Keynotes

Keynote 1: Why Data Protection Programs Fail

Amit Yoran
Chairman and CEO
NetWitness

Amit Yoran is the Chairman and CEO of NetWitness, the leading provider of next-generation network monitoring solutions.  He was previously the Director of the National Cyber Security Division of the US Department of Homeland Security.  He also served as CEO and advisor to In-Q-Tel, the venture capital arm of the CIA.  Mr. Yoran was the co-founder of Riptech, the market leading managed security services company.  He served as its CEO until Symantec acquired it in 2002.  He served as an officer in the United States Air Force in the Department of Defense’s Computer Emergency Response Team.  Mr. Yoran has also served on the boards of such security technology companies as Guardium, Trust Digital, Digital Sandbox, Guidance Software, and Cyota.  He received an MS degree from George Washington University and a BS degree from the United States Military Academy at West Point.

Abstract: Why Data Protection Programs Fail
In spite of ongoing investments and many standards and regulations, cyberspace continues to observe security program failures.  These range from the spectacular to ones that hardly even see the light of day.  Former DHS cybersecurity czar Amit Yoran describes why data protection programs continue to fail.  He also provides a vision for what public and private organizations should be doing to prevent such failures in the future.

Objectives:

• Understand the actual causes of data protection program failures, using case studies from both public agencies and private companies.
• Explore the deficiencies in current program approaches that lead to these failures, including technology limitations, incorrect prioritizing, and process gaps.
• Design a forward thinking approach to avoid future data protection failures and ensure the protection of consumer and citizen data and critical infrastructure.

Keynote 2: Keeping Consumer Data Safe and Sound

Rick D'Angona
Chief Information Security Officer
Experian Americas

Rick D’Angona is Chief Information Security Officer for Experian Americas. Rick has overall responsibility for information security strategies across Experian business units. He works to bridge the gap between the technical aspects of information security and executive management by providing guidance on best practice compliance controls as a way to support corporate objectives. He presents to Experian audiences around the United States and collaborates with the Experian UK team to continually improve the application of information security principles to the rapidly changing business environment. Rick was a featured speaker at the 5th World Consumer Credit Reporting Conference held in Capetown, South Africa in October, 2006.

Rick joined Experian in January 2005 after serving as Vice President of Corporate Information Security at State Street Corporation where his responsibilities included governing the implementation of security controls for the world’s largest custodian of mutual funds. Prior to joining State Street he was Director of Online Brokerage for Fidelity Investments, responsible for enhancing the electronic distribution channels to increase sales revenues and minimize costs. He was involved in all aspects of the process including targeted marketing campaigns, regulatory compliance and print/mail fulfillment. Rick has more than 25 years experience in information systems management, application development and design and is now meeting the significant challenge of providing security solutions for Experian.

Abstract: Keeping Consumer Data Safe and Sound
Everyone is concerned about the large number of reported data leaks (over 200,000,000 records according to the Privacy Rights Clearinghouse).  Large leaks such as the TJX episode have cost organizations millions, and have led to extensive investigations and a large amount of legislation around the world.  What can installations do to protect themselves in a complex environment with threats that are constantly changing and evolving?  A sound set of controls is an excellent beginning.  And a policy of continuous review and updating is essential to keep security up-to-date.