Speakers List - Cyber Risk North America

Keynotes & Keynote Panelists

Robert Phelps

Director Critical Infrastructure Policy


Bob Phelps is the Director for Critical Infrastructure Policy at the Comptroller of the Currency (OCC). Bob is responsible for establishing OCC policy related to all areas of critical infrastructure, to include cyber security. He formerly served as Assistant Deputy Comptroller for Midsize Bank Supervision where he was responsible for the supervision of six midsize banks totaling over $200 billion in assets, Examiner-in-Charge of a Midsize Bank, and has also worked in community and large bank supervision.

Mr. Phelps is also a Commander in the Navy Reserve supporting the US Naval Academy and formerly as an Intelligence Officer with over 29 years of service. Bob graduated from the Naval War College in Newport, RI in 2007 and holds a BA in Economics, AS in Electronics, Naval Computer Architecture studies, as well as a focus in cyber warfare through his MBA work.



Don Anderson Jr.

Senior Vice President & CIO


Don Anderson is the Senior Vice President and Chief Information Officer (CIO) at the Federal Reserve Bank of Boston. In this capacity, he is responsible for the Federal Reserve System's Internet Cyber and Network Security services and Financial Management Technology services the Bank's IT function, Real Estate Services, and Law Enforcement units. Don is currently a member of the Bank's Executive Committee and represents the Bank on the System's CIO committee.
Prior to joining the Federal Reserve, Don was a senior consultant with Hewlett Packard (HP) Enterprise focused on the development and execution of IT transformation strategies for Fortune 500 companies. While at HP, Don successfully managed a number of multi-million dollar international programs.
He holds a BS degree from the University of Connecticut and an MBA from Bentley University, is a founding member of the Advanced Cyber Security Center (ACSC), a Board Member of the Boston CIO Leadership Association and Wall Street Technology Association (WTSA) and is an active member of the Dana Farber Leadership Council (DFLC).

James Brenneman

Assistant to the Special Agent in Charge


James Brenneman began his career as a special agent with the Secret Service in 1999 in the New York Field Office. During this time he was assigned to the New York Electronic Crimes Task Force where he investigated financial cyber-crimes and credit card fraud. He also organized protection advances for numerous foreign leaders visiting the United States.
Starting in 2006, Special Agent Brenneman served on the Presidential Protective Division under President George W. Bush and then continued on with President Barack Obama in 2009.

In 2011, Special Agent Brenneman transferred to Secret Service Headquarters, Dignitary Protective Division where he organized protective details for visiting heads of state, and provided logistical support for the United Nations General Assembly and other National Special Security Events.
In 2012, James was assigned to the London Resident Office where he represented the Secret Service interests and liaised with law enforcement officials in the United Kingdom, Ireland, Iceland, Norway, Sweden, Finland and Denmark.

James was recently promoted to the Assistant to the Special Agent in Charge and returned to the New York Field Office where he supervises the New York Electronic Crimes Task Force.

James received a Bachelor of Science degree in Police Administration from Eastern Kentucky University.

Q&A with James: 

James, as our keynote speaker, please can you give us a glimpse into what you will be discussing at the upcoming annual Cyber Risk North America conference?

I will be discussing how cyber has changed the Secret Service's investigative and protective missions. The adversaries that our nation faces and the common thread among them. And the necessary collaboration that is needed to combat the growing cyber threat.

What in your opinion is going to be the biggest challenge for the cyber risk industry in 2017?

The biggest challenge for the cyber risk industry in my opinion is the persistent targeting of customer data bases in the healthcare industry, financial industry and legal firms. I also see the threat of IoT devices being compromised and used to disperse malware, ransomware and the like to increase. In Short, securing our networks against these threats has been a challenge in the past and I see that continuing in the coming year.

Which of the other sessions at Cyber Risk North America are you looking forward to?

I am looking forward to the CISO panel: Preventing another SWIFT attack.

> See the full agenda <


Howard Whyte

Chief Information Security Officer (CISO)


Howard Whyte currently serves as the FDIC's Chief Information Security Officer (CISO). Mr. Whyte has more than 20 years of information technology and security experience in the federal government, military, and private sector.
Most recently, Mr. Whyte led the global Threat Management Center at Goldman Sachs, focusing on cybersecurity detection, protection, response, and recovery capabilities. Previously, Mr. Whyte was at NASA, where he served as the acting CISO, Deputy CISO, and an information technology specialist.
Earlier in his career, Mr. Whyte was a Senior Information Assurance Officer in the U.S. Army Network Enterprise Technology Command (NETCOM and Defense Information Systems Agency), a telecommunications manager at Interim HealthCare, and a U.S. Army information management officer.
Mr. Whyte has a bachelor's degree in business management from the University of Maryland and a Master of Business Administration from the University of Phoenix.

Robert Rupp



Robert Rupp was appointed executive vice president and chief risk officer of The Hartford in October 2011. He manages the company's market, credit, insurance and operational risks across the organization.

Previously, Rupp served as executive vice president and head of Enterprise-wide Market Risk at BNY Mellon where he managed global market risk for the entire firm and its subsidiaries. Prior to that, Rupp was managing director of risk management at JP Morgan Chase where he had enterprise risk oversight for the Chief Investment Office, Chase Home Finance, and Corporate Treasury.

Earlier in his career, Rupp held senior roles with Chemical Bank and Kidder, Peabody & Co. He was also a partner at the law firm of Kutak Rock and a staff attorney at the U.S. Securities and Exchange Commission in Washington, D.C.

Rupp earned a juris doctorate from American University, Washington College of Law and a bachelor's degree in economics from Fairfield University.


Beth Rudofker

Global Head of Operational Risk Management


Beth Rudofker joined Citi on November, 2016 as the Global Head of Operational Risk Management with responsibility to manage the full range of ORM disciplines at Citi in close partnership with the Business and Regional CROs, as well as business colleagues. She is a member of the Risk Management Executive Committee.
Prior to that, Beth joined GE Capital in 2014 to lead the global ORM function where she was responsible for the design and implementation of the ORM framework in accordance with strong risk management practices. Beth also managed functional Risk groups including Third Party Risk, Fraud Risk, Records and Information Management, and IT Risk Management. Prior to GE, Beth was the Head of Corporate Operational Risk at JP Morgan where she was responsible for managing the Firm's global operational risk framework including governance, policies, standards and the capital methodology necessary to meet Basel advanced regulatory requirements. Beth has built an extensive career in financial services establishing and leading internal control functions, including Global Head of Operational Risk and Corporate Compliance at Barclays Capital and various global roles at Lehman Brothers, including Global Head of Internal Audit and Controller leadership positions.
Beth holds a Bachelor's Degree in Industrial Engineering from Northwestern University and an MBA in Finance from Columbia University.



Sheldon Cuffie



Sheldon Cuffie is vice president and chief information security officer of Northwestern Mutual. Sheldon is an industry thought-leader of 20+ years focused on enabling business outcomes through technology. In his role, he leads a group of cyber-security, information risk, enterprise privacy, and disaster recovery professionals responsible for the protection of client information across Northwestern Mutual's insurance and investment portfolios. In January 2016, he was appointed as an executive officer of Northwestern Mutual.
Prior to joining Northwestern Mutual in 2006, Sheldon served in the Wisconsin Army National Guard for nine years and worked in IT infrastructure and enterprise architecture leadership roles for Kohl's, M&I Bank, Harley-Davidson Motorcycle Company, and Abbott Laboratories.
Sheldon graduated with honors from Concordia University Wisconsin with a bachelor's of arts in Management, and later graduated with honors with a master's of science degree in Organizational Leadership from Quinnipiac University (Hamden, CT) in 2013.

