SPEAKER BIOGRAPHIES
SPEAKERS AT THE ENTERPRISE RISK/SECURITY MANAGEMENT
CONFERENCE – OCTOBER 11, 2024
Anatoly Bodner, Global Head of IT Security Capabilities, The Kraft Heinz Company
Anatoly Bodner is a Chicago-based cybersecurity executive, passionate technologist, people leader, mentor and a random hobbyist. Anatoly has been passionately serving the Cybersecurity industry for over 20 years, progressively shifting from technical to leadership and executive roles, and is presently serving as Global Head of Cybersecurity Capabilities at Kraft Heinz where he oversees Cybersecurity Architecture, Engineering and Operations, and driving security as an enabler for business growth and transformation.
Chris Cronin, Principal/Partner, HALOCK
Chris Cronin is a partner at HALOCK Security Labs. Chris has practiced information security for more than 20 years in operations, audit, and consulting roles. Chris created Duty of Care Risk Analysis (“DoCRA”) which defines when a cybersecurity controls is reasonable, and is principal author of CIS RAM, the Risk Assessment Method for CIS Controls. Chris serves as Chair of the DoCRA Council and serves as an active member of the Sedona Conference, a law and technology think tank.
Jeffrey Deakins, CISO, Marmon Holdings, Inc.
As the first CISO for Marmon (28,000+ employees), I have designed, built, and implemented a new strategic cybersecurity program in partnership with our executive team, internal audit, and IT Teams. As a highly skilled and experienced CISO, I have a proven track record of success in implementing and managing security strategies to protect organizations from cyber threats. I deeply understand industry best practices, regulatory compliance, and the latest security technologies. I am a strategic thinker with strong leadership skills, able to inspire and guide teams to achieve common goals. My ability to communicate complex security concepts to non-technical stakeholders has helped me to build strong relationships across the organization. I am excited to connect with other security professionals and continue to learn and grow in my field.
I hold two master’s degrees in IT and a CISM and CISSP certification.
Technical Products: SentinelOne (EDR), Azure (Cloud), ProofPoint (Email Filtering), Cisco Umbrella (URL Filtering), Workday, Salesforce (CRM), Okta (IAM/MFA), BitSight, Power Automate (RPA), Nessus, KnowBe4 (Phishing), Wombat (Phishing), ServiceNow, Active Directory, Microsoft Security Products (Security E5), Python, SQL Server, NIST CSF, CIS 8.0, and much more.
Larry A. Dunham, Digital Risk Officer, University of Illinois at Urbana-Champaign
Larry Dunham’s introduction to the world of IT began as a child when his father gave him a COBOL programming manual and a pad of coding sheets. Thirty years ago, his career in electronics led him into a hardware/software support role for his employer’s PC-based products, and later to enterprise IT and IT security management. Before coming to the University of Illinois in 2014 he was the Chief Technology Officer (CTO) for a Springfield, Illinois financial services firm, managing a body of security policy and overseeing a full external IT Security audit on average every two weeks by one or another of their corporate clients in the financial world.
Upon beginning his tenure at the university, Larry was asked to help establish a Governance, Risk and Compliance program and is currently engaged in transforming risk management from an operational function to a strategic planning resource. In addition, Larry has been an adjunct instructor of Computer Science at the University of Illinois – Springfield for over a decade, primarily teaching information security and information risk management topics to undergrad seniors and graduate students from all over the world.
Stacy Estrada, Asst. Director, Enterprise Architecture and Security, Montage Health
Stacy Estrada has nearly two decades of experience as an IT practitioner and leader and has worked with the US Department of Defense and a large healthcare provider/payer in California. Stacy is a highly experienced Information Security and Information Technology leader with a strong background in leading and security and technical teams, developing and implementing security roadmaps and programs, aligning security with organizational goals, and project management leadership in security and infrastructure implementations in high availability environments.
Stacy graduated from Yale University with a degree in Electrical Engineering. She enjoys mentoring through programs such as Women in CyberSecurity (WiCys). Born and raised in California, Stacy is looking to expand her network in the Midwest.
Joe Gonzalez, Sales Engineer, Cyberhaven
Joe Gonzalez brings over a decade of experience as a cybersecurity professional. He was a founding Sales Engineer at notable companies such as Duo Security and Wiz. He was also a Senior SE at Attack Surface Management company, Censys before making his way to Cyberhaven. During his years of experience, he’s worked with most of the Fortune 100 and helped the most innovative companies solve difficult security challenges. Working with organizations immediately post incident as well as working through multi-year projects to transform cybersecurity programs. His technical background includes focuses on IAM, MFA, Networking, Cloud Security, Attack Surface Management and Data Security. He is passionate about promoting Cyberhaven’s data lineage approach and feels that data security is the most critical area of cybersecurity at this time.
Victor Hsiang, CISO, GATX
Victor Hsiang is an accomplished Information Security, Risk and IT Professional with over 19 years of experience working within the Financial Services and Healthcare sectors. He has an established track record of delivering successful IT and Information Security solutions that manages risk while supporting business requirements. His experience includes implementation of technology, security audits, risk assessments, information records management, privacy concerns, compliance and legal issues related to security, forensics, security practices and policy development. He currently leads the Information Security program at GATX Corporation.
Scott Hunter, RSM, Snyk
Scott Hunter brings more than 20 years of field sales experience helping to provide solutions for customers with challenges ranging from Security Operations and Monitoring, to Identity and most recently in the Application Security. Beginning as a developer, Scott brings a unique technical lens to his problem solving approach and enjoys seeing his customers enjoy success with the solutions he represents.
Marty Kondziolka, Area Manager, AccessIT Group
Martin Kondziolka is a proven sales performer with over two decades of experience in cybersecurity solutions. His extensive background includes roles at industry-leading companies such as WhiteHat Security (now Synopsys), McAfee, and Fortinet. Known for his success in supporting commercial and enterprise accounts, Martin has built strategic business relationships throughout the Chicago region. Now leading AccessIT Group’s 7th and newest satellite office in Chicago, Martin plays a key role in expanding the company’s presence in the Midwest. AccessIT Group, a Pennsylvania-based cybersecurity solutions provider specializing in the design, implementation, and operation of security programs and infrastructure, continues its 23-year growth journey with Martin driving regional development.
Fred Kwong, Ph.D., Vice President, Chief Information Security, DeVry University
Dr. Fred Kwong has been in the information technology field for the past 15 years in working in education, financial, and telecommunication sectors. Fred currently works at a Farmers Insurance where he currently is the Global Head of Privileged Access Control. Fred is currently building a new program seeking to govern, control, and profile privileged identities throughout the enterprise.
Fred’s work includes the creation of security and privacy policies, standards, and procedures. He is a subject matter expert in PCI, leading organizations to pass their report on compliance. With an extensive background in IT technologies, Fred continues to challenge the status quo by providing guidance in security and network architecture creating holistic designs that align to todays’ threat vector for organizations.
Fred has a passion of combining IT skills with organization development values. His broad range of IT skills has allowed him to view IT from many different paradigms and present them to the business partners in an easy to understand language. Fred servers as an adjunct professor at Benedictine and Roosevelt University teaching courses in international business, organization behavior, project management, and information systems. He holds a Ph.D. from Benedictine University and earned his master’s degree in business administration from Roosevelt University. Fred is a Certified Project Management Professional (PMP), a Certified Information Systems Manager (CISM), and a PCI Professional (PCIP).
Derek Milroy, Sr. Security Architect, Large Midwest Enterprise
Derek Milroy is a corporate security professional that has been implementing security, as both an internal employee and as a consultant, for the past twenty plus years. His main areas of focus the past decade or so have been: Systems Hardening (focusing mainly on Windows Forest/Domain/GPO architectures), Vulnerability Management, Patch Management, Log Management/SIM/SEIM, Incident Response, Network Infrastructure Security, Cloud Controls and Hardening, Red Team Program Management, Threat Modeling, and Threat Intel. He is a former QSA, current PCIP, and has also performed ISO 72001/27002, CIS Top18, and NIST CSF assessments.
Mike Neuman, AVP, Security & Compliance, VelocityEHS
Mike is well versed in navigating the complexities of regulated environments, improving cybersecurity operations, and continuously driving compliance. His has successfully lead onshore and offshore teams while maintaining high performance standards and focusing on business solutions and client engagement. Prior to joining VelocityEHS, Mike served as the Vice President of Information Security at Backstop Solutions Group, where he spearheaded the development of a process-driven approach towards achieving FedRAMP certification and SOC2 Type II certification. Earlier in his career, Mike drove the efforts at Florists Transworld Delivery (FTD) to achieve PCI compliance as a merchant and service provider. Mike earned his MS in Communications System Management from Northwestern University and a BA in History and Political Science from Purdue University.
Jody Schwartz, Information Security Office – Card, Capital One
Jody Schwartz is an IT Security leader with 20 years of experience securing diverse enterprises. He has built IT Security and compliance functions from scratch, served as an expert consultant in PCI compliance, created highly effective and efficient IT Security steering committees, and created easy to understand risk reporting for C-level executives.
Jody is currently a Director of the Information Security office at Capital One, responsible for leading and directing the information security governance program and strategic advisory function for the Card division. His core responsibilities include client data protection, regulatory compliance, and cyber security architecture by partnering with key business stakeholders to demonstrate the value of cyber security and achieve business goals.
Jody’s security vision is to follow the strategic direction of the business, always utilizing risk focused lenses to identify potential exposures. He strives to empower his teams to exceed their goals and change the perception of cyber security to a trusted business partner.
He has held cyber security leadership positions at Deloitte, JP Morgan Chase, Acquity Group / Accenture, and Rewards Network. He has a bachelor’s degree from Indiana University and has held a CISSP certification since 2002.
Steve Scully, Systems Engineer, Stellar Cyber
Steve Scully brings over 30 years of experience in the networking and cybersecurity industry, having worked with leading vendors in Network Detection and Response (NDR), firewalls, and Cloud Access Security Broker (CASB) solutions. His extensive career in the field has given him deep expertise in delivering cutting-edge security technologies to protect organizations against evolving threats. Currently, Steve is with Stellar Cyber, the only Open Extended Detection and Response (XDR) vendor in the market, where he continues to drive innovation in cybersecurity by offering an open, unified approach to threat detection and response.