Promote this Nomination

Additional Info

Job title of nominated professional (or team name)Founder and CTO
Company (where nominated professional or team is working)Kenna Security
Company size (employees)50 to 99
Headquarters RegionNorth America

In 3 bullets, summarize why this professional or team deserves recognition:

Ed​ ​has​ ​spent​ ​the​ ​past​ ​10+​ ​years​ ​of​ ​his​ ​career​ ​focused on​ ​improving​ ​security​ ​with​ ​a​ ​data-driven​ ​and evidence-based​ ​approach​ ​to​ ​security​ ​rather​ ​than​ ​the gut-feel​ ​and​ ​dogma​ ​the​ ​security​ ​profession​ ​has​ ​been using.​ ​His​ ​work​ ​has​ ​contributed​ ​to​ ​a​ ​shift​ ​in​ ​recent years​ ​to​ ​a​ ​risk-based​ ​approach​ ​that​ ​is​ ​focused​ ​on outcomes.
● Ed​ ​is​ ​passionate​ ​about​ ​the​ ​approach​ ​articulated​ ​in The​ ​New​ ​School​ ​of​ ​Information​ ​Security​​ ​(Shostack,

Adam​ ​&​ ​Stewart,​ ​Andrew,​ ​Addison​ ​Wesley Professional,​ ​2008)​ ​and​ ​promotes​ ​​taking​ ​a quantitative,​ ​evidence-based​ ​approach​ ​to​ ​security and​ ​to​ ​sharing​ ​information​ ​on​ ​threat​ ​activity, successful​ ​versus​ ​unsuccessful​ ​controls,​ ​and comparative​ ​metrics​ ​to​ ​ensure​ ​a​ ​more​ ​secure environment​ ​for​ ​all.
● With​ ​Kenna,​ ​Ed​ ​is​ ​helping​ ​other​ ​organizations​ ​use​ ​a data-driven​ ​risk-based​ ​approach​ ​to​ ​remediation

Brief Overview

Ed​ ​Bellis​ ​is​ ​a​ ​security​ ​industry​ ​veteran​ ​and​ ​expert​ ​and​ ​was once​ ​named​ ​​Information​ ​Security​ ​Executive​ ​of​ ​the​ ​year​.​ ​He founded​ ​Kenna​ ​Security​ ​​to​ ​deliver​ ​a​ ​​data-driven​ ​risk-based approach​ ​to​ ​remediation​ ​and​ ​help​ ​IT​ ​teams​ ​prioritize​ ​and thwart​ ​would-be​ ​security​ ​threats​.
Ed​ ​is​ ​the​ ​former​ ​CISO​ ​at​ ​Orbitz​ ​and​ ​Bank​ ​of​ ​America.​ ​He​ ​also founded​ ​and​ ​served​ ​as​ ​CEO​ ​of​ ​HoneyApps.​ ​He​ ​is​ ​an​ ​advisor to​ ​Dharma​ ​and​ ​former​ ​advisor​ ​to​ ​ and​ ​Society​ ​of​ ​Payment​ ​Security​ ​Professionals.​ ​Ed​ ​is​ ​a contributing​ ​author​ ​to​ ​the​ ​book,​ ​​Beautiful​ ​Security​​ ​(Oram, Andy​ ​&​ ​Viega,​ ​John,​ ​O’Reilly​ ​Media,​ ​2009).
He​ ​is​ ​a​ ​frequent​ ​speaker​ ​at​ ​industry​ ​conferences.​ ​Recent engagements​ ​include​ ​the​ ​2017​ ​Enterprise​ ​Security​ ​Summit (Dos​ ​and​ ​Don’t​ ​of​ ​Establishing​ ​Metrics​ ​that​ ​Cultivate​ ​Real Security)​ ​and​ ​InfoSec​ ​World​ ​(Amateur​ ​Hour:​ ​Why​ ​APT’s​ ​Are the​ ​Least​ ​of​ ​Your​ ​Worries).