- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Tuesday, August 20, 20199:00 am[SecureWorld PLUS] Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework9 a.m. - 3 p.m. • Earn 12 CPEs!CISO and Adjunct Faculty, University of MassachusettsRegistration Level:
9:00 am - 3:00 pmLocation / Room: 212
- SecureWorld Plus
The University of Massachusetts has developed a 6-hour SecureWorld PLUS training class that instructs attendees on the best practices for designing, building, and maintaining a cybersecurity program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the Framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program, and a Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M), and Executive Report
The class will help individuals and organizations acquire knowledge, skills, and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the instructor:
- Larry Wilson is the CISO for UMass President’s Office since 2009.
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation.
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past five years.
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework.
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
- Wednesday, August 21, 20197:00 amRegistration OpenRegistration Level:
7:00 am - 3:00 pmLocation / Room: Registration Desk8:30 amContinuous Monitoring Role in a Risk Management FrameworkRegistration Level:
- Open Sessions
8:30 am - 9:15 amLocation / Room: 202
- Conference Pass
Continuous monitoring is an integral step for ongoing awareness of information security, vulnerabilities, and threats to facilitate risk-based decision making. When developing your approach to Continuous Monitoring, you need to answer some fundamental questions in order to build your risk profile.8:30 amData Laundering, Exploitation, and Extortion: Time for Ethical AIRegistration Level:
8:30 am - 9:15 amLocation / Room: 212
- Conference Pass
We are facing seismic change with the convergence of big data and AI. The oceans of information and computing power is providing endless opportunities while challenging the concept of digital dignity. Rather than look at regulatory frameworks, industry needs to be proactive and look at the ethical issues and their long-term impact to society. This session will review ethical frameworks including the need to respect human autonomy, prevent asymmetries of power and ability to undo unintended harm and address unintended biases. These technologies show great promise, but only if they are applied and used within societal values and norms and developed with an “ethical purpose.” They need to be grounded in and reflective of the ethical principles of beneficence (do good) and non-maleficence (do no harm).8:30 amISSA Chapter Meeting - Open to all AttendeesRegistration Level:
8:30 am - 9:15 amLocation / Room: 201
- Open Sessions
Interested in your local associations? Join ISSA for a social meet and greet and chapter news.9:00 amExhibit Floor OpenRegistration Level:
9:00 am - 3:00 pmLocation / Room: SecureWorld Exhibitor Floor
- Open Sessions
This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!9:30 am[OPENING KEYNOTE] Business Email Compromise: Real World Stories and Practical DefenseRegistration Level:
9:30 am - 10:15 amLocation / Room: Keynote Theater
- Open Sessions
The average loss from a bank robbery is about $3,000. The average loss from a successful Business Email Compromise (BEC) attack is nearly $130,000. That kind of math explains why BEC is rampant, and every type of organization is at risk. During this presentation, hear from the point person on BEC cases investigated by the U.S. Secret Service. He’ll share true crime examples of and practical steps for defense against BEC losses, which now stand at $13.5 billion in the last six years.10:15 amConference Break / Exhibitor Product DemonstrationRegistration Level:
10:15 am - 11:15 amLocation / Room: SecureWorld Exhibitor Floor
- Open Sessions
Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.11:00 amAdvisory Council Roundtable - (VIP / Invite Only)Registration Level:
11:00 am - 12:00 pmLocation / Room: 205
- VIP / Exclusive
This session is for our Advisory Council members only.11:15 amData Protection in the Public Cloud: A Look at the Good, the Bad, and the UglyRegistration Level:
11:15 am - 12:00 pmLocation / Room: 201
- Conference Pass
Customers want to ensure that they can entrust their sensitive data to public cloud providers. This often leads to discussions with the cloud provider on various aspects of data protection, such as retention, encryption, and key management. If encryption is not implemented properly it will not provide the security assurance customers expect, resulting in misplaced trust. This talk will look at encryption at rest in various layers of the application stack with a focus on the risks each type of encryption mitigates. We will also look at various cloud-related key management schemes, including “bring your own key” (BYOK) and cloud-based Key Management Systems (KMS). Lastly, we will cover potential problems with customer data-retention that should be explored with the cloud service provider.11:15 amCISO Ventures Panel: Are Cybersecurity Startups Meeting Expectations of Buyers Taking a Risk on Them?Founder & Managing Director, Whiteboard Venture PartnersVP & CISO, RubrikCISO, ZendeskCISO, FlexportCISO, RMSCISO, CheggRegistration Level:
11:15 am - 12:00 pmLocation / Room: 212
- Conference Pass
The number of cyber startups is growing exponentially, with 4300+ cybersecurity companies worldwide including several private “unicorns”. With so many startups engaged in helping organizations achieve cybersecurity outcomes, how do organizational decision makers think about the risks involved in working with them? A panel of CXOs will share their expectations of and experiences with cybersecurity startups, including how they use solutions from startups to meet existing and emerging cybersecurity challenges.11:15 am[Mimecast] The Human Firewall Is on Fire: What Do You Do When the Smoke Clears?Registration Level:
11:15 am - 12:00 pmLocation / Room: 203
- Open Sessions
As today’s attacks have become more sophisticated, we are focused on helping organizations to improve their Cyber Resilience for Email in the Cloud by providing a comprehensive solution that goes beyond a defense-only strategy. In this session, we will discuss how to upgrade your human firewall by engaging them and supporting them with the most advanced technology available.
Presentation Level: TECHNICAL (deeper dive including TTPs)11:15 am[Kenna Security] Use the Data, Luke! Improving Security Outcomes with Intelligence, Automation, and Awareness of RiskRegistration Level:
11:15 am - 12:00 pmLocation / Room: 202
- Open Sessions
Security practitioners are forced to make millions of difficult decisions over their careers—fix this thing or that? Spend time analyzing this threat or another? Forced with an ever-evolving threat landscape, the only reasonable solution is to introduce high-quality intelligence and automation that guide decisions in our operations. But how can we do this cost-effectively and ahead of the threat, ensuring that we are covering the RIGHT problems? Join us for a deep dive into the state of the art in vulnerability management, security exposure, and threat intelligence—and ultimately, improved security operations.
– Attendees will obtain an overview of current threats – and how they affect security teams
– Attendees will receive information on tactics they can use to make better risk-based decisions
– Attendees will receive details about open source tools to improve operations
– Attendees will get an overview of state of the art decision systems based on machine learning and public datasets
– Attendees will obtain an understanding of state of the art for risk based vuln management and security operations
GENERAL (InfoSec best practices, trends, solutions, etc.)12:00 pmAdvisory Council LUNCH Round Table - (VIP / Invite Only)Registration Level:
12:00 pm - 1:00 pmLocation / Room: 205
- VIP / Exclusive
This session is for Advisory Council members only.12:15 pm[LUNCH KEYNOTE] The Top Cyber Threats for 2019 and How to Work with the FBI After a Data BreachRegistration Level:
12:15 pm - 1:00 pmLocation / Room: Keynote Theater
- Open Sessions
This presentation will provide the FBI’s perspective on the top cyber threats for 2019, discuss data breach prevention guidelines, and describe what it will look like to work with the FBI after a security breach has occurred at your company.
