CISO Q&A with Dark Tangent

Presented at DEF CON 13 (2005), July 29, 2005, 2 p.m. (50 minutes)

The Dark Tangent, founder of DEFCON, invites Chief Information Security Officers from global corporations to join him on stage for a unique set of questions and answers. What do CISOs think of David Litchfield, Dan Kaminsky, Joe Grand, Metasploit, Black Hat, and DEFCON? How many years before deperimeterization is a reality? Is security research more helpful or harmful to the economy? What privacy practices do CISOs personally use? These questions and others from the audience will be fielded by this panel of security visionaries.


  • Scott Blake - Liberty Mutual
    Scott Blake is Chief Information Security Officer for Liberty Mutual Insurance Group and is responsible for information security strategy and policy. Prior to joining Liberty, Scott was Vice President of Information Security for BindView Corporation where he founded the RAZOR security research team and directed security technology, market, and public affairs strategy. Scott has delivered many lectures on all aspects of information security and is frequently sought by the press for expert commentary. Since 1993, Scott has also worked as a security consultant, IT director, and network engineer. He holds an MA in Sociology from Brandeis University, a BA in Social Sciences from Simon's Rock College, and holds the CISM and CISSP security certifications.
  • Pamela Fusco - Merck
    Pamela Fusco, CISSP, CISM, CHS-III, Chief Security Officer, Merck & Co., Inc.
  • Ken Pfiel - Capital IQ
    Ken Pfeil is CSO at Capital IQ, a web-based information service company headquartered in New York City. His experience spans over two decades with companies such as Microsoft, Dell, Avaya, Identix, and Merrill Lynch. Ken is coauthor of the books "Hack Proofing Your Network - 2nd Edition" and "Stealing the Network - How to Own the Box," and a contributing author of "Security Planning and Disaster Recovery" and "Network Security – The Complete Reference."
  • Justin Somaini - Verisign
    Justin Somaini is Director of Information Security at VeriSign Inc. where he is responsible for managing all aspects of network and information security for VeriSign. With over 10 years of Information Security and Corporate Audit experience, Justin has leveraged his knowledge of audit and large organizations to remediate global infrastructure problems and create a full risk identification and remediation Information Security group. Previously, Justin was the Director of Information Security Services for Charles Schwab Inc., where he was responsible for all aspects of Information Security Operations. Before that he was a Manager with PricewaterhouseCoopers LLP where he spent several years developing their attack and penetration leadership and audit practice.
  • Andre Gold - Continental Airlines
    Andre Gold is currently Director of Information Security at Continental Airlines, one of the world's largest and most successful commercial and freight transportation providers. Before assuming his current role, Mr. Gold served as Technical Director of Internet Services, responsible for Continental's property, which contributes over a billion dollars a year in revenue for Continental. Prior to Continental Airlines, Inc. Mr. Gold worked as a consultant in the IT industry. Mr. Gold has a BBA in Computer Information Systems from the University of Houston-Downtown and received his commission in the Army from Wentworth Military Academy. In addition to his position at Continental, Mr. Gold servers on the Microsoft Chief Security Officer Council, the Skyteam Data Privacy and Security Subcommittee, as well as eEye Digital Security's Executive Advisory Council.
  • David Mortman - Seibel Systems
    David Mortman, Chief Information Security Officer for Siebel Systems, Inc., and his team are responsible for Siebel Systems' worldwide IT security infrastructure, both internal and external. He also works closely with Siebel's product groups and the company's physical security team. Previously, Mr. Mortman was Manager of IT Security at Network Associates, where, in addition to managing data security, he deployed and tested all of NAI's security products before they were released to customers. Before that, Mortman was a Security Engineer for Swiss Bank. A CISSP, member of USENIX/SAGE and ISSA, and speaker at RSA 2002 and 2005 security conferences, Mr. Mortman has also been a panelist at InfoSecurity 2003 and Blackhat 2004. He holds a BS in Chemistry from the University of Chicago.


Similar Presentations: