googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, May 30, 2018
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    speaker photo
    CEO, The Privacy Professor; CEO, Privacy & Security Brainiacs
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: 119

    This session is for Advisory Council Members only.

    8:00 am
    [SecureWorld PLUS] Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 101

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 1 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 111

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    8:00 am
    SecureWorld PLUS Part 1 - Cyber Crimes, Threat Intelligence, and the Dark Web – Hands-On Workshop
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 110

    This practical workshop will reveal the secrets of the dark-web and cybercriminals. Attendees will acquire knowledge, skills and tools to search the dark-web and analyze cyber threat intelligence. Additionally, attendees will explore how to leverage cyber intelligence on the web to proactively approach complex processes as due diligence and litigation.

    8:30 am
    Keep Containers Afloat
    • session level icon
    How to Support Rapidly Evolving Engineering Efforts (on top of containers) by Wrapping Security Around It
    speaker photo
    Head of Application Security, NCR Corporation
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 113

    Containerized solutions are known for decades, but only recently they became part of the DevOps hype. Since the containers are minimalistic, there is a perception that they tend to be more secure than other virtualized solutions. However, by modifying common exploits on pre-container generation infrastructure, these attacks can be more disruptive on orchestrated containerized solutions. The key factors that affect the sturdiness of a system are the speed of DevOps CI/CD pipelines, the challenge for security teams to automate everything, and reusing old infrastructure concepts on software defined networks (SDN), such as container orchestrations. This talk is going to shed light on the defensive mechanisms that need to be considered when deploying containerized solutions, and will demonstrate effective attacks against them.

    8:30 am
    Companies are Beginning To Protect Their Crown Jewels, Not Just Doing What They’re Told to Do!
    • session level icon
    speaker photo
    Partner & Cybersecurity Practice Leader, Kilpatrick Townsend
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 117

    We just released our second study with the Ponemon Institute on the Cybersecurity Risk to Knowledge Assets, which shows dramatic increases in threats and awareness of threats to “crown jewels” or “knowledge assets” among the more than 600 study participants, as well as dramatic improvements in addressing those threats by the highest performing organizations. It is rich in findings that will help CISOs and counsel with benchmarking, internal advocacy and addressing gaps. This presentation focuses on the practical guidance for successful advocacy and action toward securing knowledge assets that participants need to bring back to their companies
    1: Learn to expand organizational focus to meet new cyberthreats.
    2: Understand how to identify your knowledge assets and defend them.
    3: Anticipate new related regulatory challenges that can help you.

    8:30 am
    The White House - Information Technology and Communication Support to the President
    • session level icon
    speaker photo
    CIO, Georgia State Defense Force, Former CIO, The White House
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Ballroom C

    Colonel Mark Gelhardt, former Commander (CIO/CISO), Data Systems Unit, at the White House during President Clinton’s administration, will provide a rare insight to the inner working of the White House. Col Gelhardt will talk about how the military supports the Commander-in-Chief with Technology and Communications. He will talk about the last link of communications between the National Command Authority and the President – how to keep it secure from Cyber Threat. Col Gelhardt used highly classified technology that has finally made it out to the market in today’s world. He will talk about some of this technology that we use today made it from Top Secret to every day use in today’s world.

    8:30 am
    Security Awareness Progams: Structured, Measured, Better
    • session level icon
    speaker photo
    Chapter Member, (ISC)2
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 115
    Hackers, scammers, and fraudsters are costing businesses billions of dollars each year. At the same time, security budgets continue to grow. We have seen that technology alone will not fix this problem. As users are on the front line of the cyberwar, they need to be better leveraged as part of our security programs.

    Awareness programs that are ad-hoc, reactionary, and unstructured are insufficient to address the threats facing our users. To be effective, these programs must be well thought out and managed in a methodical way. Driving substantial improvements in awareness programs require that risks be articulated, objectives documented, tasks crafted and executed, and measures taken. Only by building comprehensive programs will we instill the desired behaviors in our users.

    This presentation will review the prevailing trends in corporate awareness efforts, articulate areas for improvement, propose a new model, and discuss methods to build out such a program.

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    OPENING KEYNOTE: IoT and Smart Home Security Trends: Reducing the Fear Factor
    • session level icon
    speaker photo
    VP & CISO, BJ's Wholesale Club
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    This presentation will provide an overview of the trends in IoT and Smart Home technology. Understanding the growing number of connected products in homes, what does it means for consumers to evaluate risks vs. benefits? At the same time, this presentation will also educate the security industry on how to promote consumerization and reduce the fear factor. Finally, we will also look at the responsibilities of product companies towards the consumers.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:15 am
    The Dark Web, Cyber Crimes, and Cyber Intelligence
    • session level icon
    speaker photo
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Ballroom D

    In this presentation we will learn about trends in cyber fraud tactics and attacks, how dark web markets and forums fuel cyber crime, and how they can be investigated for threat intelligence. In addition, we will learn how cyber criminals utilize digital currencies, and how these transactions can intersect with the formal financial sector. In addition we will discuss cyber awareness and cyber literacy as well as an introduction to Cyber Intelligence.

    11:15 am
    Duo — Past the Perimeter: Earned Access Through a Zero-Trust Model
    • session level icon
    speaker photo
    Customer Advocacy, Duo Security
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 117

    Users whose digital lives are increasingly mobile don’t want to be tied to their desks, and an effective security strategy must be flexible enough to protect access from boardrooms and bars, cubicles and coffee shops alike. To do this, companies must ensure that users and their devices meet the same security controls, whether they’re outside or inside the network perimeter.

    Duo adopted the “zero-trust network” model to solve this challenge. All networks and devices are treated as untrusted until proven otherwise, and their health is checked each time a user connects to a protected resource. This approach depends on visibility into whether basic device and network security standards are met. It also requires the ability to enforce granular policy controls based on the results of that health check.

    The perimeter is disappearing, and it’s not coming back… find out how you can get a head start on what’s next.

    11:15 am
    Securing the ‘Weakest Link’ – Helping Users Become Part of the Security Team
    • session level icon
    speaker photo
    Principal, CISO/CIO Services, Rausch Advisory
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 115
    Humans are famously the ‘weakest link’ in the chain when it comes to security. No matter how strong your security program is, your entire efforts and investment can be neutralized by one simple click or a clever social engineer. User awareness is a critical component of any complete security program.

    Recruiting users into an active protection role – essentially bringing them onto the security team – can magnify your security program. In this session, we’ll explore real-world cases and examples of security education and awareness programs, along with ideas to help you help your users avoid becoming… ‘The Weakest Link’!

    11:15 am
    The Enemy Within: Insider Threats and the Impact to Critical Infrastructure
    • session level icon
    speaker photo
    Assistant Director, Infrastructure Security, U.S. Cybersecurity and Infrastructure Security Agency (CISA), DHS
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Ballroom C

    A careless or malicious insider can destroy an enterprise. Optimizing a cybersecurity insider threat program and integrating it into the enterprise risk management strategy can increase security resilience and provide early warning to threats. What security and contingency policies should you consider that are right for you? Examine how to assess your existing risk profile and how to design, plan, and build a successful insider risk program. Participants will learn what critical infrastructure sectors are doing to combat the threat and discuss how to build an effective strategy along with technology solutions that may aid security programs.

    11:15 am
    Comodo: SSL Certificates & Phishing Threats
    • session level icon
    speaker photo
    VP, Threat Labs, Comodo Cybersecurity
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 113

    Cyber criminals are taking advantage of cheap, low-cost methods to acquire valid SSL certificates for phishing sites. SSL certificate is one of the basic elements on world wide web security aspect. Operators of websites deploy SSL on their systems so that the data transferred between the browser of end user and the server are sent over a secure connection. Certificate authorities issue SSL certificates to show the holder is a legitimate owner of the site. Web browsers typically display a padlock sign to indicate the site has a valid certificate.

    Yet, when the procedure becomes cheap and easy enough for the criminally minded to obtain SSL certificates for their malicious sites, users face a risk of losing the methods for identifying trusted sites from phishing targets. Users have been trained to look for the padlock in their browser or for HTTPS in the domain before submitting sensitive information to websites, such as passwords and credit card numbers, but that becomes irrelevant when the site operators cannot be trusted.

    Statistics show that phishing websites having a valid SSL certificate grow every day, which poses a greater risk to consumers as well as enterprises with a potential to send sensitive data to criminal servers. The trusted sites lock icon hides more risk today than it creates a sense of trust for the user. Especially Domain Validation (DV) certificate types are being utilized since the process to get these certificates are easy and do not need any additional cost now. The mobile users are especially susceptible to such phishing attacks  as the screen layout of mobile browsers usually display only the certificate owner name or a portion of the url with a green lock, which still creates a false perception at user side.

    12:00 pm
    Advisory Council LUNCH Round Table - (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 119
    12:15 pm
    LUNCH KEYNOTE: Prevent Nightmares in the IoT
    • session level icon
    speaker photo
    CEO, The Privacy Professor; CEO, Privacy & Security Brainiacs
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
    Panelists:
    Yasser Fuentes, Bitdefender
    Jay Miller, Red Seal
    Brandon Meyer, enSilo
    Moderator: Larry Wilson

     

    1:15 pm
    Panel: Knowledge is Power (Encryption)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Ballroom C

    Encryption: the translation of data into a secret code. Very much like the codes that Elisebeth Friedman had cracked against the rum runners and bootleggers during the Prohibition days. Our heroine was able to smash their codes and determine when the next shipments were scheduled to arrive stateside. Knowledge truly was power as Friedman was able to effectively predict the future through her diligent code breaking. The level of sophistication may have changed but the point of encryption was and still is to safeguard the data from those that are not part of the group. Our experts will discuss the importance of using encryption to keep our information secure as well as address some of the best practices and pitfalls to watch out for.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:15 pm
    (ISC)2 Meeting and Guest Presentation - Open to all Attendees
    • session level icon
    Presenting: Cloud 101: What You Need to Know About the Cloud
    speaker photo
    President, (ISC)2 Atlanta Chapter
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Ballroom D

    Interested in your local associations? Join (ISC)2 for a chapter meeting and guest presentation. This session is open to all attendees.

    3:00 pm
    ISSA Chapter Meeting Joined by TAG & IAM Workshop Series Meetup Group (Open to all Attendees)
    • session level icon
    Presenting: Business Language for Cybersecurity with the COSO Enterprise Risk Framework
    speaker photo
    Director, Information Security / CISO, Mandarin Oriental Hotel Group
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: Keynote Theater

    Interested in your local associations? Join ISSA for a social meet & greet and chapter news.
    Presenting: The COSO Enterprise Risk Management Framework was updated in June, 2017. This new version offers a methodology that can be applied to managing cybersecurity risks. It is also an effective way to present and communicate business risks to senior executives. This presentation will cover the key concepts and principles of the COSO framework using realistic examples to show how cybersecurity can follow a true risk based strategy without sacrificing necessary compliance requirements.

    3:00 pm
    Executive Leadership: “Getting Them on the Bus”
    • session level icon
    speaker photo
    Cybersecurity Director, Gannett Fleming
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Ballroom C

    As cybersecurity professionals, many of us have the challenge of helping executive leadership understand all the aspects and changes we manage daily. This session provides key strategies for getting executives on board and fulfilling their roles as sponsors.

    3:00 pm
    Not a GDPR Presentation!
    • session level icon
    speaker photo
    Cybersecurity & Privacy Professional
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 117

    There is more to life in Data Protection than GDPR. Although the deadline is closing in, you are probably suffering from GDPR fatigue. This presentation will give you a look at other issues in Data Protection from our past and in our future, ranging from Keeping Users from doing the unthinkable, to rules for making rules. All in all, won’t it be nice to think about something else for 50 minutes?

    3:00 pm
    When the “IT” Hits the Fan, Stick to the Plan: Incident Response Plan Management
    • session level icon
    speaker photo
    Cyber Team Lead / Incident Coordinator, Aramco Services
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 115

    Incident Response is a critical process for any organization. The effectiveness of the incident response plan can determine whether or not an organization can sustain and recover from a cyber attack. As with any process within the organization, the incident response plan needs continuous testing and review to ensure it remains effective for the organization.

    3:00 pm
    [SecureWorld PLUS] Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 101

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:00 pm
    SecureWorld PLUS Part 2 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 111

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    3:00 pm
    SecureWorld PLUS Part 2 - Cyber Crimes, Threat Intelligence, and the Dark Web – Hands-On Workshop
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 110

    This practical workshop will reveal the secrets of the dark-web and cybercriminals. Attendees will acquire knowledge, skills and tools to search the dark-web and analyze cyber threat intelligence. Additionally, attendees will explore how to leverage cyber intelligence on the web to proactively approach complex processes as due diligence and litigation.

    4:00 pm
    Happy Hour Reception
    • session level icon
    Join ISSA, TAG, and IAM Workshop Series Meetup Group for networking, refreshments, and Fireside Chat
    Registration Level:
    • session level iconOpen Sessions
    4:00 pm - 7:30 pm
    Location / Room: Keynote Theater

    3:30 – 4:00 – Registration
    4:15 – 6:00 – Networking and Book Signing
    6:00 – 7:15 – Fireside Chat with Pete Chronis – Moderated by Ed Pascua
    7:15 – 8:00 – Dessert / Networking

  • Thursday, May 31, 2018
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    [SecureWorld PLUS] Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 101

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 3 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 111

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    8:00 am
    SecureWorld PLUS Part 3 - Cyber Crimes, Threat Intelligence, and the Dark Web – Hands-On Workshop
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 110

    This practical workshop will reveal the secrets of the dark-web and cybercriminals. Attendees will acquire knowledge, skills and tools to search the dark-web and analyze cyber threat intelligence. Additionally, attendees will explore how to leverage cyber intelligence on the web to proactively approach complex processes as due diligence and litigation.

    8:15 am
    InfraGard Meeting: Light Breakfast and Guest Presentation - Open to all Attendees
    • session level icon
    speaker photo
    Director and Market Leader, PwC
    speaker photo
    Special Agent, FBI
    Registration Level:
    • session level iconOpen Sessions
    8:15 am - 9:00 am
    Location / Room: Keynote Theater

    Interested in your local associations? Join InfraGard for a chapter meeting, light breakfast and guest presentation. This session is open to all attendees.
    8:00-8:30am – Networking
    8:30-9:15am – Speaker: TBD

    Guest Presentation
    : TBD

     

    8:30 am
    Building Mental Models for Cyber Success
    • session level icon
    speaker photo
    Fellow and Director of Cybersecurity, Fluor
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 115

    Using mental models can help us succeed in any area of life and can help us make intelligent, efficient and practical decisions when it comes to cyber security. Each area of an organization’s information security program can be enhanced by building and leveraging mental models specifically for their teams’ own unique needs. This presentation will look at building mental models aligned with the Top 20 Critical Security Controls, though the principals discussed can be applied to any existing framework.

