Please check back for ongoing updates


Jacob Ansari, Manager, Schellman & Company, Inc.

Mr. Ansari performs and manages PCI DSS assessments. Additionally, Jacob oversees other Payment Card Industry assessment services, namely PA-DSS and P2PE. Jacob’s career spans over fifteen years of information security consulting and assessment services, including network and application security assessments, penetration testing, forensic examinations, security code review, and information security expertise in support of legal matters. Jacob has performed payment card security compliance assessments since the payment card brands operated their own standards prior to the advent of PCI DSS. Jacob speaks regularly to a variety of audiences on matters of information security, incident response, and payment card compliance strategy.


Tom Arnold, CISSP, ISSMP, CFS, CPISM/A, PCI/QSA, PCI PA-QSA, Co-founder and Principal/Head of Forensics, Payment Software Company (PSC)

Mr. Arnold specializes in digital forensics, internal and external security assessments related to US and international standards. He leverages his payments background to evaluate and design security controls and secure systems that accept a variety of traditional and emerging consumer payment technologies. Among his clients are trans-global payment processors; over-the-air and traditional card production/personalization companies; global telecommunication companies; travel and hospitality companies; large multi-national retailers; oil and gas companies; big-box retailers; pharmacies; consumer financial institutions; and, global payment card brands. Tom has an extensive background in Internet eBusiness systems and electronic commerce, having published several white papers, designed and consulted to some of the most successful electronic businesses, and provided policy guidance to the US Government policy makers. Over his career Tom has been consulted by numerous regulatory agencies including the Department of Commerce, Department of Treasury, Department of Justice, World Trade Organization, European Union Tax Ministers, Organization for Economic Cooperation and Development, and the US Fair Trade Commission on topics of Internet commerce, digital rights management, identity theft, fraud, consumer protection and consumer privacy.


Todd Aument, Head of Third-Party Risk and External Audit, Square, Inc.

Mr. Aument has 20 years of payments, risk management, and information security experience. Previously, Mr. Aument founded an information security firm and led the PCI assessment practice. Mr. Aument holds the rare distinction of serving multiple areas of payments security including: Merchant, Acquirer, Service Provider, QSA, and Security Vendor. In his spare time, Todd likes to collect passport stamps.



Dr. Kimberlee Ann Brannock, HP Cybersecurity Manager, Governance & Compliance

Dr. Brannock In her 15th year with HP serves as the only female leader in HP Cybersecurity, and currently holds the position of HP Cybersecurity Manager, Governance & Compliance.

Kimberlee has held a myriad of HP leadership roles specializing in, but not limited to, Cybersecurity, IT, Compliance, Risk, Governance, PCI, Privacy, eDiscovery, SOX, Auditing, Intellectual Property, Contract Management, Alliance Management, & Domain Management.

Kimberlee holds degrees in Accounting, Corporate Accounting, Business, Business Administration, Management Information Systems, and a professional doctorate specializing in Technology and Law (Jurisprudence).  Kimberlee also holds several credentials including the CGRCM-IT, CISA, CSOXM, and PMP.

In addition, Kimberlee serves on the PCI Security Standards Council Board of Advisors.


Brian Byrne, Director of Operations, EMVCo

Mr Byrne is the Director of Operations for EMVCo. His responsibilities include managing day-to-day EMVCo business activity, liaising with other industry bodies and supporting the relationships with EMVCo Associates.

Brian is a payments veteran with over 20 years’ experience in a variety of roles.  Before taking on his current position Brian led the Product Acceptance function for Visa Inc.  Prior to this Brian spent five years in the Visa Chip team where his remit included being Visa’s primary representative on the EMVCo Board of Managers.  Brian helped steer EMVCo through a number of organisational changes including the addition of new equity members and the creation of the EMVCo Associates Programme.

Brian holds an MBA (Honours) from San Francisco State University and a Bachelor of Commerce from the University of Queensland.


Michael Christodoulides, VP Payment Security (Third Party Risk), Barclaycard.

Mr. Christodoulides represents Barclaycard as a Board of Advisor to the PCI SSC, is co-chair of the PCI SSC Small Merchant Taskforce and also a PCI SSC Internal Security Assessor. In his daily role, Michael delivers subject matter expertise and thought leadership, in order to mitigate risks that may threaten the security of payments. Michael is a proud winner of the Barclaycard Champions Award for Service and Excellence, not once but twice! Data and Cyber security has become a top priority for merchants of all sizes, and small businesses in particular should feel empowered to take action and stay ahead of malicious and criminal intent. At Barclaycard we have 50 years of experience to help make the complex simple for businesses of all sizes.



Tim Cormier, Manager for Device Standards, PCI Security Standards Council

Mr. Cormier is a seasoned POS industry insider with over 30 years of experience, Mr. Cormier has worked with small, medium and large size clients across retail, banking, hospitality and transportation sectors. He oversaw multiple client engagement projects from the systems design concept to the complete rollout for all types of electronic payment solutions including Terminal Management Services, magnetic stripe, contactless, and mobile payment transactions. Prior to joining the PCI council, Mr. Cormier held a Director of POS Systems with Ingenico and other engineering positions with VeriFone and Hypercom where he developed high-speed payment solutions for retailers and the bank card industry clients. Mr. Cormier has earned multiple industry designations including Certified Information Security Professional (CISSP), Certified Wireless Network Administrator (CWSP). He is an U.S. AIR FORCE veteran.



Brandy Cumberland Director of Assessor Quality Management (AQM) Programs, PCI Security Standards Council

Ms. Cumberland joined the Council in July 2011 and leads the administration and ongoing operations of the quality management components to support the PCI SSC’s Programs, most notably the Qualified Security Assessor (QSA), Payment Application Qualified Security Assessor (PA-QSA), and Point-to-Point Encryption (PCI P2PE) Programs. Prior to her work with the AQM team, Ms. Cumberland has held positions in quality assurance in the payment security industry, public education, management and retail banking. Ms. Cumberland is a graduate of the University of Houston and holds the CISSP designation.


Brad Dispensa, Senior Solutions Architect, World wide public sector unit, Amazon Web Services

Mr. Dispensa has worked in the public sector space for nearly 17 years and has a deep background in information security and compliance workloads.  In his current role, Brad helps customers design and deploy workloads to meet compliance requirements ranging from small startups to government agencies.


Leon Fell, CPA, CIA, CMA, CISA, CITP, Director of Solutions Standards, PCI Security Standards Council

Mr. Fell is the chairperson of the Council’s PIN Transaction Security (PTS) Working Group. The PTS Working Group is responsible for the management of the security requirements, testing process and approvals for two types of devices – Point of Interaction (POI) and Hardware Security Modules (HSMs). In addition, the group is responsible for the management of PIN Security Requirements, which include processes implemented for the management of cryptographic keys and equipment in connection with the acquisition of PIN based transactions. Mr. Fell also chairs the Card Production Working Group which manages the physical and logical security requirements associated with the production of payment cards. Mr. Fell has over 20 years of information security experience in the payment and energy industries, as well as separate consulting engagements. He is a Certified Public Accountant, Certified Management Accountant, Certified Internal Auditor, Certified Information Systems Auditor and Certified Information Technology Professional.


Raji Ganesh, CISSP, CISA, CRISC,CTPRP, Vice President – Risk and Compliance Programs, Enterprise Risk and Resilience, Fiserv

Ms. Ganesh has led the PCI Compliance program for several years, and currently heads up enterprise, facilities, third party and regulatory risk assessments as well as enterprise GRC platform architecture/modules that support Fiserv’s riskand compliance efforts across the company. Fiserv has 36 level 1 service provider ROCs covering various Fiserv product offerings. Fiserv itself provides a variety of financial service products including award-winning solutions for mobile and online banking, payments, risk management, data analytics and core account processing. At Fiserv, Raji has helped to build a strong and sustainable Risk and Compliance program leveraging holistic and well defined risk management methodology, risk and controls framework and GRC automation to support these enterprise-wide effort.


Laura K. Gray, Director of Communications, PCI Security Standards Council

Ms. Gray develops and executes integrated communications strategies that inform, educate and help PCI Security Standards Council stakeholders take advantage of PCI SSC programs, resources, research and initiatives. Her background includes more than 12 years of global communications and public relations client-side and agency experience in information technology, research, and public policy. Johnson is a graduate of Gordon College and the Institute on Political Journalism.


Rocco Grillo, CISSP, Executive Managing Director  – Cyber Resilience Leader, Stroz Friedberg

Mr. Grillo is Stroz Friedberg’s Cyber Resilience Leader and a member of the firm’s executive management team. His cyber resilience team includes the company’s incident responders and security scientists who deliver the firm’s proactive and reactive cybersecurity capabilities. Previously, Mr. Grillo led Protiviti’s Global Incident Response and Forensics Investigations Practice, where his team of incident responders and forensic examiners successfully triaged some of the largest data breaches recorded in the last decade. Earlier in his career, Mr. Grillo helped develop RedSiren Technologies, a leading MSSP and full services security firm that evolved out of Carnegie Mellon, and held management positions with Lucent Technologies and Bell Atlantic. Mr Grillo is a CISSP, CRMA, PCI-QSA, and Certified Third Party Risk Assessor. He is an affiliate board advisor for FS-ISAC and NH-ISAC, a member of the Shared Assessments Program Steering Committee board, the CLM Cyber Liability Council, and has also served on the board of directors of the NY Metro ISSA Chapter, the IT Policy Compliance Group, and the (i-4) International Information Integrity Institute Research Steering Committee.


Martin Hackleman, Manager, IT Compliance, ParkingSoft, LLC

Mr . Hackleman is a graduate of Emory University with nearly twenty years of Information Technology experience and has seen the evolution of e-commerce throughout the 21st century. Having spent over a decade filling various positions at a top Internet Service Provider, Martin has worked in and around PCI compliance since 2008. Most of his experience was developed during his role in Information Technology Infrastructure Library Release and Change Management as well as during his service as an Approved Scanning Vendor for an ASV company. He  currently acts as the Manager for all IT Compliance at ParkingSoft, LLC.


Stacy Hughes, Senior Vice President – IT Governance, Risk and Compliance, Global Payments, Inc.

Ms. Hughes serves as Senior Vice President – IT Governance, Risk and Compliance for Global Payments Inc. (NYSE: GPN), a leading worldwide provider of payment technology services. Headquartered in Atlanta with more than 8,500 employees worldwide, Global Payments is a member of the S&P 500 with merchants and partners in 29 countries throughout North America, Europe, the Asia-Pacific region and Brazil.  Stacy has worldwide responsibility for the Information Technology and Security Policy Program, compliance functions (PCI-DSS, SSAE 16, SOX, North America Merchant and card scheme compliance), as well as customer security assurance functions for the company.
In addition to being a Certified Public Accountant, Stacy holds the following industry and security certifications: Certified Information Technology Professional (CITP), Certified in Risk and Information Systems Control (CRISC), Chartered Global Management Accountant (CGMA), Payment Card Industry Internal Security Assessor (PCI ISA), Payment Card Industry Professional (PCIP), Certified Chief Information Security Officer (C|CISO) and Certified Information Security Manager (CISM).


Greg Johnson, Vice President of Business Development, A-LIGN

Mr. Johnson has over 30 years of experience in providing counseling and databreach solutions to all levels of corporate and government enterprises in the U.S, Canada, and the United Kingdom. Greg is responsible for acquiring new business, overseeing the business development team, and building and fostering relationships between A-LIGN and security-related associations nationwide.

He has served on multiple executive teams in sales and business development roles with technology and cybersecurity companies such as WordPerfect/Novell, SecurityMetrics, Global Access, and Lancera Security.

Expertise: Business Development and expertise in PCI, Cyber Security, Security Assessments Education: Brigham Young University – B.A. College of Humanities


Jeremy King, International Director, PCI Security Standards Council

Mr. King leads the Council’s efforts in increasing adoption and awareness of the PCI Standards globally. In this role, Mr. King works closely with the Council’s General Manager and representatives of its policy-setting executive committee from American Express, Discover, JCB International, MasterCard, and Visa, Inc. His chief responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SSC managed standards through all international markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences, and meetings with key stakeholders. He also serves as a resource for Approved Scanning Vendors (ASVs), Qualified Security Assessors (QSAs), Internal Security Assessors (ISAs), PCI Forensic Investigators (PFIs), and related staff in supporting regional training, certification, and testing programs.


Tracy Kitten, Executive Editor, BankInfoSecurity & CUInfoSecurity

Ms. Kitten, a veteran journalist with more than 19 years’ experience, she has covered the financial sector for the last 11 years. Before joining Information Security Media Group in 2010, where she now serves as the Executive Editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA’s U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.


Mauro Lance, Chief Operating Officer, PCI Security Standards Council

Mr. Lance is responsible for the day to day operations, business strategy, investments and growth of the Council. He leads the creation and implementation of programs and world-class processes for certification, assessor quality management and training, critical to the Council’s mission of increasing payment card security globally through adoption of the PCI Security Standards.  Most recently, Mr. Lance held leadership positions at the MIT Media Lab and the World Wide Web Consortium, and was a founding director of the Web Foundation. He is a Fulbright Scholar and holds a Master’s degree in Business Administration from Suffolk University, and a Bachelor’s degree in Business Administration from the Pontificia Universidad Católica de Valparaiso. Mr. Lance has lived and worked in Chile, China, France, and the United States.


Troy Leach, CISSP, CISA, Chief Technology Officer, PCI Security Standards Council

Mr. Leach partners with Council representatives, Participating Organizations and industry leaders to develop comprehensive standards and strategies to secure payment card data and the supporting infrastructure. He is a congressional subject matter expert on payment security and the current chairman of the Council’s Standards Committee. Prior to joining the PCI Council, Mr. Leach has held various positions in IT management, software development, systems administration, network engineering, security assessment, forensic analytics and incident response for data compromise. Mr. Leach holds a Master of Science in Telecommunications & Network Management as well as a graduate degree in Information Security Management from Syracuse University.


Jake Marcinko, Standards Manager, PCI Security Standards Council
Mr. Marcinko is responsible for the ongoing development of the security standards including the Payment Card Industry Data Security Standard (PCI DSS), the Payment Application Security Standard (PA-DSS) and the Point-to-Point Encryption Standard (P2PE). In addition, Mr. Marcinko works closely with the payment brands, affiliate members, Task Forces and Special Interest Groups (SIGs) to develop new and emerging standards and guidance documents, information supplements, and self-assessment questionnaires. Prior to joining the Council in 2013, Mr. Marcinko held various leadership positions in IT and Information Security management for the software industry, and has over 15 years of experience leading large, multi-million dollar design projects in areas such as virtualization, mobile computing, electronic payments, tokenization and compliance. Mr. Marcinko is also a frequent speaker and contributor on general Information Security and Privacy matters.


Mark Meissner, Vice President, Public Relations, PCI Security Standards Council

Mr. Meissner leads the Council’s public relations efforts. In this role, Mr. Meissner works closely with the Council’s leadership team to develop communications strategies that promote the PCI Security Standards and the priority initiatives of the Council globally and with a wide range of stakeholders. Mr. Meissner brings more than two decades of experience in helping Fortune 500 companies, elected officials, trade associations and high profile individuals navigate a myriad of communications challenges in the global marketplace. Over the years Mark has worked with many high-profile clients in engaging with major news organizations such as USA Today, The Washington Post, 60 Minutes, The New York Times, The Wall Street Journal, CNN, and The Times of London.
Before joining the PCI Security Standards Council, Meissner was the Founder and President of MJM Strategies, a strategic communications consulting firm.
Meissner began his career in the world of politics. He honed his political skills working on the staffs of two fellow Hoosiers– U.S. Senator Evan Bayh (D-IN) and U.S. Representative Tim Roemer (D-IN). Meissner served as Campaign Manager for Representative Roemer’s successful 1994 re-election campaign. Mark was a candidate for U.S. Congress in 2002, finishing second among a crowded field of five better known candidates for Indiana’s 2nd Congressional District. His underdog campaign was hailed by the media as “relentless” and “impressive”.
Meissner teaches as an Adjunct Professor at The George Washington University Graduate School of Political Management (GSPM) where he has served on the faculty for more than a decade. Meissner holds a Master’s Degree from The American University and a Bachelor’s Degree from Indiana University.


Ruston Miles, Chief Innovation Officer, SVP, Bluefin

Mr. Miles brings 17 years of payment security experience to his role of Chief Innovation Officer where he serves as Bluefin’s security thought leader and evangelist.  Ruston founded Bluefin in 2002 and speaks at conferences and industry events on payment security throughout the year.  Ruston is a PCI Professional (PCIP), a Certified Payment Professional (CPP) and serves as Board Visionary for ETAPAC, the political action committee of the payments industry.


Brian Muirhead, Chief Engineer, Mars Science Laboratory, Caltech/Jet Propulsion Laboratory

Few people in business today have formed and managed teams as high performance or as successful as those that Brian Muirhead has led for NASA. Mr. Muirhead is a hands-on leader working at the front lines of some of the greatest technical and management challenges of today. His experiences and insights as a team builder, technologist, problem solver, and culture change innovator make him an exciting and compelling speaker.
A recipient of two of NASA’s Outstanding Leadership Medals, Brian recently completed his assignment as the Chief Architect of NASA’s Constellation project, a program with the objective of establishing a permanent base on the moon and preparing for human exploration of Mars. In that position, he provided leadership for developing and maintaining a viable architecture for human exploration beyond earth orbit. He was also Chief Engineer of the Mars Science Laboratory during the invention of the Sky Crane, which was used to land the rover ‘Curiosity’ on Mars. He is Chief Engineer of JPL and is a member of its Executive Council.
Currently, Brian is the Project Manager for the Asteroid Redirect Robotic Mission, a mission to rendezvous with a large asteroid, land on it, pick up an approximately 20 ton boulder and return the boulder to the orbit of the moon. Once there a crewed mission, flying in the new Orion capsule, will rendezvous with our boulder-carrying-spacecraft and via two extra vehicular activities (EVAs) to bring samples back to Earth.
Brian is the author of the highly-praised book High Velocity Leadership. His second book, Going to Mars, (with Gar and Judy Reeves-Stevens), offers an insightful and entertaining look behind the scenes at the leaders that make today’s exploration of Mars possible.
Project Manager, Asteroid Redirect Robotic Mission, Chief Engineer, NASA’s Jet Propulsion Laboratory, Former, Chief Architect, NASA’s Constellation program to the Moon and Beyond, Former, Chief Engineer, Mars Science Laboratory
Project Manager, Mars Pathfinder Mission. Senior advisor to the Mars Exploration Rovers, Project Manager, Deep Impact Mission, Engineer of the Year for 1997 by Design News magazine. 1997 Laureate for Space by Aviation Week and Space Technology magazine. Author, High Velocity Leadership: The Mars Pathfinder Approach to Faster, Better, Cheaper (with Bill Simon, HarperBusiness, 1999). Author, Going to Mars (with Gar and Judy Reeve-Stevens, Simon and Schuster, 2004) Since joining JPL in 1978, he has worked on many challenging high technology missions including the Galileo mission to Jupiter and the Earth-orbiting Spaceborne Imaging Radar (SIR-C). Master’s degree in Aeronautical engineering, California Institute of Technology. Bachelor’s degree in Mechanical Engineering, University of New Mexico.matters.


