The diagram below depicts the current organizational structure of the HISP Institute:

President John DiMaria

Governance Board John DiMaria; President Gary Sheehan; Vice President Joe Watts; Director of Higher Education and Member Services Taiye Lambo; Treasurer Tom Stamulis; Accreditation Officer Ralph Johnson; Secretary   Advisory Board Winston Lewis Jonathan Tranfield Danny Shaw Alexander Schjelde Karen Worstell Andreas Lalos David Wright John Smith Dale Pound Sean Lewis Tammy Clark   Executive Committees Examination David Thomas Jay Simonton   Certification Maintenance Ed Wilson   Strategic Alliances David Gittens (West Indies) Alexander Schjelde (North America) Winston Lewis (South America) David Wright (North America) Yan Feng (China)   Center of Excellence Charles (Chuck) Mackey Tammy Clark Gary Sheehan Ralph Johnson

John DiMaria was the BSI Americas Product Manager for Risk Standards specializing in ISO 27001 and ISO 20000. John is a Certified HISP (Holistic Information Security Practitioner) and Six Sigma Black Belt. John currently serves as the HISP Institute President.

He has 24 years in the industry specializing in Information Security, Management System Analysis and Improvement, Regulatory Analysis and Compliance, Risk Assessment and Management, Failure Mode Investigation and Six Sigma strategies on both a national and international level.

Previously he served as a Managing Consultant of Information Security for LECG, LLC a global expert services firm. Spent 4 years as member of the Board of Directors for a multi-million dollar corporation in St. Louis Missouri and prior 16 years managed implementation of SPC, Regulatory Affairs, process controls, information systems and international management systems standards.

Taiye Lambo is a Security subject matter expert in the area of Information Security Governance; with years of experience in design & implementation of Intrusion detection and prevention systems, Honeypots, Computer Forensics, Ethical Attack & Penetration Testing, Biometric Identification, Network Security Architecture, Information security governance. He founded the UK Honeynet project - www.honeynet.org.uk and the Holistic Information Security Practitioner (HISP) Institute - www.hispi.org

He has successfully executed information security projects for a number of United Kingdom government agencies and also provided information security consulting to State of Georgia agencies. In the commercial sector he has completed Consulting engagements for clients, in the Manufacturing, Financial Services and Healthcare sector.

He was the Director of Information Security for John H. Harland (now Harland Clarke), the leading provider of solutions to the Financial Services industry, including check and check related products and accessories, direct marketing solutions, and contact center solutions.

He has dual expertise as a hybrid technical and business information security consultant with a pragmatic holistic approach to the management of information security and regulatory compliance, as well as a subject matter expert on Information Security governance and compliance relating to regulatory standards such as HIPAA, Sarbanes-Oxley Act, Gramm-Leach Bliley Act (GLBA), FDIC and others. His presentations at security events include conferences organized by organized by ISSA, InfraGard, ISACA, CPM and SOFE.

Taiye is Founder & CTO of eFortresses, an Atlanta based risk management solutions company founded in 2002. In the United Kingdom, he founded a successful information security firm CyberCops Europe, gained assignments in the USA for commercial and government agencies where he continued Information security and compliance consulting and became a subject matter expert in several of the current regulations. His involvement in the USA grew with speaking engagements at leading seminars & conferences. He left CyberCops Europe, came to the USA and founded eFortresses in October 2002. He has established numerous valuable contacts nationwide and has name recognition in the information security/regulatory compliance space.

eFortresses developed the industry's first integrated security and compliance assessment product, Compliantz - an automated process to assess an organization's policies, processes and procedures against internationally accepted information security best practices and multiple regulatory requirements, including HIPAA Security, Sarbanes-Oxley Act (Security), GLB Act, California SB-1386, NIST 800-53, FACT Act and PCI Data Security. eFortresses also developed and holds classes nationwide in the industry's very first information security, audit and compliance certification course - Holistic Information Security Practitioner (HISP).

With a Bachelors degree in Electrical Engineering, he also earned a Masters degree in Business Information Systems from the University of East London (United Kingdom).

Ralph Johnson is the Chief Information Security and Privacy Officer (CISPO) for King County Washington. King County is located on Puget Sound in western Washington State, and covers 2,134 square miles. King County is nearly twice as large as the average county in the United States. With more than 1.8 million people, it also ranks as the 13th most populous county in the nation. King County includes the Cities of Seattle, Bellevue, and Federal Way which are three of the five largest cities in the state of Washington. It also includes the Port of Seattle which is the second busiest seaport on the west coast. King County provides services ranging from transportation (bus operation and road maintenance), regional health care, County law enforcement and court services, adult and juvenile detention and natural resources and parks management to list only a few.

Mr. Johnson has been with King County since 1989 beginning his career in the Medical Examiner's Office where he worked to automate many of the office processes. In 1994 Mr. Johnson moved to the County's HIV/AIDS project where he served as a database programmer and statistician for research grants. In 1997 he became a Network Engineer for the Prevention Division of the County's Department of Public Health. In 2000 Mr. Johnson became the Network Services Manager for the Department. During this time the department was beginning to contend with the concepts of HIPAA and Mr. Johnson became interested in information security while working on these initiatives. In 2004 He received his CISSP and was transferred to King County's Office of Information Resource Management to become the County's first Security Architect. In May 2005 he became King County's first Chief Information Security and Privacy Officer.

As Chief Information Security and Privacy Officer Mr. Johnson continually works to balance the needs of the public for "open government" with providing appropriate protective controls to ensure the confidentiality, integrity and availability of the information in the possession of King County. His philosophy is simple. Find a way to serve the public but ensure the protection of the information.

Tammy Clark is the Chief Information Security Officer at Georgia State University, a sprawling urban campus serving over 40,000 students, staff and faculty in downtown Atlanta, Georgia. She joined Georgia State in 2000 with the initial charge to start from "ground zero" in creating an information security program. She has developed a full range of security initiatives such as an information security taskforce, policies and procedures, incident response programs, regulatory compliance programs and audits, departmental security reviews and awareness programs, and the 'secure computing initiative,' a holistic approach to protecting sensitive and confidential data.

Additionally, she collaborated in developing a comprehensive, risk management based campus security plan around the ISO 27002 (formerly ISO 17799) framework, and successfully completed an initiative to get two areas of the University certified under ISO 27001. Through the implementation of information security governance, a paradigm shift from being viewed as a part of the information technology organization has resulted and her department is embraced as a business enabler, partner of internal audit, and the executive management levels at the University are working with her organization to improve their business processes and controls.

She has presented on information security governance and the development of robust information security programs at national conferences in higher education and industry. She is assisting in a large scale effort funded by state government and private industry to develop a governance, risk and compliance model for higher education. Additionally, she is involved in developing a HISP module that will be customized to address the compliance, risk management and governance issues pertinent to the education sector.

Tammy is a Certified Information Systems Security Professional (CISSP), a certified Project Management Professional (PMP), a Holistic Information Security Practitioner (HISP), a Certified Information Security Manager (CISM), a Certified Information Systems Auditor (CISA), a certified Information Security Management Systems Auditor (ISO 27001), Information Technology infrastructure Library (ITIL) Foundations certified, and has dual Bachelor's degrees in MIS and Accounting from Cal State University, San Bernardino, California.

Tom Stamulis is the Manager, Northeast Region in Verizon Cybertrust Security. He has worked in information security for more than 20 years, with specializations in financial, insurance, retail and government. He has delivered security solutions helping clients meet Governance, Risk and Compliance issues pertaining to ISO 27002, SOX-404, PCI-DSS, GLBA, HIPAA, FFIEC, NERC and FISMA. He achieved this by increasing adherence to security and reducing overall risk exposure with improved governmental compliance.

Prior to joining Cybertrust in 2006, Tom spent 20 years in the US Army serving in communications and as a Counterintelligence Agent until 2000. After leaving the army, he spent five years working in the Information Risk Management group for KPMG LLC in Boston.

He has contributed security blogs to Internet Evolution, a site dedicated to the future of the Internet. He is an active member of the Northern Virginia chapter of ISSA and is the Telecom Sector leader in the DC Infragard chapter. He holds a CISSP certification from (ISC)2, the CISM from ISACA and the HISP certification focusing on international standards, best practices, and comprehensive frameworks for developing robust and effective information security programs.

Jonathan Tranfield is a Security Practice Manager at Dimension Data. Over a 15 year IT career, Jonathan has focused on information security, business continuity and risk management. He has performed as the senior resource on major projects both in the US and Internationally. Jonathan is a CISM, CISA, CBCP, CISSP and a HISP.

Business Continuity. Jonathan has performed numerous business continuity engagements with clients including major banks, hospitals and government agencies. These roles have included performing business impact analysis to determine critical business processes, their supporting applications, systems, and requirements for availability. He has used both quantitative and qualitative risk assessment methods to measure business risk and exposure to assist clients in determining whether to mitigate, transfer or accept risk. He has also helped clients design architectures to meet business continuity requirements. In addition, he has performed the role of DR/BCP Test Manager ensuring both functional and non-functional testing has met plan objectives in the case of an unplanned outage. Jonathan has also performed BCP/DR audits and has experience in PAS56, the emerging BCP "best practice" standard.

Security Program Management. Jonathan has performed the role of Chief Security Officer for the initial two years of the largest traffic control/charging scheme in the world. This role involved determining and setting the long term security strategy, enabling the successful introduction of road charging while ensuring intermediate project timelines were met without security concerns or issues undermining the scheme. Jonathan has also held the position of Program Security Manager for a large US automobile manufacturer, ensuring their European Facilities conformed to a US led worldwide security initiative. This complex role involved the determination and selection of appropriate technology as well as the adherence to differing European laws and standards affecting specific facilities.

Governance Jonathan has developed information security strategy in support of business strategy and direction and understands that a strategy consists of objectives, processes, methods, tools and techniques. Jonathan has used COBIT, ISO17799 and CRAMM as guidance to ensure a "best practice" security control framework for clients. He has determined and set the security policy for both government and private clients, ensuring successful integration into the overall enterprise governance framework.

Jonathan also has significant experience as an IT Security Auditor and has performed Audits, Gap Analysis and remediation assistance against standards such as HIPAA, ISO17799, GLB and SOX. This work has included the auditing of service provider's security posture to ensure they are consistent with established security policy and that security SLA's are being met.

Jay is a Technology and Risk Management Professional with Jefferson Wells, Inc. He has served as Director of Technology for the Metro Atlanta Chamber of Commerce and Vice President of Information Services for Consumer Credit Counseling Service of Metro Atlanta, both leaders in their area.

He has worked with numerous clients providing information security consulting in highly regulated areas including financial institutions as well as large utility companies. He brings a strong mix of business and information security skills, which allows for a holistic approach towards compliance.

His knowledge of governance and compliance issues and related standards, HIPAA Security, GLB Act, NIST 800-53 (FIPS 200), Sarbanes-Oxley Act, PCI Data Security (Visa CISP), California SB-1386 and many others make him a valuable resource for his clients.

He has prepared presentations on the holistic methodology and approach to regulatory compliance as well as working directly with clients in developing necessary methodologies and approaches to compliance issues.

He is an active member of ISACA and currently serves on the ISACA-Atlanta Board focused on bringing technology presentations to the membership.

He has a Bachelors degree in Business Administration (marketing) and has also earned a minor in Computer Science.

David Thomas has over twenty years of both technical and financial experience. He is a subject matter expert in information assurance. He is familiar with both host and network intrusion detection, exploit analysis, botnet and Trojan trend analysis, and phishing. He is knowledgeable in forensic analysis as it relates to malware incident response.

His experience has been concentrated mainly in the insurance and financial verticals and he has been a resource for several government agencies. He has had experience in the healthcare vertical also. His technical experience covers a broad base including Microsoft, Linux, Solaris, and BSD systems.

His has worked with clients concerning risk analysis and disaster recovery. His work experience is not limited to the continental United States. He has a strong foundation in management theory and seeks to interweave these skills into his work with both security management and auditing. He has a strong knowledge of government compliance issues and seeks to continually refine his skills.

He possesses a Bachelor of Science degree.

Danny has over 25 years experience in technology and security risk management. He has provided business systems and related accounting technology services to companies including the largest professional services firm in the world, a fortune 500 company, industries including banking, manufacturing and healthcare. Danny has led business continuity management efforts for global and municipal organizations including speaking on continuity on multiple client roundtable events.

Danny currently leads the Atlanta Technology Risk Management practice for Jefferson Wells with a focus on information security, IT audit and compliance, and business continuity approaches. Danny's teams has been recognized for delivering timely value on information security assessments and controls relating to information technology environments, and are experts at eliminating or minimizing the impact of unplanned interruptions and ensuring the continuity of critical business services.

Danny has previously served in a "CIO" capacity assisting global Financial Officers with selection, negotiation and business cases for software system solutions. This included developing a Global Financial System Strategy enabling management to gain consistent, consolidated and regulatory financial information; developed implementation strategy for new financial systems solutions and European processing hub for Equifax offices in England and Spain.

He currently serves on multiple professional and community boards of directors including the Holistic Information Security Board since 2005; Children's Healthcare of Atlanta Community Board since 2006; Grace Fellowship Church Elder Board since 1994 and has served on Software Vendor Customer Boards for Geac, D&B and MSA assisting with the design of the latest release of software resulting in the award of D&B Software "Commitment to Excellence Award."

Danny was Founder & Principal of PSC2M; an Atlanta based professional services firm focusing on technology and risk management solutions founded in 2002. Danny completed his Bachelor of Science in MIS at Mercer University and AS in Computer Science from DeKalb College. He has gained certifications such as HISP - Holistic Information Security Practitioner; Certified Data Processor - Institute of Computer Professionals; Project Management Professional - Project Management Institute led thought leadership positions with Pricewaterhouse Coopers Business Process Outsourcing IT Council.

Gary Sheehan is a Security Practice Manager with the Wolcott Group in Fairlawn, Ohio. Gary's practice at Wolcott is focused on IT Governance and using the ISO 27001 Standards to help clients achieve effective holistic security and good IT governance. He is a subject matter expert in the area of information security governance; with 20 years of experience in security policy, awareness, process implementation, vulnerability management and security project management. Gary is currently the President of the Northern Ohio Members Alliance of InfraGard and founder of the Information Security Summit - (www.informationsecuritysummit.org).

Throughout his career Gary has worked for a number of large companies in the banking, insurance, diversified industrial, manufacturing and chemical industries. He has successfully executed large, global security projects and implemented enterprise-wide security policies at a number of companies.

As a recognized security expert, Gary has presented topics at Computer Security Institute's annual conference, InfoSec World, OKIT and at many regional conferences and seminars. In 2003 Gary received the Northern Ohio Chapter of InfraGard's Linda Franklin award for his dedication and outstanding service to the chapter. Under his direction, the Information Security Summit has raised and distributed over $90,000 to area organizations such as ISACA, InfraGard, ISSA, BEPA, Cuyahoga County Police Chiefs Association, Cleveland HoneyNet Project and ASIS.

Gary has a Bachelors degree in Business Administration from Baldwin-Wallace College and is a 2006 graduate from the FBI Citizens Academy.

David Gittens is an Information Technology security specialist who has spent the past few years in the financial services sector. He has many years of experience in system administration, mainly in the mid-range systems arena. During his sixteen years of IT experience he has worked in virtually every area of IT and has formal training and experience on almost every type of computer technology; including routers, operating systems, LANS, WANS, databases, UPSs, ATMs, peripherals and mainframes. He regularly attends seminars and training sessions on IT security and compliance.

In the past several years he has successfully implemented various IT projects, dealing mainly with implementation of new systems, system upgrades, disaster recovery, and security products. Most of these were done in his capacity as an IT manager or an external consultant.

He was the Vice President Information Technology of Clico, one of the largest providers of Financial Services in Barbados and the Eastern Caribbean. Clico provides life insurance, general insurance, equity funds and other services. In his capacity he had direct responsibility for all of the IT projects and technology solutions, IT infrastructure, IT policies and IT service delivery for Barbados and six other regional territories.

In addition to his strong all-round technical background, David has spent a lot of time in the study and practice of business disciplines, especially at it relates to small businesses.

David is currently in charge of IT security at RBTT Bank Barbados, part of the regional RBTT banking group. He is in charge of all aspects of information security, including the security awareness program, IT change management, vulnerability management and the creation of IT security policies, procedures and guidelines. His is also in charge of the IT Disaster Recovery plan and was responsible for the merging of the IT Disaster Recovery Plan with the business plans to create an overall business continuity plan. David also sits on the bank's regional security committee which is responsible for reviewing new security policies and creating regional security solutions for the Bank.

David's other responsibilities include the monitoring of national security-related legislation and working with internal and external auditors to address compliance issues.

David holds a Bachelors degree in Electrical & Electronic Engineering from Loughborough University of Technology in the United Kingdom.

Winston Lewis holds a BS degree in Science with major in Systems Engineering with 9 years experience working as Senior Systems Administrator and Security Analyst. He has been involved and managed networking projects supporting medium to large Enterprise Company IT Infrastructure providing remote and on-site support as well, also he has been in charge of security projects supporting all US Department of State security policies related to information systems and IT infrastructure in Lima, Peru.

His skills and experience can be summarized as follows:

Winston just founded a new company based on Lima, Peru. With the launch of his company, Winston will be spreading a Holistic approach to IT Security Governance and Risk Management. He has been named recently a SANS Stay Sharp Instructor and will be part of the next security training courses that SANS is promoting.

Winston is considered an engaged team player, a positive, pro-active person and hard worker with great problem solving and efficient working ability.

Joseph Watts is the Information Security Officer at Parma Community General Hospital. For the last 20+ years, Joe has worked in a variety of positions at companies including the Cleveland Clinic Foundation and Southwest General Health Center.

At Parma Community General Hospital, Joe reports to the CFO and manages the Hospital-wide information security management program. In addition to this, Joe is also responsible for leading the Hospital's Network Services Group which is responsible for the operation and administration of the internal networks, servers, enterprise applications, and network security systems.

Joe has a Bachelor's degree in Business Information Systems (Cum Laude) and a Masters degree in Management. He currently is a member of Healthcare Information and Management Systems Society (HIMSS), Northern Ohio Healthcare Information and Management Systems Society (NOHIMSS), Cuyahoga Community College Identification and Edge Technology Advisory Council, and Infragard.

Ed Wilson is a retired US Navy Cryptologic Technical Technician (CTT) with over 30 years experience in INFOSEC securing, auditing, and accrediting IT systems to include protection of sensitive corporate information in compliance with DoD regulations, ISO 9000, BS7799/ISO 17799, ISO 15408, FISMA. COSO, COBIT, GLBA, SOX, and HIPAA legislation.

ED Wilson is a certified Master Training Specialist, Testing Officer/Testing Supervisor, Curriculum Developer, and Technical Writer that strengthens his demonstrated excellence in leadership, technical competence, application of instructional methodology, and desire to improve educational awareness through quality instruction.

As INFOSEC Subject Matter Expert Ed Wilson developed a 3 week Information Systems Security Manager (ISSM) course consisting of 31 INFOSEC topics at the master level. Ed was an adjunct lecturer on INFOSEC manners for the National Security Agency (NSA) having taught twenty-six (26) National Cryptologic School courses for NSA.

As Information Systems Security Manager (ISSM) performed security system accreditation and certification responsibilities utilizing DITSCAP and NIACAP procedures for nine (9) DoD Local area Networks (LANs). As a Network Security Vulnerability Technician Red Team member conducted thirty-nine (39) vulnerability assessments providing clients with a snapshot of their computer security posture. Identified all vulnerabilities, categorized them according to risk based on the client's mission, identified safeguards and IT auditable controls to mitigate the vulnerabilities and worked with the client to implement those safeguards to meet compliance.

Ed developed organizational Information Security Policy Manuals in compliance with ISO 27002:2005's eleven domain requirements in support of the client's Information Security Management System (ISMS). Ed was responsibility for the multiple organization's data security and privacy policies, architecture, and procedures recommending holistic security solutions including financial justifications and operational support options.

Ed is a certified Holistic Information Security Practitioner (HISP) Curriculum Developer and Instructor providing delegates with the necessary skills to implement a corporate Information Security Management System (ISMS) framework that is compliant with the requirements of ISO 27002, HIPAA Security, GLB Act, Sarbanes-Oxley Act (Security), FACT Act, PCI Data Security and California SB-1386 and meets the certification requirements of ISO 27001.

Ed used the eFortresses Compliantz Toolset on 24 Florida State Agency risk assessments and several corporate environments. The Compliantz Toolset provided an integrated and innovative solution to Holistic Information Security risk assessments based on ISO 27002:2005, allowing the 24 agencies to proactively demonstrate due diligence and due care in establishing and maintaining their Information Security Programs. Ed received accolades for helping the agencies meet HIPAA, PCI, SOX, NIST, and local State regulatory compliance using the eFortresses Compliantz Toolset.

Alexander Schjelde is a senior Information Security Professional subject matter expert with more than 10 years of Information Security experience combined with 20+ years of international IT experience.

Alex has a working knowledge of building Corporate Risk management programs and has internationally (Scandinavia) acted as C-level management consultant with CSO advisory as his specialty. Among his customers was the Swedish National Police Board, where he over a 5 year period acted at a director level. He project managed during the same period the implementation of one of Northern Europe's largest Firewall installations along with being technically responsible for their Y2K compliance. To accomplish this task, he used the ITIL methodology, which at that point in time was new to the IT industry.

Alex moved to the United States 8 years ago and joined CenturyTel, a large Telecommunication provider, and assumed responsibility for their internal Help Desk and the PC/Lan area company wide, a responsibility that included more than 7,500 Desktop/Laptop computers in a 27 statewide environment.

He accomplished during this period to standardize the end user platform and saved over 60% in TCO per device compared to previous investments. Along with the standardization, he implemented a corporate Desktop security policy which included an antivirus and security patch management program and a change management process using ITIL methods. These standardization efforts lead to a significant increase of IT security and a large cost reduction in support.

During his last 1 and half year with CenturyTel, he became the Operations Information Security Manager with responsibility to ensure that all current and new corporate and/or company initiatives were in compliance with regulatory and industry security requirements. He lead or co-project managed the implementation of a Company Risk Management program, which included the establishment of a Corporate Risk Management Board.

Alex managed or co-managed during this period several other regulatory and industry compliance efforts utilizing his broad experience from the security standards industry (ISO / CoBit / ITIL). These were PCI-DSS compliance, CALEA compliance, CPNI compliance and others, just to mention a few.

During this period, he was a frequent speaker at CenturyTel's yearly Security Awareness Week and received several appraisals for his presentations.

In October 2007, Alex founded e-Contego, a company which specializes in building Risk Management and Corporate Security Governance programs also offering contractual CSO/CISO advisory services. e-Contego's advisory service takes a risk based approach when translating the regulatory or industry requirements into business terms, where countermeasures can be adequately assessed. www.e-contego.com

Alex holds a ship engineering degree from the Danish Teknikum College in Nakskov, Denmark along with several other IT industry recognized certifications.

Karen Worstell is co-founder and principal of W Risk Group, an independent consultancy and service company focused on Risk Management, Information Security Management System Certification, Risk and Controls Assessment, and Data Security. W Risk Group focuses on clients with highly complex IT environments, regulatory and statutory compliance challenges, and concerns about data privacy and security to provide a defensible standard of care that will withstand both legal and regulatory scrutiny.

Karen's 20+ years in information security and risk management spans multiple industries: manufacturing, airline and aircraft, financial services, petroleum derivatives and high technology. She has served as the CISO for both Microsoft and AT&T Wireless/Cingular, as CEO, CTO and Consulting Practice Leader for SRI Consulting and Atomic Tangerine (a spin-off of SRI Consulting). While at SRI consulting Karen was Research Director and Program Manager for the International Information Integrity Institute (I-4 ). She was a Program Manager in distributing computing in Boeing's Research and Technology division in the early days of defining security functionality for Microsoft Windows, CORBA and DCE.

Highlights of her management experience in risk and controls include:

W Risk Group is certified under the ISO 27001 registrar British Standards Institute as one of six Associate Consultancies in the US.

Karen's educational background includes BS degrees in Biology and Chemistry from the University of Washington, an MS in Computer Science from Pacific Lutheran University, and is working on a MAT from Fuller Theological Seminary. She is active in the CISO Forum Task Force for the ISSA and an instructor for the IT Compliance Institute, as well as a CISM. Her interests include writing, teaching, gardening, hiking and Hebrew studies. She and her husband Craig live in Gig Harbor, Washington.

Andreas Lalos is a Security Subject matter expert in the area of Information Security. He is the principal founder of BESECURE www.besecure.eu, a specialized security consulting and managed security services firm, located in Greece. He holds the position of Professional Services Manager, and has an extensive experience in informatics and Information Security with more than 12 years in IT and 8 years in Information Security profession. In the past he has worked as an Information Security Consultant for SPACE Hellas, a large networking and system integrator company and as an Information Systems Security Manager for Printec Group, a south eastern European banking services group of companies.

His expertise covers the areas of Risk Management, Computer Forensics, Compliance Services based on ISO27001 and Sarbanes Oxley Act, Security Architecture Design and Implementation, PKI consulting, Managed Security Services Operation, Vulnerability Assessment and Ethical Hacking.

Andreas has participated as a speaker in numerous events including COMDEX, and has been the author of several articles for information security in various technical and business magazines in Greece. As a McAfee Professional Services Partner he has delivered technical training in Middle East for various security emerging technologies.

As a Professional Services Manager he has managed and led BESECURE team on various security consulting and implantation projects for large financial, telecom private and public sector corporations in the areas of Balkans, Greece and Middle East, has provided specialist subject matter input into bid processes and has provided executive information updates to senior government and financial services officials.

With his depth of experience both in the business and technical arenas, Andreas has an innate ability to understand, manage and communicate technical issues at boardroom and senior management levels, this has enabled him to successfully consult to governments and large corporations at an executive level.

BESECURE was founded in 2006 to address the increasingly complex issues concerning the security of information assets. BESECURE acts as a trusted security advisor to enterprise clients from government, financial institutions and telecommunications sectors, helping them plan, implement and review security management strategies focused on people, process and technology resources.

Yan is an information security professional with the public sector in Toronto. His practice within the current position is focused on using the ISO 27000 Series Standards to achieve effective holistic security for the organization. With over 17 years of extensive experience, he is responsible for information security policy, enterprise security architecture, data protection, risk assessment and management, and security awareness program for the organization.

Prior to joining the public sector, Yan worked for a number of large companies in diverse industries, such as financial, public sector, and manufacturing. He has managed over 100 information security consulting engagements in a responsible and controlled manner and has successfully assisted international clients with their IT security concerns over the years. The engagements included, but were not limited to, information security policy development and review, standards compliance, penetration testing, awareness program development, business continuity and disaster recovery planning, threat risk assessment, privacy impact assessment, and application security.

Yan holds a Bachelor's Degree in Electrical Engineering from JiLin University, a Bachelor's Degree in Computer Science from York University, a Master of Applied Science Degree in Computer and Electrical Engineering from Ryerson University, and a Master of Engineering Degree in Telecommunication from University of Toronto.

Yan is also a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Holistic Information Security Practitioner (HISP), GIAC Certified Penetration Tester (GPEN), and Certified Ethical Hacker (CEH).

Sean is presently serving as Security Advisor for Microsoft's Southwest District. Sean has held a number of technical leadership positions in global organizations, including as Security Architect for Microsoft Consulting Services' Security Center of Excellence and Lead Consultant for the Southwestern United States in Verisign's Global Security Consulting practice. Sean has more than 11 years of experience in the Information Security industry geographically oriented in Southern California, previously holding positions such as Information Security Manager for a large healthcare provider (Sharp Healthcare) and Principal Network Architect for a large B2B/B2G clearinghouse. At Sharp, Sean's workload was divided between administrative components such as policy development, regulatory compliance roadmap construction and strategic oversight of information security program implementation and technical components such as penetration testing, security architecture and information assurance certification and accreditation of numerous third party devices for use in a high security patient care environment. Sean's current interests include biomedical equipment hardening and security profiling, risk tree mapping and utilization of information assurance and security engineering practices in the private sector. Sean also served as Technical Advisory Board member for Network Vigilance Incorporated, providing guidance and oversight and specializing in network security research and threat mitigation technology.

Drew Vesser is a security subject matter expert in the area of Information Security Governance and Compliance, with over twelve years of experience working with and managing professionals in multiple industries, including eight years in Information Technology.

He has enterprise experience with Financial Services, Internet Service Provider, Software Development, consulting companies and other large international corporations. With extensive knowledge around the evaluation of information, technologies and processes while reporting the necessary information security controls for adequate protection.

He has facilitated the compliance with North and South American banking and insurance regulations, including the Sarbanes-Oxley, Gramm-Leach-Bliley (GLBA), Health Insurance Portability and Accountability Act (HIPAA), NY 173, SEC 17a-4, California Senate Bill 1386 (Security Breach), Latin American Data Privacy and others.

He has conducted numerous risk and control assessments to identify effective controls necessary to mitigate risk and reduce fraud, using standards of information technology and risk, including ISO17799, COSO, CoBIT, ITIL, and others.

Buck Collett has forty years of experience in Information Technology. This IT work experience spans responsibilities from auditing, compliance, hardware repair, and Protection Services to consulting in Business Continuity, Governance and Systems Management (problem management, change management, system network control and quality assurance).

Buck has successfully implemented systems management disciplines, policies, and procedures at many organizations including Fortune 500 companies. Buck is currently the Corporate Director of Security (includes physical & logical security, compliance and business continuity) for Interface, Inc., a company that designs, manufactures, and markets modular and broadloom floor coverings, interior fabrics, and specialty products.

Prior to this position in Interface, Buck served for five years as Director of Information Services for Interface Americas, Inc. the largest division of Interface, Inc. In this role he was responsible for the management and successful operation of all technology initiatives and computer infrastructure requirements of Interface Americas, Inc. Buck also ensured the day-to-day operations of IT functions across multiple domestic and international locations, developed and implemented appropriate Information Services policies, standards, practices and security measures. He recruited Information Services professionals to fulfill all project implementation, development, and production requirements and successfully reengineered the Information Services Department to efficiently partner with and proactively respond to the business environment of the company.

From 1998 to 2000 Buck served as the Manager of Information Technology Protection Services for Interface, Inc. where he was responsible for the overall project management and vendor coordination of Interface's worldwide Y2K initiative. He coordinated several project teams engaged in merging multiple manufacturing systems, remediating multiple software packages, standardization of hardware, development and implementation of a change management system, development and implementation of an application development testing process, and the Y2K testing of all hardware and packaged software. Buck initiated and implemented a help desk increasing customer satisfaction and the productivity of the Information Services staff.

Prior to joining Interface, Inc., Buck was employed for thirty-one years at IBM. This part of Buck's career span responsibilities from a Field Engineer to Advisory Recovery Planning Consultant. Highlights from this experience include:

John is a subject matter expert in the areas of Information Security management, governance and disaster recovery planning.

John has over thirty years of professional experience involving information technology computer and network management, applications development management, information security management, and project management. John has participated in a Sarbanes-Oxley and Gramm-Leach-Bliley information technology documentation and testing project as an independent consultant. As Vice President of Information Technology at the Federal Reserve Bank of Atlanta, John managed all aspects of the IT function supporting multiple operating environments and a large user base. As Information Security Officer for the Bank he was responsible for the Bank's business continuity and disaster recovery planning function.

John has led various projects including a disaster recovery assessment for a local Atlanta area governmental agency, consolidation of mainframe processing into one of three Federal Reserve operations sites, the creation of the Bank's server and WAN/LAN Ethernet environment, the research, selection and implementation of the Federal Reserve System's Public Key Infrastructure (PKI). John served on various Federal Reserve System groups as an information security, computer operations and application development subject matter expert.

John is currently a Professional consultant with Jefferson Wells International. He holds a Bachelors degree in Mathematics from the University of Florida, a Masters of Business Administration degree from the University of West Florida and a certificate from the Executive Development Program of the Ohio State University. He is a former United States Naval Aviator.

Cindy K. Jones has over 20 years experience in the information technology field. She joined The Coca Cola Company in 2004 as an Infrastructure Security Strategist in the Company's Corporate Security division. During her freshman tenure at the Company, she led a team in the successful deployment of a global information protection training program that reached over 20,000 employees and contractors, and navigated through the cultural and language differences of 200+ countries. She is a current member of the ISACA Atlanta Chapter.

Prior to joining The Coca Cola Company, Cindy developed and managed the information security and disaster recovery program for a consumer services company, was responsible for information security for a large forest products company, and spent several years as an IT auditor.

Mark Plesnicher is a Sr. Security Compliance Manager in the Online Services Division at Microsoft. He is a subject matter expert in the area of Information Security Policy, Compliance and Governance; with over four years of experience in policy development, control development, audit coordination, security compliance and governance.

Mark comes from a legal/policy background having spent over 10 years in the field of Intellectual Property (Trademark and Copyright) clearance and enforcement. Mark also spent two years in Microsoft's Law and Corporate Affairs department working with law enforcement to investigate computer crimes where he also helped develop the Microsoft Global Criminal Compliance Program/Policies.

Mark has been a speaker at several conferences where audiences included domestic and international law enforcement agencies, government elites and IP lawyers/practitioners in the areas of trademark law, model computer crime law and Microsoft's criminal compliance program.

Mark holds a Bachelors degree in Criminal Justice from the University of Delaware and earned a Paralegal degree from Widener Law School. Mark received his Holistic Information Security Practitioner (HISP) certification in 2006.

Ngy (pronounced 'NEE') Ea (pronounced 'E') is an IT Governance and Strategy subject matter expert with more than 14 years experience in GRC, management, business development and consulting. He specializes in the healthcare, financial services and transportation industry. He is a partner in a public accounting firm, real estate investment company and consulting firm. Effective February 1, 2009, Ngy joined eFortresses (www.efortresses.com) as a Business Development Manager.

Ngy has served on the boards of privately held companies, ISACA Atlanta (www.isaca-atlanta.org), United Way Young Leaders, CobiT Development Group for ISACA International (working on a Val IT project with Coca-Cola Enterprise) and NAAAP (National Association of Asian American Professionals - www.naaap.org).

Ngy has a bachelor's degree in Economics and Actuarial Science from the University of Connecticut.

http://www.linkedin.com/in/ngyea