    8:30 am
    Horizontal Cyber Risk Landscape: Managing Third Party Supplier Cyber Risk With Enterprise Risk Manage
    • session level icon
    speaker photo
    CxO - Deputy CIO , Nicke Consulting Group
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 117

    Studies show Third Party Suppliers account for 49%, nearly half, of reported data breaches. The contracting company in most instances owns the risk its third parties and IoT ecosystem bring to their operation. Given this new approach to supplier risk management is needed to protect an enterprise’s critical information.

    8:30 am
    AI and Blockchain: The Latest Development in the Debate of Innovation vs. Security
    • session level icon
    speaker photo
    Attorney, Baker Donelson
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Ballroom C

    The unprecedented speed of innovation is a hallmark of the 21st century. How do we wrap our heads around its long term consequences. Artificial intelligence and block chain technology are the latest technological developments that will rapidly change our world. Are we carefully considering the long term consequences of these technologies on our security. What do we need to be considering so that we strike the right balance between innovation and security.

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    OPENING KEYNOTE: Leveraging SDN Technology to Improve Enterprise Security
    • session level icon
    speaker photo
    Vice President, Marketing and Business Development, Pluribus Networks
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    With increasing numbers of high profile breaches, focusing on securing the perimeter is no longer sufficient. New traffic types and the proliferation of diverse end-points along with increased mobility and wireless access fuels a dramatic increase in untrusted traffic entering the network. In addition, the growth of multi-cloud environments and cloud services requiring access to Enterprise resources pose additional challenges. As mixed-use networks continue to grow and Internet of Things (IoT) traffic is introduced to the network, security organizations need a more dynamic approach to secure the increases of unsecure and untrusted traffic.

    Imagine being able to build a simple, automated and secure network overlay that empowers the enterprise with cloud-scale, elasticity and adaptability and enables independence from network operations. This session will discuss the evolution of Software-Defined Networking (SDN) technologies and explore how to leverage a dynamic SDN architecture to enable dynamic traffic segmentation, distributed policy enforcement, shared security services and increased operational intelligence to reduce risk, contain infiltrations and prevent attack proliferation.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 119
    11:15 am
    Cyber Threats – Risks and Opportunities
    • session level icon
    speaker photo
    Professor, IT / Captain, US Navy (Ret), Mercer University
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Ballroom C

    Review of the most current cyber threats with mitigation suggestions.

    11:15 am
    Information Security Plans
    • session level icon
    speaker photo
    Counsel, Elkins PLC; Associate Fellow, Kings College, University of London
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 113

    The presentation examines the need for policies, objectives, controls, processes and procedures to help companies manage the risk, threats, and vulnerabilities that can cause loss as a result of a cyber breach or loss of confidential/proprietary information. It examines organizational responsibilities, key steps in forging and executing an Information Security Plan, and what you can do to better protect yourself from loss.

    11:15 am
    A Comprehensive Framework for Securing Open Source Software
    • session level icon
    speaker photo
    AVP, Chief Security Office, AT&T
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 115
    We all understand the benefits of using open source software, but are not necessarily comfortable relying solely on the meritocracy of open source communities to keep that software secure. This talk will establish a framework for securing both the consumption and contribution of open source code. Within the context of the framework we will explore long standing software security techniques and newly emerging technologies and solutions.

     

    11:15 am
    GDPR Ignites a Clash of Cultures
    • session level icon
    speaker photo
    Partner, Womble Bond Dickinson
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Ballroom D

    We are on the verge of meaningful cultural battles that will change our technology consumption. Enforcement of the EU’s GDPR will spark fights not only between privacy and analytics, but consumerism vs. spiritualism, openness vs. safety, law enforcement vs. personal security, governments vs. corporations. Individuals and U.S. companies will bear the most pain and disruption as these forces tear each other apart. No one can remain safe on the sidelines.

    11:15 am
    Centrify: Cyber Offense Redefined
    • session level icon
    speaker photo
    Director, Product Management & Strategy, Centrify Corp
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 117

    81% of hacking-related breaches leverage either stolen, default, or weak passwords. As a result, organizations need to realize that any network, device, user, or application could be compromised. To better protect sensitive resources and data, IT security professionals need to adjust their mindset and adopt a new way of thinking: “Never trust, always verify”.

    Join us to hear why the path towards Zero Trust Security starts with
    Next-Gen Access. In this session we’ll examine:

    • The current (broken) state of security and the role identity plays in
      cyber-attacks
    • The massive rethinking underway that redefines security to follow identity
    • What you can do today to adopt a Zero Trust model and reduce risk through the power of Next-Gen Access

     

    12:00 pm
    Advisory Council LUNCH Roundtable - (VIP / Invite ONLY)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 119
    12:15 pm
    LUNCH KEYNOTE: The Evolving Role of CISOs and Their Importance to the Business
    • session level icon
    speaker photo
    Chairman and Founder, Ponemon Institute
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    What is a CISO and what do they do? As the leader of cyber defense for an organization, the CISO is rapidly becoming indispensable for an organization’s survival. This presentation is based on interviews with senior level IT professionals at 184 companies in seven countries. The goal of the research is to better understand how CISOs work, what their concerns are, and how they are improving their effectiveness in managing risks to the enterprise.

    1:15 pm
    Panel: Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
    Panelists:
    RJ Sudlow, DHG
    Mike Van Doren, Sonatype
    Jerrod Piker, Check Point Security
    Matthew Farr, Varonis
    Kevin Clark, Sayers
    Moderator: Jow DiBiase, Interface

    1:15 pm
    Panel: Extortion as-a-Service? Ransomware and Beyond
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Ballroom C
    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    ASDFED Chapter Meeting and Guest Presentation - Open to All Attendees
    • session level icon
    Presenting: Conducting Internal Investigations
    speaker photo
    Director, The American Society of Digital Forensics & eDiscovery (ASDFED)
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 117

    Join ASDFED for a chapter meeting and guest presentation.
    Presentation Details:
    You’re requested to conduct an internal investigation by a C level executive and now what? A hard drive contains a complex array of data. Where should you look to discover the who, what, when, where, why, how, what else and what other? What tools are needed to extract information efficiently? How fast can you make sense of what’s happening? This presentation provides a framework to answer those questions and many more.

    3:00 pm
    Privacy Impact Assessments and Emerging Technologies
    • session level icon
    speaker photo
    Partner, Alston & Bird LLP
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 115
    Privacy laws and regulations continue to evolve rapidly in the U.S. at the federal and state levels. Combined with the European Union GDPR, these emerging standards underline the need for businesses to manage data as a regulated asset. The risks are heightened when developing or implementing emerging technologies, such as artificial intelligence, blockchain and biometric technologies. A key part of governance, both to reduce risk and to enable new innovations, is to perform impact assessments when implementing new technologies into the business, and as part of any new product development or innovation operations. This presentation will focus on privacy regulatory issues associated with emerging technologies, trends in structuring impact assessments, approaches to and objectives of PIAs, and ways in which to integrate PIA processes into the business.
    3:00 pm
    Cyber Risk in the Supply Chain: Where Is Your Weakest Link?
    • session level icon
    speaker photo
    Managing Director, UHY Consulting
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 113

    Every organization has a supply chain, and many don’t know which members are the weakest link in the chain. Cybersecurity is no longer limited to what you do within your own organization. Many of the largest breaches in recent history have been the result of inadequate security with vendors and other members of the supply chain. This session will provide you with the risks and some possible remedies for how your organization can better manage the organizations that make up your supply chain and other business partners.

Exhibitors
  • ACP Atlanta
    Booth: 206

    The Atlanta Chapter was formed in August of 2006. It includes Continuity Professionals from all areas of the Business Community and the Public Sector. As ACP’s local presence in the Atlanta metro region, our chapter embraces and seeks to promote the mission and goals of the parent organization. Being a member of the Atlanta Chapter of ACP brings many benefits:
    • The opportunity to network with experience individuals who often have addressed some of the same challenges you face in your organization.
    • The opportunity to hear real examples of solutions that have been implemented in other organizations.
    • The opportunity to network for career opportunities.

  • Arctic Wolf Networks
    Booth: 228

    Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOC™ service is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting, and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit  https://www.arcticwolf.com.

  • ARMA Atlanta
    Booth: TBD

    ARMA International is a not-for-profit organization representing the RIM profession. Its primary purpose is the advancement of the profession and the professional through advocacy, education and professional development.

    ARMA International members include records and information managers, MIS and ADP professionals, imaging specialists, archivists, hospital administrators, legal administrators, librarians, corporate counsel, compliance professionals, and educators. ARMA, its chapters, and its members are dedicated to helping individuals, organizations, and government agencies successfully meet the challenges of the increasingly complex records and information management field.

  • HPE Aruba Networking
    Booth: 300

    At Aruba, a Hewlett Packard Enterprise company, we believe the most dynamic customer experiences happen at the Edge—an office, a hospital, a school, or at home. It’s anyplace work gets done and data is generated by users, devices, and things across your network. Our mission is to help customers capitalize on these opportunities by providing secure edge-to-cloud networking solutions. We use AI-based machine learning to deliver simpler, faster, and more automated networks that analyze data to help businesses thrive.

  • Bay Pay Forum
    Booth: TBD

    The BayPay Forum, a Silicon Valley-based international network composed of over 14,000 payment and commerce executives, entrepreneurs and investors from thousands of different companies, serves as a forum to connect members in identifying and understanding the emerging trends and innovations in the industry.

  • Binary Defense
    Booth: 322

    Binary Defense is a managed security services provider and software developer with leading cybersecurity solutions that include SOC-as-a-Service, Managed Detection & Response, Security Information & Event Management, Threat Hunting and Counterintelligence. Binary Defense believes its unique approach resolves infosec’s biggest challenges such as limited in-house security expertise, lack of innovative resources and the significant budgetary and time investment required to ensure protection from today’s threats.

  • Bitdefender
    Booth: 326

    Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.

    From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.

  • BOMGAR
    Booth: 238

    Bomgar offers the most secure remote access and support technology on the planet. Each encrypted connection is outbound, so you can connect without VPN or firewall changes. You can leverage Active Directory and LDAPS to manage authentication, require multi-factor authentication, define more than 50 permissions for technicians and privileged users, and capture a detailed audit log of every remote connection.

  • Cambridge Computer
    Booth: 228

    Over the last 25+ years, Cambridge Computer has evolved a business model that provides a unique value proposition for technical leaders and decision makers, allowing us to prioritize your technical and business objectives.

    Our business is a broker-agent model. We provide resources, ideas, and expertise in innovative ways when our clients are evaluating technical direction, vetting products and technologies, and purchasing hardware, software, subscriptions, and professional services. Our team consists of industry analysts, technologists, hands-on consultants, and entrepreneurs, who all continually invest in building relationships with industry players and learning technologies and products, so you can treat us as an extension of your IT team.

  • Centrify
    Booth: 314

    Centrify provides unified identity management across data center, cloud and mobile environments. Centrify software and cloud-based Identity-as-a-Service (IDaaS) solutions leverage an organization’s existing identity infrastructure to enable single sign-on, multi-factor authentication, privileged identity management, auditing for compliance and mobile device management.
    Centrify customers can typically reduce their total cost of identity management and compliance by more than 50 percent.

  • CIOReview
    Booth: TBD

    CIOReview is a technology magazine that talks about the enterprise solutions that can redefine the business goals of enterprises tomorrow. It is the leading source that shares innovative enterprise solutions developed by established solutions providers, upcoming hot enterprises and is a neutral source for technology decision makers. Published from Fremont, California, CIOReview is an excellent platform for the enterprise to showcase their innovative solutions.

  • Code42
    Booth: 310

    Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.

  • Comodo Cybersecurity
    Booth: 234

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • DHG
    Booth: 304

    Headquartered in Charlotte, NC, DHG ranks among the top 20 public accounting firms in the nation. With more than 2,000 professionals in 13 states, we combine deep experience with a strong commitment to personal service. We are passionate about helping our clients succeed—and we do so through a resourceful approach to solving problems, providing solutions and helping our clients achieve their goals.

    Dedicated client focus and relationships have been and always will be our touchstone. Here at DHG, you’ll receive personalized service provided by a team of professionals who are eager to share their knowledge and experience with you. We draw on our extensive resources to combine comprehensive assurance, tax and advisory services.

  • Duo
    Booth: 318

    Duo was founded with the belief that security can only be effective if it is easy to use. Through that vision, Duo has built a world-class security platform that is actually enjoyable to use. Duo supports thousands of customers and millions of users in organizations like Accenture, Boston Medical, Emblem Health, Facebook, Toyota, Twitter, Virginia Tech, Yelp and others, and enjoys the highest NPS score in the industry.

  • EC-Council
    Booth: 232

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Endgame
    Booth: 324

    Organizations spent $75 billion on security last year, yet they still face breaches at an alarming rate. Endgame exists to transform that paradigm and not accept breaches as the status quo.

    To solve these challenges, we can’t apply the same people, processes and technology and expect different results.

    We bring to bear the best across enterprise tech, security domain expertise, data science, user experience, and academia to challenge the industry-standard of what makes a good security product.

    That’s what we’re doing everyday at Endgame.

  • Global Cyber Alliance
    Booth: TBD

    The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

  • GuidePoint Security LLC
    Booth: 216

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

  • InfraGard
    Booth: 230

    InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of individuals, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.

    The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.

  • iRobot
    Booth: 200

    iRobot, the leading global consumer robot company, designs and builds robots that empower people to do more both inside and outside of the home. iRobot’s products, including the award-winning Roomba® Vacuuming Robot and the Braava® family of mopping robots, have been welcomed into millions of homes around the world and are hard at work every day helping people to get more done.

  • ISACA
    Booth: 202

    As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

  • ISC2 Atlanta
    Booth: 330

    ISC2 Atlanta chapter encompasses the Atlanta Metro area. Our chapter program provides members a forum to facilitate the exchange of knowledge and ideas, development of leadership and professional skills, and advancement of information systems security. We also provide our members with access to a variety of industry resource and educational programs to keep our members informed of the latest advances in technology and techniques.

    Our mission is to advance information security in local communities throughout Atlanta, Georgia, by providing our members and other security professionals with the opportunity to share knowledge, grow professionally, educate others, and collaborate on projects. ​

  • ISSA Metro Atlanta Chapter
    Booth: 208

    The ISSA Metro Atlanta chapter has developed over the years into one of the largest ISSA chapters worldwide and the largest IT Security organization in the Metro Atlanta area. The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.

  • Ixia, a Keysight Business
    Booth: 226

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Mission Critical
    Booth: 222

    Mission Critical Systems is an information technology security reseller and integrator focused only on security solutions. We have been providing top quality security products and consulting services throughout the Southeast United States and Caribbean since 1997.

    Our mission is to provide best-in-breed data and network security products and expert services that will reduce our client’s exposure to information theft and destruction. We advocate a comprehensive approach to information security—evaluating all aspects of an organization’s vulnerabilities from internal compromises to external threat. We can provide your organization with the tools, controls and training to secure your infrastructure. Our sales and engineering professionals will work with you to design and implement strategies to address your complex information security challenges.

    Mission Critical Systems is a Woman Owned Business and Equal Opportunity Employer.

  • Okta
    Booth: 210

    Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.

