Lucas Allen, Managing Director/CEO, LiquidNexxus Limited

Mr. Allen has been actively engaged with the ICT, security and payments industries for over 12 years in a variety of roles. His role as Managing Director involves strategic direction and management of LiquidNexxus (LNX). LNX is a global leader in payment systems, security, and risk training. LNX recently became the first (and currently ONLY) Payment Card Industry Global Training Network (PGTN) Provider, authorised by the PCI SSC to organise and deliver PCI Internal Security Assessor, PCI Professional and PCI Awareness Training in selected locations in EMEA. He has conducted, delivered and organised training courses and seminars on five continents to over 9,000 delegates. Mr. Allen has written or edited training material covering a wide scope of payment systems and security topics, including PSD2, PCI DSS, Application Security, Mobile Payments, GRC, ISMS, BIA, CISSP, ATM Security Training, and ATM Security Auditor, amongst others. His professional qualifications include Internal Security Assessor and ATM Security Specialist. He holds a BSc in Computing with Business Management and is currently reading for his MBA.


Andrew Barratt, Managing Director, Europe, Coalfire Systems

Mr. Barratt has been a lead consultant for the delivery of Information Security risk assessments, IT Audit, due diligence, certification services and PCI DSS compliance across Europe, with international experience spanning the Middle East and United States. Mr. Barratt has successfully managed geographically diverse teams of consultants to deliver complex information security, audit, due diligence and compliance services and maintains a “hands on” involvement. Having been actively involved with a number of multinational engagements Mr. Barratt’s sector experience has been in Oil and Gas, Insurance, Financial Services, Retail and payment processing. Having a background in IT infrastructure, software development and service management. Andrew is able to offer technical advice that is of value to those responsible for managing technology whilst translating assurance requirements to senior technical management and engaging with senior stakeholders. Mr. Barratt and has spoken at security conferences on topics such as breach disclosure policies, cyber risk management as well as to private audiences at Lloyds of London, ISACA and at the UK Payments Association.

Casper Berry

Caspar Berry, Poker Player, Trainer, Speaker

Mr. Berry is the poker expert on several television shows, including Poker Night Live, voted the UK’s best poker show, and the Emmy award nominated Sky Poker, the country’s premier nightly poker show. He can also be seen on Sky Sports and is the poker strategy writer for Flush magazine. His most recent film credit was as the poker adviser on the latest James Bond movie, Casino Royale. In his speeches, Mr. Berry gives the corporate world a greater understanding of their decision-making process. He shows people that all decisions are investment decisions. Investments of time, money, status, energy, comfort and security made with the intention of getting some kind of long term return. He tries to give people a better understanding of what “risk” is and how it is calculated in its essential form. This calibrated mathematical language allows people to understand, view and critically evaluate their decisions (and those of others) in a new way. He gives an understanding of the psychology of decision making and the cause of risk aversion among humans: i.e. why we are reluctant to embrace short term failures for long term gain. His final objective is to give participants an original and empowering method for using their own natural risk aversion as a motivational tool that can be used to achieve better long term results. And all of this is done using poker as a fun and engaging but completely relevant metaphor throughout.


Mark Bloom, Director Product Marketing, Compliance and Security, Sumo Logic

Mr. Bloom has over 15 years of sales, marketing and business development experience in a variety of financial service and high-technology markets. In the course of his experience, Mr. Bloom has helped F100 organizations develop technology infrastructures, build global strategies and execute sales and marketing programs with strategic partners. Past clients/employers have included Ford, Motorola, United Technologies, Cisco, Chrysler, SonicWALL/Dell, Trend Micro and Compuware. Mr. Bloom holds a Bachelor of Commerce degree in Management Information Systems and an MBA in International Business. He currently works for Sumo Logic, as Director Product Marketing, Compliance and Security.


Gareth Bowker, Director of Training Programs, PCI Security Standards Council

Mr. Bowker joined PCI SSC in April 2012, bringing 15 years of experience from the information security field. He initially started as a software developer and soon specialized in secure web application development processes. This led to him joining a PCI ASV company in 2005 where he worked as a penetration tester and consultant, becoming a QSA in 2006, followed by a PA-QSA in 2008. Mr. Bowker has worked with many large financial institutions and merchants on projects around PCI DSS, risk management, data loss prevention as well as conducting forensic and breach investigations. Mr. Bowker is a CISSP and holds a B.Sc. degree.


Claude Brun, Managing Director, Crédit Mutuel-CIC Group

Mr. Brun is Managing Director at the Banque Européenne/Crédit Mutuel-CIC Group. In his role, Mr. Brun is responsible for the Group’s means of payment activities, including strategy and product management. He participates in the governance of the following organisations: SOFEMO, FIVORY, STET, SEPAMAIL, EPAC (European Payments Advisory Committee) of MasterCard Europe, FBF (Fédération Bancaire Française), and NEXO. He is also Chairman of the Cards Working Group and Co-Chair of the Cards Stakeholders Group of the EPC (European Payments Council). Mr. Brun is a specialist in the cards and payments business. He joined Crédit Mutuel-CIC Group from IBM, after working as a research scientist in nuclear physics and chemistry at the Centre National de la Recherche Scientifique (CNRS) in France.


Brandy Cumberland, Director of Assessor Quality Management (AQM) Programs, PCI Security Standards Council

Ms. Cumberland joined the Council in July 2011 and leads the administration and ongoing operations of the quality management components to support the PCI SSC’s Programs, most notably the Qualified Security Assessor (QSA), Payment Application Qualified Security Assessor (PA-QSA), and Point-to-Point Encryption (PCI P2PE) Programs. Prior to her work with the AQM team, Ms. Cumberland has held positions in quality assurance in the payment security industry, public education, management and retail banking. Ms. Cumberland is a graduate of the University of Houston and holds the CISSP designation.


Tom Evans, CSO, Cognia Cloud

Mr. Evans has been an information assurance consultant for 11 years and has undertaken a wide range of projects, including technical engagements, business analysis tasks, interim information security management and compliance assessments. Mr. Evans holds a BSc in International Management and French and chose to specialize in programming and systems architecture. He is an ISO 27001 lead auditor and GIAC Certified Incident Handler (GCIH). Mr. Evans previously was a core investigator in the PCI Forensic Investigator (PFI) program, and a PCI DSS QSA.


Leon Fell, Director of Device Standards, PCI Security Standards Council

Mr. Fell is the chairperson of the Council’s PIN Transaction Security (PTS) Working Group. The PTS Working Group is responsible for the management of the security requirements, testing process and approvals for two types of devices – Point of Interaction (POI) and Hardware Security Modules (HSMs). In addition, the group is responsible for the management of PIN Security Requirements, which include processes implemented for the management of cryptographic keys and equipment in connection with the acquisition of PIN based transactions. Mr. Fell also chairs the Card Production Working Group which manages the physical and logical security requirements associated with the production of payment cards. Mr. Fell has over 20 years of information security experience in the payment and energy industries, as well as separate consulting engagements. He is a Certified Public Accountant, Certified Management Accountant, Certified Internal Auditor, Certified Information Systems Auditor and Certified Information Technology Professional.


John Fitzsimmons, VP of Public Relations, PCI Security Standards Council

In this role, Mr. Fitzsimmons is responsible for growth of the Council, building global awareness of the PCI SSC brand and increasing adoption of PCI Data Security Standards. Mr. Fitzsimmons’ prior responsibilities include executive marketing and communications roles with technology companies in security, cloud and mobile industries. His experience includes work in Canada, China, Europe, Israel, India, Japan and China. Mr. Fitzsimmons’ has served as mentor, speaker and competition judge for entrepreneurial groups including MassChallenge and Northeastern University. He also served as an advisor to AccelerateMichigan, a global business competition attracting entrepreneurs and start-ups to Michigan.


Dan Fritsche, Vice President, Solution Architecture, Coalfire

Mr. Fritsche has more than 16 years’ experience in application and network security architecture. As the Vice President of Solution Architecture at Coalfire, his team is responsible for translating requirements created by IT risk and compliance mandates into business-centric cyber solutions strategies. He has a track record demonstrating emerging technology solutions and architecture with company alignment to improve both business bottom line and security posture. Prior to joining Coalfire, Mr. Fritsche spent 10 years with IBM as a security analyst, developer and business intelligence. His experience covers a broad spectrum of security disciplines including payment security, vulnerability scanning, application security, penetration testing, mobile security, software development, encryption, compliance, anti-virus, and IDS/IPS.


