TRISS 2023 Presenters

Grant Asplund

It’s a Snap Securing Your Multi-Cloud, Cloud-Native Deployments with CNAPP

For more than 25 years, Grant Asplund has been sharing his insights on how businesses can best protect themselves from sophisticated cyber-attacks in an increasingly complex world. As Check Point’s chief evangelist, he travels the world enthralling audiences with his passionate and relational storytelling at conferences like RSA and Next100 CIOs and numerous media interviews. Grant’s wide range of cyber security experience informs his talks, having served in diverse roles ranging from sales, marketing, business development, and senior management for Dome 9, Blue Coat Systems, Neustar, and Altor Networks. As CEO of MetaInfo, he led its acquisition by Neustar. Grant is the host of the CISO Secrets podcast ( and the Talking Cloud Podcast ( on Cloud security.

Ed Bailey

Three ways to transform your detection and response program to meet tomorrow's challenges

Ed Bailey is a passionate engineering advocate with more than 20 years of experience in instrumenting a wide variety of applications, operating systems, and hardware for operations and security observability. He has spent his career working to empower users with the ability to understand their technical environment and make the right data-backed decisions quickly.

Nathan Cross

Scope Your Plan: Step One in the CMMC Compliance Journey

Nathan is a graduate student at Carnegie Mellon University, where he is pursuing his Master's in Information Security Policy & Management. He also works as a Cybersecurity Engineer for a small business DoD contractor, where he has experience assisting small businesses with CMMC compliance and helping them reduce their overall cybersecurity risk.

Jim Henry

The Cloud Lives Somewhere - Why you should be concerned about your Data Center provider and their Industrial Control Systems (ICS)

Jim Henry is Senior Manager and Head of Global Risk and Compliance at Iron Mountain Data Centers, and leads the division’s enterprise Information Security, Business Continuity, Quality, Energy, and Environmental, Management Compliance Programs. Jim is primarily responsible for Enterprise Compliance and Risk Management, external audit and assurance, and also leads the overall program management and development of all global ISO certified management systems, including ISO 27001, ISO 9001, ISO 22301, ISO 14001, ISO 45001 and ISO 50001. Jim has been with Iron Mountain since 2016 holding various roles within the Compliance department, is a Certified Information Systems Auditor (CISA), and Certified Information Security Manager (CISM) accredited by Information Systems Audit and Control Association (ISACA), and also holds an Executive Certificate in Geopolitical Analysis from Florida Atlantic University.

Tan Kee Hock

Mitigating Insider Threats in AWS: A Zero Trust Perspective

Kee Hock is a cybersecurity professional specializing in cloud and web application security. He started his career within one of Singapore's technological arms where he led cloud security capability development efforts for the organization. As an engineer and researcher by heart, he has contributed to the cybersecurity community by building tools and sharing his research works through conferences such as Blackhat and Defcon. He has recently transitioned back to being a (graduate) student, pursuing a Master's in Information Security Policy and Management from Carnegie Mellon University.

Bob Kaminski

U.S. DHS/CISA Small Business Resources and Incident Management Brief

Bob Kaminski serves as a Cybersecurity Advisor (CSA) for the Cybersecurity and Infrastructure Security Agency (CISA) serving the greater Pittsburgh and Western Pennsylvania area. In support of CISA’s mission of reducing risks to US critical infrastructure, Bob works with public and private sector critical infrastructure owners and operators to strengthen their cybersecurity posture through various CISA cyber security products and services. Bob provides cyber preparedness assessments and protective resources, working group support, leadership, partnership in public-private development, and coordination and support in times of cyber threat, disruption, or attack. Since 2009, Bob has served in various roles within the U.S. Department of Homeland Security. Bob has an extensive military background as well. While conducting a hazardous combat mission in Iraq, Bob's vehicle was hit by two Improvised Explosive Devices (IEDs) amputating his entire right leg and nearly taking his life. After years of surgeries and extensive physical therapy, Bob was able to fight back and serve his country again in his current capacity. Bob possesses a BS from Duquesne University majoring in Computer Technology. Bob is a recipient of the Purple Heart and Army commendation medal.

Brian Manger

SOC Modernization - 5 Pillars for Driving Differentiation to Improve Security Operations

Brian has spent the last decade working to help solve security problems and drive security maturity. His career started in GRC and Risk Management consulting where he focused primarily in the healthcare vertical working on implementation and adoption of risk visibly and mitigation practices. From there he shifted into to the Network Security world where he led a team focused on helping customers in the financial, technology, manufacturing and healthcare verticals migrate their security technologies and tooling to better support their cloud transformations. Brian is now a Sr. Solutions Director at Deepwatch where he partners with organizations to help mature their security operations programs.

Mike Pedrick

Crafting Security Program Metrics You AND Your Boss Care About

Mike Pedrick is the VP of Cybersecurity Consulting at Nuspire. He has been providing technology, security, compliance, and risk management consulting services to organizations across several industries for nearly 20 years. In addition to his role at Nuspire, he is an accredited trainer and chapter board member for ISACA, mentoring cybersecurity and risk management professionals.

Steph Saunders

Cover Your Bases – 2023 updates to NIST and other frameworks

Steph has over 10 years of experience in the Information Security field, working mainly in retail, critical manufacturing, and other IT organizations. Steph actively presents at various InfraGard or other Information Security Events. Steph is an active mentor in cyber security, a frequent cyber security panelist, a volunteer, and an overall connection maker for the Information Security Community. Steph is passionate about Information Security as a whole. She particularly enjoys promoting best practices for Education and Awareness training, especially from a Defense in Depth (DiD) perspective. She is skilled in both Physical Security and Incident Response and is always improving her forensics skills through learning about each security domain. She has developed and hosted Tabletop Exercises, while creating relationships in the security field, IT, and other parts of organizations.

Matt Scheurer

Becoming an IR Superstar

Matt Scheurer is a show host for the ThreatReel Podcast. By day, he is an AVP, Computer Security & Incident Response in a large enterprise. Matt has many years of hands-on technical experience, including Digital Forensics and Incident Response (DFIR). Matt is also a 2019 comSpark "Rising Tech Stars Award" winner and was named a "Top 12 Hacking Influencer" by Bishop Fox in 2023.

Brett Tucker

Measurement Matters: Seeking Ideal Metrics for Control Efficacy

Brett Tucker is the Technical Manager of Cyber Risk in the CERT Program at Carnegie Mellon University’s (CMU) Software Engineering Institute (SEI). Brett is responsible for a research and development portfolio focused on improving the security and resilience of the Nation’s critical infrastructure and assets with specific focus on risk management and resilience. Brett is also adjunct CERT Faculty at the Heinz College. Brett was also an appointee on Governor Holcomb's Special Advisory Committee for Cybersecurity for the state of Indiana. Brett has 20 years of experience in engineering, risk management, and technical management within the public and private sectors. Prior to joining the SEI, Brett was the Global Risk Manager for Westinghouse Electric Company where he managed the corporate enterprise risk portfolio and global insurance programs. Preceding that role at Westinghouse, Brett also managed a project controls organization as well as led the engineering, procurement, and installation of instrumentation & control suites for AP1000 nuclear reactor plants. Prior to Westinghouse, Brett served as an intelligence officer at the Central Intelligence Agency and also served as a defense contractor for the Naval Sea Systems Command. Brett is also a veteran of the United States Navy as a Surface Warfare Officer and a qualified Naval Nuclear Engineer in the Naval Nuclear Propulsion Program. Brett holds a Bachelor of Science degree in Chemical Engineering from the University of Notre Dame, a Master degree in Engineering Management from Old Dominion University, and an MBA from Penn State University. Brett is an active member in the local business community as a member of the Project Management Institute (PMI) and holds a Project Management Professional (PMP) certification from PMI. Brett is a member of the American Society for Quality (ASQ) and holds a certification as a Six Sigma Black Belt (CSSBB) from ASQ. Brett is also a Certified Information Security Systems Professional (CISSP) and Certified Governance, Risk, and Compliance Professional (CGRC), previously known as the Certified Authorization Professional (CAP) through ISC^2.

Catherine J. Ullman

Defending Beyond Defense

Dr. Catherine J. Ullman is a security researcher, speaker, author, and Principal Technology Architect, Security, at the University at Buffalo with over 20 years of highly technical experience. In her current role, Cathy is a digital forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness among faculty and staff which educates and informs users about how to prevent and detect social engineering threats, and how to compute and digitally communicate safely. Cathy has presented at numerous information security conferences including DEF CON and Blue Team Con. Cathy is a contributor to the O’Reilly title 97 Things Every Information Professional Should Know and the author of the Wiley title The Active Defender. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth Flash at the Buffalo Zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.