SPEAKER BIOGRAPHIES

SPEAKERS AT THE ENTERPRISE RISK/SECURITY MANAGEMENT CONFERENCE – MAY 28, 2025

 

Ryan Blackwell, SVP, IT Operations, Cloud and Cybersecurity, GAVS\GSLabs

Bio to come!

 

Johnny Burton, VP of IT & Security Officer, The Family Institute at Northwestern University

I have fourteen (14) years of IT experience, a Bachelor’s degree, CISSP certified and have been focusing on Network and Cybersecurity for the past eight (8) years. My expertise includes managing secure network infrastructure, conducting risk assessments, and creating security policies. I lead teams to build security strategies from scratch, following cybersecurity frameworks and best practices. I implement processes to reduce attack surfaces and manage risks, which have proven effective in safeguarding sensitive data. I have worn several hats within my role and experience with cross-functional/cross-team communication. My team relies on me for guidance as the standard bearer for cybersecurity. I design secure cloud solutions that satisfy business requirements and adhere to regulations such as HIPAA and PCI. I worked quickly to understand the business and develop customized security solutions to protect the company’s most valuable assets.

I am a team leader and player motivated to work with a company that values innovation and security. I advocate for cybersecurity to be incorporated in the planning stage of every project and for SDLC to ensure a proactive and continuous approach to security.

As part of my commitment to mitigating potential threats, I prioritize attending tech summits and participating in cybersecurity clubs. Continuous learning and improvement are essential to enhance my cybersecurity skills and the profession and protect my company’s infrastructure.

Tim Connolly, Senior Systems Engineer, Illumio

 

Randy Herold, Chief Information Security and Chief Privacy Officer, ManpowerGroup

Randy Herold holds a degree in Computer Science and has over 25 years of information technology experience within the public and private sectors, the last 20 of which have been focused on information security, privacy, data protection, risk management and compliance. Mr. Herold is a graduate of the University of Phoenix and holds a Bachelor’s Degree in Computer Science.
Randy joined ManpowerGroup in 2018 as Chief Information Security and Chief Privacy Officer responsible for overseeing ManpowerGroup’s Information Security and Privacy efforts in more than 70 countries. Prior to joining ManpowerGroup Randy held technology leadership roles with PHH, Chubb/ACE Group, Coca-Cola Enterprises, Nielsen/Arbitron and multiple government defense contractors. He has received various technology related certifications and is a member of numerous security and technology professional organizations.

Lori Kevin, VP Enterprise IT & Security, IMO Health

Lori has over 20 years of experience in technology, operations, and specifically in building an innovative and robust security program from the ground up. She is currently VP of Enterprise IT & Security at IMO Health, a software development organization whose product offerings ensure clinical data quality and integrity across the healthcare ecosystem. Lori and her team provide not only technical security expertise and guidance to software engineers, they also collaborate across the entire enterprise to communicate security awareness through training, awareness campaigns, and risk management.

Fred Kwong, Ph.D., Vice President, Chief Information Security, DeVry University

Dr. Fred Kwong has been in the information technology field for the past 15 years in working in education, financial, and telecommunication sectors. Fred currently works at a Farmers Insurance where he currently is the Global Head of Privileged Access Control. Fred is currently building a new program seeking to govern, control, and profile privileged identities throughout the enterprise.

Fred’s work includes the creation of security and privacy policies, standards, and procedures. He is a subject matter expert in PCI, leading organizations to pass their report on compliance. With an extensive background in IT technologies, Fred continues to challenge the status quo by providing guidance in security and network architecture creating holistic designs that align to todays’ threat vector for organizations.

Fred has a passion of combining IT skills with organization development values. His broad range of IT skills has allowed him to view IT from many different paradigms and present them to the business partners in an easy to understand language. Fred servers as an adjunct professor at Benedictine and Roosevelt University teaching courses in international business, organization behavior, project management, and information systems. He holds a Ph.D. from Benedictine University and earned his master’s degree in business administration from Roosevelt University. Fred is a Certified Project Management Professional (PMP), a Certified Information Systems Manager (CISM), and a PCI Professional (PCIP).

 

Derek Milroy, Security Architect, Arthur J. Gallagher

Derek Milroy is a corporate security professional that has been implementing security, as both an internal employee and as a consultant, for the past twenty plus years. His main areas of focus the past decade or so have been: Systems Hardening (focusing mainly on Windows Forest/Domain/GPO architectures), Vulnerability Management, Patch Management, Log Management/SIM/SEIM, Incident Response, Network Infrastructure Security, Cloud Controls and Hardening, Red Team Program Management, Threat Modeling, and Threat Intel. He is a former QSA, current PCIP, and has also performed ISO 72001/27002, CIS Top18, and NIST CSF assessments.

Brian Palmer, Director of IT Security & Infrastructure, Ventas, Inc.

Brian T. Palmer is a seasoned IT executive with over 20 years of experience in global enterprise IT organizations. He excels in cybersecurity and infrastructure management, leading large teams to enhance IT scalability, availability, security, and cost efficiency.  Brian has transformed IT cultures, developed strategic global technology and security roadmaps, and implemented corporate ITIL programs, achieving high application and infrastructure availability. Brian is also an avid mountaineer, having completed 6.5 of the 7 summits .

• Two time CISO of the Year nominee
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• Certified Information Security Manager (CISM)
• ITILv4
• AWS Certified Cloud Practitioner

Safi Raza, Senior Director of Cyber Security, Fusion Risk Management

Safi Raza is the Senior Director of Cybersecurity at Fusion Risk Management, leading the company’s global cybersecurity strategy, governance, and cyber risk management initiatives. With over 15 years of experience in information security, Safi has a proven track record of building and scaling security programs aligned with frameworks such as SOC 2, ISO 27001, and NIST. His expertise encompasses security operations, cloud security, vulnerability management, and regulatory compliance.

Safi is a recognized thought leader in the cybersecurity community, contributing insights on topics such as ransomware defense, operational resilience, and emerging threats. Safi is a member of ISC2 and holds the CISSP, CCSP, and several other industry-recognized certifications. He was nominated for the 2024 Chicago CISO of the Year Award, reflecting his leadership and impact in the field.

 

Michael Robbins, Security Program Leadership | Governance, Risk & Compliance | Security Program Metrics

Michael Robbins leads the Cybersecurity Strategy, Risk and Compliance Assessment practice at Kudelski Security.  In this capacity, he helps clients review and assess their cybersecurity programs against the leading industry standards and frameworks while providing strategic recommendations. With over 20 years of experience consulting in the IT and cybersecurity space, he has a wide background in many different industries. In addition to assessments, Michael has helped build out security programs for some very large organizations. He holds several industry certifications including a PMP, QTE and CCSK.

 

Neema Wasira-Johnson, Executive Director, Governance, Risk & Compliance, Insurance Organization

Neema is an accomplished Senior Cybersecurity Executive with over two decades of experience. Her expertise spans retail, healthcare, and financial services. She brings deep industry knowledge of technology and security quantitative risk management to ensure critical assets are protected and help drive business success. Key highlights include: – Leading and transforming cybersecurity programs for global organizations, building high-performing teams and fostering a security-first culture., executing comprehensive information security strategies, managing enterprise-wide risk and ensuring regulatory compliance and enhancing organizational resilience through strategic leadership.

 

Ron Zochalski, CTO & CISO, Lake County Government – Indiana

CTO & CISO for Lake County Government – Superior Courts Juvenile Division on the zero trust journey to protect data, assets and buildings for current and emerging security threats. I have the ability to break down the financial and technical risks and issues to both technical and the non-technical professionals including the boardroom and get buy in. This is not an easy task.

Ron also has spent the last 12 years teaching at Indiana University Northwest teaching students to understand and use various technologies, Personal Finance and Business Administration.

Ron’s 20+ year journey started in Financial Services then to Automotive, Newspaper/Media, ECommerce, Supply Chain, Mobile and currently Government and Courts. It’s always the questions you don’t know to ask are the ones that give you an issue.