CXO Think Tank

Mr. Zalewski currently provides CISO, security consulting and security advisory services. These include: • International cybersecurity advisor and trainer. • Executive advisory board member for security startups, providing guidance on security market direction and product requirements. • CISO advisory board member for venture capital firms internationally. • vCISO for companies requiring temporary or part-time CISO expertise. Services also include guidance and solutions to address incident response, security program design, security assessment, security due-diligence, vendor/supplier due-diligence, security architecture review, board reporting and other key security leadership requirements. Operational experience in Healthcare, Utilities and International Retail verticals. Key Strengths: •Organizational Management •Strategic Planning & Execution •Enterprise Security Architecture/Strategy •Executive and BOD Security Governance/Reporting •Cybersecurity Incident Response •Security Risk & Compliance Management Additionally, I co-hosts the CISOSeries Defense-in-Depth Podcasts and am a frequent speaker and panel moderator at industry events.

Senior level executive with excellent relationship management and leadership skills including building high performance teams, operations, applied technology and product management. Through my in-depth insurance and financial services knowledge, I have proven experience in bridging the gap between customer and market needs and driving revenue through strategic new products. MBA-University of Chicago. Senior level executive with excellent relationship management and leadership skills including building high performance teams, operations, applied technology and product management. Through my in-depth insurance and financial services knowledge, I have proven experience in bridging the gap between customer and market needs and driving revenue through strategic new products. MBA-University of Chicago.

Prabhath (PK) leads TripActions Security & Trust Org which is responsible for Product & Platform Security, Detection & Response, Enterprise Sec and Security Architecture & Engineering & GRC. His organizations core mission is to ensure Tripactions meets its security & privacy obligations to its customers, investors, regulators, and employees. PK is Senior security leader with 16+ years of leading global, cross-functional teams across hyper-growth startups, fortune 100 and big 4 consulting firms. Prior to Tripactions, PK served as a security leader in Adobe for 9+ years where he drove several initiatives to level up security & privacy as Adobe reinvented itself in the cloud and grew from $30B to $300B business. Prior to Adobe, PK was with PwC, advising fortune 100 companies on info sec & privacy strategy, governance, operations & technologies. PK is active in the security community and advice startups on product & business strategy, market positioning and to solve security and business problems at scale. PK also mentors several professionals and presents in national and international conferences on thought leadership topics. His educational background includes a bachelor’s degree in electronics & communications engineering and holds CISA, CISSP, CIPT, CDPSE, ISO 27001 Lead Implementor & PCI ISA certifications. At TripActions my organization drives several defensive and offensive security disciplines and serves as the single voice for security both internally to employees and externally with customers. Past: - Served as a security leader at Adobe for 9+ years where I drove several security programs and initiatives to level up security as Adobe reinvented itself in the cloud to grow from $30B to $300B business - Architect of Adobe common Controls Framework. Championed the implementation of CCF across all Adobe cloud products, services, platforms and operations. CCF became the backbone of Adobe’s security & trust strategy, opened up global GTM opportunities and enabled Adobe to achieve compliance with various worldwide cloud security and privacy certifications - Built a SWAT team of secops engineers & security TPMs to enforce security & ops best practices at scale for multi cloud via a companywide repeatable program through security automation - Global leadership role around security policies, automation and cloud security. Built a team of leaders who embraced an agile mindset, and deeply engaged with 500+ product teams to ensure controls are baked into the product and feature development roadmaps Specialities: i)Compliance Frameworks - PCI, SOC1/SOC2/SOC3, SOX 404, HITRUST, HIPAA, FedRAMP, GDPR, CCPA, NIST 800-53, ISO27001, ISO 27701, SSPA, ISO 22301, ISMAP, IRAP, CAIQ, SIG, UK Cyber essentials, Spanish ENS, FERPA etc. ii)Security Maturity, Risk & Governance - NIST CSF, FAIR, ISO 27005, CMMI, COSO, COBIT, BSSIM, OpenSAMM iii)Cloud Tech - AWS, Azure, GCP, Kubernetes, Hyper-Converged Infrastructure, CI/CD, Multi Cloud, Containers/Microservices Architecture, Cloud identity management iv)Sec Ops/Eng - Web application security, cloud security, penetration testing, vulnerability scanning, threat hunting, Red/Blue/Purple teaming, enterprise security, Incident response/SOC, SOAR, Trust & Safety, shifting left security, EDR, email security, CSPM, encryption, authentication, authorization, access management, security architecture, disaster recovery, supply chain risk management etc.

Global lead for Application Security Advisory Services within Accenture Security and also leads Accenture Security Israel. Currently focusing on helping companies shift left and leading application security transformation programs. With more than 20 years of experience in cyber security, I have been a special security advisor to various worldwide leading organizations in the financial, telecom and defense sectors. Managed and performed endless security vulnerability assessments, incident response engagements and adversary simulations to complex networks, applications, infrastructure architectures, cellular networks, proprietary protocols, embedded devices, SCADA, IoT, CANBUS, VoIP, and others. I also enjoy advising and guiding security startups (in all stages) how to build better ecosystems between MSPs and innovation partners.

As a future-oriented information security executive my key strength is coaching and educating cybersecurity companies on listening to and interpreting the pain-points and priorities of enterprise customers. These insights help drive effective product strategies, go-to-market strategies and ongoing customer success. Over the years, I’ve had the privilege of advising several cyber entrepreneurs who are now thriving. On the heels of their success, I was looking for a new challenge. In 2020, I had the opportunity to meet with the Noname Security team early in its platform design. Recognizing that they were on the verge of solving several challenges in securing APIs, I wanted to be a part of their exciting adventure. I joined Noname as Chief Information Security Officer, where I’m currently establishing a rigorous standard for operational and security excellence, in addition to advocating for ongoing platform changes based on our customers’ needs. ABOUT NONAME SECURITY: Noname Security ensures secure APIs at the speed of business with the most powerful, complete and easy-to-use API security platform. How do I know it works? I was their first customer! I believe in the platform and want to share it with the world. According to Gartner, APIs will be the #1 attack vector by 2022. Gateways and WAFs don’t protect against API breaches or find misconfigurations. API testing and bug bounty programs have significant gaps, leaving businesses exposed. Noname resolves API vulnerabilities across 4 key pillars, or as we call it, DART: ➤ Discover ➤ Analyze ➤ Remediate ➤ Test We’ll find and take inventory of all existing APIs, use AI-based detection to illuminate risks, block attacks in real time and run tests to ensure API integrity before production. WHAT YOU CAN EXPECT: ➤ Solid engineering underpinning a product that’s ahead of the competition ➤ Flexible deployment model with many integrations that adapt to your business ➤ Coverage of the 3 main areas needed to protect APIs: posture management, detection and response and code security What are you doing to protect your company’s digital content? Keep your company’s APIs out of the news with Noname Security. LEARN MORE: See what our customers are saying about us and find more information on our website: www.nonamesecurity.com

Aaron has made a career of APIs...from running an API program, to coding them, to DevOps, then Product Management, and now Sales Engineering, he's all in on the API Economy. However, the unforeseen consequence of "APIs everywhere" is that security for APIs, until recently, has been anything but everywhere. It's why he loves working at Salt, to empower development and security teams around the world to maintain their API Lifecycle velocity, while ensuring they have proper security on them to give all APIs the trust they need and deserve.

A seasoned security leader with 20+ years hands-on track record of delivering successful results in both large enterprises and resource-constrained startups. Thrive in fast paced environments. Experienced in cybersecurity leadership, strategy, security program design-build-run, security & privacy architecture, engineering, vulnerability management, pen test, incident response. Experienced in managing the compliance body of security GDPR, PCI, HIPAA, SOC2, NIST CSF, ISO 2700x. Experience in managing third party risks to support global business. Experienced in building and leading strong teams. Experienced in Crypto, Cloud Security, IAM, Pen Test, DevSecOp, Application Security, SDLC, Network Security, and Risk Management with hands on experiences in most areas. Have long track records in leading across-functional teams and drive large security initiatives from blue print to success. Experienced in managing vendors and technology life-cycle. Well connected with the security industry. Trusted CISO and executive advisor. Experienced start up advisor. Confident decision maker. Experienced working with industrial standard body. Excellent public speaking skills. Security leadership, architecture, engineering team building and management, security program management, vendor management, Cloud Security, AWS Security, Pen Test, Metasploit, Burp, Artificial Intelligence, Machine Learning, CASB, IDaaS, IAM, SSO, SAML, OAuth, 2FA, API Security, AD/ADFS, Azure AD, Cryptography, Tokenization, Key Management, HSMs, TDE/EKM, Web Security, OWASP Top 10, SSDLC, SAST, IAST, Threat Modeling/STRIDE, Artificial Intelligence, Machine Learning, IoT Security, Risk Metrics an Management, Compliances, PCI, FIPS, PKI, DLP, End Point Security, IPSec, TLS/SSL, SSH, Application Firewall, OS security, Performance/Stress/Longevity Test, C/C++, JAVA, .NET, Python, SQL, DB Security

IT leader for business transformation and innovation with a passion for generating business value through strong business collaboration, building future state strategies aligned to business growth, creating leading edge IT architectures, delivering on commitments, maintaining a strong focus on project execution while optimizing cost, creating and delivering engineering solutions in partnership with business, mentoring and growing IT talent. Experience guiding early to mid-stage startups through process automation, enterprise architecture, compliance including SOX, data and infrastructure security, and achieving pre-IPO readiness.

