Promote this Nomination

Additional Info

Job title of nominated professionalFounder and CTO
Company (where nominated professional or team is working)Kenna Security
Company size (employees)50 to 99
Headquarters RegionNorth America

In 3 bullets, summarize why this professional or team deserves recognition:

Ed​ ​has​ ​spent​ ​the​ ​past​ ​10+​ ​years​ ​of​ ​his​ ​career​ ​focused on​ ​improving​ ​security​ ​with​ ​a​ ​data-driven​ ​and evidence-based​ ​approach​ ​to​ ​security​ ​rather​ ​than​ ​the gut-feel​ ​and​ ​dogma​ ​the​ ​security​ ​profession​ ​has​ ​been using.​ ​His​ ​work​ ​has​ ​contributed​ ​to​ ​a​ ​shift​ ​in​ ​recent years​ ​to​ ​a​ ​risk-based​ ​approach​ ​that​ ​is​ ​focused​ ​on outcomes.
● Ed​ ​is​ ​passionate​ ​about​ ​the​ ​approach​ ​articulated​ ​in The​ ​New​ ​School​ ​of​ ​Information​ ​Security​​ ​(Shostack,

Adam​ ​&​ ​Stewart,​ ​Andrew,​ ​Addison​ ​Wesley Professional,​ ​2008)​ ​and​ ​promotes​ ​​taking​ ​a quantitative,​ ​evidence-based​ ​approach​ ​to​ ​security and​ ​to​ ​sharing​ ​information​ ​on​ ​threat​ ​activity, successful​ ​versus​ ​unsuccessful​ ​controls,​ ​and comparative​ ​metrics​ ​to​ ​ensure​ ​a​ ​more​ ​secure environment​ ​for​ ​all.
● With​ ​Kenna,​ ​Ed​ ​is​ ​helping​ ​other​ ​organizations​ ​use​ ​a data-driven​ ​risk-based​ ​approach​ ​to​ ​remediation


Ed​ ​Bellis​ ​is​ ​a​ ​security​ ​industry​ ​veteran​ ​and​ ​expert​ ​and​ ​was once​ ​named​ ​​Information​ ​Security​ ​Executive​ ​of​ ​the​ ​year​.​ ​He founded​ ​Kenna​ ​Security​ ​​to​ ​deliver​ ​a​ ​​data-driven​ ​risk-based approach​ ​to​ ​remediation​ ​and​ ​help​ ​IT​ ​teams​ ​prioritize​ ​and thwart​ ​would-be​ ​security​ ​threats​.
Ed​ ​is​ ​the​ ​former​ ​CISO​ ​at​ ​Orbitz​ ​and​ ​Bank​ ​of​ ​America.​ ​He​ ​also founded​ ​and​ ​served​ ​as​ ​CEO​ ​of​ ​HoneyApps.​ ​He​ ​is​ ​an​ ​advisor to​ ​Dharma​ ​and​ ​former​ ​advisor​ ​to​ ​ and​ ​Society​ ​of​ ​Payment​ ​Security​ ​Professionals.​ ​Ed​ ​is​ ​a contributing​ ​author​ ​to​ ​the​ ​book,​ ​​Beautiful​ ​Security​​ ​(Oram, Andy​ ​&​ ​Viega,​ ​John,​ ​O’Reilly​ ​Media,​ ​2009).
He​ ​is​ ​a​ ​frequent​ ​speaker​ ​at​ ​industry​ ​conferences.​ ​Recent engagements​ ​include​ ​the​ ​2017​ ​Enterprise​ ​Security​ ​Summit (Dos​ ​and​ ​Don’t​ ​of​ ​Establishing​ ​Metrics​ ​that​ ​Cultivate​ ​Real Security)​ ​and​ ​InfoSec​ ​World​ ​(Amateur​ ​Hour:​ ​Why​ ​APT’s​ ​Are the​ ​Least​ ​of​ ​Your​ ​Worries).