Information Security Compliance and Risk Management Institute:

Where Information Technology, Law and Risk Management Converge

September 10-11, 2008
Husky Union Building (HUB), University of Washington
Seattle, Washington, USA

InfoSec has been approved for 14.75 CLEs by the
Washington State Bar Association.

Institute Co-Directors

Advisory Board

Keynotes

John Jessen, The Sedona Conference and Electronic Evidence Discovery, Inc.

Creating Defensible Electronic Discovery Policies through Data Governance Integration

The lack of a comprehensive, defensible and actively managed plan for addressing electronically stored information in legal and regulatory discovery leaves many large corporations exposed to great risk. Corporations today need to demonstrate that they have a proper plan, that they know how and when to implement it, and that they can manage all of the plan's supporting resources. The proactive integration of data governance with eDiscovery can lead to systematic and defensible electronic discovery policies and procedures that will reduce this risk.

biography:
John is the Chairman of the Executive Committee of The Sedona Conference and is a Steering Committee Member of, and the Technical Expert to, The Sedona Conference Working Group on Electronic Document Retention and Production. John is the founder and Chairman of the Board of Electronic Evidence Discovery, Inc. (“EED”), which for twenty years has been a leader one in eDiscovery. In his capacity at EED, John works with clients to develop litigation risk-reduction and litigation response programs.

Jeffrey Ritter, J.D., Water’s Edge

Digital Justice: Proving the Truth in the Year 2058

Speaking from the future, in Year 100 of the Net, this speech examines how the principles of digital justice took shape during the first half of the 21st century. It provides a retrospective view on the consequences of early e-discovery reforms, the resulting erosion of common law principles and the emerging control of the security domain across all of the digital assets in our global society.

biography
Jeffrey Ritter is the CEO of Waters Edge, a research and advisory firm with which companies, lawyers and security professionals consult in order to improve the economic value and trustworthiness of digital information. As a lawyer, Jeffrey is recognized as a pioneer in contributing to shaping the legal rules for online electronic commerce, as well as for highlighting attention on the critical importance of information security to extending the rule of law into a global digital marketplace.

Across a career of practicing law, academic research, standards development and dot.com companies, Jeffrey has been a frequent speaker and lecturer. Online, he is well known in the information security world as the host and moderator for the monthly live e-symposia conducted by ISACA, ISC(2) and ISSA for their thousands of members around the globe, as well as former legal counsel to ISSA and CERT at Carnegie Mellon. He is trained as a lead auditor under ISO 27001 and also serves as one of five members on ARMA International’s Public Policy Group and. He is the contributing editor on compliance for SearchCIO-Midmarket, authoring monthly articles on navigating compliance issues within complex IT projects.

Faculty

Allen, Julia
Senior Researcher
Carnegie-Mellon University CERT® Program

Julia H. Allen is a senior member of the technical staff within the CERT® Program at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Allen is engaged in developing and transitioning executive outreach programs in enterprise security and governance as well as conducting research in software security and assurance.

Prior to this technical assignment, Allen served as acting Director of the SEI for an interim period of 6 months as well as Deputy Director/Chief Operating Officer for 3 years. Before joining the SEI, she was a vice president in embedded systems software development for Science Applications International Corporation and managed large software development programs for TRW (now Northrop Grumman).

In addition to her work in security governance, Ms. Allen is the author of The CERT Guide to System and Network Security Practices (Addison-Wesley, June 2001) and the CERT Podcast Series: Security for Business Leaders (2006-2008). She is a co-author of Software Security Engineering: A Guide for Project Managers (Addison-Wesley, May 2008). Her degrees include a Bachelor of Science in Computer Science (University of Michigan), an MS in Electrical Engineering (University of Southern California), and an executive business certificate (University of California – Los Angeles).

Bailey, Kirk
Chief Information Security Officer
University of Washington

Prior to his appointment as the CISO for the University of Washington, Mr. Bailey served as the first ever CISO for the City of Seattle. His long career as an information assurance professional has provided him an extensive background in large mainframe systems, distributed computing and network environments, and emerging technologies. For the last 20 years his professional focus has been the methodologies and technology associated with information systems control, administration, and protection. His professional responsibilities and research have provided him considerable expertise regarding issues associated with privacy protection, compliance issues, electronic crime, risk management, critical infrastructure protection and the controversial area of active response.

In response to growing concerns by professionals in the field regarding the troubling challenges posed by emerging technologies, Mr. Bailey founded “The Agora” in November of 1995. The Agora is a successful strategic association of information systems security professionals, technical experts, and officials from the private sector, public agencies, local, state, and federal government, and law enforcement.

Mr. Bailey and his work with the Agora have been reported in newspapers around the country including: The New York Times, The Wall Street Journal, The Christian Science Monitor, The Washington Post, The Los Angeles Times, The Seattle Post Intelligencer, The Seattle Times, and The Tacoma News Tribune. He has also appeared on local television news shows, and the PBS Frontline special “Hackers.” In addition, Mr. Bailey’s professional experiences and entertaining perspectives have made him a popular and much sought after speaker for professional forums and conferences around the country.

Calvert, Chris
Security Consultant
Laconic Consulting, LLC.

Chris Calvert has over 20 years experience in the security of information. Chris is a co-founder of Laconic Security, LLC. Before starting Laconic Security, Chris was the Director of Professional Service for the Western United States at Cybertrust. Prior to Cybertrust, Chris was with IBM Global Services, where he worked as the Manager of Security Intelligence and Manager of Security Operations. Chris has worked in the fields of ethical hacking, forensic investigation, intrusion detection, security operations and business intelligence. Chris founded the group responsible for the application of Business Intelligence to the field of Information Security, including underground data collection, data mining and analytical decision support.

Before joining IBM, Chris worked in the National Defense and Intelligence community in the field of Information Warfare and Operations. He supported such agencies as the Department of Defense Joint Staff, the Land Information Warfare Activity, the Space Warfare Center as well as other federal agencies. Prior to this, Chris served for 10 years in the U.S. Army in Strategic Intelligence and Special Forces.

Christiansen, John R.
Managing Director
Christiansen IT Law

John R. Christiansen entered the practice of law in 1985 and is a graduate of the University of Washington School of Law. His practice focuses on the implementation and management of information technologies for healthcare uses, with an emphasis on privacy and security regulatory compliance and risk management.

John is a frequent national speaker and regularly publishes on healthcare technology issues; his recent publications include An Integrated Standard of Care for Healthcare Information Security: HIPAA, Risk Management and Beyond (2005), the definitive legal treatise on security obligations applicable to healthcare information; Using Safe Harbors to Reduce Legal Barriers to Implementation of Electronic Health Records and Health Information Networks, Shidler Journal of Law, Commerce and Technology (pending Summer 2007) Managing HIPAA Security Compliance: Organizational Governance and Risk Acceptance, New Perspectives in Health Care Auditing (Fall 2004) Offshore Outsourcing of PHI Processing: Is It Permitted Under HIPAA? Health Lawyers News (July 2004).

John participates in a number of national organizations and boards. He is currently a Core Team and Technical Advisory Panel member of the Health Information Security and Privacy Collaboration (HISPC), and was Co-Chair of the American Bar Association's Committee on Healthcare Privacy, Security and Information Technology from 2004 – 2006, and Chair of its Healthcare Informatics Committee from 2000 – 2004. He helped found and serves as member of the Executive Board of the Evergreen State InfraGard Members Alliance, a collaboration between the Federal Bureau of Investigation and private sector security professionals. John is also a past Chair of the King County Bar Association Law and Technology Section and the Board of Trustees of the Greater Seattle Chamber of Commerce.

Cullinane, Dave
Chief Information Security Officer
eBay

Dave Cullinane is the Chief Information Security Officer (CISO) for eBay Marketplaces, including 21 additional eBay properties such as Shopping.com. Dave is also responsible for the security of the overall corporate infrastructure which includes Skype and PayPal.

Prior to joining eBay in November 2006, Dave was the CISO for Washington Mutual, one of the largest banks in the United States. Prior to Washington Mutual, Dave was a Senior Consultant for nCipher, Inc. and also served as the Director of Information Security for Sun Life of Canada's U.S. operations, helping to create Digital Equipment Corporation's Security Consulting Practice. He has more than 30 years of security experience and is Board Certified in Security Management by ASIS International as a Certified Protection Professional (CPP). He is also a Certified Information Systems Security Professional (CISSP) and a former Certified Business Continuity Professional (CBCP).

Dave is a Charter Member of the Alliance for Enterprise Security Risk Management (AESRM) – an alliance of security professional associations dedicated to advancing the Profession. He is the current Past International President of the Information Systems Security Association (ISSA); and a Charter Member of the Global Council of Chief Security Officers. He serves on ASIS International's Information Technology Security Committee (ITSC) and is on the Editorial Advisory Board of CSO Magazine, SC Magazine and Security Technology & Design Magazine. He was nominated for Information Security Executive of the Year for 2004 and 2005 and awarded SC Magazine’s Global Award as Chief Security Officer of the Year for 2005. He was recently awarded CSO Magazine’s 2006 Compass Award as a “Visionary Leader of the Security Profession.”


Donovan, Michael
Underwriter
Beazley USA

Michael Donovan is the Global Product Leader for Technology, Media and Business Services Professional Liability Insurance with Beazley Specialty Lines. Based in San Francisco, Mike underwrites technology, business services, media and network security liability insurance for major companies in the United States and throughout the world.

Prior to joining Beazley in 2004, Mike was a partner at a San Francisco law firm where his practice focused on technology and intellectual property litigation, and technology insurance consulting. He has also developed numerous insurance policies covering intellectual property, Internet, data security and first party electronic exposures.

Mike frequently speaks on emerging liability and insurance issues involving the technology industry and the Internet. He received both his undergraduate and law degrees from the University of Michigan.


Dunlap, Brandon
Managing Director, Research at Brightfly

Brandon Dunlap has more than 15 years of experience managing business technology risk in large and small organizations. He has served in a variety of roles across heavily regulated industries, successfully leading all aspects of IT security programs, including policy and procedure management, oversight and control, strategy, architecture, development, and training. Currently, he is a principal and managing research director of Brightfly, an independent, advisory and research firm that focuses on building a collaborative IT practitioner communities and bridging the gaps within information technology, security, risk, compliance, and audit disciplines.

With Brightfly, Brandon helped developed Policy Manager, a tool for automating IT policy development and tracking that was acquired by Symantec and is now part of its Control Compliance Suite. Brandon has also served as a Symantec senior product manager and as the head of the Information Protection Unit at Constellation Energy. He is currently an active faculty member with The Institute for Applied Network Security, where he develops and delivers curriculum on key information security topics.

Brandon’s broad presentation history, charismatic speaking style, credible experience, and vendor-neutral perspective have made him a popular presenter at technical and business-focused events. In addition to headlining Brightfly education events, he has recently addressed professionals at the Houston Institute of Internal Auditors (IIA), ISACA North Texas Chapter, the ASIS International Annual Seminar, and other events. Brandon has been quoted in major industry publications, including CSO Online, Dark Reading, and TechTarget's SearchSecurity magazine.


Endicott-Popovsky, Barbara
Director
Center for Information Assurance and Cybersecurity, University of Washington Information School

Barbara Endicott-Popovsky is Director of the Center for Information Assurance and Cybersecurity, with a joint faculty appointment in the Information School and the University of Washington Institute of Technology, Tacoma, as well as an affiliate appointment in the School of Architecture/Dept. of Urban Planning MS in Critical Infrastructure Protection Program.

Her teaching interests include information assurance, risk management for information security, computer forensics, critical infrastructure protection, software engineering, developing secure code. Her research involves developing approaches that support emerging trends in network forensic investigations, defining information system security strategies to include requirements for meeting courtroom admissibility standards, creating approaches to embed forensic capability into networks that anticipate digital evidence trends, investigation into security vulnerabilities in critical infrastructure, pedagogical approaches to teaching information system security subjects that bridge industry and the classroom.

She serves as Principal Investigator on an Information Assurance Scholarship Program Grant (funded by the Department of Defense 2005 & 2006); Principal Investigator on Information Assurance Scholarship Program Capacity Building Grant (funded by the Department of Defense 2005 & 2006); Principal Investigator on an Information Assurance Scholarships/IRMC Partnership Grant (funded by the Department of Defense 2006); Pacific Northwest National Laboratory grant recipient for the Unintended Consequences of the Information Age Colloquium and the Recent Advances in Intrusion Detection (RAID) conference. Co-Principal Investigator, Collaborative Project: Course, Curriculum grant (funded by the National Science Foundation). Current projects include network device calibration in support of digital forensic investigations.

She is on the editorial board of a Special Edition of ACM's Journal on Educational Resources in Computing (ACM); a founding member of the NW Regional Computer Forensics Cooperative that includes University of Washington, Highline Community College, and Seattle University; an invited participant in a Homeland Security panel and workshop led by the Secretary of DHS (2004); and an invited speaker at Microsoft Academic Days in Silicon Valley, California (2004).

She has a BA in Liberal Arts from the University of Pittsburgh (1967), 5th year in Accounting and an MBA from the University of Washington (1972, 1985), an MS in Information Systems Engineering from Seattle Pacific University (1987) and is ABD for a PhD in Computer Science from the University of Idaho (expected graduation date 2007).


Ferguson-Boucher, Kirsten

Ms. Ferguson-Boucher is a Lecturer in Records Management, Aberystwyth University, Wales, UK. She holds a Master of Arts and Masters of Science in Economics.


Hargraves, Kim
Group Manager, Privacy Strategy
Microsoft Corporation

As Group Manager, Privacy Strategy, Kim Hargraves is responsible for developing and implementing global programs that enhance the privacy features of Microsoft products, services, processes and systems. In this role, Hargraves focuses on evaluating enterprise policies, risk management and corporate governance structures as they relate to privacy management. She is also involved in analyzing technology policy areas such as Radio Frequency ID (RFID) as an advocate for strong privacy safeguards.

Previously, Hargraves managed the business/IT internal audit team at Microsoft, engaging in audit support initiatives to assess systems risk and performing audits across Microsoft's business units. Hargraves was responsible for providing integrated systems audit support services for operations audits, systems development and process reengineering. In addition, she developed a privacy assurance program to enhance Microsoft’s ability to ensure compliance with related laws, regulations, corporate directives and best practices.

Prior to joining Microsoft, Hargraves held positions at PricewaterhouseCoopers related to security consulting and financial auditing. She also conducted financial analysis for Specialty Brands.

Hargraves is also a member of the International Association of Privacy Professionals, the Institute of Internal Auditors and the Information Systems Audit and Control Association.


Hayden, Ernie
Security Consultant

Ernest N. Hayden (Ernie) was most recently the Information Security Officer (ISO) for Group Health Cooperative – one of the largest private employers in Washington State and one of the largest healthcare systems in the area. In this newly-created position Ernie reported to the Compliance Office in the Group Health Legal Division and was actively developing new practices, policies and procedures for this new entity in the Cooperative.

Prior to Group Health, Hayden was the CISO for the Port of Seattle – one of the nation’s largest combined airport and seaport operations. In this role, Ernie was responsible for information security policy and practices, business continuity/disaster recovery planning, and privacy issues for the Port.

During Ernie’s tenure in 2004 at the Port he co-chaired a large, regional critical infrastructure protection exercise called Blue Cascades II and was invited to speak at the National Association of Attorneys General at the request of Washington State Attorney General Rob McKenna. Ernie was profiled in a cover story in Information Security Magazine for his work with the CISO of the City of Seattle. Hayden also published a chapter on “”Cybercrime’s Impact on Information Security,” in the Oxford University Press Cybercrime and Security Legal Series.

Ernie is a CISSP – Certified Information Systems Security Professional and Certified Ethical Hacker (CEH). He received a Bachelors Degree in Business Administration (with International Business emphasis) from the University of Washington in Seattle; has completed graduate-level coursework, and is a graduate of the FBI Citizens Academy and Center for Creative Leadership - Leadership Development Program.

Some of Ernie’s other significant management positions in include President & CEO of MCM Enterprise of Bellevue, Washington , an advanced sensor technology company for the hydroelectric sector; IT security lead for the Seattle Justice Information System in the Seattle Municipal Courts and Seattle Police Department; Director of Security Services for Alstom ESCA software company of Bellevue, Washington, a major player in the unregulated energy sector; and Executive Director for the Electric Power Research Institute (EPRI) covering the Western US and Canadian operations.


Kesterson, Hoyt

Mr. Kesterson is a technology expert with more than 30 years of experience in the field of information security and related technologies. He chaired the international standards group that created the X.509 certificate for over twenty years. He has been working with the ABA’s Information Security Committee for nearly twenty years on the effects of digital data and electronic signature.
Leskela, Lane

Lane Leskela is the Vice President of Technology Programs at nonprofit think tank the Open Compliance & Ethics Group (www.oceg.org). OCEG provides objective standards, guidelines and online resources to help organizations Drive Principled Performance® by integrating governance, risk management, and compliance (GRC) processes. OCEG's global community includes over 14,000 practitioners from a host of professions and multiple industries.

Lane is a recognized leader in technology solutions for corporate and IT governance, risk management, and compliance processes. He is a frequent speaker and noted author on GRC software and technology management.

Prior to his role at OCEG, Lane served as the Senior Product Marketing Director for GRC applications at Oracle Corporation. From October 2005 to October 2007, he was the global marketing manager for Oracle's internal controls and risk management products. Lane managed the market positioning, sales enablement, channel partner marketing and training, third party event sponsorship, customer references and global communication strategy for Oracle GRC software. He helped to create and popularize the first complete Oracle product architecture for GRC, integrating database, middleware, user security and applications into a cohesive, functional framework.

Prior to joining Oracle, Lane was a Research Vice President at technology research firm Gartner, Inc. At Gartner, he managed software market research, analysis, reporting and client services for enterprise risk management, regulatory compliance management and financial control and reporting. From 2002 through 2005, Lane was a member of the analyst team that founded comprehensive GRC research at Gartner. While at Gartner, Lane authored over 50 original software market research reports and articles, and was an originator of the Financial Compliance Process Management and Basel II Software Magic Quadrants.

Prior to Gartner Lane served as an Asia Pacific software market research analyst at International Data Corporation, a regional technology market analyst with ResearchAsia, Ltd., and an international trade consultant for the International Trade and Investment Corporation (ITIC) of China's Jiangxi Province.

Lane is a member of the Institute of Internal Auditors (IIA), the Professional Risk Managers' International Association (PRMIA) and the Information Systems Audit and Control Association (ISACA). He has received Professional Marketer certification from the American Marketing Association. Lane holds a Master of International Affairs in Economics from Columbia University in New York and a Bachelor of Arts in International Economics from Portland State University (Portland, Oregon).


Lowder, Jeff
Director
Information Security
Disney Interactive Media Group

Plan, develop, and manage information security and risk management program for TWDC's Internet properties. Direct team of 9 information security specialists with authority for information security operations, infrastructure and applications, information risk management, disaster recovery, incident response, IT governance, and capital/expense budget of $6+ million. Coordinate security management across corporate IT, security, legal, risk management, and WDIG business unit.

Built a world-class information security organization praised repeatedly in leading third-party audit reports; Visionary and driving force in build-out of WDIG's information security and risk management strategic plan, roadmap, methodology, policies, staffing/organizational model, governance, and reporting from the ground up; change agent for improvements in information security and remediation of business-critical systems.

Former Senior Security Architect / Manager, Network Security Team at UNITED ONLINE, INC. (FORMERLY NETZERO/JUNO); Director, Security & Privacy, Elemica; Senior Consultant, Technology/Security Group, PricewaterhouseCoopers; and Director, Network Security United States Air Force Academy.

Jeffrey is also a frequent speaker and author on security issues and serves in leadership roles in ISSA, SANS and other information security organizations.


Marriott, Bill

Narvaez, Julia

Ms. Narvaez is the founder and Principal in Viva Technology, a web application development company. During her 17 year career in the software industry she has also held positions as senior project manager in several software development companies, information department manager, programmer, information architect and system administrator. Ms. Narvaez has been a professor in two universities in Columbia, has a degree in Systems Engineering, Project Management, and recently a certification in Information Assurance and Cybersecurity.


Navetta, David
Managing Member
InfoSecCompliance, LLC

Mr. Navetta is an attorney with 11 years of legal experience, including in the areas of contract drafting, litigation, insurance law and information security and privacy compliance. Prior to starting his own firm, he worked for over three years as general counsel for AIG’s eBusiness Risk Solutions Group analyzing and forecasting information security, privacy and technology risks and drafting policies to cover such risks. While at AIG, Mr. Navetta became the Chairman of the ABA’s Information Security Committee’s Information Security Contracting & Risk Management Working Group. Mr. Navetta is now the Vice-Chair of the ABA’s Information Security Committee.

Mr. Navetta currently operates his own consulting practice to provide services related to information security and privacy contract drafting, policy drafting, risk management consulting and regulatory compliance, including developing contracts for information security controls and analyzing and drafting information security and privacy insurance policies. He has spoken and written frequently concerning information security risk management using an integrated approach involving technology and administrative controls, legal compliance, contractual vendor management and risk transfer mechanisms. He writes regularly about information security and privacy legal issues and risk management on his blog: www.infoseccompliance.blogspot.com


Nevins, Terrence
Senior Program Manager
Microsoft Corporation

Terrence Nevins is a Senior Program Manager in the Software Licensing and Protection team at Microsoft. Terrence has over thirty years of business experience in technology including eleven years at Microsoft.

Mr. Nevins actively researches, publishes, and presents on various topics related to data management. He has been a key contributor in the development of a number of major software products including SQL Server, SQLH2, BizTalk Server and components of the Windows operating system. His practical experience in data lifecycle management spans technical, ethical, legal and organizational issues of corporate data assets.

Terrence’s experience and education enables him to assess and advise on the full spectrum of compliance issues from policy development to mitigation controls. He regularly assists Microsoft's customers, internal teams and executives in the management of their growing IT compliance risks. He is especially qualified to advise in areas of planning, architecture, development, deployment, operations and maintenance of mission-critical systems.

He holds UW certifications in Computer Forensics and Information Assurance and Cybersecurity.


Orton, Ivan
Senior Deputy Prosecuting Attorney
King County Prosecutor’s Office, Fraud Division

Ivan Orton is a Senior Deputy Prosecuting Attorney with the Complex Prosecutions and Investigations Division of the King County Prosecutor's Office in Seattle, Washington. Ivan helped draft Washington's Computer Trespass and Malicious Mischief statutes relating to computer damage, and is a co-author of Cybercrime: The Investigation, Prosecution and Defense of a Computer-Related Crime. He was a member of the plannig panel and contributing author to A Guide for Preparing Digital Evidence for Courtroom Presentation, published by the National Institute of Justice. Ivan regularly teaches classes to prosecutors, judges, law enforcement officers and the private security sector on cybercrime and digital evidence. He is a 1977 graduate of Harvard Law School.


Reavis, Jim

Jim Reavis has worked for many years in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim’s innovative thinking about emerging security trends have been published and presented widely throughout the industry and have influenced many.

He is a member of the Business Advisory Board for PGP, Inc., the world’s largest provider of encryption services, and of the Technical Advisory Board for Tyfone, Inc., a provider of mobile financial services infrastructure that encompasses a comprehensive mobile banking solution with fully integrated security features. Jim is also President of Neupart, Inc., which focuses on automating policy documentation, ISO 27001 compliance management and employee awareness of corporate policies in an integrated, software-based fashion, and of Reavis Consulting Group, which provides information security research and consulting services to a diverse clientele.

Jim is also Chief Blogging Officer at Risk Bloggers, a group which brings together the top minds from a variety of risk-based disciplines, including information security, physical security, risk management, privacy, government and the legal practice to contribute insightful blogs that will act as a strategic change agent to influence the direction of technology, policy and best practices.

Jim is a past Executive Director, Board Member and Vice President of the Information Systems Security Association (“ISSA”).


Robinson, Laura
Principal
Robinson Insight

Laura Robinson is Principal of Robinson Insight, a unique industry analyst and marketing consulting company that specializes in the many facets of information security and compliance. Robinson Insight looks at the evolution of information risk management; the rise of privacy, security, and governance regulations worldwide; the shifting threat landscape; advances in information technology; and the changing nature of the enterprise; to understand what solutions and strategies can help information security leaders successfully protect information.

Previously, Laura held industry analyst, marketing, and management positions with technology companies as well as government agencies in North America, Europe and Asia. Currently, Laura is also the program director for the Executive Security Action Forum (ESAF), an industry association of CISOs and other senior executives responsible for protecting information for Global 1000 companies and government.

Laura has over 22 years of experience in technology industries, with over 8 years in information security. Her corporate experience includes RSA, Brooks Automation, Cygnus Business Media, Matrox, Mettler Toledo, and a division of Hewlett Packard. She has worked for the Government of Alberta, Canada and for the Japanese International Cooperation Agency, to help expand the role of technology in economic development.

Laura has spoken and written widely on the topics of information security and compliance, and she has authored and contributed to several industry standards and best practice frameworks. Laura holds a Bachelor of Commerce with majors in economics and marketing.

Scambray, Joel
CEO
Consciere

Joel Scambray is co-founder and CEO of Consciere, provider of strategic security advisory services. He has assisted companies ranging from newly minted startups to members of the Fortune 50 address information security challenges and opportunities for over a dozen years.

Joel’s background includes roles as an executive, technical consultant, and entrepreneur. He has been a Senior Director at Microsoft Corporation, where he led Microsoft's online services security efforts for three years before joining the Windows platform and services division to focus on security technology architecture. Joel also co-founded security software and services startup Foundstone Inc. and helped lead it to acquisition by McAfee for $86M. In 2007, he helped lead US-based Leviathan Security from start-up to well-recognized boutique security consultancy. He previously held positions as a Manager for Ernst & Young, security columnist for Microsoft TechNet, Editor at Large for InfoWorld Magazine, and Director of IT for a major commercial real estate firm.

Joel is widely recognized as co-author of Hacking Exposed: Network Security Secrets & Solutions, the international best-selling computer security book that first appeared in 1999. He is also lead author of the Hacking Exposed: Windows and Hacking Exposed: Web Applications series.

Joel brings deep experience in technology development, IT operations security, and consulting to clients ranging from small startups to the world’s largest enterprises. He has spoken widely on information security at forums including Black Hat, I-4, and The Asia Europe Meeting (ASEM), as well as organizations including CERT, The Computer Security Institute (CSI), ISSA, ISACA, SANS, private corporations, and government agencies such as the Korean Information Security Agency (KISA), FBI, and the RCMP.

Joel holds a BS from the University of California at Davis, a MA from UCLA, and he is a Certified Information Systems Security Professional (CISSP).

Simon, Michael
Chief Technical Officer
Creation Logic

Mike has been working in computer security and policy development since 1985, working at the time for the University of Idaho, a regional pioneer in computer security and one of the first NSA Centers of Excellence in Information Assurance Education, Mike built the network laboratory infrastructure used for the research programs that support the center and taught Senior and Graduate courses in networking and network topology.

From 1993 through September 2005, Mike was involved in building security awareness and improving the security posture for hundreds of companies as Chief Scientist for a highly respected Seattle based security consulting company. In that role, Mike was responsible for designing security policy that protects multiple industries, including health care, biotech, military, streaming media, power infrastructure, water infrastructure, financial institutions, e-commerce and aerospace.

Currently, in addition to setting technical direction for Creation Logic as CTO, Mike is an adjunct faculty member for the University of Washington and occasionally lectures at Seattle University, University of Idaho and several civic organizations on the subject of information assurance and computer security. He sits on the advisory board for the Information Assurance certificate program for the University of Washington, the technical advisory board for Goldfish Holdings, inc., the Advisory Board for the Computer Science Department at the University of Idaho and on the Founders Board for the Information School at the University of Washington. He earned a B.S. in Computer Science from the University of Idaho.


Subramaniam, Ilanko
Microsoft Corporation

Ilanko Subramaniam is a Senior Strategist responsible for managing risk and compliance strategy for Microsoft's Trustworthy Computing Group. His duties include developing GRC strategy to effectively manage corporate risks around Privacy, Accessibility, Geopolitical Intelligence and Online Safety business at Microsoft. In this role, Subramaniam focuses on enterprise wide risk assessments, develop and deploy proactive risk mitigation strategies, influence the integration of risk based decision management into Microsoft core business.

Prior to Microsoft, Subramaniam held positions at KPMG, BearingPoint, Visa and SUN Microsystems. He has over 15 years of corporate Security and Privacy consulting experience. He has spent several years developing Security curriculums for leading educational institutions. An engineer by training, he holds a masters degree in Information Systems.

Subramaniam is a member of the International Association of Privacy Professionals, Information Systems Audit and Controls Association and Information Systems Security Association.


White, Ravila
Information Security Coordinator
Bill and Melinda Gates Foundation

Ravila Helen White is a Senior Information Security Analyst for the Bill & Melinda Gates where she developed and implemented the foundation’s first Information Security Program.

Prior to joining the foundation, Ravila managed information security for drugstore.com where her focus was of a more tactical nature with a strong emphasis on incident handling, policy development and intrusion prevention and response. Before focusing on information security, Ravila worked for The Casey Family Program. She was one of the original IT professionals hired to automate operations. During her tenure there she engineered messaging and collaboration infrastructures as well as assisted in developing the strategy to migrated from Apple and DEC technologies to Microsoft technologies.

Ravila is a CISSP, CISM, CISA and GCIH. She co-chaired the WSA Security SIG for four years. Ravila is a member of Agora and the PacCISO groups.


Winn, Jane
Director
Shidler Center for Law, Commerce and Technology, University of Washington School of Law

Professor Winn joined the faculty in 2002 to teach commercial and technology law courses, and is also a director of the Shidler Center for Law, Commerce & Technology. From 1989 to 2001, she taught commercial law and comparative law at Southern Methodist University School of Law in Dallas, Texas. In Spring 2002, she was a visiting professor at the University of California, Berkeley School of Law and, since 2001, has been a Visiting Fellow of the University of Melbourne School of Law, for the e-Law program. Professor Winn is a member of the American Law Institute, a board member of CALI (Computer Assisted Legal Instruction) and a faculty associate of the UW Harry Bridges Center for Labor Studies. From 1987-89, she practiced law at the New York office of Shearman & Sterling. She is coauthor of the treatise Law of Electronic Commerce (4th ed. 2006) and the casebook Electronic Commerce (2nd ed. 2005). Her current research interests include electronic commerce law developments in the U.S., the European Union, and China.

Books or Treatises

Jane K. Winn & Ronald Mann, Electronic Commerce, Aspen Legal Education (Aspen 2nd ed. 2005).

Jane K. Winn & Benjamin Wright, The Law of Electronic Commerce, Aspen Law & Business (Aspen 4th ed. 2001).

Book Chapters

Jane K. Winn, "Could an Emerging US Computer Security Law Protect the Data of US Consumers in Lieu of an Information Privacy Right?," in Desafíos del Derecho a la Intimidad y a la Protección de Datos Personales en los Albores del Siglo XXI, María Verónica Pérez Asinari ed. (forthcoming 2007).

Jane Winn, Standard Developing Organizations as a From of Self-Regulation, in Sherrie Bolin, ed., The Standards Edge: Standardization: Unifier or Divider? (forthcoming 2006).

Jane K. Winn, Information Technology Standards as a Form of Consumer Protection Law, Consumer Protection in the Age of the Information Economy (2006).

Jane K. Winn, Is Consumer Protection an Anachronism in the 21st Century?, Consumer Protection in the 21st Century (2006).

Jane K. Winn, US and EU Standards Law & Policy: A Regulatory Compeition Perspective, Proceedings of Standards and Innovation in Information Technology (2005).

Jane K. Winn, Should Vulnerability Be Actionable? Improving Critical Infrastructure Computer Secuirty with Trade Practices Law, Vol. 2 George Mason University Critical Infrastructure Protection Project Papers Vol II (2004).

Jane K. Winn, "The Emerging Law of Electronic Commerce" in Handbook on Electronic Commerce (Michael Shaw, Robert Blanning, Troy Strader & Andrew Winston eds., Springer 2000).

Peer Reviewed Journals & Law Reviews

Jane K. Winn & Song Yuping, Can China Promote Electronic Commerce Through Law Reform? Some Preliminary Case Study Evidence, forthcoming Columbia Journal of Asian Law (Spring 2007).

Jane Winn, "Recent Developments in the Emerging Law of Information Security," 38:4 Uniform Commercial Code Law Journal 391 (2006).

Jane Winn, "The Impact of EU Unfair Contract Terms Law on US Business-to-Consumer Internet Merchants," The ABA Business Lawyer (Annual Cyberspace Survey) (November 2006) (co-authored with Mark Webber).

Jane K. Winn, US and EU Regulatory Competition and Authentication Standards in Electronic Commerce, Journal of IT Standards and Standardisation Research (2006).

Jane K. Winn & Brian Bix, Diverging Perspectives on Electronic Contracting in the US and EU, 54 Clev. St. L. Rev. 175 (2006).

Jane K. Winn, Contracting Spyware By Contract, 20 Berkeley Tech. L.J. 1345 (2005).

Jane K. Winn & Jens Haubold, Electronic Promises: Contract Law Reform and E-Commerce in a Comparative Perspective, 27 Eur. L. Rev. 567 (2002).

Jane K. Winn, Emerging Issues in Electronic Contracting, Technical Standards and Law Reform, VII Uniform L. Rev. (2002-03)

Jane K. Winn, Social Networks and Electronic Commerce in China, 31:2 Global Economic Review 21 (2002).

Jane K. Winn, The Emperor's New Clothes: The Shocking Truth About Digital Signatures and Internet Commerce, 37 Idaho L. Rev. 353 (2001).

Jane K. Winn & James Wrathall, Who Owns the Customer? The Emerging Law of Commercial Transactions in Electronic Customer Data, 56 Bus. Law. 213 (2000).

Jane K. Winn & Robert A. Wittie, Electronic Records and Signatures under the Federal E-Sign Legislation and the UETA, 56 Bus. Law. 293 (2000).

Jane K. Winn & Mike Pullen, Esq., Despatches from the Front: Recent Skirmishes along the Frontiers of Electronic Contracting Law, in Annual Cyberspace Law Survey, 55 The Business Lawyer 455 (1999).

Jane K. Winn, The Hedgehog and the Fox: Distinguishing Public and Private Sector Approaches to Managing Risk for Internet Transactions, 51 Administrative Law Review 955 (1999) (symposium on regulation of electronic commerce).

Jane K. Winn, Couriers without Luggage: Negotiable Instruments and Digital Signatures, 49 South Carolina Law Review 739 (1998) (symposium issue on electronic commerce issues).

Jane K. Winn, Regulating the Use of the Internet in Securities Markets, 54 Business Lawyer 443 (1998).

Jane K. Winn, Open Systems, Free Markets and the Regulation of Internet Commerce, 72 Tulane L. Rev. 1179 (1998).

Jane K. Winn & Amelia Boss, Survey: The Emerging Law of Electronic Commerce, 52 Business Lawyer 1469 (1997).


Questions:
UW Conference Management
Attn: Julie Smith