googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, March 4, 2020
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    Advisory Council Breakfast: (VIP / INVITE ONLY)
    • session level icon
    Topic: Privacy, Common Sense and Other Myths
    Registration Level:
    • session level iconVIP / Exclusive
    7:30 am - 8:30 am
    Location / Room: 216AB

    This session is for our Advisory Council members only. Light breakfast, coffee and tea will be served.

    8:00 am
    [SecureWorld PLUS] Part 1 - Understanding and Using the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Board of Advisors, University of Detroit Mercy, Center for Cybersecurity and Intelligence Studies
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 215

    This course provides in depth awareness of the knowledge, skill, ability (KSA), and competency requirements, of the NIST NICE Cybersecurity Workforce Framework. The student will be given a broad, understanding of the architecture and intent of the NICE model, as well as the purpose and intent of each of the component knowledge, and specialty areas. Students will learn how to design and implement a practical cybersecurity infrastructure solution, that directly applies the job role recommendations, which are specified in the NICE Workforce Model, to the real-world cybersecurity policy guidance requirements of the NIST Cybersecurity Framework.

    Who should attend:
    Any type of C-Level (including CFO and COO)
    Strategic Planners
    Cybersecurity Architects
    Cybersecurity Analysts
    Human Resources Planners

    What will be the audience “take-away”?:
    The student will be able to produce a cybersecurity solution that is tailored to their specific organizational application, which is based on the two most commonly accepted models for cybersecurity best practice.

    8:00 am
    [SecureWorld PLUS] Part 1 - Deciphering Cloud Security Architecture
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    VP & Global CISO, Hanesbrands Inc.
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 206A

    The training course will include foundational cloud security materials such as cloud fundamentals, securing cloud infrastructure (IaaS, PaaS), practical steps to managing cloud security risks, and data security in the cloud sphere. In the first part we will cover introduction to cloud computing and relevant services. This is crucial for anyone aspiring to manage, architect or support cloud computing. The topics will include fundamentals of cloud computing, including definitions, architectures, and the role of data virtualization. The session will also include cloud computing service models, delivery models, and the fundamental characteristics of cloud and the shared the shared responsibilities model.

    In part two we will be covering steps necessary to be taken in order to achieve infrastructure security for cloud computing and security risks. This is will include how to secure the core infrastructure for cloud computing, cloud components, networks, management interfaces, administrator credentials and identity access management. Also, we will a cursory discussion on virtual networking and workload security, basics of containers and serverless infrastructure. We will conclude this section by introducing cloud risk management and considerations of managing security for cloud computing.

    Part three will begin by covering a continuation of risk management from part two. The topics will include risk assessment and governance, legal and compliance issues, and discovery requirements in the cloud. We will also cover a select list of CSA risk tools including the CAIQ, CCM, and STAR registry and how cloud impacts IT audits. This will include data security in the cloud, delving deep into data protection in the cloud, how data is stored and secured in the cloud.  Finally, we will go over how data security lifecycle is impacted by cloud, how to apply security controls in a cloud environment, data security issues with different delivery models, and managing encryption in and for the cloud.

    The key takeaway from this course is that it this course can be used as an introductory preparation for both ISC2-CCSP certification or CCSK examinations. Also, the body of knowledge covered in this course will enhance any practitioner’s preparedness to respond to cloud security related risks.

    8:30 am
    [Closing Keynote] Setting Common Language When Talking to Leadership About IT Risks
    • session level icon
    speaker photo
    VP, Information Security, Centene Corporation
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 219AB

    To be successful in presenting IT security to senior leadership, it’s important it is done in way that they can ingest, process, and understand; because ultimately, IT risk management decisions are business decisions, not technical decisions. And now much of this communication is happening via Zoom or Teams.

    This session will discuss approaches to present to individual business decision makers, understanding that each has his/her own goals, incentives, currency, and biases. We will discuss three simple concepts to be defined and agreed on by senior leadership to move forward: what does success look like?; what does failure look like?; how do we measure these? Please bring your questions on this topic!

    8:30 am
    Third-Party Risk: Creating and Managing a Program that Works!
    • session level icon
    speaker photo
    Managing Director, UHY Consulting
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 211AB

    Every organization is concerned with third-party risk. No one wants to be the next Target breach. This session will examine the components of third-party risk management and give you some leading practices on how to develop a workable and sustainable process.

     

    8:30 am
    The Hunt for Cybersecurity Talent: It's Time to Rethink Your Organization's Recruitment Strategy
    • session level icon
    speaker photo
    Co-Founder & Managing Partner, HuntSource
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 212AB
    Thousands of organizations across the globe are experiencing “hunt fatigue” when it comes to finding cyber talent. Most don’t even know where to start. In this session, Cybersecurity and Technology recruiting industry expert, Matt Donato, will discuss the various challenges organizations are facing when it comes to hiring top cyber talent and how you may need to rethink your recruitment strategy.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    [OPENING KEYNOTE] Living in a Resilient World
    • session level icon
    speaker photo
    Ponemon Institute Distinguished Fellow, Career CISO & Former CISO, Time Warner Cable; CEO & Founder, CyAlliance
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    With over 25 years in Security and Technology and a Career CISO, Tammy Moskites, CEO and Founder of CyAlliance has much to share about leadership, the journey and resilience. Tammy will share her journey from being an Administrative Assistant to owning her own company. She will share stories, discuss the gaps in recruiting techniques, and how to create high performing teams. She will highlight the importance, individually, of what you can be doing mentally, emotionally, and physically to help you focus where you want to be in your career. Resilience is not just being in charge – it is finding the road to where you want to be now and in the future. The Journey. How her passion around doing the right things right and for the right reasons coupled with a foundation of trust and integrity, will guide you to also find the road to Success. #DoWhatYouLove #LoveWhatYouDo
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: Prioritizing Risk in an Ever Changing Threatscape
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 216AB

    This session is for Advisory Council members only.

    11:15 am
    ISACA Chapter Meeting and Guest Presentation - Open to all Attendees
    • session level icon
    [Presentation] ToR of the WiLD SiD3 of the Internet-Dark Web, Deep Web and Dark Net
    speaker photo
    Sr. Director, Cyber Security, Acumatica, Inc.
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 219AB

    Interested in your local associations? Join ISACA for their monthly meeting,  and guest speaker.
    Presentation:
    We always hear about the “Dark Web” and how various services advertise the use of such a resource but what does that mean? Better yet, what does it look like. This will be a full LIVE presentation demonstrating where “various” type of activity i.e. personal identifiable information, transaction information and other related content reside.

     

     

     

    11:15 am
    [Attack]tive Directory: Compromising Domains via Active Directory Exploits in 2020
    • session level icon
    speaker photo
    Instructor, University of North Carolina at Charlotte
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 218AB

    As a red teamer and penetration tester, I’ve compromised several networks from small/medium businesses to enterprises in a very short time via Active Directory exploits that take advantage of default policy settings or common misconfigurations. Often times, businesses will focus on a vulnerability scan to gauge their vulnerability posture when in reality, 90% of engagements are done purely through exploiting Active Directory — something vulnerability scans miss.. This presentation highlights some of the most common and recent attacks I’ve conducted in an AD environment, from a technical overview to live demonstrations. In addition, mitigations for these attacks are given and can be accomplished without needing any paid tools. This talk is targeted to both red teamers and blue teamers

    Presentation Level: TECHNICAL (deeper dive including TTPs)

    11:15 am
    [Check Point] Protecting You from You Is the #1 Challenge in the Age of SDE (Software Defined Everything)
    • session level icon
    speaker photo
    Growth Technologies Evangelist, Check Point Software Technologies
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 212AB

    Using public clouds for enterprise datacenters is now mainstream; the advantages are significant and the gained agility undisputable. However, the number of services and options being offered is daunting. And, with these choices come consequences; one misconfiguration can put your entire organization at risk…or worse. Another reality you will face as you scale is the challenge of using a ‘one-size-fits-all’ interface. Imagine scrolling through lists of assets when the numbers are in the hundreds or even thousands. Just imagine trying to find a misconfigured or exposed S3 bucket when you have thousands; it’s finding a needle in a stack of needles.

    If you’re like most enterprises, you have a resource gap and don’t have the experienced, trained security professionals maintaining your cloud environment(s). This gap exacerbates risks. The cloud environments available today are extremely comprehensive and powerful, but in unskilled hands, one fat-finger can have dire consequences. And, as you implement ephemeral cloud-native services like Lambda functions and other cloud-native platform components, new challenges will arise when conducting threat-detection and attribution.

    In this session you’ll see your future and what to expect managing your public cloud-based datacenter. You’ll learn why Gartner says, “Through 2022, at least 95% of cloud security failures will be the customer’s fault.” We will highlight the top challenges you will face and show you what you should prepare for before you scale. We will also detail recommended best practices for securing and maintaining compliance in your public cloud data center.

    11:15 am
    [GuidePoint Security] SOCs Stink?
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 211AB

    The traditional SOC model employed by many organizations provides questionable efficacy at an ever increasing cost. In this talk, we will dive into all of the ways that today’s SOCs stink, and offer up some alternative strategies for dealing with alerting, triaging, hunting, and other SOC-related activities.

    12:15 pm
    LUNCH KEYNOTE: Executive Leadership Panel
    • session level icon
    Topic: Establishing and Evaluating Effective Cybersecurity Programs
    speaker photo
    SVP, Cyber Security Engineering, Truist
    speaker photo
    CISO, Premiere, Inc.
    speaker photo
    Director of Physical and Cyber Security, Red Ventures
    speaker photo
    Director, Infrastructure & Security, National Gypsum
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:15 pm
    Location / Room: Keynote Theater

    How to do it and how to test it involves strategic planning and leadership at the executive level.  The practical take-aways from this discussion will be immensely meaningful.
    Panelists:
    Stephen Head, Director, Experis Finance
    Frank Depaola, Head of Info Sec, Enpro Industries
    Larry Eighmy, CISO, The Halo Group
    Torry Crass, INMA Cybercamp Program Director, InfraGard
    Mike Hillhouse, CIO/CISO, Cadrillion Capital
    Andre Mintz, Executive Vice President, CISO and CPO, Red Ventures
    Thomas Tollerton, Senior Manager, IT Advisory, Dixon Hughes Goodman LLP

     

     

    1:30 pm
    Changing Cyber Landscapes: The Battle of Algorithms
    • session level icon
    speaker photo
    Cybersecurity Account Executive, Darktrace
    Registration Level:
    • session level iconOpen Sessions
    1:30 pm - 2:15 pm
    Location / Room: 218AB

    Among rapidly evolving technological advancements, the emergence of AI-enhanced malware is making cyberattacks exponentially more dangerous and harder to identify. In the near future, we will begin to see supercharged, AI-powered cyberattacks leveraged at scale. To protect against offensive AI attacks, organizations are turning to defensive cyber AI, which can identify and neutralize emerging malicious activity, no matter when, or where, it strikes.

    In this session, learn about:
    • Paradigm shifts in the cyber landscape
    • Advancements in offensive AI attack techniques
    • The Immune System Approach to cyber security and defensive
    • Autonomous Response capabilities
    • Real-world examples of emerging threats that were stopped with Cyber AI

    Presentation level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    1:30 pm
    [Panel] Emerging Threats – Hackers and Exploits and Phishing Attacks! Oh My!
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:30 pm - 2:15 pm
    Location / Room: 219AB

    We all have heard email is the #1 attack vector. Based on the numbers we are seeing; it is pretty indisputable. But what about the other stuff? Zero Day exploits still make headlines. New ransomware attacks every week. IoT devices are easily hacked. BEC/CEO fraud attacks are at an all time high. Will AI be a tool for the hackers? Join our panelists as they share knowledge on the current threatscape and make some predictions on what is coming soon to a network near you.
    Panelists:
    Miles Martin, ReliaQuest
    Franco Negri, Securonix
    Jason Rader, Insight
    Juan Marin, Instsights
    Moderator: Nicholas Rose

    1:30 pm
    [Panel] The Current Threatscape - A Top 5 List
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:30 pm - 2:15 pm
    Location / Room: Keynote Theater

    Scammers are getting inventive. They are doing their homework. They use social media and Open Source tools to find out details on their targets to make their schemes more believable and actionable. They are also savvy about update releases and creating zero-day threats. Some of them collaborate with one another. Some even pose as InfoSec professionals to gain trust. So, what are the top threats we really need to worry about? Our panel of experts will weigh in and give you a top five list of the current threatscape.
    Panelists:
    Justin Bourgeois, Mimecast
    Steve Gyurindak, Armis
    Matt Rose, Checkmarx
    Matt Fryer, Alert Logic
    Tom Utley, Arctic Wolf
    Moderator: Danielle Fritzler, Bank of America

    1:30 pm
    Birds of a Feather Discussion Groups
    • session level icon
    Topic: Cloud Security: Securing Your Organization’s Digital Transformation
    speaker photo
    VP, Information Security, Essent Guaranty, Inc.
    speaker photo
    Growth Technologies Evangelist, Check Point Software Technologies
    Registration Level:
    • session level iconOpen Sessions
    1:30 pm - 2:15 pm
    Location / Room: White Booth #105 Exhibitor Floor

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

    1:30 pm
    Birds of a Feather Discussion Groups
    • session level icon
    Topic: Responding to the Evolving Privacy Landscape
    speaker photo
    Director, Infrastructure & Security, National Gypsum
    Registration Level:
    • session level iconOpen Sessions
    1:30 pm - 2:15 pm
    Location / Room: Red Booth #130 Exhibitor Floor

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Cloud Security Alliance Meeting and Presentation - Open to all Attendees
    • session level icon
    Presenting: Securing Your (SD)-WAN Journey to Your Cloud
    speaker photo
    Regional Architect - Mid-Atlantic, Check Point Software Technologies
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 4:00 pm
    Location / Room: 219AB

    Interested in your local associations? Join Cloud Security Alliance (CSA) for a chapter meeting and guest presentation.
    Presentation:
    SD-WAN has evolved through three main stages to meet the business needs of its users. The rise of cloud, mobile, and business agility demands has required SD-WAN to become smarter by providing security, optimization, intelligence, and better reach.
    Presentation Level: TECHNICAL (deeper dive including TTPs)

    3:00 pm
    Penetration Testing The Cybersecurity Maturity Model (CMM)
    • session level icon
    speaker photo
    Sr. Director, Cyber Security, Acumatica, Inc.
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 211AB

    Many organizations have heard or used the Cybersecurity Maturity Model (CMM) to help improve their organization’s overall security posture.  In many cases the results provide a broad view that meet a predetermined requirement i.e. audit, assessment or gap analysis  This presentation considers the valuable output produced from that process and provides, through live demonstrations, a comprehensive look at what would happen if those vulnerabilities identified previously, are compromised at an operational security level.

    * Learning Objective #1:
    Operational Cybersecurty Exposure – A method by which to measure the maturity level of the organization’s operational security.

    * Learning Objective #2:
    Actions Matrix – Will provide an active template to identify actionable components of internal operations that map back to the technology security layers.

    * Learning Objective #3:
    High Level understanding of mapping Vulnerability assessment (NIST) vs Penetration testing output to CMM.

    Presentation Level: TECHNICAL (deeper dive including TTPs)

    3:00 pm
    Corporate Threat Actor Psychological Profiles: Towards a Formal Ontology for Automatic Detection of Psychological Risk Factors
    • session level icon
    speaker photo
    Cybersecurity Engineer, CISSP, MS, MCS, MA, U.S. Department of Health and Human Services
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 212AB

    Human psychology plays an important role in organizational performance. However, understanding our employees is a difficult task, due to issues such as psychological complexities, unpredictable dynamics, and the lack of data. Decision support systems with artificial intelligence can be a scalable solution, but such systems require a human-designed ontology for Symbolic AI reasoning. This talk aims to provide a list of corporate threat actor psychological profiles including those of insider hackers; emphasizing the similarities and differences between them, on which, future ontologies can be built for automatic detection of related psychological risk factors.
    Take-away:
    1. Definitions of Corporate Threat Actors
    2. Their profiles based on clinical psychology research
    3. How are they compared to each other
    4. A sample ontology for moving forward
    Presentation Level: TECHNICAL (deeper dive including TTPs)

     

    3:00 pm
    [SecureWorld PLUS] Part 2 - Understanding and Using the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Board of Advisors, University of Detroit Mercy, Center for Cybersecurity and Intelligence Studies
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 215

    This course provides in depth awareness of the knowledge, skill, ability (KSA), and competency requirements, of the NIST NICE Cybersecurity Workforce Framework. The student will be given a broad, understanding of the architecture and intent of the NICE model, as well as the purpose and intent of each of the component knowledge, and specialty areas. Students will learn how to design and implement a practical cybersecurity infrastructure solution, that directly applies the job role recommendations, which are specified in the NICE Workforce Model, to the real-world cybersecurity policy guidance requirements of the NIST Cybersecurity Framework.

    Who should attend:
    Any type of C-Level (including CFO and COO)
    Strategic Planners
    Cybersecurity Architects
    Cybersecurity Analysts
    Human Resources Planners

    What will be the audience “take-away”?:
    The student will be able to produce a cybersecurity solution that is tailored to their specific organizational application, which is based on the two most commonly accepted models for cybersecurity best practice.

    3:00 pm
    [SecureWorld PLUS] Part 2 - Deciphering Cloud Security Architecture
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    VP & Global CISO, Hanesbrands Inc.
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 206A

    The training course will include foundational cloud security materials such as cloud fundamentals, securing cloud infrastructure (IaaS, PaaS), practical steps to managing cloud security risks, and data security in the cloud sphere. In the first part we will cover introduction to cloud computing and relevant services. This is crucial for anyone aspiring to manage, architect or support cloud computing. The topics will include fundamentals of cloud computing, including definitions, architectures, and the role of data virtualization. The session will also include cloud computing service models, delivery models, and the fundamental characteristics of cloud and the shared the shared responsibilities model.

    In part two we will be covering steps necessary to be taken in order to achieve infrastructure security for cloud computing and security risks. This is will include how to secure the core infrastructure for cloud computing, cloud components, networks, management interfaces, administrator credentials and identity access management. Also, we will a cursory discussion on virtual networking and workload security, basics of containers and serverless infrastructure. We will conclude this section by introducing cloud risk management and considerations of managing security for cloud computing.

    Part three will begin by covering a continuation of risk management from part two. The topics will include risk assessment and governance, legal and compliance issues, and discovery requirements in the cloud. We will also cover a select list of CSA risk tools including the CAIQ, CCM, and STAR registry and how cloud impacts IT audits. This will include data security in the cloud, delving deep into data protection in the cloud, how data is stored and secured in the cloud.  Finally, we will go over how data security lifecycle is impacted by cloud, how to apply security controls in a cloud environment, data security issues with different delivery models, and managing encryption in and for the cloud.

    The key takeaway from this course is that it this course can be used as an introductory preparation for both ISC2-CCSP certification or CCSK examinations. Also, the body of knowledge covered in this course will enhance any practitioner’s preparedness to respond to cloud security related risks.

    4:00 pm
    GuidePoint Reception
    • session level icon
    Join your fellow security professionals for drinks and appetizers compliments of GuidePoint and Partners
    Registration Level:
    • session level iconOpen Sessions
    4:00 pm - 7:00 pm
    Location / Room: Merchant & Trade: 303 S Church St.

    Join your peers for complimentary hors d’oeuvres, drinks, and conversation following SecureWorld. This is a great opportunity to network with other security professionals from the Charlotte area, and to discuss the hot topics from the day.
    Compliments of GuidePoint Security and Partners.
    Merchant and Trade, 303 S Church St. Charlotte, NC 28202
    4:00 – 7:00 p.m.
    Register Here (space is limited) 

  • Thursday, March 5, 2020
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    [SecureWorld PLUS] Part 3 - Understanding and Using the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Board of Advisors, University of Detroit Mercy, Center for Cybersecurity and Intelligence Studies
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 215

    This course provides in depth awareness of the knowledge, skill, ability (KSA), and competency requirements, of the NIST NICE Cybersecurity Workforce Framework. The student will be given a broad, understanding of the architecture and intent of the NICE model, as well as the purpose and intent of each of the component knowledge, and specialty areas. Students will learn how to design and implement a practical cybersecurity infrastructure solution, that directly applies the job role recommendations, which are specified in the NICE Workforce Model, to the real-world cybersecurity policy guidance requirements of the NIST Cybersecurity Framework.

    Who should attend:
    Any type of C-Level (including CFO and COO)
    Strategic Planners
    Cybersecurity Architects
    Cybersecurity Analysts
    Human Resources Planners

    What will be the audience “take-away”?:
    The student will be able to produce a cybersecurity solution that is tailored to their specific organizational application, which is based on the two most commonly accepted models for cybersecurity best practice.

    8:00 am
    [SecureWorld PLUS] Part 3 - Deciphering Cloud Security Architecture
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    VP & Global CISO, Hanesbrands Inc.
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 206A

    The training course will include foundational cloud security materials such as cloud fundamentals, securing cloud infrastructure (IaaS, PaaS), practical steps to managing cloud security risks, and data security in the cloud sphere. In the first part we will cover introduction to cloud computing and relevant services. This is crucial for anyone aspiring to manage, architect or support cloud computing. The topics will include fundamentals of cloud computing, including definitions, architectures, and the role of data virtualization. The session will also include cloud computing service models, delivery models, and the fundamental characteristics of cloud and the shared the shared responsibilities model.

    In part two we will be covering steps necessary to be taken in order to achieve infrastructure security for cloud computing and security risks. This is will include how to secure the core infrastructure for cloud computing, cloud components, networks, management interfaces, administrator credentials and identity access management. Also, we will a cursory discussion on virtual networking and workload security, basics of containers and serverless infrastructure. We will conclude this section by introducing cloud risk management and considerations of managing security for cloud computing.

    Part three will begin by covering a continuation of risk management from part two. The topics will include risk assessment and governance, legal and compliance issues, and discovery requirements in the cloud. We will also cover a select list of CSA risk tools including the CAIQ, CCM, and STAR registry and how cloud impacts IT audits. This will include data security in the cloud, delving deep into data protection in the cloud, how data is stored and secured in the cloud.  Finally, we will go over how data security lifecycle is impacted by cloud, how to apply security controls in a cloud environment, data security issues with different delivery models, and managing encryption in and for the cloud.

    The key takeaway from this course is that it this course can be used as an introductory preparation for both ISC2-CCSP certification or CCSK examinations. Also, the body of knowledge covered in this course will enhance any practitioner’s preparedness to respond to cloud security related risks.

     

    8:30 am
    Building a Cybersecurity Program
    • session level icon
    speaker photo
    CISO, DuHart Consulting
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 211AB

    Smaller organizations and first time program leads often struggle with the building blocks of a solid Cybersecurity program. This presentation will help individuals and organizations understand what are the core building blocks and how to use those to build and effective program for your organization.  Attending this presentation will provide a better understanding of:

    • Why build a Cybersecurity program
    • Tailoring a program to your organization and it’s risks
    • Understanding of cyber frameworks and how to use them
    • Embedding culture into a program
    • Sustaining your program
    8:30 am
    Pandemic Planning: What Security Professionals Need to Know
    • session level icon
    speaker photo
    National Director – Cyber Risk Center of Expertise, Jefferson Wells
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 212AB

    Managing operational resilience in today’s digital environment is extremely challenging, whether your organization is public, private or governmental. But what happens when the threat is not a computer virus, but a biological one causing much of your workforce to call in sick, either because they are infected or because they are afraid to come in to work. In response to the potential for a widespread pandemic, many organizations have decided it’s time to create a plan for how essential business processes can be sustained and operated securely in the face of a pandemic. This approach to proactively dealing with the potential threat of a pandemic increases the organization’s awareness of the potential impacts and costs, and enables them to take actions that reduce the overall risk to the organization, minimize the impact of a pandemic on essential operations, and more predictably ensure the continuity of essential services such as information security.

    This session will provide a high-level overview of the impact of a pandemic and explore the following aspects of what is involved:

    • How past pandemics provide us with a baseline for understanding the potential impact on an organization
    • Which elements of business resiliency planning are most applicable to pandemic planning
    • Which elements of pandemic planning differ from traditional business resiliency planning
    • Estimating the impact of a pandemic on your supply chain and service providers
    • How to determine your organization’s readiness to continue essential operations during a pandemic
    • Practical ways to assess your current and future organizational exposure under different scenarios
    • Who are the major players (internal and external) that should be involved in pandemic planning
    • What are some practical steps to begin implementing pandemic planning in your organization

    Whether or not you have created and tested a formal pandemic plan through tabletop exercises or actual resiliency tests, this session will provide practical advice on what is involved in pandemic planning, how to incorporate it in your organization’s overall business resiliency efforts, and what pandemic planning can mean to improving your organization’s ability to continue to operate during such a crisis.

    8:30 am
    Connected Devices Need Connected Teams
    • session level icon
    speaker photo
    CISO, SPX Corporation
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 219AB

    IoT security is a growing concern as the number of connected devices increases. California, Oregon, and the EU now regulate the security of IoT devices. Leveraging compliance to create IT/Security partnership with Engineering, Application, and R&D teams is an opportunity to create successes for your business.

    Presentation level: MANAGERIAL (security and business leaders)

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    [OPENING KEYNOTE]: The Cyberlous Mrs. Maisel: A Comedic (and Slightly Terrifying) Introduction to Information Warfare
    • session level icon
    speaker photo
    Sr. Associate, Aerospace Security Project, and Adjunct Fellow, Strategic Technologies Program, Center for Strategic and International Studies
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Like a dear family relative who won’t stop talking at Thanksgiving dinner, a backdoor exploit also talks to anyone who’ll listen. Come listen to the Cyberlous Mrs. Maisel! She’ll offer a satirical reflection on how we engage with technology in the Information Age and explain the basic historical principles that animate Russia’s approach to information warfare. Topics covered include maskirovka (i.e., camouflage, concealment, and deception), reflexive control, and disinformation, among others. Although a strategic objective of information warfare is to induce complacency with falsehoods, this presentation’s unique style can help jolt the public’s consciousness awake through its originality and bite.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council LUNCH Roundtable — (VIP / Invite Only)
    • session level icon
    Topic: Prioritization of Top 20 Critical Security Controls
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 1:00 pm
    Location / Room: 216AB

    This session is for our Advisory Council members only.
    Lunch will be served.

    11:15 am
    [IntSights] CISO's Guide to Proactive Breach Mitigation Using Threat Intelligence
    • session level icon
    speaker photo
    Sales Engineer Manager, IntSights
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 219AB
    Juan Marin, Sales Engineer Manager at IntSights will take you on a tour of the dark web and explain how CISO’s can successfully implement a threat intelligence strategy to neutralize threats outside the wire and at the earliest stages of the cyber kill chain. Join this session to learn active measures to bolster your external cyber defense and response, including practical strategies to accelerate SecOps activities with dark web threat intelligence.
    Presentation Level: MANAGERIAL (security and business leaders)
    11:15 am
    The DoD’s Cybersecurity Maturity Model Certification (CMMC) Is Coming – Are You Ready?
    • session level icon
    speaker photo
    Sr. Member, Technical Staff, CERT Division, Software Engineering Institute - Carnegie Mellon University
    speaker photo
    Sr. Member, Technical Staff, CERT Division, Software Engineering Institute - Carnegie Mellon University
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 211AB
    To achieve better security across the US DIB supply chain, the DoD is developing the Cybersecurity Maturity Model Certification (CMMC). Companies will be required to acquire a CMMC Certification Level ranging from basic hygiene to “State-of-the-Art”. A required CMMC level will be contained in each contract and will be a “go/no-go decision”.
    The model architects will present:
    • The call to action for the development of CMMC
    • A look at included sources and standards
    • A detailed explanation of the maturity aspect of CMMC, both technical capability and process institutionalization
    • A look at current references available to DIB contractors on CMMCPresentation Level: MANAGERIAL (security and business leaders)
    11:15 am
    [DHG] How Prepared Is Your Organization for a Ransomware Attack?
    • session level icon
    speaker photo
    Sr. Cybersecurity Manager - IT Advisory, Dixon Hughes Goodman LLP
    speaker photo
    IT Advisory Manager, Dixon Hughes Goodman LLP
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 212AB

    While ransomware has become the new exploit of choice for adversaries, these attacks can usually be thwarted by default configurations most organizations do not have enabled. By coupling these changes with techniques employed by cybersecurity experts, we will review key approaches to implement and help protect your organization today.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

     

    11:15 am
    [Mimecast] The Cyber Resilience Imperative and the Role of Pervasive Email Security 3.0
    • session level icon
    speaker photo
    Sales Engineer, Mimecast
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 218AB
    Security breaches, data leaks, and email-based attacks are a real threat to your organization. How can you provide your organization with a defense in depth security strategy around email. Your organization can no longer just rely on protecting what’s yours or your partners’. You must be cognizant of everything that lives in the cybersphere. In this session, Justin will cover how your organization can secure your perimeter, inside your perimeter and beyond the perimeter.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    12:15 pm
    [LUNCH KEYNOTE] Panel — Securing Democracy: Defending Our Votes in an Era of Cyber Warfare
    • session level icon
    speaker photo
    Public Information Officer, N.C. State Board of Elections
    speaker photo
    Executive Director, N.C. State Board of Elections
    speaker photo
    Director, Mecklenburg County Board of Elections
    speaker photo
    CIO, N.C. State Board of Elections
    speaker photo
    Agency CISO, North Carolina State Board of Elections
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:15 pm
    Location / Room: Keynote Theater

    From pre-election testing of all voting equipment to extensive post-election audits of results and many security processes in between, these North Carolina elections officials will attempt to convince you that all voters should be confident in election results. Two days after the 2020 primary, it’s a panel discussion you won’t want to miss.

    1:15 pm
    [Panel] Incident Response – Clean up on Aisle 9. Bring a Mop!
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 219AB

    Just about every week we hear about some new breach, attack, scheme, etc. Sadly, it’s widely accepted in the business world that it is not a case of if but when your will be compromised. When do you get law enforcement involved? PR? The Board of Directors? General council? There is a lot of moving parts that need to be addressed after an incident so, you better have a plan in place AND the right people.  Our panel will help you wrap your head around a proper response plan as well as insights on conducting practice drills and maturing your IR plan.
    Panelists:
    Tom Tollerton, DHG
    Oscar Minks, FRSecure
    Grant Asplund, Check Point Security
    Mark Stanford, Netskope
    Allen O’Rourke, Robinsonbradshaw
    Moderator: Jeff Vincent

    1:15 pm
    Birds of a Feather Discussion Groups
    • session level icon
    Topic: Career Development: Becoming a CISO
    speaker photo
    BISO, Bank of America
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: White Booth #105 Exhibitor Floor
    1:15 pm
    Birds of a Feather Discussion Groups
    • session level icon
    Topic: Communicating to the Board
    speaker photo
    Director, Risk Science, FAIR Institute
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Red Booth #130 Exhibitor Floor

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Maturing a Cybersecurity Program
    • session level icon
    speaker photo
    CISO, DuHart Consulting
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 219AB

    Whether you are a small organization, single person on a cybersecurity team or inheriting a multinational cybersecurity program, this talk will provide context for you to mature your program.  This presentation will help you define your own program maturity level and how to better your program. Attending the presentation will provide a better understanding of:

    • Why and what is maturity in a cybersecurity program
    • How to build risk based maturity into running a program
    • Cybersecurity as a culture
    • Communicating maturity and KPIs to the board and senior leaders including examples
    3:00 pm
    Are You Ready for the Convergence of IIoT, OT, and IT Security?
    • session level icon
    speaker photo
    VP & Global CISO, Hanesbrands Inc.
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 212 AB

    Business transformation and drive for smart factory initiatives has placed demands on business leaders to leverage relevant technologies to achieve the desire end goal of operational excellence. The technologies such as industrial internet of things (IIoT) are being layered on top of manufacturing floor machinery to provide that needed insight into business operations and productivity. These improvement and perceived operational excellence have come with cyber security risks which were not a common place in manufacturing space previously. It for this reason that there is now a convergence between operation technology (OT), Industrial internet of things (IIoT) and IT. This intersection is becoming very evident in manufactural, supply chain and traditional production organization or companies.

    Most of these manufacturing machineries were never directly connected to the ethernet networks and as such the risk was very minimal. In some cases, these organizations had organized security based on perimeter controls such as data center firewalls, site firewalls, floor firewalls that provide segmentation or microsegment between corporate IT and manufacturing operation technology (OT space). However, if the individual devices that are connected on the OT side become compromised and the threat has access to that communication link, a hacker can push malicious data, cause denial of service (DoS), or introduce malware or viruses to the entire network — even if there is a secure communication link. There are many ways to run into problems on the OT/IoT front if companies are not careful in their network design security implementation. These increase the risk and a re-thinking of how to architect security appropriately to meet the ever-evolving threat landscape with relevant implications to OT/IIoT and larger enterprise network.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

Exhibitors
  • AccessIT Group
    Booth: 215

    AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.

    AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.

  • Alert Logic
    Booth: 115

    Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.

  • Arctic Wolf Networks
    Booth: 110

    Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOC™ service is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting, and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit  https://www.arcticwolf.com.

  • Armis, Inc
    Booth: 123

    Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust Armis’ unique out-of-band sensing technology to discover and analyze all managed and unmanaged devices, analyze endpoint behavior to identify risks and attacks, and protect information and systems.

  • Ballantyne IT Professionals
    Booth: 190

    A non-profit technology professional group formed in 2011 under the premise to provide a relaxing atmosphere for IT Professionals living and working in the Ballantyne area of Charlotte North Carolina to build relationships and share ideas. Our mission is to Connect IT, Build IT, Create IT and Give Back to IT & Our Community.

  • Bitglass
    Booth: 270

    Your company’s move to the cloud delivers flexibility and cost savings, but that doesn’t mean you should lose control of your data. Bitglass’ Cloud Access Security Broker (CASB) solution enables your enterprise to adopt cloud apps while ensuring data security and regulatory compliance. Bitglass secures your data in the cloud, at access, on any device.

    Bitglass was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.

  • BitSight
    Booth: 285

    BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog, or follow @BitSight on X.

  • Check Point Software Technologies
    Booth: 155

    Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • Checkmarx Inc.
    Booth: 185

    Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.

  • CloudPassage
    Booth: 150

    CloudPassage® Halo® is the world’s leading agile security platform that provides instant visibility and continuous protection for servers in any combination of data centers, private clouds and public clouds. Halo uses minimal system resources; so layered security can be deployed right at every workload – servers, instances and containers.

  • Cloud Security Alliance (CSA)
    Booth: 235

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • CyberArk Software
    Booth: 145

    CyberArk (NASDAQ: CYBR) is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including 50 percent of the Fortune 500, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.

  • Cybereason
    Booth: 280

    Cybereason was founded in 2012 by a team of ex-military cybersecurity experts with the mission of detecting and responding to complex cyber-attacks in real time. Cybereason is the only Endpoint Detection and Response platform deployed in user space that detects both known and unknown attacks and connects isolated indicators of compromise to form a complete, contextual attack story. Cybereason’s behavioral analytics engine continuously hunts for adversaries and reveals the timeline, root cause, adversarial activity, related communication and affected endpoints and users of every attack. Cybereason provides security teams with actionable data, enabling fast decision making and proper response.

  • Cylance
    Booth: 300

    Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.

  • Darktrace
    Booth: 100

    Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.

    The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.

  • deepwatch
    Booth: 289

    deepwatch’s cloud SecOps platform and relentless customer focus are redefining the managed security services industry. Designed to be different, deepwatch provides customers with world-class managed security services and unrivaled value by extending their cybersecurity teams, curating leading technologies into deepwatch’s cloud SecOps platform, and proactively driving their SecOps maturity.

  • DHG
    Booth: 205

    Headquartered in Charlotte, NC, DHG ranks among the top 20 public accounting firms in the nation. With more than 2,000 professionals in 13 states, we combine deep experience with a strong commitment to personal service. We are passionate about helping our clients succeed—and we do so through a resourceful approach to solving problems, providing solutions and helping our clients achieve their goals.

    Dedicated client focus and relationships have been and always will be our touchstone. Here at DHG, you’ll receive personalized service provided by a team of professionals who are eager to share their knowledge and experience with you. We draw on our extensive resources to combine comprehensive assurance, tax and advisory services.

  • Digital Shadows
    Booth: 305

    Digital Shadows monitors and manages an organization’s digital risk, providing relevant threat intelligence across the widest range of data sources within the open, deep, and dark web to protect their brand, and reputation.

  • EC-Council
    Booth: N/A

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • EITS
    Booth: 110

    EITS is a professional services firm focused on enabling sustainable information security for customers. Believing that security is not a one size fits all, EITS begins by taking the time to understand customers business needs and the trust / privacy required to keep them operating securely. EITS believes maximizing any security solution begins with understanding a customer’s environment and unique needs. EITS has the incredible brilliant people you will need to design, deploy, and support the security controls based on each customers fit.

  • Exabeam
    Booth: 170

    Exabeam is a global cybersecurity leader that adds intelligence to every IT and security stack. The leader in Next-gen SIEM and XDR, Exabeam is reinventing the way security teams use analytics and automation to solve Threat Detection, Investigation, and Response (TDIR), from common security threats to the most critical that are difficult to identify. Exabeam offers a comprehensive cloud-delivered solution that leverages machine learning and automation using a prescriptive, outcomes-based approach to TDIR. We design and build products to help security teams detect external threats, compromised users and malicious adversaries, minimize false positives and best protect their organizations.

  • ForeScout Technologies, Inc.
    Booth: 145

    ForeScout Technologies, Inc. has pioneered an agentless approach to network security to address the explosive growth of the Internet of Things (IoT), cloud computing and operational technologies (OT). We offer a highly scalable, heterogeneous platform that provides Global 2000 enterprises and government agencies with agentless visibility and control of today’s vast array of physical and virtual devices the instant they connect to the network. Our technology continuously assesses, remediates and monitors devices and works with disparate security tools to help accelerate incident response, break down silos, automate workflows and optimize existing investments. As of June 30, 2018, more than 2,900 customers in over 80 countries improve their network security and compliance posture with ForeScout solutions.

  • FRSecure
    Booth: 160

    FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution, and destruction. Information security is not a one-size-fits-all as others would lead you to believe. FRSecure works hard to assess your most significant vulnerabilities, put a plan together for managing those risks, and helps you execute that plan.

  • Gigamon
    Booth: 148

    Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com. 

  • Gradient Cyber
    Booth: 245

    We uniquely visualize an organization’s cybersecurity risks, reduce logs and alert noise to actionable insights and establish a cyber health roadmap for immediate value and long term improvements to its security posture.

  • GuidePoint Security LLC
    Booth: 289

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

  • Institute of Internal Auditors (IIA)
    Booth: N/A

    Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.

  • North Carolina InfraGard
    Booth: N/A

    North Carolina InfraGard membership is comprised of professionals from various size companies of all industries. We hold regular meetings to discuss issues, threats and other matters that impact their companies. Speakers from public and private agencies and the law enforcement communities are invited. It is our goal to improve and extend information sharing between private industry and the government. InfraGard members gain access to information that enables them to protect their assets and in turn give information to government that facilitates its responsibilities to prevent and address terrorism and other crimes. Attend a local chapter meeting, meet FBI officials from your area and help protect your nation’s infrastructure.

  • Insight
    Booth: 225

    Insight is a comprehensive solutions integrator that helps organizations transform technology, operations, and service delivery to meet challenges and future-proof the business. With a client-focused approach to delivery, we recommend the most appropriate solutions to drive digital transformation and modernization for innovation. As clients look for ways to optimize data for better business, empower speed and scale of service, and drive next-gen security, Insight delivers expertise that is grounded, unbiased, and refreshingly straightforward.

  • IntSights
    Booth: 250

    IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the open, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world.

  • ISACA Charlotte
    Booth: 180

    Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the region.

  • ISC2 Piedmont Triad Chapter
    Booth:

    We are the local ISC2 chapter here in central North Carolina. Our chapter meets bi-monthly and rotates between Greensboro and Winston-Salem meeting sites. We usually meet on the second Thursday of the odd months from 6-9 p.m. If you are a local Information Security Professional looking to join, please contact the membership chair at membership@isc2chapter114.org

  • Charlotte Metro ISSA
    Booth: 125

    The Charlotte ISSA chapter is committed to providing the Information Security professionals of Charlotte opportunities to grow both technically and professionally through training, meetings and summits.

  • Lake Norman IT Professionals
    Booth: N/A

    Our vision is to meet IT professionals within our Local IT community for learning, sharing, community outreach, leadership and professional growth. We are a 501c4 Non-Profit entity, and donate a significant portion of our sponsorship dollars to the E2D organization, who is helping to eliminating the digital divide!

  • Mimecast
    Booth: 240

    Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.

  • NCTECH Association
    Booth: 120

    Founded in 1993, the North Carolina Technology Association (NCTA) is a 501 (c) (6) not-for-profit association focused on advancing the state’s tech industry. NCTA has 700+ member companies, organizations and institutions representing more than 200,000 North Carolina based employees.

  • Netskope
    Booth: 215

    The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.

  • Niagra Networks
    Booth: 235

    Niagara Networks is the pioneer of the Open Visibility Platform (OVP) to bring desperately needed visibility enhancement along with greater agility to network security. The OVP, along with Niagara Networks Bypass, Packet Broker, and TAP solutions help organizations become proactive and more quickly respond to change within the network and adapt to the latest security technologies as well as greater overall visibility to network traffic. Visit us at www.niagaranetworks.com to learn more about how we can help better enhance your network, Thank you.

  • North Carolina Center For Cybersecurity
    Booth: 135

    Headquartered in Winston-Salem, the North Carolina Center for Cybersecurity, a 501(c)3 organization, accelerate regional economic development through applied cybersecurity to foster economic development. It will also position North Carolina as a leader in cybersecurity workforce development at the community level to help existing businesses meet the global demand for a more secure supply chain. Regional hubs across the state, operating under the umbrella of the North Carolina Center for Cybersecurity (NCCC), will concentrate on: Workforce development aimed at training students and retraining the local workforce to solve practical cybersecurity problems and help companies seeking a consistent supply of cybersecurity talent across multiple disciplines. Public, private, and academic collaboration focused on developing practical solutions to commercial cybersecurity problems that match each region’s economic strengths.

  • Okta
    Booth: 260

    Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.

  • Optiv
    Booth: 255

    Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.

  • Preempt Security
    Booth: 230

    Preempt delivers a modern approach to authentication and securing identity in the Enterprise. Using patented technology for Conditional Access, Preempt helps Enterprises optimize Identity hygiene and stop attackers and insider threats in real-time before they impact business. Preempt continuously detects and preempts threats based on identity, behavior and risk across all cloud and on-premises authentication & access platforms. This low friction and more prescriptive approach empowers security teams more visibility & control over accounts and privileged access, achieve compliance and auto-resolve incidents. Learn more:  www.preempt.com.

  • Proofpoint
    Booth: 140

    Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.

    Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.

  • Recorded Future
    Booth: 290

    Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.

  • RedSeal
    Booth: 295

    By focusing on cybersecurity fundamentals, RedSeal helps government agencies and Global 2000 companies measurably reduce their cyber risk. With RedSeal’s cyber terrain analytics platform and professional services, enterprises improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif.

  • ReliaQuest
    Booth: 210

    ReliaQuest, the force multiplier of security operations, increases visibility, reduces complexity, and manages risk with its cloud native security operations platform, GreyMatter. ReliaQuest’s GreyMatter is built on an open XDR architecture and delivered as a service anywhere in the world, anytime of the day, by bringing together telemetry from tools and applications across cloud, on-premises and hybrid cloud architectures. Hundreds of Fortune 1000 organizations trust ReliaQuest to operationalize security investments, ensuring teams focus on the right problems while closing visibility and capability gaps to proactively manage risk and accelerate initiatives for the business. ReliaQuest is a private company headquartered in Tampa, Fla., with multiple global locations. For more information, visit www.reliaquest.com.

  • Securonix
    Booth: 200

    Securonix is redefining threat detection and response for today’s hybrid cloud, data-driven enterprise. Securonix Next-Gen SIEM and XDR are powered by the most advanced analytics and built on a scalable, flexible cloud native architecture. Securonix leverages behavioral analytics technology that pioneered the UEBA category to reduce noise, prioritize high fidelity alerts, and enable fast and precise response to insider and cyber threats.

  • SentinelOne
    Booth: 310

    SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.

  • Siemplify
    Booth: 175

    The  Siemplify  team is comprised of cyber-security professionals, veterans of Israeli intelligence agencies. We bring rich experience in security analysis,  management  and operations and are backed by experts in data science and applied mathematics.

    WE BELIEVE In the modern world of cyber threat analysis, investigation and management should be more holistic, intuitive and simple. Technology and data science should serve cyber security experts by providing all the relevant information about the threat in real-time and focus them  in  rapid decision making.

  • SIM Charlotte
    Booth: 134

    The Chapter strives to strengthen professional communications among members who direct the application of information technology in private and pubic organizations. Chapter activities include:

    • Meeting to share innovative ideas and real world experiences which address enterprise information needs. We have excellent speakers both from our membership, and bring in industry executives and subject matter experts from many sources.
    • Providing presentations by leading national information-management professionals and executives who benefit from management-information systems.
    • Challenging our comfort levels by exchanging ideas with peers and business counterparts.
    • Being a resource for each other, and personal networking.
  • Snyk
    Booth: 275

    Snyk is a developer-first security company that helps organizations use open source and stay secure. Snyk is the only solution that seamlessly and proactively finds and fixes vulnerabilities and license violations in open source dependencies and container images. Founded in 2015, Snyk is based in London, England.

  • Spirion
    Booth: 265

    Spirion is a leading enterprise data management software solution that provides high-precision searches and automated classification of unstructured and structured data with unparalleled accuracy.  Spirion helps businesses reduce their sensitive data footprint and proactively minimize risks, costs and reputational damage of cyberattacks by discovering, classifying, monitoring and protecting sensitive data.

  • TechTarget
    Booth: N/A

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Triaxiom Security
    Booth: 220

    Triaxiom Security is an information security firm that specializes in penetration testing and strategic security consulting. Based out of Charlotte, NC, we’re a team of creative and collaborative individuals dedicated to providing top-of-the-line security services to our customers of all sizes and across all industries throughout the United States.

    Our goal is to build lasting relationships with our customers, helping them to bolster their organizational security posture. We aim to do that by providing critical information to your team for you to make data-driven decisions that can optimize your internal resources and help you navigate the current cybersecurity landscape.

  • Trustwave
    Booth: 165

    Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries.

  • WhiteSource
    Booth: 195

    WhiteSource is the pioneer of open source security and license compliance management. Founded in 2011, its vision is to empower businesses to develop better software by harnessing the power of open source. WhiteSource is used by more than 800 customers worldwide, from all verticals and sizes, including 23% of Fortune 100 companies, as well as industry leaders such as Microsoft, IBM, Comcast, and many more. For more information, please visit www.WhiteSourceSoftware.com.

