Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, May 30, 2018
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Topic: IOT in the Business Environment: Security & Privacy Pitfalls
    speaker photo
    CEO, The Privacy Professor, President, SIMBUS, LLC
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: 119
    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 101

    The University of Massachusetts has developed a 4.5 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor – Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    8:00 am
    SecureWorld PLUS Part 1 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Director of Security Operations, Massachusetts Advanced Secure Technologies
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 111

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    8:00 am
    SecureWorld PLUS Part 1 - Cyber Crimes, Threat Intelligence, and the Dark Web – Hands-On Workshop
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 110

    This practical workshop will reveal the secrets of the dark-web and cybercriminals. Attendees will acquire knowledge, skills and tools to search the dark-web and analyze cyber threat intelligence. Additionally, attendees will explore how to leverage cyber intelligence on the web to proactively approach complex processes as due diligence and litigation.

    8:30 am
    Keep Containers Afloat
    • session level icon
    How to Support Rapidly Evolving Engineering Efforts (on top of containers) by Wrapping Security Around It
    speaker photo
    Head of Application Security, NCR Corporation
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 113

    Containerized solutions are known for decades, but only recently they became part of the DevOps hype. Since the containers are minimalistic, there is a perception that they tend to be more secure than other virtualized solutions. However, by modifying common exploits on pre-container generation infrastructure, these attacks can be more disruptive on orchestrated containerized solutions. The key factors that affect the sturdiness of a system are the speed of DevOps CI/CD pipelines, the challenge for security teams to automate everything, and reusing old infrastructure concepts on software defined networks (SDN), such as container orchestrations. This talk is going to shed light on the defensive mechanisms that need to be considered when deploying containerized solutions, and will demonstrate effective attacks against them.

    8:30 am
    Companies are Beginning To Protect Their Crown Jewels, Not Just Doing What They’re Told to Do!
    • session level icon
    speaker photo
    Partner & Cybersecurity Practice Leader, Kilpatrick Townsend
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 117

    We just released our second study with the Ponemon Institute on the Cybersecurity Risk to Knowledge Assets, which shows dramatic increases in threats and awareness of threats to “crown jewels” or “knowledge assets” among the more than 600 study participants, as well as dramatic improvements in addressing those threats by the highest performing organizations. It is rich in findings that will help CISOs and counsel with benchmarking, internal advocacy and addressing gaps. This presentation focuses on the practical guidance for successful advocacy and action toward securing knowledge assets that participants need to bring back to their companies
    1: Learn to expand organizational focus to meet new cyberthreats.
    2: Understand how to identify your knowledge assets and defend them.
    3: Anticipate new related regulatory challenges that can help you.

    8:30 am
    The White House - Information Technology and Communication Support to the President
    • session level icon
    speaker photo
    VP Technology Governance, US Bank/Elavon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Ballroom C

    Colonel Mark Gelhardt, former Commander (CIO/CISO), Data Systems Unit, at the White House during President Clinton’s administration, will provide a rare insight to the inner working of the White House. Col Gelhardt will talk about how the military supports the Commander-in-Chief with Technology and Communications. He will talk about the last link of communications between the National Command Authority and the President – how to keep it secure from Cyber Threat. Col Gelhardt used highly classified technology that has finally made it out to the market in today’s world. He will talk about some of this technology that we use today made it from Top Secret to every day use in today’s world.

    8:30 am
    Security Awareness Progams: Structured, Measured, Better
    • session level icon
    speaker photo
    Chapter Member, (ISC)2
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 115
    Hackers, scammers, and fraudsters are costing businesses billions of dollars each year. At the same time, security budgets continue to grow. We have seen that technology alone will not fix this problem. As users are on the front line of the cyberwar, they need to be better leveraged as part of our security programs.

    Awareness programs that are ad-hoc, reactionary, and unstructured are insufficient to address the threats facing our users. To be effective, these programs must be well thought out and managed in a methodical way. Driving substantial improvements in awareness programs require that risks be articulated, objectives documented, tasks crafted and executed, and measures taken. Only by building comprehensive programs will we instill the desired behaviors in our users.

    This presentation will review the prevailing trends in corporate awareness efforts, articulate areas for improvement, propose a new model, and discuss methods to build out such a program.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: IoT and Smart Home Security Trends: Reducing the Fear Factor
    • session level icon
    speaker photo
    CISO, iRobot Corporation
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    This presentation will provide an overview of the trends in IoT and Smart Home technology. Understanding the growing number of connected products in homes, what does it means for consumers to evaluate risks vs. benefits? At the same time, this presentation will also educate the security industry on how to promote consumerization and reduce the fear factor. Finally, we will also look at the responsibilities of product companies towards the consumers.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:15 am
    The Darkweb, Cyber Crimes and Cyber Intelligence
    • session level icon
    speaker photo
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Ballroom D

    In this presentation we will learn about trends in cyber fraud tactics and attacks, how dark web markets and forums fuel cyber crime, and how they can be investigated for threat intelligence. In addition, we will learn how cyber criminals utilize digital currencies, and how these transactions can intersect with the formal financial sector. In addition we will discuss cyber awareness and cyber literacy as well as an introduction to Cyber Intelligence.

    11:15 am
    Duo — Past the Perimeter: Earned Access Through a Zero-Trust Model
    • session level icon
    speaker photo
    Customer Advocacy, Duo Security
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 117

    Users whose digital lives are increasingly mobile don’t want to be tied to their desks, and an effective security strategy must be flexible enough to protect access from boardrooms and bars, cubicles and coffee shops alike. To do this, companies must ensure that users and their devices meet the same security controls, whether they’re outside or inside the network perimeter.

    Duo adopted the “zero-trust network” model to solve this challenge. All networks and devices are treated as untrusted until proven otherwise, and their health is checked each time a user connects to a protected resource. This approach depends on visibility into whether basic device and network security standards are met. It also requires the ability to enforce granular policy controls based on the results of that health check.

    The perimeter is disappearing, and it’s not coming back… find out how you can get a head start on what’s next.

    11:15 am
    Securing the ‘Weakest Link’ – Helping Users Become Part of the Security Team
    • session level icon
    speaker photo
    Principal, CISO/CIO Services, Rausch Advisory
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 115
    Humans are famously the ‘weakest link’ in the chain when it comes to security. No matter how strong your security program is, your entire efforts and investment can be neutralized by one simple click or a clever social engineer. User awareness is a critical component of any complete security program.

    Recruiting users into an active protection role – essentially bringing them onto the security team – can magnify your security program. In this session, we’ll explore real-world cases and examples of security education and awareness programs, along with ideas to help you help your users avoid becoming… ‘The Weakest Link’!

    11:15 am
    The Enemy Within: Insider Threats and the Impact to Critical Infrastructure
    • session level icon
    speaker photo
    Senior Fellow, Center for Cyber and Homeland Security, The George Washington University
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Ballroom C

    A careless or malicious insider can destroy an enterprise. Optimizing a cybersecurity insider threat program and integrating it into the enterprise risk management strategy can increase security resilience and provide early warning to threats. What security and contingency policies should you consider that are right for you? Examine how to assess your existing risk profile and how to design, plan, and build a successful insider risk program. Participants will learn what critical infrastructure sectors are doing to combat the threat and discuss how to build an effective strategy along with technology solutions that may aid security programs.

    11:15 am
    Comodo: SSL Certificates & Phishing Threats
    • session level icon
    speaker photo
    VP, Threat Labs, Comodo Cybersecurity
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 113

    Cyber criminals are taking advantage of cheap, low-cost methods to acquire valid SSL certificates for phishing sites. SSL certificate is one of the basic elements on world wide web security aspect. Operators of websites deploy SSL on their systems so that the data transferred between the browser of end user and the server are sent over a secure connection. Certificate authorities issue SSL certificates to show the holder is a legitimate owner of the site. Web browsers typically display a padlock sign to indicate the site has a valid certificate.

    Yet, when the procedure becomes cheap and easy enough for the criminally minded to obtain SSL certificates for their malicious sites, users face a risk of losing the methods for identifying trusted sites from phishing targets. Users have been trained to look for the padlock in their browser or for HTTPS in the domain before submitting sensitive information to websites, such as passwords and credit card numbers, but that becomes irrelevant when the site operators cannot be trusted.

    Statistics show that phishing websites having a valid SSL certificate grow every day, which poses a greater risk to consumers as well as enterprises with a potential to send sensitive data to criminal servers. The trusted sites lock icon hides more risk today than it creates a sense of trust for the user. Especially Domain Validation (DV) certificate types are being utilized since the process to get these certificates are easy and do not need any additional cost now. The mobile users are especially susceptible to such phishing attacks  as the screen layout of mobile browsers usually display only the certificate owner name or a portion of the url with a green lock, which still creates a false perception at user side.

    12:00 pm
    Advisory Council LUNCH Round Table - (VIP / Invite Only)
    • session level icon
    Topic: Risk Management
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 119
    12:15 pm
    LUNCH KEYNOTE: Prevent Nightmares in the IoT
    • session level icon
    speaker photo
    CEO, The Privacy Professor, President, SIMBUS, LLC
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    1:15 pm
    Panel: What Will They Think of Next (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    It would seem the more we “build a better mousetrap” the better the threats become. Will machine learning and AI be used against us in the future? Will these and other innovations be hacked and used for gain? Will the Crime as a Business platform take off where business competitors are utilizing these attacks for the upper hand? Perhaps the cars that are being hacked will evolve into driverless vehicles that are hacking companies from inside there own parking lots. What about drones?

    So many questions, let’s see what our experts say on this panel.
    Panelists:
    Steve Velazquez, Bitdefender
    Luis Guzman, Securonix
    Steve Shalita, Pluribus Networks
    Tim Hill, Centrify
    Moderator: Larry Wilson

     

    1:15 pm
    Panel: Phishing and Social Engineering Scams 2.0
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Ballroom C

    Phishing continues to be the #1 attack vector for the bad guys. Why? Simply put: it works. These attacks keep getting more realistic and sophisticated. In the future we should expect nothing less. Criminals will do more homework on their potential victims and possible pose as business leads or clients to gain our trust. What sales person doesn’t want email from a potential client who wants a new solution? Or they may just lay in wait until they’ve collected enough information to strike. Will they actually come to your business and drop thumb drives like pen testers do? Use drones to do their dirty work?

    Our experts will discuss the current state of affairs and brainstorm possible new scenarios.
    Panelists:
    Zoe Lindsey, D
    Scott Bruce, GuidePoint Security
    Hugh Walton, Bomgar
    Faith Orhan, Comodo
    Moderator: Gene Kingsley

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:15 pm
    (ISC)2 Meeting and Guest Presentation - Open to all Attendees
    • session level icon
    Presenting: Cloud 101: What You Need to Know About the Cloud
    speaker photo
    President, Atlanta Chapter of (ISC)2
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Ballroom D

    Interested in your local associations? Join (ISC)2 for a chapter meeting and guest presentation. This session is open to all attendees.

    3:00 pm
    ISSA Chapter Meeting Joined by TAG & IAM Workshop Series Meetup Group (Open to all Attendees)
    • session level icon
    Presenting: Business Language for Cybersecurity with the COSO Enterprise Risk Framework
    speaker photo
    Director, Information Security / CISO, Mandarin Oriental Hotel Group
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: Keynote Theater

    Interested in your local associations? Join ISSA for a social meet & greet and chapter news.
    Presenting: The COSO Enterprise Risk Management Framework was updated in June, 2017. This new version offers a methodology that can be applied to managing cybersecurity risks. It is also an effective way to present and communicate business risks to senior executives. This presentation will cover the key concepts and principles of the COSO framework using realistic examples to show how cybersecurity can follow a true risk based strategy without sacrificing necessary compliance requirements.

    3:00 pm
    Executive Leadership: “Getting Them on the Bus”
    • session level icon
    speaker photo
    CISO, Georgia Department of Public Health
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Ballroom C

    As cybersecurity professionals, many of us have the challenge of helping executive leadership understand all the aspects and changes we manage daily. This session provides key strategies for getting executives on board and fulfilling their roles as sponsors.

    3:00 pm
    Not a GDPR Presentation!
    • session level icon
    speaker photo
    Director, Cloud Security Alliance Atlanta
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 117

    There is more to life in Data Protection than GDPR. Although the deadline is closing in, you are probably suffering from GDPR fatigue. This presentation will give you a look at other issues in Data Protection from our past and in our future, ranging from Keeping Users from doing the unthinkable, to rules for making rules. All in all, won’t it be nice to think about something else for 50 minutes?

    3:00 pm
    When the “IT” Hits the Fan, Stick to the Plan: Incident Response Plan Management
    • session level icon
    speaker photo
    Cyber Team Lead / Incident Coordinator, Aramco Services
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 115

    Incident Response is a critical process for any organization. The effectiveness of the incident response plan can determine whether or not an organization can sustain and recover from a cyber attack. As with any process within the organization, the incident response plan needs continuous testing and review to ensure it remains effective for the organization.

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 101

    The University of Massachusetts has developed a 4.5 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor – Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    3:00 pm
    SecureWorld PLUS Part 2 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director of Security Operations, Massachusetts Advanced Secure Technologies
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 111

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    3:00 pm
    SecureWorld PLUS Part 2 - Cyber Crimes, Threat Intelligence, and the Dark Web – Hands-On Workshop
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 110

    This practical workshop will reveal the secrets of the dark-web and cybercriminals. Attendees will acquire knowledge, skills and tools to search the dark-web and analyze cyber threat intelligence. Additionally, attendees will explore how to leverage cyber intelligence on the web to proactively approach complex processes as due diligence and litigation.

    4:00 pm
    Happy Hour Reception
    • session level icon
    Join ISSA, TAG, and IAM Workshop Series Meetup Group for networking, refreshments, and Fireside Chat
    Registration Level:
    • session level iconOpen Sessions
    4:00 pm - 7:30 pm
    Location / Room: Keynote Theater

    3:30 – 4:00 – Registration
    4:15 – 6:00 – Networking and Book Signing
    6:00 – 7:15 – Fireside Chat with Pete Chronis – Moderated by Ed Pascua
    7:15 – 8:00 – Dessert / Networking

  • Thursday, May 31, 2018
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 101

    The University of Massachusetts has developed a 4.5 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor – Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    8:00 am
    SecureWorld PLUS Part 3 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director of Security Operations, Massachusetts Advanced Secure Technologies
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 111

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    8:00 am
    SecureWorld PLUS Part 3 - Cyber Crimes, Threat Intelligence, and the Dark Web – Hands-On Workshop
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 110

    This practical workshop will reveal the secrets of the dark-web and cybercriminals. Attendees will acquire knowledge, skills and tools to search the dark-web and analyze cyber threat intelligence. Additionally, attendees will explore how to leverage cyber intelligence on the web to proactively approach complex processes as due diligence and litigation.

    8:15 am
    InfraGard Meeting: Light Breakfast and Guest Presentation - Open to all Attendees
    • session level icon
    Presenting: Cyber Risk Management in High Definition
    speaker photo
    Director and Market Leader, PwC
    speaker photo
    Special Agent, FBI
    Registration Level:
    • session level iconOpen Sessions
    8:15 am - 9:00 am
    Location / Room: Keynote Theater

    Interested in your local associations? Join InfraGard for a chapter meeting, light breakfast and guest presentation. This session is open to all attendees.
    Guest Presentation:
    How can global business leaders improve cyber and privacy risk management? The key findings of the Global State of Information Security® Survey 2018—based on responses of 9,500 executives in 122 countries and more than 75 industries—provide valuable lessons for companies worldwide. Joins us and also learn about the new InfraGard Atlanta and what’s in store for the next 2 years as part of the 2020 strategy.

     

    8:30 am
    Building Mental Models for Cyber Success
    • session level icon
    speaker photo
    Director, Information Security, Fluor
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 115

    Using mental models can help us succeed in any area of life and can help us make intelligent, efficient and practical decisions when it comes to cyber security. Each area of an organization’s information security program can be enhanced by building and leveraging mental models specifically for their teams’ own unique needs. This presentation will look at building mental models aligned with the Top 20 Critical Security Controls, though the principals discussed can be applied to any existing framework.

    8:30 am
    Horizontal Cyber Risk Landscape: Managing Third Party Supplier Cyber Risk With Enterprise Risk Manage
    • session level icon
    speaker photo
    CxO - Deputy CIO , Nicke Consulting Group
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 117

    Studies show Third Party Suppliers account for 49%, nearly half, of reported data breaches. The contracting company in most instances owns the risk its third parties and IoT ecosystem bring to their operation. Given this new approach to supplier risk management is needed to protect an enterprise’s critical information.

    8:30 am
    AI and Blockchain: The Latest Development in the Debate of Innovation vs. Security
    • session level icon
    speaker photo
    Attorney, Baker Donelson
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Ballroom C

    The unprecedented speed of innovation is a hallmark of the 21st century. How do we wrap our heads around its long term consequences. Artificial intelligence and block chain technology are the latest technological developments that will rapidly change our world. Are we carefully considering the long term consequences of these technologies on our security. What do we need to be considering so that we strike the right balance between innovation and security.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Leveraging SDN Technology to Improve Enterprise Security
    • session level icon
    speaker photo
    Vice President, Marketing and Business Development, Pluribus Networks
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    With increasing numbers of high profile breaches, focusing on securing the perimeter is no longer sufficient. New traffic types and the proliferation of diverse end-points along with increased mobility and wireless access fuels a dramatic increase in untrusted traffic entering the network. In addition, the growth of multi-cloud environments and cloud services requiring access to Enterprise resources pose additional challenges. As mixed-use networks continue to grow and Internet of Things (IoT) traffic is introduced to the network, security organizations need a more dynamic approach to secure the increases of unsecure and untrusted traffic.

    Imagine being able to build a simple, automated and secure network overlay that empowers the enterprise with cloud-scale, elasticity and adaptability and enables independence from network operations. This session will discuss the evolution of SDN technologies and explore how to leverage a dynamic SDN architecture to enable dynamic traffic segmentation, distributed policy enforcement, shared security services and increased operational intelligence to reduce risk, contain infiltrations and prevent attack proliferation.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: Third Party Vendor / Supplier Security Management
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 119
    11:15 am
    Cyber Threats – Risks and Opportunities
    • session level icon
    speaker photo
    Professor, IT / Captain, US Navy (Ret), Mercer University
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Ballroom C

    Review of the most current cyber threats with mitigation suggestions.

    11:15 am
    Information Security Plans
    • session level icon
    speaker photo
    Counsel, Elkins PLC, ; Associate Fellow, Kings College, U. of London; non-resident Senior Fellow, Middle East Institute, Washington, D.C.
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 113

    The presentation examines the need for policies, objectives, controls, processes and procedures to help companies manage the risk, threats, and vulnerabilities that can cause loss as a result of a cyber breach or loss of confidential/proprietary information. It examines organizational responsibilities, key steps in forging and executing an Information Security Plan, and what you can do to better protect yourself from loss.

    11:15 am
    A Comprehensive Framework for Securing Open Source Software
    • session level icon
    speaker photo
    Director, Technology Security, AT&T
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 115
    We all understand the benefits of using open source software, but are not necessarily comfortable relying solely on the meritocracy of open source communities to keep that software secure. This talk will establish a framework for securing both the consumption and contribution of open source code. Within the context of the framework we will explore long standing software security techniques and newly emerging technologies and solutions.

     

    11:15 am
    GDPR Ignites a Clash of Cultures
    • session level icon
    speaker photo
    Partner, Womble Bond Dickinson
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Ballroom D

    We are on the verge of meaningful cultural battles that will change our technology consumption. Enforcement of the EU’s GDPR will spark fights not only between privacy and analytics, but consumerism vs. spiritualism, openness vs. safety, law enforcement vs. personal security, governments vs. corporations. Individuals and U.S. companies will bear the most pain and disruption as these forces tear each other apart. No one can remain safe on the sidelines.

    11:15 am
    Centrify: Cyber Offense Redefined
    • session level icon
    speaker photo
    Director, Product Management & Strategy, Centrify Corp
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 117

    81% of hacking-related breaches leverage either stolen, default, or weak passwords. As a result, organizations need to realize that any network, device, user, or application could be compromised. To better protect sensitive resources and data, IT security professionals need to adjust their mindset and adopt a new way of thinking: “Never trust, always verify”.

    Join us to hear why the path towards Zero Trust Security starts with
    Next-Gen Access. In this session we’ll examine:

    • The current (broken) state of security and the role identity plays in
      cyber-attacks
    • The massive rethinking underway that redefines security to follow identity
    • What you can do today to adopt a Zero Trust model and reduce risk through the power of Next-Gen Access

     

    12:00 pm
    Advisory Council LUNCH Roundtable - (VIP / Invite ONLY)
    • session level icon
    Topic: Security Policy Creation and Implementation
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 119
    12:15 pm
    LUNCH KEYNOTE: The Evolving Role of CISOs and Their Importance to the Business
    • session level icon
    speaker photo
    Chairman and Founder, Ponemon Institute
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    What is a CISO and what do they do? As the leader of cyber defense for an organization, the CISO is rapidly becoming indispensable for an organization’s survival. This presentation is based on interviews with senior level IT professionals at 184 companies in seven countries. The goal of the research is to better understand how CISOs work, what their concerns are, and how they are improving their effectiveness in managing risks to the enterprise.

    1:15 pm
    Panel: Stopping the Attacks (Incident Response)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Security teams are struggling to keep up with the myriad of attack vectors that exist. Future InfoSec professionals will take a more adversarial approach to incident response. Will we have artificial intelligence helping threat hunters squash attacks before they can do any significant damage on the network while alerting the authorities in real time? Can a true partnership form between organizations and law enforcement to share information?

    Join our experts as they discuss challenges modern security teams face and how we can build a better plan for tomorrow.
    Panelists:
    Jorge Alago, Veristor
    Isaac O’Connell, Code42
    Chris Stoneking, RedSeal
    Tim Rolston, Aruba
    Moderator: Kelvin Arcelay

    1:15 pm
    Panel: Extortion as-a-Service? Ransomware and Beyond
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Ballroom C

    Remember when ransomware just seized up your computer and wanted you to send Bitcoin to unlock it? With advances in cybercrime, the thieves are not only locking and encrypting your files, but they are also finding your dirty little secrets. You may not pay for the run of the mill files you have backed up, but you might be more inclined to pay even more to make sure no one finds out about you and a certain someone in accounting you are messaging. Or, what about all the credit card numbers you aren’t storing correctly? It would be a shame if your boss knew you were sending out resumes…. Will these attacks also be available for purchase on the Dark Web?

    Join the discussion with our experts and come up with a plan to mitigate this problem.
    Panelists:
    Lynn Goodendorf, Mandarin Oriental Hotel Group
    Tamika Bass, Georgia Dept. of Public Health
    Nicole Keaton Hart, Nicke Consulting Group
    Moderator: Thomas Dager

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    ASDFED Chapter Meeting and Guest Presentation - Open to All Attendees
    • session level icon
    Presenting: Conducting Internal Investigations
    speaker photo
    Director, The American Society of Digital Forensics & eDiscovery (ASDFED)
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 117

    Join ASDFED for a chapter meeting and guest presentation.
    Presentation Details:
    You’re requested to conduct an internal investigation by a C level executive and now what? A hard drive contains a complex array of data. Where should you look to discover the who, what, when, where, why, how, what else and what other? What tools are needed to extract information efficiently? How fast can you make sense of what’s happening? This presentation provides a framework to answer those questions and many more.

    3:00 pm
    Privacy Impact Assessments and Emerging Technologies
    • session level icon
    speaker photo
    Partner, Alston & Bird LLP
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 115
    Privacy laws and regulations continue to evolve rapidly in the U.S. at the federal and state levels. Combined with the European Union GDPR, these emerging standards underline the need for businesses to manage data as a regulated asset. The risks are heightened when developing or implementing emerging technologies, such as artificial intelligence, blockchain and biometric technologies. A key part of governance, both to reduce risk and to enable new innovations, is to perform impact assessments when implementing new technologies into the business, and as part of any new product development or innovation operations. This presentation will focus on privacy regulatory issues associated with emerging technologies, trends in structuring impact assessments, approaches to and objectives of PIAs, and ways in which to integrate PIA processes into the business.
    3:00 pm
    Cyber Risk in the Supply Chain: Where Is Your Weakest Link?
    • session level icon
    speaker photo
    Managing Director, UHY Advisors
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 113

    Every organization has a supply chain, and many don’t know which members are the weakest link in the chain. Cybersecurity is no longer limited to what you do within your own organization. Many of the largest breaches in recent history have been the result of inadequate security with vendors and other members of the supply chain. This session will provide you with the risks and some possible remedies for how your organization can better manage the organizations that make up your supply chain and other business partners.

Exhibitors
  • ACP Atlanta
    Booth: 206

    The Atlanta Chapter was formed in August of 2006. It includes Continuity Professionals from all areas of the Business Community and the Public Sector. As ACP’s local presence in the Atlanta metro region, our chapter embraces and seeks to promote the mission and goals of the parent organization. Being a member of the Atlanta Chapter of ACP brings many benefits:
    • The opportunity to network with experience individuals who often have addressed some of the same challenges you face in your organization.
    • The opportunity to hear real examples of solutions that have been implemented in other organizations.
    • The opportunity to network for career opportunities.

  • Arctic Wolf
    Booth: 228

    Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. AWN CyberSOC is anchored by Concierge Security Engineers and includes 24×7 monitoring, custom alerting and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required.

  • ARMA Atlanta
    Booth: TBD

    ARMA International is a not-for-profit organization representing the RIM profession. Its primary purpose is the advancement of the profession and the professional through advocacy, education and professional development.

    ARMA International members include records and information managers, MIS and ADP professionals, imaging specialists, archivists, hospital administrators, legal administrators, librarians, corporate counsel, compliance professionals, and educators. ARMA, its chapters, and its members are dedicated to helping individuals, organizations, and government agencies successfully meet the challenges of the increasingly complex records and information management field.

  • Aruba
    Booth: 300

    Aruba, a Hewlett Packard Enterprise company (NYSE:HPE), introduces Aruba 360 Secure Fabric, an enterprise security framework that gives security and networking teams an integrated, more comprehensive way to gain visibility and control of their networks. It provides a quick way to respond to cyberattacks across multivendor infrastructures, with support for hundreds to thousands of users and devices. It’s the only solution that combines a complete campus, branch, and cloud-connected network infrastructure with built-in security, along with secure network access control and advanced threat detection and response – for any network.

    To learn more, visit Aruba 360 Secure Fabric at http://www.arubanetworks.com/solutions/security/ . For real-time news updates follow Aruba on Twitter and Facebook, and for the latest technical discussions on mobility and Aruba products visit Airheads Social at http://community.arubanetworks.com.

  • Bay Pay Forum
    Booth: TBD

    The BayPay Forum, a Silicon Valley-based international network composed of over 14,000 payment and commerce executives, entrepreneurs and investors from thousands of different companies, serves as a forum to connect members in identifying and understanding the emerging trends and innovations in the industry.

  • Binary Defense Systems
    Booth: 322

    BDS is a company that works with you to understand your environment, what you have and building defenses to combat what we face today and for the attacks of tomorrow. Technology is continuously changing, businesses change every day – in order to keep up with the changes, BDS has created an extensively flexible yet highly accurate way of detecting attackers. We are attackers, and we know the best ways in detecting how attackers breach your network. An added bonus with BDS – continual penetration tests are performed regularly to enhance and develop additional safeguards. We are here to defend, protect and secure your company.

  • Bitdefender
    Booth: 326

    Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.

    From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.

  • BOMGAR
    Booth: 238

    Bomgar offers the most secure remote access and support technology on the planet. Each encrypted connection is outbound, so you can connect without VPN or firewall changes. You can leverage Active Directory and LDAPS to manage authentication, require multi-factor authentication, define more than 50 permissions for technicians and privileged users, and capture a detailed audit log of every remote connection.

  • Cambridge Computer
    Booth: 228

    Over the last 25+ years, Cambridge Computer has evolved a business model that provides a unique value proposition for technical leaders and decision makers, allowing us to prioritize your technical and business objectives.

    Our business is a broker-agent model. We provide resources, ideas, and expertise in innovative ways when our clients are evaluating technical direction, vetting products and technologies, and purchasing hardware, software, subscriptions, and professional services. Our team consists of industry analysts, technologists, hands-on consultants, and entrepreneurs, who all continually invest in building relationships with industry players and learning technologies and products, so you can treat us as an extension of your IT team.

  • Centrify
    Booth: 314

    Centrify provides unified identity management across data center, cloud and mobile environments. Centrify software and cloud-based Identity-as-a-Service (IDaaS) solutions leverage an organization’s existing identity infrastructure to enable single sign-on, multi-factor authentication, privileged identity management, auditing for compliance and mobile device management.
    Centrify customers can typically reduce their total cost of identity management and compliance by more than 50 percent.

  • CIOReview
    Booth: TBD

    CIOReview is a technology magazine that talks about the enterprise solutions that can redefine the business goals of enterprises tomorrow. It is the leading source that shares innovative enterprise solutions developed by established solutions providers, upcoming hot enterprises and is a neutral source for technology decision makers. Published from Fremont, California, CIOReview is an excellent platform for the enterprise to showcase their innovative solutions.

  • Code42
    Booth: 310

    Code42 is the leader in information security. We secure more than 50,000 organizations worldwide, including the most recognized brands in business and education. Because Code42 can secure every version of every file, we offer security, legal and IT teams total visibility and recovery of data–wherever it lives and moves.

  • Comodo Cybersecurity
    Booth: 234

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • DHG
    Booth: 304

    Headquartered in Charlotte, NC, DHG ranks among the top 20 public accounting firms in the nation. With more than 2,000 professionals in 13 states, we combine deep experience with a strong commitment to personal service. We are passionate about helping our clients succeed—and we do so through a resourceful approach to solving problems, providing solutions and helping our clients achieve their goals.

    Dedicated client focus and relationships have been and always will be our touchstone. Here at DHG, you’ll receive personalized service provided by a team of professionals who are eager to share their knowledge and experience with you. We draw on our extensive resources to combine comprehensive assurance, tax and advisory services.

  • Duo
    Booth: 318

    Duo was founded with the belief that security can only be effective if it is easy to use. Through that vision, Duo has built a world-class security platform that is actually enjoyable to use. Duo supports thousands of customers and millions of users in organizations like Accenture, Boston Medical, Emblem Health, Facebook, Toyota, Twitter, Virginia Tech, Yelp and others, and enjoys the highest NPS score in the industry.

  • EC-Council
    Booth: 232

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Endgame
    Booth: 324

    Organizations spent $75 billon on security last year, yet they still face breaches at an alarming rate. Endgame exists to transform that paradigm and not accept breaches as the status quo.

    To solve these challenges, we can’t apply the same people, processes and technology and expect different results.

    We bring to bear the best across enterprise tech, security domain expertise, data science, user experience, and academia to challenge the industry-standard of what makes a good security product.

    That’s what we’re doing everyday at Endgame.

  • Global Cyber Alliance
    Booth: TBD

    The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

  • GuidePoint Security LLC
    Booth: 216

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

  • InfraGard
    Booth: 230

    InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of individuals, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.

    The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.

  • iRobot
    Booth: 200

    iRobot, the leading global consumer robot company, designs and builds robots that empower people to do more both inside and outside of the home. iRobot’s products, including the award-winning Roomba® Vacuuming Robot and the Braava® family of mopping robots, have been welcomed into millions of homes around the world and are hard at work every day helping people to get more done.

  • ISACA
    Booth: 202

    As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

  • (ISC)2 Atlanta
    Booth: 330

    (ISC)² Atlanta chapter encompasses the Atlanta Metro area. Our chapter program provides members a forum to facilitate the exchange of knowledge and ideas, development of leadership and professional skills, and advancement of information systems security. We also provide our members with access to a variety of industry resource and educational programs to keep our members informed of the latest advances in technology and techniques.

    Our mission is to advance information security in local communities throughout Atlanta, Georgia, by providing our members and other security professionals with the opportunity to share knowledge, grow professionally, educate others, and collaborate on projects. ​

  • ISSA Metro Atlanta Chapter
    Booth: 208

    The ISSA Metro Atlanta chapter has developed over the years into one of the largest ISSA chapters worldwide and the largest IT Security organization in the Metro Atlanta area. The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.

  • Ixia, a Keysight Business
    Booth: 226

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Mission Critical
    Booth: 222

    Mission Critical Systems is an information technology security reseller and integrator focused only on security solutions. We have been providing top quality security products and consulting services throughout the Southeast United States and Caribbean since 1997.

    Our mission is to provide best-in-breed data and network security products and expert services that will reduce our client’s exposure to information theft and destruction. We advocate a comprehensive approach to information security—evaluating all aspects of an organization’s vulnerabilities from internal compromises to external threat. We can provide your organization with the tools, controls and training to secure your infrastructure. Our sales and engineering professionals will work with you to design and implement strategies to address your complex information security challenges.

    Mission Critical Systems is a Woman Owned Business and Equal Opportunity Employer.

  • Okta
    Booth: 210

    Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

  • Pluribus Networks
    Booth: 218

    Pluribus Networks delivers a programmable software-defined security fabric with a distributed architecture to integrate and orchestrate multiple security functionalities for internal security protections. The Fabric enables establishing a transparent and secure control layer to segment and control all traffic across the enterprise independent of the underlying physical network infrastructure. The Fabric enables network virtualization and segmentation with adaptive security policies, enables security service insertion and provides real-time visibility to identify emerging threats and speed cyber incident response.

  • RedSeal
    Booth: 316

    At RedSeal, our vision is to become the essential analytics and decision-making platform for building digitally resilient organizations people can trust. We do this by becoming the measure by which every organization can quantify its digital resilience. As thought leaders on resilience, we envision every organization starting the security discussion with the question “What’s our Digital Resilience Score?” Founded in 2004, RedSeal is headquartered in Sunnyvale, California.

  • Rook
    Booth: 220

    Rook Security provides 24/7 Managed Detection and Response to prevent incidents from impacting business operations. We unite the brightest minds in digital defense with the most advanced, rapid-to-deploy technology to protect your organization. As a managed service, there is no need to worry about configuring, monitoring, or managing technology – our team does the hard part for you.

  • Securonix
    Booth: 328

    Securonix is redefining the next generation of cyber-threat detection using the power of machine learning and big data. Our purpose-built security analytics platform uses machine learning to track and create baselines of user, account, and system behavior and detects the most advanced insider threats, cyber threats, and fraud activities in real time. Built on a Hadoop platform, the Securonix solution provides an open platform with unlimited scalability. Securonix provides incident orchestration capabilities with playbooks that enable automated incident response. Globally, customers use Securonix to address their insider threat, cyber threat, cloud security, fraud, and application security monitoring requirements. Visit www.securonix.com.

  • SSH Communications Security
    Booth: 236

    As the inventor of the SSH protocol, we have a twenty-year history of leading the market in developing advanced security solutions that enable, monitor, and manage encrypted networks. Over 3,000 customers across the globe trust the company’s encryption, access control and encrypted channel monitoring solutions to meet complex compliance requirements, improve their security posture and save on operational costs. SSH Communications Security is headquartered in Helsinki and has offices in the Americas, Europe and Asia. The company’s shares (SSH1V) are quoted on the NASDAQ OMX Helsinki. For more information, visit www.ssh.com

  • TAG
    Booth: 204

    It’s a new world for tech, and the Technology Association of Georgia (TAG) has emerged as a world-class membership organization and an engine for economic development for the state of Georgia. TAG’s mission is to educate, promote, influence and unite Georgia’s technology community to foster an innovative and connected marketplace that stimulates and enhances Georgia’s tech-based economy.

    TAG TODAY:
    35,000+ Members
    2,000+ Member Companies
    200+ Events per year
    33 Societies

  • TechTarget
    Booth: TBD

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • TrustedSec
    Booth: 322

    TrustedSec is a leader in attack intelligence and security advisory services. Our team of highly talented, skilled, senior consultants sets us apart from other commodity-service security companies. We form partnerships with our number one goal to help you holistically improve your security program. You’ll find that working with us amounts to more than “just another engagement”—it’s establishing an understanding with your organization, and working to make you more secure, and better as a whole.

     

  • Veristor
    Booth: 312

    At VeriStor, we design, implement and manage IT solutions that fuel business productivity. As an end-to-end solutions provider, VeriStor specializes in enterprise data storage, virtual infrastructure, public, private and hybrid cloud services, migration, and technology financing. Headquartered in Atlanta, VeriStor delivers solutions nationwide to enterprise and mid-market companies in all industries including financial services, manufacturing, healthcare, education and federal, state and local government. To learn how VeriStor can help you achieve an IT infrastructure that accelerates business growth, improves efficiencies and reduces costs, visit: http://www.veristor.com

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Rebecca Herold
    CEO, The Privacy Professor, President, SIMBUS, LLC

    Rebecca is CEO of The Privacy Professor® consultancy and President of SIMBUS, LLC, an infosec, privacy, technology, and compliance management cloud service. Rebecca has over 25 years of experience, has authored 19 books and hundreds of book chapters and published articles, and serves as an expert witness for information security, privacy, and compliance issues. Rebecca appears regularly on the KCWI23 morning television show and is based in Des Moines, Iowa.

  • speaker photo
    Larry Wilson
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    Gene Kingsley
    Director of Security Operations, Massachusetts Advanced Secure Technologies

    Gene Kingsley, Director of Security Operations Center where he leads his team to help protect the clients of Massachusetts Advanced Security Technologies.

  • speaker photo
    Roy Zur
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI

    Roy Zur is a cyber intelligence expert, an attorney, and the founder and CEO of Cybint Solutions, a cyber education company. Roy has over a decade of experience in cyber and intelligence operations from the Israeli security forces (Retired Major), and has developed cyber education programs and technological solutions for companies, educational institutions, and government agencies around the world.

  • speaker photo
    Nir Valtman
    Head of Application Security, NCR Corporation

    Nir Valtman heads the application security of the software solutions for NCR Corporation. Before the acquisition of Retalix by NCR, Nir lead the security of the R&D in the company. As part of his previous positions, he was working in several application security, penetration testing and systems infrastructure security positions. Nir is a frequent speaker at leading conferences around the world, including Black Hat, Defcon, RSA, BSides, OWASP etc. Nir has a Bachelor of Science in Computer Science but his knowledge is mainly based on cowboy learning and information sharing with the techno-oriented communities, such as blogging and releasing open source tools (including AntiDef, Cloudefigo, and SAPIA).

  • speaker photo
    Jon Neiditz
    Partner & Cybersecurity Practice Leader, Kilpatrick Townsend

    Jon Neiditz co-leads the Cybersecurity, Privacy and Data Governance Practice at knowledge asset protection law firm Kilpatrick Townsend & Stockton LLP. Jon has been named a “Cybersecurity Trail Blazer” by the National Law Journal and a Ponemon Fellow, is listed as one of the Best Lawyers in America® both in Information Management Law and in Privacy and Data Security Law, and is listed more questionably by Twitter (of course) as the 82nd most influential person in the world in data security. One of the first lawyers to focus broadly on data governance and knowledge asset protection, Jon helps clients anticipate and obviate information risks, appropriately monetize information, comply with information laws, contain incidents and maxim recoveries and resilience afterwards. He has managed responses to multiple data breaches and other information security incidents every week since 2005 as well as helped design and implement many strategic and compliance initiatives in the areas of privacy, cybersecurity and information management. Jon holds a J.D. from Yale Law School and a B.A., magna cum laude, from Dartmouth College. In good times, Jon blogs at datalaw.net and linkedin.com/in/informationmanagementlaw, and tweet as @jonneiditz.

  • speaker photo
    Mark Gelhardt
    VP Technology Governance, US Bank/Elavon

    While in the Army - Colonel Gelhardt’s was nominated and selection to be the Commander of the Data Systems Unit (CIO/CISO civilian equivalent) for the White House. Col Gelhardt’s mission was to provide Secure and Automation and Telecommunication to President Clinton, the VP, the White House Staff, and the U.S. Secret Service for over four and half years. Since retiring from the service Mark has held multiple leadership positions as a CIO/CTO/CSO & CISO for several global companies. Mark’s is an a published author and key note speaker.

  • speaker photo
    Terry Ziemniak, CISSP
    Chapter Member, (ISC)2

    Terry has over 25 years' experience in the information security field with work ranging from security architecture, pen testing, operations, auditing, risk management, disaster preparedness and compliance. His roles have ranged from white-hat hacker up to CISO for billion dollar companies. Terry has achieved the CISSP (Certified Information System Security Practitioner) designation as well as having completed his Master's degree in Information Security from DePaul University. He has spoken on cybersecurity topics to groups all over the country and as far away as Germany.

  • speaker photo
    Ravi Thatavarthy
    CISO, iRobot Corporation

    Ravi Thatavarthy is Information Security Officer at iRobot heading both IT and Product Security. He brings 20+ years of experience in Information Security to his role with a strong background in Security Architecture and building Security programs from ground up. His approach to Information Security is unique and well-balanced with a focus on ‘Business Value’ and ‘User Delight’. He recently appeared in ‘Profiles in Confidence’ as a Security leader running confident Security program. He spoke and served as a panelist in multiple conferences. Before joining iRobot, he led the Security, Policy & Compliance programs at Haemonetics where he worked as Director of Global Security & Policy.

  • speaker photo
    Roy Zur
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI

    Roy Zur is a cyber intelligence expert, an attorney, and the founder and CEO of Cybint Solutions, a cyber education company. Roy has over a decade of experience in cyber and intelligence operations from the Israeli security forces (Retired Major), and has developed cyber education programs and technological solutions for companies, educational institutions, and government agencies around the world.

  • speaker photo
    Zoe Lindsey
    Customer Advocacy, Duo Security

    Zoe Lindsey is Duo Security’s Advocate Manager, where she educates and advises organizations with unique compliance challenges including the healthcare, government, and financial industries on strong security policy and best practices. She has been hooked on tech since getting her first Commodore 64 at age 10, and joined Duo with a background in cellular and medical technology.

  • speaker photo
    Roy Wilkinson
    Principal, CISO/CIO Services, Rausch Advisory

    Roy Wilkinson, PhD, CISSP, CPCS, CHS-V, HISP, is a former CSO & CISO with 30+ years in Information Security and 25+ years in physical security. He is currently Principal for a virtual CIO/CISO practice with an executive advisory firm and was recently elected as Vice President of ISSA International. Dr. Wilkinson is a recognized security leader and speaker for security organizations: ISSA Intl, ASIS Intl, ACFEI Homeland Security, SecureWorld, CyberCrime Summit, and others. Roy holds an extensive list of security certifications and honors, including: ISSA International Hall of Fame, American College of Forensic Examiners Fellow, and ISSA International Distinguished Fellow.

  • speaker photo
    Brian Harrell
    Senior Fellow, Center for Cyber and Homeland Security, The George Washington University

    Brian Harrell, CPP, is a Senior Fellow at The George Washington University Center for Cyber & Homeland Security (CCHS) where he provides insight and analysis on homeland security, counterterrorism, and cybersecurity issues. He is the former Operations Director of the Electricity ISAC and Director of Critical Infrastructure Protection Programs at the North American Electric Reliability Corporation (NERC) where he was charged with helping protect North America's electric grid from cyber-attack. Brian has spent time during his career in the US Marine Corps, US Department of Homeland Security, and various private sector agencies with the goal of protecting the United States.

  • speaker photo
    Fatih Orhan
    VP, Threat Labs, Comodo Cybersecurity

    With more than 15 years of experience in the technology industry, Fatih Orhan brings a great deal of expertise to his role as director of Comodo Cybersecurity’s Threat Research Lab (CTRL). Working with over 200 security analysts, Orhan and his digital intelligence team are committed to using the best combination of cybersecurity technology and innovations; machine learning-powered analytics; artificial intelligence; and human insight to secure and protect individuals and businesses around the world.

    Orhan received his undergraduate degree in Computer Engineering and a Masters in Science Informatics from Middle East Technical University, both of which he uses to battle the ongoing malware threats of today and reinstate online trust.

  • speaker photo
    Rebecca Herold
    CEO, The Privacy Professor, President, SIMBUS, LLC

    Rebecca is CEO of The Privacy Professor® consultancy and President of SIMBUS, LLC, an infosec, privacy, technology, and compliance management cloud service. Rebecca has over 25 years of experience, has authored 19 books and hundreds of book chapters and published articles, and serves as an expert witness for information security, privacy, and compliance issues. Rebecca appears regularly on the KCWI23 morning television show and is based in Des Moines, Iowa.

  • speaker photo
    Mikal Hass
    President, Atlanta Chapter of (ISC)2
  • speaker photo
    Lynn Goodendorf
    Director, Information Security / CISO, Mandarin Oriental Hotel Group

    Lynn Goodendorf is the Director of Information Security for the Mandarin Oriental Hotel Group with a global scope of responsibility for the information security program at all hotels and corporate offices. She is known for a strategic and risk-based approach with over 25 years of leadership in technology, cybersecurity, data privacy and risk management. Lynn has been a speaker at ISACA, Infragard’s A-List, Secure World and other professional security events and has published articles with TechTarget, Hospitality Upgrade and White Collar Crime Fighter. Her professional associations include ISSA, IAPP and InfraGard, a cybersecurity partnership between the FBI and private sector.

  • speaker photo
    Tamika Bass
    CISO, Georgia Department of Public Health

    Tamika Bass is the Chief Information Security Officer for Georgia Department of Public Health. Her expertise includes assessing and mitigating risk, analyzing impacts, business continuity and disaster recovery planning. Tamika focuses on building cohesive relationships with all levels of staff, management, and suppliers. She holds a Master in Business Administration and a Master in Information Systems Management. She is an adjunct professor and is a Certified Information Security Auditor (CISA). Tamika is also certified in Risk and Information Security Controls (CRISC) and a Certified Business Continuity Planner (CBCP).

  • speaker photo
    Phillip Mahan
    Director, Cloud Security Alliance Atlanta

    Phillip Mahan is a Risk and Privacy Professional with over a dozen years of experience in multiple business sectors. Not only certified in the arenas of Privacy, Information Security, and Audit, he also has years of real world experience in each. Technician, Author of Policies, Storyteller, Mentor, and Student.

  • speaker photo
    Levone Campbell
    Cyber Team Lead / Incident Coordinator, Aramco Services

    Levone Campbell is the Cyber Security Lead / Incident Coordinator for his organization. Levone holds two Bachelor degrees in Management and Marketing from North Carolina A&T State University, a Masters in Business Administration from Walden University, and a Masters in Technology Management from Georgetown University. He also holds numerous certifications.

  • speaker photo
    Larry Wilson
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    Gene Kingsley
    Director of Security Operations, Massachusetts Advanced Secure Technologies

    Gene Kingsley, Director of Security Operations Center where he leads his team to help protect the clients of Massachusetts Advanced Security Technologies.

  • speaker photo
    Roy Zur
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI

    Roy Zur is a cyber intelligence expert, an attorney, and the founder and CEO of Cybint Solutions, a cyber education company. Roy has over a decade of experience in cyber and intelligence operations from the Israeli security forces (Retired Major), and has developed cyber education programs and technological solutions for companies, educational institutions, and government agencies around the world.

  • speaker photo
    Happy Hour
  • speaker photo
    Larry Wilson
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    Gene Kingsley
    Director of Security Operations, Massachusetts Advanced Secure Technologies

    Gene Kingsley, Director of Security Operations Center where he leads his team to help protect the clients of Massachusetts Advanced Security Technologies.

  • speaker photo
    Roy Zur
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI

    Roy Zur is a cyber intelligence expert, an attorney, and the founder and CEO of Cybint Solutions, a cyber education company. Roy has over a decade of experience in cyber and intelligence operations from the Israeli security forces (Retired Major), and has developed cyber education programs and technological solutions for companies, educational institutions, and government agencies around the world.

  • speaker photo
    Bruno Haring, CISSP, CIPT, CRISC, CISA
    Director and Market Leader, PwC

    Bruno is a Director and Market Leader with PwC’s Cybersecurity and Privacy practice based in Atlanta, GA. With over 21 years of experience, both nationally and internationally, in cybersecurity and IT risk management and transformation. Bruno helps Fortune 500 organizations navigate and address cybersecurity, IT, and governance risks, resulting in improved business performance and value.

    Bruno focuses in emerging technology and digital risks by working with the Board and C-level suite tackle information security as a business issue and to improve the organization’s defensible posture against emerging threats. Bruno has a strong background in assessing and implementing cybersecurity, privacy, IT risk, business resiliency, vendor risk, and data protection programs. Bruno also leads teams in penetration testing and vulnerability assessments, threat modeling, secure adoption of Cloud based solutions, and helps organizations implement and assess against various security, regulatory and compliance requirements, such as NIST, ISO27001/2, GDPR, PCI, ISF, and HIPAA.

    Bruno is a proven practice leader, currently Board President for the FBI’s InfraGard Atlanta Members Alliance, has published thought leadership, and is a frequent speaker at various professional associations. Lastly, Bruno has significant experience in the supervision of large scale IT initiatives, and advisory oversight of technology integration engagements.

    Prior to joining PwC, Bruno served as an Information Security and IT Risk advisor and competency leader in EY’s Advisory practice and in Andersen’s (formerly Arthur Andersen) Business Consulting practice, and in the Global Technology Integration Services group in Andersen Consulting (now Accenture) where he had lead application and data architecture design and development responsibilities nationally.

  • speaker photo
    James “Mark” Harless
    Special Agent, FBI

    SA Harless has been a Federal Law Enforcement Officer for 24 years, including 3 years as a Special Agent with The U.S. Air Force Office Of Special Investigation (AFOSI), and 21 years as a Special Agent with the FBI. SA Harless has over 11 years of leadership experience as an FBI Supervisor, and has a broad law enforcement background in matters involving public corruption, white collar crime, healthcare fraud, gangs, drug trafficking, money laundering, intellectual property rights, and counterterrorism. SA Harless earned a Master of Science Degree from The Florida State University and a Bachelor of Science Degree from Belmont University. In 2008, SA Harless was the recipient of the FBI Director’s Award for Special Achievement, and in 2009 he received the FBI Director’s Award for Excellence in Investigation.

  • speaker photo
    Michael Holcomb
    Director, Information Security, Fluor

    Michael Holcomb has nearly two decades of dedicated experience in Information Security, primarily focused on Vulnerability Management, Penetration Testing, Incident Detection/Response and Industrial Controls. He currently serves as Director of Information Security at Fluor and President of the ISSA Chapter in Greenville, SC.

  • speaker photo
    Nicole Keaton Hart
    CxO - Deputy CIO , Nicke Consulting Group

    Nicole Keaton-Hart has served as a fractional CxO in Financial Services, Consumer Packaged Goods, Retail, Oil & Gas and Health IT industries as Chief Information Security Officer, Chief Information Officer and Chief Strategist. As a visionary and pragmatic leader with a keen focus on Business, IT and Information Security operating in harmony she has held several executive leadership positions. Nicole is well versed in Information Security Strategy, Enterprise Risk Management and the Governance of Enterprise IT. She holds CGEIT, CRISC, CISA and CISM certifications and is a graduate of Georgia State University J. Mack Robinson College of Business with an Executive Masters in Management Information Technology.

  • speaker photo
    Justin Daniels
    Attorney, Baker Donelson

    Justin Daniels is a thought leader in cybersecurity who believes cybersecurity must be treated by the c-suite as a strategic enterprise business risk. He provides strategic advice to companies to help them understand cyber risk and create a comprehensive approach to address it. He specifically advises on cyber business and legal issues in mergers and acquisitions, investment capital transactions and related due diligence matters, information security plans, incident response plans, vendor and customer contracts and cyber insurance. Justin is an attorney with Baker Donelson, where he specializes in M&A and other business transactions.

    Justin is a leader in Georgia's cybersecurity industry. In 2017, he founded and led the inaugural Atlanta Cyber Week (www.atlcyberweek.com) where multiple organizations held 11 events that attracted more than 1,000 attendees from five countries. Atlanta Cyber Week created business opportunities between growth cyber companies and Atlanta's middle market and Fortune 1,000 customer base while also burnishing the reputation of Atlanta's regional cybersecurity ecosystem. At the end of Atlanta Cyber Week 2017, he gave a Ted Talk entitled "Why You Hold the Key to Cybersecurity." He launched the podcast CyberXchange in April 2018 where he exchanges views on cybersecurity with industry leaders and influencers. He speaks extensively about the topic of cybersecurity and has done so in the United States, the UK and Israel.

  • speaker photo
    Steven Shalita
    Vice President, Marketing and Business Development, Pluribus Networks

    Steven Shalita has 20+ years of technology experience across the Enterprise, Cloud and Service Provider technology segments. He has market and technology expertise spanning across Cybersecurity, network security, forensics, SDN/NFV, and IT infrastructure. He has spent a considerable amount of time in the performance monitoring marker and was a key evangelist for adapting network monitoring technology for security use cases to identify zero-attacks. Steven is currently Vice President at Pluribus Networks and is a frequent featured speaker at leading industry events. He has held senior technology marketing leadership positions at NetScout, Check Point Software Technologies, Alcatel-Lucent, Cisco, and HP Networking.

  • speaker photo
    Steven "Doc" Simon, PhD
    Professor, IT / Captain, US Navy (Ret), Mercer University

    Steven “Doc” Simon was commissioned in the Navy in October 1989. He served his first tour aboard the USS BLAKELY (FF-1072), homeported in Charleston, SC earning his Surface Warfare Qualification. Upon de-commissioning of the Blakely he cross-decked to the USS SAMUEL ELLIOT MORRISON (FFG-13) before being assigned to Naval Construction Force, Support Unit Three as Information Resource Management Officer and earning his Seabee Warfare Qualification. He was then transferred to the Second Naval Construction Brigade as ADP/IRM Officer. During this period he led the re-engineering of the Brigade’s information system implementing local area networks, storage, and SATCOM functionality.

    In September 1994, he was assigned to Commander, Naval Expeditionary Logistics Support Force in Williamsburg, VA as a Logistics Planner and in October 1997 transferred to Commander, United States Atlantic Command. In October 1999, LT Simon was assigned as Logistics and Information Systems Officer for Mobile Inshore Undersea Warfare Unit 208. In October 2001, LCDR Simon was assigned to Commander Carrier Group TWO as Assistant Communications and Logistic Officer. Serving aboard USS HARRY S TRUMAN (CVN-75) during Operation Iraqi Freedom in the Mediterranean he became Tactical Action Officer (TAO) Qualified. In October 2003, he transferred to Commander, US Sixth Fleet Det 802 as N-6. During this tour he served on the USS LASALLE (AGF-3) and USS MT WHITNEY (LCC-20) qualifying as Battle Watch Captain (BWC).

    From October 2005 to July 2006, CDR Simon was assigned to the Office of Naval Research/Naval Research Labs as Deputy CIO/Research & Development Liaison Officer. He was then transferred to the United States Strategic Command Center for Combating Weapons of Mass Destruction (SCC-WMD) as Chief Information Officer/J-6 where he led the development of joint and coalition systems.

    In October 2008, he assumed command of Naval Communications Material System (NCMS)/Department of Navy Communications Security System. AT NCMS, he was responsible for the planning, development, and operation of the Department of the Navy’s communication security (COMSEC) system. In July 2011 he became the Director of the Cyber Security Center at the United States Naval Academy. Before his retirement he served as the commanding officer of NR-Naval Information Operations Command Georgia. CAPT Simon has a broad background with large-scale systems and infrastructure projects having worked on numerous Enterprise Resource Planning (ERP) implementations as a solutions architect and project manager. He is an Associate Professor of Information Technology at Mercer University in Atlanta, GA.

    Capt. Simon holds a Bachelor’s degree in computer science and marketing from the University of Georgia, a Masters of Business Administration from the University of Georgia System, and a Doctor of Philosophy (PhD) in Information Technology and International Business from the University of South Carolina. He has published over seventy-five scholarly articles on IT topics and served as Editor-in-Chief of the Journal of Information Science and Technology. He has been a professor at University of South Carolina, Oklahoma University, Florida International, and currently Mercer University. He has additional served as an SAP consultant, consultant to several large World Bank projects, and advisor to a number of DoD and USG technology projects. His personal decorations include Legion of Merit with two Gold Star, Defense Meritorious Service Medal, Meritorious Service Medal with two Gold Stars, Navy Commendation Medal, Navy Achievement Medal with two Gold Stars, Joint Meritorious Unit Commendation with one Oak Leaf, Meritorious Unit Citation, National Defense Service Medal, Global War On Terrorism Expeditionary Medal, Global War On Terrorism Service Medal, Armed Forces Expeditionary Medal, Sea Service Ribbon, Expert Rifle Shot Medal, and Expert Pistol Shot Medal.

  • speaker photo
    James Farwell
    Counsel, Elkins PLC, ; Associate Fellow, Kings College, U. of London; non-resident Senior Fellow, Middle East Institute, Washington, D.C.

    James counsels clients in the areas of Cybersecurity and Privacy Protection. He has a CIPP/US certification from the International Association of Privacy Professionals. James advised the U.S. Department of Defense and U.S. Special Operations Command on cybersecurity and strategic communication. He served as consultant to the U.S. Department of Defense,

  • speaker photo
    Rebecca Finnin
    Director, Technology Security, AT&T

    Rebecca Finnin is a Director in the Chief Security Office at AT&T. During her time at AT&T, Rebecca has overseen large-scale development projects to meet compliance requirements. She was also responsible for automation of vulnerability assessments on infrastructure elements across AT&T internal and customer-serving networks. Her current role involves helping to embed security features into the Software Defined Network, with a particular focus on the Open Network Automation Platform (ONAP).

  • speaker photo
    Ted Claypoole
    Partner, Womble Bond Dickinson

    Lawyer, business adviser, lawfirm team lead for cybersecurity/privacy, licensing and FinTech, chair of American Bar Association, Business Cyberspace Law Committee, former in-house counsel for Bank of America and Compuserve, co-author of books Privacy in the Age of Big Data, and Protecting Your Internet Identity.

  • speaker photo
    Tim Hill
    Director, Product Management & Strategy, Centrify Corp

    Tim Hill joined Centrify in the fall of 2017 as the Director of Product Management & Strategy, he is a US Air Force Veteran who post military joined Amp Inc./TE Connectivity Inc. through the embattled years as part of Tyco International Inc., as their Information Security Manager, and M&A team member, later at PHEAA as the VP of Enterprise Security, then Anthem Inc. as a Security Director in the CISO's office in 2014 through 2017. He has participated in first hand breach recovery efforts and has seen first-hand what is being done right and wrong. Tim has a strong background in IAM which he uses to drive productivity solutions through our customer, leveraging investments and optimizing the full business process and execution.

  • speaker photo
    Larry Ponemon
    Chairman and Founder, Ponemon Institute

    Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research “think tank” dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management or RIM framework.

    Ponemon Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University’s CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Corporation.

    Dr. Ponemon consults with leading multinational organizations on global privacy management programs. He has extensive knowledge of regulatory frameworks for managing privacy and data security including financial services, health care, pharmaceutical, telecom and Internet. Dr. Ponemon was appointed to the Advisory Committee for Online Access & Security for the United States Federal Trade Commission. He was appointed by the White House to the Data Privacy and Integrity Advisory Committee for the Department of Homeland Security. Dr. Ponemon was also an appointed to two California State task forces on privacy and data security laws.

    Dr. Ponemon earned his Ph.D. at Union College in Schenectady, New York. He has a Master’s degree from Harvard University, Cambridge, Massachusetts, and attended the doctoral program in system sciences at Carnegie Mellon University, Pittsburgh, Pennsylvania. Dr. Ponemon earned his Bachelors with Highest Distinction from the University of Arizona, Tucson, Arizona. He is a Certified Public Accountant and a Certified Information Privacy Professional.

  • speaker photo
    David Benton
    Director, The American Society of Digital Forensics & eDiscovery (ASDFED)

    In 1994, David began his investigative career as a Counterintelligence Special Agent. During his tour, he conducted numerous investigations across multiple continents. After the military, he joined the Georgia Bureau of Investigation and left as a supervisor on their computer evidence recovery team. He worked for a fortune 25 company and later a leading consulting practice. He’s testified as an expert witness in 19 separate cases and was a court-appointed special master in multiple matters before the US District Court in Atlanta. David blends his experience to provide practical advice to tackle internal investigations.

  • speaker photo
    David Keating
    Partner, Alston & Bird LLP

    David Keating is one of the co-leaders of the Privacy and Security Practice at Alston & Bird. David’s practice is focused on advising clients on privacy and security issues arising along the entire data lifecycle. He assists clients with compliance strategies, policy development and implementation, data monetization and data use analyses, new product development, and privacy enforcement matters. Particular areas of focus include emerging technologies and European Union data protection, including GDPR readiness and remediation.

  • speaker photo
    David Barton
    Managing Director, UHY Advisors

    David Barton is a Managing Director with UHY Advisors and practice leader of the Internal Audit, Risk, and Compliance practice, which provides consulting and attestation services around information technology controls, cybersecurity, and compliance. He has over 25 years of practical experience in information systems and technology risk and controls. David is frequently asked to speak at national and regional events, such as SecureWorld and the Cloud Security Alliance Congress. He is the primary author of the CSA position paper on AICPA Service Organization Control Reports. He regularly provides his input and opinions for national publications such as Compliance Week, Accounting Today, and the Atlanta Journal Constitution. David holds an MBA and BS in Business Administration from Appalachian State University. He is Certified in Risk and Information Systems Control (CRISC), received the Certified Information Systems Auditor (CISA) designation in 1988, and is a member of the Atlanta chapter of the Cloud Security Alliance. David has active civic memberships with the Atlanta chapter of the Porsche Club of America and the Tire Rack Street Survival® program for teen driver education. He is also a certified high-performance driving instructor and former Porsche Club racer.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store