Ricardo Lafosse is chief information security officer for The Kraft Heinz Company. Lafosse is responsible for IT risk governance, software and product security, incident management, technical disaster recovery, and determining enterprise-wide security policies and procedures. Lafosse regularly presents on security topics at global conferences, including Defcon, MirCon, and ISACA CACS. Lafosse has more than 15 years of experience in information security for the government, finance, legal, and healthcare. Lafosse holds a Master’s in Information Assurance from the Iowa State University. He also holds the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) designations.

Ricardo Lafosse


The Kraft Heinz Company


EBSCO is a diverse organization with many businesses, but it operates as one company. EBSCO manufactures steel joists, LED signs, merchandising displays, fishing lures, and three-ring binders. EBSCO is the leading provider of discovery services, databases, and other information resources and services for libraries worldwide. EBSCO is also a real estate developer, a producer of promotional products, and an insurance agency. As the Global Chief Information Security Officer, John provides leadership across a diverse portfolio of businesses balancing risk with controls.

His professional certifications have included CISA, CISM, CISSP, CRISC, which complement more than 20 years’ experience in technology. He balances this with a Bachelor of Business Administration degree in marketing from Georgia Southern University, and a Master of Science in Information Assurance (MSIA) from Norwich University in Northfield, Vermont.

John Graham

Global Chief Information Security Officer (CISO)

EBSCO Industries, Inc.



April 27-29, 2020 | Ponte Vedra Inn & Club | Ponte Vedra Beach, FL

"Evolving Definitions of Security ROI"

Since 2009 Joey Johnson has served as the Chief Information Security Officer at Premise Health, the nation’s leading provider of direct access employer sponsored health and wellness centers for employees with nearly 650 facilities across America. In 2016 Joey was recognized as the Nashville CISO of the by the Nashville Technology Council, followed by being recognized the 2017 Southeast US Security Executive of the Year, and finalist for the 2017 North America Security Executive of the Year. He served as a 2018 judge for the Technology Executives Network Southeast security executive of the year, and also at the National level as a judge for the 2018 North America Security Executive of the year for each of the healthcare, financial, retail/manufacturing, and education sectors. The Premise Health security operations team was recognized by CSO Magazine as winner of the 2018 CSO50 awards for having one of the top fifty national cybersecurity projects for the year.

At Premise Health Joey is responsible for leading all organizational efforts related to security operations and engineering, security monitoring and incident response, information technology and security compliance, identity access management, policy development, security audit, third party risk management, and physical security to meet challenging security and compliance demands. In his eight years with Premise Health, Joey has been instrumental in implementing a proactive security and risk management environment focused business alignment, organizational risk awareness, and positioning security as a business enabler that is transformative in the healthcare industry.

Prior to joining Premise Health, Joey was the Chief Security Officer for the United States Department of Commerce, Office of Computer Services. He has over 20 years of experience in the cyber-security industry including leadership roles in both the public and private sectors, with a focus on organizations in the federal government, defense, information technology, healthcare, and transportation industries.

Joey Johnson

Chief Information Security Officer

Premise Health


Michael Dierickx I

Director, Product Security Incident Response Team (PSIRT)

United Technologies Corporation (UTC)

Christine Vanderpool is the CISO for Florida Crystals, the world’s largest sugar cane refiner and the home of household names such as Domino Sugar, C&H, Redpath, Tate & Lyle Sugars, Sidul and of course Florida Crystals. Although it was never her plan to she have a career in IT, she has a proven track record as a security leader for almost 20 years. Christine has spent her career in a variety of security and IT roles including security leadership for Molson Coors Brewing Company and Kaiser Permanente. In addition, Christine writes for several online security blogs and magazines and is published in The Complete Compliance and Ethics Manual. She also enjoys speaking and educating the world on Cyber Security. She was the 2019 recipient of the Cyber Security Woman Leader of the year.

Christine Vanderpool


Florida Crystals Corporation

Michael Dierickx I

Director, PSIRT

United Technologies Corporation (UTC)

Marene N. Allison, Vice President and Chief Information Security Officer for Johnson & Johnson, is responsible for protecting the company’s Information Technology (IT) systems and data worldwide through elimination and mitigation of cybersecurity risk. This includes ensuring that the J&J information security posture supports business growth objectives, protects public trust in the J&J brand, and meets legal/regulatory requirements. With 265 companies in 60+ countries, J&J is a leader in consumer health, pharmaceutical products, and medical devices worldwide.

Prior to joining Johnson & Johnson, Marene was Chief Security Officer and Vice President for Medco, the largest pharmacy benefit manager in the United States. Marene was responsible for all aspects of the company's security, regulatory and compliance including, physical and logical security, executive protection as well as HIPPA, Payment Card Industry, Medicare and prescription fraud and IT controls.

Prior to that, Marene was with Avaya as head of Global Security where she worked on securing the World Cup network in Korea and Japan in 2002. Before joining Avaya, she was Vice President of Loss Prevention and Safety for the Great Atlantic and Pacific Tea Company. Before joining the corporate world, she served as a Special Agent in the FBI working on undercover drug operations in Newark, NJ, and also working on terrorist bombings in San Diego, CA. She developed and participated in the nuclear terrorism exercise, Compass Rose ’88, the largest mock terrorism incident exercise by the federal government.

Marene has a Bachelor of Science degree from The United States Military Academy at West Point, in the first class to include women. She has served in the US Army in the Military Police, at Ft Hood, TX, Ft Chaffee, AR and Ft McClellan, AL. She has served on the Defense Advisory Committee on Women in the Services appointed by the Secretary of Defense and the Overseas Security Advisory Committee appointed by the Secretary of State. She is a founding member of West Point Women and currently serves on their Board of Directors. Marene is married, has a son, a wonderful daughter-in-law and grandson, and lives in Bucks County, Pennsylvania.

Marene N. Allison


Johnson & Johnson


Jay is the CISO for Samsung Semiconductor, Inc., based in San Jose, CA.  Prior to his current role, Jay was a Risk Manager with the HP Global Cyber Security Team leading risk assessment efforts across the business.Jay also spent 17 years working in Cyber Security and IT in the military and government, where he spent 13 years as an active duty Marine specializing in Information Assurance and Computer Network Defense (IA/CND) and another four years as a government civilian performing computer forensics and developing Cyber policy with the Naval Criminal Investigative Service (NCIS).   While at NCIS, Jay worked as the Cyber Security Liaison to the Department of the Navy CIO, as part of the NCIS, Global Cyber Operations team, where he provided Cyber Security guidance and direction, Cyber Intelligence briefings, and updating/authoring policies and procedures related to Incident Response for the Navy and Marine Corps.  He also provided direct support in the development of the Department of Defense Critical Infrastructure Protection policies and planning.Jay also served as a Ministerial Advisor to the Afghan Ministry of Interior and was responsible for the development of an IT and Communication Education and Training program for the Afghan Police Force in 2012.

Jay Gonzales


Samsung Semiconductor, Inc.


As Chief Information Security Officer for Millicom International Cellular, John is responsible for all information security and risk management strategies, including security architecture, security operations, regulatory compliance, and business continuity for all global business lines at Millicom.

Previously, John has been the CISO for MIAX Options Exchange and Dow Jones/ The Wall Street Journal, overseeing security, risk management, and business continuity. He has held key leadership positions at several information security market leaders such as VeriSign and Guardent, as well as leading integrators such as EDS and SAIC.

A regular speaker, presenter, and panel moderator, John's experiences provide unique insight into developing and sustaining global information security programs. John is also a regular contributor to several industry publications, believing strongly in sharing his experience and giving back to the security community.

John is an active member of several Executive Boards, providing business strategy, product development, and go-to-market guidance for a number of Information Security product and service organizations.

Honors include: 2014 ISE North America Information Security Project of the Year by T.E.N.; 2013 Top 10 Breakaway Leader at the Evanta Global CISO Summit; and the 2010 ISE Northeast Information Security Executive of the Year by T.E.N.

John Masserini


Millicom (Tigo) Telecommunications


David Cass is VP Cyber & IT Risk LISCC Program and Supervision at the Federal Reserve Bank of New York. Previously Mr. Cass served as the SVP & Chief Information Security Officer for Elsevier.  Where he lead an organization of experienced legal, risk and security professionals that provided data protection, privacy, security, and risk management guidance on a global basis for Elsevier. He also served as the HIPAA officer for Elsevier.  

David has over 4.5 years of experience running a regulated FTSE 100 enterprise in the cloud.David has extensive experience in IT security, risk assessment, risk management, business continuity and disaster recovery, developing security policies and procedures. He has played a key role in leading and building corporate risk & governance and information security organizations in the financial sector. As the Senior Director of Information Security Risk and Governance for Freddie Mac, David rebuilt the risk and governance function and developed a team to provide risk assessments, methodologies, tools, services, and training to improve the organization’s capabilities and maturity.

Prior to that he was Vice President of Risk Management for JPMorgan Chase, and was responsible for providing an accurate assessment of the current risk management state, contributing to the future direction of risk management, continuity and disaster recovery capabilities for the organization. David has a MSE from the University of Pennsylvania, and a MBA from MIT.  He is also a frequent speaker at high profile industry conferences, and serves on the Board of Directors for a public corporation.  In addition, David is a member of the editorial board for The Journal of Law & Cyber Warfare.

David Cass

VP Cyber & IT Risk LISCC Program and Supervision

Federal Reserve Bank of New York