Speakers

Gareth Bowker, Director of Training Programs, PCI Security Standards Council

Mr. Bowker joined PCI SSC in April 2012, bringing 15 years of experience from the information security field. He initially started as a software developer and soon specialized in secure web application development processes. This led to him joining a PCI ASV company in 2005 where he worked as a penetration tester and consultant, becoming a QSA in 2006, followed by a PA-QSA in 2008. Mr. Bowker has worked with many large financial institutions and merchants on projects around PCI DSS, risk management, data loss prevention as well as conducting forensic and breach investigations. Mr. Bowker is a CISSP and holds a B.Sc. degree.

Eiji Fukushima,  Division Head of IT Security Consulting & Solutions, NRI SecureTechnologies, Ltd. and QSA of PCI DSS

Mr. Fukushima is on a mission to develop information security consulting and solution business on behalf of NRI SecureTechnologies in the Asia Pacific area. He has a unique 28 year career working in IT solutions development and consultation. He started his career in the Nomura Research Institute, developing enterprise systems for Nomura Securities, then shifted to retail and distribution systems as a development leader and project manager. After taking a leadership role for a system development framework, he went to NRI Pacific in Silicon Valley as a VP of R&D. After coming back from the West Coast, he moved into NRI SecureTechnologies to dedicate himself to information security consultation such as security audit, gap analysis, risk mitigation PM and even some implementation. This experience means that he has comprehensive skills from system planning, consultation, project management, development, implementation and operation.

He received his Bachelor of Economics degree from Waseda University. He is a PCIDSS QSA (qualified security assessor) and CISA (certified information systems auditor). He is proficient both in Japanese and English.

Tony Gee, Security Consultant, Pen Test Partners LLP

Mr. Gee has been working in IT security for over 9 years both as a security consultant within Finance and at the technology provider for the world leading Oyster system in London. Mr. Gee speaks widely on computer security and highlighting vulnerabilities in smart devices and takes pleasure in helping people understand the risks to their online presence and how to respond to the threats to better protect themselves, their family and the business.

Benoit Godart, Liaison Officer to the INTERPOL Global Complex for Innovation Europol

Benoit Godart is the first appointed Europol Liaison Officer to the INTERPOL Global Complex for Innovation, starting his secondment on 2 August 2015.
Before this, as team leader of Outreach and Support, he was responsible for the Europol’s European Cybercrime Centre (EC3) external relationships with Law Enforcement Agencies (LEAs), Private Sector, academia and civil society organisations, as well as EC3 engagement with public media.
His previous posts at Europol have included: strategic coordination and operational cooperation between Europol and INTERPOL in preventing and fighting organised crime and terrorism; combating counterfeiting & internet piracy including the creation and the development of Europol’s operational project on Intellectual Property Crime, which combines actions engaged by LEAs in partnership with Industry.
Mr Godart holds the rank of Director of Customs Services in France. Before joining Europol in 2005, he held senior positions in numerous high profile roles. As Chief Superintendent, he was the Head of Customs in a French territorial department ensuring the implementation of European and national priorities related to border management including enforcement, compliance and facilitation. As the Head of Investigations within the National Investigation Service (DNRED), Mr Godart led dedicated units performing special police techniques in the fight against various crime fields.

Title of qualification awarded    Master degree in Economics and Finances.  Master degree in Law.

Name and type of organisation providing education and training    Université de Bourgogne, Droit et sciences politiques

Andrew Henwood, CEO, Foregenix

Mr. Henwood is the CEO of Foregenix, a cyber security consultancy and solution provider. Foregenix is a PCI QSA, PA-QSA, P2PE and PFI certified company and provides assessment services and innovative, baked-in cyber security solutions globally.

Mr Henwood is a PCI security industry entrepreneur and is active in evangelising and recommending cyber security best practices through experience garnered from over 18 years of work in the field.

Mr Henwood has been involved within the payments industry since 2001, where he assisted in developing the first versions of the payment brand security standards in Europe. Mr Henwood is a frequent public speaker on cyber security topics.

Stacey Hughes, Senior Vice President – IT Governance, Risk and Compliance, Global Payments, Inc.

Ms. Hughes serves as Senior Vice President – IT Governance, Risk and Compliance for Global Payments Inc., a leading worldwide provider of payment technology services. Headquartered in Atlanta with more than 8,500 employees worldwide, Global Payments is a member of the S&P 500 with merchants and partners in 29 countries throughout North America, Europe, the Asia-Pacific region and Brazil. Ms. Hughes has worldwide responsibility for the Information Technology and Security Policy Program, compliance functions (PCI-DSS, SSAE 16, SOX, North America Merchant and card scheme compliance), and customer security assurance functions for the company.

In addition to being a Certified Public Accountant, she holds the following industry and security certifications: Certified Information Technology Professional (CITP), Certified in Risk and Information Systems Control (CRISC), Chartered Global Management Accountant (CGMA), Payment Card Industry Internal Security Assessor (PCI ISA), Payment Card Industry Professional (PCIP), Certified Chief Information Security Officer (C|CISO) and Certified Information Security Manager (CISM).

Alagu Karuppiah, Head of Information Technology, Diners Club Singapore

Mr. Karuppiah is responsible for leading and developing the technology division strategically to benefit the business. He brings over 17 years of experience in retail banking, EMV, payments, information security and specialize in technology risk & compliance. Prior to becoming Head of Information Technology at Diners Club, Mr. Karuppiah worked at NETS, BPC, MasterCard and Silicomp (now Orange Business Services). He has spearheaded many complex multimillion dollar information security and retail banking projects, completing them with success and within budget. Outside work, he can be found in the library or at the rifle club or on a long drive into a neighboring country. He is an internationally renowned speaker and is often invited to speak at forums and conferences on technology, risk and security related subjects. He has a master’s degree in Computer Applications from the University of Madras.

Jeremy King, International Director, PCI Security Standards Council

Mr. King leads the Council’s efforts in increasing adoption and awareness of the PCI Standards globally. In this role, Mr. King works closely with the Council’s General Manager and representatives of its policy-setting executive committee from American Express, Discover, JCB International, MasterCard, and Visa, Inc. His chief responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SSC managed standards through all international markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences, and meetings with key stakeholders. He also serves as a resource for Approved Scanning Vendors (ASVs), Qualified Security Assessors (QSAs), Internal Security Assessors (ISAs), PCI Forensic Investigators (PFIs), and related staff in supporting regional training, certification, and testing programs.

Troy Leach, CISSP, CISA, Chief Technology Officer, PCI Security Standards Council

Mr. Leach partners with Council representatives, Participating Organizations and industry leaders to develop comprehensive standards and strategies to secure payment card data and the supporting infrastructure. He is a congressional subject matter expert on payment security and the current chairman of the Council’s Standards Committee. Prior to joining the PCI Council, Mr. Leach has held various positions in IT management, software development, systems administration, network engineering, security assessment, forensic analytics and incident response for data compromise. Mr. Leach holds a Master of Science in Telecommunications & Network Management as well as a graduate degree in Information Security Management from Syracuse University.

Larry Liu, Head of International Compliance, Alibaba Cloud

Mr. Liu deals with the governance, risk and compliance aspects of the cloud business. Prior to that, he has over 15 years of experience with internal security management, supply chain security, business continuity management, crisis management, risk assessment, investigation and incident response at Apple Inc., Nokia, GE, ABB information technology and CNCERT/CC.

Yan Liu, Principal Consultant, atsec (Beijing) Information Technology Co.

Mr. Liu has worked in IT security for more than 18 years. His areas of interest include cryptographic algorithms, protocols and systems, privacy enhancing technology and DRM technologies; as well as information security standards, including Common Criteria, FIPS 140, PCI, etc. He has practical experiences in design, implementation and evaluation of security systems applications and in how to choose effective techniques and standards to address security issues, especially those in banks. He has authored books and articles on information security management system in China.
As a lead QSA, Mr. Liu has performed the PCI DSS assessment and/or penetration testing for banks, payment service providers and merchants, and the PA-DSS assessment for payment application vendors. He is a co-author of the presentation on “Becoming a CNAS Laboratory” at the 11th ICCC in Antalya, Turkey, “Comparative Study Between the Chinese Standards and the Common Criteria” at the 12th ICCC in Kuala Lumpur, Malaysia, and also “Security Proposal on Mobile Payment” in Paris, France; he is the author of the paper “Implementation and Assessment on Cryptography for Payment Solutions“ at the 2013 ICMC conference in Gaithersburg, Maryland, USA. He is the author of the presentation on “Payment Security in China” at the PCI Community Meeting 2014 in Sydney, Australia.
Mr. Liu holds a master’s degree in Information Security Technology from Eindhoven University of Technology (TU/e), Netherlands.

