Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, May 29, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    speaker photo
    Head of Global Cyber Risk Governance, First Data Corporation
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: 119

    This session is for Advisory Council Members only.

    8:00 am
    SecureWorld PLUS Part 1 - How to Build the Future: A Deep Dive into Artificial Intelligence, Blockchain, and Preparing Your Organization for 5-10 Years Ahead
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    The Bald Futurist, Former Chief Evangelist and Futurist, Intel
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 111

    In this workshop, you will learn about two of the most important technologies shaping our future, Artificial Intelligence and Blockchain technology. You will then learn how to use the Futurecasting process to model, plan, and build future experiences, including some that are a built around AI and Blockchain. While it does discuss some technical topics at a high level, this workshop is open and accessible to anyone and everyone. Sign up today to boost your knowledge on both AI and Blockchain, and to learn new techniques that will enable you to imagine, plan and build the future.

    Hear from Steve as he gives a preview of what he will cover in this PLUS course: https://youtu.be/eN-wYrdPyjs

    AGENDA

    Introductions

    Artificial Intelligence: How AI will reshape every business, including yours
    Artificial intelligence (AI) is a profoundly important set of technologies that are already shaping the way we live our lives, and the ways that businesses operate. As the second era of computing, AI will have as profound of an effect on business and society as did electrification and traditional digital computers. Over the next decade, AI will transform all our lives and will reshape every industry. AI will power autonomous vehicles, smart robots, drones, virtual assistants, and chatbots. It will manage our smart cities, power sentient factories, and oversee our smart energy grids. AI will turbo-charge medical diagnosis, revolutionize customer service, and aid in the discovery of new materials and new pharmaceuticals. AI will reshape every business process, and could reshape the structure of every team. The HR Director and CIO of every company will need to become best friends as IT and HR co-own a blended human-machine labor force. Every IT person needs to understand the capabilities, limitations, and implications of artificial intelligence, no matter their level of technical acumen. This session explains what Artificial Intelligence is and how it can be used. Attendees will then review the main concepts of AI: artificial neural networks, deep learning, supervised learning, unsupervised learning, reinforcement learning, and generative adversarial networks. Finally, the session will explore how AI may develop in the future, and how it will require a rethinking of every workflow, and every workplace.

    Blockchain beyond crypto-currencies: Your foundation to create new business value
    Crypto-currencies like Bitcoin are just one of the many applications that can be built on top of Blockchain technology. Blockchain has rapidly become a valuable platform for new value creation across a wide range of industries. Heavyweights like IBM, Walmart, Accenture, Intel, and Bank of America are all placing big bets in this area. Over the last thirty years, we have moved from the client-server era, through the cloud computing era, and now with Blockchain to the era of distributed applications. Blockchain technology removes the need for central authorities, creates trust in a trestles world, reduces transaction costs, and dramatically improves traceability. In this session, you’ll cover Blockchain basics, understand why Blockchain technology is so disruptive, and learn how distributed applications (dApps) enable a new innovation paradigm that brings with it new funding and collaboration models. You’ll then look at examples of how Blockchain is already being used to solve problems in a wide range of industries, from real-estate to supply chain, and healthcare to energy.  Be sure that you are prepared to take full advantage of the increased levels of trust, privacy, traceability, and data security made possible by Blockchain technology. Every IT person needs to understand the implications of this technology to their business.

    Futurecasting Workshop
    In this workshop, you’ll learn all the main steps of the Futurecasting process, a proven foresights process developed by futurist, Brian David Johnson. You will then practice each of these major steps—trend synthesis, personas, rapid futurecasting, science fiction prototyping, and backcasting—and start to develop some plans for the future. Some of these plans will build upon what you learned during the two morning sessions focused on AI and Blockchain. In addition to using Rapid Futurecasting to design simple experiences that you may wish to create, you will also consider the investments, partnerships, R&D effort, and talent plans you might need to succeed. “The best way to predict the future is to design it”. So said engineer, inventor, and futurist Buckminster Fuller. Similar statements have been credited to Alan Kay, Peter Drucker, and even Abraham Lincoln. The bottom line is that in order to seize a leadership position in any market, a company needs to take an active role in defining the future that they want to build, and then develop a comprehensive plan to build that imagined future. Attend this workshop to learn how to deploy the Futurecasting process at your company, or perhaps in your own life, as a way to help you model, plan, and then build the future that you want.

    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 110

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 1 - Insider Threat: A White Hat Hacking Methodology Approach to Insider Threats
    • session level icon
    Earn 16 CPEs in this in-depth 3-part course
    speaker photo
    Information Security Advisor, Enterprise IT Solutions
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 112

    There are several courses which teach insider threat program development. While the methods and controls taught are very comprehensive and effective, often-times they can also be bypassed.

    Learn how the controls of your current security program can be bypassed by utilizing routine IT procedures. Will also show how to identify business processes which can contribute to insider threats. Learn how to enhance procedures required to identify insider threat exposures.

    This program is designed to help organizations identify existing critical controls needed to develop an Insider Threat Program using a white hat hacking methodology.

    A series of live demonstrations will be performed to show the white hat hacking techniques used to bypass various controls.

    Learning Objectives:

    • Learn the methodologies utilized by individuals within the organization that would be defined as insider threat activity.
    • How to identify system based behavioral indicators.
    • Learn which existing or enhanced security layer can provide insider threat profile data.
    • Learn how areas of the organization i.e. Legal, Procurement & HR are key stakeholders in assisting to identify insider threat activity.

    Take-Aways From the Course:

    • Establishing or enhancing an existing cyber security program to include insider threat.
    • Define self-assessments of insider threat segment of the cyber security program.
    • Enhance awareness training to include additional methods of insider threat.
    • Enhance existing security layers to better identify specific insider threat activity.
    8:30 am
    A Survey of U.S. Domestic Security and Privacy Laws: The Evolving Landscape
    • session level icon
    speaker photo
    Managing Partner, XPAN Law Group, LLC
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 117

    A Survey of U.S. Domestic Security and Privacy Laws: The Evolving Landscape. The US legal framework for cybersecurity and data privacy continues to evolve, trying to stay abreast of the ever evolving and changing technologies. In the past year, State and Federal regulatory changes have altered the legal and compliance oblgiations of many companies across a variety of industries. Additionally, the courts are starting to adopt opinions that are placed more liability on companies for the protection of sensitive personal data. This presentation will provide an overview of key regulatory and legal changes both at the State and Federal level and discuss how companies should prepare to meet these evolving obligations.

    8:30 am
    The March of the Chain Gang: Understanding Security Risk in Integrated Blockchain Solutions
    • session level icon
    speaker photo
    Attorney, Baker Donelson
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Ballroom D

    The next generation of blockchain solutions will integrate AI, tokenization, smart contracts, and IoT. Each of these ingredients presents cyber risk that must be addressed when developing this new technology. Understanding how these technologies work together is essential for developing a framework to identify and address security vulnerabilities. This presentation will use a proposed integrated block chain use case to help the attendees identify and evaluate security issues as block chain evolves and integrates these other technologies.

    8:30 am
    Fired for Failing to Forward an Email: My Personal Story of the 2017 Equifax Data Breach
    • session level icon
    speaker photo
    President , Cybersecurity4Executives
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Ballroom C

    In September 2017 Equifax reported that its systems had been attacked and criminals had accessed the personal information of 148 million US consumers. Graeme Payne, who was a senior IT executive at the time of the breach, was terminated from Equifax in October 2017 “for failing to forward an email regarding an Apache Struts vulnerability.” Several investigations were launched following the data breach. Over the last 12 months, Graeme has testified in many of the investigations regarding the Equifax Data Breach.

    Graeme will share his personal story living through this breach and its aftermath. He will share key lessons that should be applicable to anyone involved in managing IT and cybersecurity.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE — Going Digital: Building Your Strategic Roadmap for the Next Wave of Digital Transformation
    • session level icon
    speaker photo
    The Bald Futurist, Former Chief Evangelist and Futurist, Intel
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:30 am
    Location / Room: Keynote Theater

    The next major wave of digital transformation will integrate the physical parts of your business even more intimately with the digital world, using sensors, analytics, artificial intelligence, robotics, augmented reality, 5G networking, and blockchain technology. In this talk, former Intel futurist Steve Brown presents a fast-paced, fun exploration of what it will mean to “go digital” in the next decade, and reviews the business and security strategies we will need to navigate the road ahead.

    Hear from Steve as he gives a preview of what he will cover in his keynote: https://youtu.be/Er1spVCyzS8

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    speaker photo
    CISO, Georgia Department of Public Health
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 119

    This session is for Advisory Council Members only.

    11:15 am
    Reporting to the Board: the NACD Cyber-Risk Oversight Handbook
    • session level icon
    speaker photo
    Founder and Manager, Cybersecurity Management Consultants, LLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Ballroom C
    The National Association of Corporate Directors (NACD) has published guidance to its members on what to ask company CISOs to get an understanding of the security of the organization they have oversight responsibilities for. NACD trains board members, but who trains the CISOs? This presentation is a primer on the NACD Cyber-Risk Oversight Handbook and it has some help to for the CISO who gets on the Board of Directors Hot Seat.
    11:15 am
    Vetting Your Vendors: Understanding the “Chain of Control” of Data, Security Pitfalls in Third-Party Contracts, and Service Agreements
    • session level icon
    speaker photo
    Managing Partner, XPAN Law Group, LLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 117

    One of the most important considerations in cybersecurity does not involve your own direct network security; it involves your partners and vendors. In the world of cybersecurity, you are only as strong as the weakest link in your vendor chain. The ease, convenience, and cost effectiveness of outsourcing certain business functions frequently overshadows the potential pitfalls lurking in using outside third-parties and vendors. This presentation will discuss the steps your organization needs to take to ensure that any partners or vendors with access to your network systems or company data are meeting (at least) a minimum level of security requirements.

