2002 FISSEA Conference:
Speaker Biographies


Kelly Arnold
National Security Agency, National Cryptologic School

Kelly Arnold has served at the National Security Agency for 13 years. She has served in a variety of positions at both the National Cryptologic School and the Information Systems Security (INFOSEC)/Information Assurance (IA) Directorate. Ms. Arnold is currently working on the training team that directly supports the IA mission. She helps her customers identify training needs, and then designs, develops and evaluates training solutions to meet those needs.


Lewis Baskerville
Small Business Administration

Lewis Baskerville's work history covers almost 30 years of Management Information Systems experience (Government and Private Industry) as a: Contractor/Consultant, Information Systems Security Officer (ISSO) and Administrator, IRM Strategic Planning, Contract, Project and Program Manager, System Design and Developer, Developing and Coordinating Computer Security Training, Facilitating Seminars and Management Retreats.

Currently, he is employed with the Small Business Administration(SBA) as their IT Information Systems Security Manager. Other than his ISSP duties, he represents the Agency at IRM, ADP, IT meeting and conferences, Interagency IRM/IT, PKI, OICO, GIRSA, OIG, COOP and related Planning Groups and Committees.

Within SBA, he works closely the various Program Managers and various regulatory Agencies, such as: NIST, NSA, OMB, GSA, OPM, and DOI to comply with their ADP/security regulations to satisfy compliance with their reporting requirements in areas of Program Management, Information Management, Hardware, Software, and Transmission Services.

His educational background includes the following:
Advance G.C.1977 Management Information Systems - American University
Advance B.S. 1976 Technology and Administration - American University
A.A.S. 1973 Business Management - Washington Technical Institute
A.A.S. 1972 Computer Science - Washington Technical Institute (UDC)


Andrew Bernat, Ph.D.
National Science Foundation

Dr. Bernat is the Program Director of the NSF's Scholarship for Service program.


George Bieber
Defense-wide IA Program (DIAP)

Mr. Bieber currently is detailed to the Defense-wide Information Assurance Program (DIAP) Office where he is the Human Resources and Training Division Chief. In this capacity he has oversight responsibility for all aspects of the Department's IA education, training, awareness activities and IA manpower and personnel issues.

Previously Mr. Bieber was the Chief, Information Assurance (IA) Education, Training, Awareness (ETA) and Products Branch, IA Program Management Office, Defense Information Systems Agency. He provided overall guidance, and was responsible for managing the development, production and dissemination of Department of Defense (DOD) level IA training and awareness materials. This included both classroom courseware and distributive training and awareness CDs and videos.

He has been actively involved in a wide range of DoD and Federal committees, working groups and initiatives addressing IA training, professionalization and career development, critical infrastructure protection, and best security practices. He currently serves on the Executive Board of the Federal Information System Security Educators Association (FISSEA).

Previously, Mr. Bieber was an operations research analyst and program manager with the Defense Evaluation Support Activite (DESA) where he planned, implemented and conducted evaluations of joint, DoD and Federal-wide test and exercise of operational concepts.


Patricia Black
Department of Treasury

Patti Black has been with the Department of the Treasury, Office of Information Systems Security since October 1984. In 1986, Patti organized and began managing the Departmental Systems Security Awareness and Training Program. She established and chairs Treasury's Systems Security Training Forum which is composed of representatives from all Treasury bureaus. As part of the awareness program, she established and managed Treasury's Telecommunications and Information Systems Security Awards Program from 1992-1996. More recently, she led the Treasury effort to develop and implement a web-based systems security awareness course for Treasury computer users. As the Systems Security Training Manager, Patti represents the Treasury Department on various national level interagency training working groups including NSTISSC Education Training and Awareness Issues Group, Federal Information Systems Security Education Association, and the Computer Security Program Manager's Forum. Patti has participated in numerous national-level systems security training activities with the goal of improving training standards and availability throughout the government. Patti received her bachelor degree from George Mason University in 1980.


Ruth Ann Blank
National Security Agency


Susan Boaz
U. S. Department of Veterans Affairs

As a member of the highly visible PC Adaptive Training Program at the U. S. Department of Veterans Affairs, Susan brings to her work a high level of expertise in accessible software design and assistive systems training. While serving in this capacity, she is a liaison between the PC Adaptive Training Team and the VA's web page designers. She performs functions related to the development, design and implementation of accessible desktop applications and web sites.

She tests desktop applications with multiple screen reading and talking web browsers to determine which design elements are and are not accessible to the disability community. She also meets with CIO staff, contractors, software development contractors and others to discuss application problems, accessible web site design and problem elements like nonstandard controls, tables frames and other HTML constructs requiring special treatment. She makes presentations to other agencies regarding the importance of appropriate accessible software design, provides consulting and assistive systems training services to other agencies and evaluates hardware and software regarding accessibility to employees with disabilities in the federal system.

She is a member of the VA's Section 508 Advisory Committee and participates in three of its work groups to assist the Department with the provision of accessible electronic and information technologies now and in the future.

She was recently appointed to the Electronic VA Committee which will provide guidance and policies to further the electronic and information technology goals of the Department.


Barbara Cuffie
Social Security Administration

Barbara Cuffie is the Chief of the Security and Integrity Branch in the Office of Systems at the Social Security Administration's Headquarters. She is the Principal Security Officer and the Internal Control Officer for Systems. Ms. Cuffie's assists her executive management in ensuring that the information technology system (ITS) security program effectively protects the Agency's numerous ITS assets, including both data and systems. Ms. Cuffie serves as the project manager for several component-wide initiatives that are addressing a myriad of diverse security challenges related to confidentiality, integrity, authentication, non-repudiation and availability. She and her headquarters to provide management staff work closely with a network of ITS security professionals throughout SSA's reasonable assurance that the security program is fully compliant with a host of policies and governing directives.

Ms. Cuffie is an active participant in work groups that are addressing the requirements of Presidential Decision Directives 63 and 67. She frequently briefs executive management on security issues and helps to ensure that senior management receives the data they need to make informed decisions about developing and implementing specific risk mitigation strategies. For a long while, Ms. Cuffie has been instrumental in establishing and updating guidelines to assist SSA's technical personnel in incorporating security and internal controls appropriately throughout the various phases of the software development life cycle. As the Principal Security Officer in Systems, Ms. Cuffie assists in ensuring that ITS security requirements are identified and addressed in conjunction with numerous projects both under development and planned to improve SSA's service to the public through technology.

Throughout her 34-year career at SSA, Ms. Cuffie has focused on various aspects of information systems security and also actively participated in leadership positions in ITS security professional organizations. She became a CISSP in 1998 and is a past president of the Baltimore Metropolitan Chapter of the Information Systems Security Association (ISSA). In 2000 she became the Assistant Chair of the Executive Board of the Federal Information Systems Security Educators' Association (FISSEA). In March 2001, she became the Chair of the FISSEA Executive Board and now represents FISSEA on the Security Program Managers Forum sponsored by the National Institute of Standards and Technology. She still enjoys developing and occasionally teaching classes on risk management, compliance responsibilities and ITS security related topics. Ms. Cuffie is a member of the Editorial Advisory Board for SC Info Security News Magazine and is a regular contributor in the FISSEA newsletter.


Ken Cutler, CISSP, CISA
MIS Training Institute

Ken Cutler is the Managing Director of the Information Security Institute (ISI) of MIS Training Institute. His current responsibilities include: chairing major information security conferences and symposia, information security curriculum development, and serving as a speaker on a wide array of information security and audit topics. In addition to the development of ISI programs, he has personally developed numerous seminars and workshops in security management, network security and audit, and vulnerability testing.

Mr. Cutler has over 25 years of experience in information security, auditing, quality assurance, and information services. His industry experience includes insurance and financial services, natural resources, manufacturing, government contracting, consulting and training. Ken has numerous positions in IT management, including being the Chief Information Officer of a Fortune 500 company (Moore McCormack Resources) in the earlier stages of his professional career. He is an internationally recognized expert in the information security and audit fields.

Ken's current consulting and training experience was preceded by his heading company-wide information security programs for American Express Travel Related Services and Martin Marietta Data Systems. The scope of his responsibilities at each of those major corporations included: security policies and standards, awareness programs, security risk assessments, overseeing security administration, consulting services, and security technology selection.

Mr. Cutler is the primary author of the widely acclaimed Commercial International Security Requirements (CISR), which offers a commercial alternative to military security standards for system design. He has also published works on the intricacies of network security, security architecture and single sign-on. Mr. Cutler has been an active participant in international government and industry security standards initiatives including the President's Commission on Critical Infrastructure Protection, Generally Accepted System Security Principles (GSSP), Information Technology Security Evaluation Criteria (ITSEC), and the US Federal Criteria. He previously served on the Member Advisory Council for the International Information Integrity Institute (I-4) and as an Advisory Member of the ISSA Board of Directors.

A much-in-demand speaker and consultant, Mr. Cutler frequently lectures and provides hands-on consulting services in the areas of information security management and architecture, network vulnerability testing, Unix and Windows based systems, Internet and WWW network security, dial-up/remote access security, client/server security, and local area network security. He has lectured at many major industry and regional professional association events, including: 1997-2002 COMDEX shows in both the US and the Middle East.

Mr. Cutler has published works on the intricacies of information Security management, security architecture and single sign-on. In addition, he is frequently quoted in popular trade publications such as Computerworld, Communications Week, Computer Reseller, Client/Server Journal, Infoworld, Information Security, InformationWeek, HP Professional, and Bank Systems and Technology. He also serves as technical advisor on the Editorial Advisory Board of SC Magazine. Ken has been interviewed on national and local radio talk shows and was featured on Crime Talk, broadcast on the Talk America Radio Network.


Maryann Dennehy
DISA


Joan Hash
NIST

Ms. Hash is currently Group Manager for Security Management and Guidance at the National Institute of Standards and Technology (NIST) located in Gaithersburg, MD. In this role, she is responsible for developing security guidance for all civilian government agencies. In addition, she manages the agency's Computer Security Resource Center and Security Program Manager's Forum activities. Her group also participates in security assistance and outreach activities involving both the federal and private sector.

Prior to joining NIST, Ms. Hash was the Director of the Social Security Administration's (SSA) agency-wide Information Systems Security Program, which encompassed a network of 80,000 users in over 1300 sites. She held this position for 11 years making significant improvements to the overall effectiveness of the SSA Information Security Program in all areas.

Ms. Hash received numerous awards and recognition for her work in security at SSA including the agency's highest honor, the Commissioner's Citation, on 3 different occasions during her tenure as Information Security Program Manager. She has participated in numerous forums focused on information security having in depth operational and management experience at the working level.

She graduated Summa Cum Laude from Morgan State University with a B.S. in Chemistry and holds a Masters of Computer Science Degree from Johns Hopkins University. Ms. Hash also received the Certified Information Systems Security Professional (CISSP) designation in 2000.


CAPT G. Mark Hardy
USNR, Space and Naval Warfare Systems Command

G. Mark Hardy is a Captain in the United States Naval Reserve, and serves as the Commanding Officer of the Space and Naval Warfare Headquarters Unit 601 in Washington DC. In civilian life, he is a senior manager for Ernst & Young, LLP, responsible for providing information security services to major financial institutions and Fortune 500 clients in the New York City metropolitan area. His first day on the job at Ernst & Young in New York was September 11th.


Maxine Hill
General Services Administration's Center for IT Accommodation (CITA)

Maxine Hill works in the General Services Administration's Center for IT Accommodation (CITA), Office of Governmentwide Policy (OGP), in Washington, DC. CITA is nationally recognized as a source for accessible technology information services and management practices. It is the government's principal advocate and coordinator for the implementation of Section 508 -- making electronic and information technology accessible for people with disabilities. She is currently assisting the Director in response to meeting the objectives of the various projects within the Division. Prior to working at CITA, she worked with OGP's Strategic Information Technology Issues Division's IT Leaders Program through which CIO's and their staffs were facilitated in meeting their IT challenges. From 1996-2000, she was a member of the GSA Year 2000 Team that supported the Chief Information Officers Council Sub-committee on Year 2000 composed of Federal agencies who partnered to address the Year 2000 challenge. She has a Master's degree in Computer Systems Management from the University of Maryland and a Bachelor's degree in Technology and Management from the University of Maryland.


Todd M. Hinnen, Esq.
US Department of Justice, Compuer Crimes & Intellectual Property Section

Todd graduated from Amherst College in 1993 with degrees in physics and philosophy. He then attended Harvard Law School, where he focused on constitutional and intellectual property law.

Upon graduating from Harvard in 1997, Todd spent three years with the law firm of Davis Wright Tremaine in Seattle, Washington, specializing in First Amendment and Intellectual Property Law. He then accepted a clerkship with the Honorable Richard C. Tallman, United States Court of Appeals for the Ninth Circuit. Todd is now a trial attorney with the Computer Crime and Intellectual Property Section of the United States Department of Justice. He also serves as Rapportuer to the G8 Sub-Group on High-Tech Crime.


Judith Hoover
National Security Agency, National Cryptologic School

Judith Hoover has served at the National Security Agency for 14 years. She is currently the Education (EDUC) Curriculum Manager within the Staff Development Office of the National Cryptologic School. As the EDUC Curriculum Manager, Mrs. Hoover oversees the NCS Adjunct Faculty training program, mentors Adjunct Faculty members, and teaches and evaluates Education courses. Within the Staff Development Office, Mrs. Hoover designs, develops and presents training seminars to instructors and adjunct faculty to ensure continuing skills development.


Jim Litchko
Litchko & Associates, Inc.

Mr. Litchko is a senior information systems security specialist with over twenty-five years experience assessing and developing information system security (INFOSEC, also called information assurance (IA)) solutions for computer and network systems. He has held senior executive positions for special projects and business development at the two largest commercial INFOSEC companies, Secure Computing Corporation and Trusted Information Systems and the enterprise integrator, Telos, all internationally known for advance INFOSEC research and development, consulting, and network security products. During his twenty-year career as a Navy cryptologist, Mr. Litchko spent his first six years supporting operations on naval combatants and air reconnaissance platforms in the Atlantic, Pacific, and European theaters. Mr. Litchko's last five years in the Navy were in staff and technical positions in the National Security Agencies (NSA) INFOSEC Directorate and the National Computer Security Center (NCSC). His last position was Staff Chief for the Director of the NCSC. Since 1988, he has been an instructor for systems and network security for Johns Hopkins University, MIS Training Institute and the National Cryptologic School. Jim has been a keynote, presenter, and facilitator at over 30 events a year and a professional member in the National Speakers' Association. He has provided presentations to Congressional staffs, Gartner Group, Conference Board, Cambridge University, SANS Institute, Merck, CBC, ATT, Price Waterhouse, Exxon, Freddie Mac, American Society of Industrial Security (ASIS), Computer Security Institute (CSI), National Computer Security Association (NCSA), Defense Intelligence University, and Armed Forces Communications and Electronic Association (AFCEA). Mr. Litchko has chaired panels and provided INFOSEC presentations at national, international, and executive conferences.He is a formal member of the ASIS IT Security Council. A student of Ken Blanchard, Ph.D., author of the "One-Minute Manager", he holds a Masters degree in Information Systems from John Hopkins University and a Bachelors degree in Industrial Technology from Ohio University. Currently, providing management, business development, and strategic planning support for four security start-up companies.


Dr. William V. Maconachy
National Security Agency

Dr. Maconachy currently serves as the program manager of the National INFOSEC Education and Training Program (NIETP) within the National Security Agency. He is implementing a multidimensional, interagency program which provides direct support and guidance to the services, major DoD components, Federal agencies and the greater national Information Infrastructure. This program fosters the development and implementation of INFOSEC training programs, as well as graduate and undergraduate education curricula. In this capacity he serves on several national level government working groups, as well as in an advisory capacity to several universities. In this position, Dr. Maconachy is the principal architect for several national INFOSEC training standards in the classified community. Dr. Maconachy was appointed by The White House to Co-chair of the Critical Information Coordination Committee for Personnel and Training. This Committee prepared the personnel and training portion of The President's National Plan for Information Systems Protection (issued in January, 2000). In July, 2001, Dr. Maconachy's program was named as Executive Agent for The Department of Defense-wide Information Assurance Scholarship Program. In December 2001, Dr. Maconachy was awarded the prestigious Department of Defense Meritorious Service Award.

EDUCATION PH.D., UNIVERSITY OF MARYLAND
INFOSEC-RELATED POSITIONS
Department of Navy:
Developed and implemented INFOSEC training programs for users and systems maintainers. Served as Operations Officer for INFOSEC-related activities.

National Security Agency:
INFOSEC Operations Officer
INFOSEC Analyst
Senior INFOSEC Education and Training Officer

NSA PROFESSIONALIZATIONS
Information Systems Security Analyst
Education and Training Officer

ORGANIZATIONAL MEMBERSHIPS
Past Chair, National INFOSEC Education Colloquium
Co-chair, National Security Telecommunications and Information Systems Security Committee
(NSTISSC) Education, Training and Awareness Working Group
Member, Advisory Boards for Infosecurity News and the Information Security Institute
Member and Past President, Federal Information Systems Security Educators Association

Awards and Recognition (not inclusive)
Secretary of Navy Commendation
Director National Computer Security Center Commendation
FISSEA, Computer Security Educator of the Year
Chief Navy Technical Training Commendation
Director, NSA Commendation
National Communications System Commendation
White House, Letter of Commendation
Department of Defense Meritorious Service Award

Selected Publications (23 to date)

A Model for Information Assurance: An Integrated Approach. 2nd Annual IEEE Systems, Man and Cybernetics Information Assurance Workshop. West Point, June 2001.

The Human Dimension of Cyber Protection. Research Advances In Database and Information Systems Security, V. Atluri & J. Hale (Ed.)Kluwer Academic Publishers. Boston, MA. January, 2000.

INFOSEC Professionalization: A Road to be Traveled. Forum for Advancing Software
Engineering Education, Vol. 9, No. 01, January, 1999. (http://www.cs.ttu.edu/fase/V901.txt)

The Educational Domain of Information Technology Security. Proceedings, ACM Workshop on Education in Computer Security. Naval Post Graduate School. January, 1997.

National Information Infrastructure Risk Assessment: Education Sector, Principle Author. Reliability and Vulnerability Working Group. NII Task Force. Washington, DC, February, 1996.

Distributed Group Decision Support and Business Process Reengineering: Increasing Empowerment and Ennoblement. Proceedings, Defense Software Engineering Conference. Salt Lake City, Utah, March, 1995.

"Certification for Computer Security Professionals Closer to Reality with "Unified Taxonomy". Computer Security Alert. Computer Security Institute, San Francisco, California. February, 1994.

"Improving Information Security by Developing the Right Training the Right Way". Information Systems Security. Auerbach Publications, New York. April, 1994.

"Information Security: The Human Dimension." The 20th Annual Computer Security Conference Proceedings. Computer Security Institute. San Francisco, CA, November, 1993.


Thornton May
Toffler Associates

Thornton May is Chief Psychographer at Toffler Associates. [Psychography maps the Geography of the Mind - where our heads are, what we think & why we think it]. He has emerged as a trusted advisor for senior executives seeking to understand the rules, roles and 'wrongs' of the New Economy.

Thornton's insights have appeared in the Harvard Business Review (on IT strategy); The Financial Times (on IT value creation); The Wall Street Journal (on the future of the computer industry); the M.I.T. Sloan Management Review (on the future of marketing), American Demographics (on the evolving demographics of Electronic Commerce), USA Today (on the future of the consumer electronics industry), Advertising Age (the future of privacy] and Business Week (on the future of CEO direct reports) and on National Public Radio (debating the future practice of strategy with Professor Michael Porter). Thornton is a columnist at Computerworld, ROI Magazine, serves on the Advisory Board of Cycle Time Research and has served as an Advisor to the Founding Editors of Fast Company Magazine.

Thornton has established a reputation for innovation in executive education, pioneering the multi-client research working group model now used at the Harvard Business School and M.I.T. Media Lab; the Lyceum (a time-compressed, intense learning experience designed for Chief Information Officers); the Directors' Institute (a forum for technology-savvy Board members); and the Controller's Institute (arena for European Chief Financial Officers to discuss challenges associated with making technology investments).

Thornton is an executive education faculty member at the John E. Anderson Graduate School of Management at UCLA where he teaches the "Managing the Information Resource" program; the Haas School of Business at UC-Berkeley where he teaches the "Inside the IP Tornado: Silicon Valley" and Advanced Management Programs; and Carnegie-Mellon University where he is a part of the faculty team that created the "E-Commerce" program. The informed reader will note that Thornton's three faculty appointments represent 3 of the 4 institutional launch points of the Internet. Thornton serves on the Curriculum Advisory Committee at Babson College.

Thornton is probably best known not for his humorous and scathingly honest speeches or his hands-on and deeply committed approach to organizational problem solving, but for the openness and accessibility of his network. Thornton knows a lot of people who know a whole lot of things.

Thornton has served on the Executive Committee [top 14 leaders] at Cambridge Technology Partners; served as Chairman of the Board of East Asia Consultants, Inc.; Chairman of the Board of AIIM [the Association of Information and Image Management]; sat on the Board of Mixtec, Ltd. [a high-tech Dublin, Ireland based consultancy chaired by Tony O'Reilly, chairman of Heinz]; serves as the Corporate Futurist for Guardent, Inc.; serves on the Advisory Boards of MentorU.com; Fall/Spring Comdex, and iSpheres [a B2B enterprise infrastructure start-up].

Thornton has appeared before the Congress of the United States serving as an expert witness on large technology implementations and was responsible for ghost writing portions of the technology track for the 1998 Davos Conference.

Thornton is an exciting and all too rare combination of energy, erudition and entertainment; a kind of outlaw genius, whose trademark is identifying fallacies while skewering industry charlatans and pretenders with connosseurial frankness.

Toffler Associates, is the executive advisory firm founded by Alvin and Heidi Toffler [authors of include Future Shock, Third Wave, Powershift, and War and Anti-War].. Toffler Associates works closely with clients to help them create their future in a marketplace and society shaped by increased uncertainty and the fast-arriving Third Wave economy. They are well respected and well known among aerospace, government, IT, manufacturing, services, telecommunications, and other clients for the quality of their advice, their strategic development competence, the accuracy of their assessments, and their ability to help their clients achieve growth.


Vickie McCray
KPMG, LLP Risk and Advisory Services

Vickie L. McCray is a manager at KPMG's, Risk and Advisory Services partnership. She assumed this role in August 2001 and is currently managing the general and applications control review of the District of Columbia, 2001 Comprehensive Annual Financial Report - Financial Statements.

Born and raised in Chicago Illinois, Vickie is a product of the Chicago public school system. She attended Paul Lawrence Dunbar vocational high school where she had many accomplishments in her studies and vocational trade. As an honor student, Vickie was selected to represent Dunbar at the Presidential Classroom for Young Americans in Washington, D.C. Vickie chose the vocational trade of tailoring and quickly excelled in women's dress designing, a hobby that she still enjoys. In addition to sewing, Vickie also excelled at tennis, which lead to high school and city championships and a 4-year tennis scholarship to Chicago State University.

Vickie's federal government career has spanned more than 21 years. In 1979, Vickie served as an auditor with the U.S. Department of Agriculture, Office of Inspector General, Chicago. As a student in the cooperative education program, Vickie went on to not only complete the program but also continued employment with the OIG in the role of auditor and senior auditor for more than eleven years. In 1991, Ms. McCray accepted a position with the U.S. Department of State, Office of Inspector General where she served in numerous roles as senior auditor and Information Systems Security Manager. Apart from her OIG roles, Vickie also served in a ten-month detail with the Bureau of Information Resources Management, Systems and Integration Office. As the Technical Advisor she managed Configuration Management, Quality Assurance, and served as the Information System Security Officer.

For Vickie, education is a priority. In 1982, she received a Bachelors in Business and Administration - Accounting from Chicago State University. She went on to continue her education at the National Defense University, Information Resources Management College where upon graduation she received the Chief Information Officer Certification, and the General Services Administration, 1000 X 2000 Certification, in 1999. Vickie completed her graduate studies at Syracuse University in May 2001 receiving a Masters in Information Studies. Her career aspiration is to become a Chief Information Officer.

Vickie and her husband, Patrick McCray, General Accounting Office, Washington, DC., currently reside in Alexandria, Virginia.


Lynn McNulty, CISSP
McNulty and Associates

Lynn McNulty provides government affairs, business development, information security policy and program management consulting services to private and public sector clients. He previously served as the Director of Government Affairs for RSA Security from January 1997 to December 2000. During this period, Mr. McNulty was significantly involved in the lengthy policy debate over export controls on commercial encryption products. He also followed such issues as critical infrastructure protection; electronic signature legislation; healthcare security and privacy regulations; and congressional funding for and oversight of federal agency information security programs.

Prior to joining RSA Security, Mr. McNulty was an independent information security consultant following his retirement from the National Institute of Standards and Technology (NIST) in April 1995. He was appointed Associate Director for Computer Security at NIST in December 1988. His duties included policy liaison for computer security issues between NIST and other federal agencies, the Congress, and the private sector. He founded and chaired the Federal Computer Security Program Manager's Forum. Mr. McNulty transferred to NIST after serving with the Department of State as its first Director of Information Systems Security from 1980 to 1988. Prior to joining the Stated Department he served as the Computer Security Program Manager at the Federal Aviation Administration (1973-1980). He initially became involved in computer security matters while employed at the Central Intelligence Agency (1967-1973).

Mr. McNulty is a native of Oakland California, and graduated from the Berkley campus of the University of California with a Bachelor in Political Science. He also received a Master of Arts in International Relations from San Jose State University, San Jose, California, and a Master of Science in Administration from the George Washington University in Washington, DC.

He is a Certified Information Systems Security Professional (CISSP) and currently serves on the Board of Directors of the International Information Systems Security Certification Consortium, the governing body for the CISSP certification program.


Dara Murray
Dept of Health and Human Services

Dara Gordon Murray, has been the Director, ADP Security for the National Science Foundation since September 2000. She has oversight responsibility for the implementation of an agency-wide risk management and comprehensive computer security awareness training program for approximately 2000 Federal government employees and contract employees. Prior to working for NSF, she was employed for over nine years with the U.S. Department of Justice, Tax Division and the Telecommunications Services Staff. Her responsibilities included the deployment of network security for the Justice Consolidated Network, (JCN) which is the first high-speed network using asynchronous transfer mode (ATM) processing sensitive but unclassified Federal government information ever to be maintained by a public switch carrier under the Federal Telecommunications Services (FTS) contract. Due to her efforts, she has won several network security awards for technical excellence from the General Services Administration for the implementation of the JCN. She started her Federal career in 1987 as a DB2 and COBOL programmer, prior to being appointed a Computer Security Specialist at the U.S. Nuclear Regulatory Commission. Prior to 1987, she worked as a CICS programmer for the IBM Federal Systems Division in Gaithersburg, Maryland. She holds an AA in Computer Science from Montgomery College, a B.S. in Computer Science and MBA from University of Maryland, Graduate School, and will graduate in the summer of 2001 from Johns Hopkins University with a Post-Masters Certificate in Telecommunications Engineering.


James Nagle
Department of State OIG

Jim is the Director at State Department OIG. He formerly worked for Steve Dingbaum in the Office of Security and Intelligence Oversight. Graduate of AMP Program. Graduate of University of Maryland, Masters in Computer Science. CPA. Married, two children.


Stephen Northcutt
The SANS Institute

Stephen is the Director of the GIAC Training Program and is the author of several books, including Incident Handling Step-by-Step, Intrusion Detection - Shadow Style and Network Intrusion Detection - An Analyst's Handbook, as well as a contributing editor of SANS' Securing NT Step-by-Step. He was the original developer of the Shadow Intrusion Detection system and served as the leader of the Department of Defense's Shadow Intrusion Detection Team for two years.


Louis Numkin
Nuclear Regulatory Commission

Louis Numkin is a senior computer security specialist in the Office of the Chief Information Officer at the US Nuclear Regulatory Commission. His duties relate to computer security awareness training, anti-virus activities, classified inspections of nuclear plants, disaster recovery planning, computer security plan review and approval, risk assessment, and the like. Numkin volunteers in an agency outreach program to provide computer security sessions for schools (elementary through high school) and for senior citizen centers. Numkin's undergrad degree in business administration and his masters degree in Technology of Management (majoring in Management Information Systems and Computer Systems) are from the American University. Louis Numkin received the FISSEA Educator of the Year Award for 1998.


John O'Leary
Computer Security Institute

John O'Leary, CISSP, is the Director of Education for Computer Security Institute. His background spans three decades as an active practitioner in information systems security and contingency planning and includes experience in programming, operations, systems analysis, project management, auditing and quality assurance. John has designed, implemented and managed security and recovery plans for networks ranging from single site to multinational. As CSI's most requested instructor, he has trained tens of thousands of practitioners, managers and users and regularly conducts on-site programs at major corporations and government facilities worldwide. Despite this, he has never been convicted of anything really serious or run for public office.


Alan Paller, Director of Research
The SANS Institute

Alan Paller was one of the Internet leaders asked to meet with President Clinton in the aftermath of the Yahoo and eBay denial of service attacks in February of 2000. He led that group's effort in developing a consensus Roadmap to Defeating Distributed Denial of Service, and has been instrumental in the global efforts to implement that roadmap. He also was the expert called in to help the judge understand distributed denial of service attacks at the MafiaBoy trial, and has led the global effort that created the Internet's early warning systems called Internet Storm Center.

Alan founded the SANS Institute in 1992 as a cooperative research organization to deliver graduate-level education to the people who secure and manage important information systems. In 2001 more than 12,500 security professionals spent at least a week in SANS' intensive educational programs. At SANS, Alan is responsible for the research programs that have reached community-wide consensus on how to secure Windows NT, Windows 2000, LINUX, and Solaris systems as well as Cisco routers, and how to respond to computer security incidents. He also oversees the weekly and monthly digests of new security threats and solutions. The SANS community, with over 150,000 participants, represents an important asset for identifying promising security practices. It has also proven to be effective in isolating, illuminating, and (sometimes) stopping malicious practices on the Internet.

Together with Franklin Reeder, Alan also founded the not-for-profit CIO Institute, a foundation that funds technology awards programs (the Government Technology Leadership Awards) and to foster sharing of experiences among CIOs in very large organizations.

Earlier in his career, Alan was an entrepreneur who built the first large computer graphics software company which earned listing on the NASDAQ exchange and then merged it into a New York Stock Exchange company. Before that he worked for the Institute for Defense Analysis (IDA) and the Naval Ship Engineering Center. Alan also created The Data Warehousing Institute, wrote two books: The EIS Book: Information Systems for Top Managers (Dow Jones, 1990), and "How to Give The Best Presentation of Your Life (ISSCo, 1978), and chaired more than 70 national and international conferences including the CIO Perspectives conference of CIO magazine.

Alan's degrees are from Cornell University and the Massachusetts Institute of Technology.


Angel Rivera
The MITRE Corporation

Angel Rivera recently joined the MITRE corporation as a Lead InfoSec Scientist/Engineer after a 5 year tour of duty with the Federal Deposit Insurance Corporation. During his tenure at the FDIC, Mr. Rivera served as the Security Programs Section Chief where he managed numerous security programs including their PKI implementation, Risk Management Program, Computer Virus Program, Internet Security Program and their CSIRT. Prior to managing at FDIC, Angel was a Senior Computer
Scientist where he architected the FDIC virus protection infrastructure, engineered a PKI-based extranet, and performed internal and external penetration tests. In the early nineties Mr. Rivera worked for 4 years for the now defunct, Resolution Trust Corporation as a computer security specialist. His information security expertise goes back 17 years when he started working on computers as a coop student for the IRS in 1985, writing sample computer viruses to demonstrate their destructive potential.


Ed Roback
NIST

Chief of the Computer Security Division, which is part of the Information
Technology Laboratory at National Institute of Standards and Technology


Mike Robertson
Dept of Energy Office of the CIO


Corey Schou
Idaho State University


Beth Serepca
Nuclear Regulatory Commission

Beth Honey Serepca is an Audit Manager with the Nuclear Regulatory Commission's Office of the Inspector General. Ms Serepca has been with the NRC for two years and was with the Treasury OIG for 9 years prior to this.

She is completing her M.S. in Information Resources Management from Syracuse University, in Spring of 2002.

Her professional credentials include:
Certified Financial Planner
Certified Government Financial Manager

Beth has had articles published in:
The Journal of Public Inquiry 1996, 1998, and 2001
The Internal Auditors Magazine 1995


Philip Sibert
Department of Energy

Phil has been in the federal sector since June 1967. During the next 18 ½ years at the Social Security Administration he gained valuable experience as a programmer, social insurance systems analyst, and computer specialist. In 1983 Phil began working in computer security related areas at SSA, working with TopSecret access control implementation and doing risk analyses.

In January 1986 he left the SSA to move full time into computer security at the U.S. Department of Energy headquarters facility located in Germantown, Maryland. In 1988 Phil became the Department's Computer Security Program Manager for the unclassified computer security program. In 1989 he was instrumental in establishing the first federal civilian agency computer incident response capability for DOE, called the Computer Incident Advisory Capability (CIAC), located at DOE's Lawrence Livermore National Laboratory in California.

Phil has been active in numerous government-wide working groups since 1983, having participated in the first Security Educator's Symposium convened at the Fort Meade Officer's Club in 1984, a precursor to today's Federal Information Systems Security Educators' Association. He was chosen to serve on the first Federal Computer Security Program Managers Forum steering committee, his term lasting nearly three years. Phil has served on the FISSEA Board of Directors several years, and has been Chair of the Board for two years. Phil passed the ISC2 examination in December 1996 and became a Certified Information Systems Security Professional.

In October 2000 another job change occurred when Phil left the Chief Information Officer's office to accept a cyber security position on the staff of the Chief, Defense Nuclear Security, in the recently established National Nuclear Security Administration under the Department of Energy.


Brian Snow
Technical Director, Information Assurance Directorate

National Security Agency
Brian Snow is the Technical Director for the Information Assurance Directorate at the United States National Security Agency. As such, he helps define the technical direction and focus of the Organization.

In his youth, he was a mathematician who worked on engineering and computer science tasks, designing and analyzing security systems. He created cryptographic algorithms in use by the military today, found vulnerabilities both in cryptographic and computer systems, and integrated security mechanisms of various sorts into complex systems.

He holds two patents and has received many awards. He created and managed NSA's Secure Systems Design division in the 1980s. He interacts on NSA's behalf with senior technologists throughout government, industry, and academia. He has three daughters, and loves hiking and theater.


Robert F. Solomon
NASA - John H. Glenn Research Center

Title: Computer Security Education Developer, Project Manager
Organization: NASA Expert Center for Information Technology Awareness and Training

Mr. Solomon works with the Expert Center that is responsible for the identification, development, deployment, and acquisition of Information Technology Security Training products for the Agency. The target audience includes more than 70,000 NASA civil service and contractor personnel including NASA CIO's, IT Security Managers, Line and Project Managers, system administrators, and users.

Mr. Solomon is a Certified Information Systems Security Professional (CISSP), and serves on the Executive Council of the Northern Ohio Chapter of Infragard. He is also a certified training generalist.


Marianne Swanson
NIST

Marianne Swanson is a senior advisor for information technology security management in the Computer Security Division at the National Institute of Standards and Technology (NIST). She is the Chair of the Federal Computer Security Program Managers' Forum and active in the Federal CIO Council. She recently co-authored the CIO Council's Federal Information Technology Security Assessment Framework and authored the NIST Special Publication, "Security Self-Assessment Guide for Information Technology Systems." Ms. Swanson has also co-authored the NIST Special Publication, "Generally Accepted Principles and Practices for Securing Information Technology Systems," and the NIST Special Publication, "Guide for Developing Security Plans for Information Technology Systems."

In June of last year, Ms. Swanson received the Federal 100 Award for her work in developing the CIO Council Assessment Framework. For the past two years she has received the FedCIO Technology Leadership Award. In 1996, Ms. Swanson received the Industry Advisory Council Leadership and Achievement Award for promoting support mechanisms for government wide security initiatives. Also in 1996, she received the Department of Commerce Bronze Medal Award. Ms. Swanson has over twenty years of computer security experience. Prior to joining NIST, she worked as a Systems Security Specialist with the Nuclear Regulatory Commission and as a Program Analyst with the Internal Revenue Service.


William L. Tafoya,
Computer Sciences Corporation

Dr. Tafoya is a senior member of the executive staff of the Federal Sector, Defense Group for Intelligence and Law Enforcement at the Computer Sciences Corporation. He is formerly Director of the Information System Security and Education Center, Washington, DC. Prior to that he was Professor of Criminal Justice at Governors State University and before that he was Director of Research for the Office of International Criminal Justice at the University of Illinois at Chicago. He is a retired Special Agent of the Federal Bureau of Investigation.

For 12 months he served as Congressional Research Fellow for the 101st Congress (1989 - 1990). There he conducted research on the police use of high technology as well as future crime. He remains the only law enforcement officer ever selected to serve in this capacity on behalf of the U. S. Congress. Dr. Tafoya has guest lectured at numerous universities and in various venues internationally. In 1991 he founded the Society of Police Futurists International, an organization dedicated to making use of high technology and long-range planing consistent with the principles of democratic societies.

Prior to his retirement from the FBI he was assigned in Washington, DC, Quantico, Virginia, and San Francisco, California. Dr. Tafoya spent half of his career on the faculty at the FBI Academy. There he served as a member of the Investigative Computer Training Unit as well as the Behavioral Science Unit.

In 1993 he was the first law enforcement officer to make investigative use of the Internet and the World Wide Web. Dr. Tafoya served as the lead behavioral scientist on the infamous Unabomber case. His 1993 profile of this terrorist turned out to be an uncanny match of the man arrested by the FBI, Theodore Kaczynski, who in 1996 plead guilty to three murders and other bombings to escape the death penalty. U. S. News & World Report has twice featured Dr. Tafoya's accomplishments in that investigation. He also set up the FBI web site for the 1995 Oklahoma City bombing case.

He completed his Ph.D. in Criminology at the University of Maryland in 1986. Dr. Tafoya continues to be sought after for interviews by the electronic and print media. He has appeared on every major American television news program. In April 2001 he was featured in Information Security magazine. In July 2001 he co-presented a keynote address at the Black Hat Briefings, an information security specialists conference. That same week he delivered the opening day keynote address at Defcon 9, the world's largest computer hacker convention. Extensively published, his interests include intrusion detection, virtual reality, and cyberterrorism. He is a member of the National Cybercrime Training Partnership of the U. S. Department of Justice.


Marc Thompson
ISC2 Institute


William Wadsworth
GAO

William Wadsworth is an Assistant Director for Information Security at the General Accounting Office. In this capacity, he oversees the coordination of GAO personnel involved in performing internal and external tests of systems at the request of Congress. His duties as technical liaison with the GAO computer security lab include gathering network data, locating key servers, and observing internal and external tests for various network devices (e.g. routers, firewalls, switches, web servers, and application servers). Following the collection and analysis of the data by the technical team, Wadsworth ensures that both agency management and technical staff are briefed on the findings. He also assists in writing the various reports describing the results of the audit.

Prior to his joining GAO, Wadsworth held a variety of positions for various federal agencies. While at the U.S. Department of State from 1988-1998, he oversaw the domestic and overseas mainframe security program, facilitated contingency and configuration management efforts, and helped plan and implement State's intrusion detection program.

From 1978 to 1988, Wadsworth worked for various federal agencies both as a government employee and as a contractor in the areas of configuration management, database development, statistical analysis, risk analysis, and documentation management.

Wadsworth graduated from the Virginia Military Institute with Honors in 1971 and received a Ph.D. in Philosophy from Vanderbilt University in 1978. He is a Distinguished Graduate of the Advanced Management Program, Information Resources Management College, National Defense University. He has received several awards to include the Meritorious Service Medal from the U.S. Army and the U.S. Department of State Meritorious Honor Medal for work in computer security.


Mark Wilson
NIST

Since coming to NIST in 1992, Mark has worked on computer security program management issues, including program management reviews, vulnerability analyses and other risk management issues, security awareness and training, security planning, and security in the life cycle management process. Mark served as Editor for NIST Special Publication (SP) 800-16 Information Technology Security Training Requirements: A Role- and Performance-Based Model which was published in April 1998.

From August 1998 through July 1999, Mark was on detail (on loan) from NIST to the Department of Commerce's National Telecommunications and Information Administration (NTIA). He worked with Dr. Irv Pikus to develop an education and awareness program as part of the Commerce Department's Critical Infrastructure Protection (CIP) responsibility under PDD 63. In that capacity, Mark had the opportunity to work with a number of industry, academic, and federal IT Security professionals on education, training, and awareness issues.

In addition to his work with FISSEA, Mark currently serves on the Board of Directors for the National Colloquium for Information Systems Security Education (NCISSE).

Mark came to NIST from Norfolk, Virginia where he worked for ten years in the computer security field for two U.S. Navy organizations. While at the Naval Supply Center (now the Fleet and Industrial Supply Center), he developed and implemented IT Security policy, guidance, awareness and training sessions, and inspection programs for the Center's microcomputers, applications, and major systems. During his last job he served as the ADP Operations and ADP Security Director for another naval supply activity. In both jobs he developed and maintained awareness / training sessions for users, and supervisors / managers. He earned a B.A. in political science from Old Dominion University in Norfolk in 1983. Mark is a native of New Jersey and is a U.S. Navy and Vietnam Veteran.


Welcome Note | Agenda | Abstracts | Speaker Bios | General Information | Registration | Hotel
Transportation | Educator of Year Award | Contacts | Conference Homepage
FISSEA Homepage | CSRC Homepage


Last updated: April 24, 2002
Page created: February 23, 2001

Disclaimer Notice & Privacy Statement / Security Notice
Send comments or suggestions to webmaster-csrc@nist.rip
NIST is an Agency of the U.S. Commerce Department's
Technology Administration