Please check back for ongoing updates.


Ohen Afriyie
Manager, IT Consulting – Cybersecurity, Protiviti

Mr. Afriyie specializes in PCI projects, penetration testing, technical vulnerability assessments and IT governance assessments. He has over 10 years of technology risk and information security experience and has been involved in numerous IT related projects including being engaged at all phases from assessing client needs to solution delivery with extensive experience delivering IT security as well as governance projects.


Jacob Ansari
QSA (P2PE), PA-QSA (P2PE), CISSP, Director, Schellman & Company, LLC

Mr. Ansari’s career spans 18 years of security assessments, consulting, and security engineering. He has been involved in payment card security since the card brands operated their own standards before PCI DSS. In his current role, he provides technical leadership for its PCI practice, and oversees other Payment Card Industry assessment services, namely PA-DSS and P2PE.


Bill Bolton
Vice-President, Information Technology, The HoneyBaked Ham Company

Mr. Bolton specializes in delivering highly effective business solutions through the enablement of technology. He has spent over 24 years managing the development of an enterprise-wide “Order Anywhere, Fulfill Anywhere” Retail Management System, including POS, eCommerce, labor, and back-office solutions. His focus is enabling an Omni-Channel platform that can meet the evolving needs of the HoneyBaked consumer and brand. As a technology leader, Mr. Bolton’s objective is to provide the highest quality technology-based services delivered in the most cost-effective way to facilitate the strategic objectives of the company. He leverages solid foundational systems and transformational initiatives linked to IT’s strategic alignment resulting in a collaborative partnership that facilitates the greatest value to both the company and its consumers.


Brian Byrne
Director of Operations, EMVCo

Mr. Byrne’s responsibilities include managing day-to-day EMVCo business activity, liaising with other industry bodies, and supporting the relationships with EMVCo Associates. Brian is a payments veteran with over 20 years’ experience in a variety of roles. Before taking on his current position Brian led the Product Acceptance function for Visa Inc. Prior to this Brian spent five years in the Visa Chip team where his remit included being Visa’s primary representative on the EMVCo Board of Managers. Brian helped steer EMVCo through a number of organisational changes including the addition of new equity members and the creation of the EMVCo Associates Programme.


Laura Chadwick
Program Director, Membership Development & Industry Relations, National Restaurant Association

Ms. Chadwick serves the National Restaurant Association as its Program Director – Technology & Data Security within the Membership Development & Industry Relations department. Previously, she worked in the National Restaurant Association’s Public Affairs department on these topics as a federal lobbyist. Ms. Chadwick has also worked for the Consumer Technology Association, U.S. Congressman Mike Thompson (CA-05) and U.S. Congressman Adam Schiff (CA-28). She graduated from Washington & Lee University with a Bachelor’s in Politics and holds a Masters of Public Administration from American University.


Jonathan Lewis Christopherson
Principle Engineer, Target Corporation

Mr. Christopherson is a developer, software architect, and infrastructure engineer with over two decades of retail experience, with additional years in the public service and academic sectors. He is a contributing editor to the eight Linux Benchmarks published by the Center for Internet Security and an active member of several cloud and compute standards bodies and open source projects.


Tim Cormier
Manager for Device Standards, PCI Security Standards Council

Mr. Cormier is a seasoned POS industry insider with over 30 years of experience. Mr. Cormier has worked with companies of all sizes across retail, banking, hospitality and transportation sectors. He oversaw multiple client engagement projects from systems design concept to the complete rollout for all types of electronic payment solutions including Terminal Management Services, magnetic stripe, contactless, and mobile payment transactions. Prior to joining the Council, Mr. Cormier was the Director of POS Systems with Ingenico and held other engineering positions with VeriFone and Hypercom where he developed high-speed payment solutions for retailers and the bank card industry clients. Mr. Cormier has earned multiple industry designations including Certified Information Security Professional (CISSP), Certified Wireless Network Administrator (CWSP). He is also a U.S. AIR FORCE Veteran.


Joshua Costa
Senior Consultant, Investigative Response, Verizon Threat Research Advisory Center

Josh Costa responds to a wide array of cyber-security incidents, performs digital forensic examinations, and assists organizations in implementing incident response policies and procedures. He is also responsible for delivering incident response, digital forensics, and security focused training and presentations to executive management and technical personnel.


