Phil Agcaoili

Phil Agcaoili (also known as philA) is an entrepreneur, leader, technologist, and an accomplished cyber security, information security, and privacy expert. He is the Senior Vice President and Chief Information Security Officer at Elavon, the chairman of the Ponemon Institute Fellows, on the Advisory Board for Qualys, and on the Board of Directors for Mobile ACTIVE Defense.

Education

Phil Agcaoili graduated from Columbia High School in East Greenbush, New York in 1989, studied aerospace engineering at Virginia Tech in Blacksburg, Virginia, received a Bachelor of Science in mechanical engineering from Rensselaer Polytechnic Institute in Troy, New York in 1993, and attended Georgia State University in Atlanta, Georgia for an MBA in computer information systems. He was inducted into the Mechanical Engineering Honor Society Pi Tau Sigma in 1991 at Rensselaer Polytechnic Institute and was inducted into the East Greenbush Education Foundation Hall of Fame in 2011.

Career

Agcaoili started his career at General Electric.

He co-founded and was the Chief Information Security Officer of SecureIT in 1996, which was one of the first pure-play Internet security services providers that was acquired by Verisign in 1998 for $70M. After the acquisition, he became VeriSign's first CISO. He was an early foundation member at Internet Devices, which was acquired by Alcatel in 1999 for $180M. He was the Chief Security Architect at Scientific-Atlanta, which was acquired by Cisco in 2005 for $6.9B.

He co-founded the Southern CISO Security Council in 2006.

While at Dell in 2008, he set security standards for Cloud computing as a Founding Member and Steering Committee member of the Cloud Security Alliance. He co-invented And Co-authored the Cloud Controls Matrix (CCM) in 2009 (versions 1.0, 1.1, and 1.2), co-founded the GRC Stack in 2010, and co-founded the Security, Trust & Assurance Registry (STAR) in 2011.

Agcaoili was named the Chief Information Security Officer at Cox Communications in 2009.

He has helped shape cyber security best practices for U.S. Telecoms as a committee co-chair for the Federal Communications Commission (FCC) Communications Security, Reliability and Interoperability Council (CSRIC) II Work Group 2A (Cyber Security Best Practices) in 2010, served on the NCTA Cyber Security Work Group as an inaugural member, played an instrumental role in 2012 in the FCC CSRIC III Work Group 11 (Consensus Cyber Security Controls), served as a committee co-chair for cyber security on the Communications Sector Coordinating Council (CSCC), was a member of the Communications Information Sharing and Analysis Center (Communications ISAC), and an was an industry representative on the National Coordinating Center for Communications (NCCC).

He was inducted into the Ponemon Institute as a Distinguished Fellow in 2011 and then appointed the Chairman of the Ponemon Institute Distinguished Fellows in 2012.

He has been instrumental in shaping United States cyber security efforts. Throughout 2013 he helped the National Institute of Standards and Technology develop the first version of the U.S. Cybersecurity Framework released as the Framework for Improving Critical Infrastructure Cybersecurity on February 12, 2014.

Agcaoili was appointed the Vice President and Chief Information Security Officer of Elavon in 2014. He serves on the FS-ISAC and on the Payments Processing Information Sharing Council (PPISC).

He has served on the Editorial Advisory Board for TechTarget Security Media Group Information Security Magazine, Advisory Board for CSO Magazine, Advisory Board for CIO Magazine, Governing Body Co-chair for Evanta CISO Leadership Network, Founding Advisory Council for CISO Executive Network in Atlanta, Founding Member and CISO Advisory Council for Wisegate, Advisory Board for the RSA Executive Security Action Forum (ESAF), and Advisory Board for SecureWorld Expo in Atlanta, Houston, and Dallas. He has served 10 times as a judge for the Information Security Executive (ISE®) Awards and was on the Advisory Board for the Worldwide Executive Council Goldman Sachs CISO Council and the Citibank CISO Council.

Information Security and Cyber Security Industry Contributions

• [American Institute of Certified Public Accountants (AICPA) endorsed Cloud Security Alliance (CSA) Position Paper on SOC Reports (SAS 70 and SSAE 16 replacement) http://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/csa-position-paper-on-aicpa-service-organization-control-reports.pdf]
• [Cloud Security Alliance (CSA), founding member https://cloudsecurityalliance.org/about]
• [CSA Steering Committee, co-founder http://www.csoonline.com/article/2138561/data-protection/cloud-security-alliance-updates-controls-matrix.html]
• [CSA Cloud Controls Matrix (CCM), co-inventor and co-author https://cloudsecurityalliance.org/cm]
• [CSA GRC Stack, co-founder https://cloudsecurityalliance.org/research/grc-stack/]
• [CSA Security, Trust & Assurance Registry (STAR), co-founder https://cloudsecurityalliance.org/star]
• [CSA Computer Security Incident Response Team (CSIRT), founding member https://cloudsecurityalliance.org/research/cloudsirt/]
• [Hogan Lovells US LLP & Cyber Privacy Working Group - Preliminary Cybersecurity Framework – Privacy Methodology http://csrc.nist.gov/cyberframework/framework_comments/20131205_harriet_pearson_hoganlovells.pdf]
• [NIST Cybersecurity Framework (CSF) aka Framework for Improving Critical Infrastructure Cybersecurity (FICIC) - Suggested Updates https://app.box.com/s/2qd8fs7d9xxdgmg7euhc]
• [FCC Communications Security, Reliability and Interoperability Council (CSRIC) II Work Group 2A (Cyber Security Best Practices), Committee co-chair http://transition.fcc.gov/pshs/docs/csric/WG2A-Cyber-Security-Best-Practices-Final-Report.pdf]
• [National Cable Television Association (NCTA) Cyber Security Working Group, inaugural member http://www.ncta.com/DocumentBinary.aspx?id=968]
• [FCC Communications Security, Reliability and Interoperability Council (CSRIC) III Work Group 11 (Consensus Cyber Security Controls), CSCC cyber security sub-committee co-chair http://transition.fcc.gov/bureaus/pshs/advisory/csric3/CSRIC_III_WG11_Report_March_%202013.pdf]
• MSO (cable) Security Council, founding member
• MSO Acceptable Use Policy Management (AUPM) Roundtable, founding member
• Alliance for Telecommunications Industry Solutions Network Reliability Steering Committee (ATIS NRSC)
• [Information Systems Audit and Control Association (ISACA) Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Cloud-Computing-Business-Benefits-With-Security-Governance-and-Assurance-Perspective.aspx]
• [Electronic Discovery Reference Model (EDRM) Data Set Project http://www.edrm.net/members/2011-2012/individuals]
• [IETF Capwap, Contributing Member ]
• [Risk-based vulnerability scanning ]

Recognition

• [1991 Inducted into the Rensselaer Polytechnic Institute Phi chapter of the Pi Tau Sigma http://www.pitausigma.net/Chapters/upload/6-Rensselaer-Phi-1990-1999.pdf]
• [1998 InfoWorld - Network Hardware: Product of the Year Award (IDI Fort Knox) http://findarticles.com/p/articles/mi_m0EIN/is_1999_Feb_15/ai_53875599/]
• [2005-2007 Microsoft Most Valuable Professional (MVP) in Security http://mvp.support.microsoft.com/]
• [2007-2008 Microsoft Most Valuable Professional (MVP) in Enterprise Security http://mvp.support.microsoft.com]
• [2008 Microsoft CSO Summit Excellence in Data Protection Award (Dell) http://mvp.support.microsoft.com]
• [2008 Information Security Project of the Year North American Award Nominee (Dell) http://www.ten-inc.com/press/2008/press_2008.11.18.asp]
• [2009 Information Security Executive (ISE®) of the Year Central Executive Award Winner (Dell) http://www.ten-inc.com/press/2009/press_2009.04.07.asp]
• [2010 Information Security Magazine Security 7 Award in Telecommunications] (Cox Communications) http://viewer.media.bitpipe.com/1152629439_931/1286461369_610/1010_ISM_eMag.pdf]
• [2011 Inducted into the East Greenbush Education Foundation Hall of Fame http://www.egedfoundation.org/hall%20of%20fame%20bios/Phil%20Agcaoili%20Bio.pdf]
• [2011 Named Ponemon Institute Distinguished Fellow http://www.ponemon.org/ponemon-institute-fellows]
• [2012 Veracode Bridge Builder Award (Cox Communications) http://www.businesswire.com/news/home/20120314006268/en/Veracode-Honors-Blue-Shield-California-Cox-Communications]
• [2012 RSA Conference Award for Excellence in the Field of Security Practices http://www.reuters.com/article/2012/02/29/idUS142103+29-Feb-2012+BW20120229]
• [2012 Named Chairman of the Ponemon Institute Fellows http://www.ponemon.org/ponemon-institute-fellows#agcaoili]
• [2012 Information Security Executive (ISE®) of the Decade Southeast Award Winner] (Cox Communications) http://www.ten-inc.com/press/2012/press_2012.03.14.asp]
• [2013 Evanta Top 25 Breakaway Leader Award http://www.evanta.com/ciso/summits/global/481/page/3549]
• [2014 CEOWorld Magazine Top Chief Security Officers (CSOs) to Follow on Twitter http://ceoworld.biz/2014/04/04/top-chief-security-officers-csos-to-follow-on-twitter-198120]
• [2014 Evanta Top 25 Breakaway Leader Award http://www.evanta.com/ciso/summits/global/page/4108]