Issa Bazsa-Ecker, PCI Compliance Manager, Philips International B.V.

Ms. Bazsa is responsible for applying PCI governance risk and compliance throughout Philips, globally. This includes the implementation and management of a GRC PCI module to manage and report on internal, as well as external service provider, compliance. Ms. Bazsa is a subject matter expert with over 20 years of experience in the areas of Risk Management, Supplier Management, Audit, and Information Technology. With both North American and International experience, she has a passion for achieving business goals while managing risks.


Gareth Bowker, Director of Training Programs, PCI Security Standards Council

Mr. Bowker joined PCI SSC in April 2012, bringing 15 years of experience from the information security field. He initially started as a software developer and soon specialized in secure web application development processes. This led to him joining a PCI ASV company in 2005 where he worked as a penetration tester and consultant, becoming a QSA in 2006, followed by a PA-QSA in 2008. Mr. Bowker has worked with many large financial institutions and merchants on projects around PCI DSS, risk management, data loss prevention as well as conducting forensic and breach investigations. Mr. Bowker is a CISSP and holds a B.Sc. degree.


Brian Byrne, Director of Operations, EMVCo

His responsibilities include managing day-to-day EMVCo business activity, liaising with other industry bodies and supporting the relationships with EMVCo Associates. Mr. Byrne is a payments veteran with over 20 years’ experience in a variety of roles. Before taking on his current position Mr. Byrne led the Product Acceptance function for Visa Inc. Prior to this, Mr. Byrne spent five years in the Visa Chip team where his remit included being Visa’s primary representative on the EMVCo Board of Managers. Brian helped steer EMVCo through a number of organisational changes including the addition of new equity members and the creation of the EMVCo Associates Programme. Mr. Byrne holds an MBA (Honours) from San Francisco State University and a Bachelor of Commerce from the University of Queensland.


Tim Cormier, Manager for Device Standards, PCI Security Standards Council

As a seasoned POS industry insider with over 30 years of experience, Mr. Cormier has worked with small, medium and large size clients across retail, banking, hospitality and transportation sectors. He oversaw multiple client engagement projects from the systems design concept to the complete rollout for all types of electronic payment solutions including Terminal Management Services, magnetic stripe, contactless, and mobile payment transactions. Prior to joining the PCI council, Mr. Cormier held a Director of POS Systems with Ingenico and other engineering positions with VeriFone and Hypercom where he developed high-speed payment solutions for retailers and the bank card industry clients. Mr. Cormier has earned multiple industry designations including Certified Information Security Professional (CISSP), Certified Wireless Network Administrator (CWSP). He is an U.S. AIR FORCE veteran.


Tim Critchley, CEO, Semafone

Mr. Critchley is an experienced director of technology start-ups in both product and service sectors. He spent six years with database marketing specialist Conduit Communications before co-founding Pogo Technology, an innovative start-up that launched one of the first web-browsing handheld devices in the UK through Carphone Warehouse. Prior to joining Semafone, he was COO at KnowledgePool Group, the UK’s leading provider of managed learning services, where he helped complete a successful turnaround in three years. Mr. Critchley graduated from the London School of Economics, and prior to joining Semafone he earned an MBA degree from Manchester Business School.


Brandy Cumberland, Director of Assessor Quality Management (AQM) Programs, PCI Security Standards Council

Ms. Cumberland joined the Council in July 2011 and is currently serving as the Director of AQM Programs for the PCI Security Standards Council. In that role, she leads the administration and ongoing operations of the quality management components to support the PCI SSC’s Programs, most notably the Qualified Security Assessor (QSA), Payment Application Qualified Security Assessor (PA-QSA), and Point-to-Point Encryption (PCI P2PE) Programs. Prior to her work with the AQM team, Ms. Cumberland has held positions in quality assurance in the payment security industry, public education, management and retail banking. Ms. Cumberland is a graduate of the University of Houston and holds the CISSP designation.


Lynda Daniluk, PCI Coordinator, City of Calgary

Ms. Daniluk is a long term employee with The City of Calgary and started by supporting mainframe applications. The City was starting to implement their corporate network and develop client/server applications in the 1990’s. She worked many years in web design, application development and decided to move to Information Security in the mid 2000’s. First heard about PCI at the Computer Security conference in 2007 and realized the impact it would have to The City of Calgary. In 2010 Ms. Daniluk was appointed as the Corporate Project Manager for PCI with a mission to have The City PCI Compliant by the end of 2010. This meant working with more than 22 business units on changing how credit cards were processed and acting as a liaison with the IT Project Manager and senior management to ensure the separate network was implemented and functional prior to the end of 2010. The City passed its’ first audit (Level One Merchant) and has passed each subsequent audit.


Richard Daw, CEO, Clone Systems

Mr. Daw has over 15 years of experience in strategic business development, with core expertise in data security services, retail, computer software and network solutions. He joined Clone Systems in 2008 as COO and became CEO at the end of 2014. Previously, he was Senior Vice President of Business Development for Planalytics, Inc., where he spent four years developing new and existing markets across North America in retail and manufacturing. Prior to 2003, he helped grow several technology businesses across the UK and Europe, including four years with Compass Software UK, which he eventually introduced to North America. Mr. Daw has initiated and developed relationships with some of the industry’s most respected vendors as well as with some of the largest retailers across North America.


Tom Evans, CSO, Cognia Cloud

Mr. Evans has been an information assurance consultant for 11 years. He has undertaken a wide range of projects, including technical engagements, business analysis tasks, interim information security management and compliance assessments. Mr. Evans holds a BSc degree in International Management and French, and he chose to specialize in programming and systems architecture. He is an ISO 27001 lead auditor and GIAC Certified Incident Handler (GCIH). Mr. Evans previously was a core investigator in the PCI Forensic Investigator (PFI) program, and a PCI DSS QSA.


Leon Fell, Director of Device Standards, PCI Security Standards Council

Mr. Fell is the chairperson of the Council’s PIN Transaction Security (PTS) Working Group. The PTS Working Group is responsible for the management of the security requirements, testing process and approvals for two types of devices – Point of Interaction (POI) and Hardware Security Modules (HSMs). In addition, the group is responsible for the management of PIN Security Requirements, which include processes implemented for the management of cryptographic keys and equipment in connection with the acquisition of PIN based transactions. Mr. Fell also chairs the Card Production Working Group which manages the physical and logical security requirements associated with the production of payment cards. Mr. Fell has over 20 years of information security experience in the payment and energy industries, as well as separate consulting engagements. He is a Certified Public Accountant, Certified Management Accountant, Certified Internal Auditor, Certified Information Systems Auditor and Certified Information Technology Professional.


Kelly Funk, President and CEO, Retail Solutions Providers Association (RPSA)
Ms. Funk is the President and CEO of RSPA, the only association dedicated to the retail technology industry. The RSPA is committed to the success of the Point of Sale ecosystem by providing knowledge and connections. Ms. Funk has extensive leadership and management experience, and has held previous positions with the Alzheimer’s Association, Genworth, and GE Financial. She also holds a Masters degree in Leadership from Georgetown University’s McDonough School of Business, where she is an adjunct faculty member. She also sits on the Board of Advisors of the PCI Security Council.


Dan Fritsche, Managing Director, Application Security, Coalfire
Mr. Fritsche is the Managing director for Application Security at Coalfire Labs, overseeing the Application Security practice and the Cloud and Virtualization practice. Mr. Fritsche has worked in information security for more than 16 years. His experience covers a broad spectrum of security disciplines including payment security, vulnerability scanning, application security, penetration testing, mobile security, software development, encryption, compliance, anti-virus, and IDS/IPS. He also has extensive knowledge of business intelligence applied to security and has designed web sites and security reporting interfaces. Mr. Fritsche works with a broad spectrum of clients across all industries, including many of the largest payment processors, to assist them in bringing their software and security solutions into compliance with various standards including PA-DSS and P2PE, HIPAA and more. He also advises in the latest emerging security technologies including virtualization, EMV, encryption, and tokenization to support client needs to understand their business risks and security status.


Howard Glavin, Senior Vice President, K3DES LLC

Mr. Glavin has over 45 years of security and protection experience. He has worked for the Federal Bureau of Investigation as a Special Agent. Mr. Galvin has also worked as CISO/Director of Security for CSX Technology, State of Georgia Health Care, SanDisk and Home Depot. He’s also been PCI Lead and Principal Consultant for Internet Security Systems (ISS) and IBM. Mr. Galvin currently works at K3DES LLC as a Senior Vice President.


Adriana Gliga-Belavic, Director, Cybersecurity and Privacy, PCI Practice Lead, PricewaterhouseCoopers

Ms. Gliga-Belavic is a Director in the PwC Risk Assurance Practice in Toronto and leads the Cyber Security & Privacy practice in the GTA and the PCI Practice in Canada. She has over fifteen years of consulting experience in the areas of Information security strategy, architecture design, Security & Privacy governance, security organizational and process design, Payment Card Industry (PCI), large project and program management. In the last couple of years her focus has been on leading large data protection engagements that address security and privacy regulations through assessment, remediation and operationalization of compliance.


John N. Harmon, Director of PCI and EI3PA, Sword & Shield Enterprises Security

Mr. Harmon has more than 15 years’ experience within the information technology security field working with many large and mid-sized organizations to provide relevant and accurate guidance to improve their security posture. Mr. Harmon is currently the Director of PCI and EI3PA service for Sword & Shield Enterprises Security and a practicing QSA supporting level 1 and level 2 organizations as well as his staff of QSAs. Mr. Harmon has gained much of his security experience while working for a large restaurant organization as their internal security assessor (ISA) before he moved into a position with his current company. He has rounded out his experience with Master’s degrees in Information Technology Management and Business Administration. Mr. Harmon also holds several industry certifications, including CISSP, CISA, ITIL, QSA, PMP, and PCIP. This is the second special interest group Mr. Harmon has participated in for the PCI SSC, (Risk assessment and Effective Daily Log monitoring). He understands the importance of participation in the PCI community and works to enhance the community by sharing knowledge learned through years of experience.


Tim Horton, Vice President Security and Fraud Solutions, First Data Corporation

Mr. Horton oversees their Security and Compliance Products and Services. This team represents the integrated technologies that provide merchants globally a multi-level defense to manage cyber security threats. In this leadership role, Horton is responsible for managing First Data’s Cyber Security and Compliance development initiatives for SMB and National Merchants to equip them with the right tools to protect their sensitive data and maintain PCI DSS Compliance. In addition, Horton represents First Data on the PCI DSS Board of Advisors. Mr. Horton joined First Data in 1995, and has since held a variety of leadership roles of increasing responsibility. Prior to his current position, he served in Corporate Strategy working on large company initiatives with third-parties. He has served as Vice President of Product Development and Director of Strategy and Market Development. Mr. Horton holds a master’s degree in business administration from the University of Nebraska at Omaha.


Stacy Hughes, VP, IT Governance, Risk and Compliance, Global Payments

Ms. Hughes — CPA, CITP, CRISC, CGMA, PCI ISA, PCIP, C|CISO, CISM — serves as Vice President — IT Governance, Risk and Compliance for Global Payments Inc. (NYSE:GPN), one of the largest worldwide providers of payment solutions. Global Payments is a Fortune 1000 company with more than 4,300 employees, operating in 29 countries. In this role, Ms. Hughes has worldwide responsibility for the Information Technology and Security Policy Program, compliance functions (PCI-DSS, SSAE 16 and Sarbanes-Oxley Act (SOX)), and customer security assurance functions at Global Payments. Prior to joining Global Payments in June 2003, Ms. Hughes worked in the Corporate Audit department at First Data.


Laura K. Johnson, Director of Communications, PCI Security Standards Council

As Director of Communications, Ms. Johnson develops and executes integrated communications strategies that inform, educate and help PCI Security Standards Council stakeholders take advantage of PCI SSC programs, resources, research and initiatives. Her background includes more than 12 years of global communications and public relations client-side and agency experience in information technology, research, and public policy. Johnson is a graduate of Gordon College and the Institute on Political Journalism.


Hoyt L Kesterson II, Senior Security Architect, Terra Verde

Mr. Kesterson II is a Senior Security Architect with Terra Verde. He has more than 45 years of experience in information security and related technologies. For 21 years he chaired the international standards group that created the X.509 digital signature certificate standard. He has been a PCI Qualified Security Assessor for four years. He is a founder and co-chair of the ABA’s eDiscovery and Digital Evidence Committee. He is a testifying expert, a CISSP, and a frequent and top-rated speaker at the RSA Conference.

Jeremy King

Jeremy King, International Director, PCI Security Standards Council

Mr. King leads the Council’s efforts in increasing adoption and awareness of the PCI security standards internationally. In this role, Mr. King works closely with the Council’s General Manager and representatives of its policy-setting executive committee from American Express, Discover, JCB International, MasterCard, and Visa, Inc. His chief responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SSC managed standards through all international markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences, and meetings with key stakeholders. He also serves as a resource for Approved Scanning Vendors (ASVs), Qualified Security Assessors (QSAs), Internal Security Assessors (ISAs), PCI Forensic Investigators (PFIs), and related staff in supporting regional training, certification, and testing programs.

Brian Krebs

Brian Krebs, Author, Krebsonsecurity.com

Mr. Krebs is the author of KrebsonSecurity.com, a daily news site dedicated to in-depth cyber security news and investigation, with a special focus on cybercrime. He is also the author of a book to be published by Sourcebooks in November 2014, called Spam Nation. Each year from 2011 to 2013, KrebsonSecurity.com was voted the Blog That Best Represents the Security Industry by judges at the 2013 RSA Conference, the world’s largest computer security gathering. KrebsOnSecurity also won the “Most Educational Security Blog” award for the past two years, and in 2013 Krebs was presented with the “Security Bloggers Hall of Fame Award.” From 1995 to 2009, Mr. Krebs was a reporter for The Washington Post, where he covered internet security, technology policy, cybercrime and privacy issues for the newspaper and the website. A frequent interviewee and public speaker, Krebs’s stories and investigations have also have appeared in Popular Mechanics, Wired.com and dozens of other publications. Mr. Krebs is a 1994 graduate of George Mason University, where he earned a Bachelor of Arts in International Relations.


Mauro Lance, Chief Operating Officer, PCI Security Standards Council

Mr. Lance is the Chief Operating Officer for the PCI Security Standards Council. In this role, Mr. Lance is responsible for the day to day operations, business strategy, investments and growth of the Council. He leads the creation and implementation of programs and world-class processes for certification, assessor quality management and training, critical to the Council’s mission of increasing payment card security globally through adoption of the PCI Security Standards. Most recently, Mr. Lance held leadership positions at the MIT Media Lab and the World Wide Web Consortium, and was a founding director of the Web Foundation. He is a Fulbright Scholar and holds a Master’s degree in Business Administration from Suffolk University, and a Bachelor’s degree in Business Administration from the Pontificia Universidad Católica de Valparaiso. Mr. Lance has lived and worked in Chile, China, France, and the United States.


Troy Leach, Chief Technology Officer, PCI Security Standards Council

In his role, Mr. Leach with Council representatives, Participating Organizations and industry leaders to develop comprehensive standards and strategies to secure payment card data and the supporting infrastructure. He is a congressional subject matter expert on payment security and the current chairman of the Council’s Standards Committee. Prior to joining the PCI Council, Mr. Leach has held various positions in IT management, software development, systems administration, network engineering, security assessment, forensic analytics and incident response for data compromise. Mr. Leach holds a Master of Science in Telecommunications & Network Management as well as a graduate degree in Information Security Management from Syracuse University. Mr. Leach holds CISSP, CISA certifications.


Shawn Lukaschuk, Security & Compliance Specialist, IPS

Mr. Lukaschuk has been a practicing PCI QSA since 2007, helping organizations understand and satisfy their PCI compliance requirements. In his role at IPS, a Canadian information security services company, Mr. Lukaschuk combines his PCI expertise with over 20 years of experience in IT security to provide clients with knowledgeable advice and recommendations for improving their processes, policies and security postures. Based in Winnipeg, Manitoba, he prides himself in his pragmatic approach to compliance. His location “advantage” has given him the chance to work with service providers, merchants, acquirers and issuers from Victoria to St. John. Mr. Lukaschuk’s passion for PCI extends beyond just the workday. He is a regular speaker at IT security seminars and conferences and he also runs a blog, thePCIportal.com.


