Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Tuesday, May 23, 2023
    9:00 am
    [PLUS Course] Developing a Ransomware Program Using the MITRE ATT&CK Framework
    • session level icon
    speaker photo
    Executive Director, Information Security & Cyber Protection, Sumitomo Pharma Americas
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm

    Ransomware is a type of malicious software, or malware, that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return. Ransomware attacks can cause costly disruptions to operations and the loss of critical information and data. You can unknowingly download Ransomware onto a computer by opening an email attachment, clicking an ad, following a link, or even visiting a website that’s embedded with malware.

    Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the frequency of attacks remains consistent. Since early 2018, the incidence of broad, indiscriminate Ransomware campaigns has declined, but losses from Ransomware attacks have increased significantly, according to complaints received by FBI case information. Although state and local governments have been particularly visible targets for Ransomware attacks, threat actors have also targeted health care organizations, industrial companies, and the transportation sector.

    This course helps organizations design, build, update, maintain a comprehensive Ransomware Program.

    Course Outline:

    Part 1: Ransomware Overview – The Current Threat Landscape

    • What is ransomware and how does it work?
    • How ransomware attacks have changed—from 2016 to today
    • Today’s ransomware attacks: big game hunting
    • Ransomware attacks against critical infrastructure
    • Ransomware and cyber insurance

    Part 2: Ransomware Attacks and the MITRE ATT&CK Framework  

    • Discuss ransomware attack stages (initial access, lateral movement, privilege escalation…)
    • Review the MITRE ATT&CK Framework (tactics, techniques, procedures)
    • Map ransomware attack stages to the MITRE Attack Framework

    Part 3:  Ransomware Controls Frameworks, Guides, and Best Practices   

    • NIST IR 8374: Cybersecurity Framework Profile for Ransomware Risk Management
    • CISA MS-ISAC Ransomware Guide
    • NIST SP 1800-25: Identifying and Protecting Assets Against Ransomware & Other Destructive Events
    • NIST SP 1800-26: Detecting and Responding to Ransomware & Other Destructive Events
    • NIST SP 1800-11: Recovering from Ransomware & Other Destructive Events

    Part 4:  Building a Ransomware Program Based on the NIST Risk Management   

    • Step 1: Prepare – Essential activities to prepare the organization for a ransomware attack
    • Step 2: Categorize– Architect, design, organize critical systems, information, and security tools
    • Step 3: Select – Choose the ransomware controls (i.e., CISA_MS-ISAC Ransomware Guide)
    • Step 4: Implement – Using security tools / sensors to apply ransomware controls to critical assets
    • Step 5: Assess – Determine if controls are in place, operating as intended, producing desired results
    • Step 6: Authorize – Communicate ransomware program / assessment with executive management
    • Step 7: Monitor – Continuously monitor
    9:00 am
    [PLUS Course] Cybersecurity and Risk Economics
    • session level icon
    speaker photo
    Leader in Cybersecurity Strategy, Innovation, and Economics
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm

    This PLUS Course will cover cyber metrics; cyber risk quantification; efficacy (effectiveness) / efficiency ; resource allocation/management; and more.

  • Wednesday, May 24, 2023
    7:30 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:30 am - 4:30 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 4:30 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    Association Chapter Meetings
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:50 am

    Participating professional associations and details to be announced.

    8:00 am
    Advisory Council Roundtable Breakfast – (VIP / Invite only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:50 am

    This roundtable discussion is for our Advisory Council members only.

    9:00 am
    OPENING KEYNOTE
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    Location / Room: Keynote Theater
    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:15 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    10:15 am
    Board Reporting
    • session level icon
    speaker photo
    Chief Information Security & Privacy Officer, Bed Bath & Beyond
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am

    Session description coming soon.

    10:15 am
    [SentinelOne] The Future of Cybersecurity Is Autonomous
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am

    Session description coming soon.

    10:15 am
    Ethics of Data
    • session level icon
    speaker photo
    Senior Director, Privacy and Information Governance, Carnival Corporation
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am

    Session description coming soon.

    11:10 am
    [Panel] There’s a Bad Moon on the Rise – Are You Ready?
    • session level icon
    Identifying the Current Threat Landscape
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am

    Like the main character in the 1981 horror movie, An American Werewolf in London, cybercriminals continue to morph into something evil, lurking in the night (and day) to cause harm to people, organizations, and governments. Cue the Creedence Clearwater Revival song, Bad Moon Rising.

    The cybersecurity community is smart and more than capable of thwarting bad actors, fangs and all. They have tools, technologies, partnerships across private and public entities, and solution vendors to help them along the way. Don’t forget about the consultants working hard to stay ahead of those wanting to do harm, as well.

    Hear our panelists’ views on the current threat landscape, solutions they have to offer, and ideas they have for turning a bad moon into a harvest moon.

    11:10 am
    BEC Attacks: The Stealthiest and Most Lucrative Threat
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am
    12:00 pm
    [Lunch Keynote] Ukraine vs. Russia: The Cyber War
    • session level icon
    speaker photo
    CNN Military Analyst; USAF (Ret.), Chairman, Cedric Leighton Associates, LLC
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm
    Location / Room: Keynote Theater
    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 12:45 pm

    Advisory Council – VIP / INVITE ONLY

    12:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:45 pm - 1:15 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    1:15 pm
    [Panel] Lucy in the Cloud with Diamonds
    • session level icon
    Securing Your Cloud Environment
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    Can you “imagine” if The Beatles, when first starting out, had to deal with having their catalog of music hacked, stolen, and held for ransom simply because it was in an unsecure cloud setting? While it is possible for that to happen with their hit-laden collection of songs today, it’s merely a tiny example of how businesses operate at a minimum in a hybrid cloud environment—many in a cloud-only platform.

    With that comes security issues and another major area which cybersecurity professionals must work diligently to protect.

    Our panel of experts share the good, the bad, and the ugly of operating in a cloud environment, what it takes to make the move to hybrid or multi-cloud successful, how to protect data from insider and outsider threats, and what it takes to provide the support DevOps teams need.

    1:15 pm
    Ransomware: How to Stay out off the Front Pages
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    2:15 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 2:30 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    2:30 pm
    Back to Basics
    • session level icon
    speaker photo
    Information Security & Compliance Officer, Paradies Lagardère
    Registration Level:
    • session level iconConference Pass
    2:30 pm - 3:15 pm

    Session description coming soon.

    2:30 pm
    Risk Management: Understanding How to Assess and Communicate Cybersecurity Risks
    • session level icon
    speaker photo
    Cybersecurity Director, Gannett Fleming
    Registration Level:
    • session level iconConference Pass
    2:30 pm - 3:15 pm

    Session description coming soon.

    3:15 pm
    Networking Break and Dash for Prizes
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 3:45 pm
    Location / Room: Exhibitor Hall

    Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

    Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

    3:45 pm
    Cybersecurity as a Business Driver
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:45 pm - 4:30 pm

    Savvy would-be customers be research companies and typically prefer to do business with those who have good cyber hygiene. How can a strong security posture be a business driver for your organization?

Exhibitors
  • Atlantic Data Security
    Booth: TBD

    Since 1993, Atlantic has been representing industry leading security products to help get customers to an acceptable level of IT security risk. Atlantic works extensively with both large enterprises and SMB markets, understanding their business goals before any solution is recommended. Atlantic’s strict focus ensures that customers receive the highest level of both service and support.

  • Netskope
    Booth: TBD

    The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.

  • SentinelOne
    Booth: TBD

    SentinelOne is the future of Endpoint Protection. It unifies prevention, detection and response in a single platform driven by sophisticated machine learning and intelligent automation. With SentinelOne, organizations can detect malicious behavior across multiple vectors, rapidly eliminate threats with fully-automated, integrated response capabilities, and adapt their defenses against the most advanced cyber attacks.

  • ThreatLocker
    Booth: TBD

    ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Executive Director, Information Security & Cyber Protection, Sumitomo Pharma Americas

    Larry Wilson is a senior consultant and was formerly the Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Pete Lindstrom, Instructor
    Leader in Cybersecurity Strategy, Innovation, and Economics

    Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.

  • speaker photo
    Antonio Andrews
    Chief Information Security & Privacy Officer, Bed Bath & Beyond
  • speaker photo
    Jennifer Harkins Garone
    Senior Director, Privacy and Information Governance, Carnival Corporation

    Jennifer Harkins Garone is the Senior Director of Privacy and Information Governance for North American brands of the Carnival Corporation since July 2018. Prior to this role, she spent 10 years at Microsoft leading privacy in diverse roles and organizations, including IT, HR, and corporate privacy.

    Jennifer launched her career in marketing working on top brands like Apple, American Express, and AT&T. She has also done a short stint in sports marketing at an NHL team. It was while running direct marketing at Citizens Bank that Jennifer gained privacy responsibilities. It made perfect sense as financial services privacy law requires the mailing of a privacy statement to customers once a year. She was then the Americas' Privacy Leader for GE Money in Stamford, CT.

    Fellow of Information Privacy (FIP) and early IAPP member, Jennifer is also a former Chairperson of the DMA Ethics Policy Committee and a member of the Mobile Marketing Associate, ANA and Word of Mouth Marketing Association privacy committees. In 2012, she received the Microsoft Engineering Excellence privacy award and various internal Microsoft privacy awards. She is a frequent speaker at privacy conferences.

    Jennifer is active in her local community, serving as a Board Member of Eastside Heritage Center and as a Medina City Councilperson.

    While the roles, industries, and brands have been different, what has always remained true is the ability to learn quickly and apply the fundamentals of business while driving results. Jennifer is married and has two delightful children. Born in New York, educated at Hofstra and Harvard. In her free time, she runs, skis, and reads. And next to curling up and reading with her kids, her next favorite place to be is on an airplane, going somewhere.

  • speaker photo
    Panel Discussion
  • speaker photo
    Col. Cedric Leighton
    CNN Military Analyst; USAF (Ret.), Chairman, Cedric Leighton Associates, LLC

    Founder of a strategic risk consultancy after serving 26 years in the US Air Force, Cedric Leighton oversaw numerous critical intelligence missions throughout his career. He served at US Special Operations Command, the Joint Staff and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star.

    Currently, Cedric advises multinational businesses on cyber attacks and the management of complex global strategies to reduce risk and unpredictability.

  • speaker photo
    Panel Discussion
  • speaker photo
    Michael Marsilio
    Information Security & Compliance Officer, Paradies Lagardère
  • speaker photo
    Tamika Bass
    Cybersecurity Director, Gannett Fleming

    Tamika Bass is an Information Security professional with more than 17 years’ experience in information security, including information security governance and risk management. Tamika is passionate about improving communication and understanding of information security in the industry. Tamika is an active speaker, college professor and enjoys spending her time educating technical staff on the importance of communicating effectively in the Information Technology space. Tamika holds the following certifications: CISA,CRISC, HCISPP, CBCP.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Grow in person!

Join your cybersecurity community for learning and professional growth. Sign up today!