Nikesh Arora is Chief Executive Officer and Chairman of Palo Alto Networks. Previously, he was President and Chief Operating Officer of SoftBank Group Corp., and Senior Vice President and Chief Business Officer at Google.
Third Edition
A collection of 50 global thought leaders and visionaries centered on doing business in the Digital Age – from addressing disruptions caused by COVID-19 to driving digital transformation through innovation to fostering a mutual understanding between technical and non-technical executives when it comes to existential issues surrounding cybersecurity.
Part 1
The Future of Threat and Risks
Seizing the opportunities, confronting the challenges
Part 2
Lessons From Around the World
Cybersecurity awareness, understanding and leadership
Part 3
Make Sure You’re Covered Today
Best practices on people, process and technology
chapters 1-11
Chief Executive Officer and Chairman, Palo Alto Networks
Nikesh Arora is Chief Executive Officer and Chairman of Palo Alto Networks. Previously, he was President and Chief Operating Officer of SoftBank Group Corp., and Senior Vice President and Chief Business Officer at Google.
Vice President and Chief Internet Evangelist, Google
Vinton G. Cerf is Vice President and Chief Internet Evangelist at Google. Known as a “Father of the Internet,” Cerf is co-designer of the TCP/IP protocols and architecture of the Internet. He has received numerous awards, including the U.S. National Medal of Technology, ACM Alan M. Turing award and the Presidential Medal of Freedom.
Retired Chief Information Officer, U.S. Army, Department of Defense
Lieutenant General Bruce T. Crawford recently culminated 34 years of service as the Army Chief Information Officer, serving as the senior government official responsible for policy and oversight of the Army’s $12.B IT portfolio. Other key assignments include senior cybersecurity and enterprise IT positions in every major theater of operations at the strategic, operational, and tactical levels. Bruce now serves on the advisory boards of Rubrick Inc, and CyberArk.
Founder, ExO Foundation; Board Member, XPRIZE
Best-Selling Author of Exponential Organizations; XPRIZE Foundation Board member; Founding Executive Director of Singularity University; Chairman of ExO Works; Founder, The ExO Foundation; Former Vice President of Yahoo!’s Brickhouse; AION Advisory Board member; and General Partner of Rokk3r Fuel ExO Venture Fund.
Salim Ismail is the best-selling author of Exponential Organizations, a sought-after business strategist, and a renowned entrepreneur with ties to Yahoo!, Google, and Singularity University. He consults with governments and the world’s Fortune 1000 companies on innovation, institutional change and growth. Ismail has been profiled in media outlets like The New York Times, Bloomberg BusinessWeek, Fortune, Forbes, WIRED, Vogue, and the BBC.
Ismail travels extensively sharing a global perspective on the impact of breakthrough technologies. His book quickly reached No. 1 on Amazon’s “Best-Sellers in Business Management,” and was also named Frost & Sullivan’s “Growth, Innovation and Leadership Book of the Year.” In presentations, he shares how any company, from a startup to a multinational, can streamline its performance and grow 10x faster than its peers. Audiences receive a tailored action plan, a new process for leading-edge thinking, and an understanding of what emerging technology trends mean for their future.
Ismail’s captivating, educational, and downright jaw-dropping presentations have been called “mind-blowing” and “the best talk I’ve ever heard.”
Salim founded ExO Works in 2016 to transform global business by catapulting organizations into the world of exponential thinking. ExO Works delivers a 10-week program based on concepts detailed in Exponential Organizations that fast forwards an enterprise’s mindset by two years by removing the barriers to innovation. Just as ExO Works is the face of the future of management consulting, Ismail founded The Fastrack Institute, a non-profit dedicated to accelerating technology into society.
Ismail spent eight years as Singularity University’s founding Executive Director and global ambassador. SU’s goal is to “educate, inspire and empower a new generation of leaders to apply exponential technologies to address humanity’s grand challenges.” SU, whose founders hail from Google and the XPRIZE Foundation, has empowered thousands of people from more than 85 countries to apply disruptive technologies – biotechnology, artificial intelligence, and neuroscience – to more than 100 startups and countless patents and ideas.
Prior to Singularity, Ismail was a vice president at Yahoo, where he built and ran Brickhouse, the company’s internal incubator. His last company, Ångströ, a news aggregation startup, was sold to Google in 2010. He has founded or operated seven early-stage companies including PubSub Concepts, which laid some of the foundation for the real-time web, and the New York Grant Company, a direct response to 9/11. In its first year, the organization attracted over 400 clients and delivered over $12 million of federal grants to the local Lower Manhattan economy.
In 2017, at its fourth annual benefit gala, Endeavor Miami, the first U.S. affiliate of Endeavor, a global non-profit organization that has advised and helped scale more than 800 high-impact companies in 26 countries around the world, honored Ismail with its 2017 Impact Award.
Chief Executive Officer, IOActive
Jennifer Sunshine Steffens is the Chief Executive Officer of IOActive, a global consulting firm dedicated to making the world a safer place. She spearheads IOActive’s global business operations, drives the company’s strategic vision and leads IOActive’s team of world-renowned cybersecurity researchers. Under her leadership, IOActive has expanded its service offerings across all technical and advisory services to ensure its research helps improve customers’ security posture as well as the state of security globally. In addition, Jennifer helped pioneer IOActive’s Securing Smart Cities non-profit, which serves as a resource for companies, governments, and individuals to navigate the complexity of securing a smart city.
Jennifer is an active member of the Executive Women’s Forum, the Information Security Systems Association and the Open Web Application Security Project. Lauded by Forbes, The Wall Street Journal, Information Security Magazine, and many more, she received SC Magazine’s Reboot Leadership Award for Top Management in 2017 and CV Magazine’s IT Security CEO of the Year 2018. She serves as a judge for the TechTrailblazers and DUO Women in Security awards and is a frequent speaker at leading industry conferences worldwide.
Jennifer brings nearly 20 years of experience in the security industry. Prior to IOActive, she held leadership positions at ground breaking companies such as Sourcefire and NFR Security.
Chief Executive Officer, Data Security Council of India
Prior to moving to DSCI she was Vice President, NASSCOM leading all initiatives in Domestic IT, eGovernance and Smart Cities among others. At NASSCOM, she has also led the Healthcare initiative in partnership with apex Health Sector body, NATHEALTH and the NASSCOM-DSCI Cyber Security Task Force.
DSCI under her leadership is pursuing a Cyber Security Industry growth charter to make India into a global hub for cyber security and grow to 35B$ by 2025.
With a rich and varied experience of 28 years in the Industry, she has had long stints at NIIT Technologies, Microsoft and General Electric. Her previous roles include that of Director in Microsoft Global Services, and Vice President, GE India. She has experience in the diverse domains of IT consulting, Strategic Accounts and Business Development, e-Governance projects and Business Development for Infrastructure projects and Health and Water Sectors at GE.
She is member of many committees of Government of India, including the Data Protection Committee, Cloud Expert Group and Financial Inclusion Advisory Board.
A Gold Medalist from University of Hyderabad, she has also completed an Executive Education program from Harvard, and a short program in High Performance Computing from Cornell University.
Corporate Vice President, Cybersecurity Solutions, Microsoft
Ann Johnson leads Enterprise & Cybersecurity at Microsoft. The focus of her organization is to lead global enterprises on their secure digital transformation journey. Ann is a recognized sales and operations industry leader with a proven track record for building and leading high-performing global enterprise software go-to-market teams. Ann has a background in cybersecurity, infrastructure and storage and is a frequent speaker on topics of online banking fraud, information security, healthcare security, mobile security, workforce diversity, privacy and compliance.
Before joining Microsoft, Ann was CEO at Boundless, an open source geospatial software and services provider. Prior to Boundless, Ann was President and COO of Qualys, Inc., a provider of cloud security and compliance solutions. Prior to Qualys, Ann was Vice President of World Wide Sales/IPV and Global Accounts at RSA Security LLC, a subsidiary of EMC Corporation which provides solutions to protect customer online identities and digital assets.
Ann is a graduate of Weber State University in Utah where she completed a dual major in political science and communications. She currently serves on the board of the Security Advisor Alliance and as Board Advisor to the biometric security firm HYPR.
Author and Global Security Advisor
Marc Goodman is a New York Times Best-Selling author, global strategist and consultant focused on the profound change technology is having on security, business and international affairs. He is the founder of the Future Crimes Institute and currently serves as the Chair for Policy, Law and Ethics at Silicon Valley’s Singularity University. Over the past twenty years, he has built his expertise in international cyber crime and terrorism working with organizations such as INTERPOL, the UN Counterterrorism Task Force, NATO and the US Government.
Goodman frequently advises industry leaders, security executives, start-ups and global policy makers on transnational cyber risk and intelligence and has operated in more than 75 countries around the world. His professional experiences include working as a street police officer, undercover investigator and counter-terrorism strategist, as well as briefing myriad cabinet ministers and heads of government, including the White House. Goodman’s current areas of research include the security implications of emerging technologies such as artificial intelligence, big data, robotics, crypto-currencies, synthetic biology, virtual reality and the Internet of Things.
Senior Vice President, Cyber Solutions Group, Aon
James C. Trainor is Senior Vice President within Aon’s Cyber Solutions Group. Mr. Trainor joined Aon in October 2016 after a distinguished career at the Federal Bureau of Investigation, where he most recently led the Cyber Division at FBI Headquarters.
Mr. Trainor played a critical role in devising the FBI’s national strategy to combat cyber-crime and was the senior FBI executive responsible for all cyber investigations. During his three year tenure in the Cyber Division, Mr. Trainor led FBI Agents and Analysts in every major high-profile cyber investigation involving the FBI.
In his new role, Mr. Trainor will help shape Aon’s overall cyber strategy on behalf of clients, working closely with colleagues across technology, system integration, risk transfer and advisory to ensure a holistic and integrated approach.
Mr. Trainor joined the FBI as a Special Agent in 1996. Over his twenty year FBI career, he served in both overseas and domestic assignments focused on cyber, counterintelligence, counterterrorism, intelligence and criminal matters. He has served in field assignments in Chicago; New Haven, CT; Boston; New York City and at FBI Headquarters in Washington, D.C.
Mr. Trainor is a graduate of Assumption College in Worcester, Massachusetts and obtained a Master’s in Public Administration from the University of Connecticut. He also completed a Chief Information Security Officer (CISO) and Chief Risk Officer (CRO) Certificate Program at Carnegie Mellon University and has GIAC certifications in GISP, GSLC and GISF.
Mr. Trainor is the recipient of the 2016 Presidential Rank Award, the 2016 FCW Federal 100 in Information Technology, and was recognized by Security Magazine in 2017 as Most Influential in Security.
Chief Security Officer, Unity Technologies
Justin Somaini is Chief Security Officer at Unity Technologies. Prior to joining Unity, he was Chief Security Officer at SAP, Chief Trust Officer at Box, and held the role of Chief Information Security Officer at Yahoo, Symantec, Verisign, and Charles Scwab.
Chair for the Future of Work, Singularity University
Gary A. Bolles is an internationally-recognized expert and lecturer on the future of work and of learning. His focus is on strategies for helping individuals, organizations, communities and countries to thrive in the digital work economy. As a partner in the boutique consulting agency Charrette LLC, he helps clients to identify and understand trends affecting organizations and markets, through innovation consulting, strategic conferences, strategy design charrettes, and collaborative initiatives. As Chair for the Future of Work for Singularity University, he leads the organization’s efforts to empower a global community to create an abundant future of work and learning. And as co-founder of eParachute.com, he helps job-hunters & career changers, from youth to 50+, with online and in-person programs inspired by “What Color Is Your Parachute?”, the best-selling career book of all time. Bolles has also authored a series of video courses on the future of work for LinkedIn Learning/Lynda.com, and writes on LinkedIn.
Author; Executive “Future Trainer;” Strategist; Chief Executive Officer, The Futures Agency
Gerd Leonhard is a widely-known and top-rated futurist, with over 1500 engagements in 50+ countries since 2004 and a combined audience of over 1 million people. Gerd focusses on near-future, ‘nowist’ observations and actionable foresights in the sectors of humanity, society, business and commerce, media, technology and communications.
Gerd is also an influential author, a sought-after executive ‘future trainer’ and a trusted strategic advisor. He is the co-author of the best-selling book The Future of Music and the author of 5 other books including ‘The Humanity Challenge’ (June 2016). Gerd is also the host of the web-TV series TheFutureShow and the CEO of TheFuturesAgency, a global network of over 30 leading futurists.
Gerd is considered a leading voice on a wide range of topics including digital transformation and the opportunity-challenges of the coming exponential society, a sustainable business and cultural ecology, social media and communications, TV / film, radio and broadcasting futures, mobile content and commerce, innovation, leadership and entrepreneurship, ‘hard-future’ consumer trends, human-machine futures and AI, cognitive computing, the IoT, big data and automation, next-generation advertising, marketing and branding, as well as sustainability and related ‘green future’ topics. In 2006, The Wall Street Journal called Gerd ‘one of the leading Media Futurists in the World’. In 2015, Wired Magazine listed Gerd as #88 of the top 100 influencers in Europe. He’s #21 on the global list of futurists.
Gerd's keynotes, speeches and presentations are renowned for their hard-hitting and provocative yet inspiring, often humorous and always personal motivational style. Gerd is highly regarded as a global influencer and has advised many business leaders and government officials around the globe. His diverse client list of over 300 companies includes UBS, Mastercard, Unilever, Lloyds Bank, WWF, Nokia, The Guardian, Google, Sony, Telkom Indonesia, Siemens, RTL, ITV, BBC, France Telecom, Orange, Deutsche Telekom, MTN, The Financial Times, DDB, Ogilvy, Omnicom, IPG, The EU Commission, Mandarin Oriental Hotel Group, VISA, and many others
chapters 12-24
Cybersecurity Consultant; Former Director of the U.S. National Security Agency
Sherri Ramsay is currently a Consultant, engaged in strategy development and planning, coaching, partnership development, and marketing and development of security operations centers. She is a member of the Board of Advisors for the Hume Research Center at Virginia Tech and a member of the Board of Advisors for TruSTAR Technology.
Ms. Ramsay is the former Director of the National Security Agency/Central Security Service Threat Operations Center (NTOC) and a former member of the Armed Forces Communications Electronic Administration (AFCEA) Board of Directors. As the NTOC Director, she led discovery and characterization of threats to national security systems, providing situational awareness for those threats, and coordinating actionable information to counter those threats to the DOD, DHS and FBI. At NSA, she also served as a senior leader in the Signals Intelligence Directorate, the Technology Directorate and the Information Assurance Directorate. Prior to joining NSA, she taught high school mathematics.
Ms. Ramsay received the Department of Defense Distinguished Civilian Service Award (the highest award given to a DoD civilian), the Exceptional Civilian Service Award (the highest award given to an NSA civilian), the NSA Meritorious Civilian Service Award twice (the second highest award given to an NSA civilian), the Presidential Rank Award, the National Intelligence Meritorious Unit Citation, the Louis Tordella Award, and the Armed Forces Communications Electronic Administration (AFCEA) Meritorious Service to the Intelligence Community Award. She received the Women’s Leadership
Award from the Congressional Bipartisan SMART (Strengthening the Mid-Atlantic Region for Tomorrow) caucus.
Ms. Ramsay graduated Magna Cum Laude with General Honors from the University of Georgia with a Bachelor of Science degree in Mathematics and Education. She graduated with Honors from the Johns Hopkins University with a Master’s Degree in Computer Science. She graduated from the Industrial College of the Armed Forces (ICAF), National Defense University, with a Master’s in National Resource Strategy. She received a Certificate in Leadership from the University of Virginia.
Vice President for Cybersecurity Strategy and Global Policy, Palo Alto Networks
Ryan works with governments, companies and organizations around the world to develop and implement strategies, policies and operational partnerships that prevent successful cyberattacks. He oversees the company’s involvement in public-private cybersecurity exercises, and is responsible for expanding cyberthreat information sharing relationships with various government organizations. Additionally, Ryan leads the company’s global public policy efforts and oversees government affairs around the world.
Prior to joining Palo Alto Networks, Ryan spent nearly 15 years in government, and with technology and defense companies. Most recently, Ryan served as a cybersecurity official on the U.S. National Security Council staff at the White House, and more than a decade in various positions across the Department of Homeland Security during both Republican and Democratic administrations.
Ryan is a member of the Council on Foreign Relations and the World Economic Forum’s expert network supporting the growth of a secure and reliable Industrial Internet of Things (IIoT). In 2016, he also served on the CSIS Cyber Policy Task Force to develop recommendations for the incoming U.S. administration, and he participated in the U.S.-Australia Diplomatic Track 1.5 Cyber Dialogue. Ryan is an elected member of the executive committee of the U.S. Information Technology Sector Coordinating Council. He is also a recipient of the National Security Council’s “Outstanding Service Award,” and the 2017 Federal Computer Week “Fed 100” award. Ryan is a graduate of Georgetown University.
Director of Cybersecurity Policy and Partnerships, Palo Alto Networks
Sean Morgan is Director for Cybersecurity Policy and Partnerships at Palo Alto Networks. He has also held positions in cybersecurity at the U.S. National Security Council and the Department of Defense.
Schlumberger Fellow and CISO Emeritus, Schlumberger
Mario Chiock possesses over 37 years of experience in Oil Field operations, IT, Security, Risk, Privacy and Auditing. Prior to his current role as Chief Security Officer & Schlumberger Fellow, Mario was the CISO at Schlumberger where he was responsible for developing the company’s worldwide, long-term cyber security strategy. He is recognized for his leadership and management in all aspects of cybersecurity throughout the company as well as within the community.
Through his vision, he successfully transitioned Schlumberger from legacy firewalls to a more robust infrastructure based on next-generation firewalls. His experience in successfully deploying advanced technologies and approaches also spans Incident Response, Advance Threat Prevention, Digital Right Management to watermark & fingerprint sensitive documents. He also implemented federation services to minimize 3rd party risk and created the extended security team to foster collaboration with other IT groups. Mario is also known for applying his Lean Six Sigma expertise for measuring performance and creating dashboards that have led to more simple operations and reduction of waste.
Outside of Schlumberger, Mario has been an active member of the Information Systems Security Association (ISSA) for over 20 years; he has held numerous board positions in the Austin, Capital of Texas Chapter, as well as the South Texas Chapter in Houston. He was president of the South Texas Chapter in 2007, bringing in the “Chapter of the Year” award. He continues to serve on the board. Mario is also an active volunteer trainer for Security Certifications such as CISM, CISA & CRISC certifications, and has mentored many successful CSO & CISO in Austin & Houston area. He is also very active with Evanta as speaker and instructor for their CISO Institute. In 2015 he was a speaker for the SPE and API conference and in 2016 he was a panelist at the GEO2016 conference in Bahrain.
Mario was recognized as one of the top 25 out of more than 10,000 security executives in the ExecRank 2013 Security Executive Rankings, he also won the 2012 Central Information Security Executive (ISE) “People Choice Award”, in 2014 he is a recipient of the CSO40 – 2014 award, named “ISSA Fellow”, won ISC2 Americas Information Security Leadership Awards (ISLA) and won the “ISSA Honor Roll” award. In 2017 he received the Infragard Houston award of excellence for the Private-Public Partnership in Cybersecurity.
He is an active member of the Houston Security community and gives security talks, training and volunteers his IT security expertise to local non-profit organizations. He is currently a board member of the Houston InfraGard Chapter, has served in Executive & Technical Advisory boards of many security companies such as WatchFire (Now IBM), ISS (now IBM), Qualys, and currently is active on the Palo Alto Networks advisory board, he is also serving in the Google Cloud Platform advisory board and strategic advisor to Onapsis as well as Board member.
Mario has a CISSP, CISM & CISA Certifications, and is past chair for the American Petroleum Institute Information (API) Security Sub-Committee and was involved in the formation of the Oil & Gas ISAC.
Vice President and Board Director, Yunda Group
Dr. Yang Zhoulong is Vice President and Chief Technology Officer of Yunda Group. He is also the Deputy Chairman of China E-Commerce Logistic Industry Alliance, and the Logistics Information Expert of China Federation of Logistics and Purchasing. He has been working as an IT professional in the financial service industry and e-commerce logistics for 20 years.
Chief Information Security Officer, Takeda Pharmaceuticals International
Mike Towers is the Chief Information Security Officer at Takeda Pharmaceuticals International. He has worked in life sciences technology for over 25 years, leading global security functions since 2008. He is a regular speaker on digital trust, information risk and cybersecurity. He has received four Information Security Executive of the Year awards within the healthcare industry and serves on the board of the Health Information Security and Analysis Center.
Head of Security Operations, Iress
John Paul Lonie is the Head of Security Operations at Iress. He has spent the past 25 years in financial services starting in development and IT operations and the last 12 years in a variety of information security roles.
Senior Vice President and Chief Security Officer, Dell
John Scimone serves as Sr. Vice President, Chief Security Officer for Dell, where he leads the company’s global corporate security program. John’s responsibilities span the full spectrum of strategy, planning, and operations, aiding Dell’s businesses in the management of security risk across the physical and cyber domains. He is also charged with the advocacy of business resilience, including crisis management, business continuity and disaster recovery.
Before joining Dell, John served as the Global Chief Information Security Officer for the Sony Group family of companies, where he was responsible for building Sony’s first global information security and privacy organization and leading strategy, policy, and operations. Prior to joining Sony, he also held a number of leadership positions at the U.S. Department of Defense, including as Director of Security Operations for the Secretary of Defense's communications office, where he led the facility, personnel, and cyber security programs. John formerly served as a member of a predecessor organization of U.S. Cyber Command, where he led the development of enterprise information security programs that protected information belonging to the DoD’s more than two million employees.
John holds a Bachelor of Science degree in Computer Science, with a specialization in Information Assurance, from the Georgia Institute of Technology. He also earned a Master of Arts degree in Strategic Intelligence, with a specialization in Counterintelligence, from the Institute of World Politics in Washington D.C.
Founder, Instituto de Inteligencia Emocional
Gemma Garcia Godall is the Founder of Instituto de Inteligencia Emocional, where she guides leaders, teams and organizations to shine through cultural transformation projects. Previously, she was the Chief Executive Officer of a leading player in the financial services industry.
Vice President and Chief Security Strategist, Exabeam
Stephen Moore is the Vice President and Chief Security Strategist at Exabeam, focused on driving solutions for threat detection/response and advising customers on breach response. Prior to joining Exabeam, Stephen has held a variety of cybersecurity practitioner and leadership roles. He spends his free time advising industry-leading organizations, mentoring, and helping those in need.
Head of Strategy, Europol’s European Cybercrime Centre
Philipp is the Head of Strategy of the European Cybercrime Centre (EC3). EC3 Strategy is responsible for the delivery of strategic, situational and tactical cyber-related products such as the Internet Organised Crime Threat Assessment (IOCTA). Other key areas of responsibility include prevention and awareness, outreach, stakeholder management, training management and internet governance.
Philipp regularly presents at major international conferences and events.
Prior to joining the EC3, he held management positions with the Organization for Security and Co- operation in Europe, the Organisation for the Prohibition of Chemical Weapons and the International Criminal Court.
Philipp has more than 17 years of relevant working experience and hands-on skills in information and cyber security management, policy development, combatting cybercrime, electronic evidence management and the analysis and management of intelligence.
He has worked in various fields, including the financial sector, global disarmament and arms control, CBRNe, law enforcement and international law. He is also a member of ENISA’s Permanent Stakeholder Group and the program advisory board of the Cyber Akademie.
Philipp’s professional experience is complemented by a PhD degree and a Master’s degree in business informatics from the University of Vienna. He also holds an MSc in Forensic Computing and Cybercrime Investigation from the University College Dublin, where he graduated at the top of his class.
Executive Vice President and Chief Security Officer, Verisign
As senior vice president and chief security officer (CSO), Danny McPherson is responsible for all aspects of Verisign’s information systems and services, as well as information and corporate security. Additionally, he represents Verisign in key forums focused on critical infrastructure, engineering, research, security, and online trust. With over 20 years of experience in the internet network operations, security, and telecommunications industries, McPherson brings tremendous technical leadership and operational expertise to the company.
Prior to joining Verisign, McPherson was vice president and CSO at Arbor Networks, where he developed solutions to detect and mitigate cyberattacks. Before that, he held technical leadership positions in architecture, engineering and operations with Amber Networks, Qwest Communications, Genuity, MCI Communications, and the U.S. Army Signal Corps.
McPherson has actively participated in internet operations and standardization since the early 1990s. He is currently a member of the Internet Corporation for Assigned Names and Numbers (ICANN) Security and Stability Advisory Committee (SSAC) and has served on the Internet Architecture Board (IAB), the Internet Research Steering Group (IRSG), the U.S. Federal Communications Commission’s (FCC) Communications Security, Reliability and Interoperability Council (CSRIC), and the U.S. Department of Homeland Security’s Cybersecurity Subcommittee, as well as the Online Trust Alliance (OTA) Board of Directors. He has chaired an array of Internet Engineering Task Force (IETF) and other working groups and committees in these and related forums.
McPherson is an active contributor in the network and security operations and research communities and has authored several books, numerous internet protocol standards, network and security research papers, and other publications.
Managing Director, Asia-Pacific Leader, Cyber Risk, Kroll
Paul Jackson is a Managing Director and Asia-Pacific Leader for Kroll’s Cyber Security and Investigations Practice, based in the Hong Kong office. Over a career spanning more than 25 years of service in some of the region’s highest levels of law enforcement and corporate enterprise, Paul has earned a stellar record of achievement as a cyber security practitioner, strategist, and thought leader. In addition to possessing deep knowledge regarding the region’s diverse geopolitical and cultural complexities, Paul has developed a highly nuanced view of global cyber security challenges from working with organizations such as Interpol, the U.S. Secret Service’s Electronic Task Force, and Microsoft’s Digital Crimes Consortium.
Paul started his career with the Hong Kong Police Force, and over 22 years, he rose through the ranks to become Chief Inspector and Head of the IT Forensics Practice, Investigation Team, and Training in the force’s Technology Crime Division. In this role, he led multiple teams of cyber investigators, computer forensics examiners, and police college trainers, and was policy manager for digital evidence for the entire police force of 27,000 members. His accomplishments included overseeing the design and construction of a multimillion-dollar project to build the IT forensic laboratory and all associated IT security infrastructure; heading an internal “think tank” that provided top-level police management with strategic planning and policies relating to technology crime trends and IT security matters; leading the government incident response capability against cyber threats to critical infrastructure during major events such as the Olympics, WTO meeting, ITU Conference, and East Asian Games; and implementing an innovative incident response methodology for live (compromised) system analysis, which was ultimately adopted by Interpol and police forces worldwide.
During his tenure, Paul was also appointed by Interpol as course director for the Asia-Pacific Region to develop and deliver IT investigation and forensics training to law enforcement. His design and management of an advanced training facility for the HKPF was later used as a template by Interpol and the Korean Police University. Paul brought to these training efforts a wide range of practical, frontline experience from his earlier roles as Head of the Computer Security Unit in the Crime Prevention Bureau, Head of the Telecommunications Liaison Office in the Criminal Intelligence Bureau, and a uniformed officer for eight years.
After leaving the HKPF in 2010, Paul became APAC Head of Fraud and High Tech Investigations for JP Morgan Chase Bank, and from 2012-2014, he relocated to New York where he served as the bank’s Global Head of High- Tech/Cyber Investigations. In this role, Paul managed a global team of cyber investigators and responders throughout the United States, Europe, and Asia, focused on addressing the pressing needs of managing the evolving threats faced by a global financial institution. Executing on these objectives involved, among other efforts, redesigning global cyber laboratories and introducing new forensic technologies to enhance the efficiency and capacity of the team. In addition to serving as a strategy leader, Paul personally conducted numerous investigations, successfully resolving several major incidents that included, among others, a well-publicized breach, data exposure, reputational issues, employee misconduct, insider threat, and electronic fraud.
Prior to joining Kroll, Paul was APAC Managing Director for Stroz Friedberg. In this role, Paul developed several of the firm’s products and services with an APAC focus, and personally led client engagements in cyber security assessments, C-level cyber incident table-top exercises, and data breach investigations. He also served as a thought leader and represented the firm in numerous venues, forums, and major public events.
Vice President, Internal Audit, Palo Alto Networks
Mark Gosling is the Vice President Internal Audit at Palo Alto Networks, where he leads the company’s internal audit, Sarbanes-Oxley compliance, and enterprise risk management programs. In addition to assessing risks, risk management practices and controls on behalf of the Company’s Board, Mark’s role requires close coordination of work with multiple stakeholder groups to develop and implement optimal risk management approaches across the enterprise.
Before joining Palo Alto Networks, Mark served as Vice President Internal Audit at NetApp and at VeriSign, and as a partner at PricewaterhouseCoopers specializing in internal audit, compliance and risk management services for technology companies. His career spans over 30 years, with 22 of those spent in Silicon Valley.
Mark holds a Bachelor of Science degree in production engineering from the University of Birmingham, UK, and is a Chartered Accountant.
chapters 25-44
Chief Information Security Officer, Tecnológico de Monterrey
As Chief Information Security Officer of Tecnológico de Monterrey, Pablo Tamez has designed and led the cybersecurity strategy and is responsible for the security of all Institutions which includes Higher Education, Health Care and Retail sectors. Thought understanding of the risk landscape and security solutions and services has constructed a centralized security architecture for all the institutions capable of attend the security needs regarding corporate governance, data privacy, vulnerability management, infrastructure protection, breach response and awareness.
He has collaborated over 14 years in different companies of the private sector, having a deep understanding of IT and Security Operations, Mr. Tamez has worked in the security operations forefront and has led the security technologies and services evaluation program, security operation center and incident response.
Head of Centre for Cybersecurity, World Economic Forum
William Dixon is the Head of the Centre for Cybersecurity at the World Economic Forum, focusing on the impact of next generation technology on the security, and risk landscape. Previously, he was Global Head of Intelligence at Barclays, and held leadership roles in the UK Civil Service.
Vice President and Chief Security Officer, EMEA, Palo Alto Networks
Greg Day is Vice President and Chief Security Officer for EMEA at Palo Alto Networks. He is also Chair for the global CSO community I-4 members advisory committee, Chair TechUK Cybersecurity AI Working Group, and member of the World Economic Forum’s Centre for Cyber Security. He previously held leadership roles at FireEye, Symantec and McAfee.
Cybersecurity and Privacy Attorney
Mark Rasch is a lawyer and computer security and privacy expert and an expert in risk mitigation in Bethesda, Maryland. where he helps develop strategy and messaging for the Information Security team.
Rasch’s career spans more than 25 years of corporate and government cybersecurity, computer privacy, regulatory compliance, probabilistic risk assessment, resilience, computer forensics and incident response. Earlier in his career, Rasch was with the U.S. Department of Justice where he led the department’s efforts to investigate and prosecute cyber and high-technology crime, starting the computer crime unit within the Criminal Division’s Fraud Section, efforts which eventually led to the creation of the Computer Crime and Intellectual Property Section of the Criminal Division. He was responsible for various high-profile computer crime prosecutions, including Kevin Mitnick, Kevin Poulsen and Robert Tappan Morris. Mark is a frequent commentator in the media on issues related to information security, appearing on BBC, CBC, Fox News, CNN, NBC News, ABC News, the New York Times, the Wall Street Journal and many other outlets.
Principle, Global, and U.S. Chief Information and Technology Officer PricewaterhouseCoopers
James joined PricewaterhouseCoopers (PwC) in May of 2015 in the newly established role of Network Chief Information Security Officer (CISO). The Network CISO has been charged with leading a broad information security transformation program across the PwC Network of Firms. Since this programs launch in summer of 2015 significant progress has been made both in the US firm and across the PwC member firm network. PwC Network Information Security or NIS has established itself as an engablement function at PwC which makes an impact.
Prior to PwC, James was at Zurich Insurance Group where he started in early 2009 as the role of Head of Group IT Risk Americas. In the autumn of 2010 he was promoted to the newly created role of Group Chief Information Security Officer. During his tenure at Zurich, James transformed Zurich's information security posture, developing new and innovative solutions and capabilities, leading the Data Security Improvement initiative on behalf of the Group Executive Committee, and working to enable Zurich employees to work in new and modern ways while remaining secure. Prior to Zurich, James was the Chief Security Officer for American General Financial Services (AGFS), a subsidiary of AIG. At AGFS, James built the first security function at the company and helped shape and guide overall security strategy at AIG. Prior to working at AIG, James was the America’s CISO for Bank Julius Baer. While at Julius Baer, James established the CISO role in the Americas and worked closely with Global CISO in establishing the strategy for the information security program across the company.
James is known across the Information Security industry as change and action oriented executive who thrives on tackling large scale challenges. Furthermore he is also known for his approaches to people management, emerging technology and tight integration with business strategy. In 2014, James’ transformation of Zurich’s information security program won the ‘RSA Excellence in the field of Information Security’ award. This award is given to the top executive in the information security industry determined by a judging committee of industry peers.
Outside of work James has been married to his wife Kristine since 2005. They’ve lived in a number of places both in the US and abroad but now call Los Angeles home since 2013. James and Kristine have two children. Jaclyn who is 3 ½ and Finn who is 6 months. They live in Hermosa Beach which is near LAX. Beyond family and work, James is passionate automotive enthusiast. He maintains several vintage Porsche’s. In addition James likes to cycle and work out and is a fan of California wine.
Former Acting Senior Director for Cybersecurity Policy, White House, National Security Council Staff
Heather King presently serves as the Chief Operating Officer at the Cyber Threat Alliance (CTA). CTA works to improve the cybersecurity of our global digital ecosystem by enabling real-time, high-quality cyber threat information sharing among companies and organizations in the cybersecurity field. Prior to joining the CTA in August 2017, Heather served as the Acting Senior Director for Cybersecurity Policy at the White House National Security Council (NSC) staff where she was responsible for working with Federal departments and agencies on key domestic national cybersecurity strategy and policy. Prior to that, Heather served on the NSC staff in several roles from April 2013 to April 2017, including Deputy Executive Secretary, Director of Critical Infrastructure Cybersecurity, and Director of National Preparedness Policy. Before the NSC staff, she served in a variety of roles at the Federal and state levels, including the Department of Homeland Security, Federal Emergency Management Agency, Virginia Department of Emergency Management, and Virginia State Police. Heather holds an M.S. in Global Security from Virginia Polytechnic Institute and State University and is pursuing an M.S. in Management of Information Technology at the University of Virginia.
Executive Director, Americas, Global Cyber Alliance
Megan Stifel is Executive Director, Americas, Global Cyber Alliance. She has previously held cybersecurity leadership posts at the U.S. National Security Council and the U.S. Department of Justice.
Chief Security Officer, USAA
Gary McAlum serves as Chief Security Officer of United Services Automobile Association. His responsibilities include: Information Security, Privacy, Financial Fraud Prevention & Recovery, Physical Security Operations, Corporate Investigations, and Business Continuation. Prior to USAA, he served 25 years in the US Air Force and a short time with Deloitte & Touche, LLP.
Throughout his military career, he worked in a variety of leadership and staff positions within the information technology career field including: telecommunications, satellite communications, network operations, and information security. Gary was on the front line of military cyberspace operations where he supported the establishment and evolution of the Joint Task Force Global Network Operations, the organization that was the focal point for the operation and security of DoD information systems and networks. During this time, he was frequently called upon to provide cyber threat insights to a wide variety of interagency forums, including the US-China Economic and Security Review Commission, the President's National Cyber Study Group, and Congressional testimony.
Gary holds a B.A. in Mathematics from The Citadel, an M.S. in Management Information Systems from the University of Arizona, and an M.S. from the National Defense University. He is a Certified Information Systems Security Professional (CISSP), a Certified Fraud Examiner (CFE), and has completed the NACD Cyber Risk Oversight certification course, Wharton Security Executive Development Program and the FBI CISO Academy. He currently serves on the board of the Internet Security Alliance (ISA) where he contributed to the development of the “Cyber-Risk Handbook” that is promoted by the National Association of Corporate Directors (NACD).
Chief Executive Officer, Soluble.ai
Richard Seiersen is co-founder and CEO of Soluble. Prior to that, he spent 20 years deep in the salt mines of security operations and development. Along the way, he became a serial CISO with stints at LendingClub, Twilio and GE. But he got his start in security startups building vulnerability management products for companies like Qualys and Tripwire. He’s also the co-author of “How To Measure Anything In Cybersecurity Risk,” and the forthcoming “The Metrics Manifesto: Confronting Security With Data.”
President and Chief Executive Officer, Security Division, NTT
Matt Gyde is President and Chief Executive Officer at NTT’s Security Division, where he is also the representative director on NTT Security’s board of directors. In his nearly 25 years in the cybersecurity industry, he has held leadership positions at Dimension Data, Datacraft, Surf Control and Secure Computing.
Field Chief Technology Officer, Palo Alto Networks
John Kindervag joined Palo Alto Networks as Field CTO in 2017 after eight and one-half years at Forrester Research where he was a Vice President and Principal Analyst on the Security and Risk Team. John is considered one of the world’s foremost cybersecurity experts. He is best known for creating the revolutionary Zero Trust Model of Cybersecurity.
Zero Trust is widely embraced by companies as diverse as Coca Cola, Google, and WestJet Airlines. Notably, the US House of Representatives is recommending that all government agencies adopt Zero Trust in the wake of the OPM Data Breach. Additionally, Chairman Jason Chaffettz wrote a bylined article in Federal News Radio endorsing Zero Trust. These recommendations have led to increasing adoption of Zero Trust within the United States Federal Government.
He currently advises both public and private sector organizations with the design and building of Zero Trust Networks and other Cybersecurity topics. He holds, or has held, numerous industry certifications, including QSA, CISSP, CEH, and CCNA. John has a practitioner background, having served as a security consultant, penetration tester, and security architect. He has particular expertise in the areas of secure network design, wireless security, and voice-over-IP hacking. He has been interviewed and published in numerous publications, including The Wall Street Journal, Forbes, and The New York Times. He has also appeared on television networks such as CNBC, Fox News, PBS, and Bloomberg discussion information security topics. John has spoken at many security conferences and events, including RSA, SXSW, ToorCon, ShmoCon, InfoSec Europe, and InfoSec World. John has a Bachelor of Arts degree in communications from the University of Iowa and lives in Dallas, TX.
Head of North America Technology Practice, Egon Zehnder
Based in New York, Kal Bittianda is a trusted advisor for helping companies and leaders leverage and harness technology. As the leader of Egon Zehnder's North America Technology Practice, he works closely with companies in the mobility, communication, systems, software, and technology-enabled service sectors. He also conducts executive search for chief technology, data, and information security officers.
Before joining Egon Zehnder, Kal led business units for Kyriba (enterprise cloud solutions), EXL (knowledge and business process outsourcing), and Inductis (analytics consulting and services). As a Consulting Partner at Azendant and Inductis, Kal advised C-level executives on growth strategies. Previously he was an Engagement Manager at the Mitchell Madison Group. Kal began his career in technology and leadership roles at Unisys and International Paper.
Kal earned a BTech in naval architecture from the Indian Institute of Technology, in Madras/Chennai, in India, an MA in industrial engineering from Purdue University, and an MBA from Harvard Business School. He advises nonprofit organizations and early-stage companies in the New York area, also investing in some of the latter. Kal has two young daughters and enjoys exploring new places in other countries, running in marathons, and following his favorite sports teams and athletes.
Advisor, Technology and Communications & Industrial Practices, Egon Zehnder
Will Houston, based in Washington, D.C., has more than 20 years of experience in the industrial and technology sectors, the military, and federal government. He is active in Egon Zehnder's Technology and Communications and Industrial practices.
Prior to joining Egon Zehnder, Will was a Head of Strategic Partner Development in Google's Emerging Business Development group. Previously, Will served as the Director of Policy and Planning for Customs and Border Protection in the U.S. Department of Homeland Security and as a consultant with Diamond Technology Partners, where he advised Fortune 500 clients on digital strategy. Will began his career as an Army Intelligence Officer, serving four years on active duty. He continues to serve as a Reservist and is a Lieutenant Colonel in Cyber Command.
Will earned an AB from Princeton University, an MBA from the Wharton School, and a master's in international relations and economics from the Johns Hopkins School of Advanced International Studies. He was also a Fellow with the Robert Bosch Foundation in Berlin and serves on the advisory board of the Alumni & Friends of Princeton University ROTC. He is a passionate outdoorsman who loves duck hunting and fly fishing.
Chief Security Officer, Southern Methodist University
George Finney is the Chief Security Officer for Southern Methodist University and the author of “No More Magic Wands: Transformative Cybersecurity Change for Everyone.” He has also taught Corporate Cybersecurity and Information Assurance in the SMU School of Engineering. Before joining SMU, George worked with several startups and global telecommunications firms designing networks, writing policy, hardening servers, and educating users. George received his J.D. from Southern Methodist University's Dedman School of Law and his B.A. in mathematics and philosophy from St. John's College in Santa Fe, New Mexico. George is a member of the Texas CISO Council, a governing body member of the Evanta CISO Coalition, and an advisory board member for SecureWorld. George is an licensed attorney in the state of Texas, a Certified Information Privacy Professional, a Certified Information Security Manager, as well as a Certified Information Security Systems Professional and is a frequent speaker on Cybersecurity topics across the country. His blog can be found at www.strongestelement.com where he writes on topics focusing on improving Cybersecurity awareness through a unique approach that combines neuroscience, psychology, and wellness.
Chief Information Technology Officer, Allianz Malaysia
Yorck O.A. Reuber is Chief Information Technology Officer at Allianz Malaysia. Previously he was Chief Technology Officer for AXA IT. A certified Navy Chief Engineering Officer, Yorck formerly held senior-level positions at IBM, Verizon, and T-Systems.
Partner and Chair of the Global Privacy and Cybersecurity Practice, Hunton Andrews Kurth LLP
Lisa Sotto chairs the top-ranked Global Privacy and Cybersecurity practice at Hunton Andrews Kurth. She is the managing partner of the firm’s New York office and serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity and was named among the National Law Journal’s “100 Most Influential Lawyers.” She also serves as Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee.
Chief Technology Officer, Deutsche Cyber-Sicherheitsorganisation GmbH
Dr. Andreas Rohr is founding manager and Chief Technology Officer at the German Cyber Security Organization GmbH. In this role, he leads cyber defense services and security engineering for the operative business. Previously, he worked in management positions at RWE and Volkswagen and before that was responsible for Federal Ministry of Defense, including forensics management and auditing security and business-critical processes and IT systems.
Managing Director, Accenture Security, Accenture
Robert is a Managing Director in Accenture’s Global Cybersecurity practice. Robert responsible for growth and development of Accenture’s the Cyber Threat Operations capabilities. He also provides hands-on consulting services to the Global 2000 in the ares of advanced security operations, crisis preparedness and response, and cyber defense and protection strategies.
Robert has a degree in Computer Science from University of New Brunswick.
Managing Director, Accenture Security, Accenture
More than 20 years of information security experience and technical knowledge has established Justin Harvey as a trusted cyber threat security advisor to executives and government leaders at some of the world’s largest commercial and government organizations. His work with major global entities has taken him across Asia to lead large-scale incident response efforts in the wake of targeted attacks, to the Middle East to advise enterprises and ministries of defense on threat intelligence and persistent threats, and to Australia to direct security operations.
At Accenture, Justin is the global lead for the FusionX Incident Response Practice; providing security thought leadership, acts as a strategic advisor on cyberespionage, cyberwar and cybercrime to our global client base, and serves as executive sponsor for research initiatives within Accenture Security. Prior to joining Accenture, Justin was the CSO of Fidelis Cybersecurity after spending time as the vice president and CTO of Global Solutions at FireEye. Prior, at Mandiant, he worked with industry executives, thought leaders, analysts and partners to influence the company’s industry position, shape product direction and develop strategic partnerships.
Previously, as Chief Solutions Strategist with HP Enterprise Security, Justin provided strategic consulting to C-level management at leading companies. At CPSG Partners Consulting, a U.S.-based systems integrator, Justin led the western U.S. region in delivering large-scale security projects to Fortune 100 companies. Earlier in his career, Justin provided network and system security expertise at GTE Internetworking (now Verizon), DIGEX, Sun Microsystems, [email protected] and other organizations.
In 2015, Justin testified before the United States Senate Judiciary Committee’s Subcommittee on Privacy, Technology and the Law on the topic of data brokerage firms and consumer data security.
Justin regularly speaks at industry conferences. As a sought-after expert on data breaches, cyberespionage and cybercrime, Justin provides commentary to top-tier online, print and broadcast news outlets, including ABC News, BBC News, Newsweek, The Guardian, Politico, eWeek, CSO, Financial Times, The New York Times, U.S. News & World Report, Federal Computer Week, Reuters and the Associated Press.
Justin is a Certified Information Systems Security Professional (CISSP) and received advanced SCADA Red Team/Blue Team Training for critical infrastructure threats, attacks and response from the U.S. Department of Homeland Security.
Managing Director and U.S. Cyber Product Leader, Marsh
Robert Parisi is a managing director and National Cyber Product Leader in Marsh’s New York City headquarters. His current responsibilities include advising clients on issues related to intellectual property, technology, privacy, and cyber related risks as well as negotiating with the carriers on terms and conditions. Robert is also responsible for coordinating Marsh’s Global Cyber Network.
Prior to joining Marsh, Robert was the senior vice president and Chief Underwriting Officer (CUO) of eBusiness Risk Solutions at AIG. Robert joined AIG in 1998 as legal counsel for its Professional Liability group and held several executive and legal positions, including CUO for Professional Liability and Technology. While at AIG, Robert oversaw the creation and drafting of underwriting guidelines and policies for all lines of Professional Liability. Robert was also instrumental in the development of specialty reinsurance to address aggregation of risk issues inherent in cyber, privacy and technology insurance. In addition to working with AIG, Robert has also been in private practice, principally as legal counsel to various Lloyds of London syndicates.
While at Marsh, Robert has worked extensively with Marsh clients in all industries, assisting them in analysis of their risk as well as in the placement of coverage for cyber and privacy risks.
Senior Vice President and Chief Information Officer, Palo Alto Networks
Naveen Zutshi joined Palo Alto Networks as Sr. Vice President and Chief Information Officer in December 2015. In this role he is responsible for Palo Alto Network’s Information technology solutions, driving a comprehensive strategy for information technology that will help scale the company rapidly, deliver on innovative solutions globally, and build a world class IT organization.
Naveen’s experience spans applications, software development, infrastructure and leading organizations in large scale enterprises to small startups. Prior to Palo Alto Networks, Naveen was Senior Vice President, Technology at Gap Inc. responsible for the company’s infrastructure, operations, and information security organizations. Before Gap, Naveen spent three years as Vice President, Technology and Operations for Encover, a SaaS CRM company. In this role, Naveen was responsible for developing and bringing to market Service SaaS software. Prior to Encover, Naveen spent seven years with Cisco, serving in both infrastructure and applications roles with an emphasis on sales productivity and infrastructure automation. Prior to Cisco, Naveen spent six years with Wal-Mart, serving in a variety of IT/development positions including responsible for building applications that connected buyers to hundreds of thousands of suppliers worldwide.
He earned a BE in Computer Engineering from Bangalore University and an MBA from University of Arkansas.
Global Head of Derivative Trade Processing IT, BNP Paribas CIB
Alice Cooper is Global Head of Derivative Trade Processing IT at BNP Paribas CIB. She has held a wide range of responsibilities at BNP Paribas across a number of IT functions for trades processing, credit, and equity. Previously, she worked at Mitsubishi Bank and Citibank.
MBE — Chief Security Advisor, Microsoft
Siân John is an executive security advisor in the enterprise cybersecurity group at Microsoft. Siân has worked in cyber security since 1997, and has worked at the Houses of Parliament, Ubizen and Symantec.
In her current role Siân works with Microsoft’s UK customers to help them to develop their cyber security strategy, security best practices and to understand how Microsoft’s technology and services can help support digital transformation and cloud services.
Siân is passionate in advocating the role that Cyber Security must play in enabling the modern digital economy. Over more than 20 years she has worked with customers across the public and private sector to help them understand their risk posture and practical steps then can take to manage it.
Siân is the chair of the Digital Economy Programme Advisory Board for the Engineering and Physical Sciences Research Council and a member of the TechUK cybersecurity management committee.
Siân was made an MBE for services to Cyber Security in the New Years Honours List for 2018.
Founder and Chief Technology Officer, Palo Alto Networks
Nir Zuk brings a wealth of network security expertise and industry experience to Palo Alto Networks. Prior to co-founding Palo Alto Networks, Nir was CTO at NetScreen Technologies, which was acquired by Juniper Networks in 2004. Prior to NetScreen, Nir was co-founder and CTO at OneSecure, a pioneer in intrusion prevention and detection appliances. Nir was also a principal engineer at Check Point Software Technologies, and was one of the developers of stateful inspection technology.
Navigating the Digital Age, Second Edition is published by Palo Alto Networks. As a company, alleviating the problem of cybercrime is at the heart of everything we do. Our goal is to offer cybersecurity education and training to students of all backgrounds around the globe through the Global Cybersecurity Education Fund. Every action we take, and your readership of this book, gets us one step further on our mission to protect our way of life in the Digital Age.
All proceeds for sale on Amazon.com will go toward this fund.