Andrew H. Tannenbaum, Chief Cybersecurity Counsel, IBM

Keynote Speaker: Thursday, 6:00 p.m., Dibner Building, Pfizer Auditorium

As IBM’s chief cybersecurity counsel, Andrew is the founder and leader of a global legal team that guides the company on a wide range of cybersecurity legal, policy, and investigative matters. Working closely with IBM’s chief security officers and senior business leaders, he provides advice on areas extending from IBM’s overall corporate governance for managing cyber risk, to the company’s response to sensitive cyber incidents, to the operational details of IBM’s internal cyber program and policies. He also provides legal and strategic advice to IBM Security, the world’s fastest growing enterprise security company.

Andrew is a recognized thought leader in the cybersecurity legal field. In 2016, Andrew was named by the National Law Journal as a Cybersecurity & Data Privacy Trailblazer. He is a regular speaker at cybersecurity events, has testified before Congress as an expert on cybersecurity law, and has written for and appeared in publications such as the Wall Street Journal, Harvard Business Review, National Journal, Politico, and CSO. Andrew has deep legal and operational experience in both the private and public sectors and has overseen hundreds of cyber incident response investigations worldwide.

Prior to joining IBM, Andrew held several senior national security positions at the Department of Justice and the National Security Agency during both the Obama and Bush Administrations. He was Deputy General Counsel for the National Security Agency, where he oversaw all cybersecurity and legislative matters, and he held senior positions in the Department of Justice’s National Security Division. During his 10 years in government, Andrew also served as Senior Counselor and Assistant General Counsel in the White House Office of Management and Budget; as a Trial Attorney in the Department of Justice’s Civil Division; and as an Attorney-Adviser in the Department of Justice’s Office of Legal Counsel. Andrew received a number of awards during his time in public service, including the Attorney General’s Distinguished Service Award.

Before joining the Department of Justice, Andrew was a litigator at Davis Polk & Wardwell in New York and clerked for Judge Wilfred Feinberg of the United States Court of Appeals for the Second Circuit.

Andrew graduated from Columbia Law School and Dartmouth College.

Topic: How Future Cybersecurity Leaders Can Save The World

It's not just about 1s and 0s. Cybersecurity will present some of the biggest technological, economic, legal, privacy, policy, business, public safety, law enforcement and national security challenges of the 21st Century. Students who not only master the computer science but also hone effective communication and leadership skills--and gain multi-disciplinary experiences--will be called on to solve some of the most critical problems of our time. 


Dino Dai Zovi, CO-Founder and CTO, Capsule8

Security Expert Luncheon Keynote: Friday, 12:00pm, Dibner Building, LC400

Capsule8 CTO Dino Dai Zovi is an established researcher and innovator in the cybersecurity community with over a decade of experience in red teaming, penetration testing, software security, information security management, and mobile security R&D. He is best known in the information security community for winning the first PWN2OWN contest at CanSecWest 2007. Prior to Capsule8, Dino served as the Mobile Security Lead at Square, building out the platform that allows Square to ensure that their sellers’ mobile devices are safe. He has also held security leadership roles with Endgame, Two Sigma Investments and Matasano Security. Dino is a member of the BlackHat Review Board and also a regular speaker at information security conferences around the world including DEFCON, BlackHat and CanSecWest. He is a co-author of the books “The iOS Hacker’s Handbook,” “The Mac Hacker’s Handbook” and “The Art of Software Security Testing.”

Topic: Scaling Security Operations: Securing DevOps and Automating SecOps

By applying the lessons of DevOps and Site Reliability Engineering to security, we can amplify the impact of security expertise through customization and automation. Through intelligent application of automation, we can overcome the cybersecurity skills gap and implement real defense at scale.