The Cloud
Moderator: John Gamble, AIG
John Gamble is Head of Professional Liability for Financial Lines and the Lexington Financial Lines Executive for the U.S. and Canada Region for AIG. Mr. Gambale’s responsibilities include managing the Specialty Professional Liability businesses, which includes Miscellaneous Professional Liability, Media Liability, Accountants and Lawyers Malpractice, Architects and Engineers Liability, and the Network Security and Privacy portfolios underwritten through Executive Liability and Lexington Professional Liability. In 2009, Mr. Gambale was named Head of the Private/Non-Profit Management Liability Division focusing on Directors & Officers, Employment Practices and Fiduciary Liability exposures for Private and Non-Profit organizations. Mr. Gambale has held several roles of increasing responsibilities within Financial Lines including maintaining a focus on organizing and strengthening private equity programs and held the position of New York Regional Executive. Mr. Gambale joined Executive Liability’s National and Commercial Divisions in 1999 underwriting both public and private Management Liability Products. Prior to his experience at Chartis, Mr. Gambale spent two years with Swiss Re, graduated from the University of Vermont with a BS in Resources Economics and earned an MBA from the Lubin School of Business at Pace University.

Micheal Ernesto, Verizon
Michael Ernesto is a lead in Verizon’s Tier II Sales Engineering Team supporting the US Northeast Region and Europe with a focus in Health Care and Financial Services. He brings over 20 years’ experience as enterprise solution architect with strong business acumen and enterprise sales experience. He has a demonstrated history designing and implementing cloud, hosting and security solutions for global Fortune 1000 clients migrating from traditional IT sourcing models. In addition to technical capabilities, Mr. Ernesto brings a deep understanding of the unique performance, certification and price-point demands of specific industry verticals including Financial, Health Services/Pharma, High-tech, Manufacturing and Public Sector. Mr. Ernesto holds a Bachelors of Science in Telecommunications Management from Golden Gate University, San Francisco, CA; Masters of Science in Telecommunication Management from the University of Maryland, College Park and a Masters in Information Systems from George Mason University, Fairfax, VA.

Nick Economidis, Beazley USA
Nick Economidis is a professional liability underwriter for Beazley USA. Prior to joining Beazley, Mr. Economidis was the Vice President and Product Manager for Media, Technology and Network Security with AIG Executive Liability. He has over 20 years of underwriting experience, covering everything from workers compensation to professional liability. For the past 10 years, Mr. Economidis has specialized in underwriting risk for the technology industries and technology related risk issues. Mr. Economidis is frequently asked to speak at various industry forums regarding underwriting issues. In June 2010, Mr. Economidis was the co-chair of the NetDiligence Cyber Risk & Privacy Liability Forum held in Philadelphia. In September 2010, Mr. Economidis returned for a third consecutive year to co-chair the American Conference Institute Cyber & Data Risk Insurance Conference in New York, NY. Mr. Economidis has an Associate in Risk Management designation from the Insurance Institute of America, a B.S. (Marketing) from Rutgers University, and an MBA degree from Villanova University.

Tom Kellermann, Trend Micro
Tom Kellermann is the Vice President of Cyber Security for Trend Micro. Within this role Mr. Kellermann is a trusted advisor for Cybersecurity. Mr. Kellermann is responsible for analysis of emerging cybersecurity threats and relevant defensive technologies, strategic partnerships and government affairs. Mr. Kellermann served as a Commissioner on The Commission on Cyber Security for the 44th Presidency and serves on the board of the National Cyber Security Alliance http://staysafeonline.org/ , The International Cyber Security Protection Alliance (ICSPA), the National Board of Information Security Examiners Panel for Penetration Testing, and the Information Technology Sector Coordinating Council. Mr. Kellermann is a Professor at American University's School of International Service and is a Certified Information Security Manager (CISM).