Joshua A. Kotok

Chief Risk and Compliance Officer


Joshua Kotok is the Chief Risk and Compliance Officer at First Savings Mortgage Corporation. Joshua is an accomplished executive with demonstrated performance in leading operational and technology risk management and compliance initiatives. In addition, Joshua has identified and assessed operational and information technology risk from the regulatory and audit perspectives.
Prior to joining First Savings Mortgage Corporation, Joshua was the lead examiner for ongoing monitoring and targeted examinations of Freddie Mac's Operational Risk program for the Federal Housing Finance Agency (FHFA). Joshua also served as the Senior Manager of Operational and Technology Risk for the Making Home Affordable program where he led the development of the ORM framework and all supporting components. Joshua also has prior experience as a Big Four management consultant where he led several engagements for Financial Services clients specializing in operational, technology and compliance risk reviews, governance and supporting technology implementation (GRC).
Joshua holds a Bachelor of Science degree in Information Systems from Florida State University. Joshua is a Certified Fraud Examiner (CFE) as well as a Certified Information Systems Auditor (CISA). In addition, Joshua has held numerous industry association board positions including serving as the President and Education Director of the ISACA South Florida chapter and Vice President of the iCoast CIO council. Joshua is also a past presenter for the Global Association of Risk Professionals (GARP) and the Operational Risk North America conferences.


Mandar Rege

Senior Vice President, Global Head Enterprise Technology Risk Management


Mandar has over 20 years of engineering and technology risk management experience.

Currently he is the Enterprise Head of Technology Risk Management at TD Bank Group. Previously, Mandar was the Global Lead Principal for Financial Services and the Lead Principal for Canada in Cisco's Security Services practice. In this capacity, Mandar served as the Interim Global CISO at a top-10 bank in North America with over USD 500B in assets under management across the US, Canada, Europe and Asia.

Before Cisco, Mandar was a Partner and Managing Director at Accenture where he led the Information Security Strategy, Transformation and Technology Risk Management practice for the US and Canada across industry sectors. Prior to Accenture, Mandar was in various practice leadership and client service roles at Alvarez & Marsal LLP, KPMG LLP and Ernst & Young LLP.

He is an active member of the professional community and has presented at industry forums like the RSA and IAPP Conferences. Additionally, he is an Adjunct Professor at New York University and served as the Chair of the Canadian Banking Association's CIRT (CISO Forum). He holds the CISSP, CIPP, CISA, and PMP certifications.


Ivan Pooran

Head of Operational Risk


Ivan is a seasoned Risk Manager, with diverse Business and Geographical experiences.

Ivan is currently VP at Guardian Life of America, where he leads the firms Operational Risk function. He is a member of the Corporate Risk Committee and is also responsible for Third Party Risk and Business Resiliency. More recently he was Chief Operational Risk Officer at Santander Bank US Holdings, where he had responsibility for the Operational Risk, Third Party Risk, Business Continuity and Information Management Programs. His primary focus at Santander was developing a Risk program in preparation for the Regulatory CCAR exam.

Prior to his role at Santander he was at GE Capital for close to four years as Managing Director-Head of Enterprise and Operational Risk for GE Capital Americas. In this role he had responsibility for Operational Risk, Governance, Risk & Control Assessments and Records Management. His primary objective was to develop a program that would make meaningful impact towards a cultural shift in Operational Risk Management.

Before GE he was at Citigroup for close to 21 years in multiple roles. His last role at Citi was as Global Head of Operational Risk for the Consumer and Commercial bank and was directly accountable for defining the framework and strategy for Operational Risk and in preparing the Bank for Basel AMA Compliance.

During the period of 2003-2010, Ivan held several roles in Europe and the Middle East, first as Audit Director for the Consumer Bank (based in Belgium), then as Country Risk Officer for Spain (based in Spain) and also Regional Credit Officer for Spain and Portugal. As a Senior Credit Officer he successfully managed the prelude and 1st phase of the economic crisis in Spain and Portugal.

Prior to his time in Europe, Ivan was with Banco Santander in Sao Paolo Brazil, where he was Business Manager for the Mid-Small Market segment. Other roles include Citi Bank CRO in Brazil, Venezuela and Colombia.


Mike Leking

Business Information Security Officer


Mike Leking is the U.S. Bank Business Line Information Security Officer (BISO) for Wholesale Banking and Wealth Management and Securities Services. In this role, Mike serves the Chief Risk Officers and risk management teams to ensure Information Systems Security enables both strategic and immediate requirements for each Business Line.
Prior to joining U.S. Bank, Mike spent seven years at the Department of Homeland Security component responsible for securing federal civilian, state and local government and critical infrastructure networks, as well as for coordinating cyber incident response. In 2012, Mike was deployed to Boston, MA to serve as DHS' Cyber Security Advisor for New England. Mike provided direct coordination, outreach, and regional support and assistance in the protection of cyber components essential to the nations critical infrastructure and key resources. In this role, Mike worked extensively with regional partners and had the opportunity to brief three New England Governors, Senators, Congressmen, Boards of Directors, CIOs/CISOs, and other state Commissioners on the prevalence of cyber threat and DHS' roles and responsibilities in this space. Mike was also instrumental in conducting cyber security assessments (resilience-based and controls-based evaluations) for private sector and state/local partners throughout the country.

Before DHS, Mike was a consultant at Booz Allen Hamilton supporting numerous Government clients and gained extensive experience with FISMA, certification & accreditation, security tests and evaluations, and other Government compliance requirements. He is a CISSP, CISM, and PMP with a Bachelors degree in Computer Information Systems.

John J. Doherty

Partner, Information Technology Advisory Services


John Doherty is a partner in Ernst & Young's Information Technology Advisory practice with over 27 years of experience in the financial services industry managing information technology (IT) matters for international companies. He has extensive experience in IT risk management, information security, privacy, regulatory compliance, IT governance, technology operations, and project management. John is the Global leader of IT Risk Management for Ernst & Young.

Selected Major Projects

 John leverages advanced skills in business, accounting, and technology to bring valuable capabilities required for approaching information security, compliance, and other technology projects from a business perspective. He can understand and apply his regulatory insight to business processes, controls, compliance, risk management, governance, reporting, and technology.

 John has managed and overseen various BHC reporting initiatives. John has assisted newly approved BHCs in various capacities, including examination readiness projects such as product control and report specific examinations and gap assessments. He has lead a multi-year implementation of a vendor reporting tool for implementation of the FR Y-9C, FFIEC 031, and hundreds of entity reports (FR Y-11/ 2314).

 John has lead for several high-profile global banking and hedge fund projects designing technology architectures, information protection programs and capability maturity models (CMM) for security technologies based on ISO 17799, NIST 800 series, and FFIEC Information Security Guidelines. Developed a FSI Industry Benchmarks based on the CMM.

 He executed many regulatory and risk management engagements for broker dealers, investment banks, and banks and their subsidiary companies. He has been involved in assisting clients in their regulatory and industry compliance and control issues related to COSO, FDICIA, IEEE, SEC Automated Review Policy, SEC Derivatives Policy Group, FFIEC, Bank of England, Financial Supervisory Authorities (FSA) EBK Reporting, and other regulators within the financial services industry.

 Managed GRC technology enablement design and implementation effort for leadings global organizations. The project objectives are to streamline their global IT Governance Framework and the assessment processes that support the compliance efforts for the information technology division. The technical design encompasses the global footprint of the organization and the many challenges multiple language support and different cultures can present.

 Managing IT Risk Governance Assessment projects for broker dealers, investment banks, and banks. He has experience with IT Risk Management Program and framework; design of the IT Risk Management future state; development of a Strategic plan and roadmap for achievement of future state - including areas such as, business requirements, governance, policies and standards, risk identification, KRIs, risk processes risk tools and technology, compliance, monitoring and reporting, training and awareness programs. The risk and control framework component were based off of leading practices and a combination of standards (COSO, COBIT, ISO27001 & 17799, ITIL,SEI, GAPP,FFIEC Handbooks).

 He is experienced in performing technology assessments and remediation projects for organizations implementing new staffing models for the broker dealer and banking organizations. He has experience with outsourcing/out-tasking programs and frameworks; designing of the outsourcing future state; development of a implementations plans and roadmaps - including areas such as, business requirements, governance, policies and standards, risk identification, KRIs, monitoring and reporting, training, and awareness programs.



Jack Freund

Senior Manager, Cyber Risk


Dr. Jack Freund is a leading voice in Information Risk measurement and management with experience across many industry segments. Jack is currently Senior Manager, Cyber Risk & Controls at TIAA-CREF. Jack was awarded a Doctorate in Information Systems and holds the CISSP, CISA, CISM, and CRISC designations. Jack is the coauthor of Measuring and Managing Information Risk: A FAIR Approach. You can follow all Jack's work and writings at riskdr.com.

Peter Keenan

Chief Information Security Officer


Peter is currently the Chief Information Security Officer at Lazard where he is responsible for the global information security strategy and program at one of the world's preeminent financial advisory and asset management firms with operations in 43 cities across 27 countries. Prior to Lazard, Peter was with Citigroup's global information security team. His most recent role at Citi was the Head of Information Risk Governance, where he led the team that is responsible for developing and maintaining Information Security Policy globally. Prior to his 5 year tenure with Citi, Peter had 19 years of experience in information security and technology. This included 6 years as a Director with PricewaterhouseCoopers' Threat and Vulnerability Management advisory practice. He also spent over a decade managing his own consultancy that specialized in designing, building, and operating secure high availability data centers and networks around the world for military, intelligence, and commercial clients.
His certifications include:
Certified Information Systems Security Professional (CISSP)
Certified Ethical Hacker (CEH)
Certified Anti-Money Laundering Specialist (CAMS)
Certified Fraud Examiner (CFE)
Amazon Web Services - AWS Technical Professional
Cisco Certified Network Associate (CCNA)
Cisco Certified Design Associate (CCDA)
Certified Netware Administrator (CNA)

Carrie M. Barranca

Head of Audit, Operational Risk


Carrie is an Executive Director in Group Internal Audit based in New York. She has 25 years of regulatory, BSA/AML and sanctions compliance, internal audit and credit risk management experience. Carrie joined Standard Chartered Bank in 2012 and in 2013, completed a group-risk based audit of Operational Risk comprised of five audit reports. In January 2016, Carrie was appointed the Head of Audit - Operational Risk. In her new role she developed the audit plan and scope, including country operational risk audits, conducted Group Internal Audit trainings on the Bank's operational risk methodology, performs continuous monitoring and governance activities.
Prior to 2016, Carrie led many large and thematic audits and completed a BSA/AML Group Internal Audit training deck. She has also provided input to the audit plan, continuous monitoring, and introduced and led a bi-monthly US Audit Team meeting covering such topics as lessons learned.
Carrie joined Standard Chartered New York Branch from the New York State Department of Financial Services, where she was a Senior Bank Examiner in the Foreign and Wholesale Banks Division focusing in particular on BSA/AML/Sanctions examinations. Prior to that role, Carrie worked for a number of international banking organizations in various roles ranging from BSA/AML and sanctions compliance, credit risk management and internal audit. She started her career at the Federal Reserve Bank of New York.
Carrie participates in many speaking engagements and authored two articles that were published in leading industry publications. Carrie holds a BS from St. John's University.



Nicole Eagan



As Chief Executive Officer of Darktrace, Nicole Eagan has positioned the company as an international leader in cyber defense. Nicole was named ‘Woman of the Year' at the 2016 Cyber Security Awards for successfully introducing disruptive machine learning technology to the global market. Her extensive career as a technology executive includes over 25 years of commercial and marketing experience. An expert in developing and executing strategies for high-growth businesses, Nicole helped Darktrace secure $65 million in Series C funding from KKR and led the company to 600% year-on-year growth. Under her leadership, Darktrace's innovative approach to cyber security has won over 50 awards, including World Economic Forum Technology Pioneer. The company is headquartered in San Francisco, CA and Cambridge, England and now has more than 400 employees working across 24 countries.

John Polis

Chief Operating & Technology Officer


John W. Polis is an entrepreneurial information management and business operations leader with a 20+ year track record of creating and enhancing technology enabled businesses and building platforms that allow for significant scale.
Prior to joining Star Mountain Mr. Polis was a Founding Member, COO and CTO for Visionary Access, Inc., an Investor and Business Development platform, where he oversaw sales and integrated marketing, finance and accounting, client servicing, human resources, and information technology platform development.
Prior to joining Visionary, Mr. Polis was COO and CTO for Guidepoint Global, a primary research firm and expert network serving the world's leading Institutional Investors, Private Equity Firms, Consulting Organizations, and Corporations. Brought on in 2011 with a direct turnaround mandate, Mr. Polis changed the operating culture leading positive change in process and people management along with directing significant improvements to their information technology platform guiding the company back to profitability and significant double digit growth.
Before Guidepoint, Mr. Polis served as COO and CTO for Coleman Research Group (CRG), also a primary research firm and expert network where he was recruited immediately after company secured financing. Without delay Mr. Polis led the product management and development effort on their custom built, Web based CRM, Recruiting, and Payment Processing platform - Knowledge BrokerTM - while also being responsible for overseeing all operational areas of the company including research, relationship management, compliance, human resources, and data management. CRG also had a broker dealer arm, Coleman Brokerage Group, for which Mr. Polis served as compliance officer for. During his tenure Coleman Research scaled from 5 to 140 employees worldwide and in 2009 was voted one of Crain's New York "Best Places to Work in New York City".
Earlier in Mr. Polis' career he served as a Co-founder and Executive Vice President Operations and CTO for Dotcom Distribution and Chief Information Officer for the GT Media family of companies.
Mr. Polis holds a BA in Economics from New York University, an MBA in Management from Wagner College and is FINRA Series 63, 7 and 24 licensed. He is also an adjunct at NYU where he teaches graduate level courses in Integrated Marketing Database Modeling and Management. Prior to NYU Mr. Polis was an adjunct at Touro College Graduate School of Technology where taught courses in Database Design and Modeling for Business.

Rich Richard

Cyber Security Advisor


Rich is a native Long Islander who served in the U.S. Navy from 1983 to 2003 and retired as a Data Systems Technician Chief Petty Officer. After retiring from the Navy in 2003, Rich, his wife and his twin sons moved to Chesapeake, VA where he worked at what was known then as the Naval Network Warfare Command (NAVNETWARCOM) as a Senior Cyber Security Engineer managing a team of cyber engineers and analysts that was responsible for the certification and accreditation of all Navy computer systems and networks. Most recently, Rich was the Information Systems Security Manager (ISSM) with Northrop Grumman in Bethpage, NY where he was responsible for the IT governance and cyber security compliance of 1200+ computers that processed various levels of classified information. In July of 2016, desirous to return to government service, Rich transitioned to the Department of Homeland Security where he currently serves as the Cyber Security Advisor (CSA) for FEMA Regions I & II.

Shelly Martin

Vice President Operational Risk


Shelly Martin is a Vice President in Enterprise Risk Management at State Street Corporation where she is responsible for Operational Risk Management programs, including the Scenario Analysis, Risk and Control Self-Assessment (RCSA), and Key Risk Indicator (KRI) programs. She also is responsible for the firm's Operational Risk issues management and remediation effort. Additionally, Shelly oversees State Street's Risk and Control Taxonomies. Prior to State Street, Shelly held positions in Market and Operational Risk at Morgan Stanley based in New York. Previously, Shelly managed risk for Department of Defense satellite communication programs with Booz Allen Hamilton. Shelly currently serves as a Major in the United State Air force Reserves.

Joe Portale

Solutions Architect – Cyber Security


Mr. Portale is currently with L3 Technologies has over 30 years of executive leadership, business development, program management, enterprise architect, consulting, and systems engineering, experience...25 years of this experience with Booz- Allen, Lockheed Martin, and IBM. Mr. Portale spent a substantial portion of this time helping clients in the US Government understand and deploy Cyber Security Solutions. Much of this experience was with the DoD, NSA, CIA, DIA, DISA, NRO, all of the military services and many civil agencies. Mr. Portale also has deep experience in the financial services, healthcare, and utilities sectors during his time at IBM and Mobiquity, a mobile solutions company he helped start. Mr. Portale was the Chief Information Officer for a Washington D.C.-based Corporate Investigations firm and also worked in the Information Security R&D division at NSA.

Mr. Portale regularly presents to CEOs, CTOs, CIOs, and CMOs on the importance of technology convergence (cyber security, data analytics, cloud, mobile) in today's business model and the applicability of these solutions in the client's vertical. Mr. Portale has spoken frequently on radio and at industry events, including WTOP, Mobile World Congress, CTIA Super Mobility, AFCEA, NIST, AUSA, etc. Mr. Portale was one of the commissioners on an industry panel of experts that produced a report for the White House in 2015 on the influence of technology convergence on world activities.



Nicola (Nick) Sanna

Chief Executive Officer


Nick is the COO of RiskLens, the premier cyber risk quantification company. A serial entrepreneur, Nick's passion is to help the industry close the gap that separates IT from the business and sees RiskLens as one of the companies that can help fulfill that vision. Prior to RiskLens, Nick contributed to closing that gap as CEO of Netuitive, a leading IT Operations Analytics (ITOA) software company and as CEO of e-Security, the pioneering Security Information and Event Monitoring (SIEM) company that was ultimately sold to Novell.
Earlier, Nick contributed to the growth of ASG from $9m to $150m as VP EMEA and as COO, and acted as the VP Sales and Marketing for Amplitude Int'l, the n.1 French antivirus co. at that time whose product got acquired by Symantec. Nick is a regular lecturer at universities across the US on the subject of social entrepreneurship and is an advisory board member of the business school at CUA. Nick is fluent in 5 languages and received a masters degree in Economics and Trade from the University of Rome La Sapienza.

Robert Paolino

Former CRO


I am an accomplished Risk Management professional with a solid 20 year career in Risk Management, Credit Origination, Adjudication & Regulatory Management. My career spans Executive Leadership, Relationship Management, Sales and Specialized roles in the financial services industry.
I am a driven individual who has led, managed and overseen the implementation of risk and regulatory programs in my Career. I have worked for some of the largest Canadian & International Banks and currently for one of the top 5 largest financial institutions in the world.
I have tremendous energy and passion for this industry and have continuously sought to hone my specialized skills and knowledge to the betterment of the organizations or clients with whom I have worked.
I enjoy the complexity and challenge involved in what is essentially a fundamental business service (Banking).

Shelly Martin

Vice President Operational Risk


Shelly Martin is a Vice President in Enterprise Risk Management at State Street Corporation where she is responsible for Operational Risk Management programs, including the Scenario Analysis, Risk and Control Self-Assessment (RCSA), and Key Risk Indicator (KRI) programs. She also is responsible for the firm's Operational Risk issues management and remediation effort. Additionally, Shelly oversees State Street's Risk and Control Taxonomies. Prior to State Street, Shelly held positions in Market and Operational Risk at Morgan Stanley based in New York. Previously, Shelly managed risk for Department of Defense satellite communication programs with Booz Allen Hamilton. Shelly currently serves as a Major in the United State Air force Reserves.

Ryan E. Bateman

Director- Technology


Thomas A. Fuhrman

Managing Director, Cyber Security Consulting and Advisory Services


Thomas Fuhrman is Managing Director of Cybersecurity Consulting and Advisory Services at Marsh Risk Consulting (MRC). He leads MRC's cyber risk consulting practice in North America and in international markets and works across Marsh & McLennan's operating companies on a broad range of cyber initiatives.
Tom is an experienced cybersecurity consultant with over 20 years in the business. He has served in consulting leadership roles as the president of Delta Risk, founder and president of 3tau LLC, and senior vice president and partner at Booz Allen Hamilton. He is an experienced cybersecurity consultant in the financial sector and has supported financial institutions ranging from global money center banks to large U.S. regional banks with enterprise-wide cybersecurity assessments and program strategy. He advised one of the largest banks in the world on rationalizing and structuring the cybersecurity programs of their U.S. subsidiaries in the establishment of their Intermediate Holding Company.
Tom was an active contributor to the development of the NIST Cybersecurity Framework and has advised clients and boards of directors on its implementation. He is a strong advocate of the strategic management of cyber risk at the enterprise level through cyber risk quantification.
A recognized thought leader in cybersecurity, he has presented leading ideas in cybersecurity to many audiences through diverse publication channels.
Earlier in his career, he served on the staff of the White House Office of Science and Technology Policy (OSTP) where he authored the OSTP publication CYBERNATION: The American Infrastructure in the Information Age, a landmark report on critical infrastructure protection.
Tom had a previous career in aerospace. He served a 20-plus year career in the US Air Force, is a graduate of the Air Force Test Pilot School, flew the SR-71 (the world's fastest and highest flying airplane), and served as program manager in the National Aero-Space Plan (NASP) hypersonic vehicle program office, among other accomplishments.
• MS in mechanical engineering (aeronautical), California State University
• MS in electrical engineering, Purdue University
• BS in mathematics (computer science) and BS in electrical engineering, Purdue University
• National Defense Fellowship, Fletcher School of Law and Diplomacy, Tufts University
• Graduate, US Air Force Test Pilot School
• Certified Information Systems Security Professional (CISSP)

Sandip Biswas

Vice President, Senior Business Technology Risk Officer


Sandip is a seasoned IT Risk leader focused on ensuring protection of confidentiality, integrity, and availability of enterprise assets in compliance with organizational policies, regulatory requirements and technology governance standards.

Currently he is serving in the capacity of Vice President and Senior Business Technology Risk Officer at State Street Corporation where he is responsible for overseeing the technology risk program for Global Exchange and Global Markets businesses. Sandip is also responsible for leading the effort in developing an enterprise wide technology risk acceptance process for the firm. Prior to joining State Street, Sandip was at DTCC where he was responsible for leading the initiative for developing and implementing technology risk management frameworks for third party technology, infrastructure and application assessments. Sandip has a Masters in Software Engineering from Stevens Institute of Technology and a MBA from Rutgers.


Hugh Kominars

Vice President- IT Audit Director


Hugh is responsible for the providing independent and objective assessments of State Street's enterprise-wide IT infrastructure including Cyber and Information Security, IT Architecture and Operations, Disaster Recovery, IT Vendor Management and technology-related regulatory compliance. He prepares the IT infrastructure-related audit plan for approval by the department and for the firm's board of directors. He continues to build and expand the continuous auditing function to cover existing and emerging IT control risk areas.

Hugh joined State Street from ControlCase LLC where he was responsible for designing and implementing continuous compliance and information security services for over 400 North American, EMEA and APAC clients. Prior to joining ControlCase, Hugh held a number of IT audit, assurance and engineering management positions at Ernst & Young LLP and Northrop Grumman, serving the Aerospace and Defense, Financial Services and Manufacturing industries. At Booz-Allen & Hamilton, Hugh served as a senior information security consultant for large-scale communications and information security programs within the DoD, and various federal and civilian agencies.

Hugh holds a Master of Science in Information Systems from The George Washington University and a Bachelor's of Arts from Virginia Tech.


Evan Wheeler

Director, Information Risk Management


Evan Wheeler is an expert in information security and operational risk management for organizations in many critical infrastructure sectors. Wheeler has extensive experience presenting business resilience and cyberthreat profiles to board committees, managing international teams, working directly with regulators and overseeing security operations. He is a specialist in building and running risk programs for organizations in highly regulated environments. He earned an M.S. in information assurance at Northeastern University. He also served as a Course Author and Lecturer for graduate programs at UCLA, Clark University, Northeastern University and the SANS Institute. He published a book, Security Risk Management: Building an Information Security Risk Management Program from the Ground Up.

Gideon Pell

Adjunct Faculty


Gideon Pell is a risk professional with extensive experience in building and embedding Enterprise Risk Management frameworks in large, complex financial institutions, primarily drawn from his tenure as Chief Risk Officer in a Fortune 100 company, New York Life Insurance Company, where he designed the ERM program for scratch, and was responsible to the C-¬suite, Boards of Directors and external constituencies.