Robert MacKinnon, PCI Compliance Manager, TD Merchant Services

Mr. MacKinnon is the PCI Compliance Manager for Toronto Dominion Merchant Services (TDMS) . Robert is the central authority for ensuring continuous sustainable PCI compliance for TDMS payment processing services as well as ensuring that merchants and other clients of TDMS maintain and report their PCI compliance status to the Card Brands. Prior to joining TD, Robert was a founding team member of the Governance, Risk and Compliance (GRC) practice within TELUS Security Solutions, a large Canadian security consulting practice. As a GRC Practice Lead, Mr. MacKinnon managed a team of senior security specialists delivering consulting engagements to large enterprises and agencies. He has accumulated over 25 years of experience working with Fortune 500 companies in the public sector, financial, retail, educational, and health verticals across Canada and in Europe in the areas of Information Security.


Jake Marcinko, Standards Manager, PCI Security Standards Council

In his role at PCI SSC, he is responsible for the ongoing development of the security standards including the Payment Card Industry Data Security Standard (PCI DSS), the Payment Application Security Standard (PA-DSS) and the Point-to-Point Encryption Standard (P2PE). In addition, Mr. Marcinko works closely with the payment brands, affiliate members, Task Forces and Special Interest Groups (SIGs) to develop new and emerging standards and guidance documents, information supplements, and self-assessment questionnaires. Prior to joining the Council in 2013, Mr. Marcinko held various leadership positions in IT and Information Security management for the software industry, and has over 15 years of experience leading large, multi-million dollar design projects in areas such as virtualization, mobile computing, electronic payments, tokenization and compliance. Mr. Marcinko is also a frequent speaker and contributor on general Information Security and Privacy matters.


Kevin McCauley, Director of Retail Market Development, AirTight Networks

Mr. McCauley is director of retail market development at AirTight. Prior to joining AirTight, he had a 23-year career at Yum! Brands, the world’s largest fast-food restaurant company, licensing and operating well-known brands such as KFC, Taco Bell, and Pizza Hut. As manager of IT infrastructure for restaurant engineering and data center services and facilities, Mr. McCauley was responsible for more than 17,000 domestic store locations. He led their Future Store Network Architecture and Platform initiative for eliminating network outages, automating PCI compliance scanning, increasing security, and adding new capabilities, such as guest Wi-Fi services.


Ruston Miles, Chief Innovation Officer, SVP, Bluefin

Mr. Miles brings 20 years of payment security experience to his role of Chief Innovation Officer where he serves as Bluefin’s security thought leader and technology evangelist. Mr. Miles founded Bluefin in 2002 and speaks at conferences and industry events on payment security throughout the year. Bluefin was the first company to become PCI-validated as a P2PE Solution in North America in March, 2014. Ruston is a PCI Professional (PCIP), Certified Payment Professional (CPP), Certified Internet Business Strategist (CIBS), and leads Bluefin’s activity with the PCI Security Standards Council (SSC) Participating Organization (PO) program.


Ashok Misra, Founder, Alina Consultants

Mr. Misra is the founder of Alina Consultants, Inc., a hands-on firm that advises and builds solutions for e-commerce merchants. Alina Consultants is experienced in the fields of compliance, security, payment roadmaps, cryptocurrencies and blockchain technologies. Previously, Mr. Misra constructed e-commerce systems from the ground up for companies such as Amazon.com, Real Networks and Second Life (Linden Labs). Mr. Misra is also deeply interested in the new frontiers of cryptocurrencies and their role as a payment vehicle for e-commerce.


Eric Naiburg, Director of Marketing, INetU

A software development industry veteran with more than 20 years of experience, Mr. Naiburg, Director of Marketing at INetU, is also co-author of UML for Database Design and UML for Mere Mortals, both published by Addison Wesley. Prior to joining INetU, Mr. Naiburg was program director in the IBM Rational brand, responsible for all application lifecycle management (ALM) marketing. He also previously served as program director for Information Governance Solutions Marketing and Strategy for the company. He rejoined IBM in 2008, after having previously held several roles within the Rational Software group, including solutions program director, director of product marketing and product manager. Prior to rejoining IBM, he held leadership positions at Ivar Jacobson Consulting and CAST Software. He also spent several years with Logic Works Inc. (acquired by Platinum Technologies and CA) as product manager for ERwin.

John Nance

John Nance, Aviation Expert, Analyst, Author & Consultant

One of the key thought leaders to emerge in American Healthcare in the past decade, Dr. Nance brings a rich and varied professional background to the task of helping doctors, administrators, boards, and front-line staff alike survive and prosper during the most profoundly challenging upheaval in the history of modern medicine. Having helped pioneer the Renaissance in patient safety as one of the founders of the National Patient Safety Foundation in 1997, his efforts (and healthcare publications) are dedicated to reforming American Healthcare from a reactive cottage industry to an effective and safe system of prevention and wellness. A lawyer, Air Force and airline pilot, prolific internationally-published author, national broadcaster, and renown professional speaker, John’s leadership is propelled by a deep commitment.


As a native Texan, Dr. Nance grew up in Dallas where he earned his Bachelor’s Degree and a Juris Doctor Degree from SMU, and is still a licensed Texas attorney. Named Distinguished Alumni of SMU for 2002, and distinguish Alumni for Public Service of the SMU Dedman School of Law in 2010, he is also a decorated Air Force pilot veteran of Vietnam and Operations Desert Storm/Desert Shield and a Lt. Colonel in the USAF Reserve, well known for his pioneering development of Air Force human factors flight safety education, and one of the civilian pioneers of Crew Resource Management (CRM). Dr. Nance has piloted a wide variety of jet aircraft, including most of Boeing’s line and the Air Force C-141, and has logged over 13,900 hours of flight time since earning his first pilot license in 1965, and is still a current pilot. He was a flight officer for Braniff International Airlines and a Boeing 737 Captain for Alaska Airlines, and is an internationally recognized air safety advocate, best known to North American television audiences as Aviation Analyst for ABC World News and Aviation Editor for Good Morning America.


Before joining ABC, Dr. Nance logged countless appearances on national shows such as Larry King Live, PBS Hour with Jim Lehrer, Oprah, NPR, Nova, the Today Show, and many others. He is also the nationally-known author of 20 major books, including the acclaimed WHY HOSPITALS SHOULD FLY (2009), and, with co-author Kathleen Bartholomew, CHARTING THE COURSE (2012), plus five non-fiction: (Splash of Colors, Blind Trust, On Shaky Ground, What Goes Up and Golden Boy) and 13 international fiction bestsellers: Final Approach, Scorpion Strike; Phoenix Rising); Pandora’s Clock; Medusa’s Child; The Last Hostage; Blackout; Fire Flight; Saving Cascadia; and Orbit. Pandora’s Clock and Medusa’s Child both aired as major, successful two-part mini-series on television. (WHY HOSPITALS SHOULD FLY won the prestigious “Book of the Year” award for 2009 from the American College of Healthcare Executives).


Dr. Nance has become one of America’s most dynamic and effective professional speakers, presenting riveting, pivotal programs on success and safety in human organizations to a wide variety of audiences, including business corporations and healthcare professionals. Together with fellow author Kathleen Bartholomew (Charting the Course and Ending Nurse-to-Nurse Hostility – Why Nurses Eat their Young and Each Other), the two of them are highly sought after for their watershed presentations to boards, senior leaders, physicians, nurses, and staff on Quality and Patient Safety. He is a pioneering and well-known advocate of using the lessons from the recent revolution in aviation safety to equally revolutionize the patient safety performance of hospitals, doctors, nurses, and all of healthcare.


Stephen W. Orfei, General Manager, PCI Security Standards Council

As General Manager Mr. Orfei leads the Council in its mission to increase payment data security globally through development and delivery of Standards, Best Practices, Market Guidance, Alerts, vetted solutions and training services for merchants, QSAs, banks, and key stakeholders across the global payment eco-system. Orfei is a recognized industry expert in global payment platforms, e-commerce, mobile payments, transit and cybersecurity. As a former Product Officer, with frontline experience defending High-Value Targets from cyber-attack, Mr. Orfei understands the perspectives of PCI SSC stakeholders across the payment industry. He brings to his role as General Manager more than 20 years of experience developing and delivering complex global payment solutions.

A holder of several payments industry patents and awards, Orfei’s career includes senior posts at MCI International, a global telecommunications corporation, where he served for 13 years as Director of International Marketing. Mr. Orfei also served for 14 years as Senior Vice President, Emerging Payment Platforms, at MasterCard Worldwide, a global payments & technology company. In addition, he has worked as a cyber security consultant with security assessment organizations. Prior to his corporate experience, Mr. Orfei served in the United States Marine Corps. Orfei joined the Council in July 2014


Bruce Rutherford, Group Head, Fraud Management Solutions, MasterCard; 2015 Chairman of the PCI Security Standards Council

Mr. Rutherford is responsible for the product management, development, sales, and implementation of MasterCard fraud management solutions, the evolution and deployment of industry standards including the PCI Standards and MasterCard SecureCode, product management and related operations for Holograms, fraud reporting and associated data analytics, and for risk/fraud training through the Academy of Risk Management. In addition, Mr. Rutherford also represents MasterCard on the executive committee of the PCI Security Standards Council, an industry-standards organization that was formed in September, 2006. He is also a member of the board of directors of Brighterion, Inc., a San Francisco-based artificial intelligence technology software firm whose products are integrated with MasterCard risk product offerings.


Ralph Spencer Poore, Director of Emerging Standards, PCI Security Standards Council

Mr. Poore has over 35 years of information security experience, including more than 20 years of applied cryptography. He has written extensively on information security and cryptography. His work is cited in academic papers, national standards, professional journals, and books. He came to PCI SSC from a small business that was a QSAC, where he was a QSA. In various capacities, he has designed and led teams of developers in cryptographic system projects, resulting in patents of systems based on cryptography. Mr. Poore also supported classified government projects and has assisted in the development of cryptanalytic tools. He has extensive experience in financial services industry and in the development of national and international standards. He is an ISSA Distinguish Fellow and has received numerous awards for his professional work. Mr. Poore holds the following certifications: PCIP, CFE, CISA, CISSP, CHS-III.


Jeffrey Sanchez, Managing Director, Protiviti

Mr. Sanchez is a Managing Director in Protiviti’s Los Angeles office. He joined Protiviti in 2002 after spending 10 years with Arthur Andersen’s Technology Risk Consulting practice. Mr. Sanchez leads Protiviti’s global Payment Card Industry (PCI) Data Security Standard and Payment Application (PA) services. He has participated in technical consulting and audit projects across many industries, including hospitality, financial services, and retail. For the last eight years Mr. Sanchez has concentrated on the design and implementation of security and privacy solutions. He is a CIA, CISM, CISA, PA-QSA, CIPP/US, CIPT, and PMP.


Penelope Santana, Cybersecurity Consulting Manager, STIGroup, Ltd.

Ms. Santana manages the Cybersecurity Consulting team at STIGroup, an information security consulting firm. In this capacity, Ms. Santana has structured, developed, and lead the PCI-DSS consulting practice for the organization for the past 6 years. During this time, she successfully led the PCI-DSS compliance initiatives for significant organizations under challenging conditions, including mass transit agencies, retail organizations, and multi-tier fundraising entities. She has also played key roles in several high-profile breach investigation and remediation efforts, including those involving indirect compromise as a consequence of inadequate security controls on the part of trusted 3rd party service providers. Prior to her role at STIGroup, Ms. Santana ran the IT organization at a high-profile office management company for seven years.


Kevin Simmonds, Director, PricewaterhouseCoopers

Mr. Simmonds is a Director in PwC’s IT Cybersecurity & Privacy practice based in Atlanta, Georgia. He has over 11 years of experience assisting companies with developing information security programs that are aligned with the business, developing a sustainable PCI security program, performing technical network and application assessments (e.g., penetration testing) and responding to cyber-attacks/breaches. Mr. Simmonds has been an advisor for numerous clients in the financial services, retail & consumer (R&C), healthcare and technology industries, providing strategic guidance to solve complex business and technology issues.


Thomas Siry, CISSP, CRISC, QSA, Security & Compliance Specialist, IPS

Mr. Siry is a PCI compliance thought leader, practicing as a QSA at IPS, a Canadian information security services company. Combining a mix of technical knowledge and business sense, he has a proven track record of helping clients achieve compliance and sustain it. Some of his success stories include The City of Calgary and numerous other municipalities. Having a “big picture” view of compliance, he understands the broad challenges businesses face and has created four spiritual PCI requirements that complement the PCI DSS. Most importantly, he prides himself on growing his clients’ internal capabilities to handle any compliance curve balls that may be thrown in the future. The only thing constant in life is change.


Christopher Strand, Senior Director of Compliance and Government, Bit9 + Carbon Black

Mr. Strand is the Senior Director of Compliance and Governance at Bit9. With over 20 years of information technology experience, Strand is Bit9’s subject matter expert on enterprise network and application security solutions and how organizations can deploy positive security to maintain and improve their compliance posture. Previously, Strand held security/compliance positions at Trustwave, Tripwire, EMC/RSA and Compuware. He holds a Bachelor of Arts degree in Environmental Engineering from the University of Guelph in Ontario, Canada. In addition, Mr. Strand is a PCI Professional (PCIP) and a former Quality Security Assessor (QSA). Mr. Strand often speaks on security and compliance issues on webinars and is a keynote speaker at many industry conferences and seminars.


Emma Sutcliffe, Director, Data Security Standards, PCI Security Standards Council

As Director of Data Security Standards, Ms. Sutcliffe oversees a number of PCI security standards, including the PCI DSS and PA-DSS. Ms. Sutcliffe chairs PCI SSC’s Technical Working Group (TWG) and the Tokenization Working Group, where she works closely with the Payment Brands and Affiliate members to develop standards, supporting documentation, and guidance papers. Ms. Sutcliffe has over 15 years’ information security experience and is a current CISSP, CISM, and CISA.


Elizabeth Terry, Advanced Research Manager, PCI Security Standards Council

Ms. Terry is responsible for project management for all standards and the development of data security standards and collateral. She works on the Project Management Office team representing the standards group. Ms. Terry also works with Special Interest Groups as the Chair developing additional guidance for the community.


Michael Thompson, Standards Manager, PCI Security Standards Council

Mr. Thompson is a Standards Manager, where his role includes technical contributions to PCI standards and related efforts. Mr. Thompson’s role also currently involves chairing the PCI SSC Shared Responsibility special interest group. Prior to joining the Council, Mr. Thompson has spent the last 10 years involved in security-sensitive and safety-critical engineering roles. Mr. Thompson holds the CISSP, ISSAP, and ISSMP designations, as well as being listed on 4 U.S. patents from previous collaborations.


John Thomson, Director, Compliance and Regulations, Interac Association

Mr. Thomson is the Director, Compliance and Regulations with Interac Association. In this role John is responsible for the execution and evaluation of a full range of strategies programs and compliance practices. Mr. Thomson has spent over 40 years in the financial services and payment card industry in Canada during which time has had the pleasure developing and implementing a number of payment card processes and policies in the area of fraud detection and financial information systems. He has spent the last 15 years with the Association and over the last few years a significant part of his time has been devoted to supporting the implementation of the very successful

Ciske van Oosten

Ciske van Oosten, Global Intelligence Manager, Verizon PCI Security Practice

An experienced security professional, Mr. van Oosten is dedicated to advancing the effective protection of sensitive data within the payment card industry. During his 22 year business career, he has held executive management positions in large and medium-sized organizations – including Chief Operations Officer, Chief Security Officer, and Professional Services Director. His introduction to payment card security started as a law enforcement officer investigating organized crime and payment card fraud in the mid 1990’s. From 2001 to 2004 (prior to the formation of the PCI Security Standards Council) he assisted several major card brands with the development of their cardholder data compliance programs, and established and directed the first independent Qualified Security Assessor (QSA) company, conducting compliance validation assessments worldwide. He has since served as practice leader at several leading QSA organizations, and during this time, delivered or directed more than two thousand five hundred PCI Security compliance projects for service providers and merchants across diverse range of industries.


William Worthington, VP-IT Security, Caesars Corporation

Mr. Worthington is the VP-IT Security for Caesars Corporation. He has over nine years of experience in the casino industry and he joined Caesars in 2012. For the last six years Mr. Worthington has focused on IT security best practices around Sarbanes-Oxley Act (SOX), State Gaming standards (ITMICS), PCI and general IT Security Standards. Mr. Worthington leads a security team that supports all of the Caesars properties across North America and internationally. His team participates in both security and business projects to ensure that security risks are evaluated and the proper security controls are implemented, either through technology or policy/procedure.


Gill Woodcock, Director of Certification Programs, PCI Security Standards Council

Her role encompasses operational management of the Council’s existing programs (including QSA, PA-QSA, ISA, ASV, PFI, PCIP and QIR) as well as developing new certifications programs. Ms. Woodcock works closely with the Standards Development, Training and Assessor Quality Management teams within the Council. Ms. Woodcock has been with PCI SSC since February 2010 and has over 20 years of experience in payment cards and information security.