Cybersecurity Roundtable Biographies of Participants

March 26, 2014

Introductory Remarks

Cyrus Amir-Mokri
Assistant Secretary for Financial Institutions, U.S. Department of Treasury

Cyrus Amir-Mokri serves as the U.S. Department of the Treasury's Assistant Secretary for Financial Institutions. In this role, Mr. Amir-Mokri is responsible for developing and coordinating Treasury's policies on issues affecting financial institutions. Mr. Amir-Mokri most recently served as Senior Counsel to the Chairman of the Commodity Futures Trading Commission (CFTC), where he also was the agency's deputy representative to the Financial Stability Oversight Council. Prior to joining the CFTC, Mr. Amir-Mokri was a partner at the law firm of Skadden, Arps, Slate, Meagher & Flom LLP. His practice focused on complex securities and antitrust litigation. He has also clerked for the Honorable Bruce M. Selya of the United States Court of Appeals for the First Circuit. Mr. Amir-Mokri received a J.D. from the University of Chicago Law School, a Ph.D. in History from the University of Chicago, and an A.B. in Biochemistry from Harvard College.

Peter J. Beshar
Executive Vice President and General Counsel, Marsh & McLennan Companies, Inc.

Peter J. Beshar serves as the Executive Vice President and General Counsel of the Marsh & McLennan Companies, and supervises the Company's Legal, Government Relations, Communications and Risk Management Departments. Prior to joining Marsh & McLennan in 2004, Mr. Beshar was a litigation partner at Gibson, Dunn & Crutcher LLP where he served as Co-Chair of the firm's Securities Litigation Group. Mr. Beshar joined Gibson Dunn in 1995 after serving as the Assistant Attorney General in charge of the New York State Attorney General's Task Force on Illegal Firearms. In 1992 and 1993, Mr. Beshar served as the Special Assistant to the Honorable Cyrus Vance in connection with the United Nations' peace negotiations in the former Yugoslavia. Mr. Beshar currently serves on the Business Leaders Council of the Fix the Debt Campaign and the Global Agenda Council on Digital Health of the World Economic Forum. He is a member of the Council on Foreign Relations.

David Burg
Global and U.S. Advisory Cyber Security Leader, PricewaterhouseCoopers LLP

David Burg is a principal in PwC's U.S. Advisory practice and PwC's Global and U.S. Advisory Cybersecurity Leader. In this role he leads a team of cybersecurity professionals who assist multi-national businesses, private organizations and governments to understand, plan for and mitigate the risk of global cyber threats.

Based in PwC's office in McLean, Va., Mr. Burg leads a variety of engagements around the world, including work in connection with a number of significant sensitive data breaches and intellectual property thefts for clients in a range of industries. In addition David has extensive experience helping his clients develop strategies in matters involving sensitive data breaches, intellectual property thefts, hacking events, forensic investigations and security and vulnerability assessments.

He has lectured at NYU's Stern School of Business, Georgetown University, and Penn State University. Mr. Burg regularly contributes to and has been quoted in a variety of business and industry journals, including The Wall Street Journal CIO Journal, The Wall Street Journal Risk & Compliance Journal, The Washington Post, Financial Times, SC Magazine, CSO magazine, Consulting magazine and has been a guest on NPR. He has presented a wide range of topics at global corporations, law firms, industry events, and government agencies.

Mark G. Clancy
Managing Director and Corporate Information Security Officer, The Depository Trust and Clearing Corporation (DTCC)

Mark G. Clancy is Managing Director of Technology Risk Management at The Depository Trust & Clearing Corporation (DTCC). The department comprises Information Security and Information Technology (IT) Risk Management. Active in the financial services and critical infrastructure communities, Mr. Clancy participates in the Financial Services Information and Analysis Center (FS-ISAC) and Financial Services Sector Coordinating Council (FSSCC).

Todd D. Furney
Vice President, Systems Security, Chicago Board Options Exchange (CBOE)

Todd D. Furney is a Vice President, Systems Security at the Chicago Board Options Exchange (CBOE). In this role, Mr. Furney has oversight responsibility for Information Security, Business Continuity, Networking and End User Computing across the entire organization. Mr. Furney joined CBOE in 2001 as CBOE's first Information Security Manager. He then served as CBOE's Director of Information Security from 2008 to 2012, before being promoted to his current position.

Prior to joining CBOE, Mr. Furney served in the U.S. Air Force as a Scientific Analyst at the Air Force Communications Agency at Scott Air Force Base in Illinois where he developed and implemented strategies for securing perimeters of unclassified networks.

