This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Financial Services Panel"
Mark.bristow (talk | contribs) |
Mark.bristow (talk | contribs) (→The Panel) |
||
Line 40: | Line 40: | ||
Thien has over a decade of experience in Technology Risk and Application Security in the financial services industry. In 2001, he helped develop the first Application Risk program at a large tier one financial services firm in NYC that included an application risk assessment framework, business impact analysis, and penetration testing. Since then, he has led multiple Technology Risk programs at a leading tier one financial services firm including Application Security Testing (Static Code Analysis and Manual and Automated Penetration Testing), Metrics and Reporting (KPI/KRI analysis and development), and Systems Product Management (including online metrics portal, and issue tracking and risk catalog systems). He was also the acting lead for International off-shoring technology risk in Asia and Brazil, and served as the SME for Firm-wide Technology Systems. | Thien has over a decade of experience in Technology Risk and Application Security in the financial services industry. In 2001, he helped develop the first Application Risk program at a large tier one financial services firm in NYC that included an application risk assessment framework, business impact analysis, and penetration testing. Since then, he has led multiple Technology Risk programs at a leading tier one financial services firm including Application Security Testing (Static Code Analysis and Manual and Automated Penetration Testing), Metrics and Reporting (KPI/KRI analysis and development), and Systems Product Management (including online metrics portal, and issue tracking and risk catalog systems). He was also the acting lead for International off-shoring technology risk in Asia and Brazil, and served as the SME for Firm-wide Technology Systems. | ||
+ | ===Ajoy Kumar=== | ||
+ | Ajoy has extensive experience in designing, implementing, and managing enterprise Software Security Programs from the ground up. He is a strong believer in implementing application security by process re-engineering and implementing the technology controls over the development lifecycle. He believes application security education is core for the necessary transformation of the enterprise. | ||
+ | |||
+ | He has an MS in Security Management and EE and a BS in Computer Science. | ||
[[Category:AppSec_DC_2010_Presentations]] [[Category:OWASP_Conference_Presentations]] | [[Category:AppSec_DC_2010_Presentations]] [[Category:OWASP_Conference_Presentations]] |
Latest revision as of 20:50, 4 November 2010
Registration | Hotel | Walter E. Washington Convention Center
The Panel
- Jerry Kickenson, SWIFT (moderator)
- Mahi Dontamsetti, DTCC
- David Ritenour, Sungard
- Ajoy Kumar, JPMorgan Chase
- Joe Bernik, Fifth-Third Bank
The Panel
Jerry Kickenson (Moderator)
Jerry Kickenson is currently Principal Engineer at SWIFT (Society for Worldwide Interbank Financial Telecommunications) for the SWIFTNet portfolio. Jerry has worked for over twenty years in software development, including over fifteen years in the financial services industry, first at Citibank and now at SWIFT. Among other roles, Jerry oversees web application development and security at SWIFT for SWIFTNet operational management and Public Key Infrastructure web applications.
Joe Bernik, Fifth Third Bank
Mr. Bernik is the Chief Information Security Officer for Fifth Third Bank, responsible for protecting Fifth Third Bank and its clients’ information systems from risks. He is also responsible for defining and implementing Enterprise-wide information security strategies for the Bank.
Mr. Bernik has more than 16 years of experience as a risk professional. He has developed risk management practices, procedures and standards for several Fortune 100 companies including several global banking organizations.
Mr. Bernik currently serves as an advisor to the Federal Reserve on matters of information security and is on the steering committee of the Financial Services Sharing and Analysis Center (FS-ISAC).
Mahi Dontamsetti, DTCC
Mahi Dontamsetti is currently Director of Software Security at DTCC (Depository Trust & Clearing Corporation). DTCC handles over $ 1.8 Quadrillion in US securities, forming the bedrock for the financial industry. The software security program at DTCC is critical to DTCC’s business and the financial industry in general. Mr. Dontamsetti’s team is responsible for all aspects of software security including application risk, threat modeling, source code scanning, dynamic vulnerability analysis, education & training.
Mr. Dontamsetti in his previous roles has served as Global Head of Application Security at Barclays Capital, Chief Technologist at Lockheed Martin, CIO/Executive VP at various startups. He has authored two books on wireless communications, contributed chapters to security books and provided guidance and direction to international security standards bodies.
His volunteer activities include serving on the board of OWASP NY/NJ chapter and in the past on the advisory board of University of Maryland’s Center for Satellite and Hybrid Communications Networks.
Thien La, Sungard
Thien has over a decade of experience in Technology Risk and Application Security in the financial services industry. In 2001, he helped develop the first Application Risk program at a large tier one financial services firm in NYC that included an application risk assessment framework, business impact analysis, and penetration testing. Since then, he has led multiple Technology Risk programs at a leading tier one financial services firm including Application Security Testing (Static Code Analysis and Manual and Automated Penetration Testing), Metrics and Reporting (KPI/KRI analysis and development), and Systems Product Management (including online metrics portal, and issue tracking and risk catalog systems). He was also the acting lead for International off-shoring technology risk in Asia and Brazil, and served as the SME for Firm-wide Technology Systems.
Ajoy Kumar
Ajoy has extensive experience in designing, implementing, and managing enterprise Software Security Programs from the ground up. He is a strong believer in implementing application security by process re-engineering and implementing the technology controls over the development lifecycle. He believes application security education is core for the necessary transformation of the enterprise.
He has an MS in Security Management and EE and a BS in Computer Science.