Mark Meissner, VP, Public Relations, PCI Security Standards Council

Mr. Meissner leads the Council’s public relations efforts. In this role, Mr. Meissner works closely with the Council’s leadership team to develop communications strategies that promote the PCI Security Standards and the priority initiatives of the Council globally and with a wide range of stakeholders. Mr. Meissner brings more than two decades of experience in helping Fortune 500 companies, elected officials, trade associations and high profile individuals navigate a myriad of communications challenges in the global marketplace. Over the years Mark has worked with many high-profile clients in engaging with major news organizations such as USA Today, The Washington Post, 60 Minutes, The New York Times, The Wall Street Journal, CNN, and The Times of London.
Before joining the PCI Security Standards Council, Meissner was the Founder and President of MJM Strategies, a strategic communications consulting firm.
Meissner began his career in the world of politics. He honed his political skills working on the staffs of two fellow Hoosiers– U.S. Senator Evan Bayh (D-IN) and U.S. Representative Tim Roemer (D-IN). Meissner served as Campaign Manager for Representative Roemer’s successful 1994 re-election campaign. Mark was a candidate for U.S. Congress in 2002, finishing second among a crowded field of five better known candidates for Indiana’s 2nd Congressional District. His underdog campaign was hailed by the media as “relentless” and “impressive”.
Meissner teaches as an Adjunct Professor at The George Washington University Graduate School of Political Management (GSPM) where he has served on the faculty for more than a decade. Meissner holds a Master’s Degree from The American University and a Bachelor’s Degree from Indiana University.

Christopher Novak , Director, Investigative Response, Verizon RISK Team

Mr. Novak is a co-founder and the Director of the Verizon Investigative Response Unit – a division of the Verizon RISK Team. He is an internationally recognized expert in the field of investigative response and computer forensics. He has been involved with information security for over 15 years. He has assisted corporations, government agencies, and attorneys with all matters involving computer forensics, fraud investigations, and crisis management. He has testified as an expert witness in various matters and before such bodies as the Supreme Court of the State of New York.  He has also briefed United States congressional committees such as Senate Banking, House Financial Services, Senate Commerce, House Energy & Commerce, Senate Judiciary, House Homeland Security and Senate Homeland Security & Government Affairs.  He has been an advisor on dozens of high-profile intrusion and data breach investigations around the globe. He works closely with local, state and federal law enforcement agencies as well as joint investigative operations coordinated with foreign law enforcement.

Mr. Novak has worked in various consulting positions within Verizon; from individually contributing to a larger tactical response team to his current position, where he manages a global team of highly skilled consultants. Each of these teams around the world maintains experts in various fields of study and practice, such as forensic analysis, malware reverse engineering, threat intelligence analysis and threat actor attribution, among others. He specializes in high-level crisis and emergency response matters and is regularly consulting with executives from Fortune 500 companies with regard to pre-planning for such situations as well as leading active crisis response matters and liaising with external partners.

Mr. Novak is an active public speaker, discussing various topics ranging from high-level best practices to executive-level crisis management. He has been a contributing member of the Verizon Data Breach Investigations Report since its first publication in 2008 and has been featured in such media outlets as The Wall Street Journal, ABC News, American Banker, and many others.  He is an active member among multiple industry trade groups and a frequent guest lecturer at universities. He also serves as an advisor for many industry-related associations in an effort to further promote cybersecurity awareness and education as well as working closely with organizations as it relates to various policy initiatives on the topic of cybersecurity.

He holds a Bachelor of Science degree in Computer Engineering from Rensselaer Polytechnic Institute.

Stephen W. Orfei, General Manager, PCI Security Standards Council

As General Manager, Mr. Orfei leads the PCI Security Standards Council in its mission to educate, empower and protect payment data globally, working closely with merchants, acquirers, financial institutions, security practitioners, law enforcement and other key stakeholders across the global payment eco-system.

Mr. Orfei is a recognized industry expert in global payment platforms, e-commerce, mobile payments, transit and cybersecurity. He is called on regularly for his expertise by government, law enforcement, industry groups and the media. Mr. Orfei has testified before the U.S. Congress as a cybersecurity expert, served as a representative of the United States at the G7 Roma Lyon group of world leaders on card crimes, participated in U.S. Presidential Cybersecurity Summits, and has played a leading role in global Acquirer Forums and PCI Community Meetings around the world.  Orfei regularly meets with top U.S. government officials from a range of agencies to discuss cybersecurity and provide strategic guidance.

A holder of several payments industry patents and awards, Mr. Orfei’s career spans senior posts at several high-profile companies including MCI International, a global telecommunications corporation, where as Director of International Marketing, he oversaw marketing for international business with direct revenue responsibility for over $400 million. Following his successful 13 years of service at MCI International, Orfei spent 14 years at MasterCard Worldwide, a global payments & technology company as Senior Vice-President Emerging Payment Platforms.

In his role at MasterCard, Orfei managed all aspects of development, implementation, and deployment of emerging payment platforms across Global Products and Services. Among his many achievements, Orfei led the entrepreneurial initiative to design, build and demonstrate (NYC-MTA) the next generation of Automated Fare Collection Systems for the transit industry.  The initiative was awarded the prestigious NYU Rubin Center Transportation Industry Innovation Award.

Prior to his leadership of the PCI Security Standards Council, Mr. Orfei served as a security consultant where he led a highly credentialed security team to defend “high value targets” from cyber-attacks.

Orfei is a former U.S. Marine who is active with veteran related charities including the Semper Fi Fund and the Wounded Warrior Project.

David Phister, Diebold Nixdorf Product Management – Platform Security Technologies

Mr. Phister possesses over 20 years of experience in information security within the financial and federal government sectors. For the past three years he has been responsible for managing Diebold’s Platform Security Technology Portfolio and the core solutions that are responsible for protecting global ATM transactions. Prior to that, he supported a variety of Department of Defense (DoD) cybersecurity and communications security activities worldwide. He earned a Bachelor’s Degree in Electrical Engineering and an MBA and is a Professional Cryptologic Engineer and Certified Product Manager

Jun Shao, Senior Consultant, atsec (Beijing) Information Technology Co., Ltd.

Ms. Shao works as a senior consultant at atsec China. She has over 12 years’ experience in research and development in the field of network and secure devices. Before joining atsec, she was a security architect for solutions and products including NGFW, IDS/IPS, IPSEC VPN and SIEM at Huawei, and had products development experience on embedded platform including uCLinux, PowerPC Linux and Z80 EDE, as well as in the C programming language, shell scripting, TCL, and network protocols.
She earned a bachelor’s degree in Electrical and Automatic Engineering and also holds an MBA (Master of Business Administration).

Emma Sutcliffe, CISSP, CISM, CISA, Senior Director, Data Security Standards, PCI Security Standards Council

Ms. Sutcliffe oversees a number of PCI security standards, including the PCI DSS and PA-DSS. She chairs PCI SSC’s Technical Working Group (TWG) and the Tokenization Working Group, where she works closely with the Payment Brands and Affiliate members to develop standards, supporting documentation, and guidance papers.

Ms. Sutcliffe has over 15 years’ information security experience.

Joseph Yu, Director, Association Compliance and Facilities Management, Global Payments Asia-Pacific Ltd.

Mr. Yu has over 20 years of experience in the payment processing industry. He is responsible for compliance functions (PCI-DSS, Asia Pacific Merchant and card scheme compliance), as well as facility management functions for the company. Mr. Yu holds a bachelor of science degree from the University of Toronto and is certified as a Payment Card Industry Internal Security Assessor (PCI ISA).
Global Payments Asia-Pacific Ltd. (NYSE: GPN), a leading worldwide provider of payment technology services. Headquartered in Atlanta with more than 8,500 employees worldwide, Global Payments is a member of the S&P 500 with merchants and partners in 30 countries throughout North America, Europe, the Asia-Pacific region and Brazil.