    An organization needs to adequately assess its partners’ and vendors’ cybersecurity “maturity” and create a dialogue of security with each of them. Further, a full understanding of the contractual liabilities regarding the security of the vendor will allow the company and the vendor to fully understand the vulnerabilities in their business agreement. Cybersecurity is a growing problem; the only way to truly understand the threats and vulnerabilities is to to understand your systems and those of your vendors.

    11:15 am
    Securing Government First: Reducing Risk and Protecting State, Local, Tribal & Territorial (SLTT) from Cyber Threats
    • session level icon
    speaker photo
    Director Cybersecurity, Georgia Technology Authority
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 115

    State, Local, Tribal and Territorial (SLTT) governments face the threat of continuous cyber-attacks from numerous groups with different intentions to disrupt their ability to provide services and support to citizens. Citizens trust an rely on their governments to provide and maintain services that they rely on for essential life sustainment and emergencies. In recent decades research and investments in technology to enhance methods, solutions, and equipment have improved service delivery and emergency response operations provided by governments.
    SLTTs have adopted and embraced advanced technology solutions that increased and improved their capabilities to provide essential and emergency services to their citizens. The effective management and security of these critical services are under constant scrutiny, and even the smallest system failure may be unacceptable to citizens and erode their trust in government. Several studies have shown that cybersecurity programs at the SLTT level receive varying support to ensure security and reduce the risk of compromise. How can budget constrained, understaffed, and low skilled employees of SLTTs establish, maintain and protect the security of their critical information (CI) systems reducing risk and avoiding failures due to cyber-attack? Security professionals, Chief Information Officers (CIO) and Chief Information Security Officers (CISO) are often placed in frustrating positions that limit their options to reduce risk because they are resource constrained. Implementing cybersecurity and risk frameworks that offer foundations to build stakeholder awareness, increase funding, establish needed enforcement authorities can identify gaps, reduce frustration and boost confidence in programs. Combining these basic frameworks with continuous improvement through leadership, information sharing, and partnership building has proven successful in industry cybersecurity programs and can work in SLTTs.

    11:15 am
    Executive Perspective on Cybersecurity Awareness
    • session level icon
    speaker photo
    Chapter Member, (ISC)2
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 113

    We will review recent surveys with dozens of organizational leaders regarding security awareness, covering a lot of topics including: what works, what doesn’t, what is needed, what is the perceived risk, what is their exposure, and what are the potential gains.

    12:15 pm
    LUNCH KEYNOTE: What Should Be on the Mind of a CISO?
    • session level icon
    speaker photo
    SVP, Global Chief Security Officer, Aflac
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    This presentation will cover aspects of security that should be top of mind for every CISO. We will dive into what makes an effective program and how to set the program up for success. This includes reviewing program basics, how to use threat intelligence and incorporating SOAR, and the importance of being active in public policy. The material promises to be thought-provoking and a call to action, giving you specifics that you can implement when you return to work.

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
    Panelists:
    Yasser Fuentes, Bitdefender
    Jay Miller, Red Seal
    Brandon Meyer, enSilo
    Moderator: Larry Wilson

     

    1:15 pm
    Walking a Contract: Understanding Corporate Legal Requirements (a.k.a - Legal for Non-Lawyers)
    • session level icon
    speaker photo
    Lifetime Member, American Society of Digital Forensics and EDiscovery
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:15 pm
    Location / Room: Ballroom C
    Security & IT professionals often are called upon to review the requirements inside Legal Agreements. We aren’t lawyers, and sometimes getting through the verbiage can be a challenge. This presentation takes a look from the Non-Lawyer’s perspective and will give you a new way of looking at ‘Legalese’ and how it affects your daily life on the job. It isn’t true steganography, but you’ll find a lot of “Hidden Language” hiding in MNDAs and Agreements we use every day.

     

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    ISSA Chapter Meeting and Presentation - Open to All Attendees
    • session level icon
    Topic: An Introduction to FAIR Risk Analysis
    speaker photo
    President & CEO, New Oceans Enterprises
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: Ballroom C

    Interested in your local associations? Join ISSA for a chapter meeting and guest presentation. This session is open to all attendees.
    Presentation:
    Factor Analysis of Information Risk (FAIR) is the leading methodology for Quantitative Risk Analysis for cybersecurity and operational risk used by 30% of Fortune 1000 organizations.  It provides technology, information risk, cybersecurity, finance and senior leadership executives with the standards and best practices to help organizations measure, manage and report on information risk from the business perspective.

    3:00 pm
    Employer Data Breach Liability: The Employee as a Threat Vector
    • session level icon
    Learn 6 big decisions organizations must make in response to insider threat
    speaker photo
    Founder, Herrin Health Law, P.C.
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 117
    According to a 2014 IBM study, 31.5% of all cybersecurity incidents were perpetrated by malicious insiders, and 23.5% resulted from the activities of non-malicious insider threats. In 2017, statistics reported by the MIT Sloan Interdisciplinary Consortium showed that between 67% and 80% of cybersecurity incidents were linked to persons with legitimate access to the breached data infrastructure. A 2018 Ponemon Institute report confirms that this upward trend is not abating, as 64% of successful cyber attacks resulted from privileged user negligence, with another 23% being perpetrated by malicious insiders – a total of 87% of all incidents. Education having failed in many instances, with criminals becoming ever more sophisticated, and with the return on investment for perimeter defenses becoming slight, perhaps employers should consider their employees threat vectors and not innocent victims in cybercrime.

     

    3:00 pm
    SecureWorld PLUS Part 2 - How to Build the Future: A Deep Dive into Artificial Intelligence, Blockchain, and Preparing Your Organization for 5-10 Years Ahead
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    The Bald Futurist, Former Chief Evangelist and Futurist, Intel
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 111

    In this workshop, you will learn about two of the most important technologies shaping our future, Artificial Intelligence and Blockchain technology. You will then learn how to use the Futurecasting process to model, plan, and build future experiences, including some that are a built around AI and Blockchain. While it does discuss some technical topics at a high level, this workshop is open and accessible to anyone and everyone. Sign up today to boost your knowledge on both AI and Blockchain, and to learn new techniques that will enable you to imagine, plan and build the future.

    Hear from Steve as he gives a preview of what he will cover in this PLUS course: https://youtu.be/eN-wYrdPyjs

    AGENDA

    Introductions

    Artificial Intelligence: How AI will reshape every business, including yours
    Artificial intelligence (AI) is a profoundly important set of technologies that are already shaping the way we live our lives, and the ways that businesses operate. As the second era of computing, AI will have as profound of an effect on business and society as did electrification and traditional digital computers. Over the next decade, AI will transform all our lives and will reshape every industry. AI will power autonomous vehicles, smart robots, drones, virtual assistants, and chatbots. It will manage our smart cities, power sentient factories, and oversee our smart energy grids. AI will turbo-charge medical diagnosis, revolutionize customer service, and aid in the discovery of new materials and new pharmaceuticals. AI will reshape every business process, and could reshape the structure of every team. The HR Director and CIO of every company will need to become best friends as IT and HR co-own a blended human-machine labor force. Every IT person needs to understand the capabilities, limitations, and implications of artificial intelligence, no matter their level of technical acumen. This session explains what Artificial Intelligence is and how it can be used. Attendees will then review the main concepts of AI: artificial neural networks, deep learning, supervised learning, unsupervised learning, reinforcement learning, and generative adversarial networks. Finally, the session will explore how AI may develop in the future, and how it will require a rethinking of every workflow, and every workplace.

    Blockchain beyond crypto-currencies: Your foundation to create new business value

    Crypto-currencies like Bitcoin are just one of the many applications that can be built on top of Blockchain technology. Blockchain has rapidly become a valuable platform for new value creation across a wide range of industries. Heavyweights like IBM, Walmart, Accenture, Intel, and Bank of America are all placing big bets in this area. Over the last thirty years, we have moved from the client-server era, through the cloud computing era, and now with Blockchain to the era of distributed applications. Blockchain technology removes the need for central authorities, creates trust in a trestles world, reduces transaction costs, and dramatically improves traceability. In this session, you’ll cover Blockchain basics, understand why Blockchain technology is so disruptive, and learn how distributed applications (dApps) enable a new innovation paradigm that brings with it new funding and collaboration models. You’ll then look at examples of how Blockchain is already being used to solve problems in a wide range of industries, from real-estate to supply chain, and healthcare to energy.  Be sure that you are prepared to take full advantage of the increased levels of trust, privacy, traceability, and data security made possible by Blockchain technology. Every IT person needs to understand the implications of this technology to their business.

    Futurecasting Workshop

    In this workshop, you’ll learn all the main steps of the Futurecasting process, a proven foresights process developed by futurist, Brian David Johnson. You will then practice each of these major steps—trend synthesis, personas, rapid futurecasting, science fiction prototyping, and backcasting—and start to develop some plans for the future. Some of these plans will build upon what you learned during the two morning sessions focused on AI and Blockchain. In addition to using Rapid Futurecasting to design simple experiences that you may wish to create, you will also consider the investments, partnerships, R&D effort, and talent plans you might need to succeed. “The best way to predict the future is to design it”. So said engineer, inventor, and futurist Buckminster Fuller. Similar statements have been credited to Alan Kay, Peter Drucker, and even Abraham Lincoln. The bottom line is that in order to seize a leadership position in any market, a company needs to take an active role in defining the future that they want to build, and then develop a comprehensive plan to build that imagined future. Attend this workshop to learn how to deploy the Futurecasting process at your company, or perhaps in your own life, as a way to help you model, plan, and then build the future that you want.

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 110

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:00 pm
    SecureWorld PLUS Part 2 - Insider Threat: A White Hat Hacking Methodology Approach to Insider Threats
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Information Security Advisor, Enterprise IT Solutions
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 112

    There are several courses which teach insider threat program development. While the methods and controls taught are very comprehensive and effective, often-times they can also be bypassed.

    Learn how the controls of your current security program can be bypassed by utilizing routine IT procedures. Will also show how to identify business processes which can contribute to insider threats. Learn how to enhance procedures required to identify insider threat exposures.

    This program is designed to help organizations identify existing critical controls needed to develop an Insider Threat Program using a white hat hacking methodology.

    A series of live demonstrations will be performed to show the white hat hacking techniques used to bypass various controls.

    Learning Objectives:

    • Learn the methodologies utilized by individuals within the organization that would be defined as insider threat activity.
    • How to identify system based behavioral indicators.
    • Learn which existing or enhanced security layer can provide insider threat profile data.
    • Learn how areas of the organization i.e. Legal, Procurement & HR are key stakeholders in assisting to identify insider threat activity.

    Take-Aways From the Course:

    • Establishing or enhancing an existing cyber security program to include insider threat.
    • Define self-assessments of insider threat segment of the cyber security program.
    • Enhance awareness training to include additional methods of insider threat.
    • Enhance existing security layers to better identify specific insider threat activity.
    3:45 pm
    ISSA Executive Panel and Reception
    • session level icon
    Open to all Attendees
    speaker photo
    SVP, Simeio Solutions & Director, ISSA
    speaker photo
    CISO, Delta Air Lines
    speaker photo
    VP, Enterprise Cybersecurity Programs, Fiserv
    speaker photo
    SVP & CISO, BCD Travel
    speaker photo
    VP, Enterprise Sales, Okta, Inc.
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 6:00 pm
    Location / Room: Keynote Theater

    Join ISSA for an executive panel discussion and happy hour following Day 1 of SecureWorld!

    3:45 – 4:00          Registration
    4:00 – 5:00          Networking / Happy Hour
    5:00 – 6:00          Panel
    6:00 – 6:30           Dessert / Networking
    RSVP here

  • Thursday, May 30, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 - How to Build the Future: A Deep Dive into Artificial Intelligence, Blockchain, and Preparing Your Organization for 5-10 Years Ahead
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    The Bald Futurist, Former Chief Evangelist and Futurist, Intel
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 111

    In this workshop, you will learn about two of the most important technologies shaping our future, Artificial Intelligence and Blockchain technology. You will then learn how to use the Futurecasting process to model, plan, and build future experiences, including some that are a built around AI and Blockchain. While it does discuss some technical topics at a high level, this workshop is open and accessible to anyone and everyone. Sign up today to boost your knowledge on both AI and Blockchain, and to learn new techniques that will enable you to imagine, plan and build the future.

    Hear from Steve as he gives a preview of what he will cover in this PLUS course: https://youtu.be/eN-wYrdPyjs

    AGENDA

    Introductions

    Artificial Intelligence: How AI will reshape every business, including yours
    Artificial intelligence (AI) is a profoundly important set of technologies that are already shaping the way we live our lives, and the ways that businesses operate. As the second era of computing, AI will have as profound of an effect on business and society as did electrification and traditional digital computers. Over the next decade, AI will transform all our lives and will reshape every industry. AI will power autonomous vehicles, smart robots, drones, virtual assistants, and chatbots. It will manage our smart cities, power sentient factories, and oversee our smart energy grids. AI will turbo-charge medical diagnosis, revolutionize customer service, and aid in the discovery of new materials and new pharmaceuticals. AI will reshape every business process, and could reshape the structure of every team. The HR Director and CIO of every company will need to become best friends as IT and HR co-own a blended human-machine labor force. Every IT person needs to understand the capabilities, limitations, and implications of artificial intelligence, no matter their level of technical acumen. This session explains what Artificial Intelligence is and how it can be used. Attendees will then review the main concepts of AI: artificial neural networks, deep learning, supervised learning, unsupervised learning, reinforcement learning, and generative adversarial networks. Finally, the session will explore how AI may develop in the future, and how it will require a rethinking of every workflow, and every workplace.

    Blockchain beyond crypto-currencies: Your foundation to create new business value

    Crypto-currencies like Bitcoin are just one of the many applications that can be built on top of Blockchain technology. Blockchain has rapidly become a valuable platform for new value creation across a wide range of industries. Heavyweights like IBM, Walmart, Accenture, Intel, and Bank of America are all placing big bets in this area. Over the last thirty years, we have moved from the client-server era, through the cloud computing era, and now with Blockchain to the era of distributed applications. Blockchain technology removes the need for central authorities, creates trust in a trestles world, reduces transaction costs, and dramatically improves traceability. In this session, you’ll cover Blockchain basics, understand why Blockchain technology is so disruptive, and learn how distributed applications (dApps) enable a new innovation paradigm that brings with it new funding and collaboration models. You’ll then look at examples of how Blockchain is already being used to solve problems in a wide range of industries, from real-estate to supply chain, and healthcare to energy.  Be sure that you are prepared to take full advantage of the increased levels of trust, privacy, traceability, and data security made possible by Blockchain technology. Every IT person needs to understand the implications of this technology to their business.

    Futurecasting Workshop

    In this workshop, you’ll learn all the main steps of the Futurecasting process, a proven foresights process developed by futurist, Brian David Johnson. You will then practice each of these major steps—trend synthesis, personas, rapid futurecasting, science fiction prototyping, and backcasting—and start to develop some plans for the future. Some of these plans will build upon what you learned during the two morning sessions focused on AI and Blockchain. In addition to using Rapid Futurecasting to design simple experiences that you may wish to create, you will also consider the investments, partnerships, R&D effort, and talent plans you might need to succeed. “The best way to predict the future is to design it”. So said engineer, inventor, and futurist Buckminster Fuller. Similar statements have been credited to Alan Kay, Peter Drucker, and even Abraham Lincoln. The bottom line is that in order to seize a leadership position in any market, a company needs to take an active role in defining the future that they want to build, and then develop a comprehensive plan to build that imagined future. Attend this workshop to learn how to deploy the Futurecasting process at your company, or perhaps in your own life, as a way to help you model, plan, and then build the future that you want.

    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 110

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 3 - Insider Threat: A White Hat Hacking Methodology Approach to Insider Threats
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Information Security Advisor, Enterprise IT Solutions
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 112

    There are several courses which teach insider threat program development. While the methods and controls taught are very comprehensive and effective, often-times they can also be bypassed.

    Learn how the controls of your current security program can be bypassed by utilizing routine IT procedures. Will also show how to identify business processes which can contribute to insider threats. Learn how to enhance procedures required to identify insider threat exposures.

    This program is designed to help organizations identify existing critical controls needed to develop an Insider Threat Program using a white hat hacking methodology.

    A series of live demonstrations will be performed to show the white hat hacking techniques used to bypass various controls.

    Learning Objectives:

    • Learn the methodologies utilized by individuals within the organization that would be defined as insider threat activity.
    • How to identify system based behavioral indicators.
    • Learn which existing or enhanced security layer can provide insider threat profile data.
    • Learn how areas of the organization i.e. Legal, Procurement & HR are key stakeholders in assisting to identify insider threat activity.

    Take-Aways From the Course:

    • Establishing or enhancing an existing cyber security program to include insider threat.
    • Define self-assessments of insider threat segment of the cyber security program.
    • Enhance awareness training to include additional methods of insider threat.
    • Enhance existing security layers to better identify specific insider threat activity.
    8:00 am
    InfraGard Chapter Meeting and Presentation - Open to all Attendees
    • session level icon
    Topic: How Gaps in Private Sector Risk Management Impact Public Safety
    speaker photo
    President & CEO, Phelco Technologies, Inc.
    Registration Level:
    • session level iconConference Pass
    8:00 am - 9:30 am
    Location / Room: Keynote Theater

    Interested in your local associations? Join InfraGard for a chapter meeting, light breakfast and guest presentation. This session is open to all attendees.

