googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Tuesday, August 20, 2019
    9:00 am
    [SecureWorld PLUS] Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    9 a.m. - 3 p.m. • Earn 12 CPEs!
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm
    Location / Room: 212

    The University of Massachusetts has developed a 6-hour SecureWorld PLUS training class that instructs attendees on the best practices for designing, building, and maintaining a cybersecurity program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the Framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program, and a Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M), and Executive Report

    The class will help individuals and organizations acquire knowledge, skills, and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the instructor:

    • Larry Wilson is the CISO for UMass President’s Office since 2009.
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation.
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past five years.
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework.

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
  • Wednesday, August 21, 2019
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:30 am
    Continuous Monitoring Role in a Risk Management Framework
    • session level icon
    speaker photo
    CISO, Allgress, Inc.
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 202

    Continuous monitoring is an integral step for ongoing awareness of information security, vulnerabilities, and threats to facilitate risk-based decision making. When developing your approach to Continuous Monitoring, you need to answer some fundamental questions in order to build your risk profile.

    8:30 am
    Data Laundering, Exploitation, and Extortion: Time for Ethical AI
    • session level icon
    speaker photo
    Founder & President, AgeLight Advisory & Research Group
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 212

    We are facing seismic change with the convergence of big data and AI. The oceans of information and computing power is providing endless opportunities while challenging the concept of digital dignity. Rather than look at regulatory frameworks, industry needs to be proactive and look at the ethical issues and their long-term impact to society. This session will review ethical frameworks including the need to respect human autonomy, prevent asymmetries of power and ability to undo unintended harm and address unintended biases. These technologies show great promise, but only if they are applied and used within societal values and norms and developed with an “ethical purpose.” They need to be grounded in and reflective of the ethical principles of beneficence (do good) and non-maleficence (do no harm).

    8:30 am
    ISSA Chapter Meeting - Open to all Attendees
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: 201

    Interested in your local associations? Join ISSA  for a social meet and greet and chapter news.

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    [OPENING KEYNOTE] Business Email Compromise: Real World Stories and Practical Defense
    • session level icon
    speaker photo
    Financial Fraud Investigator, Global Investigative Operations Center, U.S. Secret Service
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    The average loss from a bank robbery is about $3,000. The average loss from a successful Business Email Compromise (BEC) attack is nearly $130,000. That kind of math explains why BEC is rampant, and every type of organization is at risk. During this presentation, hear from the point person on BEC cases investigated by the U.S. Secret Service. He’ll share true crime examples of and practical steps for defense against BEC losses, which now stand at $13.5 billion in the last six years.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    speaker photo
    VP, Security & Compliance, Coupa Software
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 205

    This session is for our Advisory Council members only.

    11:15 am
    Data Protection in the Public Cloud: A Look at the Good, the Bad, and the Ugly
    • session level icon
    speaker photo
    Instructor, The SANS Institute
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 201
    Customers want to ensure that they can entrust their sensitive data to public cloud providers. This often leads to discussions with the cloud provider on various aspects of data protection, such as retention, encryption, and key management. If encryption is not implemented properly it will not provide the security assurance customers expect, resulting in misplaced trust. This talk will look at encryption at rest in various layers of the application stack with a focus on the risks each type of encryption mitigates. We will also look at various cloud-related key management schemes, including “bring your own key” (BYOK) and cloud-based Key Management Systems (KMS). Lastly, we will cover potential problems with customer data-retention that should be explored with the cloud service provider.
    11:15 am
    CISO Ventures Panel: Are Cybersecurity Startups Meeting Expectations of Buyers Taking a Risk on Them?
    • session level icon
    speaker photo
    Founder & Managing Director, Whiteboard Venture Partners
    speaker photo
    VP & CISO, Twitter
    speaker photo
    CISO, Flexport
    speaker photo
    CISO, RMS
    speaker photo
    CISO, Chegg
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 212

    The number of cyber startups is growing exponentially, with 4300+ cybersecurity companies worldwide including several private “unicorns”. With so many startups engaged in helping organizations achieve cybersecurity outcomes, how do organizational decision makers think about the risks involved in working with them? A panel of CXOs will share their expectations of and experiences with cybersecurity startups, including how they use solutions from startups to meet existing and emerging cybersecurity challenges.

     

    11:15 am
    [Mimecast] The Human Firewall Is on Fire: What Do You Do When the Smoke Clears?
    • session level icon
    speaker photo
    Enterprise Sales Engineer, Mimecast
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 203
    As today’s attacks have become more sophisticated, we are focused on helping organizations to improve their Cyber Resilience for Email in the Cloud by providing a comprehensive solution that goes beyond a defense-only strategy. In this session, we will discuss how to upgrade your human firewall by engaging them and supporting them with the most advanced technology available.
    Presentation Level: TECHNICAL (deeper dive including TTPs)
    11:15 am
    [Kenna Security] Use the Data, Luke! Improving Security Outcomes with Intelligence, Automation, and Awareness of Risk
    • session level icon
    speaker photo
    Head of Research , Kenna Security
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 202

    Security practitioners are forced to make millions of difficult decisions over their careers—fix this thing or that? Spend time analyzing this threat or another? Forced with an ever-evolving threat landscape, the only reasonable solution is to introduce high-quality intelligence and automation that guide decisions in our operations. But how can we do this cost-effectively and ahead of the threat, ensuring that we are covering the RIGHT problems? Join us for a deep dive into the state of the art in vulnerability management, security exposure, and threat intelligence—and ultimately, improved security operations.

    – Attendees will obtain an overview of current threats – and how they affect security teams
    – Attendees will receive information on tactics they can use to make better risk-based decisions
    – Attendees will receive details about open source tools to improve operations
    – Attendees will get an overview of state of the art decision systems based on machine learning and public datasets
    – Attendees will obtain an understanding of state of the art for risk based vuln management and security operations

    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    12:00 pm
    Advisory Council LUNCH Round Table - (VIP / Invite Only)
    • session level icon
    speaker photo
    VP, Security & Compliance, Coupa Software
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 205

    This session is for Advisory Council members only.

    12:15 pm
    [LUNCH KEYNOTE] The Top Cyber Threats for 2019 and How to Work with the FBI After a Data Breach
    • session level icon
    speaker photo
    Supervisory Special Agent, Squad CY-1, National Cyber Center, FBI San Francisco
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    This presentation will provide the FBI’s perspective on the top cyber threats for 2019, discuss data breach prevention guidelines, and describe what it will look like to work with the FBI after a security breach has occurred at your company.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    1:15 pm
    Panel: The Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 212

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
    Panelists:
    Vivek Sharma, Bizzsecure
    Dave Ruedger, RMS
    Zach Turner, Mimecast
    Poorna Udupi, Goodmoney Group
    Moderator: Rajan Kapoor, Director of Information Security, Dropbox

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
    Panelists:
    Ibrahim Al-Islam, Malwarebytes
    Mounir Hahad, Juniper Networks
    Michael Stuyt, SailPoint
    Jonathan Cran, Kenna Security
    Chad Holmes, Security Innovation
    Kurt Van Etten, RedSeal
    Moderator: Brian Koref, Sr. Director Information Security, Intaact

    1:15 pm
    [OneTrust] CCPA: 5-Step Guide to California Consumer Privacy Act Compliance
    • session level icon
    speaker photo
    Solutions Engineer, OneTrust
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 202
    With the clock ticking down until the California Consumer Privacy Act (CCPA) comes into effect on Jan. 1, 2020, many companies are struggling to understand the sweeping new privacy law, its impact on the business, and how to manage compliance across a matrix of global privacy laws. While there are still amendments to be settled before 2020, there are several few key ways to get ready for the CCPA’s privacy governance and consumer rights requirements. In this session, we’ll outline what this new law means for your business, detail what changes to expect to see before it’s put into effect, and lay out a 5-step guide to demonstrating on-going compliance the CCPA. We’ll also share findings from research conducted with the International Association of Privacy Professionals (IAPP) on how ready (or not) businesses are for the CCPA, what factors are driving compliance and how the GDPR fits into CCPA readiness.

    Presentation Level: TECHNICAL (deeper dive including TTPs)

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Networking Break — Dash for Prizes and CyberHunt winners announced
    Registration Level:
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have your badge scanned with participating exhibitors throughout the day. Past prizes have included Kindles, Bose wireless headphones, gift cards, iPads, drones, and more! *Must be present to win.

    3:00 pm
    Crisis Management: Practical Tips for Preparing for, Responding to, and Limiting Reputational and Financial Risks Associated with Data Breaches
    • session level icon
    speaker photo
    Managing Partner, Los Angeles Office, Hunton Andrews Kurth LLP
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 202

    A crisis can happen at any moment, potentially interrupting an organization’s business operations, threatening public safety, or leading to reputational and financial loss. Marriott International recently experienced a data breach that affected almost 500 million guests who had made a reservation at a Starwood property, and Yahoo suffered two record-setting breaches affecting as many as 3 billion user account worldwide.

    With practical tips from litigation counsel of what has been reported as the largest breach in history, this program will focus on how to manage the business and reputational fallout after a data breach, including practical remediation and risk management tips.

    3:00 pm
    Thoughts on Cyber Threat Hunting
    • session level icon
    speaker photo
    SVP and CISO, Ellie Mae
    speaker photo
    Security Engineer, Ellie Mae
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 212
    Cyber threat hunting has become increasingly important as companies strive to stay ahead of the latest threats. This presentation describes some of the best practices in cyber threat hunting, related innovation trends and analysis. The areas that will be covered include application, enterprise and cloud. Specific examples will be provided based on the kill-chain methodology.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    3:00 pm
    Security Awareness: How to Truly Create a Complex but Memorable Password
    • session level icon
    speaker photo
    Head of Security, Mojio
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 201
    In this session, we will discuss how to create complex passwords without using password managers or tokens. Steven will also cover how to grab and keep employee attention during security awareness training.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
Exhibitors
  • BizzSecure
    Booth: 111

    In short: We help keep you and your company out of the evening news due to your sensitive business data being compromised.

    Our Out-of-the-Box EAID (Enterprise Assessment and InfoSec Design) Solution automates your information security and compliance assessments providing results up to 10 times faster than manual methods. It gives you instant visibility into your complex security framework with little to no implementation, and it helps design and track your remediation efforts. EAID comes with over 9,300 questions to validate over 1,800 policy templates and security controls, associated with over 12 compliance regulations including NIST, HIPAA, PCI, ISO, FISMA, GDPR and many others.

  • Secure Diversity
    Booth:

    Seecure Diversity is an innovative non-profit organization with leaders that think out of the box who have created strategies & solutions in placing qualified women and underrepresented humans into cybersecurity roles. We foster gender diversity, equity, and inclusion in the cybersecurity industry through conferences, networking, mentoring, professional development, and community outreach. One of our primary goals is to raise awareness and increase the number of women and underrepresented humans in the cybersecurity workforce. Founded in 2015 by Deidre Diamond; our mission is the equal representation of women and men in the cybersecurity workforce by engaging and collaborating with organizations and businesses to improve the recruitment and retention of women; utilize marketing and social media platforms to raise awareness of women in cybersecurity careers; remove cybersecurity institutional barriers and innovate new strategies to leverage existing resources.

  • CISO Ventures
    Booth:

    Whiteboard Venture Partners is building this exclusive community to help cybersecurity startups engage/collaborate with security innovation stakeholders.

  • Cobalt
    Booth: 409

    Cobalt’s Pentest as a Service (PtaaS) platform is modernizing traditional pentesting. By combining a SaaS platform with an exclusive community of testers, we deliver the real-time insights you need to remediate risk quickly and innovate securely.

  • Code42
    Booth: 305

    Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.

  • Comodo Cybersecurity
    Booth: 101

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • CSO Council
    Booth:

    The CSO Council is a non-profit corporation that supports a community of CSOs enabling the members to leverage experience and expertise of each other for the more effective and timely protection of their organization’s critical information assets. The CSO Council organizes conferences, panel discussions, webinars and special events to facilitate communications among its members and the information security community.

  • Booth: 104
  • Darktrace
    Booth: 500

    Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.

    The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Global Cyber Alliance
    Booth:

    The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

  • HackerOne
    Booth: 409

    HackerOne is the #1 hacker-powered security platform. More than 1,400 organizations, including the U.S. Department of Defense, General Motors, Google Play, Twitter, GitHub, Nintendo, Panasonic Avionics, Qualcomm, Starbucks, and Dropbox, trust HackerOne to find critical software vulnerabilities.

  • ISC2 Silicon Valley
    Booth:
  • InfraGard San Francisco Bay Area Member Alliance
    Booth:
  • ISSA San Francisco Bay Area
    Booth:

    Whether you are exploring a career in cybersecurity, honing your technical expertise or an established security executive, the ISSA offers you a network of 10,000 colleagues worldwide to support you in managing technology risk and protecting critical information and infrastructure. Enhance your professional stature, expand your peer network and achieve your personal career goals. Your local chapter and ISSA International will provide you with a wealth of resources to keep you current with industry trends and developments in our ever-evolving field.

  • ISSA Silicon Valley
    Booth:

    The Information Systems Security Association (ISSA) is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members.

    Our chapter is comprised of over 250 Silicon Valley Information Security Staff, Consultants, Managers, Executives, and other business professionals. Our members come from Small Businesses and Fortune 100 companies. Our demographics are diverse, yet we share the common thread that we understand the criticality of Information Security as an enabler of today’s key business objectives and the improvements that will come tomorrow.

  • ISACA Silicon Valley Chapter
    Booth:

    ISACA-SV is proud to serve our Bay Area constituents. Our mission is to serve those involved with various aspects of information security, assurance, risk management, privacy, audit, and similar topics associated with IT control and governance related activities.

    The Silicon Valley Chapter of ISACA® was started in 1982, and has grown to over 800 members. Our members reside throughout the Bay Area centering in the Silicon Valley. We are a very active chapter, and have won multiple awards over the years, including two worldwide awards.

  • Jazz Networks
    Booth: 107

    Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.

  • Juniper
    Booth: 201

    Our customers don’t set out to build networks. They build on ideas that reinvent, reimagine, and improve the world around them. It makes sense that we should begin there, too.

    Through our passion for creating high-performing networks, Juniper extends knowledge, collaboration, and human advancement in industries around the world—such as energy, healthcare, education, and many others.

    While our innovative product and services portfolio evolves continuously, we need to reach farther to secure our customers’ long-term success. We’re looking beyond the horizons of today’s business challenges, and the technology future we see is built on real-time service integration. That means everything we develop must align with our vision.

  • Kenna
    Booth: 208

    Kenna was built on the premise that cyber risk must be managed as an enterprise-wide effort. We believe cyber risk can only be effectively mitigated when the whole organization works as one, focused in the same direction and on the right target.

  • Malwarebytes
    Booth: 102

    Malwarebytes secures endpoints, making workplaces resilient. Our adaptive attack protection predicts and detects attacks with multi-layer detection across the kill chain. We enable active threat response with machine learning that is actionable and automated, allowing for full recovery when a compromise occurs. We empower enterprise endpoint orchestration across siloed IT and Security organizations, simplifying security management and making responses effective. Malwarebytes makes endpoints resilient so workplaces can protect and remediate, and employees can regain control of their digital lives. Visit us at www.malwarebytes.com/business.

  • Meta Networks
    Booth: 301

    The way we work has changed dramatically in the last decade. We’re no longer sitting in an office every day, working with applications in the local data center. It’s not just that the perimeter is dissolving – security paradigms designed around the idea that users on the LAN can be trusted is dangerous.We believe it’s time to update the way we approach network access and security. It’s now possible to leverage the cloud and the internet to build a global, zero-trust private network that is agile and scalable enough for the way we do business today. With the Meta Network-as-a-Service (NaaS), you can rapidly connect user devices to applications in the data center and the cloud and secure them with a software-defined perimeter. Meta NaaS is user-centric rather than site-centric, making it the ideal solution for the network security challenges that businesses face today – from providing user-friendly remote access, to connecting cloud infrastructure, and reducing management costs.Meta Networks was founded in 2016 by a leading team of cloud, networking and security experts from companies including Stratoscale, Intel, Check Point, Oracle, Cisco, Harman, Incapsula, Ericsson, 3M and Elbit. The company is funded by the BRM Group and Vertex Ventures.

  • Mimecast
    Booth: 203

    Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.

  • OneTrust
    Booth: 403

    OneTrust is the leading and fastest growing privacy management software platform used by hundreds of organizations globally to comply with data privacy regulations across sectors and jurisdictions, including the EU GDPR and Privacy Shield.

  • OWASP Bay Area
    Booth:

    The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

  • RedSeal
    Booth: 204

    By focusing on cybersecurity fundamentals, RedSeal helps government agencies and Global 2000 companies measurably reduce their cyber risk. With RedSeal’s cyber terrain analytics platform and professional services, enterprises improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif.

  • SailPoint
    Booth: 105

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • Security Innovation
    Booth: 407

    For almost two decades, global clients have trusted Security Innovation to help them learn how to defend software applications and sensitive data from cyber-threats and attacks. We understand the challenges facing today’s enterprise, where reputation and customer trust is on the front lines. That’s why we continually work to discover and overcome the latest security threats with our Centers of Excellence, and integrate this knowledge into every training and assessment solution we deliver.

  • SecurityScorecard
    Booth: 309

    SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their third-parties through continuous, non-intrusive monitoring. SecurityScorecard’s proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Application Security, Malware, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Information.

  • Sonatype
    Booth: 202

    Every day, developers rely on millions of third party and open source building blocks – known as components – to build the software that runs our world. Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don’t have to make the tradeoff between going fast and being secure. More than 120,000 organizations use Sonatype’s Nexus solutions to support agile, Continuous Delivery, and DevOps practices globally

  • TACACS.net
    Booth: 401

    TACACS+ is a vendor-neutral Authentication, Authorization, and accounting (AAA) protocol that enables you to centralize and control administrator access to routers, switches, firewalls, load balancers, and WiFi access points. TACACS.net is the easiest and most cost efficient way to implement TACACS+ to improve your security and simplify management of your network.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tevora
    Booth: 103

    Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats. For more information visit https://www.tevora.com.com/.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Sarah Lange
    CISO, Allgress, Inc.

    Sarah has over 23 years of experience in Information Security Management, Risk Management, Third Party Oversight, and Governance in both internal and consulting roles. She is an experienced leader with a background in design, and implementation of GRC and Security programs working with technologies that enable these programs to be effective. Her project management experience includes leading onsite and outsourced teams across various industry verticals including: Financial Services, Life Sciences, and Consumer and Government programs. Sarah holds both a CISSP and CEH.

  • speaker photo
    Craig Spiezle
    Founder & President, AgeLight Advisory & Research Group

    Craig Spiezle is the founder and managing partner of AgeLight Advisory Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.

