Please check back for ongoing updates.
Please check back for ongoing updates.
Deputy Program Manager, National Cybersecurity FFRDC
Brian Abe is the Deputy Program Manager at the NCF and is responsible for providing leadership to the organization as it tackles some of our nation’s most pressing cybersecurity challenges, including those faced by the healthcare, retail, energy, transportation, and financial services sectors.
Prior work includes seven years leading teams in support of biometric operations and technology evaluation, supporting flight testing and payload integration activities related to unmanned air systems. He holds a bachelor’s degree in aerospace engineering and an MBA from West Virginia University
Product Manager, PCI at SecurityMetrics
Mr. Ady has worked with merchants, acquirers and card brands to help increase security and compliance with the PCI DSS. Jack has been in the PCI space for 8 years, and is a contributing member of the Small Merchant Business Task Force.
Director of PCI Security Compliance for Open Edge
A veteran payment & information security professional for over 20 years, Rick Allen CISSP, PCI ISA, QIR serves as Director of PCI Security Compliance for Open Edge, the integrated payments division of Global Payments Inc. (NYSE: GPN), a leading worldwide provider of payment technology services. Headquartered in Atlanta, Georgia with more than 8,500 employees worldwide, Global Payments is a member of the S&P 500 with merchants and partners in 30 countries throughout North America, Europe, the Asia-Pacific region and Brazil. In this role, Rick leads a team responsible for service delivery of advanced payment security solutions and value added PCI services including Edge Shield and QIR Assist, providing Open Edge ISV partners and merchants with secure integrated payments channels in markets around the world.
Director of Security and Chief Investigator, Isabella Stewart Gardner Museum
Anthony Amore is an expert in security matters, especially those related to cultural property and homeland security. Presently, he is Director of Security and Chief Investigator at the Isabella Stewart Gardner Museum, where he is charged with the ongoing efforts to recover thirteen works of art stolen from the museum on March 18, 1990.
In 2011, he co-authored the Wall Street Journal true-crime bestseller Stealing Rembrandts: The Untold Stories of Notorious Art Heists. His second book, The Art of the Con: The Most Notorious Fakes, Frauds and Forgeries in the Art World was published in 2015 and was a New York Times Crime Bestseller.
In addition, he is a columnist for The Observer writing on art theft and security. He has been a lecturer in homeland security at Fisher College and provides analysis on issues related to security and terrorism for a number local and national news outlets, including the BBC, NBC News, NPR, CNN, FOX, and others.
His work as security director has been highlighted in the book Art and Crime: Exploring the Dark Side of the Art World , which describes him as “among the most innovative, and most effective, museum security directors in the world”.
While with the Department of Homeland Security/TSA, he was nominated by his superiors for a Service to America Medal in 2002 and 2003.
Anthony has fifteen years of national security, law, intelligence, and crisis management experience with federal government agencies. He was instrumental in the reorganization and regionalization of national homeland security efforts post-September 11th and was the FAA’s lead agent responding to the attempted terrorist attack by Richard Reid, the so-called “Shoe Bomber” in December 2001.
QSA (P2PE), PA-QSA (P2PE), CISSP, Director Schellman & Company, LLC
Jacob’s career spans over fifteen years of security assessment services, including leading and performing assessments for PCI DSS, PA-DSS, and PCI P2PE, application security assessments, penetration testing, forensic examinations, and secure software development practices. Jacob has performed payment card security compliance assessments since the payment card brands operated their own standards prior to the advent of PCI DSS. Jacob speaks regularly to a variety of audiences on matters of information security, incident response, and payment card compliance strategy.
CISSP, ISSMP, CFS, PCI/PA QSA, PCI ASV, PCI PFI, Visa SA, GIAC-GCFE Gold, Vice President, Head of digital forensics, PSC
Mr. Arnold is Co-founder and Principal with PSC, in San Jose, California. He heads PSC’s Digital Incident Response and Forensics team and specializes in internal and external security assessments related to US and international standards. Mr. Arnold leverages his payments background to evaluate and design security controls and secure systems that accept a variety of traditional and emerging consumer payment technologies. Among his clients are trans-global payment processors; over-the-air and traditional card production/ personalization companies; global telecommunication companies; travel and hospitality companies; large multi-national retailers; oil and gas companies; big-box retailers; pharmacies; consumer financial institutions; and, global payment card brands.
Head of Data Security Governance, Square Inc.
Mr. Aument has 20 years of payments, risk management, and information security experience. Previously, Mr. Aument founded an information security firm and led the PCI assessment practice. Mr. Aument holds the rare distinction of serving multiple areas of payments security including: Merchant, Acquirer, Service Provider, QSA, and Security Vendor. In his spare time, Todd likes to cycle, snowboard, and collect passport stamps.
Vice-President of Information Technology, The HoneyBaked Ham Company
As Vice-President of Information Technology, Bill’s primary focus is to deliver effective business solutions through the enablement of technology. He has spent the last 24 years managing the development of an enterprise-wide “Order Anywhere, Fulfill Anywhere” Retail Management System, including POS, eCommerce, labor, and back-office solutions. Bill’s current focus is on enabling an Omni-Channel platform that can meet the evolving needs of our consumer and our Brand.
His objective as a technology leader is to provide HoneyBaked with the highest quality of technology-based services, delivered in the most cost effective way, and designed to facilitate the strategic objectives of the company. The key to this, of course, is through a highly collaborative partnership with the business. The basis for solid foundational systems and the success of transformational initiatives is fundamentally linked to IT’s strategic alignment with the business. The collaborative partnership with the business facilitates the greatest value to both the company and its consumers.
MBA, PCIP, Director, Market Strategy, ControlScan, Inc.
Chris Bucolo has over 30 years’ experience in the financial technology and security and compliance industries. In his current role at ControlScan, Chris is responsible for enhancing the company’s payments industry partnerships by identifying and delivering data security and compliance solutions that maximize the relationship between merchant service providers and their customers. Previously he managed business development for the company’s security consulting and security engineering services.
VP, Security and Fraud Product Team
Data and Cyber security has become a top priority for merchants of all sizes, and small businesses in particular should feel empowered to take action and stay ahead of malicious and criminal intent. At Barclaycard we have 50 years of experience to help make the complex simple for businesses of all sizes. Michael represents Barclaycard as a Board of Advisor to the PCI SSC, is Co-chair of the PCI SSC Small Merchant Taskforce and also a PCI SSC licensed Internal Security Assessor. In his daily role Michael delivers subject matter expertise and thought leadership for in order to mitigate risks that may threaten the security of payments. Michael is a proud winner of the Barclaycard Champions Award for Service and Excellence, not once but twice!
Manager for Device Standards, PCI Security Standards Council
Mr. Cormier is a seasoned POS industry insider with over 30 years of experience, Mr. Cormier has worked with small, medium and large size clients across retail, banking, hospitality and transportation sectors. He oversaw multiple client engagement projects from the systems design concept to the complete rollout for all types of electronic payment solutions including Terminal Management Services, magnetic stripe, contactless, and mobile payment transactions. Prior to joining the PCI council, Mr. Cormier held a Director of POS Systems with Ingenico and other engineering positions with VeriFone and Hypercom where he developed high-speed payment solutions for retailers and the bank card industry clients. Mr. Cormier has earned multiple industry designations including Certified Information Security Professional (CISSP), Certified Wireless Network Administrator (CWSP). He is an U.S. AIR FORCE veteran.
Senior Architect, West Monroe Partners
Paul is an experienced and practiced security professional, with over 15 years of experience in software, infrastructure and organizational security for Fortune 100 companies. With West Monroe Partners, Paul works across our many functional teams to advise, analyze and implement security that spans the full range of organizational, technical and procedural demands.
VP of Business Development for Boomtown Network, Inc.
Chris is the VP of Business Development for Boomtown Network, Inc., where he works with partners throughout the payments ecosystem to find solutions for their customer success challenges impacting merchants of all sizes. As technologies become increasingly complex and intertwined, Boomtown is focused on simplifying the implementation and support experience by providing a standardized and reliable solution for providers and their merchants.
Chris joined Boomtown from Palantir Technologies where he engaged with customers in new industry verticals to leverage the capabilities of the Palantir platform. Prior to joining Palantir, Chris worked at TPG Growth as an investor and at J.P. Morgan on the Mergers & Acquisitions advisory team. Outside of the office, Chris can be found exploring Northern California with his wife and 70 lb. black lab or on a Jiu Jitsu mat.
Vice President, Payment Security Officer, Verifone Inc.
Dave Faoro is Vice President, Payment Security Officer, at Verifone with responsibility for the global security compliance of payment systems.
Dave is a 30 year veteran of the electronic payments industry. In his 25+ years with Verifone, he has held various management positions in research and development and delivered products into every market worldwide. Dave’s technical and security expertise is leveraged across various teams within Verifone, as well as, payment acceptance customers within the multi-lane, petroleum, standalone PIN pads, integrated systems, desktop, portable and mobile payment systems.
Dave has been actively involved in the PCI SSC Standards development since its creation in 2006 and continues to serve on the PCI Board of Advisors. Verifone has been extremely active on many PCI SSC taskforces.
In addition, Dave has many years of experience collaborating with other organizations on payment security related matters. For example, Dave has actively contributed Standards work at ANS X9 and is currently the X9F Committee Chairperson. X9F oversees Data and Information Security for the Financial Industry. He currently serves on the Federal Reserve Steering Committee for the Secure Payments Task Force.
Chief Innovation Officer, Veracode
Joseph Feiman, PhD is Chief Innovation Officer at Veracode responsible for advanced technologies that drive innovative security strategies. He is a recognized industry leader with nearly two decades’ experience in application development and security, analyzing the markets for Gartner Research. Prior to joining Veracode in the end of 2015, Joseph was a research VP and Gartner Fellow, leading application and data security research. He is widely credited with shaping application security markets. Joseph is a member of PCI Software Security Task Force (SSTF) charged with developing new PCI Software Security Standard (S3).
Vice President, Solution Architecture, Coalfire
Dan Fritsche is vice president of solution architecture for Coalfire, with responsibilities for translating requirements created by IT risk and compliance mandates into business-centric cyber solutions strategies. With more than 17 years’ experience in application and network security architecture, he has a track record for aligning emerging technology solutions with company requirements to improve both business bottom line and security posture. Dan also advises clients in the latest emerging security technologies including virtualization, EMV, encryption, and tokenization. He holds numerous certifications in Payment Card, Encryption, and Security Systems certifications bodies. He earned his BA degree from the University of Colorado, and his MA degree from the Denver Seminary.
CISSP, PCI QSA, Director Cyber Security and Privacy, PCI Practice Lead, PwC
Adriana is a Director in the PwC Risk Assurance Practice and leads the Cyber Security & Privacy practice in the GTA and the PCI Practice in Canada. She has over eighteen years of consulting experience in the areas of Information security strategy, architecture design, Security & Privacy governance, Payment Card Industry (PCI), large project and program management. In the last couple of years her focus has been on leading large data protection engagements that address security and privacy regulations through assessment, remediation and operationalization of compliance.
CISSP, QSA, PA-QSA, CISA, Vice President of Assessments, SecurityMetrics
Gary Glover is the Vice President of Assessments at SecurityMetrics and holds QSA, PA-QSA, CISSP, and CISA security certifications. Gary has worked in the IT security industry as a QSA for over 10 years. Before that, Gary spent 10+ years in as a software engineer at Novell, McDonnell Douglas, and other startups. Gary is the author of two US patents, and received a Masters of Science degree in Mechanical Engineering from Brigham Young University.
Director, Risk Advisory Services, National Leader Payment Card Industry (PCI) Services, RSM US LLP
Alan Gutierrez-Arana has over 20 years of experience providing IT security and controls assessments, and regulatory compliance consulting for a broad range of consumer services, insurance, banking, finance, and government. He specializes in Payment Card Industry (PCI) controls assessment and compliance, federal and state IT regulatory compliance (PCI-DSS, SOX, HIPAA-HITECH, FFIEC), IT controls design, disaster recovery, IT outsourcing and off-shoring. His client portfolio includes Fortune 100 and Fortune 500 companies, with locations in Asia, Latin America, Europe and the U.S.
Principle Security Analyst at SecurityMetrics
Matt Halbleib, Principle Security Analyst at SecurityMetrics, is responsible for overseeing the activities of the company’s audit teams. He holds QSA (Qualified Security Assessor), PA-QSA (Payment Application Qualified Security Assessor), and CISSP (Certified Information Systems Security Professional) security certifications and as a qualified assessor for the Payment Card Industry, has completed over 80 PCI DSS and PA-DSS security assessments. He began his career at Intel Corporation in the Intel Desktop Products group, spent 5 years in various Intel IT administrative roles, taught classes as a Microsoft Certified Trainer for 2 years, and spent seven years as a Senior Information Security Analyst for Intel. Additionally, Halbleib received a Bachelor of Science degree in Aeronautical Engineering Technology from Arizona State University.
Director of Standards Coordination, PCI Security Standards Council
Ms. Holloway’s role includes coordinating PCI SSC’s efforts for the Small Merchant Business Task Force as well as working closely with the various PCI teams to drive consistency and alignment across the standards and supporting programs. She joined PCI SSC in 2010 as the Director of Data Security Standards. Prior to joining the Council, Ms. Holloway led and coordinated Visa’s efforts for PCI DSS and PA-DSS and related programs for several years. Ms. Holloway’s extensive information security and audit background includes managing information security at an internet payment gateway, consulting with a Big 4 audit firm, and conducting and managing internal audits for computer systems at a Fortune 500 company. Ms. Holloway holds the CISSP, CISM, and CISA designations.
CITP, CRISC, CGMA, PCI ISA, PCIP, CISM, SVP of Risk and Compliance, Global Payments
Stacy Hughes serves as SVP – IT Governance, Risk and Compliance for Global Payments Inc. (GPN), a leading worldwide provider of payment technology services. Headquartered in Atlanta with more than 8,500 employees worldwide, GPN is a member of the S&P 500 with merchants and partners in 30 countries throughout North America, Europe, the Asia-Pacific region and Brazil. Stacy has worldwide responsibility for the IT and Security compliance functions – external (e.g. PCI, SOX), merchant, and payment. Stacy also represents GPN on the PCI Security Standards Council Board of Advisors.
Retail Technology Specialist, Rocky Mountain Chocolate Factory
Ms. Hutt leverages her extensive industry knowledge of POS credit card integrations and Information Security while working with technology vendors to provide secure, effective technology solutions for RMCF stores. Jenna has developed an education program for RMCF’s small merchants, providing information to RMCF franchisees about PCI DSS standards, developing Card Brand requirements, and cutting edge security solutions. Jenna translates the technical information into actionable tasks that gives the stores the ability to implement security measures in an economical and efficient way. Jenna is a member of the PCI SSC Small Merchant Business Task Force. She has a Bachelor’s Degree in Computer Science.
Technical Manager, Underwriters Laboratories
Andrew Jamieson has been working in the security of payment systems for over 20 years, spending half of his time making devices and the other half breaking devices. During this time he has worked with many different security evaluation methods, such as Common Criteria, FIPS140-2, ISO13491, and PCI everything (DSS, PA-DSS, PTS, P2PE, ASV, PIN). Andrew works in the Security Group of Underwriters Laboratories Consumer division, having previously managed the Device, Audit and Standards area. He holds a bachelors degree in Electrical Engineering, and a Masters Degree in Information Security.
International Director, PCI Security Standards Council
Mr. King leads the Council’s efforts in increasing adoption and awareness of the PCI security standards internationally. In this role, Mr. King works closely with the Council and representatives of its policy-setting executive committee from American Express, Discover, JCB International, MasterCard, and Visa, Inc. His chief responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SSC managed standards through all international markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences, and meetings with key stakeholders. He also serves as a resource for Approved Scanning Vendors (ASVs), Qualified Security Assessors (QSAs), Internal Security Assessors (ISAs), PCI Forensic Investigators (PFIs), and related staff in supporting regional training, certification, and testing programs.
Chief Operating Officer, PCI Security Standards Council
Mr. Lance is responsible for the day to day operations, business strategy, investments and growth of the Council. He leads the creation and implementation of programs and world-class processes for certification, assessor quality management and training, critical to the Council’s mission of increasing payment card security globally through adoption of the PCI Security Standards. Most recently, Mr. Lance held leadership positions at the MIT Media Lab and the World Wide Web Consortium, and was a founding director of the Web Foundation. He is a Fulbright Scholar and holds a Master’s degree in Business Administration from Suffolk University, and a Bachelor’s degree in Business Administration from the Pontificia Universidad Católica de Valparaiso. Mr. Lance has lived and worked in Chile, China, France, and the United States.
CISSP, CISA, Chief Technology Officer, PCI Security Standards Council
Mr. Leach partners with Council representatives, Participating Organizations and industry leaders to develop comprehensive standards and strategies to secure payment card data and its supporting infrastructure.
He is a subject matter expert on payment security and has testified on several occasions before various House and Senate Congressional committees. Mr. Leach also provides guidance and security expertise to a multitude of U.S. and international government entities as well as law enforcement. Mr. Leach serves on several advisory boards such as ANSI X9, Merchant Acquirer Committee and contributes to online communities such as BankInfoSecurity and CSO Online. Mr. Leach is often quoted in cybersecurity news stories and has been quoted by news organizations including the Washington Post and Wall Street Journal.
CISA, PCI ISA, Senior IT Risk Analyst, Risk Advisory & Assurance Services, Adobe
Christine is a Sr. IT Risk Analyst in the Adobe Risk Advisory and Assurance Services group. She has an extensive audit and compliance background including PCI, SOX, SOC, and ISO. Her experience includes IT advisory at a Big 4 auditing firm as well as information security risk management for a global web services provider. Currently, Christine’s main focus is partnering across Adobe’s Creative Cloud business units to drive and deliver upon compliance initiatives governed by the Adobe Common Control Framework (CCF).
Standards Manager, PCI Security Standards Council
Mr. Marcinko is responsible for the ongoing development of the security standards including the Payment Card Industry Data Security Standard (PCI DSS), the Payment Application Security Standard (PA-DSS) and the Point-to-Point Encryption Standard (P2PE). In addition, Mr. Marcinko works closely with the payment brands, affiliate members, Task Forces and Special Interest Groups (SIGs) to develop new and emerging standards and guidance documents, information supplements, and self-assessment questionnaires. Prior to joining the Council in 2013, Mr. Marcinko held various leadership positions in IT and Information Security management for the software industry, and has over 15 years of experience leading large, multi-million dollar design projects in areas such as virtualization, mobile computing, electronic payments, tokenization and compliance. Mr. Marcinko is also a frequent speaker and contributor on general Information Security and Privacy matters.
Standards Manager, Data Security Standards
Mr. Markh is a Standards Manager with the PCI Security Standards Council. His role includes technical contributions to PCI security standards and related efforts, as well as serving as the current chair of the Cloud Special Interest Group. Prior to joining the Council, Mr Markh has worked in various consulting positions across Europe, North America and the Middle East, ranging from performing complex hands on security assessments to, managing a diverse security services portfolio, and leading a team of highly skilled consultants.
Mr. Markh has over 15 years of experience in information security encompassing compliance, threat and risk management, security assessments, digital forensic, application security and emerging technologies such as IoT and Blockchain. Mr Markh holds an MSc degree in Computer Security, BSc in Software Engineering and is a Payment Card Industry Professional.
Tyson A. Martin
ISA, PCI-P, CISSP, CRISC, CISM, ECSA, CEH, CCISO, Head of IT Security, Compliance and Risk Management, Orvis
Tyson A. Martin is the Head of IT Security, Compliance & Risk Management Orvis. Tyson is responsible for maintaining and enhancing Orvis’ information security program to protect electronic data, which includes all ongoing activities related to the availability, integrity and confidentiality of customer, partner, employee and business information in compliance with regulations, laws and the company’s security policies and procedures.
Prior to joining Orvis Tyson held CISO-level positions in large corporations in the online gaming, e-commerce and cloud service industries.
Vice President, Network Industry Engagement, Product and Marketing, American Express
Mr. Matan leads the strategic and technical development of network products and capabilities, such as EMV chip-enabled products, tokenization, American Express SafeKey, contactless, mobile NFC payments and the Amex ATM network. Mike oversees American Express engagement in payment related standards bodies and is on the executive committee of both EMVCo and PCI Security Standards Council.
Mike leads a global team and works with American Express partners in North and South America, Europe and Asia. Previously, Mike held several leadership roles across the American Express Technology division. Mike holds a degree in Computer Science from Manchester University, England.
VP, Public Relations, PCI Security Standards Council
Mr. Meissner leads the Council’s public relations efforts. In this role, Mr. Meissner works closely with the Council’s leadership team to develop communications strategies that promote the PCI Security Standards and the priority initiatives of the Council globally and with a wide range of stakeholders. Mr. Meissner brings more than two decades of experience in helping Fortune 500 companies, elected officials, trade associations and high profile individuals navigate a myriad of communications challenges in the global marketplace. Over the years, Mark has worked with many high-profile clients in engaging with major news organizations such as USA Today, The Washington Post, 60 Minutes, The New York Times, The Wall Street Journal, CNN, and The Times of London.
Before joining the PCI Security Standards Council, Meissner was the Founder and President of MJM Strategies, a strategic communications consulting firm. Meissner began his career in the world of politics. He honed his political skills working on the staffs of two fellow Hoosiers– U.S. Senator Evan Bayh (D-IN) and U.S. Representative Tim Roemer (D-IN). Meissner served as Campaign Manager for Representative Roemer’s successful 1994 re-election campaign. Mark was a candidate for U.S. Congress in 2002, finishing second among a crowded field of five better known candidates for Indiana’s 2nd Congressional District. His underdog campaign was hailed by the media as “relentless” and “impressive”.
Meissner teaches as an Adjunct Professor at The George Washington University Graduate School of Political Management (GSPM) where he has served on the faculty for more than a decade. Meissner holds a Master’s Degree from The American University and a Bachelor’s Degree from Indiana University.
PCIP, CPP, Chief Strategy & Innovation Officer, Bluefin
Ruston brings 20 years of payment security experience to his role of Chief Strategy & Innovation Officer where he serves as Bluefin’s security thought leader and evangelist. Ruston founded Bluefin in 2002 and speaks at conferences and industry events on payment security throughout the year. Ruston is a PCI Professional (PCIP), a Certified Payment Professional (CPP) and serves as Board Visionary for ETAPAC, the political action committee of the payments industry.
Partner and Founder, Pen Test Partners LLP
Mr. Munro leads a team of experienced penetration testers, otherwise known as ethical hackers, all of whom have a stake in the business. He regularly blogs on everything from honeypots to hacking cars and is a familiar face on the speaker circuit, sharing candid and sometimes controversial views on all aspects of computer security. Ken has worked in the field of information security for over 15 years.
PCI ISA, PCIP, CISA, PCI ISA, Principal IT Compliance Analyst, Liberty Mutual
Peggy Nolan is an experienced PCI ISA with over 18 years of Information Security Project Management expertise behind her. Peggy has a Master of Arts degree in Computer Information Management and a Bachelor of Arts in American History. In her life outside of PCI, Peggy teaches yoga and is a 3rd level black prajioud in Muay Thai Kickboxing. She’s also a writer and has co-authored 4 bestselling books. Peggy released her first bestselling book of poetry in 2016 and plans to release her second book in late 2017. Peggy lives in Derry, NH and travels whenever and wherever she can.
Director, Investigative Response, Verizon RISK Team
Mr. Novak is a co-founder and the Director of the Verizon Investigative Response Unit – a division of the Verizon RISK Team. He is an internationally recognized expert in the field of Investigative Response and Computer Forensics. He has been involved with information security for over 15 years. Christopher has assisted corporations, government agencies, and attorneys with all matters involving computer forensics, fraud investigations, and crisis management. He has testified as an expert witness in various matters and before such bodies as the Supreme Court of the State of New York. He has also briefed United States congressional committees such as Senate Banking, House Financial Services, Senate Commerce, House Energy & Commerce, Senate Judiciary, House Homeland Security and Senate Homeland Security & Government Affairs.
He has been an advisor on dozens of high-profile intrusion and data breach investigations around the globe. He works closely with local, state and federal law enforcement agencies as well as joint investigative operations coordinated with foreign law enforcement.
Christopher has worked in various consulting positions within Verizon; from individually contributing to a larger tactical response team to his current position, where he manages a global team of highly skilled consultants. Each of these teams around the world maintains experts in various fields of study and practice, such as forensic analysis, malware reverse engineering, threat intelligence analysis and threat actor attribution, among others… Christopher specializes in high-level crisis and emergency response matters and is regularly consulting with executives from Fortune 500 companies with regard to pre-planning for such situations as well as leading active crisis response matters and liaising with external partners.
Christopher is an active public speaker, discussing various topics ranging from high-level best practices to executive-level crisis management. He has been a contributing member of the Verizon Data Breach Investigations Report since its first publication in 2008 and has been featured in such media outlets as The Wall Street Journal, ABC News, American Banker, and many others. Christopher is an active member among multiple industry trade groups and a frequent guest lecturer at universities. He also serves as an advisor for many industry-related associations in an effort to further promote cybersecurity awareness and education as well as working closely with organizations as it relates to various policy initiatives on the topic of cybersecurity.
Christopher holds a Bachelor of Science Degree in Computer Engineering from Rensselaer Polytechnic Institute.
CISSP, GCIH, PCI: QSA, PA-QSA, PFI, ASV, Vice President, PSC
Joseph Pierini is the Director of Technical Services at PSC responsible for the development and execution of the penetration testing programs used for PCI and other regulatory compliance. When not managing his team of PSC pen testers, Joseph is presenting at conferences promoting best practices in penetration testing for merchants and card processors. Over the last 15 years, he has performed penetration and application assessments for over half of the Internet Retailer Top 500, Fortune 1000 and many of America’s defense contractors. He is also a published vulnerability researcher.
Director, Emerging Standards, PCI Security Standards Council
Mr. Poore has over 35 years of information security experience, including more than 20 years of applied cryptography. He has written extensively on information security and cryptography. His work is cited in academic papers, national standards, professional journals, and books. He came to PCI SSC from a small business that was a QSAC, where he was a QSA. In various capacities, he has designed and led teams of developers in cryptographic system projects, resulting in patents of systems based on cryptography. He is also a long-time member of International Association for Cryptologic Research (IACR). Mr. Poore also supported classified government projects and has assisted in the development of cryptanalytic tools. He has extensive experience in financial services industry and in the development of national and international standards. He is an ISSA Distinguish Fellow and an ACM Senior Member, and has received numerous awards for his professional work. Mr. Poore holds the following certifications: PCIP, CFE, CISA, CISSP, CHS-III.
B.E., MBA, PCIP, CISM, PCI QSA, PCI QIR, EMV Program Consultant, President/CEO of A1PlusSoft,Inc.
Mr. Rengamannar is a Senior technology and security professional with over 25 years of experience. He is a domain expert in cards issuing, acquiring, merchant processing , integration with banking , health and utility suite of systems. Information and cloud security consultant with emphasize in data protection and data privacy. Holding pending patent on to automate the execution of PCI DSS requirements and reporting.
Co-Pilot of U.S. Airways Flight 1549, “The Miracle on the Hudson”
“No terrible thoughts went through my head, none at all. I didn’t worry that I might not live through this—and no pilot would. Unless the situation is completely out of your control, there’s always something you can do.”
On a bright, 20-degree afternoon in January, US Airways Flight 1549 accelerated down New York La Guardia Airport’s main runway, loaded with 155 passengers and crew, headed skywards for Charlotte, NC. Everything was normal until First Officer Jeff Skiles spotted a formation of Canada geese almost directly ahead. In a matter of seconds, he heard numerous thunks as the birds impacted the aircraft. Both engines immediately failed. Captain Chesley Sullenberger took over flying the plane and lowered the nose down to retain airspeed. Within seconds, the pilots made the decision that returning to LaGuardia was simply not possible—they’d have to fly over densely populated areas and there was no guarantee that they’d make it. Surrounded by nothing but skyscrapers and neighborhoods, they decided to head to the only open, flat space available—the Hudson River. Jeff Skiles details the lessons, training, and scenarios that led to the “Miracle on the Hudson” and what businesses can take away from it with a great sense of humor and natural storytelling ability.
Adapt, React, and Don’t Fear a Change of Course. The son of two pilots, Skiles started flying at the age of 16 and has logged over 21,000 hours in the sky. Skiles has spent the last 30 years as a US Airways pilot and his lifetime of experiences contributed to the astounding outcome. The perfect landing was not a fluke; it was the result of intense training, preparation, and the lessons learned from other pilots’ successes and failures.
Skiles believes that life changes all around you, and if you can’t adapt and change with it, you can’t succeed. He attributes the success of the emergency landing on the Hudson to the extensive training that all members of a flight crew experience. From the mechanics and the maintenance workers to the people who write the emergency protocols and the flight attendants, he believes that every level of the US Airways organization is responsible for the outcome on January 15, 2009. While he and Captain Sullenberger piloted the plane to a safe landing, the success was a group effort representing the contributions of an entire organization.
Senior Director, Data Security Standards, PCI Security Standards Council
Ms. Sutcliffe oversees a number of PCI security standards, including the PCI DSS and PA-DSS. Ms. Sutcliffe chairs PCI SSC’s Technical Working Group (TWG) and the Tokenization Working Group, where she works closely with the Payment Brands and Affiliate members to develop standards, supporting documentation, and guidance papers. Ms. Sutcliffe has over 15 years’ information security experience and is a current CISSP, CISM, and CISA.
CISSP, PMP, PCIP, Advanced Research Manager
Ms. Terry has over 20 years’ experience in the payment card industry including over 15 years managing enterprise projects encompassing PCI Compliance, security, system design, implementation, and replacement and most recently standards development initiatives at PCI SSC. Her responsibilities for the Council include research and development of new standards or updates to existing standards to address market changes as well as liaising with other regulatory bodies, vendors, labs and academia. Elizabeth is also the chair for the Mobile Task Force. Ms. Terry holds a Master’s in Business Administration and a Bachelor’s in Computer Science.
Standards Manager, PCI Security Standards Council
Mr. Thompson is a Standards Manager, where his role includes technical contributions to PCI standards and related efforts, as well as serving as the current chair of the PCI SSC’s Point-to-Point Encryption working group. Prior to joining the Council, Mr. Thompson has spent the last 10 years involved in security-sensitive and safety-critical engineering roles. Mr. Thompson holds the ISC2 CISSP, ISSAP, ISSMP, and CSSLP designations, as well as being listed on 5 U.S. patents from previous collaborations.
QSA, CISSP, Vice President, Terra Verde LLC
Carlos Villalba has over 20 years of extensive experience designing, developing, managing and implementing IT security solutions in compliance with IT security standards, and industry best practices. His broad skills and experience spans compliance assessments, HIPAA, PCI, FISMA, FEDRAMP, ISO, pen-testing, risk assessments, vulnerability management, and IT security projects. Carlos has provided services to the US military, federal government, credit unions, universities, retailers, health care, manufacturing companies and small businesses.
Senior Director of Certification Programs, PCI Security Standards Council
Ms. Woodcock is Senior Director of Certification Programs for the PCI Security Standards Council. Her role encompasses operational management of the Council’s existing programs (including QSA, PA-QSA, ISA, ASV, PFI, PCIP and QIR) as well as developing new certifications programs. Ms. Woodcock works closely with the Standards Development, Training and Assessor Quality Management teams within the Council. Ms. Woodcock has been with PCI SSC since February 2010 and has over 20 years of experience in payment cards and information security.
Vice President of Security Programs and Standards, Fiserv
Phyllis Woodruff is Fiserv’s Vice President of Security Programs and Standards. Fiserv, a long-time leader in financial services, has more than 12,000 clients in 80 countries. To help ensure the security of those clients, Woodruff and team manage the ongoing compliance for more than 40 level 1 service provider ROCs. Fiserv’s program, which continuously reviews scope as product offerings change, considers not just annual compliance but includes monthly compliance checks and executive reporting for each ROC. In addition to PCI, Woodruff is responsible for Fiserv’s Security and Control Standards and associate security education.