    8:00-8:30am – Networking
    8:30-9:15am – Speaker: Tasha Phelps

    Guest Presentation
    :
    How Gaps in Private Sector Risk Management Impact Public Safety

    • Understanding sectors of critical infrastructure
      • Identify public safety agencies (federal, state, local)
      • Data collection by sector
      • Policy reformation
        • NIST Framework
    • Reporting breaches
      • Requirements & Penalties
    • Reporting symptoms of malicious activity
      • To who? Where? How?
    • FBI Information Sharing Initiative
    • Impact of lack-luster corporate security training programs
    • Cyber security audits
      • Business value
      • Compliance & standardization
      • Response and remediation protocols
    • Departmental interdependencies
    • Creating a formula for success
      • Getting buy-in from executives
      • Creating an effective communication strategy for managers & employees
    8:30 am
    Preparing for the Human Factor in Our Cyber Future
    • session level icon
    speaker photo
    President , DuHart Consulting
    speaker photo
    Principle Cybersecurity Architect, DuHart Consulting
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Ballroom C
    This presentation will help alleviate the mystery of soft skills. As employers struggle attracting and retaining cybersecurity personnel, it is important that employees feel appreciated and work through the stress associated with this environment. Utilizing this presentation as a springboard to greater understanding from both sides of management, attendees will walk away with: 1) What are the top IT soft skills; 2) How to create an environment of inclusion; 3) Real-world examples of how to implement and use soft skills to land that next promotion or job; and 4) Stress management in today’s cybersecurity field.
    8:30 am
    3 Things You Absolutely Need to Know About Data Privacy in 2019 to Move Your Organization Forward
    • session level icon
    speaker photo
    Founder & CEO & Privacy Consultant, Red Clover Advisors, LLC
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 115

    In today’s business landscape, privacy will make you more innovative and become your competitive advantage. Transparency is the key to long-term mutually beneficial relationships with your customers. In this session, we’ll cover the latest GDPR updates, the road to CCPA compliance and offer practical steps on how to integrate privacy within the security culture of your company.

    If you don’t have your customer’s best interests at heart, your competiton will. This means caring enough to stay on top of the latest privacy trends and how to make a sustainable privacy program to keep your customer’s trust.
    8:30 am
    7 Ways to Boost InfoSec’s Influence (and Yours) by Communicating Differently
    • session level icon
    speaker photo
    Emmy-Winning Journalist, SecureWorld
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 117

    Grow your personal influence, your leadership possibilities and move your InfoSec objectives forward (faster) by thinking differently about how you communicate. Whether your audience is the board, your team, or any part of the business, this session will help you and your communication stand out. Lead by a long-time TV reporter turned cybersecurity journalist who shares a framework for powerful communication you can implement immediately.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE — Wicked Problems: Planning for Cyber Defense
    • session level icon
    speaker photo
    CISO, Georgia Technology Authority - State of Georgia
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Numerous “wicked” problems, to include cyber defense, face our society today that cannot be solved through normal techniques. This presentation focuses on elements of military planning methods designed for such problems, and how they relate to your network defense planning and execution.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    Topic: Securing Our Next Generation of Security Professionals
    speaker photo
    Head of Global Cyber Risk Governance, First Data Corporation
    Registration Level:
    11:00 am - 12:00 pm
    Location / Room: 119

    This session is for Advisory Council Members only.

    11:15 am
    Riding within the Risk Appetite: Being Reasonable in an Unreasonable World
    • session level icon
    speaker photo
    Lifetime Member, American Society of Digital Forensics and EDiscovery
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 113

    Security professionals have the ability every day to secure a business right out of business. Locking down controls so tightly that nothing can be done is just as bad for business as having no controls at all. The “Reasonable Person Test” is often used in legal matters, and should also be considered in security and data protection. In a corporation’s risk appetite there is a fine line between “risky” and “stupid,” and it is up to security professionals to make sure that there is a recovery plan for after “risky”‘ and that “stupid” is avoided.

    11:15 am
    [Insight] Motivating Internal Teams for Security
    • session level icon
    speaker photo
    Regional Security Principal, Insight Cloud + Data Center Transformation
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 117
    Pursuit of security compliance certifications can be challenging. Actively engaging engineering teams
    and enthusiastic participation by all stakeholders is crucial for the success. This talk will focus on
    actionable ideas to convince all stakeholders about the importance of efforts for security & compliance.
    11:15 am
    Internet of Things: Privacy, Security, and Regulation
    • session level icon
    speaker photo
    Attorney at Law, Law Offices of Salar Atrizadeh
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 115
    This seminar will discuss the Internet of Things (IoT) and the related legal problems. The speaker will discuss privacy, security, and the applicable state and federal regulations. The speaker will discuss the technology behind the Internet of Things and how it has affected different industries. The speaker will assess the current legal ramifications. The audience will learn about the legal and technical issues and the various court cases.

    See https://www.atrizadeh.com/internet-of-things.html
    for more information.

    11:15 am
    Third-Party Risk: Creating and Managing a Program that Works!
    • session level icon
    speaker photo
    Managing Director, UHY Advisors
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Ballroom D

    Every organization is concerned with third-party risk. No one wants to be the next Target breach. This session will examine the components of third-party risk management and give you some leading practices on how to develop a workable and sustainable process.

     

    11:15 am
    When the Answer Really Is "No"—How to Say It Diplomatically
    • session level icon
    speaker photo
    CISO, Georgia Department of Public Health
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Ballroom C
    As cybersecurity experts, our overall goal is to protect the confidentiality, preserve the integrity, and promote the availability of data for authorized use—all without inhibiting the business from meeting its objectives. But what about the times when we must say “no” for various reasons? This interactive session focuses techniques for having a diplomatic “crucial conversation” with the business when a request just can’t be approved.

     

    12:15 pm
    [LUNCH KEYNOTE] How to Manage Your Own Career to Get to the Top
    • session level icon
    speaker photo
    Former CIO, The White House
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    Do you have a plan for your future? Why not? You are the leader of your own destiny! You need to look at where you are, where you want to go, and have a plan to get there. We will talk about how to develop a plan, what to think about, and how to put one foot in front of the other to get to your end goal. We will also talk about how to manage up to your boss to get what you need to help you in your own career. Col. Mark Gelhardt made it to The White House managing his own career, and stood next to the President of the United States. He will tell you how he did it; if he can do it, so can you!

     

    1:15 pm
    Panel: Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
    Panelists:
    RJ Sudlow, DHG
    Mike Van Doren, Sonatype
    Jerrod Piker, Check Point Security
    Matthew Farr, Varonis
    Kevin Clark, Sayers
    Moderator: Jow DiBiase, Interface

    1:15 pm
    Panel: The Battle for the Endpoint Continues (Endpoint Security)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Ballroom C

    What are you doing to keep the network safe for your employees? You’ve got your fancy next-gen firewall and some A/V. Maybe even some biometrics or 2FA thrown in for safekeeping. We also keep hearing the IAM acronym thrown around. And what is Zero Trust? What are you missing? Oh, yeah… remote workers and IoT. Wouldn’t it be cool if you had someone to ask? Now you do. This panel will go through these questions and more. Join the group discussion as we address the challenges in endpoint and network security.
    Panelists:
    Jorge Alago, Veristor
    Tom Callahan, ControlScan
    Dave Vance, Comodo
    Ron Coe, Jazz Networks
    Mark Hubbard, Code42
    Moderator: Kelvin Arcelay

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Unearthing Hidden Security Talent
    • session level icon
    speaker photo
    Sr. Director, Business Security Office, Automatic Data Processing
    speaker photo
    Director of Security Assurance, ADP
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 115
    Recognizing there is a global security talent shortage we believe we have come across some unique methods to identify and leverage unconventional talent to solve security challenges.
    3:00 pm
    Intentional Data Privacy: California Consumer Privacy Act
    • session level icon
    Now is the time to prepare for changes required by California's new privacy law
    speaker photo
    Attorney, Trusted Counsel
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 117
    Michael will be giving away an Echo Show and Echo Dot during this breakout session!

    I. What intentional data privacy means
    II. Background and overview of CCPA
    III. Affected entities and applicability(assume your business must comply)
    IV. New consumer rights under the CCPA
    V. Noncompliance could be costly
    VI. Best practices for compliance ( data, privacy notices and policies, consumer rights, third party service provider, systems training, and process)
    VII. CCPA readiness assessment program (data mapping, gap analysis, revised policies, ongoing privacy compliance plan etc…)

    3:00 pm
    Bitcoin & Cryptoeconomics
    • session level icon
    speaker photo
    Sr. Director, Information Security, Serta Simmons Bedding, LLC
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 113

    A presentation about crypto assets and why they will be important in your future.

Exhibitors
  • ACP Atlanta
    Booth: TBD

    The Atlanta Chapter was formed in August of 2006. It includes Continuity Professionals from all areas of the Business Community and the Public Sector. As ACP’s local presence in the Atlanta metro region, our chapter embraces and seeks to promote the mission and goals of the parent organization. Being a member of the Atlanta Chapter of ACP brings many benefits:
    • The opportunity to network with experience individuals who often have addressed some of the same challenges you face in your organization.
    • The opportunity to hear real examples of solutions that have been implemented in other organizations.
    • The opportunity to network for career opportunities.

  • ARMA Atlanta
    Booth: TBD

    ARMA International is a not-for-profit organization representing the RIM profession. Its primary purpose is the advancement of the profession and the professional through advocacy, education and professional development.

    ARMA International members include records and information managers, MIS and ADP professionals, imaging specialists, archivists, hospital administrators, legal administrators, librarians, corporate counsel, compliance professionals, and educators. ARMA, its chapters, and its members are dedicated to helping individuals, organizations, and government agencies successfully meet the challenges of the increasingly complex records and information management field.

  • BackBox
    Booth: 248

    BackBox is the leading provider of Intelligent Automation for all Network and Security devices. BackBox provides the ability to schedule automated backup and storing of device configurations, single-click recovery, real-time inventory management, custom task automation, and pre-emptive health checks for all your critical devices on the network.

