On Demand Events

Kaelyn is the Vendor Risk Manager for Alaska USA Federal Credit Union. Kaelyn’s experience comes from her role as a Senior Risk Analyst with the Rochdale Paragon Group. She provided consultation and analysis aiding large credit unions with assessing and managing third-party risk, along with providing program implementation and audit services. Kaelyn managed third party risk management programs for three large credit unions totaling over $20B in assets. She is the Shared Assessments Best Practices Awareness Group Chair.

Sean has over 25 years’ hands-on experience of delivering IT security and GRC managed services and remains a practicing Certified Third-Party Risk Professional (CTPRP) and Assessor (CTPRA). Sean leads the DVV Solutions consultancy team in defining the operational and regulatory requirements required to deliver a robust program of risk assurance and third-party due diligence. Sean is an active member of the Shared Assessments community holding the post of co-chair of the EMEA Best Practices Steering Committee and sits on UK Steering, Global Risk, and ESG committees to provide a regional perspective into the development of Shared Assessments’ global standards and practices for third-party risk frameworks and compliance.

Bob Jones is deeply committed to contributing to the well-being of the financial services community. A well-known and sought-after expert in risk management strategy, he has 50 years of experience leading fraud risk management and risk management strategy. When not writing blogs for SharedAssessments, Bob enjoys playing with his 4 grandchildren and 2 granddogs.

Charlie Miller is a frequent speaker and a recognized expert in third party risk. His key responsibilities include expanding the Shared Assessments Third-Party Risk Management membership-driven program, facilitating thought leadership, industry vertical strategy groups, continuous monitoring / operational technology working groups, and loT research studies.

Demi Ben-Ari is a software engineer, entrepreneur, and international tech speaker. He has over 10 years of experience in building various systems both from the field of near-real-time applications and big data distributed systems. - Google Developer Expert (GDE) - Google Cloud Platform. - Co-Founder of the “Big Things” Big Data community and Google Developer Group Cloud.

Candan Bolukbas is a digital polymath and Certified Ethical Hacker. Candan fully appreciates the growing threat to digital communications and data accumulation which affects all of us. He is co-founder and chief technology officer at Black Kite, a Boston-based “security-as-a-service solutions” company. Besides being an Ethical Hacker, he is a certified secure programmer, certified incident handler, and certified computer hacking forensic investigator.

Mike Jordan is a leader in cybersecurity, third party risk, and compliance. He is passionate about bringing people together to make the right decisions for managing risk. To meet business objectives, we have to take risks. While we can’t have one without the other, we can greatly improve our chances of success by bringing the right people, processes, and technology together to effectively understand and respond to risk in a way that best fits the situation. Mike has more than 20 years in security and risk management, his experience includes designing and deploying multiple scalable and sustainable security technologies, programs, strategies, and products.

Evan Tegethoff is an information security professional focused on risk, compliance, technology, and program development. His goal is to promote the continued maturity of our industry into a discipline that holistically considers cyber security, data protection, technology, and business risk as a unified concept.

Mike Wilkes is a senior security executive with broad experience designing, building, and supporting high-availability infrastructures for the financial services, energy, travel, media, and retail sectors.

Tom is an internationally recognized subject matter expert, lecturer, writer, and blogger on third-party risk, and is the head instructor for the Certified Third-Party Risk Professional (CTPRP) certification program. He is a contributor to Future of Sourcing, blogged for the Huffington Post’s Business section, and for Government Health IT, ISACA, Risk.net, and numerous eGRC websites.

Randy is Vice-President, Global Incident Management in State Street’s Enterprise Continuity Services where he focuses on response programs as well as supporting the firm’s 3rd Party Resilience program. Prior to returning to State Street, Randy was at Charles Schwab where his roles included Managing Mainframe Database, Systems and Network, Infrastructure Audit as well as roles including lead Engineer on Technology Resilience, developing and implementing 3rd party program resilience as well as Solutions Architect for Public Cloud implementation and data center strategy.

Renee Forney is a skilled collaborator who facilitates shared insights and perspectives between business and technology stakeholders that result in successful program and project execution. She is experienced in technology leadership, strategic planning, and cyber security talent acquisition for federal and state agencies as well as the private sector.

Adam Stone, MBA, Fellow in Information Privacy (FIP), CIPM, CIPP/US, CISSP, ISSMP, HCISPP has over 30 years of business leadership experience with 20 years overseeing data privacy and security functions for pharmaceutical distribution, healthcare, insurance, financial services, and marketing organizations. As a data privacy and security expert, Adam has significant experience implementing and refining data privacy and security practices and processes and affecting sometimes-disruptive change across large organizations. He is particularly skilled in navigating complex customer-facing initiatives to guide executives towards profit-generating activities that encourage customer loyalty by focusing on trust and confidence.

Charlie Miller is a frequent speaker and a recognized expert in third party risk. His key responsibilities include expanding the Shared Assessments Third-Party Risk Management membership-driven program, facilitating thought leadership, industry vertical strategy groups, continuous monitoring / operational technology working groups, and loT research studies.

Tom Garrubba, Vice President, is an internationally recognized subject matter expert, lecturer, writer, and blogger on third-party risk, and is the head instructor for the Certified Third-Party Risk Professional (CTPRP) certification program. He is a contributor to Future of Sourcing, blogged for the Huffington Post’s Business section, and for Government Health IT, ISACA, Risk.net, and numerous eGRC websites.

John Bree is recognized as a global financial industry executive and subject matter expert with a proven track record in developing and managing Vendor & Third Party Sourcing Risk Management, AML/CTF, KYC, and Anti-Fraud programs.

Web Hull has a broad and deep knowledge of domestic and international laws, regulations, regulatory guidance, standards, and business practices. Known as an industry leader with deep experience and hands-on, practical expertise who guides companies as they seek solutions to domestic and international Privacy, Data Protection, InfoSec, & Compliance issues.

Nasser has 20+ years as a Cybersecurity, Supply Chain, and IT leader. With a focus on customer-first and team-building approaches, Fattah is able to align programs to support company strategies, regulatory requirements, and growth initiatives. He drives cybersecurity, supply chain, and IT as enablers for enterprise-wide transformation initiatives. He partners with executives to identify and select strategic external partners to deliver essential IT and cybersecurity services to the business. Nasser worked with global parent companies and subsidiaries to establish technology standards to maximize investments and operations efficacy to best support business needs and growth. Nasser has a strong, consistent record working successfully with Business and IT executives, regulators, auditors, and risk partners. Nasser also teaches cybersecurity at several colleges and is the chair for North America Shared Assessments – an industry best practices for the supply chain.

Trony has 30+ years as an IT Audit, cybersecurity, and technology leader. He is responsible for Site Assessments, PCI Compliance, and Cyber SME for Legal at the Bank. Trony is a former professor at NJIT and author of IT Audit and IT Security books.

Ron Bradley has been involved with Shared Assessments in some capacity for over 15 years. With a depth of experience building TPRM programs in financial services (Bank of America) and manufacturing (Reynolds, Trane Technologies), Ron understands how cultures and organizations drive the supply chain and third-party process. As Vice President, Ron strives to use his extensive knowledge of Third-Party Risk Management to help organizations build programs that realize the full potential of the Shared Assessments toolkit.

Philip Bennett has 15 years of experience in third party cyber risk management at top financial institutions. Some of his latest works include oversight of global assessments, assessment content, and the controls testing approach strategy. He is also the Chair of the 2022 Shared Assessments Steering Committee.

Rudy Patel is an Information Systems Security professional with experience in multiple domains of Information Technology. His most recent work focuses on the establishment of an IT Risk Management function including IT risk assessments of third parties.

Shamla Naidoo is an accomplished information security executive with more than 30 years of experience. Formerly with IBM as Managing Director and Global CISO, she was responsible for safeguarding IBM global business units and brands, accountable for IBM’s overall information security program, and providing cybersecurity strategy and thought leadership to the C-suite of IBM customers. In the decades prior to her work with IBM, Shamla held executive leadership roles in the financial, insurance, hospitality, energy, and mining sectors. She advises corporate, nonprofit, and academic boards and is an Adjunct Law Professor, developing and teaching courses in IT, cybersecurity, and privacy law. She holds degrees in information systems and economics from the University of South Africa, and a Juris Doctor degree from John Marshall Law School. Shamla also serves on the Shared Assessments Advisory Board.

Thomas Fuhrman is an experienced cybersecurity consultant with more than 20 years in the business and has served in consulting leadership roles as a senior vice president and partner at Booz Allen Hamilton, president of Delta Risk, and founder and president of 3tau LLC. His industry experience includes financial, manufacturing, education, automotive, energy and water utilities, retail, ecommerce, and others. Earlier in his career, he served on the staff of the White House Office of Science and Technology Policy (OSTP) where he focused on the then-emerging issue of Critical Infrastructure Protection. Prior to his work in Cybersecurity, Tom served in the US Air Force and was a propulsion program manager in the National Aero-Space Plane (NASP) hypersonic vehicle program office, among many other accomplishments. He holds degrees in electrical engineering and mathematics from Purdue University and mechanical engineering from California State University. He has also held a National Defense Fellowship, Fletcher School of Law and Diplomacy from Tufts University.

Charlie Miller is a frequent speaker and a recognized expert in third party risk. His key responsibilities include expanding the Shared Assessments Third-Party Risk Management membership-driven program, facilitating thought leadership, industry vertical strategy groups, continuous monitoring / operational technology working groups, and loT research studies.

Nasser has 20+ years as a Cybersecurity, Supply Chain, and IT leader. With a focus on customer-first and team-building approaches, Fattah is able to align programs to support company strategies, regulatory requirements, and growth initiatives. He drives cybersecurity, supply chain, and IT as enablers for enterprise-wide transformation initiatives. He partners with executives to identify and select strategic external partners to deliver essential IT and cybersecurity services to the business. Nasser worked with global parent companies and subsidiaries to establish technology standards to maximize investments and operations efficacy to best support business needs and growth. Nasser has a strong, consistent record working successfully with Business and IT executives, regulators, auditors, and risk partners. Nasser also teaches cybersecurity at several colleges and is the chair for North America Shared Assessments – an industry best practices for the supply chain.

Dan currently serves as CEO & Managing Partner of Echelon. With his talented colleagues, Dan has the pleasure of building and leading a team of Cybersecurity, Privacy and IT Risk Professionals that serve the business community through a number of several specialized services

Paul Poh, CISSP, CISM, CRISC is Managing Partner at Radical Security. Paul has over 25 years of technology and information security experience. Prior to Radical Security, Paul was Chief Technology Officer for a leading security ratings platform where he led multiple technology teams in building and scaling a platform that could instantaneously rate the cybersecurity posture of any company world-wide. With a background in both large Fortune 500 organizations and small successful startups, Paul was also head of information security and software architecture at the largest separately managed account processor in North America where he was responsible for the protection of over a trillion dollars in assets. He joined the account processor with the acquisition of a small highly successful provider of advanced wealth management trading tools where he designed the company’s software as a service offering. An early innovator, Paul was co-founder for a managed security services provider. He fondly recalls those years where he designed a proprietary client-server solution for remote management of an intrusion detection appliance while simultaneously implementing the 24×7 operations plan. As a regular contributor to the third-party community, Paul is a recognized leader in the educational development of third-party risk assessors. He also provides advisory CISO services for several public and private companies.

Matt Shelton is a Security Technologist with over 20 years of professional experience working in capability development, threat intelligence, security architecture, security operations, risk management and threat hunting. In current his role, he leads an intelligence-driven risk management program responsible for identifying technology risk at FireEye, prioritizing risk based on adversary intentions and capabilities, and then working with business partners around FireEye to ensure the correct mitigations are in place. As a passionate student and practitioner of cybersecurity, Mr. Shelton has spent his career advising commercial, government, and military clients on how to build intelligence-led security programs.