GENERAL (InfoSec best practices, trends, solutions, etc.)1:15 pmPanel: The Shifting Landscape of Attack VectorsRegistration Level:
1:15 pm - 2:15 pmLocation / Room: 212
- Open Sessions
If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
Vivek Sharma, Bizzsecure
Dave Ruedger, RMS
Zach Turner, Mimecast
Poorna Udupi, Goodmoney Group
Moderator: Rajan Kapoor, Director of Information Security, Dropbox1:15 pmPanel: Building a Better Mouse Trap (Emerging Threats)Registration Level:
1:15 pm - 2:15 pmLocation / Room: Keynote Theater
- Open Sessions
To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
Ibrahim Al-Islam, Malwarebytes
Mounir Hahad, Juniper Networks
Michael Stuyt, SailPoint
Jonathan Cran, Kenna Security
Chad Holmes, Security Innovation
Kurt Van Etten, RedSeal
Moderator: Brian Koref, Sr. Director Information Security, Intaact1:15 pm[OneTrust] CCPA: 5-Step Guide to California Consumer Privacy Act ComplianceRegistration Level:
1:15 pm - 2:15 pmLocation / Room: 202
- Open Sessions
With the clock ticking down until the California Consumer Privacy Act (CCPA) comes into effect on Jan. 1, 2020, many companies are struggling to understand the sweeping new privacy law, its impact on the business, and how to manage compliance across a matrix of global privacy laws. While there are still amendments to be settled before 2020, there are several few key ways to get ready for the CCPA’s privacy governance and consumer rights requirements. In this session, we’ll outline what this new law means for your business, detail what changes to expect to see before it’s put into effect, and lay out a 5-step guide to demonstrating on-going compliance the CCPA. We’ll also share findings from research conducted with the International Association of Privacy Professionals (IAPP) on how ready (or not) businesses are for the CCPA, what factors are driving compliance and how the GDPR fits into CCPA readiness.
Presentation Level: TECHNICAL (deeper dive including TTPs)2:15 pmConference Break / Exhibitor Product DemonstrationRegistration Level:
2:15 pm - 3:00 pmLocation / Room: SecureWorld Exhibitor Floor
- Open Sessions
Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.2:30 pmDash for Prizes and CyberHunt Winners AnnouncedRegistration Level:2:30 pm - 2:45 pmLocation / Room: SecureWorld Exhibitor Floor
Be sure to have your badge scanned with participating exhibitors. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win.3:00 pmCrisis Management: Practical Tips for Preparing for, Responding to, and Limiting Reputational and Financial Risks Associated with Data BreachesRegistration Level:
3:00 pm - 3:45 pmLocation / Room: 202
- Conference Pass
A crisis can happen at any moment, potentially interrupting an organization’s business operations, threatening public safety, or leading to reputational and financial loss. Marriott International recently experienced a data breach that affected almost 500 million guests who had made a reservation at a Starwood property, and Yahoo suffered two record-setting breaches affecting as many as 3 billion user account worldwide.
With practical tips from litigation counsel of what has been reported as the largest breach in history, this program will focus on how to manage the business and reputational fallout after a data breach, including practical remediation and risk management tips.3:00 pmThoughts on Cyber Threat HuntingRegistration Level:
3:00 pm - 3:45 pmLocation / Room: 212
- Conference Pass
Cyber threat hunting has become increasingly important as companies strive to stay ahead of the latest threats. This presentation describes some of the best practices in cyber threat hunting, related innovation trends and analysis. The areas that will be covered include application, enterprise and cloud. Specific examples will be provided based on the kill-chain methodology.
GENERAL (InfoSec best practices, trends, solutions, etc.)3:00 pmSecurity Awareness: How to Truly Create a Complex but Memorable PasswordRegistration Level:
3:00 pm - 3:45 pmLocation / Room: 201
- Conference Pass
In this session, we will discuss how to create complex passwords without using password managers or tokens. Steven will also cover how to grab and keep employee attention during security awareness training.
GENERAL (InfoSec best practices, trends, solutions, etc.)
- BizzSecureBooth: 111
In short: We help keep you and your company out of the evening news due to your sensitive business data being compromised.
Our Out-of-the-Box EAID (Enterprise Assessment and InfoSec Design) Solution automates your information security and compliance assessments providing results up to 10 times faster than manual methods. It gives you instant visibility into your complex security framework with little to no implementation, and it helps design and track your remediation efforts. EAID comes with over 9,300 questions to validate over 1,800 policy templates and security controls, associated with over 12 compliance regulations including NIST, HIPAA, PCI, ISO, FISMA, GDPR and many others.
- Secure DiversityBooth:
Seecure Diversity is an innovative non-profit organization with leaders that think out of the box who have created strategies & solutions in placing qualified women and underrepresented humans into cybersecurity roles. We foster gender diversity, equity, and inclusion in the cybersecurity industry through conferences, networking, mentoring, professional development, and community outreach. One of our primary goals is to raise awareness and increase the number of women and underrepresented humans in the cybersecurity workforce. Founded in 2015 by Deidre Diamond; our mission is the equal representation of women and men in the cybersecurity workforce by engaging and collaborating with organizations and businesses to improve the recruitment and retention of women; utilize marketing and social media platforms to raise awareness of women in cybersecurity careers; remove cybersecurity institutional barriers and innovate new strategies to leverage existing resources.
- CISO VenturesBooth:
Whiteboard Venture Partners is building this exclusive community to help cybersecurity startups engage/collaborate with security innovation stakeholders.
- Cobalt.ioBooth: 409
Cobalt’s Pentest as a Service (PtaaS) Platform transforms traditional pentesting into a data-driven vulnerability management engine. Fueled by a global talent pool of certified freelancers, our modern pentest platform delivers actionable results that empowers agile teams to pinpoint, track, and remediate vulnerabilities.
- Code42Booth: 305
Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.
- Comodo CybersecurityBooth: 101
In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.
- <CSO CouncilBooth:
The CSO Council is a non-profit corporation that supports a community of CSOs enabling the members to leverage experience and expertise of each other for the more effective and timely protection of their organization’s critical information assets. The CSO Council organizes conferences, panel discussions, webinars and special events to facilitate communications among its members and the information security community.
- <Booth: 104
- DarktraceBooth: 500
Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.
The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.
International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.
- Global Cyber AllianceBooth:
The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org
- HackerOneBooth: 409
HackerOne is the #1 hacker-powered security platform. More than 1,400 organizations, including the U.S. Department of Defense, General Motors, Google Play, Twitter, GitHub, Nintendo, Panasonic Avionics, Qualcomm, Starbucks, and Dropbox, trust HackerOne to find critical software vulnerabilities.
- (ISC)2 Silicon ValleyBooth:
- InfraGard San Francisco Bay Area Member AllianceBooth:
- ISSA San Francisco Bay AreaBooth:
Whether you are exploring a career in cybersecurity, honing your technical expertise or an established security executive, the ISSA offers you a network of 10,000 colleagues worldwide to support you in managing technology risk and protecting critical information and infrastructure. Enhance your professional stature, expand your peer network and achieve your personal career goals. Your local chapter and ISSA International will provide you with a wealth of resources to keep you current with industry trends and developments in our ever-evolving field.
- ISSA Silicon ValleyBooth:
The Information Systems Security Association (ISSA) is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members.
Our chapter is comprised of over 250 Silicon Valley Information Security Staff, Consultants, Managers, Executives, and other business professionals. Our members come from Small Businesses and Fortune 100 companies. Our demographics are diverse, yet we share the common thread that we understand the criticality of Information Security as an enabler of today’s key business objectives and the improvements that will come tomorrow.
- ISACA Silicon Valley ChapterBooth:
ISACA-SV is proud to serve our Bay Area constituents. Our mission is to serve those involved with various aspects of information security, assurance, risk management, privacy, audit, and similar topics associated with IT control and governance related activities.
The Silicon Valley Chapter of ISACA® was started in 1982, and has grown to over 800 members. Our members reside throughout the Bay Area centering in the Silicon Valley. We are a very active chapter, and have won multiple awards over the years, including two worldwide awards.
- Jazz NetworksBooth: 107
Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.
- JuniperBooth: 201
Our customers don’t set out to build networks. They build on ideas that reinvent, reimagine, and improve the world around them. It makes sense that we should begin there, too.
Through our passion for creating high-performing networks, Juniper extends knowledge, collaboration, and human advancement in industries around the world—such as energy, healthcare, education, and many others.
While our innovative product and services portfolio evolves continuously, we need to reach farther to secure our customers’ long-term success. We’re looking beyond the horizons of today’s business challenges, and the technology future we see is built on real-time service integration. That means everything we develop must align with our vision.
- KennaBooth: 208
Kenna was built on the premise that cyber risk must be managed as an enterprise-wide effort. We believe cyber risk can only be effectively mitigated when the whole organization works as one, focused in the same direction and on the right target.
- MalwarebytesBooth: 102
Malwarebytes secures endpoints, making workplaces resilient. Our adaptive attack protection predicts and detects attacks with multi-layer detection across the kill chain. We enable active threat response with machine learning that is actionable and automated, allowing for full recovery when a compromise occurs. We empower enterprise endpoint orchestration across siloed IT and Security organizations, simplifying security management and making responses effective. Malwarebytes makes endpoints resilient so workplaces can protect and remediate, and employees can regain control of their digital lives. Visit us at www.malwarebytes.com/business.
- Meta NetworksBooth: 301
The way we work has changed dramatically in the last decade. We’re no longer sitting in an office every day, working with applications in the local data center. It’s not just that the perimeter is dissolving – security paradigms designed around the idea that users on the LAN can be trusted is dangerous.We believe it’s time to update the way we approach network access and security. It’s now possible to leverage the cloud and the internet to build a global, zero-trust private network that is agile and scalable enough for the way we do business today. With the Meta Network-as-a-Service (NaaS), you can rapidly connect user devices to applications in the data center and the cloud and secure them with a software-defined perimeter. Meta NaaS is user-centric rather than site-centric, making it the ideal solution for the network security challenges that businesses face today – from providing user-friendly remote access, to connecting cloud infrastructure, and reducing management costs.Meta Networks was founded in 2016 by a leading team of cloud, networking and security experts from companies including Stratoscale, Intel, Check Point, Oracle, Cisco, Harman, Incapsula, Ericsson, 3M and Elbit. The company is funded by the BRM Group and Vertex Ventures.
- MimecastBooth: 203
Mimecast (NASDAQ: MIME) was born in 2003 with a focus on delivering relentless protection. Each day, we take on cyber disruption for our tens of thousands of customers around the globe; always putting them first, and never giving up on tackling their biggest security challenges together. We are the company that built an intentional and scalable design ideology that solves the number one cyberattack vector—email. We continuously invest to thoughtfully integrate brand protection, security awareness training, web security, compliance and other essential capabilities. Mimecast is here to help protect large and small organizations from malicious activity, human error and technology failure; and to lead the movement toward building a more resilient world.
- OneTrustBooth: 403
OneTrust is the leading and fastest growing privacy management software platform used by hundreds of organizations globally to comply with data privacy regulations across sectors and jurisdictions, including the EU GDPR and Privacy Shield.
- OWASP Bay AreaBooth:
The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
- RedSealBooth: 204
By focusing on cybersecurity fundamentals, RedSeal helps government agencies and Global 2000 companies measurably reduce their cyber risk. With RedSeal’s cyber terrain analytics platform and professional services, enterprises improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif.
- SailPointBooth: 105
SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.
- Security InnovationBooth: 407
For almost two decades, global clients have trusted Security Innovation to help them learn how to defend software applications and sensitive data from cyber-threats and attacks. We understand the challenges facing today’s enterprise, where reputation and customer trust is on the front lines. That’s why we continually work to discover and overcome the latest security threats with our Centers of Excellence, and integrate this knowledge into every training and assessment solution we deliver.
- Security ScorecardBooth: 309
SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their third-parties through continuous, non-intrusive monitoring. SecurityScorecard’s proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Application Security, Malware, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Information.
- SonatypeBooth: 202
Every day, developers rely on millions of third party and open source building blocks – known as components – to build the software that runs our world. Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don’t have to make the tradeoff between going fast and being secure. More than 120,000 organizations use Sonatype’s Nexus solutions to support agile, Continuous Delivery, and DevOps practices globally
- TACACS.netBooth: 401
TACACS+ is a vendor-neutral Authentication, Authorization, and accounting (AAA) protocol that enables you to centralize and control administrator access to routers, switches, firewalls, load balancers, and WiFi access points. TACACS.net is the easiest and most cost efficient way to implement TACACS+ to improve your security and simplify management of your network.
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- TevoraBooth: 103
Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats. For more information visit https://www.tevora.com.com/.
- Larry WilsonCISO and Adjunct Faculty, University of Massachusetts
Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.
- Sarah LangeCISO, Allgress, Inc.
Sarah has over 23 years of experience in Information Security Management, Risk Management, Third Party Oversight, and Governance in both internal and consulting roles. She is an experienced leader with a background in design, and implementation of GRC and Security programs working with technologies that enable these programs to be effective. Her project management experience includes leading onsite and outsourced teams across various industry verticals including: Financial Services, Life Sciences, and Consumer and Government programs. Sarah holds both a CISSP and CEH.
- Craig SpiezleFounder & Managing Director, AgeLight Digital Trust Advisory Group
Craig Spiezle is the founder and managing partner of AgeLight Advisory Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.
- Stephen DoughertyCyber-Enabled Financial Fraud Investigator, U.S. Secret Service / Firebird AST
Stephen Dougherty has over a decade of investigative experience. His career as a Financial Fraud Investigator in support of the federal government has played a pivotal role in criminal investigations, surrounding cyber-enabled financial crime, money laundering, human trafficking, identity theft, healthcare fraud, embezzlement, tax/government program fraud, dark web crimes, among others. Stephen’s main area of expertise is combatting money laundering in all its forms. Aside from this, Stephen has been proactive in identifying new and future trends in the world of financial crime. Such trends include the cyber security nexus of financial crimes and its ever-growing relationship in major financial crimes such as Business Email Compromise and the rise of the dark web and the use of virtual currency as a vehicle for facilitation of financial crimes. Stephen has been a leader and a mentor to other investigators teaching them how to uncover fraud internally and externally. Stephen is currently an investigator contracted to the U.S. Secret Service’s Global Investigative Operations Center (GIOC) in Washington D.C.
- Philip CoxVP, Security & Compliance, Coupa Software
- Kenneth HartmanInstructor, The SANS Institute
Kenneth G. Hartman is a security engineering leader in Silicon Valley. Ken's motto is "I help my clients earn and maintain the trust of their customers." Ken is an Instructor for the SEC545 Cloud Security Operations course offered by the SANS Institute. Ken has worked for a variety of Cloud Service Providers in Security Architecture, Engineering, Compliance, and Security Product Management roles. From 2002-2011, Ken helped launch and lead a company called Visonex into a profitable, nation-wide dialysis-specific electronic medical record using a software-as-a-service (SaaS) business model. Ken holds a BS Electrical Engineering from Michigan Technological University and a Masters Degree in Information Security Engineering from SANS Technology Institute. Ken has earned the CISSP, as well as multiple GIAC security certifications, including the GIAC Security Expert.
- Moderator: Abhijit SolankiFounder & Managing Director, Whiteboard Venture Partners
Abhijit Solanki is the founder of Whiteboard Venture Partners, an early stage venture capital firm helping entrepreneurs achieve their whiteboard dreams.
- Rinki SethiVP & CISO, Rubrik
Rinki Sethi is an information security executive known for change, technical and thought leadership across security and enablement disciplines. She is a veteran in the cyber security domain and throughout her career has built and matured technical security teams across security operations, product security, application security, security architecture, and security strategy within the Fortune 500 and other large enterprise including IBM, Palo Alto Networks, Intuit, eBay, Walmart.com, and Pacific Gas & Electric. Rinki has won many industry awards for her leadership and has built many strategic programs focused on bringing more women into technology. She is currently the Vice President and Chief Information Security Officer at Rubrik Inc.
- Maarten Van HorenbeeckCISO, Zendesk
Maarten Van Horenbeeck is Chief Information Security Officer of Zendesk since March 2018. He has also been a Board member of the Forum of Incident Response and Security Teams (FIRST) since 2011, and is the Lead Expert to the IGF Best Practices Forum on Cybersecurity. From July 2015 to March 2018, he served as Vice President, Security Engineering for Fastly, a Content Delivery Network. He holds an MA in Information Security from Edith Cowan University in Perth, Western Australia, and an MA in International Relations from the Freie Universität Berlin.
- Kevin PaigeCISO, Flexport
Kevin Paige is the Chief Information Security Officer (CISO) at Flexport, provider of the Operating System for Global Trade. Prior to Flexport, Kevin was the CISO at MuleSoft, and brings over 20 years of leadership in delivering solutions and programs that optimize security, compliance and technical operations for both the private and public sectors.
- Dave RuedgerCISO, RMS
Dave Ruedger is the Chief Information Security Officer for Risk Management Solutions based out of Newark, CA. RMS is a premier provider of catastrophe risk models for the insurance industry that help organizations forecast losses for hurricane, earthquake, flood, wildfire, terrorism and cyber risk in a cloud hosted SaaS environment. Dave holds CISSP and CRISC certifications and has over 25 years of experience developing and managing security programs for organizations as diverse as pre-IPO startups to large Fortune 500 enterprises. Prior to joining RMS, Dave was a co-founder of a company that provided a hosted marketing platform with full service ecommerce and data analytics capabilities to drive higher engagement and customer retention for globally distributed users in 23 languages, and he has been a strong advocate of data protection and privacy rights throughout his career.
- John HeasmanCISO, Chegg
John Heasman is the CISO of Chegg, the leading student-first connected learning platform where he is focused on proactive approaches to building secure software. Prior to Chegg, John was the Deputy CISO at DocuSign. He has presented at Black Hat, DEF CON, OWASP AppSec and other industry forums on a diverse range of topics from web application security through to firmware APTs. He co-authored The Shellcoder’s Handbook (2nd Ed.) and The Database Hacker’s Handbook, and he has a Master's degree from Oxford University.
- Zach TurnerEnterprise Sales Engineer, Mimecast
Zach joined Mimecast in 2017 as an Enterprise Sales Engineer in Denver, CO. Previously, Zach worked in the enterprise space for AirWatch by VMware, where he focused on cloud-based Mobile Device Management solutions involving mobile security, content management, and email management. Most recently, he worked for Fuze, Inc., a $1 billion UCaaS startup, based in Boston, MA. There, Zach was on the enterprise sales engineering team assigned to the southeast U.S. and focused on enterprise communications, specializing in verticals where data encryption and security were key requirements. Zach is a graduate of Brigham Young University-Idaho and is based in San Diego, CA.
- Jonathan CranHead of Research , Kenna Security
Jonathan Cran is an information security expert based in Austin, Texas. He’s a principal at the strategic consulting firm Pentestify, and founder of the the open security intelligence platform, Intrigue. His passion is security assessment, architecting systems to measure and ultimately prevent security incidents. Currently, he’s building a world-class research team at Kenna Security, working on the next generation of proactive security decision support.
- Philip CoxVP, Security & Compliance, Coupa Software
- Elvis M. ChanSupervisory Special Agent, Squad CY-1, National Cyber Center, FBI San Francisco
Elvis Chan is a Supervisory Special Agent (SSA) assigned to FBI San Francisco. SSA Chan manages a squad responsible for investigating national security cyber matters. With 14 years in the Bureau, he is a decorated agent who is recognized within the Intelligence Community as a cyberterrorism expert. SSA Chan was the lead agent on significant cyber investigations and managed joint counterterrorism operations with domestic and foreign law enforcement agencies. Prior to joining the Bureau, SSA Chan was a process development engineer in the semiconductor industry for 12 years. He holds two U.S. patents, presents at many technical and law enforcement symposiums, and published multiple articles in technical journals.
- Ethan SailersSolutions Engineer, OneTrust
Ethan Sailers serves as a Privacy Engineer at OneTrust, the largest and most widely-used dedicated privacy management technology platform to operationalize privacy, security, and third-party risk management. In his role, he advises companies large and small on EU GDPR, California Consumer Privacy Act (CCPA), Brazil LGPD, and hundreds of the world's privacy laws, focused on formulating efficient and effective responses to data protection requirements as well as building and scaling privacy programs. Ethan is a Certified Information Privacy Professional (CIPP/E, CIPM), and earned a Bachelor of Science in Industrial and Systems Engineering from the Georgia Institute of Technology.
- Ann Marie MortimerManaging Partner, Los Angeles Office, Hunton Andrews Kurth LLP
Mortimer is the managing partner of Hunton Andrews Kurth LLP’s Los Angeles office and co-head of the firm’s commercial litigation practice. Her practice is cross-disciplinary and includes significant business and class action consumer claims litigation experience and crisis management in relation to data breach, consumer related labeling claims, and multi-party risk situations. Mortimer earned her J.D. from UC Berkeley, Boalt Hall School of Law, her M.Sc. from the London School of Economics and her A.B. from Smith College.
- Selim AissiSVP and CISO, Ellie Mae
Selim Aissi is Senior Vice President & Chief Security Officer at Ellie Mae’. He is responsible for Ellie Mae’s Security Engineering, Operations, Strategy and Information Technology Risk & Compliance. Before joining Ellie Mae, Selim was the Vice President of Global Information Security at Visa. In that role, Selim transformed Visa’s information security program into the industry leader, led critical security programs including product security innovation, and enabled global growth and datacenter expansion. He also led the definition of security technologies for protecting Visa’s data, networks, data centers, digital wallets, applications, end-point devices, and other core capabilities for corporate network as well as issuer- and consumer-facing products and services. Selim was recognized for leading company-wide Security Initiatives including ApplePay, Visa’s APAC Data Center, and Visa’s Data Protection Programs. Previously, Selim spent over 11 years at Intel where he held senior management and technology roles and championed several security technologies for Intel’s server, desktop, and mobile products. Prior to Intel, Selim held senior engineering positions at General Dynamics - Land Systems Division (M1A2 Battle Tank Vehicle Electronics), General Motors (Embedded Software Center of Excellence), and Applied Dynamics International. Selim earned his B.S., M.S., and Ph.D. engineering degrees from the University of Michigan, Ann Arbor. He is a Certified Information Systems Security Professional (CISSP), Senior Member of IEEE, and member of ACM and ISACA. He holds over 100 patents in various areas of computer and information security. Selim has been a Board Member for several Startups (BlackDuck and MagicCube), VCs (Ten Eleven Ventures, BGV), and Security Organizations & Institutions (FS-ISAC, State of California’s Cybersecurity Task Force, National Technology Security Coalition (NTSC), UC Berkeley CISO Institute, Bay Area CISO Executive Governing Body, and CISO Magazine). He co-authored the book Security for Mobile Networks and Platforms (Artech House). Selim has also been recognized for security innovation and leadership and received the CSO50 Award (2018 and 2019), Reboot Technology Leadership Award (2018), Top 100 CISOs Globally (2017) and Most Influential CISOs (2016), and Security 500 Award (2016 and 2018).
- Sudesh GadewarSecurity Engineer, Ellie Mae
Sudesh Gadewar is Sr Staff Security Engineer at EllieMae. Sudesh holds 10+ years of experience in security where passion is in offense and defense of security. Sudesh holds various Security Certifications which he use as attestations to his skillset. His core area of expertise is in product and application security, where he build SSLDC lifecycle, Security Automation On-Prim and Cloud. He build threat intel automation where aggregating feeds, validating, cleansing and integrate with sensors. He does spend lots of time on threats kill chain analysis. In his spare time he like to educate people, kids around security and 101 of cyber security. Sudesh presented in various conferences such as Cisco Live, DEFCON, Tech Summits, Meet up to share the best practices and new analysis around threats and information Security.
- Steven LentzHead of Security, Mojio
Steven is the Head of Security, CISSP, CIPP/US. He has presented for SC Magazine and in Las Vegas regarding Cybersecuirty and Security Awareness.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes