Click here to view registration types and pricing (PDF)
2017 Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, May 31, 2017
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast: Morphing Your Company to Next-Generation Controls: Tackling Tech, Budget, People, and Securing Support – (VIP / INVITE ONLY)
    • session level icon
    speaker photo
    General Counsel & Chief Security Officer, EVP, Viewpost
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: 119
    8:00 am
    SecureWorld PLUS Part 1 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 111

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    8:00 am
    SecureWorld PLUS Part I – Building a Successful Information Security Awareness Program
    • session level icon
    SecureWorld PLUS registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 101

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, University of Massachusetts, President’s Office
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 110

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    8:30 am
    Digital Analytics and Privacy: Recent Events and Trends
    • session level icon
    speaker photo
    Partner, Alston & Bird LLP
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 115

    Innovation in data analytics technologies continues at an extraordinary pace. Privacy professionals must both apply existing legal concepts and track new regulations in analyzing these emerging technologies. This session will discuss the privacy regulatory environment for data analytics and will focus on recent developments and trends.

    8:30 am
    SentinelOne: The Next Generation of Endpoint Solutions
    • session level icon
    speaker photo
    Sr. Director of Security Solutions, SentinelOne
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: 113

    We will cover why the endpoint is at the center of almost every breach today and why that fact will not change. We will also discuss the current state of endpoint defense and why the traditional approach of prevention are sinking faster than the titanic. In addition, we will touch on various approaches and categories of "Next-Generation" endpoint defense. In the end, you should be armed with the information you need to move forward with the right "Next-Generation" endpoint solution that will fit your need to combat the latest 0-days and APTs.

    8:30 am
    Ransomware Response – Rejecting the Threat
    • session level icon
    speaker photo
    Executive Consultant, CGI
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 117

    Ransomware is among the hottest topics in the list of cybersecurity concerns for 2017. Chasing after ransomware components requires constant attention and often yields results that are inconclusive or too late. This session will focus on the protection from the harm threatened by a ransomware attack.

    8:30 am
    Paving the Way to AppSec Program Success
    • session level icon
    How to build a scaleable enterprise-wide application security program.
    speaker photo
    Conference Director, Metro Atlanta Chapter of ISSA
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Ballroom C

    This presentation offers a fundamental approach to creating a foundation for an application security program that holistically addresses findings by creating a conduit between the information security teams—who often discover the issues—and the development teams, who know the application better than anyone and can re-mediate issues in the best possible fashion.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Cybersecurity 2.0 – Controls, Governance, and Business Reimagined
    • session level icon
    speaker photo
    General Counsel & Chief Security Officer, EVP, Viewpost
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Our backs are up against a wall of never ending breaches, blame, and ineffective controls. Hear from not only a thought leader, but someone with operation experience as a CISO, General Counsel, and Chief Privacy Officer today as we will discuss new controls, how to lead and govern along side the Board, and how to enable business through better cybersecurity.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    10:15 am
    ACP Chapter Meeting
    • session level icon
    Open to All Attendees
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 12:00 pm
    Location / Room: Ballroom D

    Interested in your local associations? Join ACP for their chapter meeting and presentation.

    11:15 am
    Surviving the Siege: Medieval Lessons in Modern Security
    • session level icon
    Discover the 2017 SecureWorld Theme
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 115

    Warfare and the arts of intrusion have advanced considerably since the Middle Ages, but in many ways the principles of fortification we use today remain the same. The great castles of antiquity were ingeniously designed with multiple layers of physical security to protect their inhabitants from persistent, even advanced enemy threats. Their carefully planned and creative defensive measures provide rich metaphors, both positive and negative, for today’s cyber guardians. On the other hand, clever, daring, sometimes brilliant offensive strategies and tactics have historically breached battlements thought to be unassailable. Come join us as we examine lessons that can be applied to securing our own sophisticated digital fortresses.

    11:15 am
    Wombat Security: State of the Phish: Understanding End User Behaviors Towards Phishing
    • session level icon
    speaker photo
    Chief Architect, Wombat Security Technologies
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 117

    Hear direct feedback from infosec professionals on the latest phishing exploits and vulnerabilities in their organizations and how they are protecting themselves and, learn about the most devastating types
    of phishing emails used and how to prevent them.

    11:15 am
    Cisco: The Way We Work Has Changed. Has Your Security?
    • session level icon
    speaker photo
    Manager, Systems Engineering, Cisco
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 113

    By 2018, Gartner estimates that 25% of corporate data traffic will bypass the perimeter. As organisations evolve their IT stack, traditional security approaches/architectures need to be reconsidered. This interactive session will review some of the new risks introduced by SaaS/IaaS adoption and show how to effectively mitigate these risks using new approaches to security architecture. Presenters will review best practices around the transition of a security architecture itself to the cloud, utilizing customer case studies.

    11:15 am
    ACM/IEEE/AIS/IFIP Joint Task Force on Cybersecurity Education Update
    • session level icon
    Gain an understanding of planned cybersecurity curriculum efforts by industry groups.
    speaker photo
    Associate Professor, Kennesaw State University
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 112

    The CSEC2017 Joint Task Force on Cybersecurity Education is developing curricular guidance for undergraduate degree programs in cybersecurity. This overview of the JTF with a review of the work thus far will share plans for next steps. Your opportunity for engagement will be explained, and time for Q&A will conclude the talk.

    11:15 am
    Finding Your Own Vulnerabilities (Before Attackers & Auditors Do)
    • session level icon
    speaker photo
    Director, Information Security, Fluor
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Ballroom C

    Organizations can often struggle to identify and address vulnerabilities in their environment, whether for network devices, servers, workstations, IoT devices and other hosts. This presentation covers a number of “quick wins” in vulnerability management for the wide range of devices seen on corporate and home networks today.

    12:00 pm
    Advisory Council LUNCH Round Table - Evolving Challenges With Operating an SOC - (VIP / Invite Only)
    • session level icon
    speaker photo
    CEO & Co-Founder, TruSTAR Technology
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 119

    Paul Kurtz, co-founder and CEO of TruSTAR Technology and former National Security Council staff member at the White House, will moderate a discussion about the evolving challenges associated with operating a SOC. Participants will share real-world examples around recent hacks and discuss approaches to break down internal silos, operationalize intelligence feeds, and begin to collaborate with others.

    12:15 pm
    LUNCH KEYNOTE: Defending the Nation in Cyber Space
    • session level icon
    Former Director of Operations at U.S. Cyber Command
    speaker photo
    Major General, U.S. Air Force (Retired)
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    The Russians hacked the election, the Chinese are stealing our trade secrets, the Iranians and North Koreans see cyber as the ultimate asymmetric attack vector against the United States. Every day, the country’s critical infrastructure is under attack—financial services, the electric grid, oil and gas, telecommunications, transportation. As the former Director of Operations at U.S. Cyber Command, Maj Gen (Ret) Brett Williams is one of the few speakers available who can talk with the credibility that comes from being on the front lines of defending the Nation in cyberspace. General Williams unique combination of both military and private sector experience, provides a clear understanding of the nation-state cyber threat and how it could impact business interests in every sector.

    1:15 pm
    Panel: Hazards on the Horizon - Emerging Threats
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Just as in the days of yore, you must have watch guards in the tower scanning the horizon for enemy banners. If you follow cyber threats, then you know that the landscape is constantly changing. From the bring your own device (BYOD) workplace to mobile-malware, social engineering, and everything in between, information security has transformed. In order stay ahead of the ever-changing threats, it is imperative to constantly improve and change security policies. Join industry experts as they discuss the importance of rolling with the changes, and how your company can stop the threat before it gets to the castle gate.

    1:15 pm
    Panel: Beware the Highwaymen: Rise of the Cyber Criminal
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Ballroom C

    Modern civilization has always been plagued by various classes of criminals. Travelers would hire guards to protect their caravans from hijackers. Thieves came up with various ploys to trick travelers on the road. In today’s day and age the advent of interconnected devices, allowing for portability of corporate secrets, has given rise to a completely different class of nefarious actors. Cyber criminals range from those bent on stealing your personal information to “cyber terrorists” who have the capability to inflict harm on a much wider scale. Uninhibited by current laws, they are very effective given the speeds of networks, lack of appropriate security controls, and the anonymous nature of the attacker. Making matters worse, the crime may be perpetrated by entities outside of the legal jurisdiction where the unlawful act took place. This panel will explore the tools these criminals use, what can be done to prevent them, and how to safeguard your data.

    1:15 pm
    Sumo Logic: Advanced Security Analytics – Detect, Respond, Comply
    • session level icon
    speaker photo
    Director of Product Marketing, Security & Compliance, Sumo Logic
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 117

    Advanced security analytics reduces noise and operational intelligence to help security professionals address the tsunami of data of today's modern applications.

    2:15 pm
    (ISC)2 Chapter Meeting
    • session level icon
    Discover Your Local Associations - Open to All Attendees
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Ballroom D

    Join (ISC)2 for a meet and greet. This session is intended for members and non-members.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    How to Up-Level Your Skills to Enhance Your Career
    • session level icon
    speaker photo
    Cybersecurity Consultant, ExecSec Inc.
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 113

    Up-Level Your Hard and Soft Skills to Turbo-Charge Your Career

    3:00 pm
    Improving Your Security Awareness Campaign With Analytics
    • session level icon
    speaker photo
    Security Program Manager, Automatic Data Processing
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Ballroom C

    Managing a security awareness program in a large organization requires careful application of time, resources and money. This session will focus on metrics and analytics used in real-world security awareness campaigns.

    3:00 pm
    Meet Your FISMA Requirements: Cybersecurity Calendar, Risk Management Framework & NIST Security Controls
    • session level icon
    speaker photo
    Senior Agency Information Security Officer, SAISO, GA Department of Juvenile Justice
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 115

    How does the FISMA ACT effect contractors and state & local government doing business with the federal government? Building the Cybersecurity calendar to track compliance requirements and understanding NIST's Risk Management Framework, including security controls.

    3:00 pm
    CloudPassage: Figuring Out Security and Compliance in the Agile Age
    • session level icon
    speaker photo
    Cloud Security Architect, CloudPassage
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 112

    Today's enterprise business leaders demand speed and flexibility in technology delivery. Application development has been decentralized in most enterprises, now scattered across dozens or more independent technology teams. Adoption of cloud infrastructure, agile application development, containerization, devops, on-demand technology delivery, and other agility-oriented technologies enable this trend. While a plus for business units, security and compliance functions are often disrupted dramatically by never before seen levels of distribution, speed, and autonomy in application development and delivery. In this session, Jason Lancaster from CloudPassage will discuss trends, challenges, and strategic foundations for evolving security to harmonize with this now-unstoppable evolution in I.T. Delivery.

    3:00 pm
    Information Security at the White House in the 1990’s
    • session level icon
    Good security practices have not changed over time.
    speaker photo
    AVP, Cyber Risk Remediation, US Bank/Elavon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 117

    I was the CIO/CISO equivalent for President Clinton at the White House and had to deal with pre-Y2K Information Security and Information Technology. Security and Technology sure has changed over the last twenty years or has it? I would argue that good Information Security practices are still the same and really have not changed over the last twenty years. Why is that? What lessons can we learn by looking back at ourselves twenty years ago?

    3:00 pm
    SecureWorld PLUS Part 2 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 111

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    3:00 pm
    SecureWorld PLUS Part II – Building a Successful Information Security Awareness Program
    • session level icon
    SecureWorld PLUS registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 101

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, University of Massachusetts, President’s Office
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 110

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

  • Thursday, June 1, 2017
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 111

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, University of Massachusetts, President’s Office
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 110

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    8:00 am
    SecureWorld PLUS Part III – Building a Successful Information Security Awareness Program
    • session level icon
    SecureWorld PLUS registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 101

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful tool kits are covered.

    8:30 am
    Data Breach Digest – Perspective is Reality
    • session level icon
    speaker photo
    Digital Forensics Investigator, Verizon RISK Team
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 113

    Data breaches are complex affairs. Response activities are proportionately complex involving various stakeholders with slightly different perspectives. This presentation covers the 2017 "Data Breach Digest – Perspective is Reality"; a compendium of data breach scenarios told from different stakeholder points of view covering their decisions, actions and crucial lessons learned.

    8:30 am
    Security Roadmap for Next Generation of Payments
    • session level icon
    speaker photo
    Chief Technology Officer, PCI Security Standards Council
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 115

    As new cyber threats emerge, and advances in technology change the way we conduct payments and secure them, we must develop security strategies to protect sensitive data, improve how we authenticate, and simplify PCI compliance where possible. Please join us to discuss how payment security is evolving to prevent the capture of account information for fraudulent purposes and to learn what the PCI Council is doing in 2017 to facilitate the next generation of payment security.

    8:30 am
    IoT Cybersecurity: Evolution, Risks and Executive Responsibilities
    • session level icon
    speaker photo
    Principal, Advisory Services, Ernst & Young LLP
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Ballroom C

    The focus of this talk is the connected product ecosystem (IoT) and the blurring of traditional boundaries that requires a “true” end to end security strategy. Topics will include evolution of IoT products, impact on companies who use IoT devices, supply chain risks, and management and board responsibilities.

    8:30 am
    InfraGard Atlanta Quarterly Meeting: Do You Need an Insider Threat Mitigation Program?
    • session level icon
    Open to All Attendees
    speaker photo
    Strategic Partnership Coordinator, FBI
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Keynote Theater

    There is an ongoing and concerted effort to steal the trade secrets of U.S. businesses. Such trade secrets include proprietary technology, product prototypes, R&D, merger & acquisition plans, market expansion plans, customer lists & pricing, and so much more. This poses not only a threat to the reputation and viability of a targeted business, but to U.S. economic security. Though our companies tend to invest heavily in security to “keep the bad guys out”, do you adequately invest in the effort to detect and disrupt threats posed by those already inside your company. This PPT presentation will provide an analysis of Insider Threat cases, stress the need for an Insider Threat Mitigation Program, and highlight the components of a successful Mitigation Program.

    Intended Audience: Personnel positioned to effect change within the organization regarding the protection of trade secrets.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Intelligence and Cybersecurity: Toward a More Effective Public / Private Partnership
    • session level icon
    speaker photo
    CNN Military Analyst, USAF (ret.) and CEO, Cedric Leighton Associates
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Col. Cedric Leighton's keynote presentation will cover the following:

    - Overview of the Cyber Threat based on publicly available intelligence
    - Why current Intelligence Community structure needs to be re-vamped for the Cyber Age
    - How intelligence agencies should be working with private companies
    - It's about new legislation AND changing mindsets and cultures
    - The new relationship between the US Intelligence Community and US companies in the Cyber Age - a vision for the future

    10:15 am
    ISSA Meeting & Presentation: The Challenges of Managing an MSSP SOC With Some Wins as Well
    • session level icon
    Open to All Attendees - Coffee & Soda Provided
    speaker photo
    Security Analysis Manager II, Cyber Threat Analysis Center (CTAC) at SecureWorks
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Ballroom D

    Are you thinking of building out an internal SOC for your company or purchasing the services of an MSSP? I will be discussing the challenges I have seen over the past two years of managing security analysts along with some "WINS". What are the current trends in hiring security analysts? How do you balance training for new hires and current employees? How do you ingest events / logs from the different systems and incorporate a workflow process? Clients are very important in an MSSP environment, so how do you keep the client happy yet still maintain a functioning workflow? One of the most rewarding "WINS", personally, is watching employees grow professionally and develop into security experts. Another few examples of "WINS" can include the threat intel lifecycle driven by clients and the ability to access large data sets to conduct security research.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:15 am
    Radware: Cyber War Chronicles – Stories from the Virtual Trenches
    • session level icon
    speaker photo
    Security Evangelist, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 113

    2016 saw a continuation of some cybersecurity threats, as well as the emergence of some attack types and trends. Ransom attacks, political hacks, and new dynamics around the accessibility and capability of attack tools have added even more challenges to security. This session will explore some of the latest evolutions of the threat landscape, through a combination of market intelligence, real-world case studies, and direct insights from those on the front lines of cybersecurity.

    11:15 am
    You’ve Issued the Risk Letter-Now What?
    • session level icon
    speaker photo
    Chief Information Security Officer, Georgia Department of Public Health
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 112

    The principle reason for managing risk in an organization is to protect the mission and assets of the organization. In this interactive session, we will explore ways to deal with the business when they refuse to mitigate the risks and/or accept them.

    11:15 am
    The Wake Up Call – Proven Principles to Counter Active Shooters and Terrorist Attacks
    • session level icon
    speaker photo
    President, DRACO GROUP
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Ballroom C

    Violence and terrorism are on the rise worldwide. There is no place on Earth where an Active Shooter is stopped faster than in Israel. This is due to the implementation of simple principles which can be utilized here too, to prevent and stop high violent events.

    11:15 am
    Security Risks and Mitigation Strategies
    • session level icon
    speaker photo
    Information Security Instructor/Consultant, Gwinnett Technical College
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 117

    How does a cybersecurity leader communicate to non-cybersecurity experts the value of a program and all the expense that goes along with implementing information security activities? This session will help explore how an organization can overcome these challenges using knowledge and experiences as a basis for guided action.

    11:15 am
    Trend Micro: Anatomy of a Ransomware Attack and Why It Matters
    • session level icon
    speaker photo
    Chief Cybersecurity Officer, Trend Micro
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 115

    Cyber criminals can hijack your business by encrypting your data and holding your systems hostage until you pay up. Hackers use ransomware like CryptoLocker and CryptoWall to target a wide range of organizations like yours, demanding thousands of dollars. Find out how you can protect your business from ransomware security threats. Join Ed Cabrera, Chief Cybersecurity Officer at Trend Micro, as he outlines the latest criminal underground threats and best practices to protect your data and systems.

    12:00 pm
    Advisory Council LUNCH Roundtable: Security Awareness" (VIP / Invite ONLY)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 119
    12:15 pm
    LUNCH KEYNOTE: Cisco - Threat Evolution: Effective Defense Against Increasingly Innovative Attackers
    • session level icon
    speaker photo
    Technical Leader, Cisco Talos
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    People responsible for defending networks realize that the security threat landscape is constantly changing. Understanding how threats evolve is critical to building better defenses. In this presentation, we will discuss threats Talos has recently identified and illuminate some of the latest attacker.

    1:15 pm
    Panel: Close the Front Gate: Identify all Travelers: Locking Down the Endpoints
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    One of the first lines of defense for a castle was the front gate or portcullis. When the need arose, they would simply close the gate and stop everyone from entering. Castle guards would stop each traveler and determine their identity and if they were a threat before letting them in. Sort of like today’s network access control and firewalls. Identity or the perception of one’s identity was all that mattered and a smart spy or thief would gain access to the castle with only minor delays. Our experts will discuss your options for defending your castle.

    1:15 pm
    Panel: The Court Jester Has the Crown Jewels (Ransomware)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Ballroom C

    Way back in the day if you wanted to get someone to bend to your will you could just kidnap the princess or steal the Crown Jewels. Kingdoms would do just about anything to get these things back. It was probably a bit easier to grab the princess and leave a note with your demands. The exchange of coin for the princess was a risky maneuver but worth the reward if you escaped. Now it just takes one foolish click to become a victim of ransomware. Sadly, they are not easily caught when you make the trade with bitcoin. This panel will talk about the current schemes happening with ransomware and how you can try to keep the Crown Jewels safe.

    1:15 pm
    ASDFED Meeting and Presentation: Fairy Tales to Facts: Digital Forensics Quest for the Truth
    • session level icon
    Open to All Attendees
    speaker photo
    VP, ASDFED
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:30 pm
    Location / Room: Ballroom D

    Fairy tales can teach us much about how the world works. The stories of our youth act as guiding principles for professionals within the Data Protection & Privacy realm. Modern “Happily Ever Afters” are the goal of Digital Forensics and eDiscovery professionals as we quest for truth and not tales. Finding information contained within the 1s and 0s of a drive or network share is our ultimate objective. This presentation leads you off the yellow brick road and onto the journey where the Facts live.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Newton’s Laws of Privacy and Security
    • session level icon
    speaker photo
    VP, ASDFED
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 113

    Does Data follow the same laws as Newtonian Physics? This presentation will be a discussion of how the motion of thought and data follows the physical laws, and how this affects business. If you've ever experienced a Third-Gravitating Body, this is for you.

    3:00 pm
    Culture Is What People Do When No One Is Looking - Corporate Culture and Its Impact on Security
    • session level icon
    Culture Eats Security Issues for Breakfast
    speaker photo
    Founder & CEO, American Club, U.S. Chamber of Commerce
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Ballroom C
    3:00 pm
    Anatomy of a Cyber-Heist: Examples of Advanced Cyber Risks
    • session level icon
    speaker photo
    Managing Director, UHY Advisors
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 115

    One click is all it takes. Bring your A-game! This presentation will take you through how cyber crooks are getting away with some big pay days. We will explore techniques in use demonstrating an increasingly high level of sophistication, patience, and planning, so you can better plan your defenses.

    3:00 pm
    Business Resiliency in a Cyber World
    • session level icon
    Effectively Apply Incident Management Techniques
    speaker photo
    Director, Business Resiliency, Automatic Data Processing
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 117

    Managing cyber incidents can prove difficult at best. When technology is unavailable does traditional business resiliency techniques apply, or has this school of thought of having plans available become outdated?

Exhibitors
  • ACP Atlanta
    Booth: 220

    The Atlanta Chapter was formed in August of 2006. It includes Continuity Professionals from all areas of the Business Community and the Public Sector. As ACP's local presence in the Atlanta metro region, our chapter embraces and seeks to promote the mission and goals of the parent organization. Being a member of the Atlanta Chapter of ACP brings many benefits:
    • The opportunity to network with experience individuals who often have addressed some of the same challenges you face in your organization.
    • The opportunity to hear real examples of solutions that have been implemented in other organizations.
    • The opportunity to network for career opportunities.

  • ARMA
    Booth: TBD

    ARMA International is a not-for-profit organization representing the RIM profession. Its primary purpose is the advancement of the profession and the professional through advocacy, education and professional development.

    ARMA International members include records and information managers, MIS and ADP professionals, imaging specialists, archivists, hospital administrators, legal administrators, librarians, corporate counsel, compliance professionals, and educators. ARMA, its chapters, and its members are dedicated to helping individuals, organizations, and government agencies successfully meet the challenges of the increasingly complex records and information management field.

  • Avecto
    Booth: 310

    Avecto is a leader in Privilege Elevation and Delegation Management. Since 2008, the company has enabled over 8 million users to successfully work without admin rights, enabling many of the world’s biggest brands to achieve the balance between overlocked and underlocked environments.

    Avecto’s Defendpoint software has been deployed in the most highly regulated industries, enabling organizations to achieve compliance, gain operational efficiency and stop internal and external attacks.

    Defendpoint combines privilege management and application control technology in a single lightweight agent. This scalable solution allows global organizations to eliminate admin rights across the entire business – across Windows and Mac desktops and even in the data center.

    Actionable intelligence is provided by Defendpoint Insights, an enterprise class reporting solution with endpoint analysis, dashboards and trend data for auditing and compliance.

  • Binary Defense Systems
    Booth: 210

    BDS is a company that works with you to understand your environment, what you have and building defenses to combat what we face today and for the attacks of tomorrow. Technology is continuously changing, businesses change every day – in order to keep up with the changes, BDS has created an extensively flexible yet highly accurate way of detecting attackers. We are attackers, and we know the best ways in detecting how attackers breach your network. An added bonus with BDS – continual penetration tests are performed regularly to enhance and develop additional safeguards. We are here to defend, protect and secure your company.

  • Centrinet
    Booth: 310

    Centrinet is the leading solutions advisor of emerging technologies. We are IT subject matter experts who also speak business. We take the time to learn your company inside and out, aligning your needs and goals to prescribe an IT solution that best supports your company's initiatives. Our success comes from yours.

    Centrinet provides a full range of solutions and professional services, all designed to enable your IT department to increase productivity, decrease expenses, improve efficiency and simplify your technology needs. In short, we help you do more with less.

  • Check Point Security
    Booth: 200

    Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. We are committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.

  • Cisco
    Booth: 330

    Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.

  • Cloud Passage
    Booth: 320

    CloudPassage® Halo® is the world’s leading agile security platform that provides instant visibility and continuous protection for servers in any combination of data centers, private clouds and public clouds. Halo uses minimal system resources; so layered security can be deployed right at every workload – servers, instances and containers.

  • CyberRisk Solutions
    Booth: 310

    Knowing that Cyber Security is about so much more than just technology, CyberRisk Solutions focuses specifically on People, Processes, and Facilities and how that integrates with Technology to create a truly secure environment.

    CyberRisk Solutions provides Enterprise Risk Management strategic consulting, project outsourcing, staffing and managed solutions to reduce the risk of cyber loss and increase operational efficiency for the SMB market across financial services, healthcare, energy and other verticals.

  • CyberTrend
    Booth: n/a

    CyberTrend is a monthly business technology magazine for C-level executives, business owners, and affluent entrepreneurs. CyberTrend covers a broad range of technologies, companies, and solutions. Topics include mobility, security, data analytics, networking, communications, energy efficiency, and storage, among many others. Any technology that helps businesses become more efficient, improve ROI, and stay ahead of the competition is a fit for CyberTrend. CyberTrend helps readers understand the technologies that impact their organizations and make educated decisions when investing in new solutions.

  • EC-Council
    Booth: 334

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • InfraGard
    Booth: 236

    InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of individuals, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.

    The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.

  • IronNet
    Booth: 332

    IronNet is a Cybersecurity / Behavior Analytics Product and Cyber Services company started by former NSA Director Keith Alexander (retired 4-star General). IronDefense, our behavior analytics system, brings real-time visibility and cutting edge analytics to customer networks to discover the most elusive threats, then ranks them by risk through an expert system to amplify analyst capabilities.

  • ISACA
    Booth: 214

    As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

  • ISC2
    Booth: 235

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation - The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • ISSA Metro Atlanta Chapter
    Booth: 226

    The ISSA Metro Atlanta chapter has developed over the years into one of the largest ISSA chapters worldwide and the largest IT Security organization in the Metro Atlanta area. The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.

  • Ixia
    Booth: 308

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks.
    Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Juniper
    Booth: 304

    Our customers don’t set out to build networks. They build on ideas that reinvent, reimagine, and improve the world around them. It makes sense that we should begin there, too.

    Through our passion for creating high-performing networks, Juniper extends knowledge, collaboration, and human advancement in industries around the world—such as energy, healthcare, education, and many others.

    While our innovative product and services portfolio evolves continuously, we need to reach farther to secure our customers’ long-term success. We’re looking beyond the horizons of today’s business challenges, and the technology future we see is built on real-time service integration. That means everything we develop must align with our vision.

  • LogRhythm
    Booth: 208

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • Mission Critical
    Booth: 200

    Mission Critical Systems is an information technology security reseller and integrator focused only on security solutions. We have been providing top quality security products and consulting services throughout the Southeast United States and Caribbean since 1997.

    Our mission is to provide best-in-breed data and network security products and expert services that will reduce our client's exposure to information theft and destruction. We advocate a comprehensive approach to information security—evaluating all aspects of an organization's vulnerabilities from internal compromises to external threat. We can provide your organization with the tools, controls and training to secure your infrastructure. Our sales and engineering professionals will work with you to design and implement strategies to address your complex information security challenges.

    Mission Critical Systems is a Woman Owned Business and Equal Opportunity Employer.

  • MobileIron
    Booth: 326

    MobileIron stands out from other MDM vendors by providing expanded EMM capabilities to IT organizations that need to secure mobile devices, applications and content. The MobileIron Enterprise Mobility Management (EMM) solution is a mobile security platform that secures data-at-rest on mobile devices, in applications, and in cloud storage, as well as data-in-motion as it moves between corporate networks, devices, and storage repositories.

    MobileIron's mission is to enable modern enterprises to secure and manage information as it moves to mobile and to the cloud, while preserving end-user privacy and trust. With MobileIron, IT teams can achieve more than just its mobile device management objectives – they can secure corporate information wherever it lives while preserving the sanctity of employee privacy. MobileIron achievements include:

  • OneLogin
    Booth: 306

    OneLogin brings speed and integrity to the modern enterprise with an award-winning single sign-on (SSO) and cloud identity and access (IAM) management platform. Our portfolio of solutions secures connections across all users, all devices, and every application, helping enterprises drive new levels of business integrity, operational velocity, and team efficiency across all their cloud and on-premise applications.

  • PhishLabs
    Booth: 333

    PhishLabs™ is the leading provider of 24/7 cybersecurity services that protect against threats that exploit people. The company is trusted by top organizations worldwide, including 4 of the 5 largest U.S. financial institutions. PhishLabs combines proprietary technology, intelligence, and human expertise to rapidly detect, analyze, and stop targeted cyberattacks before they impact organizations. Additionally, the company provides robust threat intelligence that strengthens existing cyber defenses and optimizes threat prevention. Leading organizations partner with PhishLabs to more effectively disrupt targeted cyberattacks, prevent data breaches, and reduce online fraud.

  • Radware
    Booth: 328

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware's solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • RSA Security
    Booth: 222

    RSA’s business-driven security solutions help customers comprehensively and rapidly link security incidents with business context to respond effectively and protect what matters most. With award-winning solutions for rapid detection and response, identity and access assurance, consumer fraud protection, and business risk management, RSA customers can thrive in an uncertain, high-risk world.

  • Sayers
    Booth: 222

    At Sayers, we have more than 30 years of experience in providing personalized IT services and solutions. We bring an in-depth knowledge of the most innovative technologies which allows us to diagnose your problems, create a personalized plan, and implement the exact solutions to help your business overcome its most difficult IT challenges. Sayers mission is to help clients solve their business challenges with innovative IT solutions. Our success is founded on building strong relationships with our clients and going above and beyond to help those clients succeed.

  • SecureWorks
    Booth: 234

    Dell SecureWorks is a global provider of intelligence-driven information security solutions exclusively focused on protecting its clients from cyberattacks. Dell SecureWorks’ solutions enable organizations to fortify their cyber defenses to prevent security breaches, detect malicious activity in real time, prioritize and respond rapidly to security breaches and predict emerging threats.

  • SentinelOne
    Booth: 314

    SentinelOne is the future of Endpoint Protection. It unifies prevention, detection and response in a single platform driven by sophisticated machine learning and intelligent automation. With SentinelOne, organizations can detect malicious behavior across multiple vectors, rapidly eliminate threats with fully-automated, integrated response capabilities, and adapt their defenses against the most advanced cyber attacks.

  • Silent Circle
    Booth: 300

    Silent Circle is a leader in enterprise privacy, delivered through a revolutionary mobile platform of devices, software, and services, starting with ZRTP to build a fundamentally different mobile architecture. For more information, please visit silentcircle.com.

  • Skybox Security
    Booth: 222

    Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.

  • Sumo Logic
    Booth: 232

    Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world.

  • TAG
    Booth: 218

    It's a new world for tech, and the Technology Association of Georgia (TAG) has emerged as a world-class membership organization and an engine for economic development for the state of Georgia. TAG's mission is to educate, promote, influence and unite Georgia's technology community to foster an innovative and connected marketplace that stimulates and enhances Georgia's tech-based economy.

    TAG TODAY:

    35,000+ Members
    2,000+ Member Companies
    200+ Events per year
    33 Societies

  • TechTarget
    Booth: n/a

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Trend Micro
    Booth: 316

    As a global leader in cloud security, Trend Micro develops Internet content security and threat management solutions that make the world safe for businesses and consumers to exchange digital information. With more than 20 years of experience, we're recognized as the market leader in server security for delivering top-ranked client, server, and cloud-based security solutions that stop threats faster and protect data in physical, virtualized, and cloud environments.

  • TrustedSec
    Booth: 308

    Our #1 priority is you, our customer. We believe in our services and our quality of them. We truly care about each and every organization as much as you do. Our team is highly talented, skilled, senior, and not a commodity service like other INFOSEC consulting companies. TrustedSec’s model is to staff with only senior level resources and the highest quality of information security consulting. Our brand, reputation, and quality is how we have established ourselves in this industry and with the mindset of “always doing the right thing”. When we work with our customers, it’s more than “just another engagement” – it’s establishing an understanding with an organization, and working to make them better.

  • Unisys
    Booth: 208

    Unisys is a global information technology company that specializes in providing industry-focused solutions integrated with leading-edge security to clients in diverse markets. Unisys combines experienced security consulting, Stealth micro-segmentation security solutions and efficient managed security services to deliver dramatic improvement in security posture and operational efficiencies.
    Visit http://unisys.com/security for more information.

  • Veristor
    Booth: 340

    At VeriStor, we design, implement and manage IT solutions that fuel business productivity. As an end-to-end solutions provider, VeriStor specializes in enterprise data storage, virtual infrastructure, public, private and hybrid cloud services, migration, and technology financing. Headquartered in Atlanta, VeriStor delivers solutions nationwide to enterprise and mid-market companies in all industries including financial services, manufacturing, healthcare, education and federal, state and local government. To learn how VeriStor can help you achieve an IT infrastructure that accelerates business growth, improves efficiencies and reduces costs, visit: http://www.veristor.com

  • Wombat Security Technologies
    Booth: 338

    Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS cyber security education solution includes a platform of integrated broad assessments, and a library of simulated attacks and brief interactive training modules, to reduce employee susceptibility to attack, even phishing attacks, over 80%.

  • Ziften
    Booth: 206

    Ziften delivers all-the-time visibility and control for any asset, anywhere - client devices, servers, and cloud VMs – whether on-network or remote; connected or not. Our SysSecOps platform empowers enterprises, governments, and MSSPs to quickly repair endpoint issues, reduce their overall risk posture, speed threat response, and increase operations productivity.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Christopher Pierson
    General Counsel & Chief Security Officer, EVP, Viewpost

    Dr. Christopher Pierson is the General Counsel & Chief Security Officer, EVP for Viewpost. Chris serves on the DHS Data Privacy and Integrity Advisory Committee and Cybersecurity Subcommittee and is a Distinguished Fellow of the Ponemon Institute. Previously, Chris was the first Chief Privacy Officer, SVP for the Royal Bank of Scotland’s U.S. banking operations leading its privacy and data protection program. Chris was also a corporate attorney for Lewis and Roca. Chris is a graduate of Boston College (B.A., M.A.) and The University of Iowa (Ph.D., J.D.) and speaks at national events and is frequently quoted on cybersecurity.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Larry Wilson
    CISO, University of Massachusetts, President’s Office

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    David Keating
    Partner, Alston & Bird LLP

    David Keating is a partner in the Technology and Privacy Practice at Alston & Bird LLP. He represents some of the most well-known brands in industry. David's practice has been recognized by Chambers & Partners and The Best Lawyers in America.

  • speaker photo
    Nick Schilbe
    Sr. Director of Security Solutions, SentinelOne

    Avid Video game player turned video game hacker turned professional hacker. Joined WhiteHat Security at a young age and quickly became the head of their Threat Research Center. While at WhiteHat, Nick performed penetration tests on thousands of websites while creating new attack techniques to evolve the WhiteHat Sentinel platform. In 2014 during one of the most profound years for enterprise breaches, Nick started focusing his research on malware and endpoint related threats due to the massive increase in attacks in that space. This research led Nick to SentinelOne, where he became a core team member responsible for helping design and deploy a product to protect against the evolving threat landscape.

  • speaker photo
    Michael Corby
    Executive Consultant, CGI

    Mr. Corby has more than 40 years in IT strategy, operations, development and security. He is the founder of (ISC)², Inc. the organization that established the CISSP security professional credential. A frequent Secureworld speaker and author, he was CIO for a division of Ashland Oil and for Bain & Company.

  • speaker photo
    Damien Suggs
    Conference Director, Metro Atlanta Chapter of ISSA

    Damien has been in the IT Security Field in various capacities for over seventeen years working in environments such as telecommunications, the public sector, healthcare, and retail.   He is well versed in ethical hacking and penetration testing both from an application and network perspective and understands the demand for a comprehensive security program.

  • speaker photo
    Christopher Pierson
    General Counsel & Chief Security Officer, EVP, Viewpost

    Dr. Christopher Pierson is the General Counsel & Chief Security Officer, EVP for Viewpost. Chris serves on the DHS Data Privacy and Integrity Advisory Committee and Cybersecurity Subcommittee and is a Distinguished Fellow of the Ponemon Institute. Previously, Chris was the first Chief Privacy Officer, SVP for the Royal Bank of Scotland’s U.S. banking operations leading its privacy and data protection program. Chris was also a corporate attorney for Lewis and Roca. Chris is a graduate of Boston College (B.A., M.A.) and The University of Iowa (Ph.D., J.D.) and speaks at national events and is frequently quoted on cybersecurity.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Kurt Wescoe
    Chief Architect, Wombat Security Technologies

    As Chief Architect at Wombat Security, Kurt is responsible for ensuring Wombat's software and systems are built on a sound foundation. He brings over 10 years of experience in engineering, across multiple industries. He also serves as a faculty member in the School of Computer Science’s master’s program in e-Business at Carnegie Mellon University. Kurt earned his M.Sc. in E-Commerce from CMU, and a B.S. in Computer Engineering from the University of Pittsburgh.

  • speaker photo
    Mark Stanford
    Manager, Systems Engineering, Cisco

    Mark Stanford is a veteran of the security industry. Over his 22-year career, he has built and designed defense architectures, automated security practices/methodologies,and worked with some of the best in the business on cutting-edge techniques. Mark has been a Security Architect and Senior Systems Engineer for companies such as Top Layer and Blue Coat and led SE teams at FireEye, Websense and now at Cisco Umbrella (formerly OpenDNS). His passion for security knows no bounds; his hobbies (aside from spending time with his family!) include malware analysis, threat intelligence, and collaborating with others to build impressive security postures.

  • speaker photo
    Herbert Mattord
    Associate Professor, Kennesaw State University

    Herbert Mattord, Ph.D., CISM, CISSP completed 26 years of IT industry experience before joining the faculty at Kennesaw State University in 2002. He was formerly with Georgia-Pacific Corporation. He is on the Faculty at Kennesaw State University with the rank of Associate Professor, teaching Information Security, Cybersecurity, and Information Systems.

  • speaker photo
    Michael Holcomb
    Director, Information Security, Fluor

    Organizations can often struggle to identify and address vulnerabilities in their environment, whether for network devices, servers, workstations, IoT devices and other hosts. This presentation covers a number of “quick wins” in vulnerability management for the wide range of devices seen on corporate and home networks today.

  • speaker photo
    Paul Kurtz
    CEO & Co-Founder, TruSTAR Technology

    Paul Kurtz is an internationally recognized expert on cybersecurity and the current CEO of TruSTAR Technology. Paul began working cyber security issues on the National Security Council at the White House in the late 1990s. He served in senior positions on the White House's National Security and Homeland Security Councils under Presidents Clinton and Bush and advised President Obama on cybersecurity during his transition into office. During his service, Paul was Special Assistant to the President and Senior Director for Critical Infrastructure Protection on the White House’s Homeland Security Council (HSC). He joined the HSC from the National Security Council (NSC) where he was both Senior Director for National Security in the Office of Cyberspace Security and a member of the President’s Critical Infrastructure Protection Board. He served on the NSC as a Director of Counterterrorism from 1999-2001, and helped manage the response to the September 11 terrorist attacks.

    Since leaving government, Paul has held numerous private sector cybersecurity positions and is currently the Co-founder and CEO for TruSTAR Technology. Paul is a regularly sought-after speaker and expert for the media, and served as an on-air consultant for CBS News.

    Paul’s work in counterterrorism has long-influenced his approach to cybersecurity. Specifically, it highlighted the need to improve information sharing and collaboration among those involved in detecting and responding to cyber threats. His remarks will be grounded in the past year’s most critical challenges and what we learned from our response to them, including the cyber attacks on the Ukraine power grid and the onslaught of cyber attacks targeting critical health care facilities.

  • speaker photo
    Brett Williams
    Major General, U.S. Air Force (Retired)

    Major General (Ret) Brett Williams co-founded IronNet Cybersecurity and is the President of the Operations, Training and Security Division. Providing strategic vision and the foundational security platform solutions for IronNet, General Williams also serves as the Chief Security Officer responsible for product, enterprise and physical security. His division provides security analytics, hunt operations, and threat analysis and intelligence support for the IronNet Cyber Operations Center, as well as product training and support for client operations centers.

    A highly experienced combat fighter pilot, General Williams held several significant command positions during his 33-year career with the U.S. Air Force. As Director of Operations for U.S. Cyber Command, General Williams was the architect of DoD's operational approach to cyberspace operations. He was responsible for the operations and defense of DoD networks, and offensive cyberspace operations in support of U.S. strategic objectives. General Williams also served as Director of Operations (A30) at the Pentagon, leading more than 1,300 Airmen and civilians stationed worldwide; and as Director of Communications, Command and Control for U.S Pacific Command.

    As an authority on cybersecurity, General Williams has appeared on NBC's Meet the Press with Chuck Todd, ABC's This Week with George Stephanopoulos and MSNBC's The Last Word with Lawrence O'Donnell. In addition, he conducts cyber-risk training seminars for corporate boards as a faculty member of the National Association of Corporate Directors. He earned a BS in Computer Science from Duke University and three additional graduate degrees in management and national security studies.

  • speaker photo
    Mark Bloom
    Director of Product Marketing, Security & Compliance, Sumo Logic

    Mark Bloom has more than 15 years of experience in sales, marketing and business development across financial services and high tech industries. His previous roles include Cisco, Compuware, SonicWall/Dell, Trend Micro and more.

  • speaker photo
    Cheri Sigmon
    Cybersecurity Consultant, ExecSec Inc.

    Leveraging 21 years of experience in leadership, information security and workforce development, as a Chief Information Security Officer (CISO), Office of the Secretary of Defense (OSD), Cheri secured sensitive military networks/communications/technology. The Joint Staff; USSTRATCOM Joint Task Force-Global Network Operations; Headquarters Air Combat Command; US Joint Forces Command. Retired US Air Force officer, Clemson University alum, native of York, SC.

  • speaker photo
    Cameron Michelis
    Security Program Manager, Automatic Data Processing

    Cameron Michelis is a Security Program Manager for ADP, focusing on the application of big data analytics to incident reduction and fraud prevention. Cameron has 20 years industry experience, holds a BS in Mathematics and has earned the following certifications: GSEC, GCIA, OCP and OCM.

  • speaker photo
    David Missouri
    Senior Agency Information Security Officer, SAISO, GA Department of Juvenile Justice

    David Missouri is a former federal Information System Security Officer for the Department of Labor, Wage & Hour, currently a State of Georgia Senior Agency Information Security Officer. David is the Vice President of Governance for the ISACA Atlanta chapter. He holds a Master of Science in Information Systems degree.

  • speaker photo
    Jason Lancaster
    Cloud Security Architect, CloudPassage

    Jason Lancaster is a Cloud Security Architect at CloudPassage where he helps customers implement security automation solutions in DevOps and Cloud environments. Jason has over eighteen years of experience working in information security. Previously he lead a team of researchers with Hewlett Packard Enterprise Security Research publishing research on threat actors and their tactics, techniques, and procedures. Prior to this role at HP, he spent 10 years at TippingPoint focused on network security.

  • speaker photo
    Mark Gelhardt
    AVP, Cyber Risk Remediation, US Bank/Elavon

    Mark has over 35 years of experience in providing Executive level management in the area of Information Technology and Information Security as a CIO, CSO, and a CISO. Currently Mark is the AVP, Cyber Risk Remediation and InfoSec Project Management for US Bank/Elavon.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Larry Wilson
    CISO, University of Massachusetts, President’s Office

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Larry Wilson
    CISO, University of Massachusetts, President’s Office

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    John DuMont
    Digital Forensics Investigator, Verizon RISK Team

    John DuMont is a Senior Investigative Response Consultant for the Verizon RISK Team. In this capacity, John responds to an array of cybersecurity incidents, performs forensic examinations, and assists organizations in implementing IR policies and procedures. Prior to Verizon, John worked as a defense contractor performing computer network defense.

  • speaker photo
    Troy Leach
    Chief Technology Officer, PCI Security Standards Council

    Troy Leach is the Chief Technology Officer for the PCI Security Standards Council. In his role, Mr. Leach partners with Council representatives, participating organizations and industry leaders to develop comprehensive standards and strategies to secure payment card data and the supporting infrastructure.

  • speaker photo
    M.J. Vaidya
    Principal, Advisory Services, Ernst & Young LLP

    M.J. Vaidya is a Partner/Principal in the Advisory Services
    practice of Ernst & Young (EY) LLP. He has over 20 years of
    experience including holding CISO positions at Fortune 10 and
    Fortune 200 companies. He also previously held leadership
    positions at PwC, Deloitte, and Accenture. M.J. has provided
    security and technology services in the Americas, Europe, and
    Asia. His industry experience includes financial services, life
    sciences & health care, manufacturing, entertainment & media,
    hospitality, and public sector.

    M.J. has been a speaker at multiple industry conferences
    including SecureWorld, the National Cybersecurity Awareness
    Launch, New York City Cyber Infrastructure Protection, ISACA,
    NG Security Summit, and ISSA. He was recently selected as an
    Aspen Institute Scholar and received the ATP Award for
    Enterprise Innovation. M.J. holds a Mechanical Engineering
    degree from New York University, MBA from St. John’s
    University, Harvard Business School Publishing Online
    Certification for Leadership, and retains multiple security /
    technology certifications. He is currently an adjunct professor at
    New York University where he teaches in the cyber security
    Master's degree program.
    In his role, M.J. advises clients on business driven cyber security
    including security strategy, board level education, IT risk
    management, security function transformation, governance,
    cloud security, IoT / connected product security, and security
    operations.

  • speaker photo
    Matteo Valles
    Strategic Partnership Coordinator, FBI

    Matteo Valles has been a Special Agent with the FBI for 30 years. His office of assignments have included Anchorage, AK; Boston, MA; Washington D.C.; Gulfport, MS; Vienna, Austria; Nairobi, Kenya; and now Atlanta, GA.
    While based in Nairobi, Kenya for 3 years, SA Valles was in-charge of all FBI operations in East Africa, to include Somalia, Kenya, Rwanda, and other countries.
    In addition to his day to day investigative and managerial responsibilities, he is a certified Hostage Negotiator, former SWAT Team member, and has been teaching Interview & Interrogation techniques for 25+ years.
    He is currently the Strategic Partnership Coordinator for the FBI responsible for outreach efforts with private companies throughout Georgia. His extensive and diverse experiences with the FBI around the world have positioned him to increase awareness within the private sector on matters such as Espionage, Theft of Trade Secrets, Foreign Intelligence Recruitment Efforts, the Insider Threat, Counter Proliferation, and the Active Shooter.
    Prior to joining the FBI, he earned a CPA license and worked at a Big-Four public accounting firm. He has 4 children, 3 of which are currently attending Universities in Georgia.

  • speaker photo
    Col Cedric Leighton
    CNN Military Analyst, USAF (ret.) and CEO, Cedric Leighton Associates

    Founder of a strategic risk consultancy after serving 26 years in the US Air Force, Cedric Leighton oversaw numerous critical intelligence missions throughout his career. He served at US Special Operations Command, the Joint Staff and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star.

    Currently, Cedric advises multinational businesses on cyber attacks and the management of complex global strategies to reduce risk and unpredictability.

  • speaker photo
    Joshua Horne
    Security Analysis Manager II, Cyber Threat Analysis Center (CTAC) at SecureWorks
  • speaker photo
    Ron Winward
    Security Evangelist, Radware

    Ron Winward is a Security Evangelist for Radware, where he helps execute the company’s thought leadership on today’s security threat landscape. Ron brings nearly 20 years of experience in the Internet service provider space, most recently as Director of Network Engineering for a global infrastructure and colocation provider. With an expertise in network architectures and DDoS mitigation, Ron has helped design solutions for carriers, enterprises, and cybersecurity service providers around the world.

  • speaker photo
    Tamika Bass
    Chief Information Security Officer, Georgia Department of Public Health

    Tamika Bass is an Information Security professional with extensive experience in information security. Her expertise includes assessing and mitigating risk, analyzing impacts, business continuity and disaster recovery planning. Tamika focuses on building cohesive relationships with all levels of staff, management, and suppliers.

  • speaker photo
    Ariel Siegelman
    President, DRACO GROUP

    Certified by GA POST as a firearms and Defensive Tactics instructor and by the Israeli government as an instructor of Counter Terrorism, Tactical Firearms, and Krav Maga. Operated in a Special Operations Unit in the Israeli military and is regarded as an international expert in the mitigation and response to violent confrontation, especially Active Shooter.

  • speaker photo
    Meenaxi Dave
    Information Security Instructor/Consultant, Gwinnett Technical College

    Meenaxi Dave is an experienced Information Security educator with proven success developing, delivering and evaluating IT security training programs. She holds her Masters in Computer Science from the University of Memphis and a Diploma in Cybersecurity from GTC. She also holds professional certifications in CISSP, CEH, COMPTIA Security+, Network+, and Linux+. She is on the board for the TAG and the ISSA.

  • speaker photo
    Ed Cabrera
    Chief Cybersecurity Officer, Trend Micro

    Eduardo E. Cabrera is a trusted advisor and a proven cybersecurity leader. He is responsible for analyzing emerging cybersecurity threats to develop innovative and resilient enterprise risk management strategies for Fortune 500 clients and strategic partners. Before joining Trend Micro, he was a 20-year veteran of the United States Secret Service with experience leading information security, cyber investigative, and protective programs in support of the Secret Service integrated mission of protecting the nation’s critical infrastructure and its leaders.

    He is a guest lecturer at New York University Polytechnic Institute, Computer Science and Engineering Department and was a contributing subject matter expert on law enforcement; cyber security strategy and policy; and computer forensics and network intrusion incident response for the 2014 Risk and Responsibility in a Hyperconnected World; 2012 Homeland Security Advisory
    Council Task Force on Cyber Skills Report; and 2012 Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector. He is a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Auditor (CISA).

  • speaker photo
    Jaeson Schultz
    Technical Leader, Cisco Talos

    Jaeson Schultz is a Technical Leader for Cisco Talos Security Intelligence & Research Group. Cisco's
    Talos Group is dedicated to advancing the state-of-the-art of threat defense and enhancing the value of
    Cisco's security products. Jaeson has over 20 years’ experience in Information Security.

  • speaker photo
    Phillip Mahan
    VP, ASDFED

    Phillip Mahan has 20+ years working in the Information Technology and Data Protection fields that has led him to his position as Director for the Global Privacy Office of Ionic Security. Phillip has presented Security training for over a decade, and no one has fallen asleep while he was talking.

  • speaker photo
    Phillip Mahan
    VP, ASDFED

    Phillip Mahan has 20+ years working in the Information Technology and Data Protection fields that has led him to his position as Director for the Global Privacy Office of Ionic Security. Phillip has presented Security training for over a decade, and no one has fallen asleep while he was talking.

  • speaker photo
    John Waid
    Founder & CEO, American Club, U.S. Chamber of Commerce

    John Waid is the Founder & CEO of C3-Corporate Culture Consulting. C3 believes that in companies it's all about people and how they behave. Culture is the driving force behind this. Security is a systemic issue and needs an approach that focuses on people's daily behaviors to solve this.

  • speaker photo
    David Barton
    Managing Director, UHY Advisors

    David Barton is a Managing Director with UHY Advisors and practice leader of the Internal Audit, Risk, and Compliance practice, which provides consulting and audit services around information technology controls, cybersecurity, and compliance. He has over 25 years of practical experience in information systems and technology risk and controls.
    David is frequently asked to speak at national and regional events, such as SecureWorld and the Cloud Security Alliance Congress. He is the primary author of the CSA position paper on AICPA Service Organization Control Reports. He regularly provides his input and opinions for national publications such as Compliance Week, Accounting Today, and the Atlanta Journal Constitution.
    David holds an MBA and BS in Business Administration from Appalachian State University. He is Certified in Risk and Information Systems Control (CRISC), received the Certified Information Systems Auditor (CISA) designation in 1987, and is a member of the Atlanta chapter of the Cloud Security Alliance. David has active civic memberships with the Atlanta chapter of the Porsche Club of America and the Tire Rack Street Survival® program for teen driver education. He is also a certified high-performance driving instructor and former Porsche Club racer.

  • speaker photo
    Kim Jackson
    Director, Business Resiliency, Automatic Data Processing

    Kim Jackson is a certified business resiliency professional with over 20 years of experience in incident management, disaster recovery, and business continuity, with a specialization in program development. Kim has successfully created programs for several major banking entity's, as well as large insurance and financial firms to ensure the viability of the organization during an event. Kim currently is the Director of Business Resiliency with ADP, where she continues to drive overall resiliency and incident management for the organization. Kim holds a Bachelor of Arts, and MBA in Economics, and is an avid runner.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store