Mary E. Galligan
Director, Cyber Risk Services, Deloitte & Touche LLP

Mary Galligan is a Director in Deloitte & Touche's Cyber Risk Services practice. Mary advises senior executives on the crisis management challenges they face, in particular cyber risks. She helps clients develop and execute security programs to prevent and minimize the business impact of cyber threats. This includes Board education, cyber war gaming, and other strategy efforts as the public and private sector collaboration around cybersecurity in the U.S. begins to takes shape.

Mark Graff
Chief Information Security Officer, NASDAQ OMX

Mark Graff is a Chief Information Security Officer at NASDAQ OMX. As a former Chief Cyber Security Strategist at Lawrence Livermore National Laboratory, Mr. Graff has appeared as an expert witness on computer security before both Congress and the Presidential Commission on Infrastructure Survivability, and served as an expert witness on electronic voting machine software for the state of California. As a past chairman of the international Forum of Incident Response and Security Teams (FIRST), Mr. Graff has lectured on risk analysis, the future of cyber security and privacy, and other topics before the American Academy for the Advancement of Science, the Federal Communications Commission, the Pentagon, and many other U.S. national security facilities and “think tanks.”

Mr. Graff's most recent book, Secure Coding: Principles and Practices (co-authored with Ken van Wyk), is used at dozens of universities around the world to teach how to design and build secure software-based systems. Mr. Graff is currently working with Mr. van Wyk on a new book relating to practical software security.

Roberta Karmel
Centennial Professor of Law, Brooklyn Law School

Roberta S. Karmel is Centennial Professor of Law and Co-Director of the Dennis J. Block Center for the Study of International Business Law at Brooklyn Law School. She was engaged in the private practice of law in New York City for over thirty years, and was a partner at Rogers & Wells and Kelley, Drye & Warren. She was a Commissioner of the Securities and Exchange Commission from 1977-80, a public director of the New York Stock Exchange, Inc. from 1983-89, and a member of the National Adjudicatory Council of the NASDR from 1998-2001.

Professor Karmel is Chair Emerita of the Board of Trustees of the Practising Law Institute. She is a Continuing Advisor to the Section of Business Law of the American Bar Association and was a member of the ABA Presidential Task Force on Financial Markets Regulatory Reform. She is a member of the American Law Institute, and a Fellow of the American Bar Foundation.

Jonas Kron
Senior Vice President, Director of Shareholder Advocacy, Trillium Asset Management, LLC

Jonas Kron is a senior vice president at Trillium Asset Management, LLC and is its Director of Shareholder Advocacy. With over fifteen years of experience in shareholder advocacy, Jonas is responsible for engaging companies on their environmental and social performance, risks and opportunities. His advocacy work includes direct communications with company leadership, investor education and awareness, shareholder proposals, and public policy advocacy. As the role of the Internet has expanded into ever growing facets of the consumer and corporate worlds, Trillium has successfully worked with a number of large publicly traded companies to improve their policies, practices and disclosure related to the risks associated with the Internet.

Jimmie H. Lenz
Senior Vice President, Chief Risk and Credit Officer, Wells Fargo Advisors, LLC

Jimmie Lenz is the Chief Risk and Credit Officer at Wells Fargo Advisors, LLC, where he leads the team responsible for credit, market and operational risk. He also sits on the Wells Fargo Executive Committee. Prior to joining Wells Fargo Advisors in 2010, Mr. Lenz held a variety of positions in the banking and capital markets industry. In addition to trading and senior management positions, he held the role of Co-President and Co-Chief Operating Officer of an NYSE broker-dealer with foreign and domestic operations. He has worked as an advisor to global investment firms and exchanges, addressing issues related to strategic and tactical planning, risk quantification/mitigation, business efficiencies and different types of modeling to assess both opportunities and exposures. Mr. Lenz has leveraged academic research and practicum partnerships in the development of proprietary models. With an in-depth understanding of the capital markets industry, Mr. Lenz has provided crucial perspectives on foreign and domestic regulatory matters, including extensive work with outside counsels.

Mark R. Manley
Senior Vice President, Deputy General Counsel and Chief Compliance Officer, AllianceBernstein L.P.

Mark Manley serves as the Deputy General Counsel and Chief Compliance Officer at AllianceBernstein L.P. Mr. Manley joined the firm in 1984 and is based in New York, New York. He has been the firm's Deputy General Counsel since 2004 and its Chief Compliance Officer since 1988. Mr. Manley is also a senior member of various management-level committees at AllianceBernstein, including the firm's Information Security and Cyber Risk Oversight Committee.

Douglas Meal
Partner, Ropes & Gray LLP

Seasoned trial lawyer Doug Meal represents companies in complex transaction-related disputes arising from all varieties of business agreements. Most recently, he has played a leading role in the firm's privacy and data security practice, specializing particularly in representing clients targeted by litigation and government investigations stemming from highly publicized data security breaches. As the lead outside lawyer handling claims stemming from the data security breaches suffered by Target, Sony, Heartland Payment Systems, The TJX Companies, Nationwide, Hannaford Brothers, Aldo, Genesco, and Wyndham Hotels-some of the most highly publicized data security breaches in recent years-Doug has become the national leader in defending companies that suffer significant data security breaches involving consumer information against the ensuing claims and regulatory investigations. Doug is ranked in Chambers USA and Chambers Global for his work in privacy and data security, has been named a Law360 MVP for the past two years in “Privacy & Consumer Protection,” and was named a 2013 “U.S. Innovative Lawyer” by the Financial Times. He also frequently writes and lectures on privacy and data security issues.

Craig Mundie
Member, President's Council of Advisors on Science and Technology Senior Advisor to the Chief Executive Officer, Microsoft Corporation

Craig Mundie is Senior Advisor to the CEO of Microsoft. For more than a decade, Mundie has been Microsoft's principal technology-policy liaison to the U.S. and foreign governments. He has served in the U.S. National Security Telecommunications Advisory Committee. In April 2009, he was appointed to the President's Council of Advisors on Science and Technology.

Javier Ortiz
Vice President, Strategy and Global Government Affairs, TaaSera, Inc.

Javier Ortiz is a Vice President of Strategy and Global Government Affairs at TaaSera, Inc. Mr. Ortiz brings over 27 years of experience in technology, business, and government to TaaSera. TaaSera is the first cyber security company to deliver Preemptive Breach Intervention, allowing security and risk management professionals to find and fix compromised systems before they result in loss of data. During his career, Mr. Ortiz has provided strategic direction to organizations seeking to execute complex commercial and government transactions around the world.

Marcus Prendergast
Director and Corporate Information Security Officer, ITG

Marcus Prendergast is the Chief Information Security Officer of ITG, a global electronic brokerage and financial technology firm serving the world's largest asset managers. In this role, Mr. Prendergast oversees information security, physical security, and business continuity across the firm's 15 offices in 9 countries. He has been with ITG for the past four years and has led the effort to strategically address cybersecurity risks in a rapidly evolving and highly regulated business environment.

Katheryn Rosen
Deputy Assistant Security for Financial Institution Policy, Department of Treasury

Katheryn serves as Deputy Assistant Secretary for Financial Institutions Policy at the Department of Treasury as well as Senior Advisor to Assistant Secretary of Financial Institutions, Cyrus Amir-Mokri. Ms. Rosen joined Treasury in February 2011 to help stand-up the Financial Stability Oversight Council. Prior to joining Treasury, Ms. Rosen served as Senior Policy Advisor to Chairman Barney Frank and the House Financial Services Committee, working primarily on the Dodd-Frank legislation and housing finance reform. Prior to her public service, Ms. Rosen was a Managing Director at JPMorgan and spent over 15 years in capital markets and corporate finance, including advising corporations and government institutions on fundraising, capital, and liability management.

Andy Roth
Partner, Dentons LLP

Andy Roth is a Partner at Dentons LLP and serves as a joint head of Dentons' Privacy and Cybersecurity Group where he leads a global team of technology-forward lawyers representing clients in all aspects of Cybersecurity. Mr. Roth helps clients proactively manage Cybersecurity risks by implementing strong risk-based policies and controls. In addition to governance, Mr. Roth also specializes in incident response and crisis management, including guiding clients through high profile data breaches involving investigations by federal, state and international government agencies. Mr. Roth also counsels clients on a wide range of Privacy and Data Protection issues, helping clients leverage data responsibly to drive insight, innovation, and organizational transformation. Examples of recent work include advising on digital marketing campaigns, cross-border data transfers, employee privacy, and third-party vendor management.

Karl Schimmeck
Managing Director, Financial Services Operations, SIFMA

Karl Schimmeck is Managing Director of Financial Services Operations at SIFMA. He brings over 15 years of experience in operations, technology, finance and risk management. Mr. Schimmeck is responsible, as staff advisor, for supporting SIFMA's work on technology, business resiliency, operational risk and cybersecurity issues.

Prior to joining SIFMA, Mr. Schimmeck held finance and operational risk positions at Goldman Sachs, specifically in the areas of Derivative Operations and Shared Services. Additionally, he worked for PTC, a firm focused on providing product development and data management solutions, from 2000 to 2006, holding program management and strategy positions within their global services advisory practice. Prior to that he served in the United States Marine Corps during which time he achieved the rank of Captain.

Mr. Schimmeck holds an MBA from the NYU Stern School of Business and a BS in Industrial Engineering from Cornell University.

Ari Schwartz
Acting Senior Director for Cybersecurity Programs, National Security Council, The White House

Ari Schwartz serves as Director for Cybersecurity Privacy, Civil Liberties and Policy for the National Security Council and is currently Acting Senior Director for Cybersecurity Programs. He leads White House efforts to protect privacy and civil liberties while guarding against online security threats. He is also leads outreach to the private sector and civil society for emerging cybersecurity policy. Previously, Schwartz served as a Senior Policy Advisor to the Secretary of Commerce. Mr. Schwartz helped to run the Department of Commerce's Internet Policy Task Force, providing input on areas such as cybersecurity, privacy, intellectual property and radio spectrum policy. He came to the Department of Commerce through the National Institute of Standards and Technology (NIST) where he served as Senior Internet Policy Advisor for the NIST Information Technology Laboratory.

Adam Sedgewick
Senior Information Technology Policy Advisor, National Institute of Standards and Technology

Adam Sedgewick serves as Senior Information Technology Policy Advisor at the National Institute of Standards and Technology (NIST). In this role, Mr. Sedgewick represents NIST on the Department of Commerce Internet Policy Task Force and advises NIST leadership on cybersecurity issues. Mr. Sedgewick previously was Senior Advisor to the Federal Chief Information Officer Council, coordinating cross-agency initiatives and assisting in the implementation of OMB policy and directives. Mr. Sedgewick also served as Professional Staff Member for the Senate Committee on Homeland Security and Governmental Affairs for nine years, handling cyber security and federal information technology policy.

Thomas R. Sinnott
Managing Director, Global Information Security, CME Group

Thomas R. Sinnott is the Managing Director of Global Information Security at CME Group.

Mr. Sinnott is responsible for CME Group's Global Information Security which includes Application Security and Consulting, Management and Assurance, Security Operations Center (SOC) and Vulnerability and Patch Management. Mr. Sinnott has been in Information Technology for over twenty years and been directly involved with quality assurance, application development, bank conversions, commercial banking operations, network design and engineering, network management operations, business continuity and security architecture. As Managing Director Global Information Security, Tom's major initiatives include policy & standards review and development, information security governance, Computer Incident Response Team (CIRT), Intellectual Property Protection, Security Awareness and Security Risk Management.

John Reed Stark
Stroz Friedberg

John Reed Stark is a Managing Director in Stroz Friedberg's Washington, DC office. He actively manages data breach, cyber-incident response, digital forensics, security science, cyber risk management and investigations for public and private companies, law firms, corporations and government agencies. Mr. Stark's experience with intrusions and data breach touches upon all aspects of cyber-incident response, especially during early phases of crisis management and containment, as well as the later phases of remediation and any necessary reporting. Mr. Stark also specializes in engagements pertaining to technological aspects of investigations, prosecutions and enforcement matters conducted by the U.S. Securities and Exchange Commission, the U.S. Department of Justice and the Financial Industry Regulatory Authority. He is also engaged in structuring and running corporate compliance projects for broker-dealers, investment advisers and other SEC-regulated entities as well as leading domestic and international private investigations involving insider threats and other corporate or individual conduct.

Craig Thomas
Group Chief Information Security Officer, Computershare

Craig Thomas is a Group Chief Information Security Officer at Computershare. Prior to joining Computershare, Mr. Thomas was the Global Head of IT Security at The Royal Bank of Scotland Group. With over 25 years of experience, Mr. Thomas has developed and implemented Global IT Security Strategies that have delivered a consolidated approach to Information Security at all levels, including people, process and technology. Mr. Thomas was previously the practice leader for Information Technology Advisory Services at Grant Thornton (UK) and an Associate Partner in the Canadian Advisory Practice of PricewaterhouseCoopers, where he established an Information Security practice in British Columbia and Alberta for both public and private sector clients.

Leslie T. Thornton
Vice President and General Counsel, WGL Holdings, Inc. and Washington Gas Light Company

Leslie T. Thornton has been Vice President and General Counsel of WGL Holdings, Inc. and Washington Gas Light Company since January 2, 2012, having joined that company as Counsel to the Chairman in November 2011. Ms. Thornton is responsible for developing, coordinating, and providing legal advice and counsel to WGL and all its subsidiaries on matters including, but not limited to, litigation, regulatory affairs, business transactions, employment and labor law, employee benefits issues, ethics, compliance, and cyber-threats/cyber-security, among others. At the chairman's request, Ms. Thornton also serves on WGL's Strategy Council, Risk Management Committee, Anti-Fraud Committee, and SOX Management Committee. Prior to joining the company, Ms. Thornton served as a partner with the law firm of Dickstein Shapiro LLP in Washington D.C. from 2004 until 2011 and as a partner with the law firm of Patton Boggs, LLP from 2000 to 2004. Beginning with the Presidential Transition of 1992 and until 2000, Ms. Thornton worked with U.S. Secretary of Education Richard W. Riley, first as Deputy Chief of Staff and Counselor, and then as Chief of Staff at the U.S. Department of Education. Holding a Top Secret clearance, Ms. Thornton was also in charge of Continuity of Operations of Government for her agency.

David G. Tittsworth
Executive Director and Executive Vice President, Investment Adviser Association

David Tittsworth is Executive Director and Executive Vice President of the Investment Adviser Association (IAA), a not-for profit organization that represents the interests of the investment advisory profession and provides a wide range of advocacy, compliance, and education services. The IAA's membership consists of about 550 SEC-registered investment advisory firms that manage in excess of $12 trillion in assets for a wide variety of individual and institutional clients. Mr. Tittsworth manages all of the IAA's activities, including its involvement in a wide variety of legislative, regulatory, compliance, educational, and business issues that affect the investment advisory profession.

Mr. Tittsworth served a significant portion of his professional career in the public sector, where he held positions in all three branches of government. He began his legal career as a research attorney for the Kansas Court of Appeals in 1978. Thereafter, he held various positions in state government, including his appointment as Chief Counsel of the Department of Transportation in 1983, where he supervised a staff of attorneys and advised the Department and Governor on a wide range of issues. In 1985, Mr. Tittsworth joined the bond counsel firm of Gilmore & Bell in Kansas City, where he advised state and municipal officials on various financing issues.

Upon moving to Washington, D.C. in 1987, Mr. Tittsworth first served as Associate Staff on the House Budget Committee. He accepted a position as Senior Counsel to the House Subcommittee on Transportation, Trade, and Hazardous Materials in 1989. In 1991, he left Capitol Hill to become General Counsel and a partner with a government relations firm (now Chambers, Conlon & Hartwell), where he represented the IAA and other clients. In 1992, he returned to Capitol Hill to serve as Counsel (and Minority Counsel) of the House Committee on Energy and Commerce, a position he held until joining the IAA as Executive Director and Executive Vice President in October 1996. Mr. Tittsworth oversaw the relocation of the IAA's offices from New York to Washington, D.C. early in 1997.

Aaron Weissenfluh
Chief Information Security Officer, BATS Global Markets, Inc.

Aaron Weissenfluh serves as the Chief Information Security Officer at BATS Global Markets, one of the largest stock market operators in the U.S. and globally. In this role, Mr. Weissenfluh oversees all information and physical security along with environmental, security compliance, monitoring and policy/procedures on a global basis for BATS. Mr. Weissenfluh joined BATS in 2008 and built the information security program from the ground up.

Prior to joining BATS Global Markets, Mr. Weissenfluh aided in the development of the penetration testing and security advisory groups at Grant Thornton LLP and founded and managed Mercury Risk Management, a Colorado-based information security consulting firm.

Larry Zelvin
Director, National Cybersecurity and Communications Integration Center, U.S. Department of Homeland Security

Larry Zelvin is a career Senior Executive Service member and Director of the National Cyber and Communications Integration Center (NCCIC) at the U.S. Department of Homeland Security. The NCCIC is comprised of the U.S. Computer Emergency Readiness Team (U.S.-CERT), the National Coordinating Center for Telecommunications (NCC), the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a 24/7 Cybersecurity and Communications Operations Center, and exercise program. The NCCIC's primary focus areas include conducting situational monitoring, incident management, information sharing, and technical analysis.