Dave Navetta, Information Law Group
Dave Navetta is one of the Founding Partners of the Information Law Group. Mr. Navetta has practiced law for over twelve years, including technology, privacy, information security and intellectual property law. He is also a Certified Information Privacy Professional through the International Association of Privacy Professionals. Prior to co-founding the Information Law Group, Mr. Navetta established InfoSecCompliance LLC (“ISC”), a law firm focusing on information technology-related law. ISC successfully served a wide assortment of U.S. and foreign clients from Fortune 500 companies to small start-ups and service providers. Mr. Navetta previously worked for over three years in New York as assistant general counsel for AIG’s eBusiness Risk Solutions Group. While there Mr. Navetta analyzed and forecast information security, privacy and technology risks, drafted policies to cover such risks, and worked on sophisticated technology transfer transactions. Mr. Navetta engaged in commercial litigation for several years prior to going in-house, including working at the Chicago office of Sedgwick, Detert, Moran and Arnold, a large international law firm. Mr. Navetta currently serves as a Co-Chair of the American Bar Association’s Information Security Committee, and is also Co-Chair of the PCI Legal Risk and Liability Working Group. He has spoken and written frequently concerning technology, privacy and data security legal issues. Mr. Navetta has worked on transactions and licensing, privacy and security compliance issues, litigation, and breach notice and incident response.

John O'Donnell, Marsh FINPRO U.S.
John O'Donnell is a placement and advisory specialist with Marsh's National Technology, Network Risk and Telecommunications Team within their FINPRO practice. His current responsibilities include advising clients on issues related to professional liability, media, technology, privacy, and cyber-related risks. Mr. O'Donnell negotitates coverage with insurance carriers and conducts detailed coverage analysis for clients across all industries, giving him a broad view of the insurance being offered in today's marketplace. Prior to joining Marsh, Mr. O'Donnell was with Willis Group Holdings, where he worked as a client manager in network security and privacy, media, and technology. He earned an M.A. and a B.A. from Fordham University.

Forensic Investigations
Moderator: Neeraj Sahni, Kroll Advisory Services
Neeraj Sahni is a director in the Information Assurance practice of Kroll Advisory Solutions, bringing with him an extensive 15-year background in cyber insurance, privacy compliance and risk management. As a member of the Kroll team, Mr. Sahni focuses on the unique needs of clients within the insurance industry, with focus on Security/Privacy liability and first party risk associated with a data breach. Mr. Sahni maintains a strong knowledge of federal and state regulation and notification laws for data breach as well as recent developments in the realm of data security and privacy. He presents on data privacy/security issues to insurers, brokers and risk managers and has spoken at a wide range of events and conferences, including NetDiligence, Advisen, ACI and PLUS. Prior to joining Kroll, Mr. Sahni worked at insurance companies in many different roles, including director of security liability, IT audit manager, and senior security consultant. In these roles, he gained extensive experience in security and privacy risk matters including: incident response, forensics investigation, breach notification, and credit monitoring. With his proven experience in all aspects of strategic planning and implementation, Mr. Sahni provides a comprehensive knowledge base for Kroll clients. Mr. Sahni holds a Bachelors degree in Civil Engineering and Masters in Business Administration from Loyola University Chicago.

Angie Singer Keating, Reclamere, Inc.
Angie Singer Keating is CEO of Reclamere, Inc. One of the co-founders of Reclamere, she was the chief architect of the proprietary data destruction system used by Reclamere which includes the only forensically sound quality control process for 100% of all hard drives. Reclamere’s data recovery and forensic labs were designed by Ms. Keating for maximum security and outfitted with state-of-the-industry tools. She is actively involved with NAID, the National Association for Information Destruction, serving on the Board of Directors, the Certification Rules Committee Chairperson, and co-Chairperson of the Solid-State Destruction Research Task Force. Ms. Keating proudly serves as Adjunct Faculty for the Pennsylvania Bar Institute. She has taught dozens of hours of Continuing Legal Education (CLE) courses in Forensics, E-Discovery, and Information Security.

Christopher Novak, Verizon
Christopher Novak is an internationally recognized expert in the field of Investigative Response and Computer Forensics. He has been involved with information security for over 10 years. He has assisted corporations, government agencies, and attorneys with all matters involving IT security compliance, litigation support, computer forensics, fraud investigations, and computer security incident response matters. Mr. Novak is a co-founder of the Verizon Business Investigative Response Unit and an active senior investigator. He has led dozens of tactical response cases over the past 18 months and continues to respond to high-profile cases on a global basis. He works closely with local, state and federal law enforcement agencies as well as joint investigative operations coordinated with foreign law enforcement.

As both a manager and a technical forensic investigator, Mr. Novak provides regular advice and guidance to medium and large size organizations on a global basis. He maintains extensive experience on the latest and greatest commercial forensic hardware and software as well as working internally to develop proprietary and situation-specific tools and methods. Mr. Novak is an active public speaker and can be commonly heard at IAFCI, RSA, ISSA, ISACA, Gartner, InfraGard and other popular IT security events around the world discussing various topics ranging from high-level best practices to in-depth and technical training. He has also written numerous articles for various IT Security journals, trade magazines and blogs. Most recently he co-authored the 2008, 2009 & 2010 Data Breach Investigations Reports and is a member of multiple industry trade groups such as IAFCI and ICST among others. Mr. Novak holds a Bachelor of Science Degree in Computer Engineering from Rensselaer Polytechnic Institute. He also acts as an Adjunct Professor and guest lecturer within various universities within the SUNY system.

Timothy P. Ryan, Kroll Advisory Services
Timothy P. Ryan is a Managing Director with Kroll Advisory Solutions Cyber Investigations practice based in New York. He joined Kroll after a distinguished career as a Supervisory Special Agent with the Federal Bureau of Investigation (FBI), where he supervised the largest Cyber Squad in the United States. An expert in responding to all forms of computer crime, attacks, and abuse, he has led complex cyber investigations involving corporate espionage, advanced computer intrusions, denial of service, insider attacks, malware outbreaks, Internet fraud and theft of trade secrets. From 2009 through 2010, he served as Acting Director of the FBI’s New Jersey Regional Computer Forensic Lab, one of the nation’s largest, state-of-the-art digital forensic laboratories. He also conducted computer forensic examinations as a member of the FBI’s elite Computer Analysis and Response Team. Mr. Ryan has provided cyber expertise to state and local law enforcement on investigations of crimes including homicides, stalking, missing children, cyber-bullying and internal affairs. A certified FBI instructor, he developed cyber-based curriculum and trained hundreds of law enforcement and private professionals in evidence acquisition, security policy and implementation, breach response and mitigation, hacker methodology and employee internet safety. He is an adjunct professor at Seton Hall University School of Law where he teaches cyber crime and cyber security to law students, prosecutors, defense attorneys and homeland security professionals. He has been interviewed and quoted by numerous media outlets such as The Wall Street Journal and USA Today.

Steve Visser, Navigant
Steve Visser is a Managing Director in the Disputes and Investigations practice of Navigant. He is an expert in data management, data analysis, database forensics and data mining with 16 years of experience applying this expertise in a wide variety of investigations and litigation matters. He co-leads Navigant’s data security incident investigation and response service line and has directed numerous data security incident/breach investigation and response projects. Navigant provides services that include computer forensics, database forensics, technical risk of harm assessment and data mining to identify impacted individuals. The types of incidents that he and his team have assisted clients with include lost/stolen computing devices, hacking, inappropriate employee access to company systems, malware, network intrusions and inadvertent exposure of servers to the internet. These incidents have ranged from an impact of hundreds of individuals to multiple millions of individuals. Mr. Visser’s experience spans a wide variety of industries, including healthcare, financial services, utilities, telecommunications, higher education and hospitality. Mr. Visser and his team take great care to assess how incidents occurred from a technical perspective, determine if sensitive data was accessed and if needed identify the impacted individuals for notification. In addition, he has served as an expert witness related to data management and analysis issues in numerous litigation matters.

Technology to Mitigate Risk
Moderator: Jake Kouns, Markel Corporation
Jake Kouns is the Director of Cyber Security and Technology Risks Underwriting for Markel Corporation. In this unique role, Mr. Kouns is responsible for strategy and oversight of the Enterprise Information Security Program as well as the management of Cyber Liability insurance products. In his role as product line leader, he has broad responsible for all aspects of the products including the development of underwriting guidelines, pricing, risk analysis, claims oversight, training & marketing initiatives as well as risk management services for policy holders. In addition, Jake is the founder of the Open Security Foundation, a non-profit organization that oversees the operations of DataLossDB.org which tracks data breaches worldwide. Mr. Kouns has presented at many well-known security conferences including RSA, DEF CON, CanSecWest, SOURCE and SyScan. He is the co-author of the book Security in an IPv6 Environment, Francis and Taylor, 2009, Information Technology Risk Management in Enterprise Environments, Wiley, 2010 and The Chief Information Security Officer, IT Governance, 2011. He holds a Bachelor of Business Administration and a Master of Business Administration with a concentration in Information Security from James Madison University. In addition, he holds a number of certifications including ISC2's CISSP, and ISACA's CISM, CISA and CGEIT.

Marshall Heilman, MANDIANT
Marshall Heilman is a Director in MANDIANT’s Washington, D.C. office and is responsible for leading some of MANDIANT’s most challenging incident response engagements. He has over 12 years of experience in computer security. Over the past year, Mr. Heilman has performed investigations involving financial crime, online gaming, economic espionage, and the Advanced Persistent Threat attack groups. Many of these investigations made headlines throughout the world. He does not specialize in responding to specific attack groups. He enjoys investigating complex breaches regardless of the type of attacker.

Grayson Lenik, Trustwave
Grayson Lenik is a Security Consultant with Trustwave’s SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has over 15 years of System Administration, Network Administration and Incident Response experience. Mr. Lenik’s certifications include Microsoft Certified Systems Engineer (MCSE), GIAC Certified Forensic Analyst (GCFA) and a PCI Qualified Security Assessor (QSA) and he continues to threaten his co-workers that he will take the CISSP exam soon. Mr. Lenik has performed research on file system timeline artifacts and timestamp modification and has presented at DEFCON, SECTOR and ECSAP. He has trained multiple State, Federal and International Law Enforcement agencies in digital forensics practice and methodology. He is a current member of the Consortium of Digital Forensics Specialists (CDFS) and the Seattle Electronic Crimes Task Force (ECTF). Mr. Lenik is a US Navy Veteran and spent time forward-deployed aboard the USS Independence and USS Kitty Hawk during multiple major conflicts. He authors the computer forensics blog "An Eye on Forensics."

Vinny Sakore, ICSA Labs
Vinny Sakore, a graduate of Penn State University, recently joined the team at ICSA Labs, an independent division of Verizon. At ICSA Labs, he manages the Cloud Security program and is a member of their ONC-ATB Certification Body. Additionally, he is a member of Verizon’s HIPAA Security team. Prior to joining ICSA Labs, Mr. Sakore was actively engaged with the Cyber Risk industry as Immersion’s VP of Business Development. ICSA Labs is an active member of the Cloud Security Alliance and Mr. Sakore represents ICSA Labs on two of the international steering committees, GRC & OCF Certification. As an active member of HIMSS he serves on two national privacy and security workgroups as well as serving locally as a board of director for the Central Pa HIMSS chapter. His CIPP/IT credential is through the International Association of Privacy Professionals (IAPP).

Rod Wittenberg, Reed Technology and Information Services
Rod Wittenberg is the Director of Reed Archives, a division of Reed Technology & Information Services based in Horsham, Pennsylvania. Mr. Wittenberg in his 18 years in the Reed Elsevier organization has served in several organizational capacities with positions in sales, marketing, product development, strategy. In his current role at RTIS, Rod has been a major contributor in developing market strategy, sales strategy, alliance models, product development and managing other key business activities. He is experienced in defining sales strategy and executing action plans to achieve strong and sustainable revenue and profit growth in entrepreneurial and mature business organizations. Mr. Wittenberg holds a Juris Doctorate, and an undergraduate degree in Political Science and Sociology. He has practiced law in the state of Massachusetts and is a Trustee Emeritus of the Philadelphia Bar Foundation.