Ken Munro, Partner and Founder, Pen Test Partners LLP

Mr. Munro leads a team of experienced penetration testers, otherwise known as ethical hackers, all of whom have a stake in the business. He regularly blogs on everything from honeypots to hacking cars and is a familiar face on the speaker circuit, sharing candid and sometimes controversial views on all aspects of computer security. Ken has worked in the field of information security for over 15 years.


Peggy Nolan, Principle IT Compliance Analyst, PCI ISA, PCIP, CISA, Liberty Mutual

Ms. Nolan is an experienced PCI ISA with over 18 years of Information Security Project Management expertise behind her. Peggy has a Master of Arts degree in Computer Information Management and a Bachelor of Arts in American History. In her life outside of PCI, Peggy teaches yoga and is a 3rd level black prajioud in Muay Thai Kickboxing. She’s also a writer and has co-authored 4 bestselling books and recently published her first collection of poems. Peggy lives in Derry, NH and travels whenever and wherever she can.


William Noonan, U.S. Secret Service, Senior Cyber Advisor,
Special Agent in Charge, Dallas Field Office

William Noonan is a Senior Executive and federal law enforcement special agent with over 20 years of experience with the U.S. Secret Service, focusing equally on both the protective and investigative responsibilities of the agency.
Mr. Noonan recently assumed responsibilities as the Special Agent in Charge of the Secret Service’s Dallas Field Office, which is responsible for all Secret Service activities in the North Texas District, which spans from Midland to the West, to Waco, and to Tyler in the East. Previously, Mr. Noonan served as the Deputy Special Agent in Charge of the Secret Service’s Criminal Investigative Division, Cyber Operations, where he oversaw the Service’s cyber mission portfolio to include, the Cyber Intelligence Section, the Critical Systems Protection Program, Electronic Crimes Task Forces, and the National Cyber Forensics Institute, the Secret Service’s partnerships with U.S. CERT and the National Cyber Investigative Joint Task Force, and other cyber programs.
Prior to this position, his Secret Service assignments were to the Criminal Investigative Division as the supervisor of the Cyber Investigation Branch and Regions Section, the New York Field Office as the supervisor of the Credit Card Fraud Squad, the James J. Rowley Training Center as a senior instructor, the Vice Presidential Protective Division during both the Clinton and Bush Administrations and a Secret Service Field Office in the Midwest.
Throughout his career, he initiated and managed high profile transnational fraud investigations which involved network intrusions and the theft of data, information and intellectual property from financial institutions and government systems. He began his Secret Service career investigating financial, electronic, and identity theft investigations.


Christopher Novak, Director, Investigative Response, Verizon RISK Team

Mr. Novak is a co-founder and the Director of the Verizon Investigative Response Unit – a division of the Verizon RISK Team. He is an internationally recognized expert in the field of Investigative Response and Computer Forensics. He has been involved with information security for over 15 years. Christopher has assisted corporations, government agencies, and attorneys with all matters involving computer forensics, fraud investigations, and crisis management. He has testified as an expert witness in various matters and before such bodies as the Supreme Court of the State of New York. He has also briefed United States congressional committees such as Senate Banking, House Financial Services, Senate Commerce, House Energy & Commerce, Senate Judiciary, House Homeland Security and Senate Homeland Security & Government Affairs.
He has been an advisor on dozens of high-profile intrusion and data breach investigations around the globe. He works closely with local, state and federal law enforcement agencies as well as joint investigative operations coordinated with foreign law enforcement.
Christopher has worked in various consulting positions within Verizon; from individually contributing to a larger tactical response team to his current position, where he manages a global team of highly skilled consultants. Each of these teams around the world maintains experts in various fields of study and practice, such as forensic analysis, malware reverse engineering, threat intelligence analysis and threat actor attribution, among others… Christopher specializes in high-level crisis and emergency response matters and is regularly consulting with executives from Fortune 500 companies with regard to pre-planning for such situations as well as leading active crisis response matters and liaising with external partners.
Christopher is an active public speaker, discussing various topics ranging from high-level best practices to executive-level crisis management. He has been a contributing member of the Verizon Data Breach Investigations Report since its first publication in 2008 and has been featured in such media outlets as The Wall Street Journal, ABC News, American Banker, and many others. Christopher is an active member among multiple industry trade groups and a frequent guest lecturer at universities. He also serves as an advisor for many industry-related associations in an effort to further promote cybersecurity awareness and education as well as working closely with organizations as it relates to various policy initiatives on the topic of cybersecurity.
Christopher holds a Bachelor of Science Degree in Computer Engineering from Rensselaer Polytechnic Institute.


Sam Pfanstiel, Director, Solution Architecture, Coalfire

Mr. Pfanstiel has two decades of information technology management, e-commerce, mobile payments, and security experience. As the Director of Solution Architecture at Coalfire, he is responsible for translating requirements created by IT risk and compliance mandates into business-centric cyber solutions strategies. Pfanstiel is a member of the PCI Best Practices for Secure E-Commerce working group.  When not working to complete his Ph.D. dissertation on PCI compliance costs, he is an avid marathon runner, husband, and father of three active teenagers.  Prior to joining Coalfire this year, Pfanstiel has served as CEO and CIO for multiple corporations that rely heavily on secure payments and enterprise tools. His experience covers a broad spectrum of disciplines including payment security, PCI compliance, fraud, application security, mobile security, IT infrastructure, secure software development, point-to-point encryption, and card brand compliance.


Dave Phister, Diebold Nixdorf Product Management – Platform Security Technologies

Mr. Phister possesses over 20 years of experience in information security within the financial and federal government sectors. For the past 3 years he has been responsible for managing Diebold Nixdorf’s Platform Security Technology Portfolio and the core solutions that are responsible for protecting global ATM transactions. Prior to that he supported a variety of Department of Defense (DoD) cybersecurity and communications security activities worldwide.  He earned a Bachelor’s Degree in Electrical Engineering and an MBA and is a Professional Cryptologic Engineer and Certified Product Manager.


Beth O’Brien, Principal Product Marketing Manager, RSA, The Security Division of EMC

Ms. O’Brien is a product marketing professional in the Fraud and Risk Intelligence group at RSA, The Security Division of EMC. Focused on antifraud solutions in both the consumer space and payments industry, she has over 10 years of product experience gained across multiple functions including product marketing, product management, sales and operations. Beth received an undergraduate degree from Holy Cross, a Master’s degree from Boston College and an MBA from the University of Massachusetts.


Stephen W. Orfei, General Manager, PCI Security Standards Council

As General Manager, Mr. Orfei leads the PCI Security Standards Council in its mission to educate, empower and protect payment data globally, working closely with merchants, acquirers, financial institutions, security practitioners, law enforcement and other key stakeholders across the global payment eco-system.

Mr. Orfei is a recognized industry expert in global payment platforms, e-commerce, mobile payments, transit and cybersecurity. He is called on regularly for his expertise by government, law enforcement, industry groups and the media. Mr. Orfei has testified before the U.S. Congress as a cybersecurity expert, served as a representative of the United States at the G7 Roma Lyon group of world leaders on card crimes, participated in U.S. Presidential Cybersecurity Summits, and has played a leading role in global Acquirer Forums and PCI Community Meetings around the world.  Orfei regularly meets with top U.S. government officials from a range of agencies to discuss cybersecurity and provide strategic guidance.

A holder of several payments industry patents and awards, Mr. Orfei’s career spans senior posts at several high-profile companies including MCI International, a global telecommunications corporation, where as Director of International Marketing, he oversaw marketing for international business with direct revenue responsibility for over $400 million. Following his successful 13 years of service at MCI International, Orfei spent 14 years at MasterCard Worldwide, a global payments & technology company as Senior Vice-President Emerging Payment Platforms.

In his role at MasterCard, Orfei managed all aspects of development, implementation, and deployment of emerging payment platforms across Global Products and Services. Among his many achievements, Orfei led the entrepreneurial initiative to design, build and demonstrate (NYC-MTA) the next generation of Automated Fare Collection Systems for the transit industry.  The initiative was awarded the prestigious NYU Rubin Center Transportation Industry Innovation Award.

Prior to his leadership of the PCI Security Standards Council, Mr. Orfei served as a security consultant where he led a highly credentialed security team to defend “high value targets” from cyber-attacks.

Orfei is a former U.S. Marine who is active with veteran related charities including the Semper Fi Fund and the Wounded Warrior Project.




Joseph Pierini, CISSP, GCIH, PCI: QSA, PA-QSA, PFI, ASV, Director of Technical Services, Payment Software Company (PSC)

Mr. Pierini is responsible for the development and execution of the penetration testing programs supporting PCI and other privacy laws and regulations. When not leading his team, Joseph presents at security conferences promoting best practices in penetration testing for merchants, service providers and card processors seeking to meet and maintain compliance. Joseph is also an active penetration tester performing internal, external, wireless and social engineering engagements for clients. His field skills range from internal and external vulnerability analysis, web application testing and exploitation to mobile application analysis, antivirus evasion and post-exploitation.

Over the course of his career, Joseph has performed penetration tests and application assessments for over half of the Internet Retailer Top 500, Fortune 1000 and many of America’s top defense contractors. He is also a published vulnerability researcher, having discovered vulnerabilities in applications ranging from Apache Tomcat, Caucho’s Resin Application Server, Search Engines, Web Application Firewalls and various Ecommerce Shopping Carts.


Ralph Poore, Director, Emerging Standards, PCI Security Standards Council

Mr. Poore has over 35 years of information security experience, including more than 20 years of applied cryptography. He has written extensively on information security and cryptography. His work is cited in academic papers, national standards, professional journals, and books. He came to PCI SSC from a small business that was a QSAC, where he was a QSA. In various capacities, he has designed and led teams of developers in cryptographic system projects, resulting in patents of systems based on cryptography. Mr. Poore also supported classified government projects and has assisted in the development of cryptanalytic tools. He has extensive experience in financial services industry and in the development of national and international standards. He is an ISSA Distinguish Fellow and has received numerous awards for his professional work. Mr. Poore holds the following certifications: PCIP, CFE, CISA, CISSP, CHS-III.


Tim Rohrbaugh, Vice President, CaaS, Americas, ControlCase

Mr. Rohrbaugh’s security career started in communication security (comsec) in the military and continued under Government projects for CSC at NATO, DISA, NMRC… as an architect, ST&E team lead, and instructor for the information security.  After leaving the Government consulting world, Mr. Rohrbaugh became a technology and security leader (CISO) for multiple commercial organizations including a financial services firm that created the identity theft response space. Mr. Rohrbaugh’s main focus is anti-fraud, ID verification (US Patent holder) and security strategy. While spending 12 years in this consumer space, he became an authority on consumer products that address consumer risk of identity theft.  Most recently, he has taken a lead role at ControlCase, a world-wide privacy and security compliance consultancy, to grown the Compliance-as-a-Service offering for commercial clients.


Julie Schwartz, Director of Compliance and Risk at WorldPay

Ms. Schwartz leads the compliance program and currently heads up PCI Compliance, Account Data Compromise, Third Party Service Provider registration and compliance, Card Association violations, and Excessive Chargeback and Fraud Programs, as well as sponsorship relations with various sponsor banks and supports Worldpay’s risk and compliance efforts across the company. Worldpay is a global leader in payments processing technology and solutions for business customers. Worldpay operates reliable and secure proprietary technology platforms, enabling companies to accept a vast array of payment types, across multiple channels, anywhere in the world. No matter what your business, Worldpay makes payments simple. At Worldpay, Julie has helped to build a strong and sustainable risk and compliance program and works collaboratively with Worldpay’s leadership team to address various risk and compliance requirements including card association regulations and PCI compliance.


Kevin Simmonds, Director, Cybersecurity and Privacy Practice, PricewaterhouseCoopers

Mr. Simmonds is a Director in PwC’s IT Cybersecurity & Privacy practice based in Atlanta, Georgia. He has over 12 years of experience assisting companies with developing information security programs that are aligned with the business, developing a sustainable PCI security program, performing technical network and application assessments (e.g., penetration testing), and responding to cyber-attacks/breaches. Mr. Simmonds has been an advisor for numerous clients in the financial services, retail & consumer (R&C), healthcare, and technology industries, providing strategic guidance to solve complex business and technology issues.


Jeff Stapleton, Information Security Architect, Wells Fargo Bank

Mr. Stapleton has 30 years’ experience in the financial services industry with 25 years as a security professional involved in developing ANSI and ISO security standards including payments, cryptography, key management, public key infrastructures (PKI) and biometrics. Jeff earned his bachelor and master degrees in computer science from the Universities of Missouri in St. Louis (UMSL) and Rolla (UMR) and has taught information security at Washington University in St. Louis (WUSTL) and the University of Teas in San Antonio (UTSA). He has conducted security assessments of payment networks, financial institutions, and assisted in developing secure payment systems. His book series Security without Obscurity is available from CRC Press (or Amazon Books).


Phil Stead (CISSP, CISM, PCI-QIR) Vice President – Retail Solutions, Limited Partner

Mr. Stead is responsible for designing & leading the expansion of Reliant’s solutions for retail, hospitality & c-store merchants. This includes the implementation of secure systems to process payments and meet PCI DSS 3.2 requirements across brick and mortar & e-Commerce payment systems, enhancement of Reliant’s products and services to meet emerging requirements and direct client engagement. He brings over 20 years of experience in the leadership, development, integration and support for retail solutions. Before joining the Reliant team, Phil served as Director – Store Systems & Implementation for KWI – a SaaS retail technology solution provider – where he led all front-end Point-Of-Sale development and implementation efforts spanning over 125 different global brands.


Chris Strand, Director, Compliance, Carbon Black

Mr. Strand leads Carbon Black’s security risk, audit, and compliance sales and marketing strategy. With more than 20 years of information technology and compliance experience, Christopher oversees the development of enterprise network and application security solutions that help organizations deploy positive security to maintain and improve their compliance posture. ‬
Previously, Strand held security/compliance positions at Trustwave, Tripwire, EMC/RSA, and Compuware. Strand is a PCI Professional (PCIP) and trained QSA and has been certified on and is proficient with other regulatory disciplines including HIPAA, NERC CIP, SOX/GLBA, and multiple IT Security baseline practices and frameworks such as ISO 27001, COBIT, SANS, and NIST 800-53. Strand regularly speaks about security and compliance issues and best practices in keynotes, on webinars and at many industry conferences. He has authored several white papers, published articles in security industry journals, and is frequently quoted as a thought leader by many leading media outlets.


Emma Sutcliffe, Senior Director, Data Security Standards, PCI Security Standards Council

Ms. Sutcliffe oversees a number of PCI security standards, including the PCI DSS and PA-DSS. Ms. Sutcliffe chairs PCI SSC’s Technical Working Group (TWG) and the Tokenization Working Group, where she works closely with the Payment Brands and Affiliate members to develop standards, supporting documentation, and guidance papers. Ms. Sutcliffe has over 15 years’ information security experience and is a current CISSP, CISM, and CISA


Elizabeth Terry, Advanced Research Manager, PCI Security Standards Council

Ms. Terry has over 20 years’ experience in the payment card industry including over 15 years managing enterprise projects encompassing PCI Compliance, system design, implementation, and replacement and most recently standards development initiatives at PCI SSC. Her responsibilities for the Council include research and development of new standards or updates to existing standards to address market changes as well as liaising with other regulatory bodies, vendors, labs and academia. Elizabeth is also the chair for both the Mobile Task Force and the 2016 SIG – Best Practices for Securing eCommerce. Ms. Terry holds a Master’s in Business Administration, Bachelor’s in Computer Science, Project Management Professional certification, and is a Payment Card Industry Professional.


Chad Thiemann, Privacy Director – Information Governance & Privacy Operations, Legal, CVS Health

Mr. Thiemann’s responsibilities include, but are not limited to: HIPAA and FTC Consent Order compliance; PCI-DSS compliance; SOC 2 planning and coordination; HIPAA risk assesment & OCR Audit preparation activities; digital and IT privacy-by-design support.

Prior to joining CVS Health, Chad was the IT Audit Manager for Schering-Plough Pharmaceuticals, a major global pharmaceutical manufacturer. Previous to that, he was a Consulting Manager for Aurther Andersen’s Technology Risk Consulting practice. Chad’s professional career began as a Logistics Officer, on active-duty, in the US Army where he was responsible for strategic losigtics planning, tactical logistics operations, supply chain management and in-transit visibility. Chad currently holds the CIPP/US, CIPM, CISA, CISM and CPISM certifications and has presented on a variety of privacy topics for IAPP, ISACA, R-CISC, SecureWorld and IIA.


Michael Thompson, Standards Manager, PCI Security Standards Council

Mr. Thompson is a Standards Manager, where his role includes technical contributions to PCI standards and related efforts, as well as serving as the current chair of the PCI SSC’s Point-to-Point Encryption working group. Prior to joining the Council, Mr. Thompson has spent the last 10 years involved in security-sensitive and safety-critical engineering roles. Mr. Thompson holds the ISC2 CISSP, ISSAP, ISSMP, and CSSLP designations, as well as being listed on 5 U.S. patents from previous collaborations.


Kishor Vaswani, CEO, ControlCase 

Mr Vaswani is responsible for all lines of Governance, Risk and Compliance (GRC) within ControlCase.  Under his leadership, ControlCase has acquired “Compliance as a Service” (CaaS) clients in more than 40 countries globally.  He brings extensive experience across a broad range of security, privacy and regulatory issues.
Formerly with Ernst & Young LLP, Mr Vaswani led numerous projects for Fortune 500 clients spanning across regulatory policies, security reviews, and assessment of onshore and offshore vendors.  He has served as an advisory member on a Joint Commission on Technology and Science (JCOTS) for the Commonwealth of Virginia.  He has been a speaker on multiple occasions, including the MIS Conference and ISACA.  He holds an MBA from the University of Maryland and a Bachelor’s degree in Computer Science.


Jeff Williams, Founder and CTO of Contrast Security

Mr. Williams, a pioneer in application security, has over 25 years of security experience, speaks frequently on cutting-edge application security, and has helped secure code at hundreds of major enterprises. Jeff also served as the Global Chairman of the OWASP Foundation for eight years, where he created many popular open-source standards, tools, libraries, and guidelines – including the OWASP Top Ten. Contrast is an application agent that enables software to both report vulnerabilities and prevent attacks.


Gill Woodcock, Senior Director of Certification Programs, PCI Security Standards Council

Ms. Woodcock is Senior Director of Certification Programs for the PCI Security Standards Council. Her role encompasses operational management of the Council’s existing programs (including QSA, PA-QSA, ISA, ASV, PFI, PCIP and QIR) as well as developing new certifications programs. Ms. Woodcock works closely with the Standards Development, Training and Assessor Quality Management teams within the Council. Ms. Woodcock has been with PCI SSC since February 2010 and has over 20 years of experience in payment cards and information security.