Steve Winterfeld

Information Security Officer, Nordstrom Bank

Steve Winterfeld is the Information Security Officer for Nordstrom Bank. Before moving to retail/finance he built a successful Computer Emergency Response Team (CERT) for the US Army as well as Cyber Security Operation Center (CSOC) for a billion dollar company. On the compliance side he developed the first DoD / FAA DITSCAP/DIACAP package for Global Hawk Unmanned Aerial Vehicle, supported TVA through NERC CIP audit and today works on PCI and FFICE/OCC inspections. Additionally he has published a book on Cyber Warfare. He holds CISSP, ITIL, PMP and PCIP certifications.

Ben Rothke

Senior eGRC Consulting with the Nettitude Group

Ben Rothke, CISSP, CISM, CISA has over 15 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, design & implementation of systems security, encryption, cryptography and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for Slashdot and Security Management and is a former columnist for Information Security, Unix Review and Solutions Integrator magazines. He is a frequent speaker at industry conferences, such as RSA and MISTI, holds numerous industry certifications and is a member of ASIS, Society of Payment Security Professionals and InfraGard. He also has a number of information security certifications, all of which begin with the letter C.

Jon Oltsik

Sr. Principal Analyst, Enterprise Strategy Group

Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s Information Security and Networking services. With 25 years of technology industry experience, Jon is widely recognized as an expert in threat and security management as well as all aspects of network security. Recently, Jon has been an active participant with cybersecurity issues, legislation, and technology within the U.S. federal government. Prior to joining ESG, Jon was the founder and principal of Hype-Free Consulting. He has also held senior management positions at GiantLoop Network, Forrester Research, Epoch Systems, and EMC Corporation. Jon has an M.B.A. and a B.A. from the University of Massachusetts, Amherst. As an escape from cybersecurity intelligence and technology, he plays guitar in a rock-and-roll cover band.

Brian Kelly

Chief Information Security Officer Quinnipiac University

Brian is an Information Security specialist whose qualifications include a Masters degree in Information Assurance; CISSP and CISM designations; and detailed knowledge of security tools, technologies and best practices. Over fifteen years of experience in the creation and deployment of solutions protecting networks, systems and information assets for diverse organizations. The benefit of working for the Air Force, Aetna, Naugatuck Valley Community College and Quinnipiac University is that I have had the opportunity to handle a wide range of responsibilities beyond the purely technical. Learning, teaching, leading and following are all qualities resulting from my diverse experiences.

Dawn-Marie Hutchinson

Dawn-Marie Hutchinson brings 15 years of enterprise information technology experience to her role as Executive Director, Office of the CISO. She is an innovative business partner with extensive experience serving on Enterprise Risk Management teams. She is an expert in providing data privacy and security solutions to manage information risk, improve IT governance and strengthen internal controls. Dawn-Marie’s extensive experience in Information Security and Privacy program development has served the healthcare, insurance, retail and higher education sectors.

While serving on the HITRUST working group for Data De-Identification, Dawn-Marie established standards and controls for the anonymization of patient level data and is credited with authoring the white paper for defining those levels, as well as use cases for the secondary uses of medical data. Additionally, she served on the HITRUST Privacy working group tasked with revising the HITRUST Common Security Framework to include additional privacy controls and the inclusion of NIST App. J recommendations.

Dawn previously led the Information Security practice at Comm Solutions, and was also Chief Information Security officer at Urban Outfitters, based in Philadelphia. Her tenure in Information Technology also includes work at the Walt Disney World, Co., Banknorth Group, Inc., Independence Blue Cross and Protiviti.

Dawn-Marie currently sits on the Cyber Security Canon Committee, was the recipient of the CRM Women’s Power 50 award and hold accreditations that include Certified Information Security Manager (CISM), Certified in Risk and Information System Controls (CRISC), Certified Information Systems Auditor (CISA) and former Payment Card Industry Qualified Security Assessor (QSA). She is also a 2013 Master’s of Business Administration graduate of the Saint Joseph’s University Haub School of Business.

Rick Howard

Palo Alto Networks CSO

Rick oversees the company’s internal security program, leads the Palo Alto Networks Threat Intelligence Team (Unit 42), directs the company’s efforts on the Cyber Threat Alliance Information Sharing Group, hosts the Cybersecurity Canon Project, and provides thought leadership for the company and the cybersecurity community at large. His prior jobs include the CISO for TASC, the GM of iDefense, the SOC Director at Counterpane and the Commander of the U.S. Army’s Computer Emergency Response Team where he coordinated network defense, network intelligence and network attack operations for the Army’s global network. Rick holds a Master of Computer Science degree from the Naval Postgraduate School and an engineering degree from the US Military Academy. He also taught computer science at the Academy from 1993 to 1999. He has published many academic papers on technology and security and has contributed as an executive editor to two books: “Cyber Fraud: Tactics, Techniques and Procedures” and “Cyber Security Essentials.” The Christian Science Monitor named him a Passcode Influencer in 2015; a pool of 70 experts who are big thinkers on security and privacy.

Robert Clark

Lawyer, Army Cyber Institute, United States Military Academy

Robert Clark is a cyber operational lawyer for the Army Cyber Institute, United States Military Academy in West Point, New York, taking over these duties from his position as Distinguished Professor of Law (Cyber) at the Naval Academy. A career military officer and attorney, he has over twenty years of experience within the Department of Defense, having served at its counterdrug command as well as numerous other challenging positions. He is the former Cybersecurity Information Oversight & Compliance Officer with the Office of Cybersecurity and Communications, Department of Homeland Security and former legal advisor to the Navy CIO; United States Computer Emergency Readiness Team; and, the Army’s Computer Emergency Response Team. In these positions he has provided advice on all aspect of computer network operations. He interacts regularly with numerous government agencies and is a past lecturer at Black Hat; DEFCON; the iapp; and, the DoD’s Cybercrimes Conference. He received his Bachelor’s degree from the University of Michigan; his law degree from Michigan State University College of Law; and, his LL.M from the Judge Advocate General’s School, United States Army.

Christina Ayiotis

Co-Chair, Georgetown Cybersecurity Law Institute

Christina Ayiotis is an international business-focused attorney and consultant specializing in cyber (risk/operations), privacy, data protection, big data, innovation, cloud, ethics, compliance, and strategic engagement. In 2012, she proposed the Georgetown Cybersecurity Law Institute (CSLI), the only continuing legal education program in the world focused on educating in-house counsel (along with their outside counsel and advisors) in the context of working with C-Suite colleagues (CIOs, CISOs, CFOs, CPOs, etc.), Board Directors, and government (including global law enforcement). She serves as CSLI Co-Chair, an active member of the Advisory Board, and Chair of the Planning Committee. Since 2013, she has served on AFCEA’s Cyber Committee focusing on Internet Governance, Cyber Workforce, Internet of Things, and Legal Leadership. She also serves as Co-Leader of Association of Corporate Counsel National Capital Region’s Privacy and Data Security Forum. A prolific speaker and social media user, she educates on a daily basis. For many years, she has taught Information Policy at the Masters level for the Department of Computer Science at The George Washington University. From 2008 – 2011, she served as Deputy General Counsel—Information Governance at CSC. Prior to CSC, she created, deployed, and managed global programs in records & information management (Booz Allen Hamilton) and knowledge management (Ernst & Young International/Deloitte Touche Tohmatsu). A Certified Records Manager and e-discovery expert, she has spoken extensively on information governance.

A magna cum laude graduate of Virginia Commonwealth University (BS- Biology/ BA-Philosophy; Minors- Mathematics/French; University Honors), she received her Juris Doctorate degree from the Marshall-Wythe School of Law at the College of William & Mary. She is the extremely proud Mom of a 17-year-old (Viterbi School of Engineering Dean’s List Junior) Trojan at the University of Southern California.

Do you have a favorite cybersecurity book that you think should be considered for the Canon?

nominate book