The Risk Based Security leadership team defines strategic plans for our organization, ensuring that we provide the highest value business-to-business cyber-threat intelligence services, risk management and consulting solutions.
Our Team
Barry Kouns, President & Chief Executive Officer
Barry has more than 20 years of demonstrated success in building information security and professional services businesses. Barry leads the organization’s efforts to grow the global demand for RBS’ cyber-threat security intelligence, risk management services and consulting solutions.
Barry is a CISSP with a degree in Statistics from Virginia Tech and an M.S. in Industrial Engineering from NDSU. He is an ISO 27001 Trained Auditor & ISMS Implementer and is ITIL Foundation Certified. Prior to co-founding RBS, Barry served as VP of Information Security Risk Assessment at Southeast Corporate Federal Credit Union and while there launched an information security consulting practice serving its members. Before Southeast Corporate, he was the owner of SQM-Advisors, providing thought leadership and consulting services in information security, quality assurance and IT Service Management. Barry also served as Operations VP and Security Practice Director for Churchill & Harriman and Regional Director for Kelly IT Resources. Barry served in the US Air Force as a B-52H bombardier.
Jake Kouns, Chief Information Security Officer and Chief Operating Officer
Jake Kouns is the CISO for Risk Based Security that provides vulnerabilities and data breach intelligence. He previously oversaw the operations of the Open Sourced Vulnerability Database (OSVDB.org) and DataLossDB. Kouns has presented at many well-known security conferences, including RSA, Black Hat, DEF CON, DerbyCon, Bsides, CISO Executive Summit, IEEE, FIRST, CanSecWest, InfoSecWorld, SOURCE and SyScan.
He is the co-author of Information Technology Risk Management in Enterprise Environments, Wiley, 2010, and The Chief Information Security Officer, IT Governance, 2011. He holds both a bachelor of business administration and master of business administration degree from James Madison University, with a concentration in information security. In addition, he holds a number of certifications, including: ISC2’s CISSP, and ISACA’s CISM, CISA and CGEIT.
He has briefed the DHS and Pentagon on Cyber Liability Insurance issues and is frequently interviewed as an expert in the security industry by Information Week, eWeek, Forbes, PC World, CSO, and CIO Magazine. He has appeared on CNN as well as the Brian Lehrer Show, and was featured on the cover of SCMagazine.
Carsten Eiram, Chief Research Officer
Carsten Eiram is an information security researcher with an extensive reverse engineering background and more than 150 vulnerability discoveries credited to his name – many in high-profile products from major software vendors including: Microsoft, Adobe, Symantec, IBM, Apple, Novell, SAP, Rockwell, Schneider Electric, Blue Coat, and Trend Micro.
Carsten has managed large vulnerability database (VDB) teams for 10+ years and is considered one of the leading experts in the VI (Vulnerability Intelligence) field with comprehensive knowledge and hands-on experience. He is one of few that truly understand root causes and vulnerability trends and has spent a good part of his career analyzing software to determine code quality and promoting the concept of Code Maturity in order to provide a reliable metric to evaluate the secure coding efforts by vendors.
Carsten has been interviewed for numerous news articles about software security and has presented at conferences such as FIRST Conference, RSA Conference, DEF CON, RVAsec as well as keynoting Defcamp 2013. He is also a regular contributor to the “Threat of the Month” column in SC Magazine, a credited contributor for the “CWE/SANS Top 25 Most Dangerous Software Errors” list, and member of the CVE Editorial Board and FIRST VRDX-SIG.
Inga Goddijn, Executive Vice President, Managing Director of Insurance Services
Inga has been involved with specialty insurance coverages since 1993 and brings a wealth of experience with all facets of risk transfer. Her focus includes the strategic management of data privacy and security exposures, with an emphasis on leveraging data-driven risk assessment to build sustainable programs and product profitability. As the leader of the insurance practice group at Risk Based Security, Inga is responsible for a variety of client advisory services including identification of data security and privacy exposures, policyholder risk management support and the development and implementation of cost effective breach response solutions. As a strong advocate for sharing knowledge, Inga has presented at a variety of industry forums and has led many continuing educations sessions throughout the U.S. She currently holds a CIPP/US designation.
Brian Martin, Vice President of Vulnerability Intelligence
Brian Martin has been studying, collecting, and cataloging vulnerabilities for 20 years, personally and professionally. Starting with a personal collection organized in the FILES.BBS format and ultimately becoming the Content Manager of the Open Sourced Vulnerability Database (OSVDB), he has pushed for the evolution of VDBs for years. Via blogs, presentations, and public dialogue on social media, Martin has challenged every major vulnerability database to improve their processes and coverage, but none more so than the one he manages.
Brian has been involved in all aspects of the vulnerability disclosure process, including finding new vulnerabilities, writing advisories, coordinating disclosure, and working with a variety of organizations to improve vulnerability handling and response. This includes feedback and contributions to major vendor security programs and more recently, companies that manage bounty programs on behalf of vendors. Additionally, Brian is on the CVE Editorial Board and remains a sought after speaker for many security conferences.
Michael Mortensen, European Director, Security and Risk Intelligence
Michael Mortensen is a highly accomplished Senior Account Executive and draws on 14 years of experience in the threat intelligence and risk management industry in a variety of positions. Most notably he was Senior Managing Consultant – Vulnerability Intelligence at Secunia where he excelled in developing client relationships and driving sales growth. Mortensen also worked for NSS Labs as the European Director of Enterprise Accounts and as a Senior Account Executive with Gartner.
Michael was a key contributor to the immense success that Secunia had since its inception. Michael has excelled and become one of the most experienced Enterprise sales and Vulnerability Management consultants within the industry. Michael has been represented in many key communities related to IT Security and has become a very familiar name in the industry.
Glenn Dardick, Forensics and Breach Response
Dr. Glenn S. Dardick’s 40 years of IT managerial and technical experience has been utilized in commercial, non-profit, academic, and government enterprises and has also served as a basis for investigative work and expert witness testimony in Federal, State and Sectarian courts. He is the founder and director of the ADFSL (Association of Digital Forensics, Security and Law) where he also serves as the Publisher of the quarterly Journal of Digital Forensics, Security and Law and as the chair of the annual ADFSL Conference on Digital Forensics, Security and Law. He is a Certified Computer Examiner (CCE) through the International Society of Forensic Computer Examiners (ISFCE) and is also a Certified Cyber Forensics Professional (CCFP) through the International Information Systems Security Certification Consortium – (ISC)2. Dr. Dardick also holds a Doctoral degree with a major in Information Systems and a minor in Finance.
