Speakers

Jeremy King, International Director, PCI Security Standards Council

Mr. King leads the Council’s efforts in increasing adoption and awareness of the PCI security standards internationally. In this role, Mr. King works closely with the Council’s General Manager and representatives of its policy-setting executive committee from American Express, Discover, JCB International, MasterCard, and Visa, Inc. His chief responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SSC managed standards through all international markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences, and meetings with key stakeholders. He also serves as a resource for Approved Scanning Vendors (ASVs), Qualified Security Assessors (QSAs), Internal Security Assessors (ISAs), PCI Forensic Investigators (PFIs), and related staff in supporting regional training, certification, and testing programs.

Troy Leach, CISSP, CISA, Chief Technology Officer, PCI Security Standards Council

Mr. Leach is the Chief Technology Officer for the PCI Security Standards Council (SSC). In his role, Mr. Leach partners with Council representatives, Participating Organizations and industry leaders to develop comprehensive standards and strategies to secure payment card data and the supporting infrastructure. He is a congressional subject matter expert on payment security and the current chairman of the Council’s Standards Committee. Prior to joining the PCI Council, Mr. Leach has held various positions in IT management, software development, systems administration, network engineering, security assessment, forensic analytics and incident response for data compromise. Mr. Leach holds a Master of Science in Telecommunications & Network Management as well as a graduate degree in Information Security Management from Syracuse University.

Gordon McIntosh, Principal Consultant, atsec Information Security

Mr. McIntosh has spent the past 12 years working exclusively in computer security and is currently a PCI QSA and Common Criteria (CC) consultant. In the role of CC consultant, he advises developers such as IBM, Alcatel, Lucent, Unisys and Motorola on Common Criteria methodologies ranging from architecture, design, and secure development environments to configuration management and secure product delivery to the end customer. Mr. McIntosh was employed at IBM from 2001 to 2004 as the pSeries CC Architect and software developer; he was awarded more than 20 U.S. patents for his work in computer technology and information security. After leaving IBM, he became the Common Criteria Laboratory Manager, Principal Consultant and evaluator at atsec information security.

Stephen Orfei

Stephen W. Orfei, General Manager, PCI Security Standards Council

As General Manager Mr. Orfei leads the Council in its mission to increase payment data security globally through development and delivery of Standards, Best Practices, Market Guidance, Alerts, vetted solutions and training services for merchants, QSAs, banks, and key stakeholders across the global payment eco-system. Orfei is a recognized industry expert in global payment platforms, e-commerce, mobile payments, transit and cybersecurity. As a former Product Officer, with frontline experience defending High-Value Targets from cyber-attack, Mr. Orfei understands the perspectives of PCI SSC stakeholders across the payment industry. He brings to his role as General Manager more than 20 years of experience developing and delivering complex global payment solutions.

A holder of several payments industry patents and awards, Orfei’s career includes senior posts at MCI International, a global telecommunications corporation, where he served for 13 years as Director of International Marketing. Mr. Orfei also served for 14 years as Senior Vice President, Emerging Payment Platforms, at MasterCard Worldwide, a global payments & technology company. In addition, he has worked as a cyber security consultant with security assessment organizations. Prior to his corporate experience, Mr. Orfei served in the United States Marine Corps. Orfei joined the Council in July 2014

Ciske van Oosten

Ciske van Oosten, Global Intelligence Manager, Verizon PCI Security Practice

An experienced security professional, Mr. van Oosten is dedicated to advancing the effective protection of sensitive data within the payment card industry. During his 22 year business career, he has held executive management positions in large and medium-sized organizations – including Chief Operations Officer, Chief Security Officer, and Professional Services Director. His introduction to payment card security started as a law enforcement officer investigating organized crime and payment card fraud in the mid 1990’s. From 2001 to 2004 (prior to the formation of the PCI Security Standards Council) he assisted several major card brands with the development of their cardholder data compliance programs, and established and directed the first independent Qualified Security Assessor (QSA) company, conducting compliance validation assessments worldwide. He has since served as practice leader at several leading QSA organizations, and during this time, delivered or directed more than two thousand five hundred PCI Security compliance projects for service providers and merchants across diverse range of industries.

Riwa Sakamoto, Director, Commerce Supervisory Division, Commerce and Information Policy Bureau

METI is a ministry of the Government of Japan. It was created by the 2001 Central Government Reform when the Ministry of International Trade and Industry merged with agencies from other ministries related to economic activities, such as the Economic Planning Agency. METI has jurisdiction over a broad policy area, containing Japan’s industrial/trade policies, energy security and control of arms exports. Ms. Sakamoto was recently appointed director of METI.

Marat Vyshegorodtsev, Senior TPM, Rakuten Inc.

Mr. Vyshegorodtsev is a leading security and compliance specialist in the industry. While his main responsibility is payment security, he also provides consulting services across all companies within the Rakuten Group in the USA, Europe, Middle East and Asia. Mr. Vyshegorodtsev’s experience in payments started in 2008 in Russia at the country’s largest-at-the-time security integrator “InformZaschita.” Mr. Vyshegorodtsev has a deep knowledge of PCI DSS and PA-DSS standards, remote banking applications, and e-commerce security. He has a degree in global scale network security from the University of Tokyo.

Jun Yano, Senior Security Consultant, NRI SecureTechnologies, Ltd.

Mr. Yano is a senior security consultant at NRI SecureTechnologies Ltd. and has 13 years’ experience in network, web application, and database penetration testing. As a leader of the PCI DSS ASV scanning team, he has experience with ASV scans and penetration tests for a variety of organizations in Japan and the United States. He is also certified as a QSA, ASV, PA-QSA, CISSP, CISA, GPEN, GWAPT and GCIH.

Eiichiro Yanagawa, Senior Analyst, Asian Financial Services Group, Celent, a division of Oliver

Mr. Yanagawa is a Senior Analyst in the Asian Financial Services group at Celent and is based in the firm’s Tokyo office. Mr. Yanagawa’s research focuses on IT strategy issues in the Japanese and Asian banking and financial industries. His recent research has included core banking systems, ATMs, anti-money laundering technology, electronic trading, document management, IT spending trends, and business process outsourcing. Mr. Yanagawa’s consulting experience includes development of bank IT strategies, thin client / desktop virtualization to support business continuity, evaluation of data centers for hosting core systems, and vendor selection of AML, risk management, and other technologies.

Prior to joining Celent, Mr. Yanagawa was the General Manager of the Financial Services Division at NEC Corporation of America in New York. In this role, he worked on the development of IT strategy and advised clients, mainly Japanese financial institutions, on outsourcing and selection of software packages.