Prior to joining Verizon, Mr. Costa worked in various consulting roles where he performed digital forensic investigations in corporate, private, civil, and criminal matters. His experience includes computer forensic examinations, cellular forensic investigations, and e-Discovery collection and processing.


Brian Dean
Principle Security Consulting Lead, Dell Secureworks

Mr. Dean is an experienced audit and compliance manager, chief privacy officer, HIPAA officer, professor of Information Security, project leader and president of the board of trustees for NH Board. He is experienced in resource management, project management, risk management, software development, regulatory compliance, and process reengineering, enterprise security/privacy programs and developing policies and processes for secure system configuration. Mr. Dean specializes in executing complex IT audits, security assessments, risk assessments, and regulatory/industry compliance engagements for domestic and international mid-tier and large corporations.


Danny Dhillon
Distinguished Member of Technical Staff, Dell

Danny Dhillon has over 17 years of experience as a security engineer, working on a variety of systems from enterprise security products such as federation and strong authentication to IT infrastructure systems such as backup, storage and hyper converged infrastructure.  He has published peer reviewed papers on optimized link state routing security, applied cryptography, threat modeling, and security verification. He is a member of the SAFECode technical leadership council and founding member of the IEEE Center for Secure Design.  He currently leads technical definition of the Dell Security Development Lifecycle.


Dan Fritsche
Vice President, Solution Architecture, Coalfire

Mr. Fritsche has over 19 years of experience in application and network security architecture. In his role at Coalfire, he leads a team that is responsible for translating requirements created by IT risk and compliance mandates into business-centric cyber solutions strategies. He is adept at demonstrating emerging technology solutions and architecture with company alignment to improve both business bottom line and security posture.


Tabitha Gallo
CISSP, QSA, PCIP, Senior Security Consultant in the Advisory Services team, Herjavec Group

Ms. Gallo possesses over 20 years’ experience in the areas of corporate governance, privacy and security risk management. She excels at working with organizations in their quest to safeguard critical business information assets, and helping them achieve and exceed their strategic and operational information technology control objectives.


Tabitha is currently a Senior Security Consultant in the Advisory Services team at Herjavec Group where she is the Practice Lead for Privacy, as well as performing PCI and Governance engagements. Herjavec Group is a global information security firm offering comprehensive protection services to minimize cyber attacks and threats. Herjavec Group was founded in 2003 by dynamic IT entrepreneur, Robert Herjavec.


Alexis Gargurevich
Senior Manager, PricewaterhouseCoopers LLP (PWC)

Mr. Gargurevich is a Senior Manager with the Cybersecurity & Privacy practice for PricewaterhouseCoopers in Toronto. He has over 15 years of experience as an Information Security advisor having worked in different geographies and currently specializes in Payments Security and Digital Privacy. He is a PCI-QSA and holds an MSc in Information Security from Royal Holloway University of London, UK. Mr. Gargurevich is a passionate contributor on the adoption of new technologies to enhance privacy and digital payments.


David Gianna
Senior Manager, IT Consulting – Cybersecurity, Protiviti

Mr. Gianna has more than 25 years of business experience in risk management, compliance and security process improvement. He has led numerous remediation and compliance projects, including testing and assessment of systems, networks, applications, policy development, process documentation and development, penetration testing, and network security intervention. He has participated in the PCISSC Cloud Security SIG, contributing to cloud security guidance for PCI.


Gina Gobeyn
Chief Risk Management Officer, Payment Services, Discover

Ms. Gobeyn is currently Chief Risk Management Officer of Payment Services for Discover, where she oversees internal control, counterparty risk management, compliance, payment security and fraud prevention programs.
Prior to joining Discover in 2006, Ms. Gobeyn held information security positions at the Federal Reserve Bank of Chicago, AON Insurance, and Internet Security Systems (ISS).


Ms. Gobeyn has a Bachelor of Science in Business Administration from the University of Illinois – Urbana/Champaign, and is a Certified Information System Security Professional (CISSP). Ms. Gobeyn represents Discover on PCI Security Standards Council, LLC as a member of the Executive Committee. She previously represented Discover on the Federal Reserve System’s Secure Payments Task Force.


