Edward Contreras

Session Title: How to create an actionable cybersecurity strategy for the business

Abstract : Cyber executive leadership is not exclusive to technologists. Executive business leaders have an important responsibility for supporting the cybersecurity strategy of the organization. Whether you are a business, technology, or security executive, learning how to create a business-relevant cybersecurity strategy that is actionable across the organization and understood at the executive level is critical. The strategy should drive the security program, justify funding, identify the right headcount, and enable the business.

Key take aways will be:

-How to start building a strategy
-How to identify stakeholders
-How to obtain funding
-How to grow your program
-How to reduce risk
-How to enable corporate goals

25 years of Security and Risk transformation leadership through both the public and private sectors. I have guided companies through global breaches, risk transformations, complete security implementations, and program rebuilds while embracing “next-gen” security frameworks.

John Donovan

CISO, Malwarebytes ( https://www.malwarebytes.com/

Twitter: @idjohn 

Linked-in: https://www.linkedin.com/in/johnjdonovan/

John Donovan is a cyber-security, technology, and business leader based in Silicon Valley. He is an active member of the cyber-security community in the San Francisco Bay Area and beyond. John has been a speaker and participant in webinars, private security events, and conferences such as RSA Conference, defcon, BSides, Identity World, and Cornerstones of Trust.

John is passionate about developing the next generation of cyber-security engineers and leaders. He has partnered with businesses, non-profits, and educational institutions to bring security content and opportunities to students and people looking to make a career change to cyber-security. John leads the outreach efforts for the Silicon Valley Chapter of ISSA ( https://sv-issa.org/ ). He is past president and a board director for the Silicon Valley ISSA and is a member of other security groups such as OWASP. John has been active with ISSA International (https://www.issa.org/ ) and is a member of the CISO Advisory Council for the ISSA’s CISO Executive Forum.

In his day job, John builds and runs security programs and is currently head of security for Malwarebytes. Past professional positions include developing and managing Security, Risk Management, IT, and Engineering programs for Illumio, Veracode, NetApp, Xilinx, and other security and technology companies.

Caroline Wong

Session Title: Come for the Mission, Stay for the Culture


Abstract: The internet wasn’t built with security in mind, the world has a massive talent shortage, and we can’t rely on automation to solve everything.


If you’re on an information security team, I’m willing to bet you have more to do than time and resources to do it. Maybe one of your colleagues left for a new job last month, and there are two additional unfilled positions on your team. You could actually be in a position where you’re trying to do the jobs of 4 people.

Talent matters. You matter.

This talk is about preventing and addressing burnout for overworked application security professionals. It’s also about how to attract, retain, and grow a great team.

Caroline Wong is the Chief Strategy Officer at Cobalt.io. Wong’s close and practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec product manager and day-to-day leadership roles at eBay and Zynga. She teaches cybersecurity courses on LinkedIn Learning and is a member of the Forbes Technology Council. Wong was named 2019 Cyber Educator of the Year in the 6th Annual Cyberjutsu Awards. She authored the popular textbook Security Metrics: A Beginner’s Guide, published by McGraw-Hill. Wong graduated from U.C. Berkeley with a BS in electrical engineering and computer sciences and holds a certificate in finance and accounting from Stanford University Graduate School of Business.

Blake Holman

Session Title: Where Cyber Security Strategy fits in the mind of the CIO

Abstract: There is no doubt that Cyber Security Strategy is vital to every organization in today’s world. Whether the Cyber Security Strategy reports to or must collaborate with the CIO, many security leaders think they know what the CIO is thinking. Though they may be directionally correct, there is often enough misalignment to create issues. Join Blake Holman in today’s session to get into the mind of the CIO where Cyber Security Strategy is concerned and understand some of the ways the misalignment can occur and how you might be able to adjust.

Blake Holman is currently Chief Information Officer and HIPAA Security Officer at St. David’s Foundation in Austin, Texas. He has over 30 years of experience leading Information Technology Strategy, Development and Operations for several public and private companies in the Consulting, Telecommunications, Electrical Manufacturing, Financial Services and Non-Profit Healthcare industries. 

Blake holds a Bachelor of Science degree in Mechanical Engineering from Southern Methodist University, a Strategic IT Management Certificate from the Scandinavian International Management Institute and a Master of Science degree in Information Security and Assurance from Western Governor’s University. Blake holds a number of industry security certifications including C-CISO, CISM, CISSP, CDPSE, CEH and CHFI. Blake is currently pursuing an additional Master of Science Degree from Western Governor’s University in Data Analytics. 

In 2011 and 2012, Blake’s efforts as CIO of Ryan, LLC were recognized in the InformationWeek 500 listing of the most innovative business technology companies in the United States. In 2011, Ryan was ranked 130th, and in 2012, Ryan’s ranking rose to 98th. In both cases, Ryan was the highest ranked corporate tax services firm on the list. 

In December 2012, Blake was named by Computerworld magazine as one of its 2013 “Premier 100 IT Leaders.” The Computerworld Premier 100 IT recognition is an international lifetime award that shines a spotlight on technology and business leaders from a broad range of organizations. In November 2017, Blake was recognized by the Austin Chapter of the Society for Information Management as the Public Sector IT Executive of the Year in Austin, Texas. 

In October 2017, Blake co-authored the second edition of “What Every Engineer Should Know About Excel”, a work that was originally published by his late father, Dr. Jack Holman, a world-renowned professor of Mechanical Engineering at SMU. In 2018, Blake published his second work, “Information Security JumpStart Guide for non-profit organizations” aimed at providing non-profit organizations guidance on the vital first steps to initiating an Information Security program. 

Dr. Shawn P. Murray

President and CEO, Murray Security Services

Dr. Shawn Murray is President and Chief Academic Officer at Murray Security Services and is assigned to the United States Missile Defense Agency. He is assigned as a Senior Cyber Security Professional and is an officer in the US Civil Air Patrol. His previous assignments include work with the US Army Cyber Command in Europe, US Air Force and with Commercial Industry in various roles in Information Assurance and Cyber Security. He has also worked with NSA, FBI, CIA and the US Defense and State Departments on various Cyber initiatives and has over 20 years of IT, communications and Cyber Security experience.

Dr. Murray also serves as COO to the International Board of Directors for the Information Systems Security Association. He is a professional member of IEEE, ACM, ISSA, (ISC)² and is a FBI Infragard program partner. He enjoys spending time traveling with his family, researching and collaborating with other professionals in Cyber Security and Cyber Law and plays soccer on a local league in Colorado Springs.

CSR2020 Featured Presentation

“Managing Culture as a Cyber Security Strategy – Methods for Achieving Success” 

Organizations focus a significant amount of time on developing methods for tracking success in operational efficiency in order to achieve profitability as an outcome of the strategic planning process. One of the things that can contribute to success (or failure) is having a mature understanding of your organizational culture. Having a strategy that focuses on understanding and managing culture can allow an organization to motivate employees and partners if cultivated and communicated effectively. When not managed affectively, poor culture can cause distrust and consternation between stakeholders. The presenter will discuss methods for executives and managers to include organizational culture in the strategic planning process and identify objectives for tracking success.

Stewart Weaver

Stewart is a Transformational Chief Information Officer/Chief Technology Information Officer, team leader, and accomplished individual contributor. Over the past 20 years, Stewart has worked in various industries* to:

  • Drive performance by focusing on aligning processes and streamlining technology
  • Virtualize as much as possible to reduce dependence on hardware and increase data security
  • Developing and retaining top talent within the organization to ensure its sustainability

He’s currently a managing partner for AOI Business Consulting, LLC.

* Communications /Technology, Healthcare, Hospitality/Leisure, Fin-Tech and Government