Speakers at the Enterprise Risk / Security Management Conference

Tom Bain
Bain has over 12 years of experience working with leading IT Security organizations. His experience spans database security, network security, application security, security services and cyber-security. His expertise includes Marketing strategy, product, solutions and industry marketing, public relations, analyst relations, partner marketing, lead generation and sales enablement.

Bain joins CounterTack from Security Innovation, an application security provider, where he was Director, Product Marketing. There he helped the company grow the security training product division year over year. Prior to Security Innovation, Bain was Senior Manager, Industry Marketing with Q1 Labs, an IBM company. Previous to to Q1 Labs, he was with Application Security, Inc.

Bain has been an industry speaker at conferences including CAMP IT, OWASP and the Boston and Chicago Security Meet-ups. He earned an MS degree in International Relations and Public Affairs from UMASS-Boston and holds a BA in Communications from Rhode Island College.
Sarah Buerger
Sarah Buerger is a compliance, security management and privacy expert for IT. She has experience with SOX, US and European privacy laws, PCI DSS, GLBA and HIPPA. She is currently the Sr. Director of IT Risk Management at US Foods in Chicago. Prior to joining US Foods in April, 2012, she was the Director of Information Security and Risk Management at CNA Financial, a commercial property and casualty insurer, for nine years. Sarah also has experience in product management and product development at Exelon and AT&T. Sarah started her career as an auditor at Arthur Andersen & Co.
Sarah has a B.S. in Accounting from the University of Illinois at Urbana-Champaign and an MBA from the Kellogg Graduate School of Management at Northwestern University. She is also a CIPP/IT (Certified Information Privacy Professional). She lives in the Chicago area with her husband, 11 year old twins, dog and 3 cats. Her hobbies include distance running and playing the flute in a community band.
Chris Cronin
Chris Cronin is a Principal Consultant at Halock Security Labs in Schaumburg, IL in the Governance and Strategy Practice. Chris joined Halock after 15 years in IT leadership roles in operations, forensics and audit for private and public companies.

Chris’ involvement in regulatory compliance has a unique path, starting from forensic investigation at Enron, to bringing the first U.S. public company into compliance with Sarbanes Oxley, to now guiding companies toward compliance with Massachusetts CMR 17.00, HIPAA, ISO 27001, EU Safe Harbor, Sarbanes Oxley, PCI DSS and many other laws and regulations.

Chris is a certified GCIH and ISO 27001 Auditor, and holds a Master’s degree from Case Western Reserve University. He has served the SANS Institute on advisory boards and by developing course material for Audit and DLP.

Fred Kwong

Dr. Fred Kwong has been in the information technology field for the past 15 years in working in education, financial, and telecommunication sectors. Fred currently works at a Farmers Insurance where he currently is the Global Head of Privileged Access Control. Fred is currently building a new program seeking to govern, control, and profile privileged identities throughout the enterprise.
Fred’s work includes the creation of security and privacy policies, standards, and procedures. He is a subject matter expert in PCI, leading organizations to pass their report on compliance. With an extensive background in IT technologies, Fred continues to challenge the status quo by providing guidance in security and network architecture creating holistic designs that align to todays’ threat vector for organizations.
Fred has a passion of combining IT skills with organization development values. His broad range of IT skills has allowed him to view IT from many different paradigms and present them to the business partners in an easy to understand language. Fred servers as an adjunct professor at Benedictine and Roosevelt University teaching courses in international business, organization behavior, project management, and information systems. He holds a Ph.D. from Benedictine University and earned his master’s degree in business administration from Roosevelt University. Fred is a Certified Project Management Professional (PMP), a Certified Information Systems Manager (CISM), and a PCI Professional (PCIP).

E. Larry Lidz
E. Larry Lidz is the Chief Information Security Officer for CNA Insurance. He oversees CNA's information security program and ensures that cyber risks are appropriately managed. He has more than 17 years of experience in information security across many security disciplines including vulnerability and threat management, incident response, security architecture, policies, compliance, and business continuity management. Larry has a proven track record of applying practical risk management techniques to security issues to ensure appropriate risk disposition while maintaining an appropriate balance between user experience and control discipline.

Prior to joining CNA, Larry led the University of Chicago's security organization. He holds a B.S. from the University of Chicago and a master’s degree from Northwestern University.
Jeff Lossau
Jeff Lossau is the senior manager of IT Risk Management at Motorola Solutions, in Schaumburg, Illinois. He is responsible for the supplier risk management program at Motorola and leads the team that performs security risk assessments of new and existing suppliers to ensure that they meet Motorola Solutions’ information protection security requirements. The team has performed more than 150 security risk assessments in the past three years including assessments of several large Cloud providers.
Before joining Motorola Solutions in 2010, he spent 28 years at Hewitt Associates, an HR outsourcing company, where he was the IT audit manager.
Jeff earned his BA degree in Computer Science at Southern Illinois University and his MBA at SIU in Carbondale.
Edward Marchewka
Edward Marchewka is the Director of Information Technology for Gift of Hope Organ & Tissue Donor Network. In his role, Edward is responsible for maintaining and securing the infrastructure for 24/7/365 operations, supporting the IT customer environment, and delivering and supporting the enterprise applications that run Gift of Hope. His teams work with Gift of Hope’s internal and external customers to deliver high quality information and technology services. Edward is also the Founder and Creator of CHICAGO Metrics™, a platform to a program to help manage your company's key IT and Information Security risks enabling you to have a better conversation with business leadership in terms that they understand.

Before joining Gift of Hope Edward was the Enterprise Information Security and Server Operations Manager (CISO) for Chicago Public Schools, the third largest school district in the country. Additionally, his IT background includes experiences from running his own business to field service to Fortune 250 experience with Thermo Fisher Scientific. Edward holds active certifications from: (ISC)2, ITIL, PCI, Microsoft, CompTIA, and a designation from the NSA, along with legacy certifications from: Cisco and HP. He is a member of (ISC)2, AITP, and a Board Member with the Chicago InfraGard. Edward is involved with: ChicagoFIRST, Chicago Electronic Crimes Task Force, and is on the governing body for Evanta’s CISO Executive Summit.

Edward has completed, from Northern Illinois University, an MBA and an MS in Mathematics and, from Thomas Edison State College, a BS in Nuclear Engineering Technologies and a BA in Liberal Studies. He also holds a Certificate in Nonprofit Management from the Kellogg School of Management at Northwestern University.
Chris Merkel
Chris is responsible for leading Brunswick’s global information security program. His goal is to ensure thatBrunswick has a clear understanding of our IT risk objectives and a defined, measurable strategy for reducing those risks.
Specialties: Strategic Planning and Information Security Program Management - Development of Comprehensive Policies, Technical Standards and Processes - Risk Assessment and Gap Analysis (ISO 17799/27002, CoBIT, SOX, PCI-DSS, NIST) - Data Breach & Privacy Law - Integrating Secure Development Practices Into Application Development Organizations - Incident Management - Forensic Analysis - Event Correlation - Investigations - E-Discovery - Vulnerability Assessment and Penetration Testing

Derek has been implementing security in corporate environments, as both an internal employee and a consultant, for five years. Although he has implemented firewalls, IDSs, and VPNs for various employers and clients he focuses heavily on securing Microsoft hosts and Domain structures. He has hardened hundreds of hosts in environments ranging from less than a dozen servers to enterprise environments with over 1000 servers and thousands of users. In conjunction with hardening he has also crafted and implemented standards, policies, and procedures to maintain the security of his employer's / client's environments.

Paul Niser
Paul Niser has twenty years’ experience in the areas of Information Technology, Legal and Compliance. Paul brings to the table a wide range of experiences in Information Security, Privacy, Business Continuity/Disaster Recovery, IT Audit, Risk Management, Vendor Due Diligence and Program Management. He has previously worked for some of the world's largest and most successful financial firms including GCM Grosvenor, Citadel Investment Group and Bank of America. He serves on the Board of Directors for the Chicago chapter of InfraGard and was selected as a participant in the FBI's Citizens Academy. He has written articles for Microsoft's MSDN, Windows Magazine, Exchange and Outlook Magazine, Exchange and Outlook Administrator and Toastmasters International Magazine. Paul is a Certified Information Security Manager (CISM).
David Serafine
David Serafine is an accomplished Engineer in the area of the Information and Computer/Cyber Security with over 20 years experience in implementation, design and development. Prior to Hexis Cyber Solutions David spent 13 years in sales, engineering and development at CISCO. David also has experience in the financial, energy, engineering and consulting sectors. David and his wife Terri and two children Katarina and Joey live in Austin, Texas. Outside of work he is an exploration and research cave diver and enjoys riding his Harley.