Angel Grant
Director, Identity, Fraud and Risk Intelligence, RSA

In her current role, Ms. Grant leads the go-to market strategy, planning and execution for the Enterprise and Consumer Authentication, Identity and Access Management, Anti-Fraud and Threat Intelligence product portfolios at RSA. She participates on the FS-ISAC Affiliate Board, NACHA Payments Alliance Risk, Regulatory and Security Advisory Committee and the Federal Reserve Bank Secure Payments Task Force. She has over 20 years of experience in the security, eCommerce and financial services industries.


Oleg Gryb
Chief Security Architect, Visa Inc.

Mr. Gryb is responsible for working in security architecture and security engineering domains for Visa Inc. He was previously Sr. Manager and de-facto CISO of Samsung’s IoT platform called Artik Cloud. Before that he worked as Security Architect at Intuit, where he was creating architecture for mission critical financial and business applications. Gryb participates actively in creating open source software in security, data protection, identity management, multi-factor authentication and other domains. Oleg is passionate about embedding security to all SDLC stages, threat modeling, enforcing security in web service fabric, security tools, cloud, IoT and mobile security. He is adept at building data protection solutions based on security appliances, such as Secure Elements for devices, nCipher, DataPower, Ingrian, Safenet, researching new multi-party computation approaches to cryptography and collaboration on private data.


Rob Harvey
Director, Risk, Security and Privacy, Online Business Systems

Mr. Harvey is a business and technology expert with over nine years of PCI consulting experience, 14 years of security consulting experience, and 18 years in IT. In his current role, Mr. Harvey helps to build, grow, and lead a pragmatic, risk-based, business-minded security consulting practice that focuses on governance and program management, including PCI, vulnerability management, and data protection.


Rick Heroux
EVP Risk and Investigations, Conformance Technologies

Since 1999 Mr. Heroux has advised companies ranging in size from Fortune 100 to retail enterprises. Specializes in creating and promoting secure, compliant business practices that protect businesses from both internal and external fraud. Mr. Heroux is also a specialist in adopting and deploying payment strategies across management systems and furthering the adoption of alternative payments. As the founder of a Participating Organization that has been with the PCI Council since its’ inception, he is a tireless advocate for improving merchant security for all private information. Mr. Heroux is the inventor of the PCI ToolKit, the only online PCI tool to be granted a U.S. patent.


Lauren Holloway
Director of Standards Coordination, PCI Security Standards Council

Ms. Holloway’s role includes coordinating PCI SSC’s efforts for the Small Merchant Business Task Force as well as working closely with the various PCI teams to drive consistency and alignment across the standards and supporting programs. She joined PCI SSC in 2010 as the Director of Data Security Standards. Prior to joining the Council, Ms. Holloway led and coordinated Visa’s efforts for PCI DSS and PA-DSS and related programs for several years. Ms. Holloway’s extensive information security and audit background includes managing information security at an internet payment gateway, consulting with a Big 4 audit firm, and conducting and managing internal audits for computer systems at a Fortune 500 company. Ms. Holloway holds the CISSP, CISM, and CISA designations.


Stacy Hughes
CITP, CRISC, CGMA, PCI ISA, PCIP, CISM, SVP, IT Governance, Risk and Compliance, Global Payments

Ms. Hughes has worldwide responsibility for the IT and Security compliance functions – external (e.g. PCI, SOX), merchant, and payment. In her current role, Ms. Hughes serves as SVP of IT Governance, Risk and Compliance for Global Payments Inc. (GPN), a leading worldwide provider of payment technology services. Headquartered in Atlanta, Georgia with more than 10,000 employees worldwide, GPN is a member of the S&P 500 with merchants and partners in 30 countries throughout North America, Europe, the Asia-Pacific region and Brazil. Ms. Hughes also represents GPN on the PCI Security Standards Council Board of Advisors.

Jenna Hutt
Retail Technology Specialist, Rocky Mountain Chocolate Factory

Ms. Hutt leverages her extensive industry knowledge of POS credit card integrations and Information Security while working with technology vendors to provide secure, effective technology solutions for RMCF stores. She has developed an education program for RMCF’s small merchants, providing information to RMCF franchisees about PCI DSS standards, developing Card Brand requirements, and cutting edge security solutions. She translates the technical information into actionable tasks that gives the stores the ability to implement security measures in an economical and efficient way. Ms. Hutt is a member of the PCI SSC Small Merchant Business Task Force. She has a Bachelor’s Degree in Computer Science.


