CISO Dinner

As a future-oriented information security executive my key strength is coaching and educating cybersecurity companies on listening to and interpreting the pain-points and priorities of enterprise customers. These insights help drive effective product strategies, go-to-market strategies and ongoing customer success. Over the years, I’ve had the privilege of advising several cyber entrepreneurs who are now thriving. On the heels of their success, I was looking for a new challenge. In 2020, I had the opportunity to meet with the Noname Security team early in its platform design. Recognizing that they were on the verge of solving several challenges in securing APIs, I wanted to be a part of their exciting adventure. I joined Noname as Chief Information Security Officer, where I’m currently establishing a rigorous standard for operational and security excellence, in addition to advocating for ongoing platform changes based on our customers’ needs. ABOUT NONAME SECURITY: Noname Security ensures secure APIs at the speed of business with the most powerful, complete and easy-to-use API security platform. How do I know it works? I was their first customer! I believe in the platform and want to share it with the world. According to Gartner, APIs will be the #1 attack vector by 2022. Gateways and WAFs don’t protect against API breaches or find misconfigurations. API testing and bug bounty programs have significant gaps, leaving businesses exposed. Noname resolves API vulnerabilities across 4 key pillars, or as we call it, DART: ➤ Discover ➤ Analyze ➤ Remediate ➤ Test We’ll find and take inventory of all existing APIs, use AI-based detection to illuminate risks, block attacks in real time and run tests to ensure API integrity before production. WHAT YOU CAN EXPECT: ➤ Solid engineering underpinning a product that’s ahead of the competition ➤ Flexible deployment model with many integrations that adapt to your business ➤ Coverage of the 3 main areas needed to protect APIs: posture management, detection and response and code security What are you doing to protect your company’s digital content? Keep your company’s APIs out of the news with Noname Security. LEARN MORE: See what our customers are saying about us and find more information on our website: www.nonamesecurity.com

Senior IT Security leader with cutting-edge industry certifications (CISSP, GIAC GSTRT, CrowdStrike) and 18+ years of expertise helping technology-driven organizations modernize their security practices, increase data privacy, reduce risk/liability, and achieve compliance with regulatory guidelines. Recognized throughout career for extensive technical depth, in addition to superior team leadership/mentoring skills and complementary strengths in project management, influencing, financial analysis, and collaboration. Passionate about helping companies think proactively about cyber-threats and build the scalable, adaptable, and mature security practices needed to prevent against an enormous range of IT-related threats and vulnerabilities. Core Strengths & Competencies: • IT Security & Threat Prevention • Technical Team Recruitment, Mentoring & Leadership • Data Privacy & Security Management • MSSP / SIEM / MDR Management • Regulatory Compliance (CCPA, GDPR, PCI) • Identity & Access Management (IAM) • Security Policy & Procedure Development / Enforcement • IT Governance & Risk Management • Technical Support & Training • Security Audits & Breach / Incident Response • Virus & Ransomware Prevention • Security Operations Centers (SOC) • Disaster Recovery & Continuity Planning • NIST & CIS Frameworks Software/Technology Expertise: • SIEM: QRadar, LogRhythm, FortiSIEM, Arctic Wolf • Vulnerability Management: Nessus Pro, Tenable.IO, Automox, Arctic Wolf • Network Security: Cisco FirePower IDS/IPS, Cisco Umbrella, FortiAnalyzer, Arctic Wolf • Endpoint Security: Microsoft SCEP, Symantec SEP, CrowdStrike Falcon • Email Security: FireEye, O365/Exchange, Abnormal Security • Identity & Access Management: Active Directory, RSA, OKTA • Training & Awareness: Cofense, Knowbe4

Proven and accomplished executive who provides the balance between technical understanding and strong strategic and operational leadership. Demonstrated track record in building and leading multiple companies to market and exit. Focus on U.S. Government, cyber security, commercial space, and IT modernization.

As an Information Technology professional for the past 35 years, my professional experience and educational background span most core disciplines of Information Technology from desktop support, to oversight of multi-million dollar Information technology initiatives and strategic partnering. I am a proven mentor, leader and team coordinator in Information Technology who fosters a proactive, healthy, hard working and collaborative work environments that are fine tuned for success. Areas of experience and specialty include: Specialties: ○ Executive Leadership and Strategic Planning ○ Health Information Security HIPAA ○ Information Security Governance / ISO 27000 Compliance ○ Risk Management and Mitigation Planning ○ Information Security Consultation and Program Development ○ Threat Vulnerability Scanning and Penetration Testing ○ Security Event Information Management Analytics ○ Data Classification - Loss Detection and Prevention ○ ISO 27000 Certification Audit and Security Compliance ○ Business Analysis and Process re-engineering ○ Incident Response - Business Continuity Management Planning ○ High-Profile Project Management ○ Thinking BIG and delivering HUGE!

Karl is known globally as a cybersecurity innovator with over 25 years of diverse experiences as an enterprise CISO, technology strategist, and startup advisor across technology, retail and financial industry verticals. He serves today as the CISO for Endor Labs, a startup focused on software supply chain security. Prior to joining Endor Labs, Karl served as the CISO for Noname Security, specializing in API and Application Security. Previously, Karl held several leadership positions in the Financial Service community, including CISO for City National Bank, and later PennyMac Financial Services. Additionally, he was an active member of the FS-ISAC Mortgage Risk Council, President of the LA Cyber Lab, Financial Services Sector Chief for InfraGard, graduate of the FBI CISO Academy, and Adjunct Faculty at the University of Minnesota for over 10 years.