Graeme Payne – Keynote

The New Era of Cybersecurity Breaches



Graeme Payne is a consultant, speaker, and coach. He works with boards and senior executives to help them understand and manage cybersecurity and IT risks. He has over 30 years of experience in consulting and IT management in financial services, insurance, healthcare, retail, manufacturing, and utility industries. During the Equifax 2017 Data Breach (which exposed the sensitive information on 146 million US consumers), he was Senior Vice President and CIO of Global Corporate Platforms. He was fired the day before the former Chairman and CEO of Equifax testified to Congress that the root cause of the data breach was a human error and technological failure. Graeme would later be identified as “the human error”.

Prior to joining Equifax in 2011, Graeme was a Principal at Ernst & Young and Global Leader of Governance, Risk & Compliance at Wipro Consulting. Over his 30 year career, he has consulted with hundreds of companies on cybersecurity and IT risk programs. Graeme started his career as an accountant and holds many security and IT risk certifications.  He grew up and worked in New Zealand before moving to the United States in 1995. 

Liam Randal



With a career spanning 20 years, Liam Randall has worked at every level of the information systems pipeline- from building and operating large networks, developing and maintaining large 100M+ e-commerce solutions, to designing and implementing global network security monitoring sensor grids. A frequent speaker and trainer at security conferences Liam has trained 1000’s students on advanced incident response.

A serial entrepreneur, I most recently founded Critical Stack with the goal of automating security and compliance for secure container orchestration. Critical Stack was acquired by Capital One in 2016, where I currently serve as President of the Critical Stack division of Capital One. 


Dave Marcus

Dave MarcusPrincipal Engineer, Advanced Programs Group’s Research and Intelligence Cell, McAfeeDave Marcus currently serves as director of research and intelligence for McAfee’s Advanced Programs Group. His responsibilities include advanced threat research, threat intelligence projects, open-source intelligence projects as well as running McAfee’s global intelligence practice. 

As one of McAfee’s Principal Engineers, he is also a recognized technical leader and helps drive its technical direction and roadmap. In his spare time, he lifts heavy things and is a family man.

Stacey Banks


Stacey Banks is a Security Consultant who specializes in Government Regulatory Compliance (GRC) with over 20 years of experience in the field. She holds certifications that include but is not limited to CISSP, CRISC, CISA, CCO, CSM, PCI-QSA. She also holds degrees in BS Computer Science, MS Network Security, and an MBA.


Jeremy Druin

Jeremy Druin
Principal Security Architect

Jeremy works as the Principal Security Architect for UPS where he created the application security, bug bounty and penetration testing programs. Jeremy is also the owner of Ellipsis Information Security where he provides security testing services and teaches secure application development and penetration testing courses.

As a Director of Education for the Kentucky ISSA chapter, Jeremy presents on various information security topics along with operating the “webpwnized” YouTube video channel. Additionally, Jeremy develops the open-source OWASP Mutillidae II training environment.

Jeremy has a Bachelor’s in Computer Science from Indiana University, a Graduate Certificate in Cybersecurity and Masters in Computer Science from the University of Louisville and is a GIAC-certified Web Application, Mobile and Network Security Penetration Tester.

Deral Heiland


Deral Heiland CISSP, serves as a Research Lead (IoT) for Rapid7. Deral has over 25 years of experience in the Information Technology field, and over the last 15+ years Deral’s career has focused on security research, security assessments, penetration testing, and consulting for corporations and government agencies.

Deral also has conducted security research on numerous technical subjects, releasing white papers, security advisories, and has presented the information at numerous national and international security conferences including Blackhat, Defcon, Shmoocon, DerbyCon, RSAC, Hack In Paris. Deral has been interviewed and quoted by several media outlets and publications including ABC World News Tonight, BBC, Consumer Reports, MIT Technical Review, SC Magazine, and The Register.


Charles Shirer (BSD Bandit)

Charles is a RedTeamer/ThreatHunter for the SpiderLabs. In his spare time Charles works on the SECBSD open source project which is a penetration testing distro based on the OpenBsd Operating System.

He currently works as Staff at several Security Conferences, Podcast(GrumpyHackers)(IronGeek Cast) and is a part of NovaHackers.(OSCP,OWSP)

Susan Sons


Susan E. Sons is a passionate and experienced Chief Information Security Officer and information security leader with experience ranging from tech startups to defense to academic science to private-sector research and development environments. She currently serves as Chief Security Analyst at IU’s Center for Applied Cybersecurity Research, Deputy Director of ResearchSOC, and a leader in the CI CoE Pilot. Susan is passionate about software and control systems security, building security programs and teams that enable research and development and advancing the practice of information security.

Susan’s professional interests include:

– Securing scientific research, other R&D, and life-critical technologies
– Turning around projects and organizations that need pervasive information security improvements
– The security and trustworthiness of internet infrastructure software
– Building better information security teams and organizations
– Getting to the heart of information security for a mission…not as a one-size-fits-all dictum


Dave Chronister

Dave Chronister – @bagomojo is co-founder and Managing Partner of Parameter Security, an ethical hacking firm. As a Certified Ethical Hacker and Certified Information Systems Security Professional, Chronister possesses deep security expertise in some of the most heavily regulated industries including financial services and healthcare. Specifically, Sarbanes Oxley (SOX), Gramm-Leach-Bliley Act (GLBA), Payment Card Industries (PCI), and the Health Insurance Portability and Accountability Act (HIPAA).

Cutting his teeth on technology at the age of 5, Chronister gained an instant attraction to the inner-workings of his computer. Before the age of 8, he wrote his first computer software program and by the time he was a teenager he ran one of St. Louis’ biggest networked bulletin board systems. It was at this time he experienced war dialing and first encountered the underground world of hacking.

During the course of his professional career, Chronister served as Architect for A.G Edwards’ electronic messaging system – the largest Exchange Server deployment at the time. At Cybersource, he was the technical liaison to the various credit card organizations, developing their payment card compliance standards. Additionally, working with numerous medical and dental practices, Chronister served as Technical Advisor helping these practices meet HIPAA compliance. Recently, he served as Chief Technology Officer for a $700 million dollar bank holding company for over 5 years prior to starting Parameter Security.

Chronister’s expertise has been featured on television’s CNN, Bloomberg TV, CNBC, Fox Business, ABC World News with Diane Sawyer, America Now with Leeza Gibbons, FOX 2 KTVI, KMOV Channel 4, KSDK News Channel 5 as well as several local radio stations. Also spotlighted in online and print publications such as FOX Business News, CNBC, CBS, Associated Press, CIO Magazine, Information Security Magazine, InfoWorld Magazine, Computerworld, Entrepreneur Magazine, Popular Science, American Banking Journal, BankNet 360, Bank News, Credit Union Tech Talk, The Kansas City Star, St. Louis Post-Dispatch, The Suburban Journal, St. Louis Business Journal, St. Louis Business Monthly and other publications. Plus, Chronister has written several articles for numerous industry publications. Chronister appears as a regular cybersecurity expert on Fox Business, CNBC, MSNBC, and CNN.