  • Barracuda
    Booth: 202

    Barracuda Networks, Inc. is a company providing security, networking and storage products based on network appliances and cloud services. The company’s security products include products for protection against email, web surfing, web hackers and instant messaging threats such as spam, spyware, trojans, and viruses. The company’s networking and storage products include web filtering, load balancing, application delivery controllers, message archiving, NG firewalls, backup services and data protection.

  • Bitdefender
    Booth: 222

    Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.

    From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.

  • Bitglass
    Booth: 250

    Your company’s move to the cloud delivers flexibility and cost savings, but that doesn’t mean you should lose control of your data. Bitglass’ Cloud Access Security Broker (CASB) solution enables your enterprise to adopt cloud apps while ensuring data security and regulatory compliance. Bitglass secures your data in the cloud, at access, on any device.

    Bitglass was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.

  • BitSight Technologies
    Booth: 200

    BitSight Technologies is transforming how companies manage information security risk with objective, evidence-based security ratings. The company’s Security Rating Platform continuously analyzes vast amounts of external data on security behaviors in order to help organizations manage third party risk, benchmark performance, and assess and negotiate cyber insurance premiums.For more information, please visit www.bitsighttech.com or follow us on Twitter (@BitSight)

  • Check Point Security
    Booth: 204

    Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. We are committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.

  • Cobalt.io
    Booth: 236

    Cobalt’s Pentest as a Service (PtaaS) Platform transforms traditional pentesting into a data-driven vulnerability management engine. Fueled by a global talent pool of certified freelancers, our modern pentest platform delivers actionable results that empowers agile teams to pinpoint, track, and remediate vulnerabilities.

  • Code42
    Booth: 224

    Code42 is the leader in information security. We secure more than 50,000 organizations worldwide, including the most recognized brands in business and education. Because Code42 can secure every version of every file, we offer security, legal and IT teams total visibility and recovery of data–wherever it lives and moves.

  • Comodo Cybersecurity
    Booth: 214

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • ControlScan
    Booth: 272

    ControlScan managed security and compliance solutions help secure IT networks and protect payment card data. With highly-credentialed cybersecurity and compliance experts, 24×7 managed detection and response, advanced endpoint protection, managed UTM firewall services, vulnerability scanning, QSA and HIPAA assessments, penetration testing, PCI compliance programs and more, we’ve got your back.

  • DHG
    Booth: 230

    Headquartered in Charlotte, NC, DHG ranks among the top 20 public accounting firms in the nation. With more than 2,000 professionals in 13 states, we combine deep experience with a strong commitment to personal service. We are passionate about helping our clients succeed—and we do so through a resourceful approach to solving problems, providing solutions and helping our clients achieve their goals.

    Dedicated client focus and relationships have been and always will be our touchstone. Here at DHG, you’ll receive personalized service provided by a team of professionals who are eager to share their knowledge and experience with you. We draw on our extensive resources to combine comprehensive assurance, tax and advisory services.

  • Digital Resolve
    Booth: 212

    Since 2004, Digital Resolve has delivered solutions that help companies maintain trust and confidence among their audiences through proven and cost-effective fraud-protection and identity intelligence technology. The Digital Resolve platform provides the industry’s only solution that couples its proprietary and substantiated multifactor authentication (MFA) and behavioral monitoring technology with its own single sign-on (SSO) capabilities to deliver proactive protection that secures online accounts, information and transactions―from login to logout. For nearly 15 years, enterprises across a number of industries, from financial services to fast-growth technology to small- and medium-sized businesses to healthcare, have benefitted from having a single, easy-to-deploy solution that provides comprehensive security for online users.

  • EC-Council
    Booth: TBD

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Egnyte
    Booth: 262

    Egnyte is the only secure content platform that is designed specifically for business. Egnyte provides teams with secure file sharing capability and access to content delivered at hyper-speed, regardless of file size, location, device or bandwidth.  More than 15,000 of the world’s most demanding and regulated businesses in more than 120 countries around the globe trust Egnyte to manage their content on the cloud.

  • Endgame
    Booth: 200

    Organizations spent $75 billion on security last year, yet they still face breaches at an alarming rate. Endgame exists to transform that paradigm and not accept breaches as the status quo.

    To solve these challenges, we can’t apply the same people, processes and technology and expect different results.

    We bring to bear the best across enterprise tech, security domain expertise, data science, user experience, and academia to challenge the industry-standard of what makes a good security product.

    That’s what we’re doing everyday at Endgame.

  • enSilo
    Booth: 260

    enSilo protects businesses around the world from data breaches and disruption caused by cyber attacks. The enSilo Endpoint Security Platform comprehensively secures endpoints in real-time pre- and post-infection without alert fatigue, excessive dwell time or breach anxiety while also containing incident response costs by orchestrating automated detection, prevention and incident response actions against advanced malware. enSilo’s patented approach stops advanced malware with a high degree of precision, provides full system visibility and an intuitive user interface and combines next-generation antivirus (NGAV), application communication control, automated endpoint detection and response (EDR) with real-time blocking, threat hunting, incident response, and virtual patching capabilities in a single agent. The platform can be deployed either in the cloud or on-premises and supports multi-tenancy.

  • Garland Technology
    Booth: 240

    Garland Technology provides the foundation to network visibility with a range of network TAPs and packet brokers. Our products deliver effective physical layer access for in-line and out-of-band monitoring solutions providing you access and visibility to see every bit, byte, and packetⓇ.Let us design your visibility plane, connecting your network and security tools.

  • Gigamon
    Booth: 200

    Gigamon is leading the convergence of network and security operations to reduce complexity and increase efficiency of security stacks. Our GigaSECURE® Security Delivery Platform is a next generation network packet broker that makes threats more visible – across cloud, hybrid and on-premises environments, deploy resources faster and maximize the performance of security tools.

  • Global Cyber Alliance
    Booth: TBD

    The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

  • GuidePoint Security LLC
    Booth: 200

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

  • InfoSec-Conferences.com
    Booth: n/a

    We’re the InfoSec community’s #1 ‘Go To’ resource for cybersecurity conference listings. Since 2012 we’ve provided cybersecurity professionals with accurate event listings that are manually checked and updated every day.

  • InfraGard Atlanta
    Booth: TBD

    InfraGard Atlanta Members Alliance (IAMA) is a non-profit organization serving as a public-private partnership among U.S. Businesses, individuals involved in the protection and resilience of the U.S. critical Infrastructure and the Federal Bureau of Investigation.

    InfraGard National Members Alliance (INMA), which consists of local InfraGard Members Alliances (IMAs) throughout the country. An InfraGard “chapter” refers to the local FBI, the local IMA, and the local InfraGard members working together.

    IAMA is the Atlanta chapter of InfraGard. It is a local association of persons who represent businesses, academic institutions, state and local law enforcement agencies, non-profit organizations and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States.

  • Insight
    Booth: 242

    Insight is a leader in providing smart, cutting-edge technology solutions for global organizations of all sizes. From developing unique strategies to delivering the products, services and expertise, we’ll help your business run more efficiently and modernize through Insight Intelligent Technology Solutions.

  • ISACA Atlanta
    Booth: TBD

    The aim of the ISACA Atlanta Chapter is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help further promote and elevate the visibility of the IT audit, risk, control and security professions throughout the local area.

    Nearing its 50th year, ISACA is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its half-million engaged professionals in information and cyber security, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology.

  • (ISC)2 Atlanta
    Booth: TBD

    (ISC)² Atlanta chapter encompasses the Atlanta Metro area. Our chapter program provides members a forum to facilitate the exchange of knowledge and ideas, development of leadership and professional skills, and advancement of information systems security. We also provide our members with access to a variety of industry resource and educational programs to keep our members informed of the latest advances in technology and techniques.

    Our mission is to advance information security in local communities throughout Atlanta, Georgia, by providing our members and other security professionals with the opportunity to share knowledge, grow professionally, educate others, and collaborate on projects. ​

  • ISSA Metro Atlanta Chapter
    Booth: TBD

    The ISSA Metro Atlanta chapter has developed over the years into one of the largest ISSA chapters worldwide and the largest IT Security organization in the Metro Atlanta area. The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.

  • Ixia, a Keysight Business
    Booth: 206

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Jazz Networks
    Booth: 226

    Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.

  • Lockpath
    Booth: 246

    Lockpath is a software company bringing order to the chaos of managing risk. From SMB to enterprise, our risk management platforms flex and scale to existing processes enabling customers a straightforward approach to identify, understand, manage and report on risk.

  • nCipher
    Booth: 232

    nCipher Security, a leader in the hardware security module (HSM) market, empowers world-leading organizations by delivering trust, integrity and control to their business critical information and applications, IoT, blockchain and digital payments

  • NiX
    Booth: 262

    NiX is the world’s first distributed privacy management platform built for addressing shortfalls of current data sharing platforms such as social media by using a truly unique architecture. Consumers have real time control over their content’s privacy with full visibility of its usage throughout its lifecycle.  Moreover, NiX delivers this capability to market using a scalable platform architecture that is easy to consume for developers allowing ubiquitous adoption while keeping NiX blind to consumers’ content cryptographically.

  • Okta
    Booth: 210

    Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

  • Optiv
    Booth: 228

    The world’s most trusted and reputable security solutions integrator, Optiv enables its clients to realize stronger, simpler and less costly cyber security programs. The company combines decades of real-world business, security strategy and technical experiences with in-depth security products knowledge to bring order to the cyber security chaos.

  • Preempt Security
    Booth: 234

    Preempt delivers a modern approach to authentication and securing identity in the Enterprise. Using patented technology for Conditional Access, Preempt helps Enterprises optimize Identity hygiene and stop attackers and insider threats in real-time before they impact business. Preempt continuously detects and preempts threats based on identity, behavior and risk across all cloud and on-premises authentication & access platforms. This low friction and more prescriptive approach empowers security teams more visibility & control over accounts and privileged access, achieve compliance and auto-resolve incidents. Learn more:  www.preempt.com.

  • ProcessUnity
    Booth: 256

    ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources.

  • Pulse Secure
    Booth: 216

    Pulse Secure provides easy, comprehensive software-driven Secure Access solutions for people, devices, things and services that improve visibility, protection and productivity for our customers. Our suites uniquely integrate cloud, mobile, application and network access to enable hybrid IT in a Zero Trust world. Over 20,000 enterprises and service providers across every vertical entrust Pulse Secure to empower their mobile workforce to securely access applications and information in the data center and cloud while ensuring business compliance.

  • RedSeal
    Booth: 238

    At RedSeal, our vision is to become the essential analytics and decision-making platform for building digitally resilient organizations people can trust. We do this by becoming the measure by which every organization can quantify its digital resilience. As thought leaders on resilience, we envision every organization starting the security discussion with the question “What’s our Digital Resilience Score?” Founded in 2004, RedSeal is headquartered in Sunnyvale, California.

  • Sayers
    Booth: 254

    At Sayers, we have more than 30 years of experience in providing personalized IT services and solutions. We bring an in-depth knowledge of the most innovative technologies which allows us to diagnose your problems, create a personalized plan, and implement the exact solutions to help your business overcome its most difficult IT challenges. Sayers mission is to help clients solve their business challenges with innovative IT solutions. Our success is founded on building strong relationships with our clients and going above and beyond to help those clients succeed.

  • Security Innovation
    Booth: 266

    For almost two decades, global clients have trusted Security Innovation to help them learn how to defend software applications and sensitive data from cyber-threats and attacks. We understand the challenges facing today’s enterprise, where reputation and customer trust is on the front lines. That’s why we continually work to discover and overcome the latest security threats with our Centers of Excellence, and integrate this knowledge into every training and assessment solution we deliver.

  • Siemplify
    Booth: 220

    The  Siemplify  team is comprised of cyber-security professionals, veterans of Israeli intelligence agencies. We bring rich experience in security analysis,  management  and operations and are backed by experts in data science and applied mathematics.

    WE BELIEVE In the modern world of cyber threat analysis, investigation and management should be more holistic, intuitive and simple. Technology and data science should serve cyber security experts by providing all the relevant information about the threat in real-time and focus them  in  rapid decision making.

  • Sonatype
    Booth: 208

    Every day, developers rely on millions of third party and open source building blocks – known as components – to build the software that runs our world. Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don’t have to make the tradeoff between going fast and being secure. More than 120,000 organizations use Sonatype’s Nexus solutions to support agile, Continuous Delivery, and DevOps practices globally

  • SSH Communications Security
    Booth: 270

    As the inventor of the SSH protocol, we have a twenty-year history of leading the market in developing advanced security solutions that enable, monitor, and manage encrypted networks. Over 3,000 customers across the globe trust the company’s encryption, access control and encrypted channel monitoring solutions to meet complex compliance requirements, improve their security posture and save on operational costs. SSH Communications Security is headquartered in Helsinki and has offices in the Americas, Europe and Asia. The company’s shares (SSH1V) are quoted on the NASDAQ OMX Helsinki. For more information, visit www.ssh.com

  • Synopsys
    Booth: 218

    Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

  • TAG
    Booth: TBD

    It’s a new world for tech, and the Technology Association of Georgia (TAG) has emerged as a world-class membership organization and an engine for economic development for the state of Georgia. TAG’s mission is to educate, promote, influence and unite Georgia’s technology community to foster an innovative and connected marketplace that stimulates and enhances Georgia’s tech-based economy.

    TAG TODAY:
    35,000+ Members
    2,000+ Member Companies
    200+ Events per year
    33 Societies

  • TechTarget
    Booth: TBD

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tufin
    Booth: 254

    As the market leader of award-winning Security Policy Orchestration solutions, Tufin provides enterprises with the ability to streamline the management of security policies across complex, heterogeneous environments. With more than 2,000 customers, Tufin automatically designs, provisions, analyzes and audits network security configuration changes – from the application layer down to the network layer – accurately and securely. It assures business continuity with a tight security posture, rapid service delivery and regulatory compliance across physical, private, public and hybrid cloud environments.

  • Varonis
    Booth: 200

    Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • Veristor
    Booth: 258

    At VeriStor, we design, implement and manage IT solutions that fuel business productivity. As an end-to-end solutions provider, VeriStor specializes in enterprise data storage, virtual infrastructure, public, private and hybrid cloud services, migration, and technology financing. Headquartered in Atlanta, VeriStor delivers solutions nationwide to enterprise and mid-market companies in all industries including financial services, manufacturing, healthcare, education and federal, state and local government. To learn how VeriStor can help you achieve an IT infrastructure that accelerates business growth, improves efficiencies and reduces costs, visit: http://www.veristor.com

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Ken Foster
    Head of Global Cyber Risk Governance, First Data Corporation
  • speaker photo
    Steve Brown
    The Bald Futurist, Former Chief Evangelist and Futurist, Intel

    Steve Brown is an energetic speaker, author, strategist, and advisor with over 30 years of experience in high tech. Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.

    Steve is passionate about helping people to imagine and build a better future. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better.

    Steve speaks and writes in plain language on how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges. His new book, Hacking Reality, will be published later this year. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Mike Muscatell
    Information Security Advisor, Enterprise IT Solutions

    Mike Muscatell is a seasoned IT veteran with more than twenty years in the Information Security field. He is a certified ethical hacker. Was honored as top 100 professionals in the Information Security Field by Strathmore's for 2014. Member of a number of security organizations including Infragard, US Chamber of Commerce Cyber Committee.

  • speaker photo
    Rebecca Rakoski
    Managing Partner, XPAN Law Group, LLC

    Rebecca Rakoski is co-founder and managing partner at XPAN Law Group, a certified Women Owned boutique law firm. Rebecca focuses her practice exclusively on cybersecurity and data privacy. She has extensive experience in all aspects of cybersecurity, data privacy and cross border data transfer issues. Rebecca performs in-depth cybersecurity assessments and audits in accordance with regulatory requirements. Rebecca counsels clients through a breach by navigating the complexities of different state and federal regulations. Rebecca also performs cybersecurity and data privacy due diligence in M&A transactions, protecting intellectual property, and even transition and succession planning.

  • speaker photo
    Justin Daniels
    Attorney, Baker Donelson

    Justin Daniels is a thought leader in cybersecurity who believes cybersecurity must be treated by the c-suite as a strategic enterprise business risk. He provides strategic advice to companies to help them understand cyber risk and create a comprehensive approach to address it. Justin is general counsel to one of the largest enterprise data centers in the country dedicated to the development of blockchain technologies that is headquartered in College Park, Georgia. He also speaks regularly on topics that include blockchain, cryptomining and AI as well as conducting realistic cyber breach incident response tabletop exercises. He completed the MIT Sloan School of Management course entitled "Blockchain Technologies: Business Innovation and Application" in December 2018. He brings a cyber lens to business and legal issues in mergers and acquisitions, investment capital transactions and related due diligence matters, information security plans, incident response plans, vendor and customer contracts and cyber insurance. Justin is an attorney with Baker Donelson, where he is a corporate attorney who specializes in M&A and other business transactions.

  • speaker photo
    Graeme Payne
    President , Cybersecurity4Executives

    Graeme Payne has over 30 years' experience in security and information technology risk consulting and IT management. He spent the majority of his career at Ernst & Young prior to joining Equifax in 2011 as VP of IT Risk & Compliance. At the time of the 2017 Equifax data breach, he was CIO of Global Corporate Platforms. He now consults with Boards of Directors and executive teams on cybersecurity. Graeme is a CISSP, CISM, and CISA.

  • speaker photo
    Steve Brown
    The Bald Futurist, Former Chief Evangelist and Futurist, Intel

    Steve Brown is an energetic speaker, author, strategist, and advisor with over 30 years of experience in high tech. Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.

    Steve is passionate about helping people to imagine and build a better future. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better.

    Steve speaks and writes in plain language on how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges. His new book, Hacking Reality, will be published later this year. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets.

  • speaker photo
    Tamika Bass
    CISO, Georgia Department of Public Health

    Tamika Bass is the Chief Information Security Officer for Georgia Department of Public Health. Her expertise includes assessing and mitigating risk, analyzing impacts, business continuity and disaster recovery planning. Tamika focuses on building cohesive relationships with all levels of staff, management, and suppliers. She holds a Master in Business Administration and a Master in Information Systems Management. She is an adjunct professor and is a Certified Information Security Auditor (CISA). Tamika is also certified in Risk and Information Security Controls (CRISC) and a Certified Business Continuity Planner (CBCP).

  • speaker photo
    James Baird
    Founder and Manager, Cybersecurity Management Consultants, LLC

    As a CISO, James has seen his role oversee all the programs and processes involved with Information Security, Operational Security, Technology Risk Management, and IT Compliance, . He has designed and implemented security programs using the ISO 27001, NIST RMF, NIST ICTSCRM, NIST CSF, and ITIL. James holds a Master of Science degree in Information Assurance (MSIA) and maintains the CISSP, CISM, CIPM, and several other Security-related certifications.

  • speaker photo
    Rebecca Rakoski
    Managing Partner, XPAN Law Group, LLC

    Rebecca Rakoski is co-founder and managing partner at XPAN Law Group, a certified Women Owned boutique law firm. Rebecca focuses her practice exclusively on cybersecurity and data privacy. She has extensive experience in all aspects of cybersecurity, data privacy and cross border data transfer issues. Rebecca performs in-depth cybersecurity assessments and audits in accordance with regulatory requirements. Rebecca counsels clients through a breach by navigating the complexities of different state and federal regulations. Rebecca also performs cybersecurity and data privacy due diligence in M&A transactions, protecting intellectual property, and even transition and succession planning.

  • speaker photo
    Samuel Blaney
    Director Cybersecurity, Georgia Technology Authority

    Sam is the Director of Cybersecurity & Governance Risk and Compliance (GRC) at GTA and is a Chief Warrant Officer (CW3) retired. Georgia Technology Authority (GTA) Office of Information Security (OIS) is the premier strategic partner for all state and local government organizations in support of a strong State Cyber Security posture. GTA OIS, unifies all information security responsibilities for the state’s IT enterprise, including the Georgia Enterprise Technology Services (GETS) program, and GTA. The OIS team develops and maintains Cyber Enterprise Policies, provides support for Cyber Risk Assessments, facilitates Cyber Threat Information Sharing and is the lead organization for Cyber Incident Responses and Emergencies. He served in several military assignments including the Cyber Operations Planner Georgia National Guard Cyber Protection Team (CPT), Senior Cyber Operations Watch Officer assigned to Task Force Echo 780th Military Intelligence Brigade Fort Meade Maryland supporting Operation Enduring Freedom (OEF). Sam’s education and certifications include a Bachelor of Science in Information Technology (BSIT) from Barry University in Miami Florida (CUM LAUDE), Certified Information Systems Security Professional (CISSP), Comp-TIA Security+, ITILv3 Foundation Certificate in IT Service Management, and eight Global Information Assurance Certifications (GAIC), Security Essentials (GSEC), Systems and Network Auditor (GSNA), Penetration Tester (GPEN), Certified Intrusion Analyst (GCIA), Certified Windows Security Administrator (GCWN) Certified Forensic Analyst (GCFA) Certified Incident Handler (GCIH) Global Industrial Cyber Security Professional (GICSP).

  • speaker photo
    Terry Ziemniak, CISSP
    Chapter Member, (ISC)2

    Terry has over 25 years' experience in the information security field with work ranging from security architecture, pen testing, operations, auditing, risk management, disaster preparedness and compliance. His roles have ranged from white-hat hacker up to CISO for billion dollar companies. Terry has achieved the CISSP (Certified Information System Security Practitioner) designation as well as having completed his Master's degree in Information Security from DePaul University. He has spoken on cybersecurity topics to groups all over the country and as far away as Germany.

  • speaker photo
    Tim Callahan
    SVP, Global Chief Security Officer, Aflac

    Timothy L. Callahan, CISSP, CISM, CRISC Senior Vice President, Global Security; Chief Security Officer Tim Callahan joined Aflac in 2014, bringing more than 30 years of experience in information and physical security, business resiliency and risk management. He was promoted to his current role in January 2016, where he is responsible for directing Aflac’s global security strategy and leading the information security, business continuity and disaster recovery functions across the company to prioritize security initiatives and allocate resources based on appropriate risk assessments.

  • speaker photo
    Phillip Mahan
    Lifetime Member, American Society of Digital Forensics and EDiscovery

    Phillip loves to tell stories and has decades of experiences in Security, Privacy, and Technology, to use for tales. With enough letters to fill a full serving of Alphabet soup (although mostly ‘C’s, ‘I’s, ‘P's and ’S’s) he walks through data protection and privacy with an eye to making the world a better place for data to live.

  • speaker photo
    Donna Gallaher
    President & CEO, New Oceans Enterprises
  • speaker photo
    Barry Herrin
    Founder, Herrin Health Law, P.C.

    Barry Herrin is the Founder of Herrin Health Law, P.C., a boutique law practice located in Atlanta, Georgia. He regularly assists health care providers in all segments of the industry on health care operations and compliance, medical information privacy and confidentiality, cybersecurity, and data breach response. He is admitted to the bars of the District of Columbia, Florida, Georgia, and North Carolina. Mr. Herrin is a Fellow of the American College of Healthcare Executives, a Fellow of the American Health Information Management Association, and a Fellow of the Healthcare Information and Management Systems Society. He also holds a certificate in cybersecurity from Georgia Tech and has been recognized as a subject matter expert in health care by the Infragard National Member Alliance.

  • speaker photo
    Steve Brown
    The Bald Futurist, Former Chief Evangelist and Futurist, Intel

    Steve Brown is an energetic speaker, author, strategist, and advisor with over 30 years of experience in high tech. Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.

    Steve is passionate about helping people to imagine and build a better future. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better.

    Steve speaks and writes in plain language on how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges. His new book, Hacking Reality, will be published later this year. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Mike Muscatell
    Information Security Advisor, Enterprise IT Solutions

    Mike Muscatell is a seasoned IT veteran with more than twenty years in the Information Security field. He is a certified ethical hacker. Was honored as top 100 professionals in the Information Security Field by Strathmore's for 2014. Member of a number of security organizations including Infragard, US Chamber of Commerce Cyber Committee.

  • speaker photo
    Moderator: Ed Pascua
    SVP, Simeio Solutions & Director, ISSA
  • speaker photo
    Deborah Wheeler
    CISO, Delta Air Lines
  • speaker photo
    Phyllis Woodruff
    VP, Enterprise Cybersecurity Programs, Fiserv
  • speaker photo
    Sherron Burgess
    SVP & CISO, BCD Travel
  • speaker photo
    Ann Marie Isleib
    VP, Enterprise Sales, Okta, Inc.
  • speaker photo
    Steve Brown
    The Bald Futurist, Former Chief Evangelist and Futurist, Intel

    Steve Brown is an energetic speaker, author, strategist, and advisor with over 30 years of experience in high tech. Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.

    Steve is passionate about helping people to imagine and build a better future. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better.

    Steve speaks and writes in plain language on how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges. His new book, Hacking Reality, will be published later this year. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Mike Muscatell
    Information Security Advisor, Enterprise IT Solutions

    Mike Muscatell is a seasoned IT veteran with more than twenty years in the Information Security field. He is a certified ethical hacker. Was honored as top 100 professionals in the Information Security Field by Strathmore's for 2014. Member of a number of security organizations including Infragard, US Chamber of Commerce Cyber Committee.

  • speaker photo
    Tasha Phelps
    President & CEO, Phelco Technologies, Inc.

    Protecting the integrity of information continues to be a strategic focus within Tasha's cybersecurity efforts. She has seen the impact of businesses being compromised by malicious threats, and shares how building contingency plans can be of value. Her approach is to align business processes with technical solutions to create powerful plans for sustainability.

    Her experience detecting, responding to, and prevention of cyber threats in online environments, grants a unique perspective to ensure the security of information assets with industry accepted risk management tactics. In short, she leads a team to implement organizational awareness for cyber actors. Upon completing the Level 1 Anti-Terrorism Awareness training from the US Department of Homeland Security, she became even better positioned to create strategies for success—knowing WHAT to do is equally as important as HOW to do it.

    Civically, Tasha has been involved with her community for over 30 years. She often shares her knowledge of the US Constitution and the public’s civic responsibility. As a requested speaker and panelist in business development initiatives, she is also eager to share her experiences and knowledge of her industry and her journey into business ownership.

  • speaker photo
    Samantha Dutton
    President , DuHart Consulting

    Dr. Samantha Dutton is the President of DuHart Consulting where she works with her husband in addressing cybersecurity business needs, as it impacts the human factor. She is also an Associate Dean and the Director of the Social Work Program in the College of Social and Behavioral Sciences at the University of Phoenix. She is a Licensed Clinical Social Worker and holds a PhD in Social Work and Social Research. Dr. Dutton served over 25 years in the United States Air Force, retiring as Lieutenant Colonel. She held positions of Deputy Commander of Medical Operations at Mike O’Callaghan Military Medical Center as well as the Medical Squadron at Joint Base Lewis-McChord. She also commanded the Mental Health Clinic at Nellis Air Force Base. She has been the recipient of numerous Air Force level awards and was deployed in support of Operation Iraqi Freedom and Operation Enduring Freedom where she was the lone mental health practitioner for 2500 personnel. Dr. Dutton’s passions include military transition, single parents serving in the military and ensuring veterans have access to services. She has recently embarked on a venture with her husband to address the needs of the cybersecurity profession. She has presented in different forums surrounding these passions as well as publishing an article on single parents in the Air Force. Dr. Dutton created the military social work curriculum for online institution where she brought real world experience and research to the program. Dr. Dutton is married and has 4 children and a granddaughter.

  • speaker photo
    Andrew Dutton
    Principle Cybersecurity Architect, DuHart Consulting

    Andrew Dutton is a leader in the cybersecurity industry with DuHart Consulting as the Principle Cybersecurity Architect. In previous roles, he has designed, implemented and overseen program development, control adoption, and strategic planning. He has developed programs for multiple organizations and excels as using a risk-based approach to ensure organizations have implemented the most effective solutions and processes. He implements cybersecurity into processes and not as a separate silo. Building a cybersecurity culture is a key fundamental for any program. Andrew has advanced expertise in the security and compliance space, including NIST, CIS, COBIT, ISO, ITIL, HIPAA, and other frameworks and programs in the IT strategic and tactical processes. He brings a street smart approach to intricate business problems in order to find secure solutions. He is also committed to developing human resources to get the job done.

  • speaker photo
    Jodi Daniels
    Founder & CEO & Privacy Consultant, Red Clover Advisors, LLC

    Jodi Daniels, founder of Red Clover Advisors, is a Certified Informational Privacy Professional (CIPP/US) with more than 20 years of experience helping a range of businesses from solopreneurs to multi-national companies. Red Clover Advisors has helped hundreds of companies create privacy programs, achieve GDPR compliance, and establish a secure online data strategy their customers can count on. Prior to launching Red Clover Advisors in 2017, she most recently served as the privacy partner for Digital Banking and Digital Marketing at Bank of America and created the comprehensive privacy program at Cox Automotive. Jodi earned her BBA and MBA from Emory University Goizueta Business School.

  • speaker photo
    Bruce Sussman
    Emmy-Winning Journalist, SecureWorld

    Bruce Sussman is a life-long storyteller who spent 20 years on TV screens in Portland, Oregon, as a journalist and meteorologist, winning two regional Emmy awards for “Best Weather Anchor.” He still pops up on KATU News occasionally, but he’s more likely to be spotted now on a security podcast, moderating a panel discussion at a SecureWorld InfoSec conference, or leading a session on more powerful communication in a corporate environment. After a brief stint at Gartner working with CISOs, Sussman now leads cybersecurity writing and content for SecureWorld’s media division.

  • speaker photo
    David Allen
    CISO, Georgia Technology Authority - State of Georgia

    David Allen is the Chief Information Security Officer for the State of Georgia. He leads GTA’s Office of Information Security, which unifies information security responsibilities for the state’s IT enterprise, the Georgia Enterprise Technology Services (GETS) program, and GTA. Prior to joining GTA in 2019, David served as the Chief Information Officer and Chief of Cybersecurity for the Georgia Army National Guard. David holds a Master of Project Management from DeVry University and is a 1995 graduate of North Georgia College. He is set to earn a Master of Strategic Studies from the U.S. Army War College in July. In addition, David holds several key management and cybersecurity certifications, including Project Management Professional (PMP), Certified Information Security Manager (CISM), and GIAC Certified Enterprise Defender (GCED)

  • speaker photo
    Ken Foster
    Head of Global Cyber Risk Governance, First Data Corporation
  • speaker photo
    Phillip Mahan
    Lifetime Member, American Society of Digital Forensics and EDiscovery

    Phillip loves to tell stories and has decades of experiences in Security, Privacy, and Technology, to use for tales. With enough letters to fill a full serving of Alphabet soup (although mostly ‘C’s, ‘I’s, ‘P's and ’S’s) he walks through data protection and privacy with an eye to making the world a better place for data to live.

  • speaker photo
    Ed Snodgrass
    Regional Security Principal, Insight Cloud + Data Center Transformation

    Ed has over 20 years of experience in information security, supply chain security, risk, compliance and mergers and acquisitions. Prior to joining Insight, he served as Chief Information Security Officer for Secure Digital Solutions, a consulting firm providing cyber security program strategy, enterprise risk and compliance, and data privacy. He also served as Business Information Security Officer for Target Corporation where he held strategic responsibility for information security risk identification, mitigation and management across the Stores and Finance/Retail Services technology and business portfolios. Ed has also served as an expert witness in several national data breach cases.

  • speaker photo
    Salar Atrizadeh, Esq.
    Attorney at Law, Law Offices of Salar Atrizadeh

    Salar Atrizadeh, Esq. is an attorney and information technology expert. He has an extensive background in computer information services, with a focus on database management systems. Salar has conducted seminars before legal and non-legal organizations on similar topics.

  • speaker photo
    David Barton
    Managing Director, UHY Advisors

    David Barton is a Managing Director with UHY Advisors and practice leader of the Internal Audit, Risk, and Compliance practice, which provides consulting and attestation services around information technology controls, cybersecurity, and compliance. He has over 25 years of practical experience in information systems and technology risk and controls. David is frequently asked to speak at national and regional events, such as SecureWorld and the Cloud Security Alliance Congress. He is the primary author of the CSA position paper on AICPA Service Organization Control Reports. He regularly provides his input and opinions for national publications such as Compliance Week, Accounting Today, and the Atlanta Journal Constitution. David holds an MBA and BS in Business Administration from Appalachian State University. He is Certified in Risk and Information Systems Control (CRISC), received the Certified Information Systems Auditor (CISA) designation in 1988, and is a member of the Atlanta chapter of the Cloud Security Alliance.

  • speaker photo
    Tamika Bass
    CISO, Georgia Department of Public Health

    Tamika Bass is the Chief Information Security Officer for Georgia Department of Public Health. Her expertise includes assessing and mitigating risk, analyzing impacts, business continuity and disaster recovery planning. Tamika focuses on building cohesive relationships with all levels of staff, management, and suppliers. She holds a Master in Business Administration and a Master in Information Systems Management. She is an adjunct professor and is a Certified Information Security Auditor (CISA). Tamika is also certified in Risk and Information Security Controls (CRISC) and a Certified Business Continuity Planner (CBCP).

  • speaker photo
    Mark Gelhardt
    Former CIO, The White House

    Colonel Mark Gelhardt is a retired Army combat veteran. While in the Army, Mark was selected to be the Chief Information Officer for The White House, supporting President Clinton with secure Automation and Telecommunication for over four and half years. Mark has over 40 years of experience in providing executive level management in Information Technology and Cybersecurity fields as a CTO, CSO, CIO, and CISO for several global companies. He is currently the VP of Global Technology Governance for US Bank. Mark is a published author and well-known keynote speaker.

  • speaker photo
    Cameron Michelis
    Sr. Director, Business Security Office, Automatic Data Processing

    Cameron currently serves as Senior Director of the ADP Business Security Office, has over 20 years of experience in Information Security, Data Science and Incident Management. Cameron holds a BS in Mathematics from the University of Florida, multiple professional certifications and is a member of the SANS Institute GIAC Advisory Board.

  • speaker photo
    Tim Chapman
    Director of Security Assurance, ADP

    Tim Chapman serves as ADP’s Director of Security Assurance, leading a team that provides security assurance to ADP’s North American clients. Prior to ADP, Tim’s expertise includes over 17 years of information security, operational risk management, business management, and process improvement experience. Additionally, Tim has been involved with several start-up organizations, including creating two companies and serving as their principal owner. Tim also served in the United States Marine Corps for four years. Tim holds a Bachelor of Business Administration degree from Florida Atlantic University and a Master of Business Administration degree from Georgia State University, where he majored in Information Systems. He also holds the CISSP, CISM, CRISC, and CIPP/US security and privacy certifications.

  • speaker photo
    Michael Jones
    Attorney, Trusted Counsel

    Michael is a corporate attorney with a strong background in intellectual property and business-oriented technology. As an Attorney with Trusted Counsel, Michael handles licensing and commercial agreement issues. He advises clients on IP and technology licensing, outsourcing and services agreements. He is responsible for negotiating complex technology transactions involving software licensing, data analytics services, cloud hosting services, R&D, data privacy and data security. He also manages a large volume and variety of other transactions, negotiates standard and complex corporate and commercial agreements, and balances legal and business risks for clients. He is currently spearheading Trusted Counsel's initiative to help its clients understand and comply with the European Union's GDPR and other recent privacy developments. He helps them to understand and map the data flowing in and out of their organizations, and then guides them through the process of updating their internal and external privacy policies, online terms and other third party agreements. Michael is a very seasoned attorney with 14 years of experience in the legal profession. Most recently, he served as Associate General Counsel in the Technology, Intellectual Property & Strategic Sourcing Group at New York Life Insurance Company, where he negotiated and drafted strategic and tactical technology agreements with all major suppliers as well as other related services agreements and routinely advised internal clients on technology- and privacy-related issues. He also served as the Legal Officer and Secretary of the New York Life Foundation. Prior to that, he was an Associate at a number of New York firms, among them Loeb & Loeb LLP; Patterson Belknap Webb & Tyler LLP; and Skadden, Arps, Slate, Meagher & Flom LLP. Michael graduated from Emory University with a B.A. in classics and French, followed by a Master of Arts degree in classical philology as well as Master of Philosophy and Doctor of Philosophy degrees from Yale University. He then earned his J.D. from Emory University.

  • speaker photo
    Linda Marcone
    Sr. Director, Information Security, Serta Simmons Bedding, LLC

    Linda Marcone has 15+ years of Information Security, Governance, Risk & Compliance, and Fraud Prevention experience. Throughout her career, she has built and transformed Information Security Programs and Teams, worked with FBI & NCFTA to take down an international fraud ring (APT), promoted diversity in the workplace, and acted as a mentor. She is currently serving as Co-Chair for Gartner’s Evanta CISO community and InfraGard Board Member.

    Linda joined Serta Simmons Bedding (SSB) in 2015 as the Head of Information Security. She is building the Information Security Program from the ground up for the $3B industry leader in bedding manufacturing and eCommerce. Prior roles include Governance, Risk ,and Compliance leader at Cox Communications, Information Security & Fraud Prevention Manager at AutoTrader.com, as well as Security Analyst and Security Engineering roles while at EarthLink.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store