  • Pluribus Networks
    Booth: 218

    Pluribus Networks delivers a programmable software-defined security fabric with a distributed architecture to integrate and orchestrate multiple security functionalities for internal security protections. The Fabric enables establishing a transparent and secure control layer to segment and control all traffic across the enterprise independent of the underlying physical network infrastructure. The Fabric enables network virtualization and segmentation with adaptive security policies, enables security service insertion and provides real-time visibility to identify emerging threats and speed cyber incident response.

  • RedSeal
    Booth: 316

    By focusing on cybersecurity fundamentals, RedSeal helps government agencies and Global 2000 companies measurably reduce their cyber risk. With RedSeal’s cyber terrain analytics platform and professional services, enterprises improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif.

  • Rook
    Booth: 220

    Rook Security provides 24/7 Managed Detection and Response to prevent incidents from impacting business operations. We unite the brightest minds in digital defense with the most advanced, rapid-to-deploy technology to protect your organization. As a managed service, there is no need to worry about configuring, monitoring, or managing technology – our team does the hard part for you.

  • Securonix
    Booth: 328

    Securonix is redefining threat detection and response for today’s hybrid cloud, data-driven enterprise. Securonix Next-Gen SIEM and XDR are powered by the most advanced analytics and built on a scalable, flexible cloud native architecture. Securonix leverages behavioral analytics technology that pioneered the UEBA category to reduce noise, prioritize high fidelity alerts, and enable fast and precise response to insider and cyber threats.

  • SSH Communications Security
    Booth: 236

    As the inventor of the SSH protocol, we have a twenty-year history of leading the market in developing advanced security solutions that enable, monitor, and manage encrypted networks. Over 3,000 customers across the globe trust the company’s encryption, access control and encrypted channel monitoring solutions to meet complex compliance requirements, improve their security posture and save on operational costs. SSH Communications Security is headquartered in Helsinki and has offices in the Americas, Europe and Asia. The company’s shares (SSH1V) are quoted on the NASDAQ OMX Helsinki. For more information, visit www.ssh.com

  • TAG
    Booth: 204

    It’s a new world for tech, and the Technology Association of Georgia (TAG) has emerged as a world-class membership organization and an engine for economic development for the state of Georgia. TAG’s mission is to educate, promote, influence and unite Georgia’s technology community to foster an innovative and connected marketplace that stimulates and enhances Georgia’s tech-based economy.

    TAG TODAY:
    35,000+ Members
    2,000+ Member Companies
    200+ Events per year
    33 Societies

  • TechTarget
    Booth: TBD

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • TrustedSec
    Booth: 322

    TrustedSec is a leader in attack intelligence and security advisory services. Our team of highly talented, skilled, senior consultants sets us apart from other commodity-service security companies. We form partnerships with our number one goal to help you holistically improve your security program. You’ll find that working with us amounts to more than “just another engagement”—it’s establishing an understanding with your organization, and working to make you more secure, and better as a whole.

     

  • Veristor
    Booth: 312

    At VeriStor, we design, implement and manage IT solutions that fuel business productivity. As an end-to-end solutions provider, VeriStor specializes in enterprise data storage, virtual infrastructure, public, private and hybrid cloud services, migration, and technology financing. Headquartered in Atlanta, VeriStor delivers solutions nationwide to enterprise and mid-market companies in all industries including financial services, manufacturing, healthcare, education and federal, state and local government. To learn how VeriStor can help you achieve an IT infrastructure that accelerates business growth, improves efficiencies and reduces costs, visit: http://www.veristor.com

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Rebecca Herold
    CEO, The Privacy Professor; CEO, Privacy & Security Brainiacs

    Rebecca Herold has more than 30 years of security, privacy, and compliance experience. She is founder of The Privacy Professor Consultancy (2004) and of Privacy & Security Brainiacs SaaS services (2021) and has helped hundreds of clients throughout the years. Rebecca has been a subject matter expert (SME) for the National Institute of Standards and Technology (NIST) on a wide range of projects since 2009, including: seven and a half years leading the smart grid privacy standards creation initiative, and co-authoring those informative references and standards; two years being a co-author of and a SME member of the team that created the Privacy Framework (PF) and associated documents; and three years as a SME team member, and co-author of the Internet of Things (IoT) technical and non-technical standards and associated informative references; and performing throughout the years proof of concept (PoC) tests for a variety of technologies, such as field electricity solar inverters, PMU reclosers, and associated sensors. Rebecca has served as an expert witness for cases covering HIPAA, privacy compliance, criminals using IoT devices to track their victims, stolen personal data of retirement housing residents, tracking apps and website users via Meta Pixels and other tracking tech, and social engineering using AI. Rebecca has authored 22 books, and was adjunct professor for nine and a half years for the Norwich University MSISA program. Since early 2018, Rebecca has hosted the Voice America podcast/radio show, Data Security & Privacy with the Privacy Professor. Rebecca is based in Des Moines, Iowa, USA. www.privacysecuritybrainiacs.com

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

  • speaker photo
    Roy Zur
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI

    Roy Zur is a cyber intelligence expert, an attorney, and the founder and CEO of Cybint Solutions, a cyber education company. Roy has over a decade of experience in cyber and intelligence operations from the Israeli security forces (Retired Major), and has developed cyber education programs and technological solutions for companies, educational institutions, and government agencies around the world.

  • speaker photo
    Nir Valtman
    Head of Application Security, NCR Corporation

    Nir Valtman heads the application security of the software solutions for NCR Corporation. Before the acquisition of Retalix by NCR, Nir lead the security of the R&D in the company. As part of his previous positions, he was working in several application security, penetration testing and systems infrastructure security positions. Nir is a frequent speaker at leading conferences around the world, including Black Hat, Defcon, RSA, BSides, OWASP etc. Nir has a Bachelor of Science in Computer Science but his knowledge is mainly based on cowboy learning and information sharing with the techno-oriented communities, such as blogging and releasing open source tools (including AntiDef, Cloudefigo, and SAPIA).

  • speaker photo
    Jon Neiditz
    Partner & Cybersecurity Practice Leader, Kilpatrick Townsend

    Jon Neiditz co-leads the Cybersecurity, Privacy and Data Governance Practice at knowledge asset protection law firm Kilpatrick Townsend & Stockton LLP. Jon has been named a “Cybersecurity Trail Blazer” by the National Law Journal and a Ponemon Fellow, is listed as one of the Best Lawyers in America® both in Information Management Law and in Privacy and Data Security Law, and is listed more questionably by Twitter (of course) as the 82nd most influential person in the world in data security. One of the first lawyers to focus broadly on data governance and knowledge asset protection, Jon helps clients anticipate and obviate information risks, appropriately monetize information, comply with information laws, contain incidents and maxim recoveries and resilience afterwards. He has managed responses to multiple data breaches and other information security incidents every week since 2005 as well as helped design and implement many strategic and compliance initiatives in the areas of privacy, cybersecurity and information management. Jon holds a J.D. from Yale Law School and a B.A., magna cum laude, from Dartmouth College. In good times, Jon blogs at datalaw.net and linkedin.com/in/informationmanagementlaw, and tweet as @jonneiditz.

  • speaker photo
    Mark Gelhardt
    CIO, Georgia State Defense Force, Former CIO, The White House

    Colonel Gelhardt, at the pinnacle of his military career was selection to work at The White House as the CIO, supporting President Clinton, the VP, the White House Staff, and the U.S. Secret Service managing all the classified automation and telecommunications. Colonel Gelhardt is a combat veteran. Colonel Gelhardt is a well-known speaker and the author of “My time at the Clinton White House”. Since retiring from active service, Colonel Gelhardt has volunteer with many different service organizations. Currently he is the Chief Information Officer for the Georgia State Defense Force and all volunteer force keeping your state safe.

  • speaker photo
    Terry Ziemniak, CISSP
    Chapter Member, (ISC)2

    Terry has over 25 years' experience in the information security field with work ranging from hands on security penetration testing to the build out of complex, state of the art cyber protections. Additionally, he has spent over a decade in the role of Chief Information Security Officer for very large organizations (including Atrium Health here in Charlotte). Terry brings that technical experience and business acumen into the consulting space—helping business leaders navigate the risks and rewards of cybersecurity. Terry has achieved the CISSP (Certified Information System Security Practitioner) designation as well as having completed his Master's degree in Information Security from DePaul University. He has spoken on cybersecurity topics to groups all over the country and as far away as Germany.

  • speaker photo
    Ravi Thatavarthy
    VP & CISO, BJ's Wholesale Club

    Ravi Thatavarthy brings 20+ years of experience in Information Security to his role with a strong background in Security Architecture and building Security programs from ground up. His approach to Information Security is unique and well-balanced with a focus on ‘Business Value’ and ‘User Delight’. He recently appeared in ‘Profiles in Confidence’ as a Security leader running confident Security program. He spoke and served as a panelist in multiple conferences. Before joining BJ's, he was the Head of Information Security at iRobot, and previously led the Security, Policy & Compliance programs at Haemonetics where he worked as Director of Global Security & Policy.

  • speaker photo
    Roy Zur
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI

    Roy Zur is a cyber intelligence expert, an attorney, and the founder and CEO of Cybint Solutions, a cyber education company. Roy has over a decade of experience in cyber and intelligence operations from the Israeli security forces (Retired Major), and has developed cyber education programs and technological solutions for companies, educational institutions, and government agencies around the world.

  • speaker photo
    Zoe Lindsey
    Customer Advocacy, Duo Security

    Zoe Lindsey is Duo Security’s Advocate Manager, where she educates and advises organizations with unique compliance challenges including the healthcare, government, and financial industries on strong security policy and best practices. She has been hooked on tech since getting her first Commodore 64 at age 10, and joined Duo with a background in cellular and medical technology.

  • speaker photo
    Roy Wilkinson
    Principal, CISO/CIO Services, Rausch Advisory

    Roy Wilkinson, PhD, CISSP, CPCS, CHS-V, HISP, is a former CSO & CISO with 30+ years in Information Security and 25+ years in physical security. He is currently Principal for a virtual CIO/CISO practice with an executive advisory firm and was recently elected as Vice President of ISSA International. Dr. Wilkinson is a recognized security leader and speaker for security organizations: ISSA Intl, ASIS Intl, ACFEI Homeland Security, SecureWorld, CyberCrime Summit, and others. Roy holds an extensive list of security certifications and honors, including: ISSA International Hall of Fame, American College of Forensic Examiners Fellow, and ISSA International Distinguished Fellow.

  • speaker photo
    Brian Harrell
    Assistant Director, Infrastructure Security, U.S. Cybersecurity and Infrastructure Security Agency (CISA), DHS

    Brian Harrell was appointed by the President of the United States in December 2018 to serve as the Department of Homeland Security’s Assistant Secretary for Infrastructure Protection. Brian now serves as the first Assistant Director for Infrastructure Security within the newly renamed U.S. Cybersecurity and Infrastructure Security Agency (CISA). Recently recognized as Security Magazine's Most Influential People in Security, Brian is the former Managing Director of Enterprise Security at the Duke Energy Corporation. He is also the former Director of the Electricity ISAC and Director of Critical Infrastructure Protection Programs at the North American Electric Reliability Corporation (NERC) where he was charged with helping protect North America's electric grid from physical and cyber-attack. Brian has spent time during his career in the US Marine Corps and various private sector agencies with the goal of protecting the United States from security threats.

  • speaker photo
    Fatih Orhan
    VP, Threat Labs, Comodo Cybersecurity

    With more than 15 years of experience in the technology industry, Fatih Orhan brings a great deal of expertise to his role as director of Comodo Cybersecurity’s Threat Research Lab (CTRL). Working with over 200 security analysts, Orhan and his digital intelligence team are committed to using the best combination of cybersecurity technology and innovations; machine learning-powered analytics; artificial intelligence; and human insight to secure and protect individuals and businesses around the world.

    Orhan received his undergraduate degree in Computer Engineering and a Masters in Science Informatics from Middle East Technical University, both of which he uses to battle the ongoing malware threats of today and reinstate online trust.

  • speaker photo
    Rebecca Herold
    CEO, The Privacy Professor; CEO, Privacy & Security Brainiacs

    Rebecca Herold has more than 30 years of security, privacy, and compliance experience. She is founder of The Privacy Professor Consultancy (2004) and of Privacy & Security Brainiacs SaaS services (2021) and has helped hundreds of clients throughout the years. Rebecca has been a subject matter expert (SME) for the National Institute of Standards and Technology (NIST) on a wide range of projects since 2009, including: seven and a half years leading the smart grid privacy standards creation initiative, and co-authoring those informative references and standards; two years being a co-author of and a SME member of the team that created the Privacy Framework (PF) and associated documents; and three years as a SME team member, and co-author of the Internet of Things (IoT) technical and non-technical standards and associated informative references; and performing throughout the years proof of concept (PoC) tests for a variety of technologies, such as field electricity solar inverters, PMU reclosers, and associated sensors. Rebecca has served as an expert witness for cases covering HIPAA, privacy compliance, criminals using IoT devices to track their victims, stolen personal data of retirement housing residents, tracking apps and website users via Meta Pixels and other tracking tech, and social engineering using AI. Rebecca has authored 22 books, and was adjunct professor for nine and a half years for the Norwich University MSISA program. Since early 2018, Rebecca has hosted the Voice America podcast/radio show, Data Security & Privacy with the Privacy Professor. Rebecca is based in Des Moines, Iowa, USA. www.privacysecuritybrainiacs.com

  • speaker photo
    Mikal Hass
    President, (ISC)2 Atlanta Chapter
  • speaker photo
    Lynn Goodendorf
    Director, Information Security / CISO, Mandarin Oriental Hotel Group

    Lynn Goodendorf is the Director of Information Security for the Mandarin Oriental Hotel Group with a global scope of responsibility for the information security program at all hotels and corporate offices. She is known for a strategic and risk-based approach with over 25 years of leadership in technology, cybersecurity, data privacy and risk management. Lynn has been a speaker at ISACA, Infragard’s A-List, Secure World and other professional security events and has published articles with TechTarget, Hospitality Upgrade and White Collar Crime Fighter. Her professional associations include ISSA, IAPP and InfraGard, a cybersecurity partnership between the FBI and private sector.

  • speaker photo
    Tamika Bass
    Cybersecurity Director, Gannett Fleming

    Tamika Bass is an Information Security professional with more than 17 years’ experience in information security, including information security governance and risk management. Tamika is passionate about improving communication and understanding of information security in the industry. Tamika is an active speaker, college professor and enjoys spending her time educating technical staff on the importance of communicating effectively in the Information Technology space. Tamika holds the following certifications: CISA,CRISC, HCISPP, CBCP.

  • speaker photo
    Phillip Mahan
    Cybersecurity & Privacy Professional

    Phillip loves to tell stories and has decades of experiences in Security, Privacy, and Technology to use for tales. With enough letters to fill a full serving of alphabet soup (although mostly C’s, I’s, P's, and S’s), he walks through data protection and privacy with an eye to making the world a better place for data to live.

  • speaker photo
    Levone Campbell
    Cyber Team Lead / Incident Coordinator, Aramco Services

    Levone Campbell is the Cyber Security Lead / Incident Coordinator for his organization. Levone holds two Bachelor degrees in Management and Marketing from North Carolina A&T State University, a Masters in Business Administration from Walden University, and a Masters in Technology Management from Georgetown University. He also holds numerous certifications.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

  • speaker photo
    Roy Zur
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI

    Roy Zur is a cyber intelligence expert, an attorney, and the founder and CEO of Cybint Solutions, a cyber education company. Roy has over a decade of experience in cyber and intelligence operations from the Israeli security forces (Retired Major), and has developed cyber education programs and technological solutions for companies, educational institutions, and government agencies around the world.

  • speaker photo
    Happy Hour
  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

  • speaker photo
    Roy Zur
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI

    Roy Zur is a cyber intelligence expert, an attorney, and the founder and CEO of Cybint Solutions, a cyber education company. Roy has over a decade of experience in cyber and intelligence operations from the Israeli security forces (Retired Major), and has developed cyber education programs and technological solutions for companies, educational institutions, and government agencies around the world.

  • speaker photo
    Bruno Haring, CISSP, CIPT, CRISC, CISA
    Director and Market Leader, PwC

    Bruno is a Director and Market Leader with PwC’s Cybersecurity and Privacy practice based in Atlanta, GA. With over 21 years of experience, both nationally and internationally, in cybersecurity and IT risk management and transformation. Bruno helps Fortune 500 organizations navigate and address cybersecurity, IT, and governance risks, resulting in improved business performance and value.

    Bruno focuses in emerging technology and digital risks by working with the Board and C-level suite tackle information security as a business issue and to improve the organization’s defensible posture against emerging threats. Bruno has a strong background in assessing and implementing cybersecurity, privacy, IT risk, business resiliency, vendor risk, and data protection programs. Bruno also leads teams in penetration testing and vulnerability assessments, threat modeling, secure adoption of Cloud based solutions, and helps organizations implement and assess against various security, regulatory and compliance requirements, such as NIST, ISO27001/2, GDPR, PCI, ISF, and HIPAA.

    Bruno is a proven practice leader, currently Board President for the FBI’s InfraGard Atlanta Members Alliance, has published thought leadership, and is a frequent speaker at various professional associations. Lastly, Bruno has significant experience in the supervision of large scale IT initiatives, and advisory oversight of technology integration engagements.

    Prior to joining PwC, Bruno served as an Information Security and IT Risk advisor and competency leader in EY’s Advisory practice and in Andersen’s (formerly Arthur Andersen) Business Consulting practice, and in the Global Technology Integration Services group in Andersen Consulting (now Accenture) where he had lead application and data architecture design and development responsibilities nationally.

  • speaker photo
    James “Mark” Harless
    Special Agent, FBI

    SA Harless has been a Federal Law Enforcement Officer for 24 years, including 3 years as a Special Agent with The U.S. Air Force Office Of Special Investigation (AFOSI), and 21 years as a Special Agent with the FBI. SA Harless has over 11 years of leadership experience as an FBI Supervisor, and has a broad law enforcement background in matters involving public corruption, white collar crime, healthcare fraud, gangs, drug trafficking, money laundering, intellectual property rights, and counterterrorism. SA Harless earned a Master of Science Degree from The Florida State University and a Bachelor of Science Degree from Belmont University. In 2008, SA Harless was the recipient of the FBI Director’s Award for Special Achievement, and in 2009 he received the FBI Director’s Award for Excellence in Investigation.

  • speaker photo
    Michael Holcomb, Moderator
    Fellow and Director of Cybersecurity, Fluor

    Michael Holcomb is the Fellow and Director of Information Security for Fluor, one of the world's largest construction, engineering, and project services companies with 60,000 employees around the world. In his role at Fluor, Michael is responsible for vulnerability management, incident detection/response, penetration testing and industrial controls for the global organization. He also teaches cybersecurity as an adjunct instructor at Greenville Technical College and helps students, career transitioners, and others that are new to cybersecurity.

  • speaker photo
    Nicole Keaton Hart
    CxO - Deputy CIO , Nicke Consulting Group

    Nicole Keaton-Hart has served as a fractional CxO in Financial Services, Consumer Packaged Goods, Retail, Oil & Gas and Health IT industries as Chief Information Security Officer, Chief Information Officer and Chief Strategist. As a visionary and pragmatic leader with a keen focus on Business, IT and Information Security operating in harmony she has held several executive leadership positions. Nicole is well versed in Information Security Strategy, Enterprise Risk Management and the Governance of Enterprise IT. She holds CGEIT, CRISC, CISA and CISM certifications and is a graduate of Georgia State University J. Mack Robinson College of Business with an Executive Masters in Management Information Technology.

  • speaker photo
    Justin Daniels
    Attorney, Baker Donelson

    Justin Daniels is a thought leader in cybersecurity who believes cybersecurity must be treated by the c-suite as a strategic enterprise business risk. He provides strategic advice to companies to help them understand cyber risk and create a comprehensive approach to address it. Justin is general counsel to one of the largest enterprise data centers in the country dedicated to the development of blockchain technologies that is headquartered in College Park, Georgia. He also speaks regularly on topics that include blockchain, cryptomining and AI as well as conducting realistic cyber breach incident response tabletop exercises. He completed the MIT Sloan School of Management course entitled "Blockchain Technologies: Business Innovation and Application" in December 2018. He brings a cyber lens to business and legal issues in mergers and acquisitions, investment capital transactions and related due diligence matters, information security plans, incident response plans, vendor and customer contracts and cyber insurance. Justin is an attorney with Baker Donelson, where he is a corporate attorney who specializes in M&A and other business transactions.

  • speaker photo
    Steven Shalita
    Vice President, Marketing and Business Development, Pluribus Networks

    Steven Shalita has 20+ years of technology experience across the Enterprise, Cloud and Service Provider technology segments. He has market and technology expertise spanning across Cybersecurity, network security, forensics, SDN/NFV, and IT infrastructure. He has spent a considerable amount of time in the performance monitoring marker and was a key evangelist for adapting network monitoring technology for security use cases to identify zero-attacks. Steven is currently Vice President at Pluribus Networks and is a frequent featured speaker at leading industry events. He has held senior technology marketing leadership positions at NetScout, Check Point Software Technologies, Alcatel-Lucent, Cisco, and HP Networking.

  • speaker photo
    Steven "Doc" Simon, PhD
    Professor, IT / Captain, US Navy (Ret), Mercer University

    Steven “Doc” Simon was commissioned in the Navy in October 1989. He served his first tour aboard the USS BLAKELY (FF-1072), homeported in Charleston, SC earning his Surface Warfare Qualification. Upon de-commissioning of the Blakely he cross-decked to the USS SAMUEL ELLIOT MORRISON (FFG-13) before being assigned to Naval Construction Force, Support Unit Three as Information Resource Management Officer and earning his Seabee Warfare Qualification. He was then transferred to the Second Naval Construction Brigade as ADP/IRM Officer. During this period he led the re-engineering of the Brigade’s information system implementing local area networks, storage, and SATCOM functionality.

    In September 1994, he was assigned to Commander, Naval Expeditionary Logistics Support Force in Williamsburg, VA as a Logistics Planner and in October 1997 transferred to Commander, United States Atlantic Command. In October 1999, LT Simon was assigned as Logistics and Information Systems Officer for Mobile Inshore Undersea Warfare Unit 208. In October 2001, LCDR Simon was assigned to Commander Carrier Group TWO as Assistant Communications and Logistic Officer. Serving aboard USS HARRY S TRUMAN (CVN-75) during Operation Iraqi Freedom in the Mediterranean he became Tactical Action Officer (TAO) Qualified. In October 2003, he transferred to Commander, US Sixth Fleet Det 802 as N-6. During this tour he served on the USS LASALLE (AGF-3) and USS MT WHITNEY (LCC-20) qualifying as Battle Watch Captain (BWC).

    From October 2005 to July 2006, CDR Simon was assigned to the Office of Naval Research/Naval Research Labs as Deputy CIO/Research & Development Liaison Officer. He was then transferred to the United States Strategic Command Center for Combating Weapons of Mass Destruction (SCC-WMD) as Chief Information Officer/J-6 where he led the development of joint and coalition systems.

    In October 2008, he assumed command of Naval Communications Material System (NCMS)/Department of Navy Communications Security System. AT NCMS, he was responsible for the planning, development, and operation of the Department of the Navy’s communication security (COMSEC) system. In July 2011 he became the Director of the Cyber Security Center at the United States Naval Academy. Before his retirement he served as the commanding officer of NR-Naval Information Operations Command Georgia. CAPT Simon has a broad background with large-scale systems and infrastructure projects having worked on numerous Enterprise Resource Planning (ERP) implementations as a solutions architect and project manager. He is an Associate Professor of Information Technology at Mercer University in Atlanta, GA.

    Capt. Simon holds a Bachelor’s degree in computer science and marketing from the University of Georgia, a Masters of Business Administration from the University of Georgia System, and a Doctor of Philosophy (PhD) in Information Technology and International Business from the University of South Carolina. He has published over seventy-five scholarly articles on IT topics and served as Editor-in-Chief of the Journal of Information Science and Technology. He has been a professor at University of South Carolina, Oklahoma University, Florida International, and currently Mercer University. He has additional served as an SAP consultant, consultant to several large World Bank projects, and advisor to a number of DoD and USG technology projects. His personal decorations include Legion of Merit with two Gold Star, Defense Meritorious Service Medal, Meritorious Service Medal with two Gold Stars, Navy Commendation Medal, Navy Achievement Medal with two Gold Stars, Joint Meritorious Unit Commendation with one Oak Leaf, Meritorious Unit Citation, National Defense Service Medal, Global War On Terrorism Expeditionary Medal, Global War On Terrorism Service Medal, Armed Forces Expeditionary Medal, Sea Service Ribbon, Expert Rifle Shot Medal, and Expert Pistol Shot Medal.

  • speaker photo
    James Farwell
    Counsel, Elkins PLC; Associate Fellow, Kings College, University of London

    James counsels clients in the areas of Cybersecurity and Privacy Protection. He has a CIPP/US certification from the International Association of Privacy Professionals. James advised the U.S. Department of Defense and U.S. Special Operations Command on cybersecurity and strategic communication. He served as consultant to the U.S. Department of Defense. Non-resident Senior Fellow, Middle East Institute, Washington, D.C.

  • speaker photo
    Rebecca Finnin, Moderator
    AVP, Chief Security Office, AT&T

    Rebecca Finnin is an Assistant Vice President in the Chief Security Office of AT&T. During her tenure, she has served in a variety of information security and privacy roles.

    Ms. Finnin has led teams to embed security features into the software defined network, developed tools to allow DevOps teams to self-identify relevant security requirements, secured AT&T contributions and use of open-source software, built applications to automatically derive a software bill of materials, performed vulnerability assessments of software and infrastructure, and delivered development projects to meet privacy requirements. Her current role involves assisting with product development efforts to turn unique AT&T solutions into secure new product offerings.

    Prior to AT&T, Ms. Finnin spent almost a decade in public accounting and consulting at Deloitte.

  • speaker photo
    Ted Claypoole
    Partner, Womble Bond Dickinson

    Lawyer, business adviser, lawfirm team lead for cybersecurity/privacy, licensing and FinTech, chair of American Bar Association, Business Cyberspace Law Committee, former in-house counsel for Bank of America and Compuserve, co-author of books Privacy in the Age of Big Data, and Protecting Your Internet Identity.

  • speaker photo
    Tim Hill
    Director, Product Management & Strategy, Centrify Corp

    Tim Hill joined Centrify in the fall of 2017 as the Director of Product Management & Strategy, he is a US Air Force Veteran who post military joined Amp Inc./TE Connectivity Inc. through the embattled years as part of Tyco International Inc., as their Information Security Manager, and M&A team member, later at PHEAA as the VP of Enterprise Security, then Anthem Inc. as a Security Director in the CISO's office in 2014 through 2017. He has participated in first hand breach recovery efforts and has seen first-hand what is being done right and wrong. Tim has a strong background in IAM which he uses to drive productivity solutions through our customer, leveraging investments and optimizing the full business process and execution.

  • speaker photo
    Dr. Larry Ponemon
    Chairman and Founder, Ponemon Institute

    Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management (RIM) framework.

    Ponemon Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University’s CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Corporation.

    Dr. Ponemon consults with leading multinational organizations on global privacy management programs. He has extensive knowledge of regulatory frameworks for managing privacy and data security, including financial services, healthcare, pharmaceutical, telecom, and internet. Dr. Ponemon was appointed to the Advisory Committee for Online Access & Security for the United States Federal Trade Commission. He was appointed by the White House to the Data Privacy and Integrity Advisory Committee for the Department of Homeland Security. He was also an appointed to two California State task forces on privacy and data security laws.

    Dr. Ponemon earned his Ph.D. at Union College in Schenectady, New York. He has a Master’s degree from Harvard University, and attended the doctoral program in system sciences at Carnegie Mellon University. He earned his Bachelor's with Highest Distinction from the University of Arizona. He is a Certified Public Accountant and a Certified Information Privacy Professional.

  • speaker photo
    David Benton
    Director, The American Society of Digital Forensics & eDiscovery (ASDFED)

    In 1994, David began his investigative career as a Counterintelligence Special Agent. During his tour, he conducted numerous investigations across multiple continents. After the military, he joined the Georgia Bureau of Investigation and left as a supervisor on their computer evidence recovery team. He worked for a fortune 25 company and later a leading consulting practice. He’s testified as an expert witness in 19 separate cases and was a court-appointed special master in multiple matters before the US District Court in Atlanta. David blends his experience to provide practical advice to tackle internal investigations.

  • speaker photo
    David Keating
    Partner, Alston & Bird LLP

    David Keating is one of the co-leaders of the Privacy and Security Practice at Alston & Bird. David’s practice is focused on advising clients on privacy and security issues arising along the entire data lifecycle. He assists clients with compliance strategies, policy development and implementation, data monetization and data use analyses, new product development, and privacy enforcement matters. Particular areas of focus include emerging technologies and European Union data protection, including GDPR readiness and remediation.

  • speaker photo
    David Barton
    Managing Director, UHY Consulting

    David Barton is a Managing Director with UHY Consulting and practice leader of the Technology, Risk, and Compliance practice, which provides cybersecurity consulting and compliance services focused around information technology. He has over 30 years of practical experience in information systems and technology risk and controls.
    David is frequently asked to speak at national and regional events, such as SecureWorld and the Cloud Security Alliance Congress. He is the primary author of the CSA position paper on AICPA Service Organization Control Reports. He regularly provides his input and opinions for national publications such as Compliance Week, Accounting Today, and the Atlanta Journal Constitution.
    David holds an MBA and BS in Business Administration from Appalachian State University. He is Certified in Risk and Information Systems Control (CRISC), received the Certified Information Systems Auditor (CISA) designation in 1988, and is a member of the Atlanta chapter of the Cloud Security Alliance. David has active civic memberships with the Atlanta chapter of the Porsche Club of America and the Tire Rack Street Survival® program for teen driver education. He is also a certified high-performance driving instructor and former Porsche Club racer.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes