Speakers at the Enterprise Risk / Security Management - Governance/Risk/Compliance Conference

Marcin Budzik
Over the last year, in the new role as the Companyís IT Security & Compliance Officer, at Fort Dearborn Company, who faces new challenges, including Data Security, Risk Management and Disaster Recovery.  During the tenure with Fort Dearborn, Marcin instigated a number of programs and initiatives including rigid Problem and Change Management, Risk Management and Systems Monitoring. Lead companyís first Disaster Recovery program which resulted a first comprehensive DR Plan and an off-site DR location.  Current challenges include moving to a new DR site and re-evaluating DR requirements from a risk based and business impact analysis perspectives. Between 1994 and 1998 worked for non-for-profit and telecommunication sectors in technical roles including infrastructure consulting, UNIX and Networking.  Through out his career, Marcin has been a holder of key industry certifications, including CNE, MSCE, ITIL and most recently CISSP.  He is member of Association of Computing Machinery, IT Infrastructure Association, and ISC square.  He also holds a BA in Computer Science Northeaster University and graduate degree in Information Systems Management from Roosevelt University. In spare time, Marcin spends time with his family, but also he is not a stranger to scuba and wind surfing.  He is also an aspiring marathoner.
Sarah Buerger
Sarah Buerger is a compliance, security management and privacy expert for IT. She has experience with SOX, US and European privacy laws, PCI DSS, GLBA and HIPPA. She is currently the Sr. Director of IT Risk Management at US Foods in Chicago. Prior to joining US Foods in April, 2012, she was the Director of Information Security and Risk Management at CNA Financial, a commercial property and casualty insurer, for nine years. Sarah also has experience in product management and product development at Exelon and AT&T. Sarah started her career as an auditor at Arthur Andersen & Co.
Sarah has a B.S. in Accounting from the University of Illinois at Urbana-Champaign and an MBA from the Kellogg Graduate School of Management at Northwestern University. She is also a CIPP/IT (Certified Information Privacy Professional). She lives in the Chicago area with her husband, 11 year old twins, dog and 3 cats. Her hobbies include distance running and playing the flute in a community band.
Joseph Burkard
Joe Burkard is currently the Director of Global IT Security and Risk Management at Baxter International. In this role Joe is responsible for the Global IT Security strategy, policies and governance; Continuity and application recovery; and IT Operations Risk assessment, risk management and reporting. He has over 15 years experience as an Information Technology Risk Consultant, IT Auditor and Information Security practitioner, and he has worked with multiple industries and organizations including Arthur Andersen LLP, Protiviti Inc. and Miller Brewing. Joe is a CISA, CISM and CISSP and is currently pursuing his MBA at the Lake Forest Graduate School of Management. He has previously been a featured speaker at the ISACA 2004 CACS and 2006 Security Management conferences.
Drake Cody
Drake Cody leads the Risk Management group at Allstate Insurance Corporation (AIC). Drake has 15 years of progressive IT and security experience and has been part of numerous key enterprise level security projects and initiatives enhancing Allstate's defense in depth approach to security. Drake has directed the development of the overall Risk Management practice for AIC that has been crucial in managing risk levels through effective security base-lining, metrics and effective risk management framework implementations. Drake also maintains the integrity and security of the corporation's data and systems through proactive management of Application Security, Vulnerability Management, Security Event Analysis, Computer Incident Response, Data leakage prevention (DLP), Electronic Discovery, Records Management and Computer Forensics practices.
Michael Gabriel
Michael Gabriel has been employed by Career Education Corporation, a $1.8B for-profit, post-secondary education services company, since 2004 when he was tasked with building an information security program from the ground up. Michael came to CEC from a background in the global investment banking industry, where he provided security management and engineering since 1995. He has also practiced in the security consulting field, including a stint as an interim security director for an Internet banking startup. Michael is sought out for speaking engagements on information security topics and is a frequent contributor to security-related articles.
John Germain
As CISO, John Germain provides strategic vision and leadership for Xylem Inc, a newly formed company resulting from a spinoff from ITT Corporation. Focusing on information risk management, regulatory compliance and infrastructure security operations, John is a proven leader responsible for designing the overall information security program and architecture as well as building and maintaining Information Security capabilities for Xylemís global multi-industry footprint. Prior to his current position, John was the Director of IT Security at ITT with previous IT infrastructure leadership roles in the areas of networking and access control. 
Mark Guth

Mark Guth, Manager of IS Security at Nicor Gas, has over 20 years of Management experience in the IT arena. Strong background in telecommunications, network, and operational management for companies such as LaSalle Partners, Ameritech, and Comdisco. For the past 5 years, my Nicor Gas focus has been on operational management, internal controls process development, Security, and Disaster Recovery.

Daniel M. Harris
Danny is an accomplished cyber security specialist, knowledgeable in all phases of the secure software development life cycle (SDLC). His career includes experience in various industries including financial, education, manufacturing, and government. He is a thought leader in information security, privacy and related technologies, with a plethora of experience in crafting security policies and standards that meet business needs and regulatory compliance requirements. His primary role at Security Innovation is to leverage this expertise to deliver world-class application and Secure SDLC assessment services and expert training to the companyís diverse client base. Danny also provides valuable content and quality assurance to the companyís TeamMentor Secure Development knowledgebase product. He has trained and presented to thousands on topics that range from application security metrics to web application security.
Prior to joining Security Innovation, he was Manager of Application Security Software Development Lifecycle and Training for Aon.  
Chris John
Chris is the Vice President of IT Risk & Controls for M&I Bank where he is responsible for IT governance, risk and compliance. Chris was selected to chair M&Iís initial Social Media Policy Committee in 2009. This was a cross-functional corporate team charged with creating a social media policy that balanced the business needs of this emerging topic with the bank's legal and regulatory requirements. The resulting policy was approved by the Enterprise Risk Committee and the Board of Directors on the first attempt. Chris serves on the company's operational Social Media Committee in a similar capacity. His career started with a background in finance and accounting where he held positions in Internal Audit for a regional bank, in public accounting with a Big 4 firm, and in corporate reporting for a Fortune 500 company. Chris' career moved into IS and IT where he served as a consultant for a global firm, as an IT Audit Manager, as an Information Security Specialist, and in his current position. All of the IT positions have involved the risk, control and/or security of information systems and technology. Chris is a CISM, CISA, CGEIT and CPA. He also holds a B.B.A. degree from the University of Wisconsin - Whitewater and a M.S. degree from the University of Wisconsin - Milwaukee.
Paul Kunas
Mr. Kunas is currently the Director of IT Security at Sidley Austin, a global law firm. Prior to Sidley, Mr. Kunas was the IT Security Governance and Strategy Manager for Exelon Corporation, one of the nationís leading power utility companies, and a Senior Manager with Accenture, Information Security Consulting.

Mr. Kunas is a CISSP with over 15 years of information security experience consulting and implementing leading edge solutions. Mr. Kunas is responsible for corporate IT security policy and governance decisions to support overall IT risk management within his organization. Mr. Kunas has experience with risk management, vulnerability management, network security, identity and access management, incident response, and other security domains. Mr. Kunas holds a MS in Information and Communication Science from Ball State University.
Elizabeth Martin
Elizabeth Martin is the Director of Security Services with Redlegg and is responsible for the development and delivery of the Risk Management practice. Elizabeth's tenure includes Arthur Andersen, IBM Internet Security Systems, and Trustwave. She has nearly 15 years experience in the Information Security, Compliance, and Risk Management industry and her expertise lies with assessing organizations and assisting with the development of a strategic approach to Information Security. Ms. Martin has extensive experience delivering Compliance Gap Assessments and Audits, Risk Assessments, Vulnerability Assessments, Policy Framework Development, and Solution Design and Deployments in the automotive, retail, financial, healthcare, government, and managed security services verticals.  
David Ogbolumani
David Ogbolumani is a thought leader in Information Security and Enterprise Risk Management. He was the IT Distinguished Member of Technical Services and Director of Global IT Security at The Kellogg Company where he built the Information Security and Risk Management Practice from scratch. He is currently an Industry Consultant advising organizations of various sizes . David focuses on Enterprise Risk Assessments, Network Security Breach and Incidence Response Planning, IT Security Metrics, Regulatory Compliance, Network Systems Protection, Secure Software Development, Cloud Security, Mobile Device Security, Defining Organizational Security Requirements, providing temporary CISO functionality and Board Advisory Services. His certifications includes Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA), Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA). In addition to his certifications, David also holds a JD and passed the California Bar in 2014.
Arti Arora Raman  
Arti heads a team responsible for product planning, design, management and marketing, plus partner and advisor programs for the Company. Arti brings product vision, operational skills, and the proven ability to attract world class experts to emerging companies. Arti joined Agiliance from Critical Research Group (CRG), a firm she founded in 2005 to help young companies receive product and market feedback from senior executives at F500 companies. Prior to CRG, Arti co-founded Liquid Engines with Dr. Edward Lazear (Chief Economist at the White House, Professor at Stanford University). There Arti's team designed the first multi-year tax and cashflow optimization application for legal entities, and she attracted renowned tax luminaries and two Noble Prize economists as advisors. Liquid Engines (TRI) raised $22M during her tenure as CEO then head of product/business development. Prior to Liquid Engines, Arti was Director of Customer Care at Zamba, a CRM professional services organization acquired by TSC. There she created the Customer Care Coefficient, a systematic method to assess the quality of customer care and return from investment in CRM Systems. Arti received her MBA from the William E Simon Graduate School of Business and her Bachelors in Economics from Delhi University, India.
Joe Slone Joe is the Chief Architect and Sr. Director Security at 1SYNC, the worlds largest GDSN Data Pool which provides supply chain solution to suppliers and retailers. Joe is responsible for leading all aspects of the companyís enterprise architecture and security program, including strategy and design of application and infrastructure components. He leads technology innovation to support business growth goals & strategies, including the development of in-house security expertise, policies, governance, implementation and representing security to customers, and has made security a competitive differentiator for the company.
Steve Sullivan

Steve Sullivan is the Director of Information Technology and Chief Security Officer for Central DuPage Hospital located in Winfield, IL, with convenient care centers and physician offices throughout DuPage County. Central DuPage Hospital is the third largest employer in DuPage County and has been named as a Top 100 Most Wired and Wireless Hospital by Hospital & Health Networks. Steve's role and responsibilities encompass information security, business continuity and disaster recovery. His broad background includes over 20 years in the IT industry from computer/software sales, technical support, programming, product development, change management, project management, IT team management and regulatory compliance issues regarding JCAHO, HIPAA and PCI.

Stefan Wahe  
Stefan has been dedicated to developing organizational security and security architecture in Higher Education since 2001. During this time he has developed knowledge and experience in (1) developing and implementing security policies; (2) identifying IT security threats and risks; and (3) identifying and implementing technical and procedural controls. Stefan currently leads a team to secure the enterprise business applications of the University of Wisconsin-Madison and The University of Wisconsin System. During Stefan's career he has work to develop and implement standards for Identity Management through InCommon and Internet2. He also was the primary author of The Open Groups paper titled "Enterprise Security Architecture: A Policy Driven Approach".  
Jay Weber
Jay Weber is a Manager at Zenith Infotech.
Karl F. Wehden
Karl F. Wehden is the Information Governance Strategist at IBM.Karl Wehden has over 12 years of experience in the high technology and finance sectors. Karl has served as an Information Security Officer for a major investment bank, a national program director for Oracle, and has delivered major initiatives both as part of the business and as a trusted partner. Karl brings a proven track record of developing highly relevant engagement strategies for security and infrastructure technologies. Karl works with customers in highly regulated industries worldwide for IBM, developing and targeting usage of control frameworks and programs for Information Governance. In the course of Karlís career, he developed one of the early insider threat management practices at a US investment bank from detection, incident management, forensic evidence capture. Karl was an early pioneer in the use of in memory data processing technology for high frequency trading applications for real time trade risk management. Additionally Karl bootstrapped the financial services practices for several successful software companies. Karl started his technical career at a DARPA funded research organization for advanced uses of real time simulations (C2/C3).