Gartner Security & Risk Management Summit

Peter has been working in the information security field for 14 years and currently heads the information security function at M&S. Over the past two years, one of his key initiatives has been to drive better value from the security budget through the appropriate use of managed security and professional services from M&S’s security partner, Verizon Business.

Ant Allan, Ph.D., is a research vice president in Gartner Research. He is a core member of the identity and access management (IAM) research community and specializes in IAM program management and in key "authentication" and related "administration" technologies, processes and best practices.

Bradley Anstis is responsible for Technical Strategy at M86 Security and primary spokesperson for the company on aspects related to the evolution of the technical and strategic product direction beyond the immediate roadmap. In this role he evaluates new technologies and products that could enhance or extend the core M86 product line. He is a regular speaker at global industry and security conferences talking about new malware threats and the evolution of cybercrime. Bradley is a 20 year veteran of the IT industry and and a leading authority on the topic of Internet threats and cybercrime.

Mark has eighteen years experience in corporate and information security, information risk management, business continuity and risk consultancy. He began his career within the UK Government as a member of HM Forces (Army) where he specialised in security management, progressing through the ranks and gaining a wide range of experience in various elements of security, including physical, logical and key-point consultancy. Mark also fulfilled a number of specialised geo-political analytical roles in the UK, Europe and subcontinental Asia. Upon leaving the Army in 2005, Mark moved into the commercial sector as the Security & Export Compliance Manager for Harris Communications with responsibility for EMEA defence sector operations. In order to broaden his commercial experience, Mark then moved into specialised security and risk management consultancy, advising QinetiQ against animal rights extremism, prior to joining SunGard in May 2007, where as the UK Security Manager he held responsibility for all aspects of internal and customer facing security operations. Since moving to SABMiller in January 2010, Mark assumed strategic responsibility for the global management and oversight of all aspects of information security & compliance, information risk management, ICT Continuity and IT disaster recovery. A member of a number of professional security bodies, Mark holds numerous security qualifications as well as full professional membership of the Business Continuity Institute.

Mick has over 30 years experience in IT, predominantly working in IT Service Management. More recently Mick has specialised in Risk Management and is responsible for embedding risk management throughout the IT organisation and developing a risk tool to provide better quality information for decision making.

F. Christian Byrnes is a managing vice president in Gartner. His team is distributed across the globe and covers the management of risk-related programs such as Information Security, Business Continuity, Privacy and Compliance. In addition, he consults with leading organizations worldwide on technology direction, security trends and best practices.

French Caldwell is a vice president and Gartner fellow in Gartner Research, where he leads governance, risk and compliance research. Mr. Caldwell advises executive clients and program managers of Global 2000 companies and government agencies on strategies, markets, public policy and processes. He leads strategic research and advisory projects on governance, risk management and compliance (GRC), corporate governance, enterprise risk management (ERM), vendor risk management, IT risk management, public policy and legal developments, knowledge management, and strategic information risk analysis. He advises on emerging issues in public policy and corporate affairs such as Dodd-Frank Whistleblower rules, U.K. Bribery Act, third-party risk management and cross-border compliance. He led the ground-breaking White House-sponsored cyberterrorism war game, Digital Pearl Harbor, and has appeared on international news programs, including a documentary on the History Channel. He established Gartner research and advisory programs on knowledge management, digital society, government, public policy, and risk management and compliance.

Perry Carpenter is a research director in the secure business enablement group, which is part of the Information Security and Privacy research organization of Gartner Research. His primary focus is on identity and access management (IAM), data privacy, and the information security organization.

Carsten Casper is a research director with Gartner Research, responsible for the Privacy Key Initiative and for the security role in Gartner for IT Leaders in Germany. He advises clients on privacy and security strategies and technologies, in particular regarding European regulations, data protection, certifications, managed security services and compliance.

Mario de Boer, Ph.D., is an analyst in the Burton IT1 Security and Risk Management Strategies team. He covers endpoint security, cryptography, risk management and compliance.

Gavan Egan is Executive Director Sales for Verizon Business Security Solutions in EMEA. Gavan has 20 years cross-functional experience in the technology industry with over 10 years global experience in the IT security industry. As Director Sales, EMEA, Gavan is responsible for the building the Security Solutions Sales organisation in EMEA and driving revenue growth.

Sr. Director of Consumerization at Trend Micro, Cesare Garlati is evangelist for mobile security, responsible for raising awareness of Trend Micro’s vision for security in an increasingly consumerized IT world, plus ensuring that customer insights are incorporated into Trend solutions. Prior to Trend, Cesare held director positions within leading mobility companies including iPass, SmithMicro Software and WaveMarket and was senior manager of product development at Oracle, where he led the development of Oracle’s first cloud application and other modules of the Oracle E-Business Suite. Cesare holds a Berkeley MBA, BS in Computer Science and certifications from Microsoft, Cisco and Sun.

John E. Girard is a VP and distinguished analyst in Gartner's Info Security and Privacy Research Center. He specializes in business security and privacy solutions for wireless and mobile road warriors, extranet, remote offices and teleworkers.

Clive Gladwin is the Head of IT Security at Transport for London, with responsibility for all aspects of operational security for the group. Clive has nearly 30 years of experience in the IT industry and has delivered security projects across a range of industry sectors, including financial services, aviation and telecommunications. In his current role Clive is focused on continuous improvements to TfL’s security controls, processes and practices, in line with business requirements and the ever changing threatscape.

Andrew Gowers has a lifetime’s experience in newspapers and on the front-line of corporate crises in Britain, Europe and the US. A financial journalist for 25 years, most of them at the Financial Times, as Editor, and Foreign, and Middle East Editor, he went onto work in corporate communications, first at the global investment bank Lehman Brothers and then at BP - closely involved in the two most high-profile corporate crises of recent decades. He was Head of Corporate Communications and Brand at Lehman Brothers when the bank spectacularly collapsed in 2008, triggering the global financial crisis. After a stint at London Business School, he joined the oil giant BP as Head of Group Media, and was part of the company’s communications response to the Gulf of Mexico oil spill.

Jay Heiser is a research vice president specializing in the areas of IT risk assessment and management, regulatory compliance, collaboration security, security policy and security organization. Current research areas include cloud and SaaS computing risk and control, technologies and processes for the secure sharing of data with external partners, and the writing and enforcement of corporate policies.

Trent Henry is a research VP covering security and risk management strategies. His primary research topics include information protection, compliance and control standards, data and content security, and internal cloud security.

Siân John CISM, CISSP is a Security Strategist for the UK and Ireland Enterprise business at Symantec. Sian is the Security CTO for the UK and Ireland enterprise business engaging with senior individuals in customers and feeding back their requirements to the Security Business Unit. She leads Symantec’s engagement with large customers working at senior level to understand their business priorities, and providing guidance on security and risk management issues. Siân has worked in the IT industry for over 18 years working as a security architect with customers and then as an independent security consultant working on mapping customers business requirements into security solutions.

Siân John CISM, CISSP is a Security Strategist for the UK and Ireland Enterprise business at Symantec. She acts as the Security CTO for the UK and Ireland enterprise business engaging with senior individuals in customers and feeding back their requirements to the Security Business Unit. She leads Symantec’s engagement with large customers working at the senior level to understand their business priorities, providing guidance on security and risk management issues. Siân has worked in the IT industry for over 18 years working both as a security architect at customers and then as an independent security consultant working on mapping customers business requirements into security solutions.

Sam King is VP of product strategy and marketing at Veracode, where her responsibilities include product and go-to-market strategy, messaging and positioning, service packaging and pricing. Ms. King joined Veracode from VeriSign (Guardent), where she held product management/marketing responsibilities and managed professional services, solutions architecture and customer relationship management teams. She developed the managed vulnerability protection service and correlated alerting allowing customers to perform recurring network scans and gain real-time security intelligence to manage risk from their network infrastructures. Ms. King received her MS in Computer Science from University of Pennsylvania and her BS in Computer Science from University of Strathclyde in Glasgow, Scotland.

Markus J. Krauss is VP Cloud Computing for NetIQ across Europe, the Middle East and Africa. In this role, Krauss is responsible for leading NetIQ's secure Intelligent Workload Management business strategy within the geography for the development of cloud services with service providers supported by NetIQ's WorkloadIQ product portfolio. Krauss has been with NetIQ/Novell since 1996, holding a number of senior roles, leading to his promotion to VP in 2006. He has over 21 years of experience in the IT and security industry. Originally from Germany, he attended the Friedrich Alexander University in Erlangen-Nuremberg. He speaks English and German.

Mr. Le Vernois is a charter member of the Services Program Office within the Sales and Marketing Group for Intel Corporation. A 25 year veteran of the computer industry, Mr. Le Vernois has held prior Senior Management positions with Sequent Computer Systems, Xerox, IBM, and Unicru; in various Sales and Marketing positions. Over the past 6 years, Mr. Le Vernois has played a key role in the development and execution of Intel’s Channel Services Strategy worldwide.

Debra Logan is a vice president and distinguished analyst in Gartner Research. She covers information governance, e-discovery, legacy information management and strategic information management, along with new and emerging roles in the digital economy. She is currently working on topics including information archiving, information retention management, strategic information management and e-discovery market trends.

Eric Maiwald is an analyst in security and risk management strategies where he covers infrastructure and mobile security. Mr. Maiwald also manages the research calendar for security and risk management strategies with Gartner's Burton unit.

As Finance Director, Louise provides financial and performance management services to IMS especially in respect of budgetary management; scorecard management; financial governance; and risk management. She is accountable for supporting the Departmental Strategic Objectives delivery; maximising the value of the IMS Finance, Performance & Control team; and operating as a member of the HMRC finance community. Louise has recently expanded her role to take on responsibility for managing HMRC’s Change Programme team finance, control & performance Louise has over 20 years experience in both the private and public sectors; she joined HM Revenue & Customs (HMRC) in 2009.

Rob McMillan is a Gartner research director in the ITL Systems Security & Risk team. Based in Sydney, he researches and advises clients on infrastructure protection issues.

Jason D. Mills is currently Director of Emerging Technologies and Innovation at JP Morgan Chase. He is responsible for end user technology engineering for mobile devices and runs the firm-wide mobile AppStore During his corporate career, he has delivered strong leadership and continual results for global technology and business challenges for corporations such as JP Morgan Chase, Citigroup, Smith Barney, and IBM. Mr. Mills has lived abroad in two countries where he led technology divisions and served on executive leadership teams. He has led large operations teams in the financial services industry in the areas of mobile tech, end user and infrastructure innovation, brokerage trading, crisis and risk management, and compliance. He delivers a results oriented approach to management and a continual visionary attitude towards leadership. Born in Bronx, NY, Mr. Mills holds a Bachelor of Science degree in Information Studies and a Master of Science degree in Telecommunications Management from Syracuse University in New York. He serves on the Syracuse University iSchool Board, The Kaufmann Foundation e-Initiative Board and has consistently been involved in civic and community activities.

Alan Murphy provides strategic counsel on F5’s product suite to customers, prospects, analysts, and others. Specializing in F5’s virtualization, management, and security technologies, Murphy is responsible for evaluating and analyzing current technical market trends and the competitive virtualization and cloud landscape. He also works with the field staff on key sales opportunities and assists Product Management and Development with product lifecycle definitions and requirements, based on market analysis and corporate goals. Murphy is an accomplished presenter, with a breadth of speaking experience both in the United States and abroad, and has over 18 years of experience in Information Technology.

Lawrence Orans is a research director in Gartner's Research organization. His research focuses on the integration of security within internal networks, with a particular emphasis on network access control, VoIP and content filtering.

Eric Ouellet is a vice president in Gartner, where he is responsible for research activities and content delivery relating to data loss prevention (DLP); enterprise digital rights management (EDRM); PKI/PKO: Certificate Authorities (CA); database, application and storage encryption; encrypted e-mail; and virtualization and risk management.

Ioan Peters joined the Intellectual Property Office in September 2008 as the Head of Technical Design. Mr Peters is responsible for the design and delivery of IT Services which support the granting of Patents for the UK, representing the office on technical matters within the European and UN communities; and for the security of the Intellectual Property Office. Prior to joining the Intellectual Property Office, Mr Peters specialised in the design, implementation and support of secure applications and infrastructure, much of which was with one of the largest police forces in the UK. He has extensive experience of IT Security, designing secure and highly available systems, running enterprise level IT Operations, virtualisation and SAN technologies.

Paul Proctor is a vice president, distinguished analyst, and the role agenda manager for enterprise and IT risk management. He helps organizations build mature risk and security programs that are aligned with business need. His coverage includes board reporting, KRI development, risk assessment and GRC technologies. His ground-breaking research in Risk-Adjusted Value Management helps organizations integrate risk and corporate performance.

Mathieu Ransijn leads a team in Shell’s Information Risk Management organization and is responsible for the IT compliance monitoring and incident management within the Upstream International business unit. Before joining Shell in 2007, he worked as the Senior IT Audit Manager for over 10 years at KPMG and Arthur Andersen. Mathieu has a degree in Information Management as well as IT auditing and his specialty is to turn complex IT management structures and processes into understandable and workable concepts.

Richard has over 25 years of experience in various government departments, starting in DHSS and, via a series of mergers involving the Contributions Agency (CA) and Inland Revenue (IR), finally ending up in HMRC. After spending the first part of his career in compliance activity and projects, including the Child Support Agency Project and the development of a performance appraisal system for the CA, for the last ten years he has worked in Finance roles in compliance and corporate services, moving to his current role in 2006. He has responsibility for business planning, performance management and risk management and has introduced a streamlined planning process and a balanced scorecard to IMS, both of which are fundamental to the effectiveness of effective delivery in the current austere times. He also has responsibility for driving increased transparency of IT costs within HMRC and is Programme Director of the IMS Cost and Unit Price Transparency Programme. This has already delivered an approach to Unit Pricing of IT costs, closely aligned to “chargeback” and the subject of a recent Gartner Case Study, and is currently delivering an automated performance reporting tool, as well as the Risk Tool which is the subject of the presentation today. Together these tools will help HMRC to understand not only the costs of IT, but also how well that IT is performing and the risks to that performance. The development of a TouchWall application for the risk tool is the first step towards further enhancing the effectiveness of analysis and decision making.

Tom Scholtz is a research vice president in Gartner, where he advises clients on security management strategies, technologies, and trends, and is an acknowledged authority on information security policy design, security organizational dynamics, and security management processes. Based in the United Kingdom, Mr. Scholtz is a regular presenter at European industry events.

Doug Simmons is Burton Group vice president of consulting services. His expertise is in enterprise, e-business and service provider security, risk management, data loss prevention, identity and access management, application and data security, network security, security policy and program development, PKI, messaging and collaboration services.

Don Smith is a leading information security expert who is the technical lead for Dell’s EMEA information security practice. His close ties with Dell SecureWorks’ Counter Threat Unit give him unparalleled visibility into the threat landscape as well as effective countermeasures and protective security strategies. This insight is shared at government conferences and security gatherings around the world. Don has worked in the IT industry for 18 years, starting his IT career with the groundbreaking Edinburgh University spin-off, Vision Group. Don has been with Dell SecureWorks for over six years and is responsible for EMEA security strategy.

John has extensive experience in transforming IT security functions within large organisations and helping them to deliver effective security services across global enterprises. John has advised a number of organisations regarding IT security at the CIO/CEO level and assisted them in establishing strong, business enabling capabilities which have truly enabled the businesses. John is currently the Global Head of IT Security & Service Continuity for British American Tobacco with responsibility for the delivery of the overarching IT security strategy and the implementation of components of the strategy. BAT are currently undertaking a major transformation of how IT security and service continuity functions across the organisation. The transformation project covers the end-to-end aspects of security, from organisational change, governance, policy and standards, technical tool refresh and identity and access management. John has held a number of senior positions within large global organisations, including enterprise architecture, security management, computer forensics, security consulting and CISO roles. In these roles he has helped organisations build strong security functions with focus on transforming the way that security is viewed within those organisations and how it services the business. John holds a Bachelor of Commerce degree in Management Information Systems and a Masters of Business Administration.

With over 20 years of experience in IT security Thung has an in-depth understanding of security compliance and regulations, Identity & Access Management systems and Cloud Computing. Thung has worked for the last 2.5 years at EDB Ergo Group as ICT Security Architect where he is responsible for design and implementation of Identity and Access Management systems from multiple vendors. His previous experience includes working on the national project developing public electronic ID for all Norwegian citizens & also developing one of the first Security Management course for ITILv2, accredited by EXIN, Europe. Thung is CISSP certified.

Marc van Zadelhoff has nearly 20 years of experience in strategy, venture capital, business development and marketing in the IT and security space. Currently, Marc is the Director of Worldwide Strategy for IBM Security Solutions – reporting to the brand’s General Manager and responsible for overall offering management, budget and positioning for IBM’s full software and services portfolio globally. In this role he runs IBM’s customer Board of Advisors and meets with customers globally to develop IBM’s direction. In the four prior years at IBM, Marc has run security M&A for Tivoli, the marketing team for ISS and most recently Strategy, Portfolio & Business Development for IBM Security Services in GTS. Marc is a leading member of IBM’s core security governance teams and has helped to define IBM’s security strategy and marketing approach. Marc joined IBM as one of the executives running Consul Risk Management, Inc., a leading provider of security information management and mainframe security software that IBM Tivoli acquired January 2007. As Vice President of Marketing and Business Development of Consul from 2002 – 07, Marc was responsible for worldwide product marketing, corporate strategy, analyst relations, marketing communications, strategic partnerships and acquisitions. Marc was active in moving Consul’s headquarters from The Netherlands to the United States in 2004; he and his family moved from Amsterdam to the Washington, DC area in 2005. Immediately prior to Consul, Marc worked in The Netherlands at Fortis Banks’ cross-European venture capital fund, NeSBIC Venture Capital Group – an original Consul investor. He invested in a dozen European start-ups, sitting on numerous Boards to help guide business direction. Marc began his career as a strategy consultant in Boston, MA, with Gemini Consulting, spending fours years working on strategy projects in the US, France, Holland, Belgium, Ireland and Canada. He received an MBA in finance from the Wharton School of Business (University of Pennsylvania) and his BA in Economics from Bowdoin College, in Maine.

Andrew Walls is a research director in Gartner Research, where he specializes in information security practices, tools and markets in social media, enterprise governance, awareness/communications, directories, investigations and security program management. Security practices and markets in the Asia/Pacific region are also a focus of his research agenda.

Juergen Weiss is research director and industry services director in the Gartner Industry Advisory Services group, focusing on insurance. Mr. Weiss covers a number of insurance industry topics, including risk management and compliance (for example, Solvency II), billing and payment applications (including SEPA), policy administration systems for European life and general insurers, and innovative topics such as Web 2.0, cloud computing and SaaS. His special focus is European insurance topics, such as system harmonization and alignment of Pan-European insurers.

Jeffrey Wheatman is a research director within Gartner's Information Security, Risk Management and Privacy research group. As an experienced analyst within Gartner's S&RM team, Mr. Wheatman works with senior security and risk management leaders to help them identify, assess and remediate IT-related risks within their environments.

John Whitehill is Head of Security & Continuity for Standard Life. He has over 15 years experience within the security and IT risk advisory industry, and has worked on a range of international projects within both professional practice (‘big 4’ firm) and as part of Standard Life.