officer, PCI Security Standards Council
Mr. Leach partners with Council representatives, Participating Organizations and industry leaders to develop comprehensive standards and strategies to secure payment card data and the supporting infrastructure. He is a congressional subject matter expert on payment security and the current chairman of the Council’s Standards Committee. Prior to joining the PCI Council, Mr. Leach has held various positions in IT management, software development, systems administration, network engineering, security assessment, forensic analytics and incident response for data compromise. Mr. Leach holds a Master of Science in Telecommunications & Network Management as well as a graduate degree in Information Security Management from Syracuse University.
Jake Marcinko, Standards Manager, PCI Security Standards Council
Mr. Marcinko is responsible for the ongoing development of the security standards including the Payment Card Industry Data Security Standard (PCI DSS), the Payment Application Security Standard (PA-DSS) and the Point-to-Point Encryption Standard (P2PE). In addition, Mr. Marcinko works closely with the payment brands, affiliate members, Task Forces and Special Interest Groups (SIGs) to develop new and emerging standards and guidance documents, information supplements, and self-assessment questionnaires. Prior to joining the Council in 2013, Mr. Marcinko held various leadership positions in IT and Information Security management for the software industry, and has over 15 years of experience leading large, multi-million dollar design projects in areas such as virtualization, mobile computing, electronic payments, tokenization and compliance. Mr. Marcinko is also a frequent speaker and contributor on general Information Security and Privacy matters.
Mark Meissner, VP, Public Relations, PCI Security Standards Council
Mr. Meissner leads the Council’s public relations efforts. In this role, Mr. Meissner works closely with the Council’s leadership team to develop communications strategies that promote the PCI Security Standards and the priority initiatives of the Council globally and with a wide range of stakeholders. Mr. Meissner brings more than two decades of experience in helping Fortune 500 companies, elected officials, trade associations and high profile individuals navigate a myriad of communications challenges in the global marketplace. Over the years Mark has worked with many high-profile clients in engaging with major news organizations such as USA Today, The Washington Post, 60 Minutes, The New York Times, The Wall Street Journal, CNN, and The Times of London.
Before joining the PCI Security Standards Council, Meissner was the Founder and President of MJM Strategies, a strategic communications consulting firm.
Meissner began his career in the world of politics. He honed his political skills working on the staffs of two fellow Hoosiers– U.S. Senator Evan Bayh (D-IN) and U.S. Representative Tim Roemer (D-IN). Meissner served as Campaign Manager for Representative Roemer’s successful 1994 re-election campaign. Mark was a candidate for U.S. Congress in 2002, finishing second among a crowded field of five better known candidates for Indiana’s 2nd Congressional District. His underdog campaign was hailed by the media as “relentless” and “impressive”.
Meissner teaches as an Adjunct Professor at The George Washington University Graduate School of Political Management (GSPM) where he has served on the faculty for more than a decade. Meissner holds a Master’s Degree from The American University and a Bachelor’s Degree from Indiana University.
Brian Muirhead, Chief Engineer, Mars Science Laboratory, Caltech/Jet Propulsion Laboratory
Few people in business today have formed and managed teams as high performance or as successful as those that Brian Muirhead has led for NASA. Mr. Muirhead is a hands-on leader working at the front lines of some of the greatest technical and management challenges of today. His experiences and insights as a team builder, technologist, problem solver, and culture change innovator make him an exciting and compelling speaker.
A recipient of two of NASA’s Outstanding Leadership Medals, Brian recently completed his assignment as the Chief Architect of NASA’s Constellation project, a program with the objective of establishing a permanent base on the moon and preparing for human exploration of Mars. In that position, he provided leadership for developing and maintaining a viable architecture for human exploration beyond earth orbit. He was also Chief Engineer of the Mars Science Laboratory during the invention of the Sky Crane, which was used to land the rover ‘Curiosity’ on Mars. He is Chief Engineer of JPL and is a member of its Executive Council.
Currently, Brian is the Project Manager for the Asteroid Redirect Robotic Mission, a mission to rendezvous with a large asteroid, land on it, pick up an approximately 20 ton boulder and return the boulder to the orbit of the moon. Once there a crewed mission, flying in the new Orion capsule, will rendezvous with our boulder-carrying-spacecraft and via two extra vehicular activities (EVAs) to bring samples back to Earth.
Brian is the author of the highly-praised book High Velocity Leadership. His second book, Going to Mars, (with Gar and Judy Reeves-Stevens), offers an insightful and entertaining look behind the scenes at the leaders that make today’s exploration of Mars possible.
Ken Munro, Partner and Founder, Pen Test Partners LLP
Mr. Munro leads a team of experienced penetration testers, otherwise known as ethical hackers, all of whom have a stake in the business. He regularly blogs on everything from honeypots to hacking cars and is a familiar face on the speaker circuit, sharing candid and sometimes controversial views on all aspects of computer security. Ken has worked in the field of information security for over 15 years.
Wayne Murphy, Senior Security Consultant, Sec-1 Limited
Mr. Murphy has a Bachelor of Science degree in Computer Science and a Master’s degree in Business Administration (MBA). Mr. Murphy is a Senior Security Consultant working at Sec-1 Ltd with a degree in Computer Science (B.Sc.) and a Master’s in Business Administration (MBA). Having worked in IT since leaving University in 1997, he has gained extensive networking, Windows, and IT Security knowledge before moving into in to a pure IT Security role in 2007. Wayne obtained his Information Security Systems Professional (CISSP) certification in 2007 and his IT Security job roles have included penetration testing, management, security engineer and PCI DSS QSA. Wayne has recently stepped away from previous job responsibilities to focus on PCI engagements, which is where he feels his expertise and drive can add the most value, whilst continuing to conduct penetration testing as needed. In 2016/2017 he plans to achieve his ISO 27001 Lead Implementer/Auditor, Prince2 and ISACA CRISC qualifications. His ambitions are to make a positive contribution to the Payment Card Industry and deliver meaningful content and materials to help better assist the wider understanding of PCI DSS, the risk assessment that surrounds it, and the active threats it aims to mitigate. He aims to improve the security of all merchants and service providers by providing education through blogs, public speaking and leadership in the field through development contributions of the PCI standards.
Christopher Novak, Director, Investigative Response, Verizon RISK Team
Mr. Novak is a co-founder and the Director of the Verizon Investigative Response Unit – a division of the Verizon RISK Team. He is an internationally recognized expert in the field of Investigative Response and Computer Forensics. He has been involved with information security for over 15 years. Christopher has assisted corporations, government agencies, and attorneys with all matters involving computer forensics, fraud investigations, and crisis management. He has testified as an expert witness in various matters and before such bodies as the Supreme Court of the State of New York. He has also briefed United States congressional committees such as Senate Banking, House Financial Services, Senate Commerce, House Energy & Commerce, Senate Judiciary, House Homeland Security and Senate Homeland Security & Government Affairs.
He has been an advisor on dozens of high-profile intrusion and data breach investigations around the globe. He works closely with local, state and federal law enforcement agencies as well as joint investigative operations coordinated with foreign law enforcement.
Christopher has worked in various consulting positions within Verizon; from individually contributing to a larger tactical response team to his current position, where he manages a global team of highly skilled consultants. Each of these teams around the world maintains experts in various fields of study and practice, such as forensic analysis, malware reverse engineering, threat intelligence analysis and threat actor attribution, among others… Christopher specializes in high-level crisis and emergency response matters and is regularly consulting with executives from Fortune 500 companies with regard to pre-planning for such situations as well as leading active crisis response matters and liaising with external partners.
Christopher is an active public speaker, discussing various topics ranging from high-level best practices to executive-level crisis management. He has been a contributing member of the Verizon Data Breach Investigations Report since its first publication in 2008 and has been featured in such media outlets as The Wall Street Journal, ABC News, American Banker, and many others.
Christopher is an active member among multiple industry trade groups and a frequent guest lecturer at universities. He also serves as an advisor for many industry-related associations in an effort to further promote cybersecurity awareness and education as well as working closely with organizations as it relates to various policy initiatives on the topic of cybersecurity.
Christopher holds a Bachelor of Science Degree in Computer Engineering from Rensselaer Polytechnic Institute.
Rosemary O’Neill, EMVCo 3-D Secure 2.0 Task Force
Since 2015, Ms O’Neill has been participating as a member of the 3-D Secure 2.0 Task Force within EMVCo, the global technical body that facilitates the worldwide interoperability and acceptance of secure payment transactions by managing and evolving the EMV Specifications and related testing processes.
In parallel, Rosemary is senior product specialist employed within Visa Europe’s m/e-Commerce Acceptance Division where she develops the next generation of consumer payment authentication solutions.
Her role at Visa Europe enables Rosemary to combine two areas of particular business interest, perception of security and m/e-Commerce consumer payment authentication. Committed to achieving balance between security and convenience, Rosemary is responsible for developing solutions that reduce friction throughout the payment journey by addressing unmet consumer authentication security needs.
Rosemary has an MBA from Henley Business School and BA Joint Hons from Queen’s University Belfast.
Stephen W. Orfei, General Manager, PCI Security Standards Council
As General Manager, Mr. Orfei leads the PCI Security Standards Council in its mission to educate, empower and protect payment data globally, working closely with merchants, acquirers, financial institutions, security practitioners, law enforcement and other key stakeholders across the global payment eco-system.
Mr. Orfei is a recognized industry expert in global payment platforms, e-commerce, mobile payments, transit and cybersecurity. He is called on regularly for his expertise by government, law enforcement, industry groups and the media. Mr. Orfei has testified before the U.S. Congress as a cybersecurity expert, served as a representative of the United States at the G7 Roma Lyon group of world leaders on card crimes, participated in U.S. Presidential Cybersecurity Summits, and has played a leading role in global Acquirer Forums and PCI Community Meetings around the world. Orfei regularly meets with top U.S. government officials from a range of agencies to discuss cybersecurity and provide strategic guidance.
A holder of several payments industry patents and awards, Mr. Orfei’s career spans senior posts at several high-profile companies including MCI International, a global telecommunications corporation, where as Director of International Marketing, he oversaw marketing for international business with direct revenue responsibility for over $400 million. Following his successful 13 years of service at MCI International, Orfei spent 14 years at MasterCard Worldwide, a global payments & technology company as Senior Vice-President Emerging Payment Platforms.
In his role at MasterCard, Orfei managed all aspects of development, implementation, and deployment of emerging payment platforms across Global Products and Services. Among his many achievements, Orfei led the entrepreneurial initiative to design, build and demonstrate (NYC-MTA) the next generation of Automated Fare Collection Systems for the transit industry. The initiative was awarded the prestigious NYU Rubin Center Transportation Industry Innovation Award.
Prior to his leadership of the PCI Security Standards Council, Mr. Orfei served as a security consultant where he led a highly credentialed security team to defend “high value targets” from cyber-attacks.
Orfei is a former U.S. Marine who is active with veteran related charities including the Semper Fi Fund and the Wounded Warrior Project.
Joseph Pierini, CISSP, GCIH, PCI: QSA, PA-QSA, PFI, QAE, Director of Technical Services, Payment Software Company (PSC)
Mr. Pierini is responsible for the development and execution of the penetration testing programs supporting PCI and other privacy laws and regulations. When not leading his team, Joseph presents at security conferences promoting best practices in penetration testing for merchants, service providers and card processors seeking to meet and maintain compliance. Joseph is also an active penetration tester performing internal, external, wireless and social engineering engagements for clients. His field skills range from internal and external vulnerability analysis, web application testing and exploitation to mobile application analysis, antivirus evasion and post-exploitation.
Over the course of his career, Joseph has performed penetration tests and application assessments for over half of the Internet Retailer Top 500, Fortune 1000 and many of America’s top defense contractors. He is also a published vulnerability researcher, having discovered vulnerabilities in applications ranging from Apache Tomcat, Caucho’s Resin Application Server, Search Engines, Web Application Firewalls and various Ecommerce Shopping Carts.
Ben Rafferty, Global Solutions Director, Semafone
Mr. Rafferty has more than fifteen years’ experience delivering speech recognition, IVR, secure voice payment solutions and contact centre automation on CPE and hosted platforms.
Mr. Rafferty is responsible for the smooth deployment of Semafone’s award winning solutions, and for the overall management of the company’s carrier cloud and cloud offering. Throughout his career, he has successfully delivered programmes for a wide variety of organisations including large multi-national corporations such as SAP, Deloitte, Interflora and Odeon, as well as local and central government, Parliament, the NHS and all “Blue Light” services in the UK and Europe. Mr. Rafferty sits on Semafone’s innovation group, advising on new product development, new markets and technologies to facilitate customer compliance programmes and to maintain Semafone’s own PCI controls. He also regularly works with QSA’s, PSP’s and both UK and Global carriers including Talk Talk, Gamma and BT.
Tim Rohrbaugh, Vice President, CaaS Americas, ControlCase
Mr. Rohrbaugh’s security career started in communication security (comsec) in the military and continued under Government projects for CSC at NATO, DISA, NMRC… as an architect, ST&E team lead, and instructor for the information security. After leaving the Government consulting world, Mr. Rohrbaugh became a technology and security leader (CISO) for multiple commercial organizations including a financial services firm that created the identity theft response space. Mr. Rohrbaugh’s main focus is anti-fraud, ID verification (US Patent holder) and security strategy. While spending 12 years in this consumer space, he became an authority on consumer products that address consumer risk of identity theft. Most recently, he has taken a lead role at ControlCase, a world-wide privacy and security compliance consultancy, to grown the Compliance-as-a-Service offering for commercial clients.
Cameron Ross, Director of Payments Strategy, Eckoh
Cameron co-founded Veritape (acquired by Eckoh in 2013), to provide secure call recording solutions to businesses internationally. After identifying PCI DSS compliance as a growth area, Cameron helped invent Veritape’s patented CallGuard technology. CallGuard allows companies to remove sensitive card data from any existing call recording system. Sales of CallGuard, led by Cameron’s teams, propelled Veritape’s significant growth, ultimately resulting in its sale to Eckoh in 2013. Cameron now helps drive Eckoh’s preeminent position of PCI DSS expertise in the contact centre field.
Dharshan Shanthamurthy, CEO, SISA Information Security Global
Mr. Shanthamurthy is the Founder CEO of SISA Information Security, a global payment security specialist firm having customer presence in over 30 countries. He was responsible of setting up SISA Middle East operations in 2008. Dharshan currently oversees SISA global operations across all regions. Dharshan was the proposer and lead for the PCI DSS Risk Assessment Guidance Document. He was amongst the first qualified security assessors on PCI and PA-DSS standard. Trained at CERT Coordination Center, Dharshan was one of the first authorized trainer/advisor on OCTAVE Risk Assessment Methodology. Having spoken in over 100 information security evens across the globe, he is a sought after speaker on payment security.
Dharshan is a PCI QSA, PA QSA and Core Payment Forensic Investigator. He also holds a CISA, CISSP, OCTAVE Authorized Trainer/Advisor, FCA, ISA, CEH, GIAC, and CPISI Master Trainer.
Kevin Simmonds, Director Cybersecurity and Privacy Practice, PricewaterhouseCoopers
Mr. Simmonds is a Director in PwC’s IT Cybersecurity & Privacy practice based in Atlanta, Georgia. He has over 12 years of experience assisting companies with developing information security programs that are aligned with the business, developing a sustainable PCI security program, performing technical network and application assessments (e.g., penetration testing), and responding to cyber-attacks/breaches. Mr. Simmonds has been an advisor for numerous clients in the financial services, retail & consumer (R&C), healthcare, and technology industries, providing strategic guidance to solve complex business and technology issues.
Frank Simorjay, Director Azure Compliance
Mr. Simorjay (CISSP, ISSA Distinguished Fellow) is a cloud security and compliance subject matter expert. Frank has a passion to promote safe and secure computing practices, especially in today’s rapid adoption of cloud computing.
Frank is a senior program manager with the Microsoft Azure global ecosystem organization. His responsibilities include the development of security, and compliance programs in several markets including telecommunication, healthcare, and financial. Frank has contributed his expertise in publishing security and compliance guidance (https://docs.com/frank-simorjay) that spans, healthcare, financials – including PCI DSS, industry trends, security threat analysis, and cloud principals such as shared responsibility for cloud computing.
Prior to Microsoft Frank was an solutions architect for NetIQ and for NFR Security, where he designed security solutions for enterprise networks in banking and telecommunications.
Frank is the founder and a long-standing member of ISSA Puget Sound, the Seattle-area branch of the Information Systems Security Association, and he has been recognized as a distinguished fellow with the Association. In addition, Frank represents a leadership role with the Cloud Security Alliance (CSA).
Mark Stevens, Senior Consultant, Mandiant
Mr. Stevens joined Mandiant in 2013 as their 1st senior security consultant in EMEA, since then he has worked on and lead incident response investigations around the world. Mr. Stevens has worked on many large scale incident response and proactive assessment engagements into nation state and financially motivated attackers across multiple industry sectors.
Prior to joining Mandiant, Mr. Stevens was the lead security intelligence consultant for Q1 Labs and IBM in EMEA and has an eighteen year security and IT background gained in the financial industry including as the global technical lead for security monitoring at JP Morgan Chase.’
Chris Strand, Senior Director, Compliance and Governance Programs, Carbon Black Inc.
Mr. Strand leads Carbon Black’s security risk, audit, and compliance sales and marketing strategy. With more than 20 years of information technology and compliance experience, Christopher oversees the development of enterprise network and application security solutions that help organizations deploy positive security to maintain and improve their compliance posture.
Previously, Strand held security/compliance positions at Trustwave, Tripwire, EMC/RSA, and Compuware. Strand is a PCI Professional (PCIP) and trained QSA and has been certified on and is proficient with other regulatory disciplines including HIPAA, NERC CIP, SOX/GLBA, and multiple IT Security baseline practices and frameworks such as ISO 27001, COBIT, SANS, and NIST 800-53. Strand regularly speaks about security and compliance issues and best practices in keynotes, on webinars and at many industry conferences. He has authored several white papers, published articles in security industry journals, and is frequently quoted as a thought leader by many leading media outlets.
Emma Sutcliffe, Senior Director, Data Security Standards, PCI Security Standards Council
Ms. Sutcliffe oversees a number of PCI security standards, including the PCI DSS and PA-DSS. She chairs PCI SSC’s Technical Working Group (TWG) and the Tokenization Working Group, where she works closely with the Payment Brands and Affiliate members to develop standards, supporting documentation, and guidance papers. Ms. Sutcliffe has over 15 years’ information security experience.
Elizabeth Terry, Advanced Research Manager, PCI Security Standards Council
Ms. Terry has over 20 years’ experience in the payment card industry including over 15 years managing enterprise projects encompassing PCI Compliance, system design, implementation, and replacement and most recently standards development initiatives at PCI SSC. Her responsibilities for the Council include research and development of new standards or updates to existing standards to address market changes as well as liaising with other regulatory bodies, vendors, labs and academia. Elizabeth is also the chair for both the Mobile Task Force and the 2016 SIG – Best Practices for Securing eCommerce. Ms. Terry holds a Master’s in Business Administration, Bachelor’s in Computer Science, Project Management Professional certification, and is a Payment Card Industry Professional.
Mike Thompson, Standards Manager, PCI Security Standards Council
Mr. Thompson is a Standards Manager, where his role includes technical contributions to PCI standards and related efforts, as well as serving as the current chair of the PCI SSC’s Point-to-Point Encryption working group. Prior to joining the Council, Mr. Thompson has spent the last 10 years involved in security-sensitive and safety-critical engineering roles. Mr. Thompson holds the ISC2 CISSP, ISSAP, ISSMP, and CSSLP designations, as well as being listed on 5 U.S. patents from previous collaborations.
