To view speaker bio, click on first letter of last name.

Todd Babione, KPMG

Todd Babione is a Managing Director in KPMG’s Advisory practice and has more than 16 years of experience in delivering business process and information technology advisory services to Fortune 500 organizations. He has extensive experience performing large SAP transformation projects with a concentration on internal controls and security design. He has also led a number of large implementations and assessments of SAP’s Governance, Risk and Compliance (GRC) solutions including Access Controls and Process Controls. He is KPMG’s SAP Cyber Security leader and has help many clients address the unique security risks prevalent in the market today.

Todd's Session(s):

Back to top

Jerry Caponera, Nehemiah Security

Jerry's Session(s):

Back to top

Aishwarya Dey, PwC

Aish Dey is a manager based in PwC's Irvine, CA office. She has over 10 years of experience in setting up security and GRC access control for Fortune 500 clients across various industries including Beverage & Foods, Defense, Entertainment, Manufacturing, Retail, and Utilities. She has a rare blend of technical and functional expertise as well as strong business acumen with an accomplished background in SAP ECC/HANA security design/redesign, SAP GRC-AC 5.3, 10.0 & 10.1 implementation, SoD review, SAP HCM security & functional design, and SAP BW/BI security & reporting set up.

Aishwarya's Session(s):

Back to top

Stephen DuBravac, Security Weaver

Stephen's Session(s):

Back to top

Julie Ford, Customer Advisory Group

Julie Ford is a Senior Member of the Customer Advisory Group with a Masters Degree in Cybersecurity from the University of Maryland and more than 13 years experience as an architect in SAP Security, Cybersecurity, Governance, Risk, Compliance, and Information Assurance. Julie is accustomed to working in global fast paced, high volume environments working with local and offshore resources, complex landscapes, and integration issues. Leveraging a wide-range of talents in computer technology, staff leadership, federal audit, and regulatory compliance, Julie provides a solid foundation to address all aspects of information systems across all platform types, project requirements, and business needs. Julie has worked with multiple GRC implementations, security redesigns, and audit remediation. She is an SAP TechEd & dCode speaker and an expert in the area of Cybersecurity for SAP.

Julie's Session(s):

Back to top

Alex Horan, Onapsis

Alex Horan is Director of Product Management at Onapsis Inc. where he is responsible for the development of ERP vulnerability assessment, testing and securing solutions. Horan has more than 15 years of experience working within the IT security industry, covering both software and hardware. As a result, he brings a deep knowledge and understanding of vulnerability assessment and penetration testing, as well as systems and network administration and auditing, to his work at Onapsis. Horan has previously worked for mid- and large-sized companies helping to design and maintain their security posture.

Alex's Session(s):

Back to top

Stephen Lamy, Virtual Forge

Stephen Lamy is the CEO and Managing Director of Virtual Forge, Inc., offering products and services for the prevention, detection and management of cybersecurity and stability issues in SAP systems and applications. His SAP career began as a developer in Walldorf 1990 where he spent 16 years leading development teams for HCM, Benefits, migration and integration tools for R/2, R/3, ECC, and SAP BbD. With Virtual Forge, Stephen continues to build on his reputation for producing innovative software that help companies reduce risk, increase efficiency, and improve the quality of their SAP systems.

Stephen's Session(s):

Back to top

Matt Lonstine, Symmetry Corporation

Matt Lonstine is a Client Manager at Symmetry, and leads a group of SAP Basis/SAP NetWeaver Technologists responsible for the delivery of managed services, and project consulting. He draws on eight years of hands-on Basis experience, deep expertise on Linux platforms, and an understanding of complex SAP environments to provide his customers with the solutions they require. His experiences include direction/execution of large-scale Heterogeneous Migrations, SAP HANA implementations, Disaster Recovery initiatives, and interdependent cross-landscape Upgrades. Matt also works closely with Engineering and Solution Architecture staff in the area of Symmetry Cloud strategy and services.

Matt's Session(s):

Back to top

Ivan Mans, ABAP-Experts.com

Ivan co-founded ABAP-Experts.com and is active as a chief technical architect for the ABAP-Experts product portfolio. With 20 years of SAP experience, across various industries, Ivan is the author of some widely spread SAP add-ons. Today Ivan’s focus I set on real-time intrusion detection for SAP.

Ivan's Session(s):

Back to top

Raymond Mastre, PwC

Raymond is a Director based in PwC's San Francisco office. For over 12+ years, Ray has specialized in SAP Security and the implementation of Governance Risk and Compliance (GRC) solutions. He has completed 10 global SAP security redesign projects and multiple end-to-end implementations of the SAP GRC Access Controls suite, including GRC version 10.x and the customization of client specific Segregation of Duties (SoD) rule sets. Recently, Ray completed a 3.5 year exchange program with the Zurich, Switzerland PwC office, where he led the business unit dedicated to providing compliance solutions for companies running SAP (SAP GRC, Approva One, Security Weaver, etc.). His technical expertise paired with his international perspective make him ideal for multi-national clients looking to optimize SAP GRC solutions.

Raymond's Session(s):

Back to top

Eugene Neyolov, ERPScan

Eugene Neyolov is the Head of R&D in ERPScan, a world-leading provider of cybersecurity solutions for SAP and Oracle. Eugene has invested his technical expertise into building a unique platform for vulnerability management and security monitoring of enterprise systems and business applications. His previous conference talks cover topics such as forensics, anti-forensics, cybercrime analysis, anti-fraud systems and business applications security. Currently, Eugene has applied research projects to advance attacks and anomalies detection with AI technologies.

Eugene's Session(s):

Back to top

Bill Oliver, Winterhawk Consulting

Bill is a founding Partner of Winterhawk Consulting , a SAP Services Partner ® and global provider of Governance, Risk, and Compliance (GRC) services. Bill has over 20 years’ experience in the field of SAP Information Security and auditing which includes large scale Security and GRC implementations as well as managerial roles in external audit, advisory, and assurance services. Bill holds a Master’s Degree in Information Technology from Boston University and is a Certified Information Systems Auditor (CISA).

Bill's Session(s):

Back to top

Juan Perez-Etchegoyen, Onapsis

Juan Pablo is the CTO at Onapsis, leading the Research teams that keeps the company on the cutting-edge of the business-critical application security market. He is responsible for the design, research and development of Onapsis' innovative software solutions, and helps manage the development of new products as well as the SAP cyber-serurity research that has garnered critical acclaim for the Onapsis Research Labs. He is regularly invited to speak and host trainings at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd/DCODE. Prior to joining Onapsis, Juan Pablo led many Information Security consultancy projects for Companies in Latin America, EE.UU. and Europe. His strongest experience is in the field of Penetration Testing, Web Application Testing, Vulnerabilities Research, Information Security Auditing’s and Standards.

Juan's Session(s):

Back to top

Regine Schimmer, SAP SE

Regine Schimmer is an SAP product manager responsible for the roll-out of SAP NetWeaver Identity Management and Single Sign-On. She has more than 10 years of experience with SAP security, identity and access management solutions.

Regine's Session(s):

Back to top

Sachin Singh, Deloitte

Sachin has around ten years of Information Technology consulting experience with a primary focus on Enterprise Resource Planning (ERP) and cloud application security design and implementation. He specializes in implementation and assessment of SAP security and controls, SAP governance, risk and compliance (GRC), and Identity and Access Management (IAM) systems. Sachin has served a wide range of clients in a variety of industries, including: Consumer Business; Media & Entertainment; Automotive; Manufacturing.

Sachin's Session(s):

Back to top

Justin Somaini, SAP

Justin Somaini heads the SAP Global Security (SGS) team. With more than 20 years of information security experience, he is responsible for SAP’s overall security strategy, ensuring that SAP and our customers have a consistent and convenient security experience and establishing SAP as a recognized and trusted leader in the industry. In his role Justin is accountable for 3 core domains, Physical Security, Product Security and Enterprise Security for all of SAP. Before joining SAP in 2015, Justin was Chief Trust Officer at Box, the world's leading enterprise software platform for content collaboration. Prior to Box, Justin held the role of Chief Information Security Officer (CISO) at Yahoo! And Symantec, VeriSign and Charles Schwab. In addition to his operational roles, he has advised numerous security companies such as Qualys, Palo Alto Networks, Sentinel Labs, Forcepoint and others. He serves on the board of MalwareBytes and is an avid early stage investor in companies like SourceClear and StackRox. Justin holds a Bachelor's of Science degree in Management Information Systems from Drexel University, Philadelphia. He serves as a Venture Advisor at YL Ventures.

Justin's Session(s):

Back to top

Abhishek Srivastava, Deloitte

Abhishek's Session(s):

Back to top

Frederik Weidemann, Virtual Forge

Frederik Weidemann is Head of Consulting at Virtual Forge GmbH with a focus on SAP Security for eleven years. He is co-author of the first book on ABAP Security "Sichere-ABAP Programmierung" by SAP Press and spoke at several SAP and Security related conferences like RSA, Troopers, OWASP and DSAG. Frederik frequently teaches on secure ABAP programming (course WDESA3) at SAP University in Walldorf and on SAP security for Virtual Forge's customers. He also writes articles on SAP Security on a regular basis and has found numerous Zero Day defects in Business Software. Frederik holds a German Diploma in Computer Science and scored several Capture-The-Flag hacking contests first or second place during his time in university.

Frederik's Session(s):

Back to top