The Risk Based Security leadership team defines strategic plans for our organization, ensuring that we provide the highest value business-to-business cyber-threat intelligence services, risk management and consulting solutions.
Chief Executive Officer and Chief Information Security Officer
Jake Kouns is the CEO and CISO for Risk Based Security, providing vulnerability intelligence and breach data. He previously oversaw the operations of the Open Sourced Vulnerability Database (OSVDB.org) and DataLossDB. Kouns has presented at many well-known security conferences, including RSA, Black Hat, DEF CON, DerbyCon, Bsides, CISO Executive Summit, IEEE, FIRST, CanSecWest, InfoSecWorld, SOURCE and SyScan.
He is the co-author of Information Technology Risk Management in Enterprise Environments, Wiley, 2010, and The Chief Information Security Officer, IT Governance, 2011. He holds both a bachelor of business administration and master of business administration degree from James Madison University, with a concentration in information security. In addition, he holds a number of certifications, including: ISC2’s CISSP, and ISACA’s CISM, CISA and CGEIT.
He has briefed the DHS and Pentagon on Cyber Liability Insurance issues and is frequently interviewed as an expert in the security industry by Information Week, eWeek, Forbes, PC World, CSO, and CIO Magazine. He has appeared on CNN as well as the Brian Lehrer Show, and was featured on the cover of SCMagazine.
Barry Kouns is chairman of Risk Based Security and acting Chief Financial Officer. He co-founded Risk Based Security in 2011, and served as Chief Executive Officer from 2011 through 2019. Barry received a Bachelor of Science degree in Statistics from Virginia Tech and an M.S. in Industrial Engineering from NDSU. He has authored dozens of security articles and presentations and co-authored The Chief Information Security Officer, IT Governance, 2011. Barry has more than 20 years of demonstrated success in building information security and professional services businesses.
Barry served in the US Air Force as a B-52H bombardier.
Chief Research Officer
As the Chief Research Officer at Risk Based Security, Carsten manages the VulnDB team responsible for analyzing vulnerability reports and delivering high quality content for our VulnDB solution. He also manages our in-house research that focuses on in-depth analysis of publicly reported vulnerabilities as well as discovering new ones.
Carsten is an information security researcher with an extensive reverse engineering background and about 300 vulnerability discoveries credited to his name – many in high-profile products from major software vendors. With almost 20 years experience managing large vulnerability database (VDB) teams, Carsten is considered a leading expert in the Vulnerability Intelligence (VI) field due to his comprehensive knowledge of vulnerabilities, root causes, and trends. A good part of his career has been spent analyzing software to determine code quality and promoting the concept of “Code Maturity” in order to provide a reliable metric for evaluating the secure coding efforts by vendors.
Carsten has presented at conferences such as RSA, DEF CON, FIRST, RVAsec, as well as keynoting Defcamp. He has been interviewed for numerous news articles about software security and was on the CVE Editorial Board for 9 years.
Carsten served in the Royal Danish Engineers, 4th Armoured Engineer Company.
Executive Vice President, Managing Director of Insurance Services
Inga found her way to information security after working for twenty years in the insurance industry. During her time managing a multi-million dollar portfolio of technology and cyber insurance coverages, Inga witnessed first-hand the impact of ineffective security programs and the financial fallout from data breach events.
At Risk Based Security, Inga is responsible for the Cyber Risk Analytics platform including the data breach research effort that informs much of the third party risk analysis that can be found there. She is also responsible for YourCISO, bringing security program management assistance to a variety of small to mid-sized organizations.
As a strong advocate for sharing knowledge, Inga has presented at a variety of industry forums and has led many continuing education sessions throughout the U.S. She currently holds a CIPP/US designation.
Vice President of Vulnerability Intelligence
Brian Martin has been studying, collecting, and cataloging vulnerabilities since 1993, both personally and professionally. Starting with a personal collection organized in the venerable FILES.BBS format and ultimately becoming the Content Manager of the Open Sourced Vulnerability Database (OSVDB), he has pushed for the evolution of vulnerability databases (VDBs) for years. Via blogs, presentations, and public dialogue on social media, Martin has challenged every major vulnerability database to improve their processes and coverage, but none more so than the one he manages.
Brian has been involved in all aspects of the vulnerability disclosure process, including finding new vulnerabilities, writing advisories, coordinating disclosure, creating disclosure programs, and working with a variety of organizations to improve vulnerability handling and response. This includes feedback and contributions to major vendor security programs and more recently, companies that manage bounty programs on behalf of vendors. Additionally, Brian was on the CVE Editorial Board for ten years and remains a sought after speaker on vulnerability topics.
Director of Business Operations
Eric Paxton has over 25 years of management and leadership experience in engineering, IT, and information security roles within multiple Fortune 500 companies. Eric has a broad base of IT experience, including IT strategy development, outsourcing and vendor management, and IT governance and risk management.
Eric is a Certified Information Security Manager (CISM), and holds both a Bachelor of Science degree in Chemical Engineering and a Bachelor of Arts degree in Music from Case Western Reserve University.
Director of Sales
Randy Gardner is responsible for sales at Risk Based Security. He began in insurance risk management before embarking on a 20+ year information technology career starting at UUNet, the first internet service provider. Randy later contributed to the successes of leading business process management, Cybersecurity, and threat intelligence solution providers. His professional achievements have served the interests of global brands, Government, and Non-governmental organizations (NGOs). He endeavors to enable customers with Cybersecurity and risk management intelligence.
Randy earned a B.A. from Duke University and M.A. from George Mason University.
European Director, Security and Risk Intelligence
Michael Mortensen is the European Director for Risk Based Security and is responsible for RBS’ EU activities. During the last five years Michael has been leading EU sales and has built up a large, strong partnership with many EU enterprise organizations and Government agencies. Michael draws on 17 years of experience in the threat intelligence and risk management industry in a variety of positions. Most notably he was Senior Managing Consultant – Vulnerability Intelligence at Secunia where he excelled in developing client relationships and driving sales growth. Mortensen also worked for NSS Labs as the European Director of Enterprise Accounts and as a Senior Account Executive with Gartner.
Michael has excelled and become one of the most experienced Enterprise sales and Vulnerability Management consultants within the industry. Michael has been represented in many key communities related to IT Security and has become a very familiar name in the industry.
Director of Marketing
Brendan Dodds is a marketing and digital transformation leader, with 15 years of experience driving effective digital marketing and communications for organizations from large global brands to tech startups. He was the Americas Digital Enablement Leader for Ernst & Young, driving digital marketing strategy and execution, and digital transformation across 25 countries, including the USA. He also led a global Digital Product Management team focused on digital marketing, and held several other marketing and communication roles, with a specialty in social media, once establishing and managing a cross-channel brand presence with more than 3.5 million followers. Brendan initially trained as an IT Project Manager at General Electric.
Brendan is an experienced speaker on digital marketing and communications, with conference appearances including: Institute for Professionals in Taxation, Social @ Scale, Philadelphia Business Forum, DMA and TEDxEY. He holds an MSc in Computer Science from the University of Kent (UK).