Lance J. Johnson
Executive Director, PCI Security Standards Council

Mr. Johnson is responsible for driving and implementing the Council’s strategic direction. For the past five years, he served as the Chief Operating Officer at Sequent Software, Inc. where he led all corporate administration and operations. Prior to Sequent, Johnson spent more than twenty years at Visa Inc., as a senior leader directing Visa’s efforts in global risk management and security, fraud detection and control, and global payment data and device security. As an expert in payment security, Mr. Johnson holds several patents, served in the U.S. Navy, and has a Bachelor’s degree in Business Administration and Management from the University of Central Florida.


Adam Kehler
Senior Consultant, Risk, Security and Privacy, Online Business Systems

Mr. Kehler is a proven leader in Information Security with over 20 years of experience in technology and over 8 years as an expert consultant in Information Privacy and Security. He holds CISSP and Certified Ethical Hacker (CEH) certifications and has conducted hundreds of Security Risk Assessments, Virtual CISO, and Compliance Gap Analyses for State and Healthcare organizations.


Jeremy King
International Director – Europe, PCI Security Standards Council

Mr. King leads the Council’s efforts in increasing adoption and awareness of the PCI security standards internationally. In this role, Mr. King works closely with the Council and representatives of its policy-setting executive committee from American Express, Discover, JCB International, MasterCard, and Visa, Inc. His chief responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SSC managed standards through European markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences, and meetings with key stakeholders. He also serves as a resource for Approved Scanning Vendors (ASVs), Qualified Security Assessors (QSAs), Internal Security Assessors (ISAs), PCI Forensic Investigators (PFIs), and related staff in supporting regional training, certification, and testing programs.


Mauro Lance
Chief Operating Officer, PCI Security Standards Council

Mr. Lance is responsible for the day to day operations, business strategy, investments and growth of the Council. He leads the creation and implementation of programs and world-class processes for certification, assessor quality management and training, critical to the Council’s mission of increasing payment card security globally through adoption of the PCI Security Standards.  Prior to joining the Council, Mr. Lance held leadership positions at the MIT Media Lab and the World Wide Web Consortium, and was a founding director of the Web Foundation. He is a Fulbright Scholar and holds a Master’s degree in Business Administration from Suffolk University, and a Bachelor’s degree in Business Administration from the Pontificia Universidad Católica de Valparaiso. Mr. Lance has lived and worked in Chile, China, France, and the United States.



Troy Leach
CISSP, CISA, Chief Technology Officer, PCI Security Standards Council

Mr. Leach partners with Council representatives, Participating Organizations and industry leaders to develop comprehensive standards and strategies to secure payment card data and its supporting infrastructure.


He is a subject matter expert on payment security and has testified on several occasions before various House and Senate Congressional committees. Mr. Leach also provides guidance and security expertise to a multitude of U.S. and international government entities as well as law enforcement. Mr. Leach serves on several advisory boards such as ANSI X9, Merchant Acquirer Committee and contributes to online communities such as BankInfoSecurity and CSO Online. Mr. Leach is often quoted in cybersecurity news stories and has been quoted by news organizations including the Washington Post and Wall Street Journal.


Jake Marcinko
Standards Manager, PCI Security Standards Council

Mr. Marcinko is responsible for the ongoing development of numerous security standards including the Payment Card Industry Data Security Standard (PCI DSS), the Payment Application Security Standard (PA-DSS) and the Point-to-Point Encryption Standard (P2PE). In addition, Mr. Marcinko works closely with the payment brands, affiliate members, Task Forces and Special Interest Groups (SIGs) to develop new and emerging standards and guidance documents, information supplements, and self-assessment questionnaires. Prior to joining the Council in 2013, he held various leadership positions in IT and Information Security management for the software industry. He has over 15 years of experience leading large, multi-million-dollar design projects in areas such as virtualization, mobile computing, electronic payments, tokenization and compliance. He is also a frequent speaker and contributor on general Information Security and Privacy matters.


John Markh
Standards Manager, Data Security Standards, PCI Security Standards Council

Mr. Markh’s role with PCI SSC includes technical contributions to PCI Security Standards and related efforts, as well as serving as the current chairman of the Maintaining PCI DSS Compliance Special Interest Group. Prior to joining the Council, Mr. Markh was a consultant and a subject matter expert with various companies across Europe, North America and the Middle East, ranging from performing complex hands-on security assessments to managing a diverse security services portfolio while leading a team of highly skilled consultants.


Mr. Markh has over 15 years of experience in information security encompassing compliance, threat and risk management, security assessments, digital forensic, application security and emerging technologies such as Artificial Intelligence, Machine Learning, IoT and Blockchain. He holds an MSc in Computer Security, BSc in Software Engineering and is a Payment Card Industry Professional.


Mark Meissner
Vice President, Public Relations, PCI Security Standards Council

Mr. Meissner works closely with the Council’s leadership team to develop communications strategies that promote the PCI Security Standards and the priority initiatives of the Council globally and with a wide range of stakeholders. Mr. Meissner brings more than two decades of experience in helping Fortune 500 companies, elected officials, trade associations and high-profile individuals navigate a myriad of communications challenges in the global marketplace. Over the years, Mark has worked with many high-profile clients in engaging with major news organizations such as USA Today, The Washington Post, 60 Minutes, The New York Times, The Wall Street Journal, CNN, and The Times of London.


Before joining the PCI Security Standards Council, Meissner was the Founder and President of MJM Strategies, a strategic communications consulting firm.


Meissner began his career in the world of politics working on the staffs of U.S. Senator Evan Bayh (D-IN) and U.S. Representative Tim Roemer (D-IN). Meissner served as Campaign Manager for Representative Roemer’s successful 1994 re-election campaign. Mark was a candidate for U.S. Congress in 2002, finishing second among a crowded field of five better known candidates for Indiana’s 2nd Congressional District.


Meissner teaches as an Adjunct Professor at The George Washington University Graduate School of Political Management (GSPM) where he has served on the faculty for more than a decade. Meissner holds a Master’s Degree from The American University and a Bachelor’s Degree from Indiana University.


Ruston Miles
PCIP, CPP, Chief Strategy & Innovation Officer, Bluefin

As Bluefin’s payment security thought leader and evangelist, Mr. Miles brings 20 years of payment security experience to Bluefin Payment Systems. He founded Bluefin in 2002 and is a PCI Professional (PCIP) and a Certified Payment Professional (CPP) and specializes in PCI-validated Point-to-Point Encryption (P2PE), End-to-End Encryption (E2EE), EMV, PCI-DSS, PA-DSS, NESA, tokenization, POS architecture & implementation, payment gateways, payment switches, ISO’s, embedded payments, secure iFrames and transparent redirection.


Peggy Nolan
PCI ISA, PCIP, CISA, PCI ISA, Principal IT Compliance Analyst, Liberty Mutual Group Inc.

Ms. Nolan is an experienced PCI ISA with over seven years of experience in payment card compliance (PCI) and over 18 years in information security project management. She holds a Master of Arts degree in Computer Information Management and a bachelor’s degree in American History. In addition to her extensive professional experience in information security, she is a best-selling author, certified yoga teacher, and avid traveler.


Christopher Novak
Director, Verizon Threat Research Advisory Center

Mr. Novak is a co-founder and the Director of the Verizon Investigative Response Unit – a division of the Verizon RISK Team. He is an internationally recognized expert in the field of Investigative Response and Computer Forensics. He has been involved with information security for over 15 years. Mr. Novak has assisted corporations, government agencies, and attorneys with all matters involving computer forensics, fraud investigations, and crisis management. He has testified as an expert witness in various matters and before such bodies as the Supreme Court of the State of New York. He has also briefed United States congressional committees such as Senate Banking, House Financial Services, Senate Commerce, House Energy & Commerce, Senate Judiciary, House Homeland Security and Senate Homeland Security & Government Affairs.


Mr. Novak has been an advisor on dozens of high-profile intrusion and data breach investigations around the globe. He works closely with local, state and federal law enforcement agencies as well as joint investigative operations coordinated with foreign law enforcement.


He has also worked in various consulting positions within Verizon; from individually contributing to a larger tactical response team to his current position, where he manages a global team of highly skilled consultants. Each of these teams around the world maintains experts in various fields of study and practice, such as forensic analysis, malware reverse engineering, threat intelligence analysis and threat actor attribution, among others. He specializes in high-level crisis and emergency response matters and is consults with executives from Fortune 500 companies on pre-planning for such situations as well as leading active crisis response matters and liaising with external partners.


Eric O’Neill
Former FBI Counterintelligence Operative, Founder, The Georgetown Group and National Security Strategist, Carbon Black

Mr. O’Neill is an attorney, security consultant and professional public speaker. In 2001, Eric helped capture the most notorious spy in United States history: Robert Hanssen, a 25-year veteran of the FBI. The remarkable true events of his life are the inspiration behind the critically acclaimed dramatic thriller Breach, starring Ryan Philippe as O’Neill. The film is the story of the greatest security breach in US history.


Eric began his career in the FBI as a “Ghost” – an undercover field operative tasked to surveil and monitor foreign, national, and domestic terrorists and spies. During the Hanssen investigation, Eric worked directly undercover with the spy within the FBI’s Information Assurance Division – created to protect all classified FBI intelligence.


Currently, Eric runs The Georgetown Group, a premier investigative and security consultancy out of Washington, DC. Eric is also the National Security Strategist for Carbon Black, the leader in next generation endpoint protection.


A talented motivational speaker who weaves real life experiences into a presentation that is both entertaining and rewarding, Eric O’Neill provides practical insights into real work situations relevant to many industries.


Jason Oxman
CEO, Electronic Transactions Association (ETA)

Since joining in 2012, Mr. Oxman has led ETA and its membership through unprecedented technological transformations, and ETA now represents more than 500 global financial and technology companies. ETA member companies make commerce possible by processing more than $6 trillion in purchases in the U.S. and deploying payments innovation. Before joining ETA, Mr. Oxman was SVP of Industry Affairs of the Consumer Electronics Association, served as general counsel of a technology industry trade association and VP of a Silicon Valley-based technology company. Additionally, he worked at the Federal Communications Commission to develop and implement technology policy.


Joseph Pierini

Mr. Pierini is responsible for the development and execution of the penetration testing programs used for PCI and other privacy laws and regulations at PSC. He was a co-sponsor of the Payment Card Industry Council’s Special Interest Group on Penetration Testing and a lead contributor to the PCI Data Security Standard (PCI DSS) Information Supplement: Penetration Testing Guidance published in March of 2015.

Erik Pols new

Erik Pols
Retail Information Risk Manager, Royal Dutch Shell Ltd.

Mr. Pols has a strong background in information risk, with over 25 years of experience in Information Security and Audit. He leads the Retail Customer and Payment Security Program to further improve Royal Dutch Shell’s PCI compliance and to embed sustainable processes to maintain compliance levels. Mr. Pols is an experienced PCI ISA and works to manage a risk-based approach to PCI compliance to help support the business and make informed decisions on compliance, risks and risk acceptance.


Ralph Spencer Poore
Director, Emerging Standards, PCI Security Standards Council

PCIP, CFE, CISA, CISSP, CHS-III, Director, Emerging Standards, PCI Security Standards Council
Mr. Poore has over 35 years of information security experience, including more than 20 years of applied cryptography. He has written extensively on information security and cryptography and his work is cited in academic papers, national standards, professional journals, and books. He came to PCI SSC from a small business that was a QSAC, where he was a QSA. In various capacities, he has designed and led teams of developers in cryptographic system projects, resulting in patents of systems based on cryptography. He is also a long-time member of International Association for Cryptologic Research (IACR). Mr. Poore has also supported classified government projects and assisted in the development of cryptanalytic tools. He has extensive experience in financial services industry and in the development of national and international standards. He is an ISSA Distinguished Fellow, an ACM Senior Member, and he has received numerous awards for his professional work. Mr. Poore holds the following certifications: PCIP, CFE, CISA, CISSP, CHS-III.


Ben Rafferty
Global Solutions Director, Semafone

Mr. Rafferty heads up product innovation, new product development, and new markets and technologies at Semafone to facilitate customer compliance programmes. Previously at Semafone, Mr. Rafferty was responsible for the smooth deployment of Semafone’s award winning solutions, the overall management of the company’s carrier cloud and cloud offering as well as gaining and maintaining Semafone’s own PCI DSS compliant status and associated Service Provider Listings.


Mr. Rafferty has over 15 years of experience delivering telephony-based CNP Payment Solutions, through a variety of technologies such as DTMF Masking, Speech Recognition and IVR, for both CPE and hosted platforms. Throughout his career, he has successfully delivered programmes for a wide variety of organisations including large multi-national corporations such as SAP, Deloitte, Interflora and Odeon, as well as local and central government, Parliament, the NHS and all “Blue Light” services in the UK. He also works with multiple QSA’s, PSP’s and has delivered PCI compliant operating solutions to carriers including BT, TalkTalk, Gamma in the UK, and Genesys and Rogers in North America.


Nancy Rodriguez
Senior Vice President & Head of PCI Governance & Compliance, Wells Fargo

Ms. Rodriguez is an expert in information security, specializing in Payment Card Industry Data Security Standard compliance. She has 30+ years of operations, technology, and information security experience, and is a recognized leader in her field, as demonstrated by her publications, formal industry certifications, and many speaking engagements. Part of Wells Fargo’s Technology Risk Management Oversight team within Corporate Risk, she is responsible for building and maintaining an independent consolidated view of Wells Fargo’s Payment Card Industry risk profile. By establishing and operationalizing a PCI governance approach, Ms. Rodriguez enables the oversight, approval, and escalation of PCI risk and related issues for decision-making at, and information reporting to, the appropriate levels of the company. She represents Wells Fargo on the PCI SSC BoA, which develops the PCI DSS and relevant ancillary documents.


Rohit Sethi
Chief Operating Officer, Security Compass

Mr. Sethi is responsible for setting and achieving corporate objectives, company alignment and driving strategy to execution. Previous to this role, he managed the SD Elements team. Mr. Sethi specializes in building security into software and has worked with several large companies in various industries throughout his career. He has appeared as a security expert on television outlets as such as Bloomberg, CNBC, FoxNews and several others. He has also spoken at numerous industry conferences and/or written articles that have been published on major websites such as CNN.com, the Huffington Post and InfoQ.


Rodolphe Simonetti
Managing Director, Security Consulting, Verizon

With over 18 years of IT and Security experience, Mr. Simonetti has served in positions of varying levels of responsibility, including Security Engineer to Security Manager for Managed Security Services, Chief Information Security Officer, Security Consultant, Manager and now Managing Director of a business unit within Verizon. After 15 years in Europe, then 4 years at Verizon’s Headquarters in NJ, he is now based in Houston, TX where he currently leads a team of 200 resources spread across 20 countries. He coordinates all security assurance services from simple assessments to complex programs within a global environment.


Jeff Skiles
Co-Pilot of U.S. Airways Flight 1549, “The Miracle on the Hudson”

“No terrible thoughts went through my head, none at all. I didn’t worry that I might not live through this—and no pilot would. Unless the situation is completely out of your control, there’s always something you can do.”


On a bright, 20-degree afternoon in January, US Airways Flight 1549 accelerated down New York La Guardia Airport’s main runway, loaded with 155 passengers and crew, headed skywards for Charlotte, NC. Everything was normal until First Officer Jeff Skiles spotted a formation of Canada geese almost directly ahead. In a matter of seconds, he heard numerous thunks as the birds impacted the aircraft. Both engines immediately failed. Captain Chesley Sullenberger took over flying the plane and lowered the nose down to retain airspeed. Within seconds, the pilots made the decision that returning to LaGuardia was simply not possible—they’d have to fly over densely populated areas and there was no guarantee that they’d make it. Surrounded by nothing but skyscrapers and neighborhoods, they decided to head to the only open, flat space available—the Hudson River. Jeff Skiles details the lessons, training, and scenarios that led to the “Miracle on the Hudson” and what businesses can take away from it with a great sense of humor and natural storytelling ability.


Adapt, React, and Don’t Fear a Change of Course. The son of two pilots, Skiles started flying at the age of 16 and has logged over 21,000 hours in the sky. Skiles has spent the last 30 years as a US Airways pilot and his lifetime of experiences contributed to the astounding outcome. The perfect landing was not a fluke; it was the result of intense training, preparation, and the lessons learned from other pilots’ successes and failures.


Skiles believes that life changes all around you, and if you can’t adapt and change with it, you can’t succeed. He attributes the success of the emergency landing on the Hudson to the extensive training that all members of a flight crew experience. From the mechanics and the maintenance workers to the people who write the emergency protocols and the flight attendants, he believes that every level of the US Airways organization is responsible for the outcome on January 15, 2009. While he and Captain Sullenberger piloted the plane to a safe landing, the success was a group effort representing the contributions of an entire organization.


Steve Stevens
Executive Director, ASC X9

Mr. Stevens is responsible for the operations of X9. Prior to his role as Executive Director, Mr. Stevens was on the X9 Board of Directors for 16 years, was chair of the X9 Policy and Procedures Committee, served as interim chair of the X9A subcommittee for two years and served on the X9 Executive Committee. Mr. Stevens also served on the Board of Directors for the Microelectronics and Computer Technology Corporation (MCC) in Austin, TX. X9 is accredited by the American National Standards Institute (“ANSI”) to develop standards for the financial services industry for use in the United States and through ISO TC68 for international use.


Kevin Stine
Chief of the Applied Cybersecurity Division, National Institute of Standards and Technology’s Information Technology Laboratory (NIST)

Mr. Stine leads NIST collaborations with industry, academia, and government on the practical implementation of cybersecurity and privacy through outreach and effective application of standards and best practices. The Applied Cybersecurity Division develops cybersecurity and privacy guidelines, tools, and reference architectures in diverse areas such as public safety communications; health information technology; smart grid, cyber physical, and industrial control systems; and programs focused on outreach to small businesses and federal agencies. The Division is home to several priority national programs including the Cybersecurity Framework, the National Cybersecurity Center of Excellence, Identity and Access Management, and the National Initiative for Cybersecurity Education.


Emma Sutcliffe
Senior Director, Data Security Standards, PCI Security Standards Council

Ms. Sutcliffe oversees a number of PCI security standards, including the PCI DSS and PA-DSS. Ms. Sutcliffe chairs PCI SSC’s Technical Working Group (TWG) and the Tokenization Working Group, where she works closely with the Payment Brands and Affiliate members to develop standards, supporting documentation, and guidance papers. Ms. Sutcliffe has over 15 years’ information security experience and is a current CISSP, CISM, and CISA.


Elizabeth Terry
Advanced Research Manager, PCI Security Standards Council

Ms. Terry has over 20 years’ experience in the payment card industry including over 15 years managing enterprise projects encompassing PCI Compliance, security, system design, implementation, and replacement and most recently standards development initiatives at PCI SSC. Her responsibilities for the Council include research and development of new standards or updates to existing standards to address market changes as well as liaising with other regulatory bodies, vendors, labs and academia. Elizabeth is also the chair for both the Mobile Working Group and Mobile Task Force. Ms. Terry holds a Master’s in Business Administration and a Bachelor’s in Computer Science and is a current PMP, CISSP, CBSA and PCIP.


Michael Thompson
Senior Manager, Emerging Standards, PCI Security Standards Council

Mr. Thompson’s role includes technical contributions to PCI standards and related efforts, as well as serving as chairman of the Point-to-Point Encryption working group for PCI SSC. Prior to joining the Council, Mr. Thompson spent 10 years involved in security-sensitive and safety-critical engineering roles. Mr. Thompson holds the ISC2 CISSP, ISSAP, ISSMP, and CSSLP designations, as well as being listed on 5 U.S. patents from previous collaborations.


Ralph Villanueva
IT Security and Compliance Analyst, Diamond Resorts International

Mr. Villanueva has been keeping his employers compliant with IT compliance requirements across numerous and diverse regulations for over ten years. He earned numerous certifications such as the Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), IT Infrastructure Library (ITIL), Payment Card Industry – Internal Security Assessor (PCI-ISA) and Payment Card Industry Professional (PCIP) and has spoken at over 20 national and international conferences since 2010.


Phyllis Woodruff
VP, Enterprise Cybersecurity Programs, Fiserv

Ms. Woodruff is a long-time leader in financial services and has more than 12,000 clients in 80 countries. To help ensure the security of those clients, she and her team manage the ongoing compliance for more than 40 level 1 service provider ROCs. In addition to PCI, Ms. Woodruff is responsible for privilege access management, implementation of security tools, and cyber reporting to executive management.