Speakers at the Enterprise IT Risk / Security Management Conference

Chris Cronin
Chris Cronin is a Principal Consultant at Halock Security Labs in Schaumburg, IL in the Governance and Strategy Practice. Chris joined Halock after 15 years in IT leadership roles in operations, forensics and audit for private and public companies.

Chrisí involvement in regulatory compliance has a unique path, starting from forensic investigation at Enron, to bringing the first U.S. public company into compliance with Sarbanes Oxley, to now guiding companies toward compliance with Massachusetts CMR 17.00, HIPAA, ISO 27001, EU Safe Harbor, Sarbanes Oxley, PCI DSS and many other laws and regulations.

Chris is a certified GCIH and ISO 27001 Auditor, and holds a Masterís degree from Case Western Reserve University. He has served the SANS Institute on advisory boards and by developing course material for Audit and DLP.
Tony Czarnik
Anthony Czarnikís 360 degree understanding of delivering secure technology solutions has evolved from over 25 years of IT experience, including roles as Software Developer, Consultant, Project Leader, System Engineer, Account Executive and Educator. Currently he manages the Information Security Practice at Savid Technologies. He graduated with honors in Computer Science from DePaul University and then he went on to complete a masterís degree in Management Information Systems. Mr. Czarnik has delivered Application Security solutions including PCI compliance, architected and implemented SIEM / Log Management solutions including HIPAA compliance, and has managed numerous Information Security and Compliance Risk Assessment projects.  
John Dolce
John has over 25 years of Technical and IT Senior Management expertise within various industries including manufacturing, wholesale, legal, as well as financial and logistics service organizations. He has been with True Value for 7 years developing and managing their security and GRC programs while also improving their SDLC, Change and Problem Management. Prior to joining True Value, John assisted Protiviti and Grant Thornton clients with internal audit testing and remediation efforts achieving Sarbanes-Oxley compliance. During 6 years with GE Rail Services, as CSO, he also developed and managed their Security and IT Audit Compliance programs. John has presented and been a panelist at many regional conferences and ISACA events. Along the way, he attained CISSP, CISA, Six Sigma and ITIL Foundation certifications.  
Douglas Ennis
Douglas has almost 20 years of experience in Information Technology. His path in Information Technology has touched many different technology specializations including: development, network, security, mobile device management, pre-sales, and IT Management.

Douglas career began designing and developing a Fixed Income Trading System for an Institutional Investment firm in Chicago. Several years later, Douglas transitioned into Management and was responsible for the IT staff that supported all technologies related to the Fixed Income Trading desk. In 1997, Douglas made a geographical move to Colorado and transitioned to a consulting role as a Network Architect for a regional firm. During his tenure, Douglas designed a variety of networks including: VOIP, Internal Core Networks, and Firewall for clients throughout the Rocky Mountain region. In 2001, Douglas moved to the manufacture side of the industry as a Pre-Sales Security Engineer and for the last 10+ years has worked for a variety of manufactures in a number of different capacities.

Most recently, Douglas is a Business Development Manager for Infoblox responsible for building market position by locating, developing, defining, negotiating, and closing business relationships.

Douglas has B.S. in Computer Science from John Carroll University and a Masters of IT with specialization in Security from Capella University.
Dave Hodgson
Dave Hodgson has almost 15 years of experience leading and building IT. He is soon to be a double D grad from DePaul University in Chicago. His experience covers a multitude of industries from Software Services, Distribution, Publishing, Hosting, and Manufacturing. Dave also has extensive experience in the security world having managed IT for a large Chicago based Data Security company. Most of his positions have involved taking the IT side of an organization from the startup phase over the hump to become an enterprise class department through implementing structure, polices, procedures, standards and developing high performance teams.
Most recently Dave was recruited to overhaul the infrastructure side of IT for a large US based defense manufacturer. In his current role Dave is responsible for a complete technology upgrade across the organization, covering network, systems, end user, and support. He has also renegotiated telecom contracts resulting in over $10,000 of savings per month.
Dave is a hands on leader with deep technical knowledge and extensive architecture experience covering technology from almost every major vendor. He travels almost every week spending time with his team, developing plans, strategy, and interfacing with the various business units. He is constantly looking across the organization to see how he can further develop and utilize the resources of IT to help drive the business forward.
John Kirkwood
John is responsible for the management of the information protection and risk management program at Security Innovation, including associated policies, procedures, controls and compliance. Additionally, he is the companyís principal security strategist and evangelist - driving the direction of products and services at Security Innovation, ensuring the companyís value proposition resonates with security, control, compliance, privacy and risk management executives. Further, John serves as chief liaison to current and prospective clients.
John has spent the past twenty years focused on Information Protection, Security, Compliance and Risk Management. Prior to joining Security Innovation, he held global Chief Information Security Officer Positions for eight years at Royal Ahold and American Express companies. John has also held leading information security, risk management and compliance positions at Credit Suisse, Lucent, Siemens, Merck and Medco.
Because of John's knowledge and experience in establishing and leading information protection and risk management programs, he has been asked to participate and numerous forums and conferences. He is also frequently asked to advise companies in establishing actionable information protection and risk management strategies and programs.
John has a BA in government from Harvard College and has earned CISA, CISM, CISSP, ITIL and CRISC professional certifications.  