Lorenzo Gaston, Technical Director, Smart Payment Association (SPA)

Mr. Gaston is the Technical Director of Smart Payment Association (SPA). Mr. Gaston’s primary role is to assist in the coordination and alignment of technical activities for the organisation, to contribute technical expertise, innovation capability and field experience in the area of payment technology in standardisation bodies. Mr. Gaston has an extensive experience and track record in international standard organizations and regulatory bodies, as a renowned contributor as well as a recognized advisor, in particular in the domains related to smart devices, payment and security.


Chris Goldhawk, Sales Manager, SureCloud

Mr. Goldhawk joined SureCloud in July 2013 as Sales Manager responsible for UK Sales and Channel Partners in both the UK and North America. As well as growing the sales team, Mr. Goldhawk is tasked with the management of current SureCloud clients and customer acquisitions including contracts negotiation. Since 2007 Mr. Goldhawk has had extensive experience within the Security Risk and Compliance space having held roles with Tripwire, a large US File Integrity Monitoring and Log Management Software vendor and more recently with Blackfoot UK Ltd, an information security specialist and QSA, where his focus was ISO and PCI Security and compliance projects. With a wealth of experience advising and helping global household named (Tier 1-2) merchants as well as SME (Tier 3-4) merchants meet and maintain PCI DSS Compliance, Mr. Goldhawk is all too aware of the challenges that come with an ever evolving standard.


Mathieu Gorge, CEO, VigiTrust

Mr. Gorge is the CEO and founder of VigiTrust (2003) and an established authority on IT security and risk management with more than 15 years of international experience. Thanks to his international reputation and, building on the success of the 5 Pillars of Security Framework™, which he created, Mr. Gorge is in high demand as a speaker at international security conferences such as RSA, ENISA and ISACA. He is a well-respected figure in the security industry in EMEA and North America. His specialty areas include PCI DSS, HIPAA and ISO 27001, and he works closely with the PCI Security Standards Council (U.S. and EU) as well as ANSI (U.S.). Since 2006, Mr. Gorge has been a Councillor for the Ireland France Chamber of Commerce, and he has also recently taken on the role of Information Security Officer. He is also the Chairman of Infosecurity Ireland and an Official Reviewer for ANSI (one of the few Europeans!).


John Greenwood, Contact centre PCI DSS Director, Compliance 3

During 25 years’ direct marketing experience, of which 20 years were within the contact centre outsourcing industry, John has delivered high profile contact centre solutions for leading brands including Camelot, Barclays Bank, J Sainsbury, American Express, BUPA, RBS, British Airways, Microsoft and Sony. Mr. Greenwood advises UK government on the national call centre skills agenda and competitiveness in international markets. Last but not least, John competes nationally and internationally in an Olympic sailing class.


Stacy Hughes, VP, IT Governance, Risk and Compliance, Global Payments

Ms. Hughes, CPA, CITP, CRISC, CGMA, PCI ISA, PCIP, C|CISO, CISM, serves as Vice President — IT Governance, Risk and Compliance for Global Payments Inc. (NYSE:GPN), one of the largest worldwide providers of payment solutions. Global Payments is a Fortune 1000 company with more than 4,300 employees operating in 29 countries. In this role, Ms. Hughes has worldwide responsibility for the Information Technology and Security Policy Program, compliance functions (PCI-DSS, SSAE 16 and SOX), and customer security assurance functions at Global Payments. Prior to joining Global Payments in June 2003, Ms. Hughes worked in the Corporate Audit department at First Data.


Phil Jones, Payment Security Strategy Manager, Barclaycard

Mr. Jones has over 20 years’ experience in financial and consultancy services in business and IT roles. He is currently Head of Payment Security at Barclaycard where he is responsible for security compliance and risk management of circa 100K customers and third parties. He is also responsible for liaising with key payment industry stakeholders (Visa Europe, MasterCard, Payment Card Industry Security Standards Council, The UK Cards Association etc.) about specific merchant and payment industry PCI DSS issues. He is an elected representative on the PCI SSC Board of Advisors since 2009 and the Barclaycard representative at The UK Cards Association Acquirer Processor POI Acceptance Group.

