The Risk Based Security leadership team defines strategic plans for our organization, ensuring that we provide the highest value business-to-business cyber-threat intelligence services, risk management and consulting solutions.
President & Chief Executive Officer
Barry has more than 20 years of demonstrated success in building information security and professional services businesses. Barry leads the organization’s efforts to grow the global demand for RBS’ cyber-threat security intelligence, risk management services and consulting solutions.
Barry is a CISSP with a degree in Statistics from Virginia Tech and an M.S. in Industrial Engineering from NDSU. He is an ISO 27001 Trained Auditor & ISMS Implementer and is ITIL Foundation Certified. Prior to co-founding RBS, Barry served as VP of Information Security Risk Assessment at Southeast Corporate Federal Credit Union and while there launched an information security consulting practice serving its members. Before Southeast Corporate, he was the owner of SQM-Advisors, providing thought leadership and consulting services in information security, quality assurance and IT Service Management. Barry also served as Operations VP and Security Practice Director for Churchill & Harriman and Regional Director for Kelly IT Resources. Barry served in the US Air Force as a B-52H bombardier.
Chief Information Security Officer and Chief Operating Officer
Jake Kouns is the CISO for Risk Based Security that provides vulnerabilities and data breach intelligence. He previously oversaw the operations of the Open Sourced Vulnerability Database (OSVDB.org) and DataLossDB. Kouns has presented at many well-known security conferences, including RSA, Black Hat, DEF CON, DerbyCon, Bsides, CISO Executive Summit, IEEE, FIRST, CanSecWest, InfoSecWorld, SOURCE and SyScan.
He is the co-author of Information Technology Risk Management in Enterprise Environments, Wiley, 2010, and The Chief Information Security Officer, IT Governance, 2011. He holds both a bachelor of business administration and master of business administration degree from James Madison University, with a concentration in information security. In addition, he holds a number of certifications, including: ISC2’s CISSP, and ISACA’s CISM, CISA and CGEIT.
He has briefed the DHS and Pentagon on Cyber Liability Insurance issues and is frequently interviewed as an expert in the security industry by Information Week, eWeek, Forbes, PC World, CSO, and CIO Magazine. He has appeared on CNN as well as the Brian Lehrer Show, and was featured on the cover of SCMagazine.
Chief Research Officer
Carsten Eiram is an information security researcher with an extensive reverse engineering background and nearly 300 vulnerability discoveries credited to his name – many in high-profile products from major software vendors including: Microsoft, Adobe, Symantec, IBM, Apple, Novell, SAP, Rockwell, Schneider Electric, Blue Coat, and Trend Micro.
Carsten has managed large vulnerability database (VDB) teams for almost 20 years and is considered one of the leading experts in the VI (Vulnerability Intelligence) field with comprehensive knowledge and hands-on experience. He is one of few that truly understand root causes and vulnerability trends and has spent a good part of his career analyzing software to determine code quality and promoting the concept of Code Maturity in order to provide a reliable metric to evaluate the secure coding efforts by vendors.
Carsten has been interviewed for numerous news articles about software security and has presented at conferences such as FIRST Conference, RSA Conference, DEF CON, RVAsec as well as keynoting Defcamp 2013. He is also a regular contributor to the “Threat of the Month” column in SC Magazine, a credited contributor for the “CWE/SANS Top 25 Most Dangerous Software Errors” list, and was previously a member of the CVE Editorial Board and FIRST VRDX-SIG.
Executive Vice President, Managing Director of Insurance Services
Inga has been involved with specialty insurance coverages since 1993 and brings a wealth of experience with all facets of risk transfer. Her focus includes the strategic management of data privacy and security exposures, with an emphasis on leveraging data-driven risk assessment to build sustainable programs and product profitability. As the leader of the insurance practice group at Risk Based Security, Inga is responsible for a variety of client advisory services including identification of data security and privacy exposures, policyholder risk management support and the development and implementation of cost effective breach response solutions. As a strong advocate for sharing knowledge, Inga has presented at a variety of industry forums and has led many continuing educations sessions throughout the U.S. She currently holds a CIPP/US designation.
Vice President of Vulnerability Intelligence
Brian Martin has been studying, collecting, and cataloging vulnerabilities for 20 years, personally and professionally. Starting with a personal collection organized in the FILES.BBS format and ultimately becoming the Content Manager of the Open Sourced Vulnerability Database (OSVDB), he has pushed for the evolution of VDBs for years. Via blogs, presentations, and public dialogue on social media, Martin has challenged every major vulnerability database to improve their processes and coverage, but none more so than the one he manages.
Brian has been involved in all aspects of the vulnerability disclosure process, including finding new vulnerabilities, writing advisories, coordinating disclosure, and working with a variety of organizations to improve vulnerability handling and response. This includes feedback and contributions to major vendor security programs and more recently, companies that manage bounty programs on behalf of vendors. Additionally, Brian was on the CVE Editorial Board and remains a sought after speaker for many security conferences.
European Director, Security and Risk Intelligence
Michael Mortensen is a highly accomplished Senior Account Executive and draws on 14 years of experience in the threat intelligence and risk management industry in a variety of positions. Most notably he was Senior Managing Consultant – Vulnerability Intelligence at Secunia where he excelled in developing client relationships and driving sales growth. Mortensen also worked for NSS Labs as the European Director of Enterprise Accounts and as a Senior Account Executive with Gartner.
Michael was a key contributor to the immense success that Secunia had since its inception. Michael has excelled and become one of the most experienced Enterprise sales and Vulnerability Management consultants within the industry. Michael has been represented in many key communities related to IT Security and has become a very familiar name in the industry.