Click here to view registration types and pricing (PDF)
2017 Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, March 22, 2017
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Executive Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    8:00 am
    New England ISSA Chapter Meeting
    • session level icon
    ISSA members ONLY
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am

    This meeting is for ISSA members only
    8:00 - 8:30 a.m. - Networking
    8:30 - 9:15 a.m. – Chapter Meeting (speaker TBD)

    8:00 am
    SecureWorld Plus Part I – NIST Cybersecurity Framework
    • session level icon
    Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    speaker photo
    Chief Information Security Officer, University of Massachusetts President’s Office
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    8:00 am
    SecureWorld Plus Part I – Big Data and IoT
    • session level icon
    Big Data and IoT: Wonderful, Terrible, Inevitable
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    8:00 am
    SecureWorld Plus Part I – Information Security Awareness
    • session level icon
    Building a Successful Information Security Awareness Program
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.
    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful tool kits are covered.

    8:30 am
    Breakout Session One
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    8:30 am
    Security & Privacy Considerations for System Decommissioning & Hosting Migration
    • session level icon
    speaker photo
    Founder & Managing Partner, SolutionLab, LLC
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    With the continued growth and trust in cloud-based infrastructure and software services, many organizations are looking to retire on-premise solutions or migrate them to the cloud. Scott will present the security and privacy oversight, planning, and monitoring required for any system decommissioning or hosting migration effort involving regulated data with a focus on data retention, system sanitization, cloud migration, continuous monitoring, regulatory compliance and leadership accountability practices.

    8:30 am
    Securonix: Big Data Security Analytics – Operational and Organizational Things to Consider
    • session level icon
    speaker photo
    CISO and Chief Security Strategist, Securonix
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Optiv – Cloud Ready? 7 Tips to Weather the Storm
    • session level icon
    speaker photo
    Vice President, Cloud Security, OPTIV
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Much to the chagrin of information security departments, the cloud’s promises of “access anytime and anywhere” have been delivered too well. The emergence of cloud enabled, shadow-IT has created an internal struggle amongst IT and security professionals to regain control of their data. Meanwhile, the requests to move more business functions into the cloud has reached a crescendo. Without the proper plan and technical controls in place, cloud deployments can lead to the proliferation of uncontrolled sensitive data, reduced control over access, and ultimately undermine the integrity of a security program resulting in a security operations and compliance quagmire. During this talk we will provide seven security considerations when developing a cloud adoption strategy and tips on where to initially focus when planning to regain control over cloud based technologies after they have made their way into the enterprise.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm

    Advisory Council - VIP / INVITE ONLY

    11:15 am
    baramundi Software: Automating Endpoint Management: Patching, Deployment and System Building Made Easy
    • session level icon
    speaker photo
    Executive Manager, baramundi Software USA
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Application Security, Endpoint / Mobile Security, Network Security

    With increasing demands on IT Managers, new ways for handling security and user requirements are needed. This seminar will show you how to automate your patch management, drastically simplify system building, and find out about ways to enroll software while avoiding complex repackaging procedures – inside and outside of your network.

    11:15 am
    Surviving the Siege: Medieval Lessons in Modern Security
    • session level icon
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Warfare and the arts of intrusion have advanced considerably since the Middle Ages, but in many ways the principles of fortification we use today remain the same. The great castles of antiquity were ingeniously designed with multiple layers of physical security to protect their inhabitants from persistent, even advanced enemy threats. Their carefully planned and creative defensive measures provide rich metaphors, both positive and negative, for today’s cyber guardians. On the other hand, clever, daring, sometimes brilliant offensive strategies and tactics have historically breached battlements thought to be unassailable. Come join us as we examine lessons that can be applied to securing our own sophisticated digital fortresses.

    11:15 am
    Breakout Session Three
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    12:00 pm
    Advisory Council Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm

    Advisory Council - VIP / INVITE ONLY

    12:15 pm
    LUNCH KEYNOTE: Cisco – An Anatomy of an Attack
    • session level icon
    speaker photo
    Sr. Security Researcher, Cisco Cloud Security
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Cyber Criminals are increasingly exploiting the Internet services to build agile and resilient infrastructures, and consequently to protect themselves from being exposed and taken over. This session will explain how the correlation of Internet data on multiple levels (DNS, BGP, ASN, Prefixes/IPs) can be used to build and deliver a new model of security that is pervasive and predictive, and that allows us to expose the attackers' infrastructure. Learn how detection models that can be built and applied (such as co-occurrences, NLPRank, and Spike Detectors), and how the different detectors can be integrated to expose malicious infrastructures and advanced persistent threats.

    1:15 pm
    Panel: Hazards on the Horizon
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    Just as in the days of yore, you must have watch guards in the tower scanning the horizon for enemy banners. If you follow cyber threats, then you know that the landscape is constantly changing. From the bring your own device (BYOD) workplace to mobile-malware, social engineering, and everything in between, information security has transformed. In order stay ahead of the ever-changing threats, it is imperative to constantly improve and change security policies. Join industry experts as they discuss the importance of rolling with the changes, and how your company can stop the threat before it gets to the castle gate.

    1:15 pm
    Panel: Beware the Highwaymen: Rise of the Cyber Criminal
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    Modern civilization has always been plagued by various classes of criminals. Travelers would hire guards to protect their caravans from hijackers. Thieves came up with various ploys to trick travelers on the road. In today’s day and age the advent of interconnected devices, allowing for portability of corporate secrets, has given rise to a completely different class of nefarious actors. Cyber criminals range from those bent on stealing your personal information to “cyber terrorists” who have the capability to inflict harm on a much wider scale. Uninhibited by current laws, they are very effective given the speeds of networks, lack of appropriate security controls, and the anonymous nature of the attacker. Making matters worse, the crime may be perpetrated by entities outside of the legal jurisdiction where the unlawful act took place. This panel will explore the tools these criminals use, what can be done to prevent them, and how to safeguard your data.

    2:15 pm
    (ISC)2 Meet and Greet
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm

    Open to all attendees

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Trend Micro: Cloud Security Essentials / Cyber Risk & Resiliency in the Enterprise
    • session level icon
    speaker photo
    Vice President of Cybersecurity Strategy, Trend Micro
    speaker photo
    Vice President Global Hybrid Cloud Security, Trend Micro
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm

    Carlos Gonzalez will discuss security challenges faced in cloud migration such as visibility, agility, purchasing and compliance as well as the “shared security responsibility” where organizations are responsible for their workload security. Ed Cabrera, Chief Cybersecurity Officer and former CISO of the US Secret Service, will discuss cyber risk and resiliency in the Enterprise.

    3:00 pm
    Win Win Conversations, Pwn Your Career
    • session level icon
    speaker photo
    Founder and CEO, #brainbabe
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Effective communication is necessary for high productivity, career advancement, feeling valued in the workplace and having fun while we work. With job attrition rates at an all-time high, the win/win communication skill set is more valuable than ever. This talk offers the framework to pwn your career.

    3:00 pm
    Panel: Manage the Damage
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    In the old days it didn’t take a lot to eventually take the castle. Smart commanders would hole up just outside the defenders range of attack and starve out the enemy while digging a tunnel under the castle walls. It was only a matter of time. Today it is more important than ever for companies to have plans in place to reduce damages, recovery time, and costs, in case of a siege. Join our experts as they discuss challenges security teams face, tools and proven initiatives, and guidance in creating a program that will work for your organization.

    3:00 pm
    SecureWorld Plus Part II – NIST Cybersecurity Framework
    • session level icon
    Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    speaker photo
    Chief Information Security Officer, University of Massachusetts President’s Office
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    3:00 pm
    SecureWorld Plus Part II – Big Data and IoT
    Big Data and IoT: Wonderful, Terrible, Inevitable
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    3:00 pm - 4:30 pm

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    3:00 pm
    SecureWorld Plus Part II – Information Security Awareness
    • session level icon
    Building a Successful Information Security Awareness Program
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.
    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful tool kits are covered.

    3:30 pm
    Optiv Reception
    • session level icon
    Join Optiv and Partners for Happy Hour!
    Registration Level:
    • session level iconOpen Sessions
    3:30 pm - 6:00 pm
    Location / Room: Town Stove and Spirits (First Floor)

    Join your peers for complimentary hors d'oeuvres and cocktails following the first day of SecureWorld.
    Towne Stove and Spirits (First Floor)
    900 Boylston Street
    Boston, MA 02115

  • Thursday, March 23, 2017
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld Plus Part III – NIST Cybersecurity Framework
    • session level icon
    Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    speaker photo
    Chief Information Security Officer, University of Massachusetts President’s Office
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    8:00 am
    SecureWorld Plus Part III – Big Data and IoT
    Big Data and IoT: Wonderful, Terrible, Inevitable
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    8:00 am - 9:30 am

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    8:00 am
    SecureWorld Plus Part III – Information Security Awareness
    • session level icon
    Building a Successful Information Security Awareness Program
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.
    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful tool kits are covered.

    8:30 am
    IoT and Blockchain in Healthcare
    • session level icon
    speaker photo
    Deputy CISO, Partners HealthCare
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Tens of billions of connected devices will form the smart homes, cities and user experience of the future. The "Internet of Things" is a rich opportunity for IT Leaders but also presents some headaches, particularly when we think of medical and consumer devices in Healthcare. Hear the unique perspective from one of the nations largest healthcare providers on how they plan to step up to the challenge and how one notorious upstart technology, the "Blockchain", can potentially benefit the "Smart Hospital."

    8:30 am
    Using Public Cloud Platforms to Increase Enterprise Security
    • session level icon
    speaker photo
    CTO, Finomial
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am

    AWS and Microsoft Azure are the dominant public cloud platforms – but are they secure enough for your enterprise? The facts may surprise you! We’ll consider security services, compliance, scale, economics, and advanced capabilities you’ll wish you had in your enterprise. While still imperfect, you’ll leave appreciating why cloud security features are making adoption irresistible.

    8:30 am
    Breakout Session Two
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Technology as a Complement, Not as a Substitute
    • session level icon
    speaker photo
    Cyber Security Strategic Partnerships Director, Humana
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    As our daily lives become more integrated with technology, we need to ensure we do not become so dependent to the point of losing our ability to think and communicate without it.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm

    Advisory Council - VIP / INVITE ONLY

    11:15 am
    Cloud and Outsourcing, Oh No
    • session level icon
    speaker photo
    Director Information Security / Information Security Officer, Verscend
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Everyone does some sort of outsourcing or using the cloud. Do you have the necessary requirements and third party programs built and implemented? Many companies continue to “Oops, I forgot” or “Oops, I didn’t think about that.” What are basic items that need to be in place BEFORE you contract.

    11:15 am
    Highly Distributed, Rapidly Evolving, and Complex Systems-of-Systems (SoS): Does the U.S. National Airspace System (NAS) Provide a Useful Model for Internet Security Management?
    • session level icon
    speaker photo
    InfoSec Protagonist, Act 1 Security, (ISC)² , (ISC)² Eastern Chapter, HIMSS
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 103

    In the 1920's, as more planes took to U.S. skyways, our national air space (NAS) traffic control model evolved: from individual aircraft - to individual airline - to today’s centralized, coordination and control approach. Can today's organization-by-organization approach for Internet communications security leverage the NAS management model?

    11:15 am
    Breakout Session Three
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    12:00 pm
    Advisory Council Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm

    Advisory Council - VIP / INVITE ONLY

    12:15 pm
    LUNCH KEYNOTE: Radware – The Current Economics of Cyber Attacks
    • session level icon
    speaker photo
    Security Evangelist, Radware
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Often we discuss the changing threat landscape from a pure technical or vulnerability picture, however this does an injustice to element of ease, cost and access to attacks. This presentation will provide attendees with the an up-to-date picture of the rapidly changing landscape of attack tools and services, the buying criteria, and locations for the tools and ease of use. In addition, the presentation will provide an understanding of how the combination of the proliferation of these tools and their corresponding use has dramatically changed the dynamics of the return on defense strategies. This presentation will provide unique insight into the world of the Darknet, specific customer attack stories, new economic models of measuring security deployments, and a refreshed look at how controls should be deployed going forward.

    1:15 pm
    Panel: Close the Front Gate: Identify all Travelers
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    One of the first lines of defense for a castle was the front gate or portcullis. When the need arose, they would simply close the gate and stop everyone from entering. Castle guards would stop each traveler and determine their identity and if they were a threat before letting them in. Sort of like today’s network access control and firewalls. Identity or the perception of one’s identity was all that mattered and a smart spy or thief would gain access to the castle with only minor delays. Our experts will discuss your options for defending your castle.

    1:15 pm
    Panel: The Court Jester Has the Crown Jewels (Ransomware)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    Way back in the day if you wanted to get someone to bend to your will you could just kidnap the princess or steal the Crown Jewels. Kingdoms would do just about anything to get these things back. It was probably a bit easier to grab the princess and leave a note with your demands. The exchange of coin for the princess was a risky maneuver but worth the reward if you escaped. Now it just takes one foolish click to become a victim of ransomware. Sadly, they are not easily caught when you make the trade with bitcoin. This panel will talk about the current schemes happening with ransomware and how you can try to keep the Crown Jewels safe.

    1:15 pm
    Sumo Logic: Advanced Security Analytics – Detect, Respond, Comply
    • session level icon
    speaker photo
    Director of Product Marketing, Security & Compliance, Sumo Logic
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    Advanced security analytics reduces noise and operational intelligence to help security professionals address the tsunami of data of today's modern applications.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    The Principals of Persuasion (POP) utilized in Social Engineering Leading to Your Moments of Misery and Vulnerability (MOVE) or Moments of Mitigation (MOM)
    • session level icon
    speaker photo
    Principal Advisor, NSA, ISSA, ISACA, FCI
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Empowered with the principles of persuasion, white hats can help everyone in an organization create innumerable moments of mitigation (MOM). More importantly, fluency with the use of principals of persuasion utilized by black hats will empower you to stay ahead of their nefarious intent.
    Questions we will answer:

    • What are the primary persuasion methods utilized for good and evil in social engineering?

    • What are your organization’s Moments of Truth (MOT) that result in mitigation and maintained security or breach?

    • How do you leverage MOM and POP to influence and empower ALL members of your organization and significantly mitigate attacks and reduce risk?

    3:00 pm
    Introduction into the World of Windows Forensics
    • session level icon
    speaker photo
    Director of Cyber Security Operations, Massachusetts Advanced Secure Technologies
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    This course will provide an introduction into The World of Windows Forensics. The attendee will learn how to obtain and analyze digital information for possible use as evidence in civil, criminal or administrative cases. Topics: computer forensics law, volatile memory & hard drive analysis, using freeware and other inexpensive options.

    3:00 pm
    Ransomware Response – Rejecting the Threat
    • session level icon
    speaker photo
    Executive Consultant, CGI
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm

    Ransomware is among the hottest topics in the list of cybersecurity concerns for 2017. Chasing after ransomware components requires constant attention and often yields results that are inconclusive or too late. This session will focus on the protection from the harm threatened by a ransomware attack.

Exhibitors
  • ACP – Greater Boston
    Booth: TBD

    ACP is a professional organization that provides a forum for the exchange of information and experiences for business continuity leaders. We serve the greater Boston area, including Rhode Island and southern New Hampshire. Meetings are held on the second Wednesday of every month (except July & August). We invite you to attend our next meeting.

  • Alert Logic
    Booth: 213

    Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.

  • Anomali
    Booth: TBD

    Anomali delivers earlier detection and identification of adversaries in your organizations network by making it possible to correlate tens of millions of threat indicators against your real time network activity logs and up to a year or more of forensic log data. Anomali’s approach enables detection at every point along the kill chain, making it possible to mitigate threats before material damage to your organization has occurred.

  • Arctic Wolf
    Booth: 702

    Arctic Wolf redefines the economics of security with a turnkey SOC-as-a-service that deploys in minutes. Concierge Security Engineers use the AWN Platform to provide insights into your security to answer the question, “Am I safe?” We lead the industry in making security simple, actionable and affordable for mid-market companies.

  • ARMA
    Booth: TBD

    ARMA International is a not-for-profit organization representing the RIM profession. Its primary purpose is the advancement of the profession and the professional through advocacy, education and professional development.

    ARMA International members include records and information managers, MIS and ADP professionals, imaging specialists, archivists, hospital administrators, legal administrators, librarians, corporate counsel, compliance professionals, and educators. ARMA, its chapters, and its members are dedicated to helping individuals, organizations, and government agencies successfully meet the challenges of the increasingly complex records and information management field.

  • Aruba
    Booth: 516

    Mobile, IoT, and cloud are disrupting traditional businesses and declaring new winners. We are building smarter networks that are insightful and predictable to accelerate the transition. Infrastructure services are offered as software from the public or private cloud, enabling secure connectivity for mobile and IoT — under one roof.

  • ASIS
    Booth: TBD

    ASIS International, with more than 32,000 members, is the preeminent international organization for professionals responsible for security, including managers and directors of security. In addition, corporate executives and other management personnel, as well as consultants, architects, attorneys, and federal, state, and local law enforcement, are becoming involved with ASIS to better understand the constant changes in security issues and solutions.

  • Avecto
    Booth: 511

    Avecto’s award-winning Defendpoint software uniquely combines privilege management, application control and content isolation to protect every endpoint in your business. It stops malware that isn’t yet known to the antivirus vendors from executing, so that your data is protected from the latest threats.

  • Baramundi Software AG
    Booth: 409

    In 2000 baramundi software AG was founded in Augsburg, Germany. The company develops and markets the unified endpoint management software baramundi Management Suite. The solution optimizes IT management processes by automating routine tasks and providing an extensive overview of all endpoints.

  • Binary Defense Systems
    Booth: 110

    BDS is a company that works with you to understand your environment, what you have and building defenses to combat what we face today and for the attacks of tomorrow. Technology is continuously changing, businesses change every day – in order to keep up with the changes, BDS has created an extensively flexible yet highly accurate way of detecting attackers. We are attackers, and we know the best ways in detecting how attackers breach your network. An added bonus with BDS – continual penetration tests are performed regularly to enhance and develop additional safeguards. We are here to defend, protect and secure your company.

  • Centrify
    Booth: 408

    Centrify provides unified identity management across data center, cloud and mobile environments. Centrify software and cloud-based Identity-as-a-Service (IDaaS) solutions leverage an organization’s existing identity infrastructure to enable single sign-on, multi-factor authentication, privileged identity management, auditing for compliance and mobile device management.
    Centrify customers can typically reduce their total cost of identity management and compliance by more than 50 percent.

  • Check Point Security
    Booth: 504

    Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. We are committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.

  • Cisco
    Booth: 406

    As a provider of integrated, interoperable safety and security products and services, Cisco is helping to solve some of today?s toughest societal and business challenges. Governments, partners, and private institutions worldwide are using Cisco solutions to increase citizen safety and coordinate rapid responses to emergencies, while maximizing their technology investments.

  • Cloud Passage
    Booth: 416

    CloudPassage® Halo® is the world’s leading agile security platform that provides instant visibility and continuous protection for servers in any combination of data centers, private clouds and public clouds. Halo uses minimal system resources; so layered security can be deployed right at every workload – servers, instances and containers.

  • Core Security
    Booth: 604

    Enterprises are responsible for securing and managing access to corporate data and ensuring availability of enterprise applications and services at all times. Core Security offers threat-aware identity, access, authentication and vulnerability management solutions to help identity, security, and risk teams control access, reduce risk, and maintain continuous compliance.

    Our solutions provide actionable intelligence and context needed to manage identity access and security risk across the enterprise. By combining real-time insight into identity analytics with prioritized infrastructure vulnerabilities, organizations receive a more comprehensive view of their security posture. Organizations gain context and intelligence through analytics to make more informed, prioritized, and better security remediation decisions. This allows them to more rapidly and accurately identify, validate and proactively stop unauthorized access and defend against security threats.

  • The Cloud Security Alliance (CSA)
    Booth: TBD

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Cybereason
    Booth: 308

    Cybereason was founded in 2012 by a team of ex-military cybersecurity experts with the mission of detecting and responding to complex cyber-attacks in real time. Cybereason is the only Endpoint Detection and Response platform deployed in user space that detects both known and unknown attacks and connects isolated indicators of compromise to form a complete, contextual attack story. Cybereason's behavioral analytics engine continuously hunts for adversaries and reveals the timeline, root cause, adversarial activity, related communication and affected endpoints and users of every attack. Cybereason provides security teams with actionable data, enabling fast decision making and proper response.

  • Cylance
    Booth: 313

    Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.

  • Cyphort
    Booth: 305

    Cyphort is the next generation APT defense solution for the enterprise. Cyphort provides a single pane of glass across perimeter and laterally moving threats, correlates threat signals before and after an incident while eliminating noise from false alerts and red herrings.

  • DirectDefense
    Booth: 217

    Founded in 2011, DirectDefense offers security services that are unmatched within the industry. Our core strength is our deep experience in performing assessments for a wide array of networks, platforms, and applications. Our seasoned consultants are focused on providing world-class security services to our clients.

    Regardless of industry – financial, insurance, retail, hospitality, healthcare, education, gaming, technology, or energy and utilities, our wealth of knowledge and experience can assist you in achieving your security testing and strategy goals.

  • EC-Council
    Booth: TBD

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • empow
    Booth: TBD

    empow’s security platform radically upends traditional approaches by integrating with your existing network infrastructure and breaking down your security tools to their individual components – what we call “security particles™.” This creates an abstracted new layer that sits above your existing security configuration, and turns what you have into what you need.

    When empow identifies an event, a new, targeted security apparatus is instantly reassembled and deployed for each individual attack, in real time. This means quicker and smarter responses, with better correlation and insight. And the innovation is equally applicable to all flavors of attack campaigns.

  • F5
    Booth: 514

    F5 provides solutions for an application world. F5 helps organizations seamlessly scale cloud, data center, telecommunications, and software defined networking (SDN) deployments to successfully deliver applications and services to anyone, anywhere, at any time. F5 solutions broaden the reach of IT through an open, extensible framework and a rich partner ecosystem of leading technology and orchestration vendors. This approach lets customers pursue the infrastructure model that best fits their needs over time. The world’s largest businesses, service providers, government entities, and consumer brands rely on F5 to stay ahead of cloud, security, and mobility trends

  • Fidelis Cybersecurity
    Booth: 710

    Fidelis Cybersecurity protects the world’s most sensitive data by equipping organizations to detect, investigate and stop advanced cyber attacks. Our products, services and proprietary threat intelligence enable customers to proactively face advanced threats and prevent data theft with immediate detection, monitoring and response capabilities. With our Fidelis Network and Fidelis Endpoint, customers can get one step ahead of any attacker before a major breach hits. To learn more about Fidelis Cybersecurity, please visit www.fidelissecurity.com and follow us on Twitter @FidelisCyber

  • Flexera Software
    Booth: 613

    Flexera Software is the leading provider of next-generation software licensing, compliance, security and installation solutions for application producers and enterprises. Our next-generation software licensing, compliance and installation solutions are essential to ensure continuous licensing compliance, optimized software investments and to future-proof businesses against the risks and costs of constantly changing technology.

  • Forcepoint
    Booth: 510

    Forcepoint safeguards users, data and networks against the most determined adversaries, from insider threats to outside attackers, across the threat lifecycle – in the cloud, on the road, in the office. It simplifies compliance and enables better decision-making for more efficient remediation, empowering organizations to focus on what’s most important to them.

  • Fortinet
    Booth: 104

    We provide top-rated network and content security, as well as secure access products that share intelligence and work together to form a cooperative fabric. Our unique security fabric combines Security Processors, an intuitive operating system, and applied threat intelligence to give you proven security, exceptional performance, and better visibility and control--while providing easier administration.
    Our flagship enterprise firewall platform, FortiGate, is available in a wide range of sizes and form factors to fit any environment, and provides a broad array of next generation security and networking functions.

  • Gemalto
    Booth: 617

    SafeNet and Gemalto have joined forces to create the worldwide leader in enterprise and banking security from core data protection to secure access at the edge of the network. Together, we protect more data, transactions, and identities than any other company, delivering security services that are used by more than 30,000 businesses and two billion people in more than 190 countries around the world. We support 3,000 financial institutions and secure more than 80% of the world’s intra-bank fund transfers, and protect the world’s leading software applications.

  • Gigamon
    Booth: 618

    Gigamon (NYSE: GIMO) provides active visibility into physical and virtual network traffic, enabling stronger security and superior performance. Gigamon’s Visibility Fabric™ and GigaSECURE®, the industry’s first Security Delivery Platform, deliver advanced intelligence so that security, network, and application performance management solutions in enterprise, government, and service provider networks operate more efficiently. As data volumes and network speeds grow and threats become more sophisticated, tools are increasingly overburdened. One hundred percent visibility is imperative. Gigamon is installed in more than three-quarters of the Fortune 100, more than half of the Fortune 500, and seven of the 10 largest service providers.

  • GuidePoint Security LLC
    Booth: 118

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com.

  • HP
    Booth: 606

    Our vision is to create technology that makes life better for everyone, everywhere — every person, every organization, and every community around the globe. This motivates us — inspires us — to do what we do. To make what we make. To invent, and to reinvent. To engineer experiences that amaze. We won’t stop pushing ahead, because you won’t stop pushing ahead. You’re reinventing how you work. How you play. How you live. With our technology, you’ll reinvent your world.

    This is our calling. This is a new HP.

  • HTCIA
    Booth: TBD

    Investigators on the Leading Edge of Technology

    The High Technology Crime Investigation Association (HTCIA) was formed to provide education and collaboration to our global members for the prevention and investigation of high tech crimes. As such, we are an organization that aspires to help all those in the high technology field by providing extensive information, education, collective partnerships, mutual member benefits, astute board leadership and professional management. Association Mission: Provide education and collaboration to our global members for the prevention and investigation of high tech crimes.

  • IBM
    Booth: 511

    Digital is the wires, but digital intelligence, or artificial intelligence as some people call it, is about much more than that. This next decade is about how you combine those and become a cognitive business. It’s the dawn of a new era.

  • IBM Resilient
    Booth: 303

    IBM Resilient’s mission is to help organizations thrive in the face of any cyberattack or business crisis. The industry’s leading Incident Response Platform (IRP) empowers security teams to analyze, respond to, and mitigate incidents faster, more intelligently, and more efficiently. The Resilient IRP is the industry’s only complete IR orchestration and automation platform, enabling teams to integrate and align people, processes, and technologies into a single incident response hub. With Resilient, security teams can have best-in-class response capabilities. IBM Resilient has more than 150 global customers, including 50 of the Fortune 500, and hundreds of partners globally. Learn more at www.resilientsystems.com.

  • The Institute of Internal Auditors (IIA)
    Booth: TBD

    Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession's global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.

  • InfraGard
    Booth: TBD

    InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of individuals, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.

    The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.

  • Integration Partners
    Booth: 104

    We know and understand you have options when choosing the right partner. Networking technology alone isn’t a differentiator, it’s how we do business with you. We’ve curated the best solutions not just to support IT needs, but to support your business strategy. Our culture is one that influences the customer experience. We never stop improving, and so we will never let you fall behind. From this simple and often overlooked practice, we believe the greatest customer relationships come from our mutual and shared strategies. Now just think… WHAT’S POSSIBLE.

  • IOvations
    Booth: 302

    IOvation provides innovative enterprise Security, Network, and Storage IT solutions and professional services that enable our clients to achieve optimal results.

    With over 25 years of deep Security, Network, and Storage domain experience, you can count on IOvation for trusted advice, real-time response, and superior service.

  • ISACA
    Booth: TBD

    As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

  • (ISC)2
    Booth: TBD

    isc2 about sso
    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation - The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • ISSA
    Booth: TBD

    The Information Systems Security Association (ISSA) is an international organization providing educational forums, publications, and peer interaction opportunities that enhance the knowledge, skills, and professional growth of its members' information security professionals. The primary goal of ISSA is to promote management practices that will ensure availability, integrity, and confidentiality of organizational resources.

    Since its inception in 1982, ISSA's membership has grown to include more than 100 chapters around the world with members who represent a diverse collection of organizations, including major U.S. and international corporations, leading consulting firms, world-class educational institutions, and government agencies. From EDP audit and corporate security to contingency planning and disaster recovery, ISSA members are committed to protecting their organizations' assets and resources.

    Visit the National Headquarter's website at www.issa.org.

  • Kaspersky Lab
    Booth: 106

    In 1999, Kaspersky Lab was the first company to introduce integrated antivirus software for workstations, file servers and application servers running on Linux/FreeBSD operating systems. Today, the company offers a whole range of effective corporate security solutions for the most popular operating systems specifically designed for different types of businesses. The company?s product range covers all of the main information security requirements that businesses and large state organizations have to adhere to, including: excellent protection levels, adaptability to changing circumstances, scalability, compatibility with different platforms, high performance, high fault tolerance, ease of use and high value.

    One of the primary advantages of Kaspersky Lab?s corporate range is the easy, centralized management provided by Kaspersky Security Center that extends to the entire network regardless of the number and type of platforms used.

  • LightCyber
    Booth: 217

    Stop Attackers in their Tracks: How to Incorporate Smart Detection Strategies

    If an attacker was on your network would you know? How long would the breach go undetected? Statistics show that attackers can remain hidden on a network up to 200 days before being detected, and cause untold damage in that time period. And while it’s accepted that perimeter defenses cannot provide 100% protection against attacker’s technology that lets you find attackers quickly and efficiently has been a challenge.

    LightCyber delivers on the promise of just that. Accurate, efficient detection of attackers after they have breached your network, providing you clarity about the attacker from network intelligence combined with added context detailing using our ability to access critical device data. Combined together, LightCyber lets you quickly zero in on the exact device accessed by the attacker, which allows fast remediation to stop damage before it happens.

  • LogRhythm
    Booth: 503

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • NEDRIX
    Booth: TBD

    We are professionals in the public and private sector with an interest in emergency response, crisis management, business continuity, or disaster recovery. Experience levels range from novices in the industry to experts with over 35 years experience. NEDRIX itself is a not-for-profit organization staffed entirely by volunteers.
    NEDRIX membership provides you with real time notifications based on the states you subscribe to, as well as with industry news, events, trends, conferences, networking, and more!

  • NETSCOUT
    Booth: 317

    NETSCOUT nGenius packet flow switches provide security visibility by optimizing the flow of traffic from the network to security systems. These appliances collect and organize packet flows—creating a unified packet plane that logically separates the network layer from the security systems. Our customers use packet flow switches to optimize and scale out their cyber security deployments, so that they can spend less time in adding, testing and managing their security systems.

  • Okta
    Booth: 508

    Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

  • Optiv
    Booth: 506

    Optiv is the largest holistic pure-play cyber security solutions provider in North America. Our diverse and talented employees are committed to helping businesses, governments and educational institutions plan, build and run successful security programs through the right combination of products, services and solutions related to security program strategy, enterprise risk and consulting, threat and vulnerability management, enterprise incident management, security architecture and implementation, training, identity and access management, and managed security.

    Created in 2015 as a result of the Accuvant and FishNet Security merger, Optiv has served more than 12,000 clients of various sizes across multiple industries, offers an extensive geographic footprint, and has premium partnerships with more than 300 of the leading security product manufacturers.

  • Palo Alto Networks™
    Booth: 512

    Palo Alto Networks™ is the network security company. Its next-generation firewalls enable unprecedented visibility and granular policy control of applications and content – by user, not just IP address – at up to 20Gbps with no performance degradation. Based on patent-pending App-ID™ technology, Palo Alto Networks firewalls accurately identify and control applications – regardless of port, protocol, evasive tactic or SSL encryption – and scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. Most recently, Palo Alto Networks has enabled enterprises to extend this same network security to remote users with the release of GlobalProtect™ and to combat targeted malware with its WildFire™ service. For more information, visit www.paloaltonetworks.com.

  • Proofpoint
    Booth: 316

    Proofpoint secures and improves enterprise email infrastructure with solutions for email security, archiving, encryption and data loss prevention. Proofpoint solutions defend against spam and viruses, prevent leaks of confidential and private information, encrypt sensitive emails and archive messages for retention, e-discovery and easier mailbox management. Proofpoint solutions can be deployed on-demand (SaaS), on-premises (appliance) or in a hybrid architecture for maximum flexibility and scalability. For more information, please visit http://www.proofpoint.com.

  • Qualys, Inc.
    Booth: 309

    Qualys, Inc. (NASDAQ: QLYS), is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations, including Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).

    For more information, please visit www.qualys.com.

  • Radware
    Booth: 406

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware's solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • Rapid7
    Booth: 402

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • Red River
    Booth: 304

    Red River’s Security Practice has nearly 20 years of experience helping federal and enterprise customers strengthen their security stance with strategically-integrated data- and network-centric physical and cyber security solutions designed to protect critical assets, enable situational awareness and simplify security management. We not only hold the coveted Cisco Master Security Specialization, but our highly-certified experts use a balanced approach that blends leading-edge technology, systems, policies and proven processes to deliver secure, effective solutions that offer complete protection and long-term value to our customers.

  • RedSeal
    Booth: 209

    At RedSeal, our vision is to become the essential analytics and decision-making platform for building digitally resilient organizations people can trust.

    We do this by becoming the measure by which every organization can quantify its digital resilience.

    As thought leaders on resilience, we envision every organization starting the security discussion with the question “What’s our Digital Resilience Score?”

    Founded in 2004, RedSeal is headquartered in Sunnyvale, California.

  • RSA Security
    Booth: 516

    Business-Driven Security™ solutions for a complex world
    More than 30,000 customers worldwide—including nearly half the global Fortune 500—rely on RSA Business-Driven Security™ solutions for cyber threat detection and response, identity and access management, online fraud prevention, and business risk management solutions. Armed with the industry’s most powerful tools, enterprises can better focus on growth, innovation and transformation in today’s volatile business environment.

  • Securonix
    Booth: 415

    At Securonix, we focus on the application of advances in the fields of computing, statistics, behavioral sciences, machine learning and artificial intelligence for solving core security problems.

    Securonix provides the industry’s first signature-less Behavior Based Threat Detection technology.
    Securonix provides the industry’s first risk based access outlier detection technology.
    Securonix provides the industry’s first fuzzy logic based identity correlation engine.

  • SailPoint
    Booth: 602

    In 2005, Mark and Kevin set out to create a new type of company – one that promised to provide innovative solutions to business problems and an exciting, collaborative work environment for identity rock stars. Together, we’re redefining identity’s place in the security ecosystem.

    We love taking on new challenges that seem daunting to others. We hold ourselves to the highest standards, and deliver upon our promises to our customers. We bring out the best in each other, and we’re having a lot of fun along the way.

  • SIM
    Booth: TBD

    At the Boston Chapter of SIM, we provide leading information technology executives, consultants, and academics with a place to share ideas. Our collaborative community shares best practices, trends and lessons learned for you: the person that is responsible for shaping and influencing the future of IT and IT management.

    Our goal is to provide you with access to a robust community of the area’s top IT leaders so you can exchange ideas, share best practices, and stimulate your mind. As a senior-level IT profession providing both strategic and tactical direction to your division on a daily basis, you need someplace to turn for advice, answers, and guidance, too.

  • Skybox Security
    Booth: 509

    Skybox gives security leaders the cybersecurity management solutions they need to eliminate attack vectors and safeguard business data and services every day. With unparalleled visibility and context-aware intelligence of the attack surface, Skybox solutions drive effective vulnerability and threat management, firewall management and continuous compliance monitoring.
    Established in 2002, Skybox is a privately held company with worldwide sales and support teams serving an international customer base of Global 2000 enterprises and government agencies.

  • Sumo Logic
    Booth: 112

    Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world.

  • TechTarget
    Booth: TBD

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tenable
    Booth: 312

    Tenable Network Security transforms security technology for the business needs of tomorrow through comprehensive solutions that provide continuous visibility and critical context, enabling decisive actions to protect your organization. Tenable eliminates blind spots, prioritizes threats, and reduces exposure and loss. With more than one million users and more than 20,000 enterprise customers worldwide, organizations trust Tenable for proven security innovation. Tenable's customers range from Fortune Global 500 companies, to the U.S. Department of Defense, to mid-sized and small businesses in all sectors, including finance, government, healthcare, higher education, retail and energy. Transform security with Tenable, the creators of Nessus and leaders in continuous monitoring.

  • Thales e-Security
    Booth: 505

    Thales e-Security is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales e-Security is part of Thales Group.

  • Trend Micro
    Booth: 413

    As a global leader in cloud security, Trend Micro develops Internet content security and threat management solutions that make the world safe for businesses and consumers to exchange digital information. With more than 20 years of experience, we're recognized as the market leader in server security for delivering top-ranked client, server, and cloud-based security solutions that stop threats faster and protect data in physical, virtualized, and cloud environments.

  • Tripwire
    Booth: 616

    Tripwire Enterprise is a security configuration management suite whose Policy Management, Integrity Management, and Remediation Management capabilities stand alone or work together as a comprehensive, tightly integrated SCM solution. Along with Tripwire Configuration Compliance Manager, Tripwire can address the range of enterprise systems that can be monitored with an agent or agentlessly.

  • TrustedSec
    Booth: 110

    Our #1 priority is you, our customer. We believe in our services and our quality of them. We truly care about each and every organization as much as you do. Our team is highly talented, skilled, senior, and not a commodity service like other INFOSEC consulting companies. TrustedSec’s model is to staff with only senior level resources and the highest quality of information security consulting. Our brand, reputation, and quality is how we have established ourselves in this industry and with the mindset of “always doing the right thing”. When we work with our customers, it’s more than “just another engagement” – it’s establishing an understanding with an organization, and working to make them better.

  • WatchGuard
    Booth: 110

    Seattle-based WatchGuard has deployed nearly a million of its integrated, multi-function threat management appliances worldwide, to businesses that range from SMEs to large distributed enterprises. Recognizing an unmet need for a security solution that addresses the rapidly evolving threat landscape, WatchGuard architected its high-throughput, highly scalable, and flexible Fireware® operating system to form the backbone of its products. This platform yields dramatically higher performance at a much lower cost than competitors in environments where multiple security engines are enabled.

  • Wombat Security Technologies
    Booth: 404

    Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS cyber security education solution includes a platform of integrated broad assessments, and a library of simulated attacks and brief interactive training modules, to reduce employee susceptibility to attack, even phishing attacks, over 80%.

  • Zensar
    Booth: 405

    Zensar is a leading digital solutions and technology services company that specializes in partnering with global organizations across industries on their Digital Transformation journey. Zensar empowers customers to develop strategies to adhere to comprehensive security frameworks while implementing security solutions to meet industry practices and compliance requirements.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson
    Chief Information Security Officer, University of Massachusetts President’s Office

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Scott Margolis
    Founder & Managing Partner, SolutionLab, LLC

    Scott Margolis leads the Commonwealth of Massachusetts, Health Exchange Security & Privacy Compliance program comprised of State Agencies and IT Service Providers, established to meet the Centers for Medicare & Medicaid (CMS) and Internal Revenue Service (IRS) mandated Certification & Accreditation requirements necessary to operate a State-Based Health Insurance Exchange under the Patient Protection and Affordable Care Act (ACA) of 2010. Mr. Margolis has more than 25 years of information technology, security governance, and regulatory compliance experience as an entrepreneur, senior leader and consultant. He has worked across the healthcare continuum having worked for payer, consulting and product organizations. He has successfully managed information technology and security organizations, led large consulting initiatives in both the public and private sectors, and developed products for the commercial marketplace.

  • speaker photo
    Michael Lipinski
    CISO and Chief Security Strategist, Securonix

    Michael J. Lipinski is CISO and chief security strategist at Securonix. He has over 28 years of experience in risk and information security, digital forensic investigations including HR interrogation, legal process support and testimony. Lipinski has helped organizations of all sizes design, build and run risk, IT governance and information security programs. He has held IT executive roles in the end user space and numerous roles in IT hardware and software organizations.

    Lipinski spent the last 8 years serving as CISO of an acquisition driven, rapidly growing marketing services and business process outsourcer. He was responsible for the development of the information security, risk, IT governance, IT CERT and insider threat programs. Prior to his role as CISO, Lipinski consulted for 15 plus years in the information security, risk and business continuity space, helping large organizations in diverse industries solve their risk and information security challenges.

    Lipinski has started and owned several IT and IT security companies. He created a new, disruptive technology that defends organizations from insider threats and took to market a patented set of insider threat focused risk analysis tools that detect unauthorized network communications from large data sources such as network flow, firewall and IDS/IPS systems.

  • speaker photo
    JD Sherry
    Vice President, Cloud Security, OPTIV

    JD Sherry is well-versed in enterprise security and data center architecture and has successfully implemented large-scale public, private and hybrid clouds emphasizing security architecture best practices. Over the last decade, Sherry has established himself as a trusted senior advisor for the protection of the payment card industry (PCI), the Health Insurance Portability and Accountability Act (HIPAA) and personally identifiable information (PII) data. As vice president of cloud security in the Office of the CISO at Optiv, Sherry focuses on security and compliance aspects that enable clients to be successful in planning, building and running their cloud ecosystems, spanning across private, public and most commonly hybrid cloud computing environments. Sherry also offers strategic consulting at the C-level and board level.

    Sherry interfaces regularly with the media to provide expert insight on the state of cyber security and how individuals and organizations can adequately protect themselves from loss. He previously held a Top Secret clearance, and has an MBA IT degree from Jones University and a bachelor’s degree from the University of Nebraska.

  • speaker photo
    Jonathan Lange
    Executive Manager, baramundi Software USA

    Jonathan Lange is responsible for Sales in the US market. Having advised customers in various countries from small businesses to global enterprises, he is well aware of the challenges IT departments face today in order to keep their infrastructure up-to-date, safe and efficient. Specialized on efficient methods for endpoint management, he has an in-depth knowledge of the baramundi Management Suite and how it can benefit IT departments.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Brad Antoniewicz
    Sr. Security Researcher, Cisco Cloud Security

    Brad Antoniewicz works in Cisco Umbrella’s security research group. He is an Adjunct Professor teaching Vulnerability Analysis and Exploitation and a Hacker in Residence at NYU’s Tandon School of Engineering. Antoniewicz is also a Contributing Author to both the Hacking Exposed and Hacking Exposed: Wireless series of books.

  • speaker photo
    Ed Cabrera
    Vice President of Cybersecurity Strategy, Trend Micro

    Eduardo Cabrera is responsible for analyzing emerging cyber threats to develop innovative and resilient enterprise risk management strategies for Fortune 500 clients and strategic partners. Before joining Trend Micro, he was a 20-year veteran and former CISO of the United States Secret Service.

  • speaker photo
    Carlos Gonzales
    Vice President Global Hybrid Cloud Security, Trend Micro

    Carlos has over 20 years of expertise in enterprise software and infrastructure. Prior to joining Trend Micro, Mr. Gonzalez was a Sr. Sales Director at Oracle, responsible for sales and services of Oracle’s Cloud Computing and security initiatives for Latin America.

  • speaker photo
    Deidre Diamond
    Founder and CEO, #brainbabe

    Deidre Diamond is the Founder of #brainbabe (brainbabe.org) and ICMCP Strategic Board Member. Deidre was previously the CEO of Percussion Software, the first VP of Sales at Rapid7 (NYSE:RPD) and the VP of Sales at Motion Recruitment.

  • speaker photo
    Larry Wilson
    Chief Information Security Officer, University of Massachusetts President’s Office

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Larry Wilson
    Chief Information Security Officer, University of Massachusetts President’s Office

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Esmond Kane
    Deputy CISO, Partners HealthCare

    Esmond Kane is the Deputy Chief Information Security Officer in the Partners HealthCare Information Security and Privacy Office. In this role, Esmond is responsible for the operational component of the "Lighthouse" program, a radical transformation in Partners approach to security and privacy risk management. Prior to Partners, Esmond spent 10 years helping to guide improvements in IT delivery and information security in various roles in Harvard University. Prior to Harvard, Esmond spent 10 years in several roles and industries including KPMG and BIDMC. In his spare time, Esmond likes to fret about spare time and annoy people who read bios…

  • speaker photo
    Bill Wilder
    CTO, Finomial

    Bill Wilder is a cloud computing veteran and CTO at Finomial, providing SaaS solutions to the global hedge fund industry from the public cloud. Bill is recognized by Microsoft as a 7-time Azure MVP awardee for his cloud expertise and community leadership. Bill is the author of Cloud Architecture Patterns (O’Reilly Media, 2012).

  • speaker photo
    Sheri Donahue
    Cyber Security Strategic Partnerships Director, Humana

    Sheri Donahue spent 20 years as a civilian Navy engineer, most recently as Program Manager for Security & Intelligence (Indian Head Division). She is President-Emeritus of InfraGard National where she served on the national board for 11 years. Currently, she is the Cyber Security Strategic Partnerships Director for Humana.

  • speaker photo
    Sandy Bacik
    Director Information Security / Information Security Officer, Verscend

    Sandy Bacik, former VF Corp, Global Risk Assessment Manager and author, has many years direct development, implementation, and management information security experience in the areas of audit, DR/BCP, incident investigation, physical security, privacy, compliance, policies/procedures, and data center operations. She has developed enterprise-wide security conscious culture through information assurance programs.

  • speaker photo
    Dan Walsh
    InfoSec Protagonist, Act 1 Security, (ISC)² , (ISC)² Eastern Chapter, HIMSS

    Dan Walsh, MBA, CISSP
    Act 1 Security founder & principal protagonist, consulting on the information security challenges facing the healthcare, public, and retail sectors.
    • Commonwealth of Massachusetts’ Chief Security Officer (2006-2011)
    • Information Security Officer - South Shore Hospital
    • Information Systems Security Architect - Partners Healthcare System
    Information Security Programs design and implementation
    Enterprise information systems risk management & assessment strategies

  • speaker photo
    Ron Winward
    Security Evangelist, Radware

    Ron Winward is a Security Evangelist for Radware, where he helps execute the company’s thought leadership on today’s security threat landscape. Ron brings nearly 20 years of experience in the Internet service provider space, most recently as Director of Network Engineering for a global infrastructure and colocation provider. With an expertise in network architectures and DDoS mitigation, Ron has helped design solutions for carriers, enterprises, and cybersecurity service providers around the world.

  • speaker photo
    Mark Bloom
    Director of Product Marketing, Security & Compliance, Sumo Logic

    Mark Bloom has more than 15 years of experience in sales, marketing and business development across financial services and high tech industries. His previous roles include Cisco, Compuware, SonicWall/Dell, Trend Micro and more.

  • speaker photo
    Michael Horsch Fizz
    Principal Advisor, NSA, ISSA, ISACA, FCI

    With more than 20 years of experience, Michael brings an in-depth understanding of currently available solutions empowering clients to achieve operational excellence. Over his career, Michael has delivered over three thousand consultations to technology and financial organizations.

  • speaker photo
    Gene Kingsley
    Director of Cyber Security Operations, Massachusetts Advanced Secure Technologies

    Gene Kingsley, Director of Security Operations Center where he leads his team to help protect the clients of Massachusetts Advanced Security Technologies.

    Gene has 20 years of experience in Information Management and Security having worked in Higher Ed and the Finance Industry. GCFE, BS in CJ, MS CIM, ITIL Foundations.

  • speaker photo
    Michael Corby
    Executive Consultant, CGI

    Mr. Corby has more than 40 years in IT strategy, operations, development and security. He is the founder of (ISC)², Inc. the organization that established the CISSP security professional credential. A frequent Secureworld speaker and author, he was CIO for a division of Ashland Oil and for Bain & Company.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
DON'T MISS OUT

Join us for high-quality, affordable cybersecurity training and networking. Sign up today!