To view speaker bio, click on first letter of last name.

Todd Babione, KPMG

Todd Babione is a Managing Director in KPMG’s Advisory practice and has more than 16 years of experience in delivering business process and information technology advisory services to Fortune 500 organizations. He has extensive experience performing large SAP transformation projects with a concentration on internal controls and security design. He has also led a number of large implementations and assessments of SAP’s Governance, Risk and Compliance (GRC) solutions including Access Controls and Process Controls. He is KPMG’s SAP Cyber Security leader and has help many clients address the unique security risks prevalent in the market today.

Todd's Session(s):

Back to top

Aishwarya Dey, PwC

Aish Dey is a manager based in PwC's Irvine, CA office. She has over 10 years of experience in setting up security and GRC access control for Fortune 500 clients across various industries including Beverage & Foods, Defense, Entertainment, Manufacturing, Retail, and Utilities. She has a rare blend of technical and functional expertise as well as strong business acumen with an accomplished background in SAP ECC/HANA security design/redesign, SAP GRC-AC 5.3, 10.0 & 10.1 implementation, SoD review, SAP HCM security & functional design, and SAP BW/BI security & reporting set up.

Aishwarya's Session(s):

Back to top

Stephen DuBravac, Security Weaver

Stephen's Session(s):

Back to top

Julie Ford, Customer Advisory Group

Julie Ford is a Senior Member of the Customer Advisory Group with a Masters Degree in Cybersecurity from the University of Maryland and more than 13 years experience as an architect in SAP Security, Cybersecurity, Governance, Risk, Compliance, and Information Assurance. Julie is accustomed to working in global fast paced, high volume environments working with local and offshore resources, complex landscapes, and integration issues. Leveraging a wide-range of talents in computer technology, staff leadership, federal audit, and regulatory compliance, Julie provides a solid foundation to address all aspects of information systems across all platform types, project requirements, and business needs. Julie has worked with multiple GRC implementations, security redesigns, and audit remediation. She is an SAP TechEd & dCode speaker and an expert in the area of Cybersecurity for SAP.

Julie's Session(s):

Back to top

Mithilesh Kotwal, Protiviti

Mithilesh Kotwal is an Associate Director in the IT Consulting Practice for Protiviti with over ten years of extensive experience in SAP Security and Internal Controls He has been a part of and led multiple Global Full Lifecycle SAP Security and GRC implementation and re-design projects working over a varied breadth of technologies, industries and products. His current areas of focus are SAP Security Redesigns/Implementations, GRC Implementations and SAP Security Optimization.

Mithilesh's Session(s):

Back to top

Stephen Lamy, Virtual Forge

Stephen Lamy is the CEO and Managing Director of Virtual Forge, Inc., offering products and services for the prevention, detection and management of cybersecurity and stability issues in SAP systems and applications. His SAP career began as a developer in Walldorf 1990 where he spent 16 years leading development teams for HCM, Benefits, migration and integration tools for R/2, R/3, ECC, and SAP BbD. With Virtual Forge, Stephen continues to build on his reputation for producing innovative software that help companies reduce risk, increase efficiency, and improve the quality of their SAP systems.

Stephen's Session(s):

Back to top

Matt Lonstine, Symmetry Corporation

Matt Lonstine is a Client Manager at Symmetry, and leads a group of SAP Basis/SAP NetWeaver Technologists responsible for the delivery of managed services, and project consulting. He draws on eight years of hands-on Basis experience, deep expertise on Linux platforms, and an understanding of complex SAP environments to provide his customers with the solutions they require. His experiences include direction/execution of large-scale Heterogeneous Migrations, SAP HANA implementations, Disaster Recovery initiatives, and interdependent cross-landscape Upgrades. Matt also works closely with Engineering and Solution Architecture staff in the area of Symmetry Cloud strategy and services.

Matt's Session(s):

Back to top

Ivan Mans,

Ivan co-founded and is active as a chief technical architect for the ABAP-Experts product portfolio. With 20 years of SAP experience, across various industries, Ivan is the author of some widely spread SAP add-ons. Today Ivan’s focus I set on real-time intrusion detection for SAP.

Ivan's Session(s):

Back to top

Raymond Mastre, PwC

Raymond is a Director based in PwC's San Francisco office. For over 12+ years, Ray has specialized in SAP Security and the implementation of Governance Risk and Compliance (GRC) solutions. He has completed 10 global SAP security redesign projects and multiple end-to-end implementations of the SAP GRC Access Controls suite, including GRC version 10.x and the customization of client specific Segregation of Duties (SoD) rule sets. Recently, Ray completed a 3.5 year exchange program with the Zurich, Switzerland PwC office, where he led the business unit dedicated to providing compliance solutions for companies running SAP (SAP GRC, Approva One, Security Weaver, etc.). His technical expertise paired with his international perspective make him ideal for multi-national clients looking to optimize SAP GRC solutions.

Raymond's Session(s):

Back to top

Bill Oliver, Winterhawk Consulting

Bill is a founding Partner of Winterhawk Consulting , a SAP Services Partner ® and global provider of Governance, Risk, and Compliance (GRC) services. Bill has over 20 years’ experience in the field of SAP Information Security and auditing which includes large scale Security and GRC implementations as well as managerial roles in external audit, advisory, and assurance services. Bill holds a Master’s Degree in Information Technology from Boston University and is a Certified Information Systems Auditor (CISA).

Bill's Session(s):

Back to top

Juan Perez-Etchegoyen, Onapsis

Juan Pablo is the CTO at Onapsis, leading the Research teams that keeps the company on the cutting-edge of the business-critical application security market. He is responsible for the design, research and development of Onapsis' innovative software solutions, and helps manage the development of new products as well as the SAP cyber-serurity research that has garnered critical acclaim for the Onapsis Research Labs. He is regularly invited to speak and host trainings at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd/DCODE. Prior to joining Onapsis, Juan Pablo led many Information Security consultancy projects for Companies in Latin America, EE.UU. and Europe. His strongest experience is in the field of Penetration Testing, Web Application Testing, Vulnerabilities Research, Information Security Auditing’s and Standards.

Juan's Session(s):

Back to top

Regine Schimmer, SAP SE

Regine Schimmer is an SAP product manager responsible for the roll-out of SAP NetWeaver Identity Management and Single Sign-On. She has more than 10 years of experience with SAP security, identity and access management solutions.

Regine's Session(s):

Back to top

Sachin Singh, Deloitte

Sachin has around ten years of Information Technology consulting experience with a primary focus on Enterprise Resource Planning (ERP) and cloud application security design and implementation. He specializes in implementation and assessment of SAP security and controls, SAP governance, risk and compliance (GRC), and Identity and Access Management (IAM) systems. Sachin has served a wide range of clients in a variety of industries, including: Consumer Business; Media & Entertainment; Automotive; Manufacturing.

Sachin's Session(s):

Back to top

Frederik Weidemann, Virtual Forge

Frederik Weidemann is Head of Consulting at Virtual Forge GmbH with a focus on SAP Security for eleven years. He is co-author of the first book on ABAP Security "Sichere-ABAP Programmierung" by SAP Press and spoke at several SAP and Security related conferences like RSA, Troopers, OWASP and DSAG. Frederik frequently teaches on secure ABAP programming (course WDESA3) at SAP University in Walldorf and on SAP security for Virtual Forge's customers. He also writes articles on SAP Security on a regular basis and has found numerous Zero Day defects in Business Software. Frederik holds a German Diploma in Computer Science and scored several Capture-The-Flag hacking contests first or second place during his time in university.

Frederik's Session(s):

Back to top