  • speaker photo
    Stephen Dougherty
    Financial Fraud Investigator, Global Investigative Operations Center, U.S. Secret Service

    Stephen Dougherty has over a decade of investigative experience. His career as a Financial Fraud Investigator in support of the federal government has played a pivotal role in criminal investigations, surrounding cyber-enabled financial crime, money laundering, human trafficking, identity theft, healthcare fraud, embezzlement, tax/government program fraud, dark web crimes, among others. Stephen’s main area of expertise is combatting money laundering in all its forms. Aside from this, Stephen has been proactive in identifying new and future trends in the world of financial crime. Such trends include the cyber security nexus of financial crimes and its ever-growing relationship in major financial crimes such as Business Email Compromise and the rise of the dark web and the use of virtual currency as a vehicle for facilitation of financial crimes. Stephen has been a leader and a mentor to other investigators teaching them how to uncover fraud internally and externally. Stephen is currently an investigator contracted to the U.S. Secret Service’s Global Investigative Operations Center (GIOC) in Washington D.C.

  • speaker photo
    Philip Cox
    VP, Security & Compliance, Coupa Software
  • speaker photo
    Kenneth Hartman
    Instructor, The SANS Institute

    Kenneth G. Hartman is a security engineering leader in Silicon Valley. Ken's motto is "I help my clients earn and maintain the trust of their customers." Ken is an Instructor for the SEC545 Cloud Security Operations course offered by the SANS Institute. Ken has worked for a variety of Cloud Service Providers in Security Architecture, Engineering, Compliance, and Security Product Management roles. From 2002-2011, Ken helped launch and lead a company called Visonex into a profitable, nation-wide dialysis-specific electronic medical record using a software-as-a-service (SaaS) business model. Ken holds a BS Electrical Engineering from Michigan Technological University and a Masters Degree in Information Security Engineering from SANS Technology Institute. Ken has earned the CISSP, as well as multiple GIAC security certifications, including the GIAC Security Expert.

  • speaker photo
    Abhijit Solanki
    Founder & Managing Director, Whiteboard Venture Partners

    Abhijit Solanki is the founder of Whiteboard Venture Partners, an early stage venture capital firm helping entrepreneurs achieve their whiteboard dreams.

  • speaker photo
    Rinki Sethi
    VP & CISO, Twitter

    Rinki Sethi is an information security executive known for change, technical and thought leadership across security and enablement disciplines. She is a veteran in the cyber security domain and throughout her career has built and matured technical security teams across security operations, product security, application security, security architecture, and security strategy within the Fortune 500 and other large enterprise including IBM, Palo Alto Networks, Intuit, eBay, Walmart.com, Rubrik, and Pacific Gas & Electric. Rinki has won many industry awards for her leadership and has built many strategic programs focused on bringing more women into technology.

  • speaker photo
    Maarten Van Horenbeeck
    CISO, Zendesk

    Maarten Van Horenbeeck is Chief Information Security Officer of Zendesk since March 2018. He has also been a Board member of the Forum of Incident Response and Security Teams (FIRST) since 2011, and is the Lead Expert to the IGF Best Practices Forum on Cybersecurity. From July 2015 to March 2018, he served as Vice President, Security Engineering for Fastly, a Content Delivery Network. He holds an MA in Information Security from Edith Cowan University in Perth, Western Australia, and an MA in International Relations from the Freie Universität Berlin.

  • speaker photo
    Kevin Paige
    CISO, Flexport

    Kevin Paige is the Chief Information Security Officer (CISO) at Flexport, provider of the Operating System for Global Trade. Prior to Flexport, Kevin was the CISO at MuleSoft, and brings over 20 years of leadership in delivering solutions and programs that optimize security, compliance and technical operations for both the private and public sectors.

  • speaker photo
    Dave Ruedger
    CISO, RMS

    Dave Ruedger is the Chief Information Security Officer for Risk Management Solutions based out of Newark, CA. RMS is a premier provider of catastrophe risk models for the insurance industry that help organizations forecast losses for hurricane, earthquake, flood, wildfire, terrorism and cyber risk in a cloud hosted SaaS environment. Dave holds CISSP and CRISC certifications and has over 