Nigel Tranter, Vice President, Payment Software Company (PSC), CISSP, GCIH, PCI: QSA, PA-QSA, PFI, QAE
Nigel Tranter is a Vice President of PSC. With years of security and procedure experience, Nigel has extensive knowledge of developing and auditing web-site application security systems and assessment processes. He has deployed enterprise level computing infrastructures for both software development and web applications developing and implementing corporate policies and procedures for a number of certification standards.
Prior to PSC, Nigel was the CSO for Finaplex Inc. (now Broadridge Financial Solutions Inc.), where he was responsible for the overall security at Finaplex, taking the company through two certification processes (SysTrust & Trust Services), and leading the deployment and management of the company’s ASP product offering for two leading customers. In the past, Nigel has also consulted for PricewaterhouseCoopers LLP on developing their web application assessment methodology and security procedures. As a Vice President of Customer Support Services, Nigel built the US support team at Sanctum Inc. and developed training programs. He also implemented tools and assessment methodology in support of the company’s web application security products. Prior to that, Nigel was a Director of the Global Rights Registry (GRR) for CyberSource where he achieved ISO 9000 in four months. The GRR handled secure web digital downloads for software publishers such as Symantec, Qualcomm and McAfee.
Nigel holds a degree in Economics from London University. Nigel regularly speaks at the PCI Council Community Meetings and other payment security events.
PSC is one of an elite few independent companies qualified globally to provide expert services to organizations that require specialist compliance or consulting support in the areas of Payments, Security or Compliance. Having performed more than 1,500 PCI assessments for large retailers and service providers, PSC blends experience and expertise to deliver tailored solutions and services to clients who accept, process and manage payments.
Renju Varghese Jolly, Principal Consultant and PFI Core Forensic Investigator, SISA Information Security Middle East
Mr. Varghese Jolly, works as the Principal Consultant at SISA Information Security. He is a PCI QSA, PA-QSA, PCI ASV, P2PE-QSA and a Core Payment Forensic Investigator. He is also an VISA approved PIN Security Assessor and has successfully implemented assessments for PCI Compliance program at leading Banks, Third Party Processors, IT Companies and Payment Gateways. He is a CPISI authorized trainer and has done over 50 workshops on PCI and PA DSS implementations. Renju has been part of many payment forensic investigations in the Middle East and has done over 200 PCI DSS audits during his decade old experience in payment security.
Kishor Vaswani, CEO, ControlCase
Mr Vaswani is responsible for all lines of Governance, Risk and Compliance (GRC) within ControlCase. Under his leadership, ControlCase has acquired “Compliance as a Service” (CaaS) clients in more than 40 countries globally. He brings extensive experience across a broad range of security, privacy and regulatory issues.
Formerly with Ernst & Young LLP, Mr Vaswani led numerous projects for Fortune 500 clients spanning across regulatory policies, security reviews, and assessment of onshore and offshore vendors. He has served as an advisory member on a Joint Commission on Technology and Science (JCOTS) for the Commonwealth of Virginia. He has been a speaker on multiple occasions, including the MIS Conference and ISACA. He holds an MBA from the University of Maryland and a Bachelor’s degree in Computer Science.
Giles Witherspoon-Boyd, Founder, Protocol™ ,Your Path To Compliance™
Giles has 15 plus years in security industry and has experience teaching good, data security practices to SMBs and enterprises.
Gill Woodcock, Senior Director of Certification Programs, PCI Security Standards Council
Ms. Woodcock is Senior Director of Certification Programs for the PCI Security Standards Council. Her role encompasses operational management of the Council’s existing programs (including QSA, PA-QSA, ISA, ASV, PFI, PCIP and QIR) as well as developing new certifications programs. Ms. Woodcock works closely with the Standards Development, Training and Assessor Quality Management teams within the Council. Ms. Woodcock has been with PCI SSC since February 2010 and has over 20 years of experience in payment cards and information security.