Speakers List - Cyber Risk North America

Keynotes & Keynote Panelists

Don Anderson Jr.

Senior Vice President & CIO


Don Anderson is the Senior Vice President and Chief Information Officer (CIO) at the Federal Reserve Bank of Boston. In this capacity, he is responsible for the Federal Reserve System's Internet Cyber and Network Security services and Financial Management Technology services the Bank's IT function, Real Estate Services, and Law Enforcement units. Don is currently a member of the Bank's Executive Committee and represents the Bank on the System's CIO committee.
Prior to joining the Federal Reserve, Don was a senior consultant with Hewlett Packard (HP) Enterprise focused on the development and execution of IT transformation strategies for Fortune 500 companies. While at HP, Don successfully managed a number of multi-million dollar international programs.
He holds a BS degree from the University of Connecticut and an MBA from Bentley University, is a founding member of the Advanced Cyber Security Center (ACSC), a Board Member of the Boston CIO Leadership Association and Wall Street Technology Association (WTSA) and is an active member of the Dana Farber Leadership Council (DFLC).

James Brenneman

Assistant to the Special Agent in Charge


James Brenneman began his career as a special agent with the Secret Service in 1999 in the New York Field Office. During this time he was assigned to the New York Electronic Crimes Task Force where he investigated financial cyber-crimes and credit card fraud. He also organized protection advances for numerous foreign leaders visiting the United States.
Starting in 2006, Special Agent Brenneman served on the Presidential Protective Division under President George W. Bush and then continued on with President Barack Obama in 2009.

In 2011, Special Agent Brenneman transferred to Secret Service Headquarters, Dignitary Protective Division where he organized protective details for visiting heads of state, and provided logistical support for the United Nations General Assembly and other National Special Security Events.
In 2012, James was assigned to the London Resident Office where he represented the Secret Service interests and liaised with law enforcement officials in the United Kingdom, Ireland, Iceland, Norway, Sweden, Finland and Denmark.

James was recently promoted to the Assistant to the Special Agent in Charge and returned to the New York Field Office where he supervises the New York Electronic Crimes Task Force.

James received a Bachelor of Science degree in Police Administration from Eastern Kentucky University.

Q&A with James: 

James, as our keynote speaker, please can you give us a glimpse into what you will be discussing at the upcoming annual Cyber Risk North America conference?

I will be discussing how cyber has changed the Secret Service's investigative and protective missions. The adversaries that our nation faces and the common thread among them. And the necessary collaboration that is needed to combat the growing cyber threat.

What in your opinion is going to be the biggest challenge for the cyber risk industry in 2017?

The biggest challenge for the cyber risk industry in my opinion is the persistent targeting of customer data bases in the healthcare industry, financial industry and legal firms. I also see the threat of IoT devices being compromised and used to disperse malware, ransomware and the like to increase. In Short, securing our networks against these threats has been a challenge in the past and I see that continuing in the coming year.

Which of the other sessions at Cyber Risk North America are you looking forward to?

I am looking forward to the CISO panel: Preventing another SWIFT attack.

> See the full agenda <


Howard Whyte

Chief Information Security Officer (CISO)


Howard Whyte currently serves as the FDIC's Chief Information Security Officer (CISO). Mr. Whyte has more than 20 years of information technology and security experience in the federal government, military, and private sector.
Most recently, Mr. Whyte led the global Threat Management Center at Goldman Sachs, focusing on cybersecurity detection, protection, response, and recovery capabilities. Previously, Mr. Whyte was at NASA, where he served as the acting CISO, Deputy CISO, and an information technology specialist.
Earlier in his career, Mr. Whyte was a Senior Information Assurance Officer in the U.S. Army Network Enterprise Technology Command (NETCOM and Defense Information Systems Agency), a telecommunications manager at Interim HealthCare, and a U.S. Army information management officer.
Mr. Whyte has a bachelor's degree in business management from the University of Maryland and a Master of Business Administration from the University of Phoenix.

Robert Phelps

Director Critical Infrastructure Policy


Bob Phelps is the Director for Critical Infrastructure Policy at the Comptroller of the Currency (OCC). Bob is responsible for establishing OCC policy related to all areas of critical infrastructure, to include cyber security. He formerly served as Assistant Deputy Comptroller for Midsize Bank Supervision where he was responsible for the supervision of six midsize banks totaling over $200 billion in assets, Examiner-in-Charge of a Midsize Bank, and has also worked in community and large bank supervision.

Mr. Phelps is also a Commander in the Navy Reserve supporting the US Naval Academy and formerly as an Intelligence Officer with over 29 years of service. Bob graduated from the Naval War College in Newport, RI in 2007 and holds a BA in Economics, AS in Electronics, Naval Computer Architecture studies, as well as a focus in cyber warfare through his MBA work.



Robert Rupp



Robert Rupp was appointed executive vice president and chief risk officer of The Hartford in October 2011. He manages the company's market, credit, insurance and operational risks across the organization.

Previously, Rupp served as executive vice president and head of Enterprise-wide Market Risk at BNY Mellon where he managed global market risk for the entire firm and its subsidiaries. Prior to that, Rupp was managing director of risk management at JP Morgan Chase where he had enterprise risk oversight for the Chief Investment Office, Chase Home Finance, and Corporate Treasury.

Earlier in his career, Rupp held senior roles with Chemical Bank and Kidder, Peabody & Co. He was also a partner at the law firm of Kutak Rock and a staff attorney at the U.S. Securities and Exchange Commission in Washington, D.C.

Rupp earned a juris doctorate from American University, Washington College of Law and a bachelor's degree in economics from Fairfield University.


Janet Lerch

Chief Continuity and Technology Risk Officer


Janet Lerch has over 25 years of experience in the information technology and financial services industries. Janet joined U.S. Bank in May 2006 as Vice President in the Information Technologies group. She is currently the Senior Vice President, Chief Continuity & Technology Risk Officer responsible for Enterprise Business Continuity, Disaster Recovery, Crisis Management and Technology Risk.

She earned an undergraduate degree from the University of Minnesota. She is currently on the Board of Directors of Hammer Residences, and the Greater Minneapolis Crisis Nursery. She lives in Edina, MN with her husband and two children.


Joshua A. Kotok

Chief Risk and Compliance Officer


Joshua Kotok is the Chief Risk and Compliance Officer at First Savings Mortgage Corporation. Joshua is an accomplished executive with demonstrated performance in leading operational and technology risk management and compliance initiatives. In addition, Joshua has identified and assessed operational and information technology risk from the regulatory and audit perspectives.
Prior to joining First Savings Mortgage Corporation, Joshua was the lead examiner for ongoing monitoring and targeted examinations of Freddie Mac's Operational Risk program for the Federal Housing Finance Agency (FHFA). Joshua also served as the Senior Manager of Operational and Technology Risk for the Making Home Affordable program where he led the development of the ORM framework and all supporting components. Joshua also has prior experience as a Big Four management consultant where he led several engagements for Financial Services clients specializing in operational, technology and compliance risk reviews, governance and supporting technology implementation (GRC).
Joshua holds a Bachelor of Science degree in Information Systems from Florida State University. Joshua is a Certified Fraud Examiner (CFE) as well as a Certified Information Systems Auditor (CISA). In addition, Joshua has held numerous industry association board positions including serving as the President and Education Director of the ISACA South Florida chapter and Vice President of the iCoast CIO council. Joshua is also a past presenter for the Global Association of Risk Professionals (GARP) and the Operational Risk North America conferences.

Beth Rudofker

Global Head of Operational Risk Management


Beth Rudofker joined Citi on November, 2016 as the Global Head of Operational Risk Management with responsibility to manage the full range of ORM disciplines at Citi in close partnership with the Business and Regional CROs, as well as business colleagues. She is a member of the Risk Management Executive Committee.
Prior to that, Beth joined GE Capital in 2014 to lead the global ORM function where she was responsible for the design and implementation of the ORM framework in accordance with strong risk management practices. Beth also managed functional Risk groups including Third Party Risk, Fraud Risk, Records and Information Management, and IT Risk Management. Prior to GE, Beth was the Head of Corporate Operational Risk at JP Morgan where she was responsible for managing the Firm's global operational risk framework including governance, policies, standards and the capital methodology necessary to meet Basel advanced regulatory requirements. Beth has built an extensive career in financial services establishing and leading internal control functions, including Global Head of Operational Risk and Corporate Compliance at Barclays Capital and various global roles at Lehman Brothers, including Global Head of Internal Audit and Controller leadership positions.
Beth holds a Bachelor's Degree in Industrial Engineering from Northwestern University and an MBA in Finance from Columbia University.



Linda Vanderburgt

Head of Operational Risk, Advisory and Oversight, Personal and Commercial Banking and RBC Insurance, Group Risk Management


Linda Vanderburgt is Senior Director, Group Risk Management Operational Risk at the Royal Bank of Canada (RBC). She has spent over 30 years with RBC, holding a variety of roles in retail banking, commercial lending and risk management. In her current role, Linda provides 2nd line of defense oversight and advisory for Personal & Commercial Banking, covering operations in Canada, North Carolina and the Caribbean, as well as for the Insurance business unit of the bank.

Linda holds a Master's degree in Business Administration from the Schulich School of Business at York University and was previously a director on the board of the Toronto Chapter of the Risk Management Association. Linda was previously a panelist at the Operational Risk North America conference in 2015 and has been a past presenter at several Insolvency and Restructuring conferences. She is also a Fellow of the Institute of Canadian Bankers.



Mandar Rege

Senior Vice President, Global Head Enterprise Technology Risk Management


Mandar has over 20 years of engineering and technology risk management experience.

Currently he is the Enterprise Head of Technology Risk Management at TD Bank Group. Previously, Mandar was the Global Lead Principal for Financial Services and the Lead Principal for Canada in Cisco's Security Services practice. In this capacity, Mandar served as the Interim Global CISO at a top-10 bank in North America with over USD 500B in assets under management across the US, Canada, Europe and Asia.

Before Cisco, Mandar was a Partner and Managing Director at Accenture where he led the Information Security Strategy, Transformation and Technology Risk Management practice for the US and Canada across industry sectors. Prior to Accenture, Mandar was in various practice leadership and client service roles at Alvarez & Marsal LLP, KPMG LLP and Ernst & Young LLP.

He is an active member of the professional community and has presented at industry forums like the RSA and IAPP Conferences. Additionally, he is an Adjunct Professor at New York University and served as the Chair of the Canadian Banking Association's CIRT (CISO Forum). He holds the CISSP, CIPP, CISA, and PMP certifications.


Ivan Pooran

Head of Operational Risk


Ivan is a seasoned Risk Manager, with diverse Business and Geographical experiences.

Ivan is currently VP at Guardian Life of America, where he leads the firms Operational Risk function. He is a member of the Corporate Risk Committee and is also responsible for Third Party Risk and Business Resiliency. More recently he was Chief Operational Risk Officer at Santander Bank US Holdings, where he had responsibility for the Operational Risk, Third Party Risk, Business Continuity and Information Management Programs. His primary focus at Santander was developing a Risk program in preparation for the Regulatory CCAR exam.

Prior to his role at Santander he was at GE Capital for close to four years as Managing Director-Head of Enterprise and Operational Risk for GE Capital Americas. In this role he had responsibility for Operational Risk, Governance, Risk & Control Assessments and Records Management. His primary objective was to develop a program that would make meaningful impact towards a cultural shift in Operational Risk Management.

Before GE he was at Citigroup for close to 21 years in multiple roles. His last role at Citi was as Global Head of Operational Risk for the Consumer and Commercial bank and was directly accountable for defining the framework and strategy for Operational Risk and in preparing the Bank for Basel AMA Compliance.

During the period of 2003-2010, Ivan held several roles in Europe and the Middle East, first as Audit Director for the Consumer Bank (based in Belgium), then as Country Risk Officer for Spain (based in Spain) and also Regional Credit Officer for Spain and Portugal. As a Senior Credit Officer he successfully managed the prelude and 1st phase of the economic crisis in Spain and Portugal.

Prior to his time in Europe, Ivan was with Banco Santander in Sao Paolo Brazil, where he was Business Manager for the Mid-Small Market segment. Other roles include Citi Bank CRO in Brazil, Venezuela and Colombia.


Mike Leking

Business Information Security Officer


Mike Leking is the U.S. Bank Business Line Information Security Officer (BISO) for Wholesale Banking and Wealth Management and Securities Services. In this role, Mike serves the Chief Risk Officers and risk management teams to ensure Information Systems Security enables both strategic and immediate requirements for each Business Line.
Prior to joining U.S. Bank, Mike spent seven years at the Department of Homeland Security component responsible for securing federal civilian, state and local government and critical infrastructure networks, as well as for coordinating cyber incident response. In 2012, Mike was deployed to Boston, MA to serve as DHS' Cyber Security Advisor for New England. Mike provided direct coordination, outreach, and regional support and assistance in the protection of cyber components essential to the nations critical infrastructure and key resources. In this role, Mike worked extensively with regional partners and had the opportunity to brief three New England Governors, Senators, Congressmen, Boards of Directors, CIOs/CISOs, and other state Commissioners on the prevalence of cyber threat and DHS' roles and responsibilities in this space. Mike was also instrumental in conducting cyber security assessments (resilience-based and controls-based evaluations) for private sector and state/local partners throughout the country.

Before DHS, Mike was a consultant at Booz Allen Hamilton supporting numerous Government clients and gained extensive experience with FISMA, certification & accreditation, security tests and evaluations, and other Government compliance requirements. He is a CISSP, CISM, and PMP with a Bachelors degree in Computer Information Systems.

John J. Doherty

Partner, Information Technology Advisory Services


John Doherty is a partner in Ernst & Young's Information Technology Advisory practice with over 27 years of experience in the financial services industry managing information technology (IT) matters for international companies. He has extensive experience in IT risk management, information security, privacy, regulatory compliance, IT governance, technology operations, and project management. John is the Global leader of IT Risk Management for Ernst & Young.

Selected Major Projects

 John leverages advanced skills in business, accounting, and technology to bring valuable capabilities required for approaching information security, compliance, and other technology projects from a business perspective. He can understand and apply his regulatory insight to business processes, controls, compliance, risk management, governance, reporting, and technology.

 John has managed and overseen various BHC reporting initiatives. John has assisted newly approved BHCs in various capacities, including examination readiness projects such as product control and report specific examinations and gap assessments. He has lead a multi-year implementation of a vendor reporting tool for implementation of the FR Y-9C, FFIEC 031, and hundreds of entity reports (FR Y-11/ 2314).

 John has lead for several high-profile global banking and hedge fund projects designing technology architectures, information protection programs and capability maturity models (CMM) for security technologies based on ISO 17799, NIST 800 series, and FFIEC Information Security Guidelines. Developed a FSI Industry Benchmarks based on the CMM.

 He executed many regulatory and risk management engagements for broker dealers, investment banks, and banks and their subsidiary companies. He has been involved in assisting clients in their regulatory and industry compliance and control issues related to COSO, FDICIA, IEEE, SEC Automated Review Policy, SEC Derivatives Policy Group, FFIEC, Bank of England, Financial Supervisory Authorities (FSA) EBK Reporting, and other regulators within the financial services industry.

 Managed GRC technology enablement design and implementation effort for leadings global organizations. The project objectives are to streamline their global IT Governance Framework and the assessment processes that support the compliance efforts for the information technology division. The technical design encompasses the global footprint of the organization and the many challenges multiple language support and different cultures can present.

 Managing IT Risk Governance Assessment projects for broker dealers, investment banks, and banks. He has experience with IT Risk Management Program and framework; design of the IT Risk Management future state; development of a Strategic plan and roadmap for achievement of future state - including areas such as, business requirements, governance, policies and standards, risk identification, KRIs, risk processes risk tools and technology, compliance, monitoring and reporting, training and awareness programs. The risk and control framework component were based off of leading practices and a combination of standards (COSO, COBIT, ISO27001 & 17799, ITIL,SEI, GAPP,FFIEC Handbooks).

 He is experienced in performing technology assessments and remediation projects for organizations implementing new staffing models for the broker dealer and banking organizations. He has experience with outsourcing/out-tasking programs and frameworks; designing of the outsourcing future state; development of a implementations plans and roadmaps - including areas such as, business requirements, governance, policies and standards, risk identification, KRIs, monitoring and reporting, training, and awareness programs.



Jack Freund

Senior Manager, Cyber Risk


Dr. Jack Freund is a leading voice in Information Risk measurement and management with experience across many industry segments. Jack is currently Senior Manager, Cyber Risk & Controls at TIAA-CREF. Jack was awarded a Doctorate in Information Systems and holds the CISSP, CISA, CISM, and CRISC designations. Jack is the coauthor of Measuring and Managing Information Risk: A FAIR Approach. You can follow all Jack's work and writings at riskdr.com.

Jack Jones

EVP Research & Development


Jack is one of the foremost authorities in the field of information risk management. As the Chairman of the FAIR Institute and co-founder and EVP R&D at RiskLens, he continues to lead the way in developing effective and pragmatic ways to manage and quantify information risk. As a three time Chief Information Security Officer (CISO) with forward-thinking financial institutions such as Nationwide Insurance, Huntington Bank and CBC Innovis, he received numerous recognitions for his work, including: the ISSA Excellence in the Field of Security Practices award in 2006; a finalist award for the Information Security Executive of the Year, Central US in 2007; and the CSO Compass Award in 2012, for advancing risk management within the profession. Prior to that, his career included assignments in the military, government intelligence, consulting, as well as the financial and insurance industries. Jack is the author of FAIR, the only international standard VaR model for cybersecurity and enterprise technology. A sought-after thought leader, he recently published 'Measuring and Managing Information Risk: A FAIR Approach', which was recently inducted into the Cyber Security Canon as a "must read" within the profession, and is a regular speaker at industry conferences.

Peter Keenan

Chief Information Security Officer


Peter is currently the Chief Information Security Officer at Lazard where he is responsible for the global information security strategy and program at one of the world's preeminent financial advisory and asset management firms with operations in 43 cities across 27 countries. Prior to Lazard, Peter was with Citigroup's global information security team. His most recent role at Citi was the Head of Information Risk Governance, where he led the team that is responsible for developing and maintaining Information Security Policy globally. Prior to his 5 year tenure with Citi, Peter had 19 years of experience in information security and technology. This included 6 years as a Director with PricewaterhouseCoopers' Threat and Vulnerability Management advisory practice. He also spent over a decade managing his own consultancy that specialized in designing, building, and operating secure high availability data centers and networks around the world for military, intelligence, and commercial clients.
His certifications include:
Certified Information Systems Security Professional (CISSP)
Certified Ethical Hacker (CEH)
Certified Anti-Money Laundering Specialist (CAMS)
Certified Fraud Examiner (CFE)
Amazon Web Services - AWS Technical Professional
Cisco Certified Network Associate (CCNA)
Cisco Certified Design Associate (CCDA)
Certified Netware Administrator (CNA)

Carrie M. Barranca

Head of Audit, Operational Risk


Carrie is an Executive Director in Group Internal Audit based in New York. She has 25 years of regulatory, BSA/AML and sanctions compliance, internal audit and credit risk management experience. Carrie joined Standard Chartered Bank in 2012 and in 2013, completed a group-risk based audit of Operational Risk comprised of five audit reports. In January 2016, Carrie was appointed the Head of Audit - Operational Risk. In her new role she developed the audit plan and scope, including country operational risk audits, conducted Group Internal Audit trainings on the Bank's operational risk methodology, performs continuous monitoring and governance activities.
Prior to 2016, Carrie led many large and thematic audits and completed a BSA/AML Group Internal Audit training deck. She has also provided input to the audit plan, continuous monitoring, and introduced and led a bi-monthly US Audit Team meeting covering such topics as lessons learned.
Carrie joined Standard Chartered New York Branch from the New York State Department of Financial Services, where she was a Senior Bank Examiner in the Foreign and Wholesale Banks Division focusing in particular on BSA/AML/Sanctions examinations. Prior to that role, Carrie worked for a number of international banking organizations in various roles ranging from BSA/AML and sanctions compliance, credit risk management and internal audit. She started her career at the Federal Reserve Bank of New York.
Carrie participates in many speaking engagements and authored two articles that were published in leading industry publications. Carrie holds a BS from St. John's University.



Nicole Eagan



As Chief Executive Officer of Darktrace, Nicole Eagan has positioned the company as an international leader in cyber defense. Nicole was named ‘Woman of the Year' at the 2016 Cyber Security Awards for successfully introducing disruptive machine learning technology to the global market. Her extensive career as a technology executive includes over 25 years of commercial and marketing experience. An expert in developing and executing strategies for high-growth businesses, Nicole helped Darktrace secure $65 million in Series C funding from KKR and led the company to 600% year-on-year growth. Under her leadership, Darktrace's innovative approach to cyber security has won over 50 awards, including World Economic Forum Technology Pioneer. The company is headquartered in San Francisco, CA and Cambridge, England and now has more than 400 employees working across 24 countries.

John Polis

Chief Operating & Technology Officer


John W. Polis is an entrepreneurial information management and business operations leader with a 20+ year track record of creating and enhancing technology enabled businesses and building platforms that allow for significant scale.
Prior to joining Star Mountain Mr. Polis was a Founding Member, COO and CTO for Visionary Access, Inc., an Investor and Business Development platform, where he oversaw sales and integrated marketing, finance and accounting, client servicing, human resources, and information technology platform development.
Prior to joining Visionary, Mr. Polis was COO and CTO for Guidepoint Global, a primary research firm and expert network serving the world's leading Institutional Investors, Private Equity Firms, Consulting Organizations, and Corporations. Brought on in 2011 with a direct turnaround mandate, Mr. Polis changed the operating culture leading positive change in process and people management along with directing significant improvements to their information technology platform guiding the company back to profitability and significant double digit growth.
Before Guidepoint, Mr. Polis served as COO and CTO for Coleman Research Group (CRG), also a primary research firm and expert network where he was recruited immediately after company secured financing. Without delay Mr. Polis led the product management and development effort on their custom built, Web based CRM, Recruiting, and Payment Processing platform - Knowledge BrokerTM - while also being responsible for overseeing all operational areas of the company including research, relationship management, compliance, human resources, and data management. CRG also had a broker dealer arm, Coleman Brokerage Group, for which Mr. Polis served as compliance officer for. During his tenure Coleman Research scaled from 5 to 140 employees worldwide and in 2009 was voted one of Crain's New York "Best Places to Work in New York City".
Earlier in Mr. Polis' career he served as a Co-founder and Executive Vice President Operations and CTO for Dotcom Distribution and Chief Information Officer for the GT Media family of companies.
Mr. Polis holds a BA in Economics from New York University, an MBA in Management from Wagner College and is FINRA Series 63, 7 and 24 licensed. He is also an adjunct at NYU where he teaches graduate level courses in Integrated Marketing Database Modeling and Management. Prior to NYU Mr. Polis was an adjunct at Touro College Graduate School of Technology where taught courses in Database Design and Modeling for Business.

Richard Smith

Cyber Risk Advisor


Rich is a native Long Islander who served in the U.S. Navy from 1983 to 2003 and retired as a Data Systems Technician Chief Petty Officer. After retiring from the Navy in 2003, Rich, his wife and his twin sons moved to Chesapeake, VA where he worked at what was known then as the Naval Network Warfare Command (NAVNETWARCOM) as a Senior Cyber Security Engineer managing a team of cyber engineers and analysts that was responsible for the certification and accreditation of all Navy computer systems and networks. Most recently, Rich was the Information Systems Security Manager (ISSM) with Northrop Grumman in Bethpage, NY where he was responsible for the IT governance and cyber security compliance of 1200+ computers that processed various levels of classified information. In July of 2016, desirous to return to government service, Rich transitioned to the Department of Homeland Security where he currently serves as the Cyber Security Advisor (CSA) for FEMA Regions I & II.

Shelly Martin

Vice President Operational Risk


Shelly Martin is a Vice President in Enterprise Risk Management at State Street Corporation where she is responsible for Operational Risk Management programs, including the Scenario Analysis, Risk and Control Self-Assessment (RCSA), and Key Risk Indicator (KRI) programs. She also is responsible for the firm's Operational Risk issues management and remediation effort. Additionally, Shelly oversees State Street's Risk and Control Taxonomies. Prior to State Street, Shelly held positions in Market and Operational Risk at Morgan Stanley based in New York. Previously, Shelly managed risk for Department of Defense satellite communication programs with Booz Allen Hamilton. Shelly currently serves as a Major in the United State Air force Reserves.