Cybersecurity & Privacy Committee Event

June 27, 2013

John Pescatore
Director of Emerging Security Trends

John Pescatore joined SANS in January 2013 with 35 years of experience in computer, network and information security. He was Gartner's lead security analyst for 13 years, working with global 5000 corporations and major technology and service providers. Prior to joining Gartner Inc. in 1999, Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems, where he started, grew and managed security consulting groups focusing on firewalls, network security, encryption and Public Key Infrastructures. Prior to that, Pescatore spent 11 years with GTE developing secure computing and telecommunications systems.

Pescatore began his career at the National Security Agency, where he designed secure voice systems, and the United States Secret Service, where he developed secure communications and surveillance systems. He holds a bachelor's degree in electrical engineering from the University of Connecticut and is a NSA Certified Cryptologic Engineer. He is an extra class amateur radio operator, callsign K3TN.

Wade Baker
Managing Principal
Verizon RISK Team

Wade Baker is a managing principal with Verizon's RISK team. In this role, he oversees the collection, analysis, and delivery of intelligence relevant to understanding and managing information risk. Prior to his tenure at Verizon, he was an independent consultant and spent 5 years on the faculty of two major research universities, most recently in the Pamplin College of Business at Virginia Tech.

A researcher at heart, Baker's work on various topics has been published in a number of academic journals, professional magazines, industry reports and books. Baker is the creator and primary analyst for Verizon's Data Breach Investigations Report series.

Jon Boyens
Senior Advisor of Information Security
National Institute for Standards and Technology

Jon Boyens is a senior advisor for information security in the Information Technology Laboratory, an organization within the Department of Commerce's National Institute of Standards and Technology (NIST). He works on multiple policy and technical information and communications technology (ICT) projects.

Boyens helps develop and coordinate the Department of Commerce's cybersecurity policy work among the department's bureaus and represents the department in the administration's interagency cybersecurity policy process. He has worked on various White House led policy objectives, including those pertaining to trusted identities , botnets , telecommunications supply chain and, most recently, the Cybersecurity Executive Order and related cybersecurity framework. Boyens is a key member of the department's Internet Policy Task Force, which aims to develop public policy options to improve the vitality and security of the Internet economy. As part of his work, Boyens was a key developer of Commerce's Green Paper report, Cybersecurity, Innovation and the Internet Economy, which provides a new framework for addressing Internet security issues for companies outside the sphere of critical infrastructure or key resources

As lead for NIST's ICT Supply Chain Risk Management (SCRM) project, Boyens identifies and evaluates technologies, tools, techniques, practices and standards useful in managing risk to the ICT supply chain. He co-chairs Working Group 2 of the White House's Comprehensive National Cybersecurity Initiative (CNCI) 11 (Develop a Multi-Pronged Approach for Global Supply Chain Risk Management), co-leads the U.S. Government's efforts to develop ICT SCRM lifecycle processes and standards, and participates in national and international standards activities related to supply chain risk management. In 2012, Boyens led a team to develop and issue a set of foundational, standardized, repeatable and feasible practices to help federal agencies manage ICT supply chain risks to their organizations and information systems. These practices were released in October 2012 as NIST Interagency Report 7622, National Supply Chain Risk Management Practices for Federal Information Systems. Continuing on this line, Boyens is now focused on developing draft Special Publication 161, Supply Chain Practices for Federal Information Systems and Organizations, which is due to be released for public comment this coming summer.

Tiffany O. Jones
Managing Director, Public Sector Programs and Strategy
Symantec Corporation

Tiffany Jones leads Symantec's public sector programs and strategic initiative tea In that capacity, she and her team are responsible for developing and managing Symantec's partnerships and programs strategy while working closely with senior government customers and systems integrators to address their particular challenges and requirements. She is a subject matter expert on cybersecurity and data privacy.

Jones represents Symantec and U.S. industry in many senior capacities as company press spokesperson, conference keynote speaker and panelist, designated representative for the company during high profile events and initiatives, and delegate at several government-industry bilateral events with foreign governments. She is a member of the CSIS Cyber Commission, National Cyber Security Alliance, Executive Committee of the IT-ISAC, and immediate past chair of the Information Security Committee at TechAmerica.

Prior to assuming her current role, Jones led Symantec's North and Latin American government affairs team from March 2003 to October 2009. In that capacity, she and her team developed public policy concerning technology, information security, privacy, and other issues to assist legislators and agencies on the development of technology and business-related policy.

Before working for Symantec in, Jones was deputy chief of staff of the president's Critical Infrastructure Protection Board at the White House. In addition to her deputy chief of staff responsibilities, she was responsible for government and public affairs, cybersecurity education and awareness programs, and industry outreach. Jones coordinated all 11 White House town hall events for the National Strategy to Secure Cyberspace dialogue, and assisted in the drafting of the document.

Jones graduated from the Coast Guard Academy and received her commission as a Coast Guard Officer. Operational duties included Deck Watch Officer, Assistant Operations Officer and Law Enforcement Officer aboard the cutter JUNIPER in Newport, RI, Executive Officer and lead Law Enforcement Officer aboard the cutter GRAND ISLE in Gloucester, MA, and Coast Guard Congressional Affairs Liaison for the Coast Guard and Department of Transportation.

Jones' military awards include Coast Guard Officer of the Year Award (2002), a Coast Guard Commendation Medal, two Coast Guard Achievement Medals, numerous Commandant's Letter of Commendation Ribbons, the Coast Guard Meritorious Unit Commendation award, Coast Guard Meritorious Team Commendation award, six Special Operations Ribbons, the Sea Service Ribbon and other unit citations. She currently sits on the Coast Guard Academy Alumni Association Board of Directors.

Steve Surdu
Vice President, Professional Services

Steve Surdu is the vice president of professional services at Mandiant. As the leader of the professional services business line, Surdu's primary responsibility is to oversee the activities of Mandiant's consulting organization - while focusing on revenue generation, service delivery, recruitment, personnel development, process improvement and client satisfaction. Since Mandiant specializes in responding to large-scale computer security breaches, Surdu spends significant time understanding advanced threats, developing new approaches to respond to enterprise-wide compromises, identifying effective remediation approaches and collaborating with law enforcement.

Surdu has more than 30 years of experience in professional services. He has worked with clients in many industries including financial services, high technology, healthcare, regulated industry, manufacturing, hospitality, energy, state and federal government, and retail.

Prior to joining Mandiant in 2007, Surdu was the vice president of solution services at SYSCOM Inc., where he managed the professional services division, providing oversight of all client service delivery and directly managing selected client engagements.

Prior to that, Surdu served as director of consulting in the Washington, D.C. office of Foundstone, now a division of McAfee. At Foundstone, Surdu managed numerous incident response and security assessment engagements across the North American market. In addition, he planned and implemented deployments of Foundstone Enterprise.

Earlier in his career at Accenture and BBN, he led or participated in consulting engagements that developed large-scale custom and packaged software applications, architected complex hosting environments and managed Internet infrastructure that supported thousands of international users.

Surdu earned a bachelor's degree in business administration from the University of Michigan in Ann Arbor, Mich.