googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, March 13, 2024
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 4:15 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    [PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 1
    • session level icon
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am
    Location / Room: 105

    Today’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.

    This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:

    1. How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
    2.  How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
    3. How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
    4. How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
    5. How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.

    The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.

    7:30 am
    [PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 1
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am
    Location / Room: 104

    Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

    In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.

    You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

    • What are the components of the framework?
    • Why is the framework is valuable?
    • What type of organizations can use the framework?

    Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

    You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

    Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

    We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 4:30 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    Advisory Council Roundtable Breakfast – (VIP / Invite only)
    • session level icon
    Building Your Cybersecurity Community: Connections and Career Growth
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:45 am
    Location / Room: 101
    Developing meaningful professional relationships and strategically managing your career are vital for success and advancement in the fast-moving cybersecurity ecosystem. Connections are critical in our lives – we cannot do it alone. This closed-door, interactive session provides perspectives and frameworks for expanding your network both internally and across the industry. Come ready to share and hear proven approaches for becoming a trusted advisor to business leaders while raising the profile of your security team. We’ll discuss techniques to foster connections through conferences, media, and writing while aligning activities to your long-term career roadmap. Participants will leave ready to proactively network with purpose, find and become mentors and sponsors, and chart a fulfilling career trajectory in cybersecurity.
    8:00 am
    Enabling Business with Security: Establishing Strategic Cyber Programs
    • session level icon
    speaker photo
    VP, Information Security, PayScale, Inc.
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:45 am
    Location / Room: 108
    Too often cybersecurity is viewed as a roadblock to innovation and progress. But leading organizations are shifting to value-added security programs that enable the business. In this session, learn how security leaders can cultivate trust, shape forward-thinking policy, and provide risk-based guidance to fuel competitive advantage. Hear communication strategies to convey cyber priorities in business terms as an enabler, not blocker. Learn how to gain support and buy-in for initiatives that not only strengthen a security program but also support the top and bottom lines. Learn how to leverage the security-to-business connection to ensure proper prioritization, buy-in, and support from internal teams ranging from  Engineering to Product to Sales.
    8:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:45 am - 9:00 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    9:00 am
    [Opening Keynote] Drag Racing & Cybersecurity: The Crossover
    • session level icon
    speaker photo
    Associate CISO, St. Luke's University Health Network
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    Location / Room: Keynote Theater

    You’d be amazed what you can learn from everyday hobbies or obstacles to help you become a better practitioner. Krista Arndt shares a very personal story of survival after a bad drag racing accident in 2015. It was a life-altering experience and provided perspective on her personal and professional life that drives her every day as a loving mom and wife, volunteer, and successful CISO.

    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:15 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    10:15 am
    Boardroom Boot Camp: From Rookie to Rockstar in Your First Cybersecurity Meeting
    • session level icon
    speaker photo
    VP, Global Security & Privacy, SharkNinja
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am
    Location / Room: 103

    Feeling nervous about your first cybersecurity presentation to the board? Don’t sweat it! This session is your secret weapon to transforming from newbie to a confident cybersecurity rockstar.

    Get ready to:

    • Craft a killer message: Lock-in the theme you want the board to remember and build your personal credibility.
    • Establish a program maturity baseline and threat model: Build a compelling narrative that connects today’s risks and the cybersecurity roadmap to real-world impact.
    10:15 am
    Breaking Down Current and Future Security Threats
    • session level icon
    speaker photo
    Research Security Officer, Massachusetts Institute of Technology
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am
    Location / Room: 102
    This session explores current and future information security threats that should be on everyone’s radar. The session offers recommendations and best practices for combatting said threats, based on practical experience. Come with your questions and willingness to share. Walk away with insights to help your organization, including methods for testing security programs and making sure you and your team are armed with the best approaches for providing security due diligence.
    10:15 am
    Zero Trust Considerations in an AI-Enabled Enterprise: Navigating the Intersection of AI Innovation and Cybersecurity
    • session level icon
    speaker photo
    Chief Technologist, Infoblox
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am
    Location / Room: 108

    From A(I) to Z(T), we’re inundated with new terms and technologies. Our enterprises are in a constant state of flux, users searching for better and faster ways to accomplish their goals, and administrators focused on more effective ways to protect their assets. AI has drastically reduced time-to-task, but at what cost? And how has AI better enabled the threat actor? We will discuss these topics as well as how to implement flexible Zero Trust principles that securely support and embrace future tech.

    10:15 am
    What is UEM (Unified Endpoint Management), and Why Should I Care?
    • session level icon
    speaker photo
    Lead Solutions Architect, Syxsense
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am
    Location / Room: 109

    This session walks through the basics of UEM as outlined by the GigaOm Radar Report and provides insights into why pacesetting operations and security leaders are pivoting away from point products towards unified solutions. Discover emerging UEM features that are already helping security operations teams automate vulnerability remediation and enforce compliance. And, if you or your organization care about Patch Management, Software Deployment, Security Policy Enforcement, Lifecycle Management, Endpoint Monitoring, or Remote Control, learn why it makes sense to adopt a combined solution.

    11:00 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:00 am - 11:10 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    11:10 am
    Leverage AI to Develop Your Organization's Security Policies
    • session level icon
    speaker photo
    Sr. Security Engineer, Cape Cod Healthcare
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am
    Location / Room: 109
    Artificial Intelligence is being used to create everything including code samples, realistic images and security awareness training messages. Another area AI can be used is for creating corporate security policies. There are ways CISOs and/or security managers can leverage AI to update or create security policies for their organizations. Certain steps should be considered when using AI to create these policies. This session explores leveraging artificial intelligence in creating security policies for your organization.
    11:10 am
    Here to Help: Law Enforcement Is a Vital Partner for CISOs
    • session level icon
    speaker photo
    Sr. Special Agent, U.S. Secret Service – Burlington, VT
    speaker photo
    Sr. Special Agent, Boston Field Office, U.S. Secret Service
    speaker photo
    Network Intrusion Forensic Analyst, U.S. Secret Service – Manchester, NH
    speaker photo
    CISO, Massachusetts Bay Transportation Authority (MBTA)
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am
    Location / Room: 102
    Cybercrime flourishes in the shadows. But security leaders don’t have to face it alone. This panel discussion demystifies the role of law enforcement and illuminates their collaborative potential as allies in the fight against cyber threats. Takeaways from this session:
    • Learn firsthand experiences and success stories from CISOS for leveraging law enforcement partnerships.
    • Gain insights from law enforcement officials into investigative capabilities, information-sharing protocols, and support available to organizations.
    • Understand the legal landscape surrounding collaboration, data privacy considerations, and incident reporting requirements.

    This session:

    • Explores practical steps for building meaningful partnerships with law enforcement.
    • Details moving beyond incident response to discover joint initiatives for threat prevention, public awareness, and legislative advocacy.
    • Addresses concerns about data sharing, legal complexities, and establishing trust.
    11:10 am
    [Panel] Unveiling the Threat Landscape and Unmasking Digital Villains
    • session level icon
    speaker photo
    Co-Founder & CPO, Veriti
    speaker photo
    Co-Founder & CTO, Astrix Security
    speaker photo
    Head of Global Solutions Architects, Google Threat Intelligence
    speaker photo
    Sr. Sales Engineer, Thales
    speaker photo
    Sr. Cloud Security Strategist, Panther
    speaker photo
    Information Security Officer, Blue Cross & Blue Shield of Rhode Island
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am
    Location / Room: 103

    In the shadows of our digital world, a clandestine battle is waged against our data, systems, and infrastructure. These hidden threats, much like the villains of comic books, lurk in the shadows, seeking to exploit vulnerabilities and disrupt our digital lives. Join us as we delve into the ever-evolving threat landscape, unmasking the villains of the digital realm and exploring their nefarious tactics.

    Our panel of cybersecurity experts unravel the intricate world of cyber threats, shedding light on the latest trends, emerging attack vectors, and the expanding arsenal of malicious tools employed by cyber adversaries. Learn the motivations behind these threats, from profit-driven cybercriminals to state-sponsored actors wielding cyberweapons.

    Our panel provides a comprehensive overview of the current threat landscape.

    11:10 am
    Cloud Delivered AI-Powered Threat Prevention
    • session level icon
    speaker photo
    Head of Engineering, East US, Check Point Software Technologies
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am
    Location / Room: 108

    This session will explore how AI-powered and cloud-delivered threat prevention enables cybersecurity professionals to deploy enterprise-grade security across the data center, network, cloud, email, branch office, and remote users with unified management and automated operations. Specific use cases will be reviewed in which AI-powered security engines are implemented to prevent attack vectors by sharing real-time threat intelligence and anomalies.

    12:00 pm
    [Lunch Keynote] Disrupting the Modern Adversary – Implementing Cross-Domain Threat Hunting to Defeat an Evolving Threat
    • session level icon
    speaker photo
    SVP, Counter Adversary Operations, CrowdStrike
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm
    Location / Room: Keynote Theater

    The threat has evolved. Adversaries are increasingly cloud-conscious and conducting intrusions with native tooling. Living off the land is firmly the rule, not the exception. Average breakout times have dropped to 62 minutes all while the complexity of IT environments has dramatically increased.

    In this keynote, you’ll learn about how CrowdStrike is developing novel tradecraft and capabilities to disrupt and defeat sophisticated criminal and state-sponsored cyber operations.

    12:00 pm
    Advisory Council Roundtable Lunch (VIP / Invite only)
    • session level icon
    The Eternal Challenges of AppSec
    speaker photo
    Chief Architect, Invicti
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 12:45 pm
    Location / Room: 101

    Even though the field of application security seems to change by the hour, the same underlying challenges keep cropping up year after year. From increasingly intense and ingenious attacks to internal frictions between development and security teams, each organization needs to find its own ways to deal with problems old and new. In this session, we will chat about the challenges we face daily – and the solutions we have found effective.

    Moderated discussion for SecureWorld Advisory Council members. By invite only.

    Sponsored by:

    12:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:45 pm - 1:15 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    1:15 pm
    Supply Chain Showdown: Taming Third-Party Risk in Today’s HIPAA and NIST World
    • session level icon
    speaker photo
    VP, CISO, Surgery Partners, Inc.
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:00 pm
    Location / Room: 109

    Third-party risk management is at the forefront of cybersecurity, particularly for the healthcare industry working under HIPAA constraints and the NIST framework. Vendors are there to help but create the extra layer of risk as bad actors target healthcare organizations as other vital industries. This session sheds light on the promise and perils of third-party risk.

    Get ready to:

    • Understand how HIPAA regulations rein in third-party data and push organizations into compliance.
    • Master the NIST Cybersecurity Framework and use it to effectively manage your vendors’ security practices.
    • Learn expert techniques for assessing, monitoring, and mitigating third-party risks before they invade your network.
    • Discover collaboration strategies for wrangling vendors into a cohesive security ecosystem.

     

    Leave with practical tools and actionable insights to keep your third-party risks under control and your HIPAA compliance on the straight and narrow.

    1:15 pm
    Measuring the Immeasurable: Business Risk Management and Risk Quantification
    • session level icon
    speaker photo
    VP, Technology and Cybersecurity Audit & Advisory Services, Manulife
    speaker photo
    Sr. Vice President, Information Security, Semrush
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:00 pm
    Location / Room: 102

    Similarly to meteorologists trying to predict where the next hurricane will land, corporate executives (CEOs, CFOs, etc) are trying to predict their company profits. Instead of barometric pressure, temperature, and wind speed, they have to work with geopolitical turmoil, macroeconomic conditions, and consumer confidence. For weather professionals and executives, uncertainty is the biggest enemy, and any decrease in uncertainty translates into millions of dollars saved. Both groups try to collect as much information as possible, but at the end they still have to estimate. Unlike meteorologists, executives can influence their estimates, both by investing in better information-gathering capabilities and by investing in controls. ISO31000 created a new definition of risk as “the effect of uncertainty on objectives,” so what can we as risk and cybersecurity professionals do to help our executives guess better? Join this session to find out.

    1:15 pm
    [Panel] Securing the Cloud Fortress: Revealing Defense Strategies for the Cloud
    • session level icon
    speaker photo
    Principal Solutions Engineer, Lacework
    speaker photo
    Director, Office of Cybersecurity Strategy, Sysdig
    speaker photo
    Vice President, Savvy
    speaker photo
    General Manager, IT and Developer Solutions, CyberArk
    speaker photo
    Senior Cloud Solutions Architect – Alliances, Crowdstrike
    speaker photo
    Professor; Founder and Director, Master of Science in Cybersecurity Policy & Governance Program, Boston College
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm
    Location / Room: 103

    In the ever-expanding digital universe, the cloud has emerged as a powerful tool, enabling organizations to store data, access applications, and operate their businesses with unprecedented agility. However, this vast digital fortress, like any other, is not without its vulnerabilities. Join us as we delve into the realm of cloud security, exploring the hidden defenses employed by cybersecurity superheroes to safeguard the cloud and its inhabitants.

    Our panel of cloud security experts shed light on the unique challenges and strategies involved in protecting cloud-based environments. They discuss the shared responsibility model, the role of cloud providers and customers, and the evolving tools and techniques employed to secure the cloud.

    Our panel provides a comprehensive overview of cloud security, empowering attendees to understand the hidden defenses of the cloud and strengthen their cloud security posture. Learn how to identify and mitigate cloud-based threats, implement robust access controls, and effectively manage cloud security risks.

    1:15 pm
    Mind the Gap: Why Modern Vulnerability Management Demands More than Scan-and-Patch
    • session level icon
    speaker photo
    Sr. Technical Director, Skybox Security
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm
    Location / Room: 108

    Too many vulnerability management programs operate on incomplete or out-of-date scan data. What’s more, this data is rarely if ever correlated to the importance of the asset or its exposure to potential attack across the network.

    To have a real impact on lowering your risk of cyberattack, a modern vulnerability management program needs to provide you with an up-to-the-minute view of all the vulnerabilities in the estate, immediate insights into those that matter to your organization, and how to remediate them. All without waiting for the next patch cycle.

    In this session, you will learn:

    • How the visibility of your assets, networks, business, and security data impacts vulnerability risk.
    • What scanners miss in discovery and prioritization, and how to fill in the gaps.
    • How to reduce the scan-and-patch lag from weeks to hours.

    This session explores how modern vulnerability management helps you to centralize and analyze data from the entire attack surface, prioritize those threats that represent the highest risk to you, and act more quickly to remediate those vulnerabilities most likely to be used in a cyberattack.

    2:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:10 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    2:10 pm
    [Panel] The History of Cyber Insurance and War Exclusions: Who Pays for State-Sponsored Cyber Attacks?
    • session level icon
    speaker photo
    Associate Professor, Computer Science; Engineering Director, The Fletcher School at Tufts University
    speaker photo
    Member, Data Privacy & Cybersecurity, Clark Hill Law
    speaker photo
    Director, Chief Client Officer, FINEX NA Cyber Security & Professional Risk, WTW
    Registration Level:
    • session level iconConference Pass
    2:10 pm - 2:55 pm
    Location / Room: 103
    NotPetya was described by the White House as “the most destructive and costly cyber-attack in history.” Five years later, many of the companies hit by the Russian cyber attack are still sorting out who will pay for the damages and, in particular, what portion their insurance will cover. Several insurers have denied NotPetya-related claims on the grounds that the cyber attack was a “warlike action” because it was perpetrated by the Russian government and therefore is excluded from most standard insurance policies. This has led to a series of legal disputes about what constitutes cyberwar and when cyber insurance carriers are obligated to pay for damages linked to state-sponsored attacks. This talk examines these disputes through the lens of the history of cyber insurance, tracing the emergence and continuing growth of the cyber insurance industry and describing how it has evolved in the first 20 of its existence, where it is headed, why online threats have been particularly challenging for many insurers to model, and what role policy-makers can and should play in helping the market stabilize and grow. It considers how carriers and policyholders are responding to the disputes over NotPetya in light of the current war between Russia and Ukraine and the uncertainty around whether insurance coverage would apply to state-sponsored cyber attacks that occurred in the context of a war involving the use of physical force.
    2:10 pm
    Shifted Left: Moving from a Reactive to Proactive Mindset
    • session level icon
    speaker photo
    VP of Engineering, StackHawk
    Registration Level:
    • session level iconOpen Sessions
    2:10 pm - 2:55 pm
    Location / Room: 108

    20 years ago, Jeff Bezos shared an API mandate that required his employees to communicate via APIs. Fast forward to 2024, APIs are the primary way to build the applications we use daily. What’s still lagging, however, is the approach to ensuring these APIs are secure. This talk will lean into the shift-left movement, tracing its history from agile development and DevOps and how moving from a reactive to a proactive mindset is crucial to ensuring your data is protected.

    2:10 pm
    Human Machine Teaming: The Indispensable Human Element of Cybersecurity
    • session level icon
    speaker photo
    Field CTO, Americas, SentinelOne
    Registration Level:
    • session level iconOpen Sessions
    2:10 pm - 2:55 pm
    Location / Room: 109

    Artificial Intelligence is a pervasive part of our lives today and cybersecurity teams and adversaries alike have learned to harness the speed and power of machines to strengthen their capabilities. With machine learning becoming one of the most important defense tools, leaders must balance the overwhelming speed and accuracy advantage of AI with the need for measured and intuitive interactions with a real-world human element.

    Join this session to discuss:

    • What these trends mean for the hands-on practitioner
    • How AI and Machine Learning will make humans more effective, not replace them
    • When the velocity of innovation outpaces the capabilities of human intellect
    • The role of automation in the effective practice of securing our digital world
    2:10 pm
    ISC2 Eastern Massachusetts Chapter Meeting - Open to all attendees
    • session level icon
    Beyond the Checkbox: The Art of Elevating Tabletop Exercises for Proactive Defense
    speaker photo
    Senior Manager, Wolf & Company, P.C.
    Registration Level:
    • session level iconOpen Sessions
    2:10 pm - 2:55 pm
    Location / Room: Keynote Theater

    In today’s cybersecurity landscape, the need to adapt incident response strategies is more crucial than ever. This session explores the challenges of swiftly identifying and deploying resources amid the evolving threat landscape. We challenge the perception of tabletop exercises as mere compliance tasks, urging a shift towards recognizing them as proactive tools integral to organizational resilience.

    Addressing the dynamic nature of cybersecurity, we emphasize the urgency of identifying potential gaps in a rapidly changing environment. Navigating the process of onboarding tools, we ensure alignment with your organization’s unique demands. By framing tabletop exercises as value-driven activities, participants will gain insights into transforming them from routine rituals into strategic assets.

    The session concludes with a hands-on group exercise, enabling attendees to immediately implement discussed techniques upon returning to their organizations. Leave with a fresh perspective on incident response, ready to elevate tabletop exercises beyond regulatory checkboxes into powerful tools enhancing your cybersecurity posture.

    Key Takeaways:

    1. Transform tabletop exercises from compliance rituals to strategic assets.
    2. Recognize the evolving threat landscape and adapt incident response accordingly.
    3. Implement practical techniques through a small group exercise for immediate organizational impact.
    2:10 pm
    [Panel] Elevating Security Through Threat Intelligence, Cloud Resilience, and AI Innovations
    • session level icon
    speaker photo
    Solutions Engineer, Claroty
    speaker photo
    Engineering Manager, Okta
    speaker photo
    Co-Founder & CPO, Oasis Security
    speaker photo
    Head of Services Strategy & GTM, ExtraHop
    speaker photo
    Sr. Security Consultant, AccessIT Group
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconOpen Sessions
    2:10 pm - 2:55 pm
    Location / Room: 102

    Join us for an informative panel that delves into the strategic integration of threat intelligence, cloud resilience, and AI innovations, revealing the untold stories of unsung heroes in cybersecurity. 

    Discover how to optimize digital defenses and learn approaches to elevate your security leadership and your security posture. Don’t miss this opportunity to gain actionable knowledge that will empower you to stay ahead of the cybersecurity curve.

    3:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:30 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    3:00 pm
    Happy Hour
    • session level icon
    Sponsored by HashiCorp
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 4:15 pm
    Location / Room: Exhibitor Hall

    Join your peers for conversation and complimentary beer, wine, and soda. This is a great opportunity to network and to discuss the hot topics from the day.

    Generously sponsored by:

    3:30 pm
    [Closing Keynote] CISO Insights: Ensuring Critical Infrastructure Safety at the MBTA
    • session level icon
    speaker photo
    CISO, Massachusetts Bay Transportation Authority (MBTA)
    Registration Level:
    • session level iconOpen Sessions
    3:30 pm - 4:15 pm
    Location / Room: Keynote Theater

    This keynote delves into the pivotal role of the CISO in safeguarding IT assets at the MBTA. Emphasis is placed on how cybersecurity efforts are intricately aligned with ensuring safety, reliability, and operational resilience. Scott sheds light on the strategies employed to protect this crucial public transit system, with a focus on practical solutions and their application in real-world scenarios. Gain a comprehensive understanding of the implementation of cybersecurity strategies within a complex transit infrastructure. Scott provides actionable insights and valuable knowledge for professionals responsible for the protection of both digital and physical dimensions of critical systems.

    3:45 pm
    [PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 2
    • session level icon
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm
    Location / Room: 105

    Today’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.

    This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:

    1. How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
    2.  How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
    3. How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
    4. How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
    5. How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.

    The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.

    3:45 pm
    [PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 2
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm
    Location / Room: 104

    Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

    In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.

    You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

    • What are the components of the framework?
    • Why is the framework is valuable?
    • What type of organizations can use the framework?

    Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

    You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

    Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

    We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

  • Thursday, March 14, 2024
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 4:15 pm
    Location / Room: Registration Desk / Lobby

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    [PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 3
    • session level icon
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am
    Location / Room: 105

    Today’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.

    This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:

    1. How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
    2.  How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
    3. How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
    4. How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
    5. How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.

    The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.

    7:30 am
    [PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 3
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am
    Location / Room: 104

    Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

    In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) to understand and actively manage their risk posture.

    You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

    • What are the components of the framework?
    • Why is the framework is valuable?
    • What type of organizations can use the framework?

    Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

    You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

    Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

    We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 4:30 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    Advisory Council Roundtable Breakfast – (VIP / Invite only)
    • session level icon
    AI: Is It Just Another Overrated Techbro Heist?
    speaker photo
    CISO, Steward Health Care
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:45 am
    Location / Room: 101
    Artificial intelligence has been heralded as a transformative technology across industries, but has it lived up to the hype in cybersecurity? In this lively roundtable discussion for Advisory Council members and VIPs, come ready to debate the pros, cons, and limitations of AI-driven cyber defenses. Let’s analyze real-world examples of AI failures and successes in combating malware, insider threats, fraud, and more. Is AI advancing cybersecurity or is it just a glorified buzzword? How can we overcome data quality, bias, and transparency challenges? What guardrails are needed to ensure AI is designed and deployed ethically? Bring your critical perspectives as we closely examine if AI is fulfilling its cybersecurity promise or just industry hype.
    This roundtable discussion is for our Advisory Council members only.
    8:00 am
    WiCyS Massachusetts Affiliate Meeting: Get Fueled Up with Women in CyberSecurity
    • session level icon
    Open to All Attendees
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:45 am
    Location / Room: 108
    Fill your cup and prepare for Day 2 of SecureWorld Boston by joining Women in CyberSecurity for a meetup with WiCyS Executive Director Lynn Dohm. The ever-evolving landscape of cybersecurity continues to have significant demands on the workforce. Learn more about the WiCyS mission to recruit, retain, and advance women in cybersecurity, along with the local affiliate events and opportunities. Come network, enjoy morning beverages, and grab some WiCyS swag. 
    8:00 am
    InfraGard Boston Members Alliance Meeting [Open to All Attendees]
    • session level icon
    The Opportunities and Challenges of AI in Cybersecurity
    speaker photo
    Field CTO – Security Solutions, Sumo Logic
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:45 am
    Location / Room: 109
    In today’s rapidly evolving landscape of cybersecurity, the integration of artificial intelligence (AI) presents both unprecedented opportunities and complex challenges. Understanding the implications of AI in modern defense strategies is paramount for organizations seeking to safeguard their digital assets against emerging threats. With the proliferation of AI-enabled adversaries, traditional defense mechanisms are no longer sufficient. To effectively defend against these sophisticated threats, organizations must equip their security teams with the knowledge and tools necessary to adapt and evolve.
     
    Key topics covered in this fireside chat with an InfraGard board member:
    • Developing an AI-centric defense strategy: Learn how to integrate AI-driven technologies into existing security frameworks to enhance detection and response capabilities.
    • Building resilient defense mechanisms: Gain practical skills in deploying AI-powered solutions to proactively identify and neutralize threats before they escalate.
    • Adapting to the evolving threat landscape: Stay ahead of emerging threats by continuously updating and refining your AI strategy to align with evolving cyber threats.
    8:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:45 am - 9:00 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    9:00 am
    [Opening Keynote] Converge 2024: Outcome-Driven Cybersecurity Transformation
    • session level icon
    speaker photo
    CNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC
    speaker photo
    Founding Partner, CYFORIX (Former CISO & Sr. Executive at Keurig Dr Pepper, Comcast, HD Supply, and GE)
    speaker photo
    Sr. Vice President, Information Security, Semrush
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    Location / Room: Keynote Theater

    The cybersecurity landscape is no longer defined by APTs and static defenses; it’s a dynamic battlefield where agility, strategic insights and creative risk reduction executed with technical veracity drive differentiating outcomes. Our co-presenters provide differentiating insights at the intersection of national defense, global security trends, and cybersecurity risk management.

    This session helps you reimagine your security posture and provides you with a battle plan to protect your organizational assets. Col. Leighton and VJ delve into the defining trends of cybersecurity transformation, including using AI to shift from detection to prediction; addressing the evolving human factor risk with advanced security training and creating a culture of security; embracing integration and breaking down siloed data and disparate tools; and building future-proof defenses with automation and threat intelligence platforms.

    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:15 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    10:15 am
    [Panel] Stories from the Front Lines of the Ransomware Pandemic in Healthcare
    • session level icon
    speaker photo
    CISO, Keck Medicine of USC
    speaker photo
    Director, IT Security, Plymouth Rock Assurance
    speaker photo
    CISO, Mass General Brigham
    speaker photo
    CISO, Steward Health Care
    speaker photo
    Founder, Armstrong Risk Management LLC
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am
    Location / Room: 103
    Our panelists draw on the lessons learned from hundreds of ransomware incidents at hospitals – and there’s no sign of incidents slowing down. The panelists take attendees on a historical journey that includes a variety of strange scenarios — ransomware combined with insider threat; the EHR is not encrypted but the hospital is still down; the decryption keys worked but the data is still unusable.
     
    The session uncovers topics, including:
    • Adopting a whole-organization approach to ransomware preparedness
    • Asking the question, to pay or not to pay?
    • What constitutes a data breach?
    • How has ransomware evolved, and what can we expect next?
    10:15 am
    The Convergence of AI and Privacy: Data Protection Challenges and Opportunities
    • session level icon
    speaker photo
    BISO, Omnicom Group
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am
    Location / Room: 102
    The integration of Artificial Intelligence (AI) into cybersecurity practices has opened new frontiers, bringing forth both challenges and opportunities in the realm of data protection and privacy. This session delves into the intricate convergence of AI and privacy, unraveling the complexities and exploring innovative solutions. Our speaker shares insights into the data protection challenges posed by AI applications, the ethical considerations surrounding AI-driven cybersecurity, and the opportunities for enhancing privacy through responsible AI practices.
    10:15 am
    DevSecOps Magic: Communications, Processes and Visibility
    • session level icon
    speaker photo
    Solutions Architect, Seemplicity
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am
    Location / Room: 108

    For DevSecOps success, it’s not enough to deploy the latest automated security testing tools — software composition analysis (SCA), cloud native application protection platform (CNAPP), CSPM, and CWPP, CIEM, etc.

    An August 2023 SANS DevSecOps survey reported that automated application testing grew by 52% between 2022 and 2023, yet organizations reported that tools like these were seen as less useful than in 2022. How is that possible?

    Great DevSecOps requires a foundation of solid testing data plus good communications and consistent processes. Join Seemplicity as we share our insights from the SANS survey, connect that to Gartner’s Continuous Exposure Threat Management (CTEM) and talk about a foundation for successful DevSecOps.

    10:15 am
    PCI DSS v4.0 is Here…Now What? – Ask the Expert
    • session level icon
    speaker photo
    Director of Governance & Compliance, Risk Advisory Services, AccessIT Group
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am
    Location / Room: 109
    March is upon us and so is the looming PCI DSS 4.0 compliance deadline. In just a few short weeks, the previous PCI Data Security Standard (version 3.2.1) will be officially retired and a multitude of new requirements of PCI DSS 4.0 will need to be implemented. Do you have questions regarding the transition to PCI DSS v4.0? Get all your PCI compliance questions answered in this open forum discussion and get ahead of the curve. Come armed with your PCI questions, learn about the new requirements, and what specific steps to take now to prepare.
    11:00 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:00 am - 11:10 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    11:10 am
    [Panel] Promoting Security Awareness and Combatting Vulnerabilities in 2024
    • session level icon
    speaker photo
    VP, Cybersecurity & Program Management, PBS
    speaker photo
    VP, IT & Cybersecurity, Inari Agriculture
    speaker photo
    Information Security Director, Paul, Weiss, Rifkind, Wharton & Garrison LLP
    speaker photo
    VP, Sr. Manager - Cyber Oversight, Citizens Financial Group Inc.
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am
    Location / Room: 102

    The cybersecurity landscape is not getting any easier, so it’s a no-brainer that security awareness training needs constant reinvention to combat evolving threats. Additionally, legacy systems whisper vulnerabilities from the shadows. Join this dynamic panel discussion as we navigate the crossroads of these critical challenges.

    Dive deep into:

    • Beyond Basic Training: Rethinking security awareness to foster a culture of vigilance, engage employees at all levels, and combat phishing, social engineering, and other prevalent threats.
    • Taming the Vulnerabilities: From patching to proactive threat hunting, explore best practices for managing vulnerabilities in complex environments, including the often-neglected realm of legacy systems.
    • Bringing Up the Rear: The Legacy Conundrum: Learn innovative strategies for integrating old systems into your modern security architecture, mitigating vulnerabilities without disrupting critical operations.
    • Remediation Realities: When the alarm bells ring, what’s next? Delve into incident response best practices, effective communication strategies, and post-breach recovery tactics.
    11:10 am
    Moving from CISO to CIRO: A Journey into the Boardroom
    • session level icon
    speaker photo
    Operating Partner | CISO, Welsh, Carson, Anderson & Stowe
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am
    Location / Room: 109
    Chief Information Security Officers are asking to report directly to the board. Before we can report to the board, we need to be able to articulate risks, not just cyber risks, but business risks, geopolitical risks, industry risks, regulatory risks, and more. This talk positions the security leader to use risks as the foundation of the InfoSec program to help mature the role from CISO to CIRO.
    11:10 am
    [Panel] The Secret Potential of AI and ML: Empowering Cyber Superheroes with Artificial Intelligence
    • session level icon
    speaker photo
    Director, Solutions Engineering and Alliances, Automox
    speaker photo
    Global VP of Solutions Engineering, Hunters
    speaker photo
    Field CTO, Snyk
    speaker photo
    Manager, North American Sales Engineering, Kiteworks
    speaker photo
    Sr. Director, Product Management, Information Protection, Proofpoint
    speaker photo
    Director, Information Security, Hypertherm Associates
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am
    Location / Room: 103

    Artificial intelligence (AI) and machine learning (ML) have emerged as powerful tools for cybersecurity professionals, offering the potential to revolutionize how organizations and individuals detect, analyze, and respond to cyber threats. Join us as we delve into the world of AI- and ML-powered cybersecurity, exploring the hidden potential of these technologies and their ability to transform cybersecurity superheroes into formidable defenders of the digital realm.

    Our panel of experts unravel the intricate world of AI and ML in cybersecurity, shedding light on the latest advancements, emerging applications, and the challenges involved in harnessing the power of these technologies effectively. They discuss the use of AI in threat detection and analysis, ML-powered threat prediction, and the potential of AI-driven automated response capabilities.

    Our panel provides a comprehensive overview of AI and ML in cybersecurity, empowering attendees to understand the hidden potential of these technologies and explore how they can be leveraged to enhance their organization’s cybersecurity posture. Learn how to identify and implement AI and ML solutions, overcome the challenges of data privacy and ethics, and embrace the future of AI-powered cybersecurity.

    11:10 am
    Deriving Insight from Threat Actor Infrastructure
    • session level icon
    speaker photo
    Chief Evangelist, Team Cymru
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am
    Location / Room: 108

    From proactively hunting for unknown attacker infrastructure, to placing the exploitation of vulnerabilities on a timeline often obscured by large spikes in activity. This talk will explore ways in which we can enrich our understanding of the threat landscape beyond that which is shared in threat feeds and reports.

    12:00 pm
    [Lunch Keynote] Fireside Chat: Transitioning from CISO to CIO: What Changes?
    • session level icon
    speaker photo
    CIO, Morgan, Lewis & Bockius LLP
    speaker photo
    Associate CISO, St. Luke's University Health Network
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm
    Location / Room: Keynote Theater
    A talk with Steve Naphy, CIO of Morgan Lewis, a Philadelphia-based law firm working with clients ranging from established, global Fortune 100 companies to enterprising startups. Steve talks about his move from head of InfoSec to Chief Information Officer.
    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Your Security Resilience: Do You Know, or Do You Guess?
    speaker photo
    VP, Security Solutions, Keysight
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 12:45 pm
    Location / Room: 101

    When you’re making a key security decision, whether it’s firewall vendor selection, daily verification of ransomware defenses, or assurance of the performance and security of apps in a cloud migration, how do you ensure compliance with your business goals and security objectives? Do you rely on vendor reputation, the expertise of your team, analyst recommendations, or proactive testing? And are you ever surprised to find that real-world performance doesn’t match your expectations? Join this peer-to-peer conversation and come ready to share in this closed-door session.

    Moderated discussion for SecureWorld Advisory Council members. By invite only.

    12:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:45 pm - 1:15 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    1:15 pm
    Balancing Act: Data, AI and Cybersecurity Governance
    • session level icon
    speaker photo
    Cybersecurity Advisor (CSA), Integrated Operations Division | Region 1, DHS CISA
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:00 pm
    Location / Room: 109

    Join a thoughtful discussion on balancing AI innovation, ethical data use, efficient data governance and secure cyber governance practices. Gain insights on the risks, challenges and responsibilities of managing AI technologies with ethical and regulatory frameworks while exploring the integration with cybersecurity.

    1:15 pm
    [Panel] Navigating the Regulatory Landscape: Impact of New SEC Regulations on Cybersecurity Leadership
    • session level icon
    speaker photo
    CIO & CISO, BTE Partners
    speaker photo
    Partner, K&L Gates LLP
    speaker photo
    CISO, Putnam Investments
    speaker photo
    Security Program Manager, Office of the Secretary, Commonwealth of Massachusetts
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:00 pm
    Location / Room: 102

    The introduction of new SEC regulations has reshaped the terrain for CISOs. This panel session brings together seasoned cybersecurity leaders to dissect the intricacies of these new regulatory measures and delve into their profound effects on CISOs and their teams. Topics to cover include compliance challenges, reporting and transparency, resource allocation, collaboration with legal and compliance teams, impact on incident response, and strategic planning for resilience. Gain actionable insights to steer your cybersecurity strategy in compliance with the new SEC regulations.

    1:15 pm
    [Panel] Beyond the Shadows: Anticipating Tomorrow's Cyber Threats
    • session level icon
    speaker photo
    Public Sector CTO, Lookout
    speaker photo
    CEO, Envision Technology Advisors
    speaker photo
    VP, Solution Architecture, Halcyon
    speaker photo
    Sr. Director, Systems Engineering – New England, Fortinet
    speaker photo
    Automotive Solutions Director, Sec eDGE
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm
    Location / Room: 103

    In the dynamic realm of cybersecurity, the battle between defenders and digital villains is an ongoing saga. This forward-looking session will explore the evolution of cyber threats, forecasting the next wave of challenges that organizations and individuals may face. We aim to unmask the upcoming generation of digital villains, examining their sophisticated tactics and exploiting vulnerabilities that may become prevalent in the future.

    Our distinguished panel of cybersecurity experts will dissect the motivations driving these threats, from the ever-adapting strategies of profit-driven cybercriminals to the evolving techniques employed by state-sponsored actors wielding cyberweapons. As we peer into the future, we will also address the role of emerging technologies in reshaping the threat landscape, providing insights that empower organizations to proactively defend against tomorrow’s cyber challenges.

    Join us in this exploration of the unseen, as we strive to anticipate and understand the threats that lie beyond the shadows of the current cybersecurity landscape.

    1:15 pm
    Public Cloud Storage: Where Automation and Employees Take the Stage
    • session level icon
    speaker photo
    Security Architect, HubSpot
    speaker photo
    Director, Security Transformation, Netskope
    speaker photo
    Sr. Security Engineer, HubSpot
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm
    Location / Room: 108

    Securing your sensitive info in the cloud doesn’t have to be a brain-buster. Figuring out where to kick things off, especially with cloud storage that’s been hanging around for a while, might seem like a wild ride. But fear not! We’re here to jazz it up and show you how HubSpot spiced things up with some snazzy automation and a user-friendly vibe, making our data protection game strong without throwing any curveballs at end users.

    2:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:10 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    2:10 pm
    The Transformation of Security Awareness and Professional Training
    • session level icon
    speaker photo
    Fulbright Scholar, MSISPM Student, Carnegie Mellon University
    speaker photo
    Fulbright Scholar, MSISPM Student, Carnegie Mellon University
    Registration Level:
    • session level iconConference Pass
    2:10 pm - 2:55 pm
    Location / Room: 108
    Two graduate students from Carnegie Mellon University, with a combined 20 years of cybersecurity industry experience in the public and private sectors, share insights into the evolving landscape of security awareness and professional training. Gain a comprehensive understanding of the decade-long evolution of a vital risk management tool: the education of employees around cybersecurity via professional training programs.
    The co-presenters share the basics of security awareness training and dive into useful pieces of successful programs, including interactive activities such as gamification, continuous learning platforms, using dashboards to measure success (or failures), using AI, integrating security systems into the fabric of every organization, and more. Here what has worked, what hasn’t, and where security awareness and professional training are headed in an ever-changing cybersecurity landscape.
    2:10 pm
    Legal and Regulatory Risk: Challenges and Solutions for InfoSec Leaders
    • session level icon
    speaker photo
    First Vice President & Senior Consultant, Alliant Insurance
    Registration Level:
    • session level iconConference Pass
    2:10 pm - 2:55 pm
    Location / Room: 103
    Information Security leaders are facing unprecedented challenges in managing core information assets and data alongside responding to increasing legal, regulatory, and insurance risks. This presentation outlines some of the core challenges facing leaders in these areas. Come ready to hear practical recommendations to ensure that leaders understand, manage, and respond to these risks while achieving broader security and organizational objectives.
    2:10 pm
    Managing SaaS Identity Risk
    • session level icon
    speaker photo
    CEO & Co-Founder, Grip Security
    Registration Level:
    • session level iconOpen Sessions
    2:10 pm - 2:55 pm
    Location / Room: 109

    Grip is an identity-based solution for discovering shadow SaaS services and user-SaaS relationships, identifying risk based on your organizations use of SaaS and governing access to unfederated SaaS applications.

    3:00 pm
    Networking Break and Dash for Prizes
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:30 pm
    Location / Room: Exhibitor Hall

    Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

    Scan your badge at the Registration Desk to receive your CPE Certificate after Dash for Prizes.

    3:45 pm
    [PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 4
    • session level icon
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm
    Location / Room: 105

    Today’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.

    This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:

    1. How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
    2.  How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
    3. How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
    4. How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
    5. How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.

    The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.

    3:45 pm
    [PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 4
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm
    Location / Room: 104

    Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

    In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.

    You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

    • What are the components of the framework?
    • Why is the framework is valuable?
    • What type of organizations can use the framework?

    Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

    You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

    Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

    We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

Exhibitors
  • AccessIT Group
    Booth: 400

    AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.

    AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.

  • Akeyless
    Booth: 450

    Akeyless Security is the company behind Akeyless Platform, the leading Vaultless Secrets Management platform designed to protect credentials, certificates and keys across multi-cloud and DevOps Environments.

  • Arctic Wolf Networks
    Booth: 175

    Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOC™ service is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting, and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit  https://www.arcticwolf.com.

  • Astrix Security
    Booth: 305

    Astrix is the leader in securing non-human identities (API keys, service accounts, Access tokens,…), and extending identity security to machines. An RSA 2023 Innovation Sandbox finalist and a 2023 Gartner Cool Vendor for Identity First Security. We’ve raised $40M in total funding from the world’s top investors (CRV and Bessemer Venture Capital) tochange how apps connect to enterprises. We’re on a mission to allow businesses to leverage third-party apps and generative AI tools without compromising security, and we’re trusted by leading enterprises such as Priceline, Figma, Workato, and Agoda.

  • Atlantic Data Security
    Booth: 325

    Since 1993, Atlantic has been representing industry leading security products to help get customers to an acceptable level of IT security risk. Atlantic works extensively with both large enterprises and SMB markets, understanding their business goals before any solution is recommended. Atlantic’s strict focus ensures that customers receive the highest level of both service and support.

  • Automox
    Booth: 400

    Automox tackles one of today’s biggest cybersecurity challenges: misconfigured and out-of-date systems that can easily be exploited. Legacy tools simply cannot remediate known vulnerabilities as efficiently as modern IT demands. Automox is rewriting those rules with a cloud-native endpoint hardening platform that delivers unprecedented speed, simplicity, and automation—whether it is on-prem, in the cloud, or on the move.

  • Axonius
    Booth: 115

    Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy with solutions for both cyber asset attack surface management (CAASM) and SaaS management.

  • BeyondTrust
    Booth: 325

    BeyondTrust is the worldwide leader in Privileged Access Management (PAM), empowering organizations to secure and manage their entire universe of privileges. Our integrated products and platform offer the industry’s most advanced PAM solution, enabling organizations to quickly shrink their attack surface across traditional, cloud and hybrid environments.

    The BeyondTrust Universal Privilege Management approach secures and protects privileges across passwords, endpoints, and access, giving organizations the visibility and control they need to reduce risk, achieve compliance, and boost operational performance. We are trusted by 20,000 customers, including 78 of the Fortune 100, and a global partner network.

  • BIO-key
    Booth: 267

    BIO-key is a trusted provider of Identity and Access Management (IAM) and Identity-Bound Biometric solutions that offer an easy and secure way to authenticate the identity of employees, customers, and suppliers while managing their access across devices and applications.

    Over 1,000 global customers, including AT&T, the federal government, and 200+ higher education institutions trust BIO-key PortalGuard IDaaS, an award-winning IAM platform, to reduce password-related help desk calls by up to 95%, eliminate passwords, secure remote access, prevent phishing attacks, and improve productivity for the IT team. PortalGuard provides the simplicity and flexibility required to secure the modern digital experience with options for single sign-on, self-service password reset, and over 16 multi-factor authentication methods, and is the only IAM platform to offer Identity-Bound Biometrics.

    As a global leader in biometrics, BIO-key is the only provider of an IAM platform with integrated Identity-Bound Biometrics (IBB). IBB is the only authentication method that permanently binds a biometric to the user’s digital identity, to provide the highest level of integrity – in other words to be sure that it is you authenticating, not an unauthorized user, or hacker, only you.

    BIO-key has provided IBB software and hardware solutions for enterprise use cases, first as an industry leader with biometric fingerprint authentication software and fingerprint scanners, to now being the only vendor to offer a mobile application that uses a palm scan to authenticate the user, BIO-key MobileAuth with PalmPositive.

    Backed by decades of expertise, BIO-key has a proven track record of successful IAM project delivery and strong customer relationships.

  • BitSight
    Booth: 294

    BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog, or follow @BitSight on X.

  • BlackBerry Cybersecurity
    Booth: 155

    BlackBerry Cybersecurity is a leader in endpoint security, endpoint management, encryption, and embedded systems, protecting enterprises and governments around the world. Our end-to-end approach is deeply rooted in Cylance® AI and machine learning, providing continuous preventative protection, detection, and instant response. We extend protection for your organization against current and future cyberthreats by combining network and endpoint telemetry and by delivering innovative solutions in the areas of cybersecurity, safety, and data privacy.

  • Blumira
    Booth: 435

    Blumira’s cloud SIEM platform offers both automated threat detection and response, enabling organizations of any size to more efficiently defend against cybersecurity threats in near real-time. It eases the burden of alert fatigue, complexity of log management and lack of IT visibility.

    Blumira’s cloud SIEM can be deployed in hours with broad integration coverage across cloud, endpoint protection, firewall and identity providers including Azure, Office 365, G Suite, Crowdstrike, Okta, Palo Alto, Cisco FTD and many others.

  • Bright Security
    Booth: 337

    A powerful application & API security testing platform that security teams trust and developers love.

    We integrate into your CI/CD pipeline and enable you to run DAST scans with every build. Identify a broad set of known (7,000+ payloads) and unknown (0-day) security vulnerabilities. Scan multiple protocols across Web, mobile & APIs. Built for developers with zero false positives and clear remediation instructions.

  • Bugcrowd Inc.
    Booth: 238

    By combining the world’s most experienced team of bounty experts and the market’s only enterprise-grade bug bounty platform, Bugcrowd connects organizations to a global crowd of trusted security researchers to identify vulnerabilities—before the  adversaries do.

  • CardinalOps
    Booth: 125

    CardinalOps delivers AI-powered detection content and metrics to ensure your SOC is protected from the MITRE ATT&CK techniques most relevant to your organization’s adversaries, infrastructure, and business priorities.

    Leveraging proprietary analytics and API-driven automation, the platform continuously delivers new use cases enabling your SOC team to stay ahead of constant change in the attack surface and threat landscape – plus continuously identify and remediate broken rules and misconfigured log sources – so you can close the riskiest detection gaps that leave your organization exposed.

    Founded in early 2020, CardinalOps is led by serial entrepreneurs whose previous companies were acquired by Palo Alto Networks, HP, Microsoft Security, IBM Security, and others. The company’s advisory board includes Dr. Anton Chuvakin, recognized SIEM expert and Head of Security Solution Strategy at Google (formerly Gartner Research VP); Dan Burns, former Optiv CEO and founder of Accuvant; and Randy Watkins, CTO of Critical Start.

  • Cato Networks
    Booth: 285

    Cato Networks pioneered the convergence of networking and security into the cloud. Aligned with Gartner’s Secure Access Service Edge (SASE) and Security Service Edge (SSE) frameworks, Cato’s vision is to deliver a next generation secure network architecture that eliminates the complexity, costs, and risks associated with legacy IT approaches based on disjointed point solutions. With Cato, organizations securely and optimally connect any user to any application anywhere on the globe. Our cloud-native architecture enables Cato to rapidly deploy new capabilities and maintain optimum security posture, without any effort from the IT teams. With Cato, your IT organization and your business are ready for whatever comes next. For more information, visit https://www.catonetworks.com.

  • Check Point Software Technologies
    Booth: 470

    Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • Claroty
    Booth: 293

    Claroty empowers organizations to secure cyber-physical systems across industrial (OT), healthcare (IoMT), and enterprise (IoT) environments: the Extended Internet of Things (XIoT). The company’s unified platform integrates with customers’ existing infrastructure to provide a full range of controls for visibility, risk and vulnerability management, threat detection, and secure remote access. Backed by the world’s largest investment firms and industrial automation vendors, Claroty is deployed by hundreds of organizations at thousands of sites globally. The company is headquartered in New York City and has a presence in Europe, Asia-Pacific, and Latin America.

  • CrowdStrike
    Booth: 300

    CrowdStrike sets the standard for cybersecurity in the cloud era. The CrowdStrike Falcon® platform protects and enables the people, processes, and technologies that drive modern enterprise, delivering superior protection, better performance, reduced complexity, and immediate time-to-value. CrowdStrike secures the most critical areas of enterprise risk—endpoints and cloud workloads, identity, and data—to keep organizations ahead of today’s adversaries and stop breaches.

  • CyberArk Software
    Booth: 335

    CyberArk (NASDAQ: CYBR) is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including 50 percent of the Fortune 500, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.

  • CyCognito
    Booth: 190

    CyCognito empowers companies to take full control over their attack surface by uncovering and eliminating the critical security risks they didn’t even know existed. Welcome to the Shadow Risk Revolution.

  • D3 Security
    Booth: 185

    D3 is building up MSSPs and SecOps teams by offering the most innovative, most reliable security automation platform — no matter the stack or scale required.

  • Dazz Inc.
    Booth: 462

    Dazz delivers unified remediation for fast-moving security and development teams. We plug into the tools that find code flaws and infrastructure vulnerabilities, cut through the noise, prioritize the vulnerabilities that matter, and deliver a one-click fix to code owners in a developer-friendly way. We fit into engineering teams’ existing workflow, massively streamline process, and meaningfully cut time-to-remediate.

  • Egress Software Technologies
    Booth: 338

    Egress Software Technologies Ltd is a UK-based software company. It provides a range of data security services designed to protect shared information throughout its lifecycle, offering on-demand security for organisations and individuals sharing confidential information electronically.

  • Envision Technology Advisors
    Booth: 215

    Envision Technology Advisors is a business and technology consultancy specializing in Digital Transformation, Cybersecurity, Business Continuity, Infrastructure Consulting, Web Design and Development, and much more. With offices in Rhode Island and the Boston area, Envision serves clients throughout New England and beyond.

  • eShare
    Booth: 290

    Helping organizations increase their productivity, operate more efficiently, and create optimal employee and client engagement through the power of frictionless and transparent collaboration.

    We leverage your existing investments in Google and Microsoft without you needing to purchase a myriad of point solutions and in the process provide the following:

    · Frictionless guardrails that will not get in the way of workflow.
    · Unparalleled visibility into how your employees, customers and partners are using your content.
    · Seamless authentication
    · Use of your corporate branding to prevent returned, blocked or unsent files.

  • ExtraHop
    Booth: 400

    ExtraHop is a force multiplier for IT teams struggling with increasing complexity. With the ExtraHop platform, organizations can regain control over the security and performance of their applications and infrastructure, and capitalize on their data analytics opportunity to improve business operations and results. Learn more at www.extrahop.com

  • Forcepoint
    Booth: 145

    Forcepoint is transforming cybersecurity by focusing on what matters most: people’s behavior as they interact with critical data and systems. Forcepoint behavior-based solutions adapt to risk in real time and are delivered via a converged security platform, protecting the human point for thousands of enterprise and government customers. Our solutions include Cloud Security, Network Security, Data & Insider Threat Security.

  • Ping Identity
    Booth: 390

    Ping Identity delivers intelligent identity solutions for the enterprise. We enable companies to achieve Zero Trust identity-defined security and more personalized, streamlined user experiences.

  • Fortinet
    Booth: 433

    Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.

  • Fortra
    Booth: 325

    HelpSystems has long been known for helping organizations become more secure and autonomous. However, over the years, our customers have shared with us that it has gotten harder and harder to protect their data. As technology plays an increasingly important role in the way organizations operate, cyberthreats are evolving to become more powerful than ever before. If there’s one thing we’ve learned from being in an industry where the only constant is change, it’s that being adaptable is the best way to grow in the right direction. So we’ve listened to our customers’ concerns, problem-solved, and delivered with impressive results. Consequently, we’re a different company today — one that is tackling cybersecurity head-on.

    That’s why HelpSystems is now Fortra, your cybersecurity ally. We’re bringing the same people-first support and best-in-class portfolio that you’ve come to expect from HelpSystems, only now we’re unified through the mission of providing solutions to organizations’ seemingly unsolvable cybersecurity problems. We offer leading solutions like data security, infrastructure protection, managed services, and threat research and intelligence. Throughout every step of our customers’ journeys, our experts are determined to help increase security maturity while decreasing the operational burden that comes with it. Because our team puts the same level of care into protecting our customers’ peace of mind as their precious data.

    We’re driven by the belief that nothing is unsolvable.
    We’re tenacious in our pursuit of a better future for cybersecurity.
    We are Fortra.

  • Gigamon
    Booth: 325

    Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com. 

  • Google Cloud
    Booth: 330

    Google Cloud Security provides organizations with leading infrastructure, platform capabilities and industry solutions to help them solve their most critical business problems. Google Cloud Security helps customers protect their global operations with solutions such as zero trust security, application and data protection, fraud prevention, and threat detection and response.

  • Grip Security
    Booth: 275

    Grip brings the industry’s most comprehensive visibility across all enterprise SaaS applications–known or unknown for apps, users, and their basic interactions with extreme accuracy to minimize false positives. Armed with deep visibility, Grip secures all SaaS application access regardless of device or location as well as mapping data flows to enforce security policies and prevent data loss across the entire SaaS portfolio.

  • Halcyon, Inc
    Booth: 388

    Halcyon is a cybersecurity company building products that stop ransomware from impacting enterprise customers. Halcyon’s core platform offers layered ransomware protection that combines pre-execution detection, behavioral modeling, deception techniques and, if all else fails, resiliency, recovery and isolation of impacted nodes. To learn more and get a demo, contact us today.

  • HashiCorp
    Booth: 315

    At HashiCorp, we believe infrastructure enables innovation, and we are helping organizations to operate that infrastructure in the cloud. Our suite of multi-cloud infrastructure automation products—all with open source projects at their core—underpin the most important applications for the largest enterprises in the world. As part of the once-in-a-generation shift to the cloud, organizations of all sizes, from well-known brands to ambitious start-ups, rely on our solutions to provision, secure, connect, and run their business-critical applications so they can deliver essential services, communications tools, and entertainment platforms worldwide.

  • Horizon3.ai
    Booth: 212

    Horizon3.ai’s mission is to help you find and fix attack vectors before attackers can exploit them. NodeZero, our autonomous penetration testing solution, enables organizations to continuously assess the security posture of their enterprise, including external, identity, on-prem, IoT, and cloud attack surfaces.

    Like APTs, ransomware, and other threat actors, our algorithms discover and fingerprint your attack surface, identifying the ways exploitable vulnerabilities, misconfigurations, harvested credentials, and dangerous product defaults can be chained together to facilitate a compromise.

    NodeZero is a true self-service SaaS offering that is safe to run in production and requires no persistent or credentialed agents. You will see your enterprise through the eyes of the attacker, identify your ineffective security controls, and ensure your limited resources are spent fixing problems that can actually be exploited.

  • HPE Aruba Networking
    Booth: 340

    At Aruba, a Hewlett Packard Enterprise company, we believe the most dynamic customer experiences happen at the Edge—an office, a hospital, a school, or at home. It’s anyplace work gets done and data is generated by users, devices, and things across your network. Our mission is to help customers capitalize on these opportunities by providing secure edge-to-cloud networking solutions. We use AI-based machine learning to deliver simpler, faster, and more automated networks that analyze data to help businesses thrive.

  • HUB Tech
    Booth: 150

    HUB Tech partners with its clients becoming part of their support team. We work beside you to ensure you have a strategy that allows you to transform your Information infrastructure to keep up with the needs of your organization and your users. We have developed proprietary tools and strategies that have enabled us to lower cost and increase the quality of service to our client base, especially to state agencies, municipalities and school districts, where cost is a deciding factor in everyday decision making.

    Our mission is simple – to take full ownership for all that we do, to protect those who trust in us, and to make lifelong clients from every customer contact.

  • Hunters
    Booth: 270
    Hunters SOC Platform transforms security ops with AI and automation, providing a superior alternative to traditional SIEM systems. It streamlines threat detection and auto-investigation, empowering analysts with deeper insights and efficiency.

     

  • Infoblox
    Booth: 475

    Infoblox delivers modern, cloud-first networking and security experiences that are simple, automated, scalable and reliable. The company is the market leader with over 12,000 customers worldwide, including over 70 percent of the Fortune 500. The company’s portfolio of SaaS, data center, and hybrid offerings for DHCP, DNS, IPAM and security solutions enable organizations to leverage the advantages of on-premises and cloud-first architectures. The combination of NIOS, BloxOne DDI, BloxOne Threat Defense and threat intelligence services provide a robust foundation for connecting and securing the modern enterprise.

  • InfraGard Boston
    Booth: 295

    InfraGard is a United States government (FBI) and private sector alliance. InfraGard Boston was developed by the Boston FBI office in 1998 to promote protection of critical information systems. InfraGard provides formal and informal channels for the exchange of information about infrastructure threats and vulnerabilities. The purpose of the synergistic exchange is to allow members to better protect themselves and their corporate interests while enhancing the ability of the United States government to provide national security.

  • Invicti
    Booth: 420

    Invicti Security is transforming the way web applications are secured. An AppSec leader for more than 15 years, Invicti enables organizations in every industry to continuously scan and secure all of their web applications and APIs at the speed of innovation. Invicti provides a comprehensive view of an organization’s entire web application portfolio, and powerful automation and integrations enable customers to achieve broad coverage of even thousands of applications. Invicti is headquartered in Austin, Texas, and serves more than 3,500 organizations of all sizes all over the world.

  • ISACA New England Chapter
    Booth: 105

    The New England Chapter of ISACA® was founded in 1976. From the modest beginnings of its first meeting—which was held at Valle’s Steak House on Route 9 in Newton, Massachusetts—the chapter has grown to over 2000 members across four states (MA, NH, ME, VT).

    The primary objective of the New England Chapter  is to provide quality Information Systems audit and security-related education to support its members and their professional certifications.

  • ISC2 Eastern Massachusetts
    Booth: 220

    Advancing Information Security One Community at a Time
    As anyone seriously involved in the information security profession can attest, peer networking is an invaluable resource. ISC2 Eastern Massachusetts Chapter provide members with the opportunity to build a local network of peers to share knowledge, exchange resources, collaborate on projects, and create new ways to earn CPE credits!

  • ISC2 Maine Chapter
    Booth: 220

    The ISC2 Maine Chapter is a professional association authorized by the ISC2 the World’s Leading Cybersecurity Professional Organization created by ISC2 members and information security professionals living and working in Maine.

    The ISC2 Maine Chapter is dedicated to providing education and regular meetings to help information security professionals in Maine. Our chapter benefits from a diverse membership that works in various organizations across important sectors such as healthcare, financial services, national defense, government, service providers, and many more.

  • ISC2 Rhode Island
    Booth: 159

    The ISC2 Rhode Island Chapter is a professional association authorized by the ISC2 the World’s Leading Cybersecurity Professional Organization created by ISC2 members and information security professionals living and working in Rhode Island.

    Our mission is to help further the profession and understanding of information security by providing professional growth to ISC2 members in Rhode Island in the form of educational presentations, live networking opportunities, and mentorship from our community of information security professionals and enthusiasts.

  • ISSA New England
    Booth: 440

    The Information Systems Security Association (ISSA) is an international organization providing educational forums, publications, and peer interaction opportunities that enhance the knowledge, skills, and professional growth of its members’ information security professionals. The primary goal of ISSA is to promote management practices that will ensure availability, integrity, and confidentiality of organizational resources.

    Since its inception in 1982, ISSA’s membership has grown to include more than 100 chapters around the world with members who represent a diverse collection of organizations, including major U.S. and international corporations, leading consulting firms, world-class educational institutions, and government agencies. From EDP audit and corporate security to contingency planning and disaster recovery, ISSA members are committed to protecting their organizations’ assets and resources.

    Visit the National Headquarter’s website at www.issa.org.

  • K Logix
    Booth: 165

    K logix is the leading information security company. We provide security consulting, technology solutions, and integration services to enterprise companies. Our experienced team and our established process help enterprise customers make confident security decisions that impact their business goals.

  • Keyfactor
    Booth: 230

    Keyfactor brings digital trust to the hyper-connected world with identity-first security for every machine and human. By simplifying PKI, automating certificate lifecycle management, and securing every device, workload, and thing, Keyfactor helps organizations move fast to establish digital trust at scale—and then maintain it. In a zero-trust world, every machine needs an identity and every identity must be managed. For more, visit keyfactor.com or follow @keyfactor.

  • Keysight
    Booth: 480

    Keysight’s portfolio of network security solutions simulate threats, eliminate blind spots, taking control of a rapidly-changing attack surface. Be a hero, not a headline, by proving your network is secure simulating attacks, exposing gaps early, and course correct with step-by-step fixes; protecting users and applications with increased the efficiency, performance, and reliability of your security systems;  patrolling every packet eliminating vulnerable blind spots and decrypt threats hiding in SSL traffic; and practice your cyber skills enhancing your security and attack response skills against real-world threats.

  • Kiteworks
    Booth: 400

    Kiteworks’ mission is to empower organizations to effectively manage risk in every send, share, receive, and save of sensitive content. To this end, we created a platform that delivers content governance, compliance, and protection to customers. The platform unifies, tracks, controls and secures sensitive content moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all sensitive content communications.

  • Lacework
    Booth: 205

    Lacework automates security across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), providing a comprehensive view of risks across cloud workloads and containers. Lacework’s unified cloud security platform provides unprecedented visibility, automates intrusion detection, delivers one-click investigation, and simplifies cloud compliance.

  • LogRhythm
    Booth: 492

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • Lookout
    Booth: 485

    Lookout is a cybersecurity company that makes it possible for individuals and enterprises to be both mobile and secure. With 100 million mobile sensors fueling a dataset of virtually all the mobile code in the world, the Lookout Security Cloud can identify connections that would otherwise go unseen—predicting and stopping mobile attacks before they do harm.

  • National Cybersecurity Alliance
    Booth: TBD

    Our alliance stands for the safe and secure use of all technology. We encourage everyone to do their part to prevent digital wrongdoing of any kind. We build strong partnerships, educate and inspire all to take action to protect ourselves, our families, organizations and nations. Only together can we realize a more secure, interconnected world.

  • NetAlly, LLC
    Booth: 173

    Since 1993, we have been the #1 ally of network professionals worldwide. We began by making the world’s first handheld network analyzer, and have continued as industry pacesetters ever since, first as Fluke Networks® then NetScout®. Now, as an independent company, NetAlly continues to set the standard for portable network testing. We are a company founded by engineers, passionate about innovation, and motivated by one purpose: to create the best test equipment possible, designed with your success in mind. Period.

    Our leading edge tools work hard to get the job done fast by…
    • Simplifying the complexities of networks
    • Providing instant visibility for efficient problem solving
    • Enabling seamless collaboration between site personnel and remote experts.

    Your organization relies on you to keep their networks running. And just like you, we are reliable, practical, no-nonsense experts. We are your behind the scenes partner.

    We are NetAlly.

  • Netskope
    Booth: 400

    The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.

  • New England Cyber Fraud Task Force (NECFTF)
    Booth: 295

    The NECFTF is composed of officials from state and local law enforcement throughout Massachusetts, New Hampshire, Rhode Island, Vermont and Maine and is charged with preventing, detecting and mitigating complex cyber-crime threatening payment systems and critical infrastructure. The five task force officers represent the Concord Police Department, the Grafton County Sheriff’s Office, the Manchester Police Department and the Nashua Police Department.

  • Oasis
    Booth: 210

    Oasis Security is the leading provider of Non-Human Identity Management (NHIM) solutions. NHI Management is a huge and unresolved security weakness that is constantly exploited by malicious cyber attackers. By enabling control over Non-Human Identities, we bridge the gap between devops/R&D and security ensuring our customers elevate their security posture while maintaining highly efficient operations.

  • Okta
    Booth: 120

    Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.

  • Optiv
    Booth: 280

    Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.

  • Panther Labs
    Booth: 385

    Panther Labs was founded by a team of veteran security practitioners who faced the challenges of security operations at scale and set out to build a platform to solve them. The result is Panther, a refreshingly practical platform for threat detection and response powered by a highly scalable security data lake and detection-as-code.

  • Picus Security
    Booth: 268

    Picus Security is the pioneer of Breach and Attack Simulation (BAS). The Picus Complete Security Control Validation Platform is trusted by leading organizations worldwide to continuously validate the effectiveness of security controls against cyber-attacks and supply actionable mitigation insights to optimize them.

    Picus has offices in North America, Europe and APAC and is supported by a global network of channel and alliance partners. The company is dedicated to helping security professionals become more threat-centric and via its Purple Academy offers free online training to share the latest offensive and defensive cybersecurity strategies.

  • Pondurance
    Booth: 325

    Pondurance delivers world-class Managed Detection & Response (MDR), Incident Response (IR), Vulnerability Management, and Advisory Services to industries facing today’s most pressing and dynamic cybersecurity challenges. Our U.S. based Security Operations Center (SOC) offers personal, proactive, and around-the-clock cybersecurity to protect the human experience. We take a risk-based approach to cybersecurity; so you know you are protecting your most valuable assets and reducing your cyber risk.

    Our mission is to ensure that every organization is able to detect and respond to cyber threats—regardless of size, industry or current in-house capabilities. We believe AI and automation alone aren’t enough, you need ingenious human experience because attackers aren’t machines, they are people. We combine our advanced platform with decades of human intelligence to speed detection and response and contain cybersecurity threats quickly to ultimately decrease risk to your mission.

  • Proofpoint
    Booth: 180

    Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.

    Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.

  • Qwiet AI
    Booth: 213

    Qwiet AI provides SBOMs with the click of a button, so you can focus on producing secure code quickly and accurately. Save time manually tracking down libraries and keeping track in spreadsheets.

  • RADICL
    Booth: 122

    RADICL provides SMBs serving America’s Defense Industrial Base (DIB) and critical infrastructure Xtended Threat Protection (XTP). RADICL’s purpose-built and proprietary XTP™ platform delivers SMBs deep-spectrum™ threat protection and compliance management that is quick, easy, and affordable. The RADICL XTP™ Platform powers an AI-augmented virtual Security Operations Center (vSOC) that delivers heavily automated and expert-driven threat monitoring, threat hunting, incident response, vulnerability management, security awareness training, and managed compliance adherence. RADICL enables SMBs in the DIB to spend more time running a profitable business to support our country and less time worrying about security and compliance.

  • Radware
    Booth: 490

    Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.

  • Rapid7
    Booth: 445

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • Robert Half
    Booth: 100

    Robert Half, the world’s first and largest specialized talent solutions firm, connects opportunities at great companies with highly skilled job seekers. We offer contract, temporary and permanent placement solutions for roles in finance and accounting, technology, marketing and creative, legal, and administrative and customer support. Named to Fortune’s World’s Most Admired Companies and 100 Best Companies to Work For® lists and a Forbes Best Employer for Diversity, Robert Half is the parent company of Protiviti®. Robert Half is traded on the New York Stock Exchange (symbol: RHI) and is a member of the S&P 500 index.

  • RSA a Dell Technologies Company
    Booth: 325

    RSA Business-Driven Security™ solutions provide organizations with a unified approach to managing digital risk that hinges on integrated visibility, automated insights and coordinated actions.  With solutions for rapid detection and response, user access control, consumer fraud protection, and integrated risk management, RSA customers can thrive and continuously adapt to transformational change.

  • Savvy Security
    Booth: 265

    Savvy automatically discovers and remediates your most toxic combinations of SaaS identity risk. It also allows you to guide users at scale towards proper security hygiene using just-in-time security guardrails.

  • SecurityScorecard
    Booth: 400

    SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their third-parties through continuous, non-intrusive monitoring. SecurityScorecard’s proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Application Security, Malware, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Information.

  • Security Compass
    Booth: 200

    Security Compass, the Security by Design Company, is a leading provider of cybersecurity solutions, enabling organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows. Its developer-centric threat modeling offering, SD Elements, and Application Security Training solutions help organizations release secure and compliant software to market quickly and cost effectively.

    Security Compass is the trusted solution provider to leading financial and technology organizations, the U.S. Department of Defense, government agencies, and renowned global brands across multiple industries. The company is headquartered in Toronto, with offices in the U.S. and UK. For more information, please visit www.securitycompass.com

  • Seemplicity
    Booth: 460

    Seemplicity offers a risk reduction and productivity platform that streamlines the way security teams manage risk reduction. By orchestrating, automating, and consolidating all remediation activities into a single workspace, Seemplicity is revolutionizing the way security teams drive and scale risk reduction efforts across organizations.Seemplicity streamlines and collaboratively transforms the remediation process for developers, DevOps, and IT across the organization, assisting them in achieving complete operational resilience and establishing a truly scalable security program.

  • SentinelOne
    Booth: 425

    SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.

  • Sentra
    Booth: 245

    Sentra’s multi-cloud data security platform, discovers, classifies, and prioritizes the most business-critical data security risks for organizations, enabling more effective, faster remediation and compliance adherence.

    Specializing in Data Security Posture Management (DSPM), Sentra ensures that the correct security posture moves with sensitive cloud data.
    By automatically detecting vulnerabilities, misconfigurations, over-permissions, unauthorized access, data duplication, and more – Sentra empowers data handlers to work freely and safely with public cloud data, while leveraging rich insights to drive business growth and innovation.

  • Silverfort
    Booth: 235

    Silverfort protects enterprises from data breaches, cyber attacks and insider threats, by preventing credential compromise and misuse across the entire corporate network and cloud infrastructure. Silverfort leverages patent-pending technology to seamlessly harden the basic authentication and access mechanisms used by all client devices and services, instantly equipping them with the latest authentication and access protection technology without any change or integration.

  • Skybox Security
    Booth: 415

    Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.

  • Snyk
    Booth: 255

    Snyk is a developer-first security company that helps organizations use open source and stay secure. Snyk is the only solution that seamlessly and proactively finds and fixes vulnerabilities and license violations in open source dependencies and container images. Founded in 2015, Snyk is based in London, England.

  • Sophos
    Booth: 172

    Sophos delivers superior cybersecurity outcomes by providing cybersecurity as a service to protect companies of all sizes from the most advanced cyberthreats. Our cybersecurity products and services include managed detection and response (MDR), firewall, email, endpoint (XDR), and cloud native security protection. Sophos products and services defend against ransomware, phishing, malware, and more. They connect through the cloud-based Sophos Central management console and are powered by Sophos X-Ops, our cross-domain threat intelligence unit. We provide fully managed security solutions so you can manage your cybersecurity directly with our security operations platform. Or, you can supplement your in-house team with Sophos’ products and services.

  • StackHawk
    Booth: 465

    StackHawk makes it simple for developers to find, triage, and fix application security bugs. Scan your application for AppSec bugs in the code your team wrote, triage and fix with provided documentation, and automate in your pipeline to prevent future bugs from hitting prod.

  • Sumo Logic
    Booth: 400

    Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world.

  • Sysdig
    Booth: 260

    The Sysdig Secure DevOps Platform provides security to confidently run containers, Kubernetes and cloud services. Only Sysdig has the deep visibility needed to see all threats, vulnerabilities and suspicious activity. With Sysdig you can secure the build pipeline, detect and respond to runtime threats, continuously validate compliance, and monitor and troubleshoot cloud infrastructure and services.

    Sysdig is a SaaS platform, built on an open source stack that includes Falco and sysdig OSS, the open standards for runtime threat detection and response. Hundreds of organizations rely on Sysdig to secure containers, Kubernetes and cloud services.

  • Syxsense
    Booth: 410

    Syxsense is the world’s first software vendor providing cloud-based, automated endpoint and vulnerability management solutions that streamline IT and security operations. With our advanced platform, businesses gain complete visibility and control over their infrastructure, reducing IT risks and optimizing operational efficiency. Our real-time alerts, risk-based vulnerability prioritization, pre-built remediations, and intuitive automation and orchestration engine enable organizations to focus on their core business goals—confident in the knowledge that their enterprise is secure, compliant, and running smoothly. Rely on Syxsense to safeguard your IT infrastructure, so you can concentrate on what you do best—driving your business forward.

  • Tanium
    Booth: 345

    Tanium defends every team, endpoint and workflow against the largest attack surface in history by delivering the industry’s first convergence of IT management and security operations with a single platform under a new category, Converged Endpoint Management (XEM).

    The integrated offering links IT operations, security and risk teams from a single pane of glass to provide a shared source of truth, a unified set of controls, and a common taxonomy that brings together siloed teams for a shared purpose—to protect critical information and infrastructure.

    For more information, visit: https://www.tanium.com.

  • Team Cymru
    Booth: 430

    Team Cymru’s mission is to save and improve human lives.  We are unrivalled across three disciplines; digital business risk platforms, free to use community services and support services to over 143 Government CSIRT teams.

    Our business risk and threat intelligence platforms empower global organizations with unmatched Threat Reconnaissance and Attack Surface Management capabilities to meet the challenges of today’s cyber threats.

    Community Services equip those who run the internet to defend it from criminals who wish to disrupt and cause harm, and CSIRT enables Governments the tools to outmaneuver nation state threat actors.

    Since 2005, our reputation remains unchallenged.

  • Thales
    Booth: 310

    As the global leader in cloud and data protection, we help the most trusted brands and largest organizations in the world protect their most sensitive data and software, secure the cloud and achieve compliance through our industry-leading data encryption, access management, and software licensing solutions.

  • ThreatLocker
    Booth: 250

    ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com

  • Tigera
    Booth: 110

    Tigera provides the industry’s only active security platform with full-stack observability for containers and Kubernetes. We are also the creator and maintainer of Calico Open Source, the most widely used container networking and security solution. Calico software powers more than 100M containers across 2M nodes in 166 countries, and is supported across all major cloud providers and Kubernetes distributions.

  • Tines
    Booth: 225

    Founded in 2018 in Dublin by experienced security engineers, Tines makes enterprise automation simple.

    Security and operations teams are too often stuck doing manual, repetitive tasks, and we want to change that. Tines is an automation platform designed to allow anyone to automate any manual task, regardless of complexity. No apps, plugins, or custom code required.

    With 1,000+ template options for common security actions, Tines is power and simplicity through direct integration with your existing tools.

  • Towerwall
    Booth: 130

    Towerwall, a highly focused and specialized woman-owned cybersecurity company, has helped scores of companies safeguard their data and leverage their investment in IT with advanced cybersecurity technology solutions and services. Our experience in all facets of cybersecurity coupled with serving in the CIO/CISO/ISO roles provides a first-hand understanding of the security challenges companies face daily. We have built a solution set ranging from setting up a formal ISMP to cybersecurity policies for addressing GRC, immediate mitigation, vulnerability management, IRP/DR/BCP and vCISO.

  • TrueFort
    Booth: 389

    TrueFort® Platform puts you in control of lateral movement across the data center and cloud, protecting service accounts and against zero-day threats. The TrueFort Cloud extends protection beyond network activity by shutting down the abuse of service accounts. Founded by former IT executives from Bank of America and Goldman Sachs, leading global enterprises trust TrueFort to deliver unmatched application environment discovery and microsegmentation for accounts and activity.

  • Tufin
    Booth: 325

    As the market leader of award-winning Security Policy Orchestration solutions, Tufin provides enterprises with the ability to streamline the management of security policies across complex, heterogeneous environments. With more than 2,000 customers, Tufin automatically designs, provisions, analyzes and audits network security configuration changes – from the application layer down to the network layer – accurately and securely. It assures business continuity with a tight security posture, rapid service delivery and regulatory compliance across physical, private, public and hybrid cloud environments.

  • Varonis
    Booth: 170

    Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • Veriti
    Booth: 380

    Veriti is a fast-growing security infrastructure innovator that helps organizations maximize their security posture while ensuring business uptime.

    Integrated with the entire security stack, Veriti provides a consolidated management layer that continually and proactively monitors exposure to threats and provides actionable remediation paths for security gaps and high-risk vulnerabilities across the organization’s infrastructure and attack surface.

  • Veza
    Booth: 325

    Veza is the authorization platform for data. Designed for hybrid, multi-cloud environments, Veza enables organizations to easily understand, manage and control who can and should take what action on what data. We empower customers to leverage the power of authorization for an identity-first approach to security, addressing critical business needs tied to managing access governance, data lake security, cloud entitlements, privileged access, and more. Global enterprises like Blackstone, ASAPP, Barracuda Networks, Choice Hotels, and a number of Fortune 500 and emerging organizations trust Veza to secure their enterprise data. Founded in 2020, Veza is headquartered in Los Gatos, California and is funded by Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures.

  • WEI
    Booth: 237

    Why WEI?  We go further.

    At WEI, we’re passionate about solving your technology problems and helping you drive your desired business outcomes. We believe in challenging the status quo and thinking differently.  There are a lot of companies that can take today’s technology and create a great IT solution for you. But we do more. We go further. And we have the customer, vendor and industry awards to prove it.  WEI is a premier technology partner, who always puts our customers first while providing the most innovative solutions for over 29 years.

  • WiCyS Massachusetts Affiliate
    Booth: 195

    The Massachusetts WiCyS Affiliate offers mentoring, learning, networking and career development to professionals at all stages of their cybersecurity careers, Whether you are a student just considering a career in cybersecurity or an experienced leader in the cybersecurity workforce, WiCyS provides tangible benefits and a supportive community of all genders. Our affiliate provides an online community for mentorship, networking, and collaboration as well as local meetups, community awareness programs, and support for other organizations with a common mission to bridge the Cybersecurity workforce gap while addressing diversity and inclusion of women and minorities.

  • XM Cyber
    Booth: 325

    XM Cyber is a leading Continuous Exposure Management company that transforms the way organizations approach cyber risk, enabling security teams to prevent more attacks with 75% less remediation effort. Its XM Attack Graph Analysis™ capability discovers CVEs, misconfigurations, and identity issues across on-premise and all major cloud environments. It analyzes how attackers can chain exposures together to reach critical assets, identifies key “choke points”, and provides remediation guidance. Founded by top executives from the Israeli cyber intelligence community, XM Cyber has offices in North America, Europe, Asia, and Israel.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Kip Boyle, Instructor
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Henryk Ciejek
    VP, Information Security, PayScale, Inc.

    Henryk has actively been part of the technology space for over 25 years. He has worked at various companies ranging from start-ups to established global Fortune organizations. Throughout his career, he's worn many hats and titles, focusing on his passion for cybersecurity, business goals, and program building. Having been the first security leader in many of his roles, Henryk understands the challenges of urgent bootstrapping. He has created an approach and track record based on collaboration, risk management, and perspective. In his current role, Henryk oversees the security program for multiple platforms that help support the compensation analysis and planning needs for over 10,000 companies.

  • speaker photo
    Krista Arndt
    Associate CISO, St. Luke's University Health Network

    Krista Arndt is the Associate CISO at SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day to day operational effectiveness. Krista has been working in information security in various capacities for more than 15 years. In her previous roles, Krista assisted with developing and leading security programs in national healthcare, crypto, finance, and the Department of Defense. She currently holds her CISM and CRISC certifications and NHRA competition driver's license.

    Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council, and is Marketing Committee Chair for Women in CyberSecurity (WiCyS) Delaware Valley Affiliate. Through this service, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.

    When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.

  • speaker photo
    Brian McGowan, CISM
    VP, Global Security & Privacy, SharkNinja

    Brian currently leads the cybersecurity and privacy program as Vice President, Global Security & Privacy at SharkNinja, a relentless innovator and global leader in the housewares industry. Previously, he served as head of IT security & compliance at Hasbro, where for seven years he led the maturity of a global cybersecurity program designed to meet everchanging cyber risk of a company that evolved from a toy manufacturer to a global entertainment company serving the film, unscripted TV, and online gaming industries. Prior to Hasbro, he served as Director of IT Compliance for Upromise, the Boston-based pioneer of loyalty and 529 college savings programs, where he led development of the company's PCI and SOX compliance programs.

    Brian established himself as a leader in cybersecurity, privacy, and compliance program development. His career path differs from many IT professionals; he started his professional career in technology sales with Cabletron Systems in the mid-90s where he was first exposed to information technology and shifted to a career in IT operations in 2001. He was drawn to the structure of process and controls, which led to a role in IT security & compliance in 2005.

    Brian has a passion for developing teams with a focus on individual team member success and career growth. He attributes relationship and team-building skills developed early in his career as a sales professional as keys to his program development and leadership success.

    Education:
    BS, Management Science, Bridgewater State University
    Executive Leadership Professional Coach Program, AIIR Professional Consulting
    Executive Leadership Certificate, Business Engagement & the Information Security Professional, Tuck School of Business
    Executive Leadership Certificate, Harvard Leadership Management Program

  • speaker photo
    Roy Wattanasin
    Research Security Officer, Massachusetts Institute of Technology

    Roy Wattanasin is an information security professional. He is an avid speaker providing thought leadership at many conferences and webinars. Roy enjoys incident response and building security programs. He is involved with many computer security groups including the Boston Application Security Conference (BASC), OWASP Boston and other local associations. Roy is a member of multiple advisory groups, including SecureWorld Boston. He was previously an adjunct instructor at Brandeis University as part of the Health and Medical Informatics program. He is the co-founder of the decade-old program.

  • speaker photo
    Chris Usserman
    Chief Technologist, Infoblox

    Chris Usserman is the Chief Technologist with Infoblox Federal. Chris has over 33 years’ experience in the U.S. Intelligence Community helping clients understand and incorporate cyber business intelligence to improve cyber security programs. With a focus on the U.S. Government and public sector, Chris brings a public/private perspective to enhance the security posture of multiple sectors and communities of interest. Chris regularly speaks at domestic and international conferences on building more effective and mature cyber security programs. Prior to Infoblox, Chris served in several leadership roles, including Senior Director, Applied Intelligence and Director, Government Programs at iSIGHT Partners (now Mandiant Threat Intelligence). Chris was also a Lead Research Scientist (Cyber Ops) at Lockheed Martin’s Advanced Technology Laboratories and served 14 years in the U.S. Air Force.

  • speaker photo
    Graham Brooks
    Lead Solutions Architect, Syxsense

    Graham is a Pre-Sales Manager at Syxsense and has been working in the IT and Security industries for the last seven years. Before working at Syxsense, he was an IT Analyst for a major DOE and DOD Security manufacturing company. He currently holds the RHCE and Security Plus certifications.

  • speaker photo
    Stanley Hammond
    Sr. Security Engineer, Cape Cod Healthcare

    Stanley Hammond has been in the IT field for the past 20 years and in the information security since 2006. He is currently a Senior Security Engineer in the healthcare field in Massachusetts. Throughout his career he has worked for non-profits, non-government organizations, higher education, and both public and private sector organizations. He is currently working in multiple areas including security awareness, incident response and proactive maintenance. He holds several industry recognized certifications including CISSP, CISM, CISA, HCISPP and CDPSE.

  • speaker photo
    Sean Donlon
    Sr. Special Agent, U.S. Secret Service – Burlington, VT

    A 22-year veteran of the United States Secret Service, Senior Special Agent Sean Donlon currently manages the Burlington office, overseeing investigations of cyber and financial crimes in the state of Vermont. Prior to his post in Vermont, Senior Special Agent Donlon served as an assistant attaché for the Secret Service in the United States embassy in Rome, Italy, where he was responsible for liaising with foreign law enforcement in over 60 countries, including those in Southern Europe, West Africa and the entirety of the Middle East. While there, he coordinated with the Polizia di Stato, Italy’s state police, in managing the European Cyber Fraud Task Force.

    SSA Donlon began his law enforcement career with the Secret Service in Los Angeles, where he received training as a network intrusion specialist, responding to computer-related incidents throughout Southern California and serving as the deputy squad leader for the Los Angeles Cyber Fraud Task Force. In the years that followed, SSA Donlon continued to pursue training in a variety of cyber crime-fighting specialties before becoming a certified instructor at the James J. Rowley Training Center, the Service’s training academy.

  • speaker photo
    Travis Kaylor
    Sr. Special Agent, Boston Field Office, U.S. Secret Service

    Senior Special Agent Travis Kaylor has spent the last 22 years in a variety of roles both domestic and abroad, focused on the dual mission of the United States Secret Service across both protection and investigations. He began his career as a Uniformed Division Officer assigned to the White House Branch and later as a Special Agent in the Washington Field Office. He was assigned to the New York Field Office where he led multi-agency fraud investigations, followed by an assignment to Former President William Clinton's protection detail. Currently, SSA Kaylor is assigned to the Boston Field Office and is a leader of the New England Cyber Fraud Task Force where he pursues complex, transnational cybercrime investigations involving foreign targets perpetrating cyber-attacks including ransomware, business email compromises, and network intrusions. During this tenure, SSA Kaylor represented the USSS as the Liaison Officer assigned to Europol's European Cybercrime Centre, Joint Cybercrime Action Task Force (J-CAT). In this role, he coordinated the most significant USSS-led cybercrime investigations within Europol, and worked collaboratively with more than 20 member countries on transnational cybercrime investigations.

    SSA Kaylor is certified in Digital Forensics Incident Response - Network Intrusion (DFIR-NI), which manages the incident response capabilities of the USSS to cyber incidents. DFIR-NI provides investigative resources, cyber training, and operational resources to identify, mitigate, deconflict and facilitate the remediation of network intrusions, unauthorized access, malicious hacking, and other cyber based incidents. This includes intrusions into the financial sector, attacks against commercial enterprises, and violations of federal law.

    SSA Kaylor is a graduate of Marist College in Poughkeepsie, New York and is pursuing a master’s degree at Boston College in their Cybersecurity Policy and Governance program.

  • speaker photo
    Peter LaRoche
    Network Intrusion Forensic Analyst, U.S. Secret Service – Manchester, NH

    Peter LaRoche has served as a Network Intrusion Forensic Analyst (NIFA) with the US Secret Service out of the Manchester Resident Office since September 25, 2023. As a NIFA, Mr. LaRoche is responsible for providing expert guidance to the Secret Service as well as federal, state, and local partners in network and digital forensics. This includes the investigation of cyber related crimes such as network intrusions, ransomware, business email compromises, cryptocurrency related scams, the imaging and processing digital media, and conducting computer forensics examinations in support of criminal investigations.

    NIFA LaRoche has over 20 years of law enforcement experience. He began as a Patrol Officer with the Nashua NH Police Department in 2003 and served as a member of the department’s Accident Reconstruction Unit, Unmanned Aerial Systems (UAS) Unit, and Computer Forensics Unit from which he retired as a Detective in 2023. In addition to his role as a Digital Forensics Examiner with the Nashua Police Department, he was also a Forensic Examiner for the NH Internet Crimes Against Children (ICAC) Task Force, Federally Deputized Task Force Officer with the United States Secret Service (USSS), and member of the New England Cyber Fraud Task Force (NECFTF). He is recognized as an expert in digital forensics in multiple legal jurisdictions in New Hampshire.

    NIFA LaRoche holds numerous certifications related to digital forensics and network intrusion investigations and has attended well over 1000 hours of training in the field. He is a graduate of Skidmore College in Saratoga Springs, New York.

  • speaker photo
    Scott Margolis, Moderator
    CISO, Massachusetts Bay Transportation Authority (MBTA)

    Senior Information Technology/Security Executive with over 25 years of experience at premier institutions successfully building services and client relationships, developing methodologies, and integrating cross-functional skills. Specializes in information security and risk management, compliance, knowledge management, strategy, business continuity, and operational efficiency. Reputation for leading new initiatives focused on transforming operations, establishing partner/industry relationships, increasing revenue, and reducing cost and risk exposure. Proactive leader with intense focus on customers and beneficial outcomes.

  • speaker photo
    Oren Koren
    Co-Founder & CPO, Veriti

    Oren Koren is the Co-Founder and Chief Product Officer of Veriti. Oren brings 19 years of experience in cybersecurity, advanced threat analysis, and product management,. Prior to founding Veriti, Oren was a Senior Product Manager at Check Point Software Technologies, where he led AI-based innovations and advanced data analytics projects redefining threat hunting and SIEM applications. Before Check Point, Oren served for 14 years at the prestigious 8200 unit and was responsible for different cybersecurity activities and research. Oren won the Israeli Security Award and 3 MOD awards for cutting-edge innovations in cyber security.

  • speaker photo
    Idan Gour
    Co-Founder & CTO, Astrix Security

    Idan Gour is the CTO and co-founder of Astrix Security, a leading enterprise solution securing app-to-app interconnectivity. Having served as a leader in the elite class of the Israeli Military Intelligence Unit 8200, his hands-on offensive and defensive cyber experience affords him a unique attacker point of view. Previously, Gour also led software development at Deep Instinct, a deep-learning AI cybersecurity company.

  • speaker photo
    Tim Gallo
    Head of Global Solutions Architects, Google Threat Intelligence

    Tim Gallo is the Head of Global Solutions Architects at Google, he specializes in Cyber Threat Intelligence and Risk everything from Intelligence Operations and Cyber Threat Profile development to risk based analytic approaches to Security Operations. He Joined Google Cloud through the acquisition of Mandiant by Google in 2022, he had spent 5 years at Mandiant prior to the acquisition in a variety of field facing roles covering the aforementioned topics. Before joining Mandiant, Tim leveraged his over 20 years’ experience in information security and intelligence operations to aid in the development and deployment of a number of solutions. Including building client and organizational expertise in Intelligence Led Security and Business Operations. This included the development and product management of some of the first cyber intelligence solutions ever brought to market. These solutions have included threat and vulnerability management tools, IOC prediction algorithms, intelligence services, and strategic intelligence consulting. Today he spends his days helping clients understand the importance of Intelligence as a guiding principle for building out effective security processes and operations and helping clients and vendors find ways to leverage technologies responsibly to build their cyber defense centers and security operations practices. Every once in a while he can be found out in the desert, sometimes on his Harley with a flamethrower, sometimes with just a flamethrower

  • speaker photo
    Dana Tannatt
    Sr. Sales Engineer, Thales

    Dana Tannatt graduated from Norwich University with a master’s degree in information security and assurance. He is also a member of the Upsilon Pi Epsilon honor society for Computing and Information Disciplines. He has been a Security and Privacy software specialist for more than 18 years. He has extensive experience with Identity Access Governance and Data Security. He is now at Thales as one of their premiere Data and Application Security Specialists.

  • speaker photo
    Ashley-Yvonne Howard
    Sr. Cloud Security Strategist, Panther

    Ashley-Yvonne Howard is an experienced cloud security strategist with a master's degree in Cybersecurity from the University of Denver, complementing her undergraduate degrees in German Language and Literature & Film Studies, which reflects her unique fusion of art and science. With a career marked by unwavering determination and adaptability, she has thrived in various technical roles at General Motors, LogRhythm, AttackIQ and Expel within the cybersecurity field, spanning red, blue, and purple team domains.

  • speaker photo
    Frederick Webster, CISM, Moderator
    Information Security Officer, Blue Cross & Blue Shield of Rhode Island

    Frederick Webster leads Blue Cross & Blue Shield of Rhode Island’s cybersecurity program as their Information Security Officer. He has over 15 years of experience in the IT and Information Security fields with a background in Security Operations, Business Continuity and Information Assurance. He has experience in Healthcare, Retail Pharmacy, Pharmacy Benefits Management, and MSSP industries. Frederick is a credentialed ISACA CISM with a BS. in Management of Information Systems and an MBA.

  • speaker photo
    Mark Ostrowski
    Head of Engineering, East US, Check Point Software Technologies

    Mark Ostrowski is the Head of Engineering for the East region of US at Check Point Software Technologies. Mark has over 25 years’ experience in IT security and has helped design and support some of the largest security environments in the country. As an evangelist and member of the Office of the CTO at Check Point Software, Mark provides thought leadership for the IT security industry, outlining the current threat landscape and helping organizations understand how they can proactively mitigate and manage risk in our world of digital transformation. Mark actively contributes to national and local media discussing cybersecurity and its effects in business and at home on media outlets such as the Today Show on NBC, Good Morning America on ABC, and the Wall Street Journal.

  • speaker photo
    Adam Meyers
    SVP, Counter Adversary Operations, CrowdStrike

    As CrowdStrike’s Senior Vice President of Counter Adversary Operations, Adam Meyers leads the Threat Intelligence line of business for the company. Meyers directs a geographically dispersed team of cyber threat experts tracking criminal, state-sponsored, and nationalist cyber adversary groups across the globe and producing actionable intelligence to protect customers. He oversees the development and deployment of AI, machine learning, reverse engineering, natural language processing, and other technologies to detect suspicious and malicious cyber behavior and stop increasingly sophisticated adversaries. Meyers’ work in combining human intelligence and intelligence derived from technology continues to transform cybersecurity.

    Meyers works closely with other departments within CrowdStrike to ensure the smooth and speedy integration of intelligence into CrowdStrike’s entire lineup of products and services. His team brings unprecedented insights into the activities of cyber threat actors, providing strategic and technical guidance to Fortune 100 businesses, major financial institutions, key government agencies, and other CrowdStrike customers. SC Magazine recently honored CrowdStrike’s record of achievement under Meyers with the 2019 Trust Award for Best Threat Intelligence Technology. Almost every week you will see Myers commenting on recent cyber threats and cyber attacks in leading broadcast, print, and online media.

    Adam earned a Bachelor of Arts degree from the George Washington University where he studied Political Science, and Computer Science.

  • speaker photo
    Dan Murphy, Moderator
    Chief Architect, Invicti

    Dan Murphy has 20+ years of experience in the cybersecurity space, specializing in web security, distributed systems, and software architecture. As a Chief Architect at Invicti, his focus is on ensuring that Invicti products across the entire organization work together to provide a scalable, performant, and secure dynamic analysis experience.

  • speaker photo
    Jon Fredrickson
    VP, CISO, Surgery Partners, Inc.

    Jon Fredrickson is Vice President & Chief Information Security Officer for Surgery Partners. Prior to Surgery Partners, Jon has held various leadership & CISO positions across healthcare in both the provider and payor markets. Jon has developed a pragmatic approach to implementing cyber security solutions and assisting his organizations in properly measuring and managing cyber risk. He graduated from the University of Rhode Island with a B. A. in Economics. Jon is a member of the Association for Executives in Healthcare Information Security, the Healthcare Sector Coordinating Council (HSCC) and is a Certified Information Security Manager.

  • speaker photo
    Brendan Campbell
    VP, Technology and Cybersecurity Audit & Advisory Services, Manulife
  • speaker photo
    Dmitriy Sokolovskiy
    Sr. Vice President, Information Security, Semrush

    Dmitriy is currently a Senior Vice President, Information Security at SEMrush. From 1999 to 2007 Dmitriy had first-hand experience with servers, networks and datacenters, and NOCs and SOCs as he worked and consulted for defense contractors, public and private financial and medical companies, and non-profits. Between 2007 and 2018, Dmitriy spent 11 years at CyberArk software, helping them go public as he was building and managing a cyber-security professional services team, personally participating in incident response and remediation for some of the largest breaches in US history, and then serving as a Cloud Security Architect for SaaS products utilizing CSA CCM and CIS CSC. In 2018, and until summer of 2023, Dmitriy helped Avid Technology, a pioneer and a leader in the movie and music industry since 1987, to establish its information security and product security functions.

    Dmitriy holds Boardroom Qualified Technical Expert (QTE) certification from the Digital Directors Network (DDN) and serves on Advisory Boards for multiple information security start-ups, such as Oort (acquired by Cisco), The Cybernest, Exium, SaaSLicense (acquired by IBM), and advises venture capital, and private equity firms. He is a member of the GIAC Advisory Board, holds the GISF, GCED and CISSP certifications, and served as a SANS Mentor for all three.

  • speaker photo
    Patrick Haley
    Principal Solutions Engineer, Lacework

    Pat is a Principal Solutions Engineer for Lacework and has been with the company for 3.5 years. He spent the previous ~10 years working for Boston based Cyber Security companies in similar roles and prior to that focused on implementation and consulting work for data automation workflows. Having been in security for the past 10 years and seeing the power of data and automation throughout his career, Pat is excited to be with Lacework and helping his customers solve the variety of complex problems that come with securing public cloud environments.

  • speaker photo
    Anna Belak
    Director, Office of Cybersecurity Strategy, Sysdig

    Anna has 10 years of experience researching and advising organizations on cloud adoption with a focus on security best practices. As a Gartner Analyst, Anna spent six years helping more than 500 enterprises with vulnerability management, security monitoring, and DevSecOps initiatives. Anna's research and talks have been used to transform organizations' IT strategies and her research agenda helped to shape markets. Anna is the Director of Thought Leadership at Sysdig, using her deep understanding of the security industry to help IT professionals succeed in their cloud-native journey.

    Anna holds a PhD in Materials Engineering from the University of Michigan, where she developed computational methods to study solar cells and rechargeable batteries.

  • speaker photo
    Debra Brown
    Vice President, Savvy

    Debra Brown brings over 25 years of experience in cybersecurity. Starting her career at Xerox and then honing her experience in high-growth startups like Ping Identity and Chainalysis, Debra excels in introducing innovative security technologies to the market. Her dedication extends beyond her professional sphere as she is also a passionate learner, book lover, and a devoted mother and wife in a loving, blended family.

  • speaker photo
    Charles Chu
    General Manager, IT and Developer Solutions, CyberArk
  • speaker photo
    Rob Solomon
    Senior Cloud Solutions Architect – Alliances, Crowdstrike

    Prior to his current role at CrowdStrike, Rob Solomon was a Senior Solutions Architect in the ISV segment at AWS, helping software companies migrate and modernize on AWS to accelerate their pace of innovation and operational efficiency. From past roles in SaaS operations and during his time at AWS, Rob experienced first-hand the challenges of implementing and managing cybersecurity in a fast-paced environment. As a Senior Cloud Solution Architect for the AWS alliance at CrowdStrike, Rob advocates for a comprehensive, results-oriented approach that helps customers focus on delivering business value instead of trying to untangle the complexities of hybrid cloud security. Rob enjoys spending time with family in coastal Maine, hiking and working on home improvement projects.

  • speaker photo
    Kevin Powers, J.D., Moderator
    Professor; Founder and Director, Master of Science in Cybersecurity Policy & Governance Program, Boston College

    Kevin is the founder and director of the Master of Science in Cybersecurity Policy and Governance Program at Boston College, and an Assistant Professor of the Practice at Boston College Law School and in Boston College’s Carroll School of Management’s Business Law and Society Department. Along with his teaching at Boston College, Kevin is a Cybersecurity Research Affiliate at the MIT Sloan School of Management, and he has taught courses at the U.S. Naval Academy, where he was also the Deputy General Counsel to the Superintendent.

    With over 20 years of combined cybersecurity, data privacy, business, law enforcement, military, national security, higher education, and teaching experience, he has worked as an analyst and an attorney for the U.S. Department of Justice, U.S. Navy, U.S. Department of Defense, law firms in Boston and Washington, D.C., and as the general counsel for an international software company based in Seattle, Washington. Kevin also is an expert witness and consultant with the Analysis Group and serves as a Director for the Board of Reading Cooperative Bank, a Trustee for the Board of Boston College High School, an Advisory Board Member for HYCU, Inc. and CyberSaint Security, and as a Member of the Boston College Law School Business Advisory Council. From 2016-2017, he was the Panel Lead for the Collegiate Working Group for the U.S. Department of Homeland Security's National Initiative for Cybersecurity Education (NICE). Kevin regularly provides expert commentary regarding cybersecurity and national security concerns for varying local, national, and international media outlets.

  • speaker photo
    Dr. Howard Goodman
    Sr. Technical Director, Skybox Security

    Howard Goodman, with a distinguished career spanning two decades, has emerged as a pivotal figure in cybersecurity, seamlessly integrating strategic planning with hands-on cybersecurity applications across numerous sectors. His significant contributions to organizations like Skybox Security highlight his prowess in navigating through the intricate realms of cybersecurity. A U.S. Navy veteran and holder of a Ph.D. in Cyber Operations, specializing in meticulously formulating and implementing security strategies.

    Throughout his journey, he has consistently demonstrated a steadfast ability to deliver tangible results, adeptly crafting strategies while precisely evaluating the risks, issues, and benefits of long-term initiatives. His unique talent lies in skillfully communicating complex technical concepts to both senior executives and non-technical stakeholders, ensuring a thorough understanding of the projects and strategies under his leadership. Dr. Goodman's trajectory in the field reveals a leader who not only navigates through the complexities of the digital and cybersecurity domain but also stands as a reliable guide, ensuring strategic and secure operations in all his endeavors.

  • speaker photo
    Josephine Wolff
    Associate Professor, Computer Science; Engineering Director, The Fletcher School at Tufts University

    Josephine Wolff is an associate professor of cybersecurity policy at The Fletcher School at Tufts University. Her research interests include liability for cybersecurity incidents, international Internet governance, cyber-insurance, cybersecurity workforce development, and the economics of information security. Her first book "You'll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches" was published by MIT Press in 2018 and her second book "Cyberinsurance Policy: Rethinking Risk in an Age of Ransomware, Computer Fraud, Data Breaches, and Cyberattacks" came out from MIT Press in 2022. Her writing on cybersecurity has also appeared in Slate, the New York Times, the Wall Street Journal, the Financial Times, The Washington Post, The Atlantic, and Wired.

  • speaker photo
    Myriah V. Jaworski, Esq., CIPP/US, CIPP/E
    Member, Data Privacy & Cybersecurity, Clark Hill Law

    Myriah Jaworski is a Member, Data Privacy and Cybersecurity, at Clark Hill Law. She represents clients in data breach actions, technology disputes, and in the defense of consumer class actions and related regulatory investigations stemming from alleged privacy torts and violations of the TCPA, BIPA, IRPA, and other state and federal privacy laws. Myriah also works with clients to devise and implement privacy and security compliance programs and to evaluate and implement new technologies, including enterprise-wide AI and machine learning tools. She is also been recognized as a Super Lawyer® for her Civil Litigation practice in 2018, 2019, 2020, and 2021.

  • speaker photo
    Rob Barberi
    Director, Chief Client Officer, FINEX NA Cyber Security & Professional Risk, WTW
  • speaker photo
    Dan Hopkins
    VP of Engineering, StackHawk

    Dan Hopkins, VP of Engineering at StackHawk, has been a software engineer for 20 years, working at high-growth startups such as VictorOps and LivingSocial and large high-tech companies such as Splunk. For the last ten years, he has focused on building tools for progressive engineering teams adopting DevOps and DevSecOps practices.

  • speaker photo
    Dave Gold
    Field CTO, Americas, SentinelOne

    Dave has more than 15 years experience in enterprise information security and brings a strong track record of innovation and customer focus to SentinelOne. Prior to SentinelOne, he was the VP of Product and VP of Solutions Architecture at ProtectWise and helped launch and build the company from stealth to a successful exit to Verizon. Dave helped define the network detection and response market and has helped many organizations develop detection and response strategies and to embrace cloud delivered technologies. He has also led Firewall Product Management at McAfee and has held various roles in sales engineering, product management and support at Websense, Intel, McAfee and Secure Computing.

  • speaker photo
    Sean Goodwin, Guest Speaker
    Senior Manager, Wolf & Company, P.C.

    Sean is a Senior Manager in Wolf’s DenSecure group. His role entails developing security reviews and managing projects, including security reviews, penetration tests, social engineering, and threat emulation. Sean has over ten years of experience in consulting and has worked extensively in the financial, healthcare, education, and software sectors.

    Sean is also Wolf’s Lead QSA responsible for carrying out PCI DSS audits and mentoring Associate QSAs.

  • speaker photo
    John Newsome
    Solutions Engineer, Claroty

    John is a 30-year industry veteran in IT and cybersecurity and has worked for some of the most recognizable brands in cybersecurity such as Palo Alto Networks, Cisco Systems, Blue Coat (now Symantec), and Websense (now Forcepoint). John has been a guest speaker and panelist at numerous industry events and tradeshows and has served as a subject matter expert in advanced threat detection and remediation techniques.

  • speaker photo
    Jake Thomas
    Engineering Manager, Okta

    Jake currently manages the Data Foundations team at Okta after transitioning from Principal Engineer on Okta's Defensive Cyber Operations team. He previously led data platform teams at Shopify and CarGurus, has taught various O'Reilly courses, and regularly contributes to data-oriented OSS projects.

  • speaker photo
    Amit Zimerman
    Co-Founder & CPO, Oasis Security

    Amit Zimerman, Co-Founder and Chief Product Officer at Oasis, is a seasoned leader with a diverse technical and product background. Before co-founding Oasis, he played pivotal roles at CyberMDX, and Microsoft, bringing a wealth of product and security expertise. Amit also had significant contributions during his seven-year tenure in Israeli Military Intelligence forces as a leader of some of the high profile cyber projects at the time.

  • speaker photo
    Rafal Los
    Head of Services Strategy & GTM, ExtraHop
  • speaker photo
    Peter Thornton
    Sr. Security Consultant, AccessIT Group
  • speaker photo
    Kip Boyle, Moderator
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Happy Hour
  • speaker photo
    Scott Margolis
    CISO, Massachusetts Bay Transportation Authority (MBTA)

    Senior Information Technology/Security Executive with over 25 years of experience at premier institutions successfully building services and client relationships, developing methodologies, and integrating cross-functional skills. Specializes in information security and risk management, compliance, knowledge management, strategy, business continuity, and operational efficiency. Reputation for leading new initiatives focused on transforming operations, establishing partner/industry relationships, increasing revenue, and reducing cost and risk exposure. Proactive leader with intense focus on customers and beneficial outcomes.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Kip Boyle, Instructor
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Kip Boyle, Instructor
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Esmond Kane, Moderator
    CISO, Steward Health Care

    Esmond Kane brings more than two decades of expertise as a distinguished leader in information security, safeguarding vital sectors. With a rich leadership background at prestigious institutions like Harvard University, Mass General Brigham, and Steward Health Care, he also serves on the advisory boards of multiple companies, providing valuable insights on cyber matters. Kane excels as a trusted consultant to top executives and founders, ensuring secure IT operations, regulatory compliance, and resilient design. His stellar track record is a testament to his recognized authority in the field.

  • speaker photo
    Chas Clawson, Guest Speaker
    Field CTO – Security Solutions, Sumo Logic
  • speaker photo
    Col. Cedric Leighton
    CNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC

    Cedric Leighton is a CNN Military Analyst and a retired United States Air Force Colonel. On CNN, he has provided incisive commentaries on the Israel-Hamas War, the War in Ukraine, the U.S. withdrawal from Afghanistan, and numerous other conflicts around the world. His analysis has been seen by millions of viewers around the world and provided much needed context to some of the most pressing national security issues of our time. As a U.S. Air Force officer, Colonel Leighton served at U.S. Special Operations Command, the Joint Staff, and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star. After serving 26 years as a U.S. Air Force Intelligence Officer, Col. Leighton founded a strategic risk consultancy and became the co-founder of CYFORIX, where he advises multinational businesses on developing better cyber strategies designed to reduce risk and unpredictability.

  • speaker photo
    VJ Viswanathan
    Founding Partner, CYFORIX (Former CISO & Sr. Executive at Keurig Dr Pepper, Comcast, HD Supply, and GE)

    VJ Viswanathan is a seasoned technology executive recognized and awarded for innovation, business capability transformation, and thoughtful mentorship. Most recently, VJ is the founding partner at CYFORIX, a global cybersecurity research, advisory, and strategic consulting firm delivering solutions to public and private sectors. He also serves as the CEO at TORQE, a specialized advisory firm focused on analytics, automation, and convergent technologies. VJ is the co-host of ELEVATEINTEL, a podcast series at the nexus of technology, social, and defense.

    With more than 25 years of pioneering enterprise technology, cybersecurity, privacy, and compliance & risk management experience, VJ has a detailed track record of designing, implementing, and leading highly successful programs, products, and services at multinational Fortune 100 brands spanning CPG, telecom, media, supply chain, healthcare, and finance segments. As a strategic thought leader, VJ has delivered the first of its kind "Supply Chain Security" & “Omni-channel Risk Management” frameworks. As a published author and featured keynote speaker at global industry events, he approaches disruptive digital paradigms with innovation, creativity, and active collaboration with his key industry peers, researchers, national & international law enforcement, and defense groups.

    VJ is an active mentor at various incubators and accelerators groups, serves as an advisory board member for growth stage companies. As a strategic adviser to VC & PE firms, he specializes in developing market analysis, competitive product road maps, and guides in opportunity mapping. As a board member and subject matter advisor to CEOs and corporate directors, VJ evaluates and audits enterprise technology and cybersecurity programs for veracity and operational effectiveness.

    VJ is passionate about animal rights and giving back to the technology and security industry. He has created a rescue and foster care group for large breed dogs. He is actively engaged with academic institutions and purpose-driven professional groups like Minorities in Cyber Security, where he serves as a board member and chair of mentorship programs to develop the next generation talent through coaching and facilitating scholarships for technology and cybersecurity education.

  • speaker photo
    Dmitriy Sokolovskiy, Moderator
    Sr. Vice President, Information Security, Semrush

    From 1999 to 2007, Dmitriy had first-hand experience with servers, networks and datacenters, and NOCs and SOCs as he worked and consulted for defense contractors, public and private financial and medical companies, and non-profits. Between 2007 and 2018, Dmitriy spent 11 years at CyberArk software, helping them go public as he was building and managing a cyber-security professional services team, personally participating in incident response and remediation for some of the largest breaches in US history, and then serving as a Cloud Security Architect for SaaS products utilizing CSA CCM and CIS CSC. Dmitriy holds Boardroom Qualified Technical Expert (QTE) certification from the Digital Directors Network (DDN) and serves on Advisory Boards for multiple information security start-ups, such as Oort, Exium, SaaSLicense (acquired by Apptio), and advises venture capital, and private equity firms. He is a SANS Mentor, a member of the GIAC Advisory Board and holds the GISF, GCED and CISSP certifications.

  • speaker photo
    Brian Cayer
    CISO, Keck Medicine of USC
  • speaker photo
    John Fanara
    Director, IT Security, Plymouth Rock Assurance

    John Fanara is the Director of IT Security at Plymouth Rock Assurance, a leading auto and home insurer in the Northeast. Before joining Plymouth Rock, John served as CISO at the Risk Management Foundation of the Harvard Medical Institutions (CRICO). John has been overseeing Security and IT Infrastructure teams for over 22 years and has a passion for maturing security programs. John is a Certified Information Systems Security Professional (CISSP).

  • speaker photo
    Dave Heaney
    CISO, Mass General Brigham
  • speaker photo
    Esmond Kane
    CISO, Steward Health Care

    Esmond Kane brings more than two decades of expertise as a distinguished leader in information security, safeguarding vital sectors. With a rich leadership background at prestigious institutions like Harvard University, Mass General Brigham, and Steward Health Care, he also serves on the advisory boards of multiple companies, providing valuable insights on cyber matters. Kane excels as a trusted consultant to top executives and founders, ensuring secure IT operations, regulatory compliance, and resilient design. His stellar track record is a testament to his recognized authority in the field.

  • speaker photo
    Justin Armstrong, Moderator
    Founder, Armstrong Risk Management LLC

    Justin Armstrong is a security, privacy, and regulatory compliance consultant with over 25 years of experience in the Healthcare Industry. He worked as a vCISO at FractionalCISO, managed security at Healthcare Cybersecurity startup Tausight, and led Product Security at MEDITECH, a top three Electronic Health Record vendor. He has engaged with Hospitals in nearly 100 ransomware incidents.

    Recently he founded Armstrong Risk Management to provide guidance on security, privacy, and regulatory compliance to companies large and small.

    He holds the CISSP and HCISPP certifications and obtained his Masters in Cybersecurity Leadership at Brandeis University.

  • speaker photo
    Fabio Martins
    BISO, Omnicom Group
  • speaker photo
    Kevin Sisney
    Solutions Architect, Seemplicity
  • speaker photo
    Chad Barr
    Director of Governance & Compliance, Risk Advisory Services, AccessIT Group

    Chad Barr is a seasoned leader in the field of information security, currently serving as the Director of Governance, Risk and Compliance (GRC) within the Risk Advisory Service practice at AccessIT Group (AITG). With a proven track record of success, Chad brings a wealth of experience to AccessIT Group.

    As a visionary leader in the realm of cybersecurity, Chad has honed his skills across multiple disciplines, including security engineering, project management, risk management, and compliance. His extensive background underscores his ability to guide organizations toward robust and resilient security postures.

  • speaker photo
    Jimmy Benoit
    VP, Cybersecurity & Program Management, PBS
  • speaker photo
    Ben Howard
    VP, IT & Cybersecurity, Inari Agriculture

    Ben originally asked ChatGPT to write his bio, but felt it was self-aggrandizing, pompous, and unbearably long. After many efforts to tell ChatGPT to tone it down a bit, he gave up and wrote it himself. Ben is a Cybersecurity and IT leader with over 25 years of experience. He specializes in rapidly maturing cybersecurity programs from scratch, aka getting bored with mature programs and starting over somewhere new. The result is a wide variety of experiences across industries in both public and private sectors. Ben has a passion for teaching that extends beyond standard security awareness training. In the "before times", Ben was a SCUBA instructor and taught Microsoft technical certifications. He is a board member of a local charity supporting elementary school aged children, of which he has three.

  • speaker photo
    William Kyrouz
    Information Security Director, Paul, Weiss, Rifkind, Wharton & Garrison LLP

    William (Bill) Kyrouz is Information Security Director at Paul Weiss, one of America’s most prestigious law firms. Bill has worked in the legal industry for about twenty years, with a four year stint in Higher Education Technology , and has served in dedicated Information Security roles for the last 12. Prior to Information Security he worked predominately in the realm of network management.

    Bill has worked to stimulate the sharing of threat intelligence and security best practices within and across industries. In 2018 he was awarded the inaugural Security Professional of the Year Award from the International Legal Technology Association.

  • speaker photo
    Diana Riley, Moderator
    VP, Sr. Manager - Cyber Oversight, Citizens Financial Group Inc.

    Diana knows what is required to develop and enhance an information security program. She specializes in gathering evidence, preparing for and conducting information security audits, and due diligence visits. Additionally, she is an expert in assisting small to mid-size companies in presenting their information security posture to potential business partners and clients, guiding them through the complex and sometimes daunting process of answering vendor security/posture questionnaires, developing a compliant information security program, and remaining compliant with ever-evolving client demands.
    Diana has a Bachelor of Arts degree in English Literature from the University of Massachusetts and a Master’s in Information Systems from Northeastern University. She currently sits on the board of directors for the Boston Chapter of InfraGard. She holds several information security (CISSP/ISSAP & C|CISO), data privacy (CIPM, CIPP/E, CIPT), and cyber security law (GLEG) professional certificates.

    Diana is originally from the island of Barbados in the West Indies. In her free time, she enjoys reading, star gazing, traveling, and, most of all, gardening.

  • speaker photo
    Bill Bowman
    Operating Partner | CISO, Welsh, Carson, Anderson & Stowe

    Bill Bowman has been the first CISO at five different organizations over the last 20 years. He has been in Educational Technology, Financial Technology, and B2B Growth companies. He was the founding President for the (ISC)2 Eastern Massachusetts organization 10 years ago. Bill lives in Framingham with his wife and five children.

    As CISO, Mr. Bowman is responsible for managing the global responsibilities associated with Information Security, Physical Security, Privacy, Disaster Recovery, Business Continuity, Incident Response, and Insurance. Mr. Bowman has successfully implemented PCI-DSS, SOC 1, SOC 2, ISO 27001, ISO 27701, ISO 27017, and ISO 27018. Specialties: Executive Core Qualifications: Leading Change, Leading People, Results Driven (Metrics), Risk based decision making, Business/Industry Acumen, Building Coalitions. Management development, Talent development Technical Qualifications: Information Security, IT & business risk, IT governance & compliance (SOX 404), Regulatory compliance (GDPR), DR/BC, Mobility, Networking, Cloud security, Cloud privacy, Application vulnerability management, and other technical and non-technical related items.

  • speaker photo
    Katherine Chipdey
    Director, Solutions Engineering and Alliances, Automox

    Katherine Chipdey has spent her career in Cybersecurity, consulting on how to simplify our understanding of the threat landscape and building programs for thousands of customers around EDR, SOAR, and MDR. At Automox, she helped build out the Solutions Engineer Team, where she focused on automating IT operations, reducing risk, and bridging that gap between security and IT for prospects and customers alike. Katherine now manages the technical channel relationships, enabling other IT and Security experts on how to use Automox in order to help their customers meet business needs and critical security goals like never before. Katherine has most enjoyed the opportunity to use her background and experiences in the the field to meet security/ IT teams, and enable them to be as successful as possible with their initiatives. Where a relationship can be made, she will try, as those meaningful interactions and the growth, learning, and connection they bring are invaluable to her. Outside of work, she could spend forever talking about her travels, archery, and pups.

  • speaker photo
    Ian Forrest
    Global VP of Solutions Engineering, Hunters

    As the Global VP of Solutions Engineering at Hunters, Ian brings two decades of technology experience, specializing in application and database security, SOC operations, and SOAR. With a background in leading industry players, Ian’s contributions include several patents in the SOAR space, showcasing a sustained commitment to advancing cybersecurity solutions.

  • speaker photo
    Clinton Herget
    Field CTO, Snyk

    Clinton Herget is Field CTO at Snyk, the leader in Developer Security, where he focuses on crafting and evangelizing our strategic vision for the evolution of DevSecOps. A seasoned technologist, Clinton spent his 20-year career prior to Snyk as a web software developer, DevOps consultant, cloud solutions architect, and engineering director. Clinton is passionate about empowering software engineers to do their best work in the chaotic cloud-native world, and is a frequent conference speaker, developer advocate, and technical thought leader.

  • speaker photo
    Cátia Pereira
    Manager, North American Sales Engineering, Kiteworks

    Helping CISOs achieve complete visibility of the sensitive content across the enterprise network, and recognize and mitigate risk associated with that content.

  • speaker photo
    Aruna Sreeram
    Sr. Director, Product Management, Information Protection, Proofpoint

    Aruna leads the Enterprise DLP and Insider Threat Management solutions at Proofpoint and joined the company in 2019 through the acquisition of ObserveIT. She has 20+ years’ experience in leading cybersecurity product and strategy at several organizations including Leidos, RSA, and Axeda (PTC). She is currently working within her organization and with customers on using AI/ML for Proofpoint’s suite of Information Protection solutions.

  • speaker photo
    James Thompson, Moderator
    Director, Information Security, Hypertherm Associates

    James brings more than 20 years of experience in Information Technology including seven years in cybersecurity within the manufacturing vertical. He has a passion for team development and attributes his program’s success to relationship and team building skills developed earlier in his career. He started his career in higher education and has since shifted to private sector organizations and holds several industry certifications including CISSP, CISA, PMP and PCIP.

    A motivated builder and problem solver who loves working with others to create the solutions that drive innovation, optimization, and change.

  • speaker photo
    David Monnier
    Chief Evangelist, Team Cymru

    David has been with Team Cymru since 2007. Prior, he served in the U.S. Marine Corps as a Non-Commissioned Officer. He then worked at Indiana University where he helped to build some of the most powerful computational systems of their day. He transitioned to cybersecurity and helped launch the Research and Education Networking ISAC. At Team Cymru, he has been an engineering leader, a Community Services team member, and a security analyst. David led efforts to secure the firm's intelligence infrastructure and established processes the firm relies on today. Currently, David assists CSIRT teams worldwide and fosters data sharing partnerships.

  • speaker photo
    Steve Naphy
    CIO, Morgan, Lewis & Bockius LLP

    Steve Naphy serves as Morgan Lewis's Chief Information Officer. In his role, Steve concentrates on leveraging data analytics and process to drive efficiency and effectiveness in both business operations and the delivery of legal services. He has over 20 years of experience working in information technology (IT), including previously running information security at the firm for six years. Prior to joining Morgan Lewis, Steve held significant InfoSec roles in the retail and distribution industry. He holds an M.S. in information systems from Widener University and a B.S. from Drexel University.

  • speaker photo
    Krista Arndt, Moderator
    Associate CISO, St. Luke's University Health Network

    Krista Arndt is the Associate CISO at SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day to day operational effectiveness. Krista has been working in information security in various capacities for more than 15 years. In her previous roles, Krista assisted with developing and leading security programs in national healthcare, crypto, finance, and the Department of Defense. She currently holds her CISM and CRISC certifications and NHRA competition driver's license.

    Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council, and is Marketing Committee Chair for Women in CyberSecurity (WiCyS) Delaware Valley Affiliate. Through this service, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.

    When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.

  • speaker photo
    Scott Register, Moderator
    VP, Security Solutions, Keysight
  • speaker photo
    Monsurat Ottun
    Cybersecurity Advisor (CSA), Integrated Operations Division | Region 1, DHS CISA
  • speaker photo
    Sue Bergamo
    CIO & CISO, BTE Partners

    A global CIO & CISO, Sue brings broad technology and operational experience to help companies secure and grow through innovation, and optimization in cloud, on-prem environments and acquisition. She’s held strategic positions at Microsoft, ActiveCampaign, Precisely, Episerver, Aramark, and CVS Pharmacy. Sue is the author of "So, You Want to be a CISO?" and is a sought-after speaker, investor, executive advisor and a multiple industry award winner in cybersecurity.

  • speaker photo
    Julie Rizzo
    Partner, K&L Gates LLP

    Julie Rizzo is a partner in the firm's Capital Markets practice group. Julie has substantial experience representing companies in a variety of capital markets and corporate governance matters. She focuses her practice on advising clients on SEC reporting and disclosure issues, stock exchange compliance, and environmental, social and governance (ESG) matters. She also regularly assists clients on a variety of capital market transactions.

    Julie’s prior professional experience brings a unique perspective to clients. By spending over six years in an in-house role at a large, New York Stock Exchange listed technology company, Julie has an understanding of the inner workings of corporate legal departments and the need for in-house legal teams to be able to provide business-focused legal advice. Additionally, Julie has gained a deep understanding of the regulatory process after spending five years in the Division of Corporation Finance at the U.S. Securities and Exchange Commission, which allows her to advise clients on disclosure and compliance matters through a sharper, regulatory focused lens.

  • speaker photo
    Gregory Wilson
    CISO, Putnam Investments
  • speaker photo
    Mike Ste Marie, Moderator
    Security Program Manager, Office of the Secretary, Commonwealth of Massachusetts

    Mike has over 17 years of experience in the Information Security field, working in multiple industries around the Boston area. He has helped build and improve information security programs, deploy and manage awareness training to over 1,000 staff members, as well audit networks against the CIS Controls. He holds the CISSP certification, has a Masters in Information Assurance from Norwich University and has been a long time member of the Secureworld Boston Advisory Council.

  • speaker photo
    Jim Coyle
    Public Sector CTO, Lookout

    Jim Coyle is the U.S. public sector CTO at Lookout Security, utilizing his 20+ years of knowledge and expertise to help close the security gap many government agencies and organizations face today. A cybersecurity industry thought leader exploring geo-political cyber related issues, the latest threats and defense strategies, as well as industry trends providing insights through his career. Jim is currently responsible for leading the charge to redesign and revolutionize cybersecurity programs of customers to battle today's threats.

  • speaker photo
    Todd Knapp
    CEO, Envision Technology Advisors

    Todd has been providing IT services nationally for over 25 years and draws inspiration and insight from participation in a wide range of executive boards and industry associations. He has an extensive background in strategic planning and implementation of business technology solutions, and founded his firm Envision Technology Advisors. As a presenter, Todd speaks throughout the country on a variety of technology and business topics including: Modern Workplace, Digital Transformation, Cybersecurity, and Evolving Digital Culture to fit the Modern Workforce.

    In his free time, Todd works with several non-profits and is also an avid sailor, wood worker, and scuba diver.

  • speaker photo
    Tommy Perniciaro
    VP, Solution Architecture, Halcyon

    Tommy Perniciaro is a highly experienced cybersecurity professional with over 20 years of experience in protecting critical network assets and data against cyber threats. Tommy has extensive experience with security technologies, including DDoS mitigation, intrusion detection and prevention systems, firewalls, SIEMs, and vulnerability scanners. In addition to cybersecurity expertise, Tommy has a strong background in network infrastructure design, implementation, and management. Tommy has a deep understanding of complex network topologies, protocols, and technologies, including switches, routers, firewalls, load balancers, and VPNs.

  • speaker photo
    Brian Schwarzkopf
    Sr. Director, Systems Engineering – New England, Fortinet

    Brian Schwarzkopf is the Senior Director of Engineering for New England Enterprise at Fortinet. As an active leader in Fortinet’s wider engineering team, Brian and his team help organizations achieve their cybersecurity objectives with solutions for tooling, staffing and processes that enable greater security effectiveness. Whether in areas of automation and orchestration, evolving SOC teams in active threat hunting, and heightening overall visibility, Brian and the Fortinet team are oftentimes helping customers achieve a deeper convergence of networking and security, as organizations look to take advantage of next generation platform solutions from a leading and mature cybersecurity vendor.

  • speaker photo
    Chad Childers, Moderator
    Automotive Solutions Director, Sec eDGE

    Internationally recognized security thought leader. Expert on Threat Modeling, IoT Security, Threat Analysis and Risk Assessment (TARA), Cryptography, Application Security, and Agile Development Security.

    Chad is a voting member of SAE Vehicle Cybersecurity Committee TEVEES18A that shapes the future of automotive security and leading a TARA standardization sub-committee.

  • speaker photo
    Nick Duda
    Security Architect, HubSpot

    With over 25 years of experience in the cybersecurity industry, he has dedicated a decade to HubSpot, concentrating on safeguarding the corporate environment through the deployment of various cutting-edge security tools. Nick holds multiple vendor certifications, including Netskopes NSCO&A and NSCI&I. As a client of various security vendors, Nick swiftly becomes a subject matter expert in their tools. He takes the lead in organizing communities and webinars, and also holds positions on advisory boards.

  • speaker photo
    Michael Ferguson
    Director, Security Transformation, Netskope

    Michael Ferguson is the Global Director for Security Transformation at Netskope. He is a highly customer-focused security professional, having worked in the cyber security industry for over 15 years across the Asia Pacific Region. Michael has been CISSP certified for over 7 years, speaking at various industry events (e.g. Gartner, AusCert, and AISA) on Data Loss Prevention, Zero Trust and Cloud Security Initiatives. Michael has extensive web, data and cloud security experience, specializing in running DLP, Zero Trust and Insider Threat programs.

  • speaker photo
    Jared Lee
    Sr. Security Engineer, HubSpot

    With nearly 10 years at HubSpot, Jared leads automation initiatives within the Corporate Security team, elevating security measures to new levels. With extensive experience in the cybersecurity field, he is dedicated to building automated solutions to safeguard HubSpot's environment, driven by a passion for detection and incident response.

  • speaker photo
    Delgerbayar Lochin
    Fulbright Scholar, MSISPM Student, Carnegie Mellon University

    Delgerbayar Lochin is a Fulbright Scholar and 2nd-year master’s student in the Information Security Policy and Management program at Carnegie Mellon University. Preceding his degree pursuit at CMU, he accumulated 8 years of experience in both private and public sectors. During this time, he held key roles such as Team Leader at the Cybersecurity Center of the Mongolian Armed Forces and Information and Communications Technology Officer at the National Security Council of Mongolia. Notably, while serving in the Armed Forces, Delgerbayar was deployed to Afghanistan under the NATO-led Resolute Support mission as a National Liaison Officer for the Mongolian Contingent.

    In addition to his rich blend of education and experience, Delgerbayar is a Certified Information Systems Security Professional (CISSP).

  • speaker photo
    Mendsaikhan Amarjargal
    Fulbright Scholar, MSISPM Student, Carnegie Mellon University

    Mendsaikhan Amarjargal, a Fulbright Scholar and a GXPN certificate holder (1103), is pursuing his graduate studies in Information Security Policy and Management at Carnegie Mellon University. Before embarking on his academic journey, Amarjargal amassed nine years of industry experience, during which he worked from an Information Security Analyst to the Chief Information Security Officer in one of Mongolia’s largest private sector companies. His commitment to the field extended beyond his professional obligations, as he served a seven-year tenure as a volunteer and later a board member for the Mongolian Computer Emergency Response Team and Coordination Center, an NGO NPO, where he also worked as a co-host for organizing cybersecurity conferences and ethical hacking competitions.

  • speaker photo
    Dominic Keller
    First Vice President & Senior Consultant, Alliant Insurance

    Dominic Keller has global experience across the cybersecurity, law and risk management fields. Dominic has worked as an attorney in Australia and California, a cyber risk consultant, and a cyber insurance broker with domestic and international companies across many industries. He holds the CISSP certification and has studied Corporate Strategy at the Chicago Booth School of Business.

    Dominic has worked extensively with organizations in developing cyber risk management strategies incorporating cybersecurity, legal, insurance, and business goals. He has advised Boards, C-suites, and organizational leaders in implementing effective cyber risk governance approaches, and is a regular speaker at conferences and industry events.

  • speaker photo
    Lior Yaari
    CEO & Co-Founder, Grip Security

    Lior has vast experience in cybersecurity having worked as a practitioner, investor, and entrepreneur, providing him with a deep understanding of identifying key innovations and the business dynamics of building successful companies. Prior to Grip, Lior was CTO for YL Ventures and a member of the YL Ventures Insiders Network, and served as a training commander for the Israeli Intelligence Corps, Unit 8200.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Kip Boyle, Instructor
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes