Phil Agcaoili

From Wikipedia, the free encyclopedia
Phil Agcaoili
Born
Philippines
CitizenshipAmerican
Alma materVirginia Tech
Rensselaer Polytechnic Institute
Georgia State University
Known forLeadership
Cybersecurity
Information Security
Privacy
Cloud Computing
Mixed Martial Arts
Scientific career
FieldsInformation Technology
Hacker (computer security)
InstitutionsGeneral Electric
Lockheed Martin

VeriSign

Alcatel
Scientific-Atlanta
Cisco
Dell
Cox Communications
Elavon
U.S. Bancorp

Phil Agcaoili (also known as philA[1]) is an accomplished leader,[2] technologist,[3][4] entrepreneur,[5] and a cyber security, information security, and privacy expert. He was named as one of the 100 Top Security Influencers To Follow in 2019 (Top Influencers 01–20) by CISO Platform.[6][7] He authored a chapter in the book CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers.[8][9]

Phil was the Senior Vice President of Product & Security Innovation at Elavon,[10] a Senior Vice President at U.S. Bancorp,[11] chairman of the Fellows,[12] a Distinguished Fellow of the Ponemon Institute,[13] a Founding Member of the Cloud Security Alliance,[14] co-inventor and co-author of the Cloud Security Alliance Cloud Controls Matrix (CCM),[15] a standards developer for the Electronic Discovery Reference Model (EDRM),[16] and a contributor to the NIST Cyber Security Framework.[17][18]

He is a 4-time Chief Information Security Officer at Elavon,[19] Cox Communications,[20] VeriSign,[21] and SecureIT.[21] Phil was a committee co-chair for the Federal Communications Commission (FCC) Communications Security, Reliability and Interoperability Council (CSRIC) II[22] and CSRIC III,[23] served as a committee co-chair for cyber security on the Communications Sector Coordinating Council (CSCC),[24] and was a member of the Communications Information Sharing and Analysis Center (Communications ISAC).[25] He was on the Board of Advisors of the Payment Card Industry (PCI) Security Standards Council (SSC)[26] and on the steering committee of the FS-ISAC Payments Processing Information Sharing Council (PPISC).[27]

Phil co-founded SecureIT and sold it to VeriSign at the height of the Dot.com era.[28] He was on the board of directors for Mobile Active Defense,[29][30] and was on the Advisory Boards of Cybersecurity Ventures, Qualys[31] and Rapid7.[32]

Education[]

Phil Agcaoili graduated from Columbia High School in East Greenbush, New York in 1989, studied aerospace engineering at Virginia Tech in Blacksburg, Virginia, received a Bachelor of Science in mechanical engineering from Rensselaer Polytechnic Institute in Troy, New York in 1993, and attended Georgia State University in Atlanta, Georgia for an MBA in computer information systems. He was inducted into the Mechanical Engineering Honor Society Pi Tau Sigma in 1991[33] at Rensselaer Polytechnic Institute[34] and was inducted into the East Greenbush Education Foundation Hall of Fame in 2011.[35]

Career[]

Agcaoili started his career at General Electric.

He co-founded and was the Chief Information Security Officer of SecureIT in 1996,[36] which was one of the first pure-play Internet security services providers that was acquired by Verisign in 1998 for $70M.[37] After the acquisition, he became VeriSign's first CISO.[38] He was an early foundation member at Internet Devices, which was acquired by Alcatel in 1999 for $180M.[39] He was the Chief Security Architect [40] at Scientific-Atlanta, which was acquired by Cisco in 2005 for $6.9B.[41]

He co-founded the Southern CISO Security Council in 2006.[42]

While at Dell in 2008, he set security standards for Cloud computing as a Founding Member and Steering Committee member of the Cloud Security Alliance.[43] He co-invented and co-authored the Cloud Controls Matrix (CCM) in 2009[44] (versions 1.0, 1.1, and 1.2), co-founded the GRC Stack in 2010,[45] and co-founded the Security, Trust & Assurance Registry (STAR) in 2011.[46]

Agcaoili was named the Chief Information Security Officer at Cox Communications in 2009.[47]

He has helped shape cyber security best practices for U.S. Telecoms as a committee co-chair for the Federal Communications Commission (FCC) Communications Security, Reliability and Interoperability Council (CSRIC) II [22] Work Group 2A (Cyber Security Best Practices) in 2010,[48] served on the NCTA Cyber Security Work Group as an inaugural member,[49][50] played an instrumental role in 2012[51] in the FCC CSRIC III [52] Work Group 11 (Consensus Cyber Security Controls),[23] served as a committee co-chair for cyber security on the Communications Sector Coordinating Council (CSCC),[24] was a member of the Communications Information Sharing and Analysis Center (Communications ISAC),[53] and was an industry representative on the National Coordinating Center for Communications (NCCC).[53]

He was inducted into the as a Distinguished Fellow in 2011[54] and then appointed the Chairman of the Ponemon Institute Distinguished Fellows in 2012.[55][56]

He has been instrumental in shaping United States cyber security efforts.[57][58][59][60][61][62][63][64][65][66][67][68] Throughout 2013 he helped the National Institute of Standards and Technology develop the first version of the U.S. Cybersecurity Framework (NIST CSF) released as the Framework for Improving Critical Infrastructure Cybersecurity (FICIC) on February 12, 2014.[69] In 2013, Agcaoili was appointed as a co-chair for the FCC CSRIC IV Working Group 4 – Cybersecurity Best Practices[70] in order to help operationalize the Framework into practice within the Communications sector by updating and aligning his previous effort co-chairing the FCC CSRIC II Work Group 2A (Cyber Security Best Practices) with the NIST CSF.

In 2013, through a partnership with the Cloud Security Alliance and the American Institute of Certified Public Accountants (AICPA), a team of industry experts and the founder of the Service Organization Control (SOC) released seminal guidance[71] that reshaped how companies demonstrate and attest for their security and privacy practices by incorporating additional subject matter such as the CSA Cloud Controls Matrix in the type 2 SOC2 attestation standard and assessed using the AT 101 proven auditing principles. This replaced the SAS 70 auditing standard and augmented the successor, SSAE 16 SOC 1, to attest for internal controls over financial reporting.

.[72][73]

Agcaoili was appointed the Vice President and Chief Information Security Officer of Elavon in 2014.[19] He serves on the FS-ISAC [74] and on the Payments Processing Information Sharing Council (PPISC).[75] steering committee.[27] He was promoted to Senior Vice President at US Bank in 2015.[76]

He was nominated to serve a two-year term on the Board of Advisors of the PCI Security Standards Council in 2015.[77][78]

He has served on the Editorial Advisory Board for TechTarget Security Media Group Information Security Magazine,[79] Advisory Board for CSO Magazine,[80] Advisory Board for CIO Magazine,[81] Editorial Advisory Board for CSO MAG,[82] Governing Body Co-chair for Evanta CISO Leadership Network,[83] Founding Advisory Council for CISO Executive Network in Atlanta,[84] Founding Member and CISO Advisory Council for Wisegate,[85] Advisory Board for the RSA Executive Security Action Forum (ESAF),[86] and advisory board for SecureWorld Expo in Atlanta, Houston, and Dallas.[87] He has served 10 times as a judge for the Information Security Executive (ISE®) Awards [88][89][90][91][92][93] and was on the advisory board for the Worldwide Executive Council Goldman Sachs CISO Council and the Citibank CISO Council.[94]

Information Security and Cyber Security Industry Contributions[]

Recognition[]

References[]

  1. ^ "Don't Reinvent the Wheel: Phil Agcaoili on the Cyber Security Framework - The State of Security". The State of Security.
  2. ^ CEB INC. (08/10/2017). "Finalists Named For Evanta's CISO Summit Breakaway Leadership Awards". Public. {{cite web}}: Check date values in: |date= (help)
  3. ^ Newswire.com (October 12, 2018). "T.E.N. Announces Gazelle Champion of the 2018 ISE® Lions' Den and Jungle Lounge". Digital Journal.
  4. ^ Yahoo! Finance (February 14, 2014). "Investorideas.com Security Conference Features Premier Thought Leaders in Biometrics and Cybersecurity; Adds Janice Kephart, Founder and CEO of Secure Identity and Biometrics Association (SIBA) and Phil Agcaoili, Chairman, Ponemon Institute Fellows, Co-Founding Member, Cloud Security Alliance and Board Member, Mobile Active Defense to Speaker List". Yahoo! Finance.
  5. ^ "Mobile Active Defense Board of Advisors Welcomes Phil Agcaoili of Cox Communications". Security today. May 4, 2011.
  6. ^ "World's Top IT Security Influencers - Category: All Influencers". CISO Platform. December 2018.
  7. ^ "100 Top Security Influencers To Follow In 2019". CISO Platform. December 11, 2018.
  8. ^ Fitzgerald, Todd (2019). CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers. CRC Press. ISBN 978-1498740449.
  9. ^ Fitzgerald, Todd (December 2018). CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers. ISBN 9780429677830.
  10. ^ Reid, Georgia (January 28, 2019). "First Ever FutureCon Event A Day Of Networking And Thought Leadership". Cybersecurity Ventures.
  11. ^ "PHIL AGCAOILI NOMINATED TO PCI SECURITY STANDARDS COUNCIL BOARD OF ADVISORS". Elavon. Archived from the original on 21 September 2015. Retrieved 19 May 2015.
  12. ^ "Ponemon Fellows". ponemon.org.
  13. ^ "Ponemon Institute Fellows". Ponemon Institute. Ponemon Institute.
  14. ^ "Cloud Security Alliance About Page". Cloud Security Alliance. Cloud Security Alliance.
  15. ^ "CSA Cloud Controls Matrix". cloudsecurityalliance.org. Cloud Security Alliance.
  16. ^ "EDRM 2011-2012 Individuals". edrm.net. EDRM. Archived from the original on 2015-11-17. Retrieved 2015-11-14.
  17. ^ Orange, Lamont (December 13, 2013). "NIST CSF v1.0 Public Comments from Lamont Orange based on input from Phil Agcaoili". NIST.
  18. ^ Miller, Jason (October 23, 2013). "NIST's cyber framework moves toward implementation stage". Federal News Network.
  19. ^ a b Joan Goodchild (7 April 2014). "Elavon appoints Agcaoili as new CISO". CSO Online.
  20. ^ Slater, Derek (October 27, 2009). "Cox Communications Names Agcaoili CISO". CSO Magazine.
  21. ^ a b "RSA Conference Speakers - Phil Agcaoili". RSA Conference.
  22. ^ a b http://transition.fcc.gov/pshs/advisory/csric/wg-2a-members.pdf[bare URL PDF]
  23. ^ a b http://transition.fcc.gov/bureaus/pshs/advisory/csric3/CSRIC_III_WG11_Report_March_%202013Final.pdf[bare URL PDF]
  24. ^ a b "Leadership - Communications Sector Coordinating Council (CSCC)". Communications Sector Coordinating Council (CSCC). Archived from the original on 2015-01-18. Retrieved 2015-01-17.
  25. ^ Goodchild, Jane (April 7, 2014). "Elavon Appoints Agcaoili as New CISO". CSO Magazine.
  26. ^ "Phil Agcaoili Nominated to PCI Security Standards Council Board of Advisors". Reuters. May 19, 2015. Archived from the original on November 17, 2015. Retrieved July 1, 2017.
  27. ^ a b "2018 ICMCP National Conference Speaker Profile". ICMCP. September 17–19, 2018.
  28. ^ Report, Wired News (July 6, 1998). "VERISIGN BUYS SECUREIT". WIRED.
  29. ^ Board of Directors | Mobile Active Defense
  30. ^ "Mobile Active Defense Welcomes Phil Agcaoili of Cox Communications to the Board of Advisors". FierceTelecom. Archived from the original on 2015-01-18. Retrieved 2015-01-17.
  31. ^ "Qualys News". qualys.com.
  32. ^ "Phil Agcaoili: Executive Profile & Biography - Businessweek". Bloomberg News. Retrieved 13 November 2015.
  33. ^ "6-Rensselaer-Phi-1990-1999.pdf e. Rensselaer Phi F1991 #438 (2).pdf" (PDF). pitausigma.net. Archived from the original (PDF) on 2015-01-18. Retrieved 2015-01-17.
  34. ^ "RPI Pi Tau Sigma". rpi.edu.
  35. ^ "East Greenbush Education Foundation Alumni Hall of Fame Members". egedfoundation.org.
  36. ^ "SECUREIT, INC. - GeorgiaCorporates – Company Profiles of Georgia". georgiacorporates.com.
  37. ^ Dow Jones Newswires (6 July 1998). "VeriSign Acquires SecureIT For About $70 Million in Stock". WSJ.
  38. ^ Goodchild, Joan (October 2012). "State of the CSO 2012: Ready for anything". csoonline.com. CSO Magazine.
  39. ^ Dow Jones Newswires (17 June 1999). "Alcatel Will Pay $180 Million To Acquire Internet Devices". WSJ.
  40. ^ "Industry Experts Participate in Judges Panel for the Information Security Executive (ISE) of the Year Southeast Awards™". marketwired.com. Executive Alliance.
  41. ^ Nancy Gohring (18 November 2005). "Cisco buys Scientific-Atlanta for $6.9 billion". Network World.
  42. ^ "Phillip Agcaoili". gaissa.org. Archived from the original on 2015-01-18. Retrieved 2015-01-17.
  43. ^ "About". cloudsecurityalliance.org.
  44. ^ "Cloud Controls Matrix (CCM)". cloudsecurityalliance.org.
  45. ^ "GRC Stack". cloudsecurityalliance.org.
  46. ^ "CSA Security, Trust & Assurance Registry (STAR)". cloudsecurityalliance.org.
  47. ^ Derek Slater (27 October 2009). "Cox Communications Names Agcaoili CISO". CSO Online. Archived from the original on 18 January 2015. Retrieved 17 January 2015.
  48. ^ "CSRIC". fcc.gov.
  49. ^ http://www.ncta.com/PublicationType/Letter/Joint-Letter-on-Cybersecurity-Legislation.aspx[permanent dead link]
  50. ^ "Archived copy". Archived from the original on 2012-01-04. Retrieved 2015-01-17.{{cite web}}: CS1 maint: archived copy as title (link)
  51. ^ Danny Yadron (19 March 2013). "Internet Providers Persuade FCC Panel Against Cybersecurity Recommendations". WSJ.
  52. ^ Communications Security, Reliability and Interoperability Council III | FCC.gov
  53. ^ a b National Coordinating Center for Communications | Homeland Security
  54. ^ "Press Releases". mediaroom.com. Archived from the original on 2011-08-16. Retrieved 2015-01-17.
  55. ^ "Ponemon Institute Fellows". ponemon.org. Ponemon Institute.
  56. ^ "New York Security Conference Adds Dr. Clay Wilson, Program Director for Cybersecurity at American Public University System APEI, Implant Sciences (otcqb:IMSC), Applied DNA Sciences (otcqb:APDN); Cybersecurity, Explosives Detection and DNA Based Security to Be Discussed". marketwatch.com. Marketwired via COMTEX.
  57. ^ "Regulatory Compliance Archives".
  58. ^ http://csrc.nist.gov/cyberframework/framework_comments/20131125_phil_agcaoli_unaffiliated.pdf[bare URL PDF]
  59. ^ Cybersecurity Leader Offers Alternative Version to NIST Framework ~ DigitalCrazyTown
  60. ^ "Comments on NIST framework begin to emerge, echoing longstanding concerns". Archived from the original on 2015-01-18. Retrieved 2015-01-18.
  61. ^ A Look at NIST’s Preliminary Cybersecurity Framework - Secuilibrium, LLC
  62. ^ http://www.ten-inc.com/lib/2013_NIST_Town_Meeting.asp
  63. ^ Uplogix Local Management Blog: NIST cybersecurity framework development continues
  64. ^ New York Defense and Security Conference Features Session on Exploring the NIST Cybersecurity Framework and Implementation
  65. ^ Protecting Critical Infrastructure: Input Data | Threatpost | The first stop for security news
  66. ^ NIST's cyber framework moves toward implementation stage - FederalNewsRadio.com
  67. ^ NIST concludes cybersecurity framework workshops as agency prepares for Feb. deadline | SmartBrief
  68. ^ Establishing Stronger Standards for Data Breach Protection : Wednesday, October 08, 2014
  69. ^ "Archived copy" (PDF). Archived from the original (PDF) on 2016-08-04. Retrieved 2017-07-13.{{cite web}}: CS1 maint: archived copy as title (link)
  70. ^ "CSRIC IV Working Group Descriptions and Leadership" (PDF). transition.fcc.gov. FCC. Retrieved 4 September 2013.
  71. ^ "About the CSA Position Paper on AICPA Service Organization Control Reports". Cloud Security Alliance.
  72. ^ "CSA Drafts New SOC Position Paper". Cloud Security Alliance.
  73. ^ "Leading Cloud Security Group Endorses AICPA's Reporting Framework for Evaluating Controls Over Cloud Providers". aicpa.org. American Institute of CPAs. Archived from the original on 2016-01-13. Retrieved 2015-11-14.
  74. ^ FS-ISAC : Financial Services - Information Sharing and Analysis Center
  75. ^ "FS-ISAC - Payments Processing Information Sharing Council (PPISC)". Archived from the original on 2014-12-21. Retrieved 2015-01-18.
  76. ^ "Hyperconnected, Safe, and Secure?". CIO Review. February 9, 2015.
  77. ^ "About US - PCI Security Standards Council Board of Advisors".
  78. ^ "Latest News / PHIL AGCAOILI NOMINATED TO PCI SECURITY STANDARDS COUNCIL BOARD OF ADVISORS". Elavon.com. Elavon. Archived from the original on 2015-11-17. Retrieved 2015-11-14.
  79. ^ http://docs.media.bitpipe.com/io_12x/io_120388/item_1061312/ISM_Dec_final.pdf[bare URL PDF]
  80. ^ "CSO40 Security Confab + Awards Conference". etouches.com.
  81. ^ "CIO Executive Events". cioperspectives.com.
  82. ^ "CISO MAG Editorial Advisory Board". EC|Council.
  83. ^ "Evanta : CISO : Summits : Atlanta". evanta.com.
  84. ^ "Advisory Council". cisoexecnet.com.
  85. ^ Wisegate's Information Security Pros Join Forces to Counter Escalating Hacker Attacks
  86. ^ "Executive Security Action Forum". rsaconference.com.
  87. ^ "Atlanta Advisory Board - SecureWorld 2015". secureworldexpo.com.
  88. ^ "Security Industry Award Winners and Experts Named as Distinguished Panel of Judges for the ISE New England Awards 2005". SYS-CON.TV. MARKET WIRE. Retrieved 2 May 2005.
  89. ^ "Judges, Speakers and Award Presenters 2013". ten-inc.com. T.E.N.
  90. ^ "T.E.N. Announces 2012 Information Security Executive® (ISE®) of the Decade Southeast Award Nominees". Fiserv. PRWEB. Retrieved 15 February 2012.
  91. ^ "Judges, Speakers and Presenters 2010". ISE® Central 2010. T.E.N.
  92. ^ "Industry Experts Participate in Judges Panel for the Information Security Executive (ISE) of the Year Southeast Awards™". MARKET WIRE. Executive Alliance. Retrieved 17 January 2006.
  93. ^ T.E.N. - ISE® North America Judges, Speakers and Presenters 2011
  94. ^ "Executive Council". executivecouncil.com.
  95. ^ "Cybersecurity Framework". 12 November 2013.
  96. ^ cloud_computing_security_&_governance-isaca.pdf - File Shared from Box
  97. ^ "RE: [Capwap] Selecting Protocols to evaluate".
  98. ^ "Control and Provisioning of Wireless Access Points (Capwap) -".
  99. ^ "Archived copy". www.tifaware.com. Archived from the original on 19 January 2015. Retrieved 3 February 2022.{{cite web}}: CS1 maint: archived copy as title (link)
  100. ^ "update-nessusrc". Archived from the original on 2015-01-18. Retrieved 2015-01-18.
  101. ^ T.E.N. - ISE® Central 2009
Retrieved from ""