Ricardo Lafosse is chief information security officer for Morningstar. Lafosse is responsible for IT risk governance, software and product security, incident management, technical disaster recovery, and determining enterprise-wide security policies and procedures. Lafosse regularly presents on security topics at global conferences, including Defcon, MirCon, and ISACA CACS. Lafosse has more than 15 years of experience in information security for the government, finance, legal, and healthcare. Lafosse holds a Master’s in Information Assurance from the Iowa State University. He also holds the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) designations.

Ricardo Lafosse




EBSCO is a diverse organization with many businesses, but it operates as one company. EBSCO manufactures steel joists, LED signs, merchandising displays, fishing lures, and three-ring binders. EBSCO is the leading provider of discovery services, databases, and other information resources and services for libraries worldwide. EBSCO is also a real estate developer, a producer of promotional products, and an insurance agency. As the Global Chief Information Security Officer, John provides leadership across a diverse portfolio of businesses balancing risk with controls.

His professional certifications have included CISA, CISM, CISSP, CRISC, which complement more than 20 years’ experience in technology. He balances this with a Bachelor of Business Administration degree in marketing from Georgia Southern University, and a Master of Science in Information Assurance (MSIA) from Norwich University in Northfield, Vermont.

John Graham

Global Chief Information Security Officer (CISO)

EBSCO Industries, Inc.



April 27-29, 2020 | Ponte Vedra Inn & Club | Ponte Vedra Beach, FL

"Emerging Definitions of Security ROI"