Fred Kwong

Dr. Fred Kwong has been in the information technology field for the past 15 years in working in education, financial, and telecommunication sectors. Fred currently works at a Farmers Insurance where he currently is the Global Head of Privileged Access Control. Fred is currently building a new program seeking to govern, control, and profile privileged identities throughout the enterprise.
Fredís work includes the creation of security and privacy policies, standards, and procedures. He is a subject matter expert in PCI, leading organizations to pass their report on compliance. With an extensive background in IT technologies, Fred continues to challenge the status quo by providing guidance in security and network architecture creating holistic designs that align to todaysí threat vector for organizations.
Fred has a passion of combining IT skills with organization development values. His broad range of IT skills has allowed him to view IT from many different paradigms and present them to the business partners in an easy to understand language. Fred servers as an adjunct professor at Benedictine and Roosevelt University teaching courses in international business, organization behavior, project management, and information systems. He holds a Ph.D. from Benedictine University and earned his masterís degree in business administration from Roosevelt University. Fred is a Certified Project Management Professional (PMP), a Certified Information Systems Manager (CISM), and a PCI Professional (PCIP).

Kevin Novak
Kevin Novak is Chief Information Security Officer, and IT Risk Manager at Northern Trust. Kevin is a member of the Northern Trust Corporate Operational Risk Group. He is responsible for the security of Company and Client information and for the management of information technology risks across Northern Trust's global business. Kevin joined Northern Trust in August 2011.

Prior to assuming the role of Chief Information Security Officer at Northern Trust, Kevin spent 5 years at Discover Financial managing their Information Security, Records Management, and Enterprise Risk Management programs, as Chief Operating Officer and Director of Consulting Services for Neohapsis, a Chicago based information security consultancy, and as a senior technology consultant at Ciber Network Services, a global IT consulting services provider.
Prior to joining Ciber Network Services, Kevin was a financial auditor and tax accountant for Best Travel and Tours, and Ameritech Credit.

Kevin has a B.S. degree in Accounting from Western Michigan University and is a Certified Information Security Manager - ISACA
David Ogbolumani
David Ogbolumani is a thought leader in Information Security and Enterprise Risk Management. He was the IT Distinguished Member of Technical Services and Director of Global IT Security at The Kellogg Company where he built the Information Security and Risk Management Practice from scratch. He is currently an Industry Consultant advising organizations of various sizes . David focuses on Enterprise Risk Assessments, Network Security Breach and Incidence Response Planning, IT Security Metrics, Regulatory Compliance, Network Systems Protection, Secure Software Development, Cloud Security, Mobile Device Security, Defining Organizational Security Requirements, providing temporary CISO functionality and Board Advisory Services. His certifications includes Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA), Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA). In addition to his certifications, David also holds a JD and passed the California Bar in 2014.
Colin Sheppard
Colin Sheppard is the Director of Incident Response & Education at Trustwave SpiderLabs. His team is responsible for performing over 1,200 breach investigations worldwide. Through this experience, his team has gained a unique insight into the world of cybercrime and frequently assists and trains various State and Federal Law Enforcement agencies on the current threat landscape.

Prior to joining SpiderLabs, Colin worked for Lucid Security as a Senior Security Researcher, focusing on vulnerability research and development of IDS/IPS signatures. Colin has written for a number of industry publications, including Computer World and Digital Transactions. His sustained research on data breach investigations and current threats have been presented at industry conferences such as PCI European Community Meeting, MRC, Gartner Security & Risk Management Symposium, Visa Latin America Security Summit, Visa Canada Franchisor Data Security Symposium, and Visa Asia Pacific Security Summit.

Colin obtained a BS in Business Administration from Old Dominion University. He also holds CISSP and PCI QSA certifications and is a contributing member of the U.S. Secret Service Electronic Crimes Task Force.
Umesh Tiwari
Umesh is an IT Governance, Risk & Compliance manager and information security technologist at US Cellular.  He has over 20 years of experience in IT Risk practice development, Security governance, Data Encryption, Monitoring, DLP and RBAC among others.

He began his professional career as Systems engineer at Hewlett-Packard in 1991,then managed IT Systems for a car manufacturing company. In 1994, moved to the USA and worked in Government, Telecom, Pharmaceutical, Consumer product and Financial services companies both as a consultant and in corporate positions managing IT Infrastructure, ERP systems, IT Security Architect and IT Risk Manager.  Umesh is certified in PMP (2003), CISSP (2008), CISM (2009) and CRISC (2011).

Umesh received his Bachelor of Science (Physics, Mathematics) degree from Ravishankar University, Raipur, India, 1988 and a Master of Computer Applications degree from The National Institute of Technology, Raipur India 1991.