Experienced Chief Risk Officer with a demonstrated history of working in the financial services industry. Skilled in Budgeting, Strategic Negotiations, Enterprise Risk Management, Governance Risk Compliance, M&A, Credit Risk Management, CyberSecurity, and Leadership. Strong business development professional with an MPA from Harvard University.

Jared joined the State of California as the California Military Department (CMD) CIO in November 2020. He has served the IT community at large since 2001, working in various positions and roles in both private and government sectors. He is currently a uniformed member of the CMD with 20 years of military experience and serves as an adjunct professor with Doane University where he teaches organizational leadership, strategic management, and communications. Jared also teaches interpersonal communications through a local non-profit in Placer County and has served on several non-profit boards in various capacities. Jared holds a BA in Organizational Management and Project Management, an MBA, and is completing his Doctor of Business Administration with an emphasis on Management and Leadership (ABD).

Cassio Goldschmidt is an award-winning technology executive, advisor, mentor, speaker, and long-time contributor to the security community. Cassio’s experience includes both Fortune 500 companies and startups, where he built a comprehensive security practice from the ground up. With an MBA, a Master of Science in Software engineering, and years of hands-on experience in multiple areas of Information Security, Cassio builds security programs that appeal to all facets of the business. His efforts in securing enterprises have been recognized multiple times by multiple organizations. Some of his accolades include a nomination for the web application security person of the year by OWASP, winner of the Information Security Leadership Awards for AllAmericas by (ISC)2, nominated one of the top CISOs in America by ISE, and appointed one of the top 100 CISOs in the United States by his peers at CISO Connect. With more than 20 years of experience, Cassio is a long-time passionate contributor to the security community. He held multiple positions at OWASP, contributed with numerous articles to Forbes Magazine as a member of the company’s technology council co-authored multiple whitepapers for SAFECode.org, volunteered for (ISC)2, contributed to the creation of MITRE/SANS Top 25, designed and lecture a privacy class for LinkedIn Learning, served as a mentor for USC’s Marshall School of Business, and as an advisor for VC firms and startups.

Sammuel Washington is a Strategic Planner & Futurist, Security & Operations Specialist, Advanced Technology Strategist, Complex Devices Analyst, & Business Platform Solutions Advisor. He leads change management, solution engineering, business process reorganization, technology programs, R&D projects, & solution delivery organizations. Sam trains, teaches & leads seminars, workshops, forums, & conferences regarding integrated subjects that include: Technology Enterprise Planning, Security & CyberSecurity, Risk Management & Resilience, Program Ops Strategy, Data Science, Integrated Social Sciences, Leadership Development, & NextGen Device Engineering. He leads & presents with a natural audience-engaging humor, and his presentation style is practical & real-world in consultations about goals, objectives, dreams, visions & passions that may seem complex, complicated, mystical & daunting. Sam helps make them understandable, digestible, manageable, comfortable, resolvable, and achievable. Having a 30-year successful professional practice as a catalyst, motivator, leader, and driver for agencies, organizations, and enterprises ranging from Startups & Non-profits to Globally Distributed Business & Government Operations, Sam’s list of clients, partners, and employers include: Security & CyberSecurity firms, Healthcare Providers, Banks & Financial entities, Defense Contractors, Social Media Companies, Telecom & Datacomm Services, Life Science R&D, Medical Device Producers, Business Strategy Groups, Education Programs & Institutions, as well as local, state, federal & foreign agencies. Examples include: The White House CIO, Kaiser Permanente, SLAC, USPS, GSA, Ufida Health Group, Cisco, IBM Global, AT&T, AOL, Agilent, HPE, HPQ, Northrop Grumman, Wells Fargo, BD Bioscience, IBM Research & Fresenius Medical Centers. While serving as President of the Silicon Valley Black Chamber of Commerce, Sam actively advises & consults with U.S. based private, public & non-profit entities, as well as clients in Africa, Asia, Pacific Rim, Europe, & Middle East. Sample Workshops, Seminars, Forums, Publications: Bringing Your Business To The World Wide Web; Data Science & Your World – Why It Really Matters; Technology Security Modeling For Your Organization; There Is No Such Thing As Safe Internet; Critical P-Words In The “Globally Connected Universe”; The Global Financial Crisis – America From 1913; Security – Time To Go Back To Bare Bones Beginnings; Persia – The Bigger Superpower Rival Of Imperial Rome; Robotics, Cybernetics, Biotech, & the A.I. Gold Rush; Information Security In "The Global Information Management Age"; Information Security Management - Life Is A Breach; Cyber-Security Attribution: HRC, Trump, DNC, Russia, Guccifer, You & Me; Middle East In Transition – 3500 BC To The Present Day; YOU Should Run For Public Office At Least Once.

Yotam Segev is the co-founder and CEO of Cyera, the leader in Cloud Data Security. Yotam is a cyber security expert with 15 years of experience in offensive cyber security and security architecture. Yotam is an alumni of Israel’s prestigious Talpiot program, where he met Tamar Bar-Ilan, Cyera’s co-founder and CTO. Together they served in cyber security leadership roles for over a decade in unit 8200, the Israeli Defense Force’s signals intelligence service. At the agency, they experienced firsthand the tremendous challenge of securing data in the cloud and founded Cyera to solve this problem. Cyera has raised over $60M in its first year of operations and is backed by leading venture capital firms Sequoia, Accel and Cyberstarts. Cyera’s mission is to enable organizations to unlock the true value of their data while keeping it secure.

Leadership in Cyber Security, Information Technology, Start Ups and Non-Profits. In-depth experience driving results as a program and department leader. Adept at managing performance of teams, projects, and programs in collaboration with senior leaders and in line with organizational goals. Excel at training and mentoring users and teams, fostering relationships, and strategically solving problems. Proven ability to develop, collaborate and network with staff, faculty, end users, vendors, volunteers and donors. Strong leadership, collaboration and interpersonal skills. Solid strategic mindset—both short-term and long-range--including past creation and development of strategy to leaders. Exceptional customer relationship skills, combined with the ability to coordinate the efforts of many to meet organizational milestones and goals.

Dave has been working in the Software Industry since 1998. He has a Masters degree in Computer Science focused on Neural Networks from the University of Alberta and has been working at Authomize since early 2021. Dave has held a variety of technical and management roles in development and sales engineering and has been in charge of the implementation, sale, delivery, and evangelism of a number of software products. Dave's current role is Director, Sales Engineering at Authomize and in that role he leads a team that delivers technical outcomes, enablement, and evangelism for the Authomize team, our partners, and our customers. Dave's spare time is spent kayaking, rock climbing, running, and reading a wide range of science fiction and fantasy novels. He has a long-suffering and extremely supportive wife and 2 kids aged 18 and 14. Dave has been living in Calgary, Alberta, Canada since 2005.

Terry O’Daniel leads Security Governance, Risk, and Compliance at Instacart. His specialty is building lean teams focused on applying technology to solve security & GRC challenges at scale via automation and instrumentation--rather than compliance-by-spreadsheet. Before Instacart, Terry built the functions for Security Assurance at Netflix, Security & Technology Risk & Compliance at Salesforce, and GRC within Production Engineering at Yahoo! He also worked in consulting to build cyber strategy, vCISO, and security risk management offerings for companies in highly regulated industries. In his spare time, Terry enjoys music, martial arts, and gaming with his daughters.

Rick Bosworth is an engineer turned product manager and marketer, bringing an uncommon technical perspective to enterprise GTM strategy and execution for almost two decades. At SentinelOne, his focus in cybersecurity, in particular cloud workloads, IoT and user endpoint security, has provided expertise to the rapidly-evolving challenges across multiple fronts. Follow Rick on Twitter @rickbosworth8, where he is as likely to be discussing security as craft beer, Ironman triathlon, and his beloved Aggies and Astros.

Karl is known globally as a cybersecurity innovator with over 25 years of diverse experiences as an enterprise CISO, technology strategist, and startup advisor across technology, retail and financial industry verticals. He serves today as the CISO for Endor Labs, a startup focused on software supply chain security. Prior to joining Endor Labs, Karl served as the CISO for Noname Security, specializing in API and Application Security. Previously, Karl held several leadership positions in the Financial Service community, including CISO for City National Bank, and later PennyMac Financial Services. Additionally, he was an active member of the FS-ISAC Mortgage Risk Council, President of the LA Cyber Lab, Financial Services Sector Chief for InfraGard, graduate of the FBI CISO Academy, and Adjunct Faculty at the University of Minnesota for over 10 years.