This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

SnowFROC Abstract Bellis

Revision as of 18:16, 18 February 2009 by Eduprey (talk | contribs) (The Speaker: Ed Bellis VP, CISO Orbitz Worldwide)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The Presentation: Doing more with less? : Automate or Die

The harsh economic climate has hit us all in some way. Budgets are trimmed and spending is down. We are continuously asked to do more with less, but how? Certainly the attackers aren’t spending less! Our web applications continue to grow in size and complexity. So what can an InfoSec team do to become more efficient and still effectively protect our applications?

At Orbitz, our team took a hard look at where we were spending a lot of our time – the grunt work – and how we could spend less of it. After building out a fairly comprehensive vulnerability management program and using a lot of best in breed tools, we found ourselves with an overabundance of manual labor on our hands putting together the pieces of our vulnerability puzzle. After looking around the market space, we found nothing that could really help us with this growing problem. Low and behold, there’s a government set of standards now to put all this together. What the heck, let’s build it!

The Speaker: Ed Bellis VP, CISO Orbitz Worldwide

Ed Bellis is responsible for the protection and security of all information and electronic assets as well as compliance and ethics across the wide array of business units that make up Orbitz Worldwide on a global basis. These assets include Orbitz, CheapTickets, eBookers,, HotelClub, RatesToGo, AsiaHotels, and Orbitz for Business.

With over 15 years of experience in information security and technology, Ed has worked with and been involved in protecting information assets at several Fortune 500 companies. Prior to joining Orbitz, Ed served as VP of Corporate Information Security for Bank of America within their Global Corporate and Investment Banking division. His credentials also include several security technology and management roles at organizations such as Ernst & Young, Ford Motor Company, and Young & Rubicam. Ed is a CISSP, CISM, a contributor to the ISM Community, and a member of ISC2, ISACA and the Chicago chapter of the ISSA.

Ed is a frequent speaker at information security events across North America and Europe. Past talks have included venues such as The MIS Institute, The Association of Information Technology Professionals, Technology Executives Club, and the National Business Travel Association.

back to Presentation Agenda