  • Women in CyberSecurity (WiCyS)
    Booth: N/A

    Women in CyberSecurity (WiCyS) is the premier nonprofit organization with international reach dedicated to bringing together women in cybersecurity. Founded by Dr. Ambareen Siraj from Tennessee Tech University through a National Science Foundation grant in 2013, WiCyS offers opportunities and resources for its members and collaboration benefits for its sponsors and partners. The organization’s founding partners are Cisco, Facebook and Palo Alto Networks. WiCyS’ strategic partners include Amazon Web Services, Bloomberg, Cisco, Equifax, Facebook, Google, HERE Technologies, IBM, Lockheed Martin, Nike, Optum, Palo Alto Networks, PayPal, SANS Institute, Target, and University of California San Diego. To learn more about WiCyS, visit https://www.wicys.org.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Ken E. Sigler
    Board of Advisors, University of Detroit Mercy, Center for Cybersecurity and Intelligence Studies

    Ken Sigler has served as a full-time faculty member of the Computer Information Systems program at the Auburn Hills Michigan campus of Oakland Community College since 2001, while his primary research is in the area of cybersecurity education, policy, and management; software management; and software assurance. Ken serves as the Liaison for the college as one of three founding members of the Midwest Chapter for CISSE and is an active member of the University of Detroit Mercy Center for Cybersecurity and Intelligence Studies Board of Advisors.

    Ken is co-author of these books:
    • “Cybersecurity: Engineering a Secure Information Technology Organization"
    • “Securing an IT Organization through Governance, Risk Management, and Audit”
    • "Cyber Security: A Guide to the National Initiative for Cybersecurity Education (NICE) Framework (2.0)"
    • "The Complete Guide to Cyber Security Risks and Controls"
    • "Implementing Cybersecurity: A Guide to the National Institute of Standards and Technology Risk Management Framework"
    • “Supply Chain Risk Management – Applying Secure Acquisition Principles to Ensure a Trusted Technology Project"
    • "How to Build a Cyber-Resilient Organization"
    • "The Cybersecurity Body of Knowledge: The ACM/IEEE/AIS/IFIP Recommendations for a Complete Curriculum in Cybersecurity," due to be published in spring 2020.

  • speaker photo
    John Opala, PhD
    VP & Global CISO, Hanesbrands Inc.

    Cybersecurity thought leader with over 19 years of technical and leadership experience in multiple disciplines.

  • speaker photo
    Rick Doten
    VP, Information Security, Centene Corporation

    Rick is CISO of Carolina Complete Health, a state healthcare plan, for Centene Corporate. Rick has run ethical hacking, application security, incident response & forensics, and risk management teams throughout his 25 years in IT Security. Rick has been the first CISO for two companies. He has also consulted as a virtual CISO for many industries and companies around the world. Other notable roles over last 20 years have been as a Risk Management consultant at Gartner, Chief Scientist for Lockheed Martin’s Center for Cyber Security Innovation, and Managing Principal in the Professional Security Services practice at Verizon.

  • speaker photo
    David Barton
    Managing Director, UHY Consulting

    David Barton is a Managing Director with UHY Consulting and practice leader of the Technology, Risk, and Compliance practice, which provides cybersecurity consulting and compliance services focused around information technology. He has over 30 years of practical experience in information systems and technology risk and controls.
    David is frequently asked to speak at national and regional events, such as SecureWorld and the Cloud Security Alliance Congress. He is the primary author of the CSA position paper on AICPA Service Organization Control Reports. He regularly provides his input and opinions for national publications such as Compliance Week, Accounting Today, and the Atlanta Journal Constitution.
    David holds an MBA and BS in Business Administration from Appalachian State University. He is Certified in Risk and Information Systems Control (CRISC), received the Certified Information Systems Auditor (CISA) designation in 1988, and is a member of the Atlanta chapter of the Cloud Security Alliance. David has active civic memberships with the Atlanta chapter of the Porsche Club of America and the Tire Rack Street Survival® program for teen driver education. He is also a certified high-performance driving instructor and former Porsche Club racer.

  • speaker photo
    Matt Donato
    Co-Founder & Managing Partner, HuntSource

    Matt Donato is a Co-Founder & Managing Partner of HuntSource- the preeminent Executive Search and Talent Solutions firm with a niche focus in Cyber Security & Data Intelligence. Matt possesses fifteen years of experience in executive recruiting, talent solutions, workforce planning, and talent management. He is a thought leader and recruiting industry expert with in-depth knowledge of working with small to large size organizations across all industries. Over the years his experience has included leading a variety of strategic and tactical functions, organizational training, and talent mapping. Donato continues to help elevate companies by identifying key talent and fostering relationships within the Cybersecurity and Technology industry. Matt received his BS in Economics from Roanoke College and his Executive MBA from Wake Forest School of Business.

  • speaker photo
    Tammy Moskites
    Ponemon Institute Distinguished Fellow, Career CISO & Former CISO, Time Warner Cable; CEO & Founder, CyAlliance

    Tammy is the CEO and Founder of CyAlliance. She is a strategic advisor to companies, vendors and startups by leading, building and scaling security offerings while providing CISO as a Service and virtual CISO (vCISO) services for companies worldwide. With her 30 years of experience, she is noted by her peers to be a results-driven and passionate executive leader. She is a distinguished career CISO, and she has held many security and technology leadership roles which include; Accenture (Managing Director), Venafi (CIO/CISO), Time Warner Cable (CISO), The Home Depot (CISO) and Huntington Bank (ISO). She has dedicated her career to guide CISOs worldwide to help defend organizations from cyber threats and attacks. Amongst the many things she is involved in, she has CISM and ITIL certifications and is a Distinguished Fellow with the Ponemon Institute and volunteers her time with organizations including ISACA and ISSA. She hosts CISO Networking dinners globally to allow CISO’s to share, network and build local relationships. She is an advisor to YL Ventures where she assesses startups/early stage companies for investment in the security space. Her passion for security and her leadership expertise has been quoted, podcasted and written about in numerous articles, newspapers and magazines around the world, including London Financial Times, MIS Asia, CSO Australia, FORBES, Women’s Agenda Australia, and the cover of CSO Magazine. She holds multiple accolades which include the top fifteen 2018 Global Cyber Security thought leaders by IFSEC Global, 2013 Top 25 Global CISO’s Evanta, ISE North America’s People’s Choice 2011 and 2012, Australia's Woman of the Week, Finalist for CIO of the Year and Security Champion of the Year at the Women in IT Awards Silicon Valley 2018. She is an internationally recognized keynote/speaker, not only on security and governance, but also on career building, women in technology and leadership mentoring. She is a diversity champion. Tammy also dedicates her personal time as a professional independent leadership and career mentor. Tammy continually provides strategic guidance to other industry-leading security vendors where she is currently a company board advisor to Attivo Networks, Raxis, RiskIQ and Venafi – previously to Box and Qualys.

  • speaker photo
    Mike Muscatell
    Sr. Director, Cyber Security, Acumatica, Inc.

    Mike Muscatell is a seasoned IT veteran with more than 21 years in the Information Security field. He is a certified ethical hacker (CEH). Was honored as top 100 professionals in the Information Security field by Strathmore's for 2014. Member of a number of security organizations, including InfraGard and the U.S. Chamber of Commerce Cyber Committee.

  • speaker photo
    Ryan Hausknecht
    Instructor, University of North Carolina at Charlotte

    Ryan Hausknecht specializes in red teaming as a Security Consultant at SpecterOps and is an instructor for cybersecurity at UNC Charlotte. He is a former Forensic Consultant, Information Security Analyst, and Penetration Tester who has dealt with clients ranging from local government to enterprise-sized businesses. Ryan graduated Summa Cum Laude from Norwich University with a Bachelor's in Cyber Security and is a current SANS GPEN, SANS GWAPT, and OSCP holder.

  • speaker photo
    Grant Asplund
    Growth Technologies Evangelist, Check Point Software Technologies

    For more than 20 years, Grant Asplund has been sharing his insights on how businesses can best protect themselves from sophisticated cyber-attacks in an increasingly complex world. As Check Point’s chief evangelist, he travels the world enthralling audiences with his passionate and relational storytelling at conferences like RSA and Next100 CIOs and numerous media interviews. Grant’s wide range of cyber security experience informs his talks, having served in diverse roles ranging from sales, marketing, business development, and senior management for Dome 9, Blue Coat Systems, Neustar, and Altor Networks. As CEO of MetaInfo, he led its acquisition by Neustar. Grant is the host of the CISO Secrets podcast (cp.buzzsprout.com) and the Talking Cloud Podcast (www.talkingcloudpodcast.com) on Cloud security.

  • speaker photo
    Benjamin Agner, Moderator
    SVP, Cyber Security Engineering, Truist
  • speaker photo
    Ben Schwering
    CISO, Premiere, Inc.
  • speaker photo
    Joel Lowe
    Director of Physical and Cyber Security, Red Ventures

    Joel Lowe has more than 14 years of experience in remediating threats, vulnerability management, risk management, data privacy, and information security programs. These programs focus on overseeing private data protection, corporate governance, risk management strategy, Certification & Accreditation, Incident Response, forensics and executive leadership for fortune 300 companies. Mr. Lowe has a track record of being a strong collaborator, industry advisor, thought leader, and business partner. He is chartered to build a best in class security program to stay ahead of the regulatory and threat landscape. Mr. Lowe is the former Director of physical and cyber security at Red Ventures and former Director of Information security at Sonic Automotive. He also worked over 8 years with the United State Department of Energy (DOE) as a Cyber Security leader.

    Mr. Lowe holds a master’s degree in Information Systems with a concentration in Networking from North Carolina Central University and a bachelor’s degree from North Carolina Agricultural & Technical State University. He also possesses the Chief Information Security Officer Certification (C|CISO), and Payment Card Industry Professional (PCIP) certifications.

  • speaker photo
    Mike Brannon
    Director, Infrastructure & Security, National Gypsum

    Mike Brannon is an experienced IT professional and long-term employee at National Gypsum Company (NGC). His IT career began in 1977, and he joined NGC in 1985. Mike leads the teams that provide infrastructure and security: "We Keep National Gypsum Running."

  • speaker photo
    Melisa Ozcan
    Cybersecurity Account Executive, Darktrace

    Melisa Ozcan is a Cyber Security Account Executive at Darktrace, the world’s leading AI company for cyber defense. At Darktrace, Melisa works with leading organizations in a range of industries from private equity to media and entertainment to deploy and operationalize cutting edge technologies. During Melisa’s tenure at Darktrace, the company has grown to over 3000 customers and has been the recipient of numerous achievements, including Forbes Cloud and CNBC Disruptor 50. Melisa holds a bachelor’s degree from Penn State University and is based in Darktrace's Reston, VA office.

  • speaker photo
    James Keegan, Moderator
    VP, Information Security, Essent Guaranty, Inc.
  • speaker photo
    Grant Asplund
    Growth Technologies Evangelist, Check Point Software Technologies

    For more than 20 years, Grant Asplund has been sharing his insights on how businesses can best protect themselves from sophisticated cyber-attacks in an increasingly complex world. As Check Point’s chief evangelist, he travels the world enthralling audiences with his passionate and relational storytelling at conferences like RSA and Next100 CIOs and numerous media interviews. Grant’s wide range of cyber security experience informs his talks, having served in diverse roles ranging from sales, marketing, business development, and senior management for Dome 9, Blue Coat Systems, Neustar, and Altor Networks. As CEO of MetaInfo, he led its acquisition by Neustar. Grant is the host of the CISO Secrets podcast (cp.buzzsprout.com) and the Talking Cloud Podcast (www.talkingcloudpodcast.com) on Cloud security.

  • speaker photo
    Mike Brannon
    Director, Infrastructure & Security, National Gypsum

    Mike Brannon is an experienced IT professional and long-term employee at National Gypsum Company (NGC). His IT career began in 1977, and he joined NGC in 1985. Mike leads the teams that provide infrastructure and security: "We Keep National Gypsum Running."

  • speaker photo
    Michael Butterfield
    Regional Architect - Mid-Atlantic, Check Point Software Technologies

    Michael Butterfield is Security Architect at Check Point, where he supports 30+ engineering teams responsible for hundreds of customers across the Mid-Atlantic. He is primarily focused on helping enterprises design, consolidate, and integrate security controls into emerging technology platforms. Over an 18-year career in cybersecurity, Michael has designed, built, and maintained network security systems for organizations ranging from small business to large international enterprise, in both commercial and government sectors. Most recently, he has focused on helping customers secure their digital transformation to cloud systems.

  • speaker photo
    Mike Muscatell
    Sr. Director, Cyber Security, Acumatica, Inc.

    Mike Muscatell is a seasoned IT veteran with more than 21 years in the Information Security field. He is a certified ethical hacker (CEH). Was honored as top 100 professionals in the Information Security field by Strathmore's for 2014. Member of a number of security organizations, including InfraGard and the U.S. Chamber of Commerce Cyber Committee.

  • speaker photo
    Tam Nguyen
    Cybersecurity Engineer, CISSP, MS, MCS, MA, U.S. Department of Health and Human Services

    Tam Nguyen is an IEEE and ACM peer-reviewed cybersecurity researcher whose with recent publications on Software Defined Network's security (CSNet - Paris, France), and instructional design evaluation of CEH v10 Online Course (IC4E - Tokyo, JP). Tam's research interests include large-scale cyber threat modeling, cyber behavioral science, and applications of quantum computing in cybersecurity. Tam is a CISSP and is working for the Federal Reserve Bank at Cleveland.

  • speaker photo
    Ken E. Sigler
    Board of Advisors, University of Detroit Mercy, Center for Cybersecurity and Intelligence Studies

    Ken Sigler has served as a full-time faculty member of the Computer Information Systems program at the Auburn Hills Michigan campus of Oakland Community College since 2001, while his primary research is in the area of cybersecurity education, policy, and management; software management; and software assurance. Ken serves as the Liaison for the college as one of three founding members of the Midwest Chapter for CISSE and is an active member of the University of Detroit Mercy Center for Cybersecurity and Intelligence Studies Board of Advisors.

    Ken is co-author of these books:
    • “Cybersecurity: Engineering a Secure Information Technology Organization"
    • “Securing an IT Organization through Governance, Risk Management, and Audit”
    • "Cyber Security: A Guide to the National Initiative for Cybersecurity Education (NICE) Framework (2.0)"
    • "The Complete Guide to Cyber Security Risks and Controls"
    • "Implementing Cybersecurity: A Guide to the National Institute of Standards and Technology Risk Management Framework"
    • “Supply Chain Risk Management – Applying Secure Acquisition Principles to Ensure a Trusted Technology Project"
    • "How to Build a Cyber-Resilient Organization"
    • "The Cybersecurity Body of Knowledge: The ACM/IEEE/AIS/IFIP Recommendations for a Complete Curriculum in Cybersecurity," due to be published in spring 2020.

  • speaker photo
    John Opala, PhD
    VP & Global CISO, Hanesbrands Inc.

    Cybersecurity thought leader with over 19 years of technical and leadership experience in multiple disciplines.

  • speaker photo
    Happy Hour
  • speaker photo
    Ken E. Sigler
    Board of Advisors, University of Detroit Mercy, Center for Cybersecurity and Intelligence Studies

    Ken Sigler has served as a full-time faculty member of the Computer Information Systems program at the Auburn Hills Michigan campus of Oakland Community College since 2001, while his primary research is in the area of cybersecurity education, policy, and management; software management; and software assurance. Ken serves as the Liaison for the college as one of three founding members of the Midwest Chapter for CISSE and is an active member of the University of Detroit Mercy Center for Cybersecurity and Intelligence Studies Board of Advisors.

    Ken is co-author of these books:
    • “Cybersecurity: Engineering a Secure Information Technology Organization"
    • “Securing an IT Organization through Governance, Risk Management, and Audit”
    • "Cyber Security: A Guide to the National Initiative for Cybersecurity Education (NICE) Framework (2.0)"
    • "The Complete Guide to Cyber Security Risks and Controls"
    • "Implementing Cybersecurity: A Guide to the National Institute of Standards and Technology Risk Management Framework"
    • “Supply Chain Risk Management – Applying Secure Acquisition Principles to Ensure a Trusted Technology Project"
    • "How to Build a Cyber-Resilient Organization"
    • "The Cybersecurity Body of Knowledge: The ACM/IEEE/AIS/IFIP Recommendations for a Complete Curriculum in Cybersecurity," due to be published in spring 2020.

  • speaker photo
    John Opala, PhD
    VP & Global CISO, Hanesbrands Inc.

    Cybersecurity thought leader with over 19 years of technical and leadership experience in multiple disciplines.

  • speaker photo
    Andrew Dutton
    CISO, DuHart Consulting

    Strategic Global Cybersecurity leader that is accomplished in complex multinational organizations. Strong interpersonal skills and communicator. Extensive experience in cybersecurity, compliance, governance, architecture. Expert in deployment of enterprise standards, processes, and policies. Strong project management experience. Dedicated and well versed in analyzing and mitigating risk, deployment of cost-effective solutions based on business requirements, and technical architecture. Adept in changing culture and developing engaged/motivated teams as well as working individually with resources.

  • speaker photo
    Stephen Head
    National Director – Cyber Risk Center of Expertise, Jefferson Wells

    As the National Director for the Cyber Risk Center of Expertise at Jefferson Wells, Stephen has broad-based experience in cyber risk, regulatory compliance, IT governance and aligning controls with multiple standards and frameworks. He is the author of the internationally recognized Internal Auditing Manual and Practical IT Auditing, both published by Thomson Reuters. He served as International Chair of the ISACA Standards Board and as a Director on the ISACA international Board, was a Commissioner on the AICPA National Accreditation Commission, and served on the AICPA Information Technology Executive Committee at the National level. Stephen has spoken at numerous national and international events, including the IIA International Conference and the Association of Certified Fraud Examiners (ACFE) Annual Global Conference. He is a CPA, CISSP, CISM, CDPSE, QSA, PCIP, CMA, CFE, CISA, CGEIT, CRISC, CBCP, MCSE, CHP, CHSS, CITP, CGMA, CPCU, and holds an MBA from Wake Forest University.

  • speaker photo
    Lisa Tuttle
    CISO, SPX Corporation

    Lisa Tuttle has served as an executive leader of global organizations, managing technology teams with her engaging enthusiasm and unique combination of information security, privacy, legal, compliance, project management and business management expertise. As CISO of SPX Corporation, she provides technology vision and strategic leadership for the company's IT security, directory services, privacy/compliance, project/change management, and contracts/vendor management programs. She excels at partnering with IT and Business teams, mentoring Women in Technology and encouraging STEM education.

  • speaker photo
    J. Zhanna Malekos Smith
    Sr. Associate, Aerospace Security Project, and Adjunct Fellow, Strategic Technologies Program, Center for Strategic and International Studies

    J. Zhanna Malekos Smith, J.D., served as a captain in the U.S. Air Force Judge Advocate General’s Corps and is a delegate in Stanford University’s U.S.-Russia Forum. She received a B.A. from Wellesley College, an M.A. and A.K.C. from King’s College London, Department of War Studies, and J.D. from the University of California, Davis School of Law. Malekos Smith has held fellowships with the Madeleine K. Albright Institute for Global Affairs, the Belfer Center’s Cyber Security Project at the Harvard Kennedy School, and Duke University Law School as the Everett Cyber Scholar. She has presented at DEF CON, RSA, and ShmooCon, and published her research in The Hill, Defense One, and The National Interest, among others.

  • speaker photo
    Juan Marin
    Sales Engineer Manager, IntSights

    A cybersecurity professional and avid technologist advocate with 10 years of experience in effective cyber-security practices, advanced threat prevention, malware and incident response; Juan has worked with the likes of McAfee/Intel Security and Trend Micro in the past, fulfilling technical sales, advisory and customer success roles, and today forms part of the IntSights as manager of sales engineering for the Americas.

  • speaker photo
    Katie Stewart
    Sr. Member, Technical Staff, CERT Division, Software Engineering Institute - Carnegie Mellon University

    Katie Stewart is a senior member of the technical staff within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. She has more than 15 years of experience advising clients in engineering, information technology, and telecommunications industries. Katie’s current research interests include information security governance, risk management, and measurement and analysis. Katie holds a Bachelor of Science and a Master of Science in Computer Engineering from North Carolina State University and has completed executive education at the Wharton School of the University of Pennsylvania. Katie is a Certified Information Systems Security Professional (CISSP) and has served as an adjunct professor.

  • speaker photo
    Andrew Hoover
    Sr. Member, Technical Staff, CERT Division, Software Engineering Institute - Carnegie Mellon University

    Andrew Hoover is a Senior Engineer with the CERT Division of Carnegie Mellon University’s Software Engineering Institute. As a member of the Cybersecurity Assurance Team, he performs risk and resilience management work for a variety of organizations, mostly relating to critical infrastructure protection. Andrew has 16 years of experience in information technology field. Prior to joining the SEI, he worked as a technical auditor performing risk and vulnerability assessments for government and industry clients. In addition to the customer focused work Andrew teaches the public offering of the CERT Resilience Management Model (CERT-RMM) course.

  • speaker photo
    Douglas Jambor
    Sr. Cybersecurity Manager - IT Advisory, Dixon Hughes Goodman LLP

    Douglas has 13 years of penetration testing experience in the information technology field, focusing on information systems security and information security risk management. He is DHG’s cybersecurity subject leader and manager over all of the firm’s technical cybersecurity services, which includes internal, external, wireless and web application security assessments and testing end-user awareness levels via social engineering assessments. Douglas has performed penetration testing and IT audit engagements for clients located in every industry across the firm. Douglas is a Certified Information Systems Security Professional (CISSP), Certified Computer Examiner (CCE) and a member of the international Society of Forensic Computer Examiners.

  • speaker photo
    RJ Sudlow
    IT Advisory Manager, Dixon Hughes Goodman LLP
  • speaker photo
    Justin Bourgeois
    Sales Engineer, Mimecast

    Justin Bourgeois is a Solution Engineer at Mimecast. He has a background in implementation project management, IT consulting and has spent his off time programming as a hobby. Justin’s main responsibility is educating people about the ever-evolving threat landscape that not only threatens their infrastructure but also their partners and the global community at large.

  • speaker photo
    Patrick Gannon
    Public Information Officer, N.C. State Board of Elections

    Patrick Gannon is the public information director at the State Board of Elections. He has served in this role since since October 2016, just before the presidential election. His responsibilities include managing the State Board website, drafting press releases and social media content, responding to public records requests, and answering questions from the media, county boards of elections, and voters.

    Pat came to the State Board after a 17-year career in journalism, most recently as editor of The Insider State Government News Service and syndicated columnist covering state politics for the Capitol Press Association. Before that, he worked as a reporter and editor for the Wilmington, N.C., Star-News and a reporter for the Utica Observer-Dispatch in upstate New York. In 2004, he reported from Iraq while embedded with a N.C. National Guard unit. He is a 1999 graduate in communications and mass media from Kent State University in Ohio. He lives in Raleigh with his daughter.

  • speaker photo
    Karen Brinson Bell
    Executive Director, N.C. State Board of Elections

    Karen Brinson Bell has served as executive director of the North Carolina State Board of Elections since June 2019. She has worked in elections administration since 2006 in county, state, and national roles. As North Carolina’s chief elections official, she leads about 65 full-time employees at the state agency, which is charged with administering elections and campaign finance compliance, overseeing the 100 county boards of elections, and ensuring voting for more than 7 million voters.

    Karen was born and raised in Kenansville in Duplin County, N.C., where her father was mayor. In 1996, she graduated from the University of North Carolina at Asheville, with a double major in mass communication and political science.

  • speaker photo
    Michael Dickerson
    Director, Mecklenburg County Board of Elections

    Michael Dickerson is currently the Director of Elections for Mecklenburg County and has held this position since 1998.
    Prior to coming to Charlotte, Mr. Dickerson was with the Federal Election Commission as a Deputy Assistant Staff Director. Mr. Dickerson spent 14 years at the Federal Election Commission.

    Currently he is a member of the:

    • International Association of Government Officials

    • The Election Center

    • NC Directors of Elections Association

    • Member of the United States Election Assistance Commission Standards Board

    Originally from Greensboro, NC and moved to Washington DC after college.

  • speaker photo
    Brian Neesby
    CIO, N.C. State Board of Elections

    Brian Neesby is the CIO of the State Board of Elections. Prior to this role, he was the Chief Data Officer. Brian has served as a fact witness, been deposed several times, and executed declarations on behalf of the State Board concerning his knowledge of North Carolina’s Statewide Voter Registration Database. He investigated data discrepancies in Durham County for the March 2016 primary and decoded binary files on the county’s tabulation terminal to prove that a county employee had fraudulently manipulated election results. This work resulted in a grand jury indictment. Before working at the State Board, Brian functioned as the sole developer and chief data steward for Toyota’s nationwide Sarbanes-Oxley (SOX) Act database platform, which facilitated testing and legal compliance. Brian routinely analyzed large-scale inventory and user management datasets, investigated and resolved data gaps, and managed data interfaces for Toyota’s Global Audit Support System.

    Brian is currently getting his Masters in Data Science from UC Berkeley. He also has a Juris Doctorate from Loyola Law School in California, where he passed the Bar Exam.

  • speaker photo
    Torry Crass
    Agency CISO, North Carolina State Board of Elections

    Torry Crass currently serves as the Agency CISO at the North Carolina State Board of Elections and member of the CISO team at Woodstar Labs, a division of Associated Universities, Inc.

    Torry has more than 20 years of experience in the IT field and over 10 years of cybersecurity experience. Prior to joining Woodstar Labs, Torry was a CISO at LEO Cyber Security based in Fort Worth, TX, assisting a variety of clients with all aspects of planning, implementing, and improving cybersecurity programs in manufacturing, industrial, utility, and financial sectors. Prior to LEO Cyber Security, he spent 14 years with SPX Corporation and finished his time there as the Manager of Information Security.

    Torry also serves as the chair of the InfraGard National Cyber Camp Program, an advisory board member for the Cyber Crime Technology Program at SPCC, a co-chair of BSides Charlotte security conference, and a member of the South Carolina State Guard cyber unit regularly participating in cybersecurity related activities and exercises with the National Guard and other organizations. In addition to his organizational involvement, he regularly presents at industry conferences and contributes to industry publications such as InfoSec Magazine and PenTest Magazine.

  • speaker photo
    Rob Dalzell
    BISO, Bank of America

    Rob Dalzell is a cybersecurity professional with over 30 years of Information Technology and Cybersecurity experience. He has thrived in the following cybersecurity based arenas: BISO, Third Party Defense, Vulnerability Management, Identity and Access Management, Responsible Vulnerability Disclosure, email encryption, and general security awareness. He is a member of the ISACA, serves on the Advisory Board for SecureWorld Charlotte, and enjoys connecting with others that work in Cybersecurity. Rob is an active supporter and advocate for those impacted by disabilities and is an advocate in the Women in Technology and Operations (WIT&O) organization. He is an ardent believer in life-long learning. In his spare time, he can be found playing or officiating soccer, generating sawdust or digging in the dirt around his house, and trying to keep a British sports car running.

  • speaker photo
    Jack Freund, PhD
    Director, Risk Science, FAIR Institute

    Dr. Jack Freund is a leading voice in cyber risk measurement and management. He is an expert at building relationships to collaborate, persuade, and sell information risk and security programs. Jack is currently serving as Director, Risk Science at RiskLens and previously worked for TIAA as Director, Cyber Risk. Jack holds a PhD in Information Systems and has been named an IAPP Fellow of Information Privacy. Jack’s book on quantifying risk (Measuring and Managing Information Risk: A FAIR Approach) was inducted into the Cybersecurity Canon in 2016. Jack’s writings have appeared in the ISSA Journal and he currently writes a column for the @ISACA newsletter.

  • speaker photo
    Andrew Dutton
    CISO, DuHart Consulting

    Strategic Global Cybersecurity leader that is accomplished in complex multinational organizations. Strong interpersonal skills and communicator. Extensive experience in cybersecurity, compliance, governance, architecture. Expert in deployment of enterprise standards, processes, and policies. Strong project management experience. Dedicated and well versed in analyzing and mitigating risk, deployment of cost-effective solutions based on business requirements, and technical architecture. Adept in changing culture and developing engaged/motivated teams as well as working individually with resources.

  • speaker photo
    John Opala, PhD
    VP & Global CISO, Hanesbrands Inc.

    Cybersecurity thought leader with over 19 years of technical and leadership experience in multiple disciplines.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes