CISO Dinner

EisnerAmper clients are based in the U.S., or comprised of U.S. business interests of foreign entities. To serve domestically-based clients with interests in financial services opportunities overseas, Eisner Amper offers the resources of offices in the UK, Israel, India and  EisnerAmper Global, with offices in the Cayman Islands, Singapore, and Ireland; as well as the services of Allinial Global. Todd, leads the information security team and is an experienced, detail-oriented, and innovative professional with proven performance in information security, enterprise-level systems administration, and project management.

Senior Cybersecurity professional with over 25 years experience in the financial services industry. I have both the technical and business background to bridge the gap between the two different worlds: Business Information Security Officer (BISO): Explained technology risks and their business impact to business sponsors. Prioritized solutions based on a cost / benefit analysis. Technology Risk Management & Governance: Managed programs to manage technology based on business impact, tracked risk registers and risk acceptances, identified and deployed both technical and operational solutions to address risk. Technology Compliance: Performed COBIT and FFIEC assessments, managed SoX assessments. A few highlights: + A systems thinker that can manage complexity. + Risk & Control Self Assessments (RCSAs) + Regular Reviews and Enhancements to Critical Controls + IT Compliance Management & Oversight + Technology Risk Assessments + 3rd Party Vendor Assessments + Identity & Access Management + Policy Development and Governance + Cyber Program & Technical Project Management + Data Leakage Protection & Data Privacy + Building and Developing High Performing Teams + Collaboration with Audit, Technology, Cyber & Business Stakeholders

Hello, my name is Rafi Buchnick. I am a risk and security expert with extensive experience leading cross-functional teams, assisting them in the delivery of secure IT solutions. I ensure protection for global business operations and mitigate cyber risks for multiple clients, worldwide and am recognized for my impeccable record, in protecting client business interests, and any further damages to operations, during forensic investigations. After serving as Captain in Israel’s IDF Intelligence Corps, I began my career working as Chairman of the Board, ‘Bashan’ Market and Productions. From there, I progressed to a position as Financial Controller, Schneider Children Medical Center, and then, as Division Deputy Head at the Israel Institute for Biological Research. The rest of my work history is detailed in this profile. For more than fifteen years, I have been involved in ensuring security operations and planning for business continuity, should there be a disruption in services and/or the occurrence of a natural or manmade disaster/cyberattack. I am successful because of my meticulous attention to detail, as well as my ability to communicate technical information in easy-to understand language. I know I am only as good as the team I assemble, so I take time to train, coach, and mentor team members for career growth and business success. My key areas of expertise include, but are not limited to, Information Security, Risk Assessments/Mitigation, Stakeholder Communication, Regulatory Compliance, Technology & Application Vulnerability Review, Investigations to Support Client Business Interests, Disaster Recovery & Business Continuity, Cross-Functional Team Collaboration, Cost Reduction, Project Management, Industry Best Practices, and Increasing Cyber Capabilities.

Pete Chestna serves as the CISO of North America at Checkmarx, where he provides customers and prospects with practical advice for building successful application security programs. Bringing more than 15 years of direct AppSec practitioner experience, Pete has held roles ranging from developer and development leader to his most recent position as the Global Head of AppSec for the Bank of Montreal. Over the years, Pete has led organizational transformations from Waterfall to Agile to DevOps and from monolith to microservice architectures. He is certified as both a scrum master and product owner. Stemming from his experience as both an avid practitioner and consultant, Pete has spoken internationally at numerous prominent security and developer conferences including DevOpsDays, All Day DevOps, OWASP AppSec, and DevSecCon. Pete has been granted 3 patents. He enjoys whiskey tourism, astronomy, model rocketry and listening to Rush in his spare time.