Jeremy King

Jeremy King, International Director, PCI Security Standards Council

Mr. King leads the Council’s efforts in increasing adoption and awareness of the PCI security standards internationally. In this role, Mr. King works closely with the Council’s General Manager and representatives of its policy-setting executive committee from American Express, Discover, JCB International, MasterCard, and Visa, Inc. His chief responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SSC managed standards through all international markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences, and meetings with key stakeholders. He also serves as a resource for Approved Scanning Vendors (ASVs), Qualified Security Assessors (QSAs), Internal Security Assessors (ISAs), PCI Forensic Investigators (PFIs), and related staff in supporting regional training, certification, and testing programs.


Mauro Lance, Chief Operating Officer, PCI Security Standards Council

Mr. Lance is responsible for the day to day operations, business strategy, investments and growth of the Council. He leads the creation and implementation of programs and world-class processes for certification, assessor quality management and training, critical to the Council’s mission of increasing payment card security globally through adoption of the PCI Security Standards. Most recently, Mr. Lance held leadership positions at the MIT Media Lab and the World Wide Web Consortium, and was a founding director of the Web Foundation. He is a Fulbright Scholar and holds a Master’s degree in Business Administration from Suffolk University, and a Bachelor’s degree in Business Administration from the Pontificia Universidad Católica de Valparaiso. Mr. Lance has lived and worked in Chile, China, France, and the United States.


Troy Leach, Chief Technology Officer, PCI Security Standards Council

Mr. Leach partners with Council representatives, Participating Organizations and industry leaders to develop comprehensive standards and strategies to secure payment card data and the supporting infrastructure. He is a congressional subject matter expert on payment security and the current chairman of the Council’s Standards Committee. Prior to joining the PCI Council, Mr. Leach has held various positions in IT management, software development, systems administration, network engineering, security assessment, forensic analytics and incident response for data compromise. Mr. Leach holds a Master of Science in Telecommunications & Network Management as well as a graduate degree in Information Security Management from Syracuse University. Mr. Leach holds CISSP, CISA certifications.


Jake Marcinko, Standards Manager, PCI Security Standards Council

Mr. Marcinko is responsible for the ongoing development of the security standards including the Payment Card Industry Data Security Standard (PCI DSS), the Payment Application Security Standard (PA-DSS) and the Point-to-Point Encryption Standard (P2PE). In addition, Mr. Marcinko works closely with the payment brands, affiliate members, Task Forces and Special Interest Groups (SIGs) to develop new and emerging standards and guidance documents, information supplements, and self-assessment questionnaires. Prior to joining the Council in 2013, Mr. Marcinko held various leadership positions in IT and Information Security management for the software industry, and has over 15 years of experience leading large, multi-million dollar design projects in areas such as virtualization, mobile computing, electronic payments, tokenization and compliance. Mr. Marcinko is also a frequent speaker and contributor on general Information Security and Privacy matters.


Susanne Møller-Hansen, Security Management Consultant, nSense Oy / F-Secure

Ms. Møller-Hansen, QSA, CISSP, CISA, CEH, has an MSc. in computer science from the University of Copenhagen, Denmark. She has been following PCI from the beginning, first as a part time PCI compliance assistant, and later as an internal IT auditor and PCI compliance manager at Nets and Teller in Denmark, where she managed PCI compliance of Nets and Teller customers and internally. She wanted to see the other side of PCI and has been a QSA at nSense for two years, mainly performing PCI DSS assessments, PCI-related consulting and other types of IT-related audits. She possesses extensive experience with PCI DSS, from the assessment, business and customer angles, while understanding the different problems that exist in the different areas and how to solve the problems that arise.


Ken Munro, Partner and Founder, Pen Test Partners LLP

Mr. Munro is Partner and Founder of Pen Test Partners LLP, a firm of experienced penetration testers, otherwise known as ethical hackers, all of whom have a stake in the business. He regularly blogs on everything from honeypots to hacking cars and is a familiar face on the speaker circuit, sharing candid and sometimes controversial views on all aspects of computer security. Mr. Munro has worked in the field of information security for over 15 years.


Nick Murison, Managing Consultant, Cigital

Mr. Murison has over 10 years of experience in a variety of roles, including software development, project management and security consulting. His previous experience includes working as a QSA and also performing gap analyses, scans, penetration tests and training for customers seeking PCI compliance. As a Managing Consultant at Cigital, his work includes creating and shaping software security initiatives in large multi-national organisations as well as overseeing the successful delivery of penetration testing, secure code review, threat modelling and other software security services. He is also in charge of developing and growing the BSIMM community in Europe.

John Nance

John Nance, Aviation Expert, Analyst, Author & Consultant

One of the key thought leaders to emerge in American Healthcare in the past decade, Mr. Nance brings a rich and varied professional background to the task of helping doctors, administrators, boards, and front-line staff alike survive and prosper during the most profoundly challenging upheaval in the history of modern medicine. Having helped pioneer the Renaissance in patient safety as one of the founders of the National Patient Safety Foundation in 1997, his efforts (and healthcare publications) are dedicated to reforming American Healthcare from a reactive cottage industry to an effective and safe system of prevention and wellness.  A lawyer, Air Force and airline pilot, prolific internationally-published author, national broadcaster, and renown professional speaker, John’s leadership is propelled by a deep commitment.


As a native Texan, Mr. Nance grew up in Dallas where he earned his Bachelor’s Degree and a Juris Doctor Degree from SMU, and is still a licensed Texas attorney.  Named Distinguished Alumni of SMU for 2002, and distinguish Alumni for Public Service of the SMU Dedman School of Law in 2010, he is also a decorated Air Force pilot veteran of Vietnam and Operations Desert Storm/Desert Shield and a Lt. Colonel in the USAF Reserve, well known for his pioneering development of Air Force human factors flight safety education, and one of the civilian pioneers of Crew Resource Management (CRM).  Mr. Nance has piloted a wide variety of jet aircraft, including most of Boeing’s line and the Air Force C-141, and has logged over 13,900 hours of flight time since earning his first pilot license in 1965, and is still a current pilot.  He was a flight officer for Braniff International Airlines and a Boeing 737 Captain for Alaska Airlines, and is an internationally recognized air safety advocate, best known to North American television audiences as Aviation Analyst for ABC World News and Aviation Editor for Good Morning America.


Before joining ABC, Mr. Nance logged countless appearances on national shows such as Larry King Live, PBS Hour with Jim Lehrer, Oprah, NPR, Nova, the Today Show, and many others.  He is also the nationally-known author of 20 major books, including the acclaimed WHY HOSPITALS SHOULD FLY (2009), and, with co-author Kathleen Bartholomew, CHARTING THE COURSE (2012), plus five non-fiction: (Splash of Colors, Blind Trust, On Shaky Ground, What Goes Up and Golden Boy) and 13 international fiction bestsellers: Final Approach, Scorpion Strike; Phoenix Rising); Pandora’s Clock; Medusa’s Child; The Last Hostage; Blackout; Fire Flight; Saving Cascadia; and Orbit.  Pandora’s Clock and Medusa’s Child both aired as major, successful two-part mini-series on television.  (WHY HOSPITALS SHOULD FLY won the prestigious “Book of the Year” award for 2009 from the American College of Healthcare Executives).


Mr. Nance has become one of America’s most dynamic and effective professional speakers, presenting riveting, pivotal programs on success and safety in human organizations to a wide variety of audiences, including business corporations and healthcare professionals.  Together with fellow author Kathleen Bartholomew (Charting the Course and Ending Nurse-to-Nurse Hostility – Why Nurses Eat their Young and Each Other),  the two of them are highly sought after for their watershed presentations to boards, senior leaders, physicians, nurses, and staff on Quality and Patient Safety.  He is a pioneering and well-known advocate of using the lessons from the recent revolution in aviation safety to equally revolutionize the patient safety performance of hospitals, doctors, nurses, and all of healthcare.


Sarah Nicholson, Head of Security Policy & Compliance, British Telecommunications

Ms. Nicolson is responsible for Security Policy, Risk & Compliance within BT, focusing on IT security processes and programmes. She has nearly 20 years of experience within the IT Security arena, with the past three years concentrating on PCI compliance for IT platforms for BT Group.


Stephen W. Orfei, General Manager, PCI Security Standards Council

As General Manager Mr. Orfei leads the Council in its mission to increase payment data security globally through development and delivery of Standards, Best Practices, Market Guidance, Alerts, vetted solutions and training services for merchants, QSAs, banks, and key stakeholders across the global payment eco-system. Orfei is a recognized industry expert in global payment platforms, e-commerce, mobile payments, transit and cybersecurity. As a former Product Officer, with frontline experience defending High-Value Targets from cyber-attack, Mr. Orfei understands the perspectives of PCI SSC stakeholders across the payment industry. He brings to his role as General Manager more than 20 years of experience developing and delivering complex global payment solutions.

A holder of several payments industry patents and awards, Orfei’s career includes senior posts at MCI International, a global telecommunications corporation, where he served for 13 years as Director of International Marketing. Mr. Orfei also served for 14 years as Senior Vice President, Emerging Payment Platforms, at MasterCard Worldwide, a global payments & technology company. In addition, he has worked as a cyber security consultant with security assessment organizations. Prior to his corporate experience, Mr. Orfei served in the United States Marine Corps. Orfei joined the Council in July 2014


Delia Pedersoli, International Business, IPS

Ms. Pedersoli has several years of experience in the payment industry, developing from her experience in large retailers across Europe, facing the challenges of cross border solutions versus local monopoly payment solutions. She is consulting for a number of payment organisations that are keen to expand their payment business internationally, as well as helping retailers to re-engineer their payment process gaining substantial cost saving whilst increasing customer’s value. Prior to entering the payments industry, Ms. Pedersoli spent 11 years working in IT blue chip companies as international sales developer. She holds an International MBA from Henley Management School in UK.


Jürgen Petri, Senior Product Manager PCI, Lufthansa Systems

Mr. Petri graduated in business administration and computer science from the Technical University of Darmstadt, Germany. He worked on several projects within the Lufthansa group (strategy, distribution, controlling, sales, cargo, IT, ground-handling) and represented Lufthansa in airline and airport industry bodies. Later Mr. Petri was appointed to set up a product line of integrated IT solutions for airlines, airports and ground handlers. He became responsible for strategy in 2000 and started to develop innovative business concepts in the passenger and sales services segment. Since the rise of the PCI DSS, Mr. Petri has focused on how to integrate this standard smoothly into merchant IT environments. He and his team are responsible for the PCI Compliance Engine — a tokenization solution to shield merchants’ IT globally and take them out of scope of the PCI DSS. Mr. Petri also served in the past as a member of the Board of Advisors of the PCI Standards Security Council.


Cam Ross, Director of Payments Strategy, Eckoh UK Limited

Mr. Ross co-founded Veritape (acquired by Eckoh in 2013), to provide secure call recording solutions to businesses internationally. Cameron coded core elements of Veritape’s call recording platform, now deployed widely on call centre desktops around the globe. Over the course of a decade, as Managing Director, Mr. Ross was responsible for building Veritape’s position in the highly-competitive call recording market. After identifying PCI DSS compliance as a growth area, Mr. Ross helped invent Veritape’s patented CallGuard technology. CallGuard allows companies to remove sensitive card data from any existing call recording system. Sales of CallGuard, led by Mr. Ross’ teams, propelled Veritape’s significant growth, ultimately resulting in its sale to Eckoh in 2013. Mr. Ross now helps drive Eckoh’s preeminent position of PCI DSS expertise in the contact centre field.


Jim Seaman, Senior Security Consultant, Nettitude Group

Mr. Seaman has built a career within the security industry that spans nearly 26 years. Most recently he has been engaged in challenging projects and assignments across various industry sectors including financial services, retail, oil and gas, UK government, travel, insurance, e-commerce and telecommunications. Mr. Seaman is a speaker at industry events and has authored several articles on IT security topics. In addition to this, he is an active member of various industry working groups for ISACA Guidance & Practices Committee, IISP, while maintaining professional accreditations – and actively pursuing further accreditations – with CESG, IISP, ISACA and the PCI SSC. He started his career in the Royal Air Force Police, where he worked for more than 22 years. His responsibilities ranged through physical security duties, counter terrorism, security intelligence and, since 2002, he has specialised in the field of information security and cybersecurity related duties.


Kevin Simmonds, Director, PricewaterhouseCoopers

Mr. Simmonds is a Director in PwC’s IT Cybersecurity & Privacy practice based in Atlanta, Georgia. He has over 11 years of experience assisting companies with developing information security programs that are aligned with the business, developing a sustainable PCI security program, performing technical network and application assessments (e.g., penetration testing), and responding to cyber-attacks/breaches. Mr. Simmonds has been an advisor for numerous clients in the financial services, retail & consumer (R&C), healthcare, and technology industries, providing strategic guidance to solve complex business and technology issues.


Emma Sutcliffe, Director, Data Security Standards, PCI Security Standards Council

As Director of Data Security Standards, Ms. Sutcliffe oversees a number of PCI security standards, including the PCI DSS and PA-DSS. Ms. Sutcliffe chairs PCI SSC’s Technical Working Group (TWG) and the Tokenization Working Group, where she works closely with the Payment Brands and Affiliate members to develop standards, supporting documentation, and guidance papers. Ms. Sutcliffe has over 15 years’ information security experience and is a current CISSP, CISM, and CISA.


Michael Thompson, Standards Manager, PCI Security Standards Council

Mr. Thompson is a Standards Manager, where his role includes technical contributions to PCI standards and related efforts. Mr. Thompson’s role includes technical contributions to PCI Standards and related efforts as well as chairing the PCI SSC Shared Responsibility special interest group. Prior to joining the Council, Mr. Thompson has spent the last 10 years involved in security-sensitive and safety-critical engineering roles. Mr. Thompson holds the CISSP, ISSAP, and ISSMP designations, as well as being listed on 4 U.S. patents from previous collaborations.


Kai Trippner, PCI Manager, Lufthansa Global Business Services GmbH

Trippner is responsible for the PCI Compliance of Lufthansa Global Business Services GmbH (LGBS). LGBS is a global shared service center offering its services to the aviation industry. Since 2008 Mr. Trippner is active in the area of PCI. He was mainly involved in getting the former Lufthansa Revenue Services GmbH PCI compliant as one of the two companies of Lufthansa group who got first PCI compliant in parallel in 2009.

Ciske van Oosten

Ciske van Oosten, Global Intelligence Manager, Verizon PCI Security Practice

An experienced security professional, Mr. van Oosten is dedicated to advancing the effective protection of sensitive data within the payment card industry. During his 22 year business career, he has held executive management positions in large and medium-sized organizations – including Chief Operations Officer, Chief Security Officer, and Professional Services Director. His introduction to payment card security started as a law enforcement officer investigating organized crime and payment card fraud in the mid 1990’s. From 2001 to 2004 (prior to the formation of the PCI Security Standards Council) he assisted several major card brands with the development of their cardholder data compliance programs, and established and directed the first independent Qualified Security Assessor (QSA) company, conducting compliance validation assessments worldwide. He has since served as practice leader at several leading QSA organizations, and during this time, delivered or directed more than two thousand five hundred PCI Security compliance projects for service providers and merchants across diverse range of industries.


Gill Woodcock, Director of Certification Programs, PCI Security Standards Council

Ms. Woodcock is Director of Certification Programs for the PCI Security Standards Council. Her role encompasses operational management of the Council’s existing programs (including QSA, PA-QSA, ISA, ASV, PFI, PCIP and QIR) as well as developing new certifications programs. Ms. Woodcock works closely with the Standards Development, Training and Assessor Quality Management teams within the Council. Ms. Woodcock has been with PCI SSC since February 2010 and has over 20 years of experience in payment cards and information security.


Marie-Christine Vittet, PCI DSS Program Director, AccorHotels

Ms. Vittet is in charge of the PCI DSS Program for AccorHotels (3,600 hotels in 92 countries). In the central working team, her mission is to adapt operational processes to achieve hotels’ PCI DSS compliance. She has spent 20 years in the hospitality industry and she specializes in the management of complex projects and scope; more precisely during times of major restructuring changes in organizations. She initiated and directed many technological innovation projects for the IHC Group and Dorchester Collection, always oriented toward customer service. PCI DSS compliance efforts started for AccorHotels three years ago. A dedicated roadmap has been defined that includes the perspective of a continuous process of compliance. AccorHotels is working closely with its partner VigiTrust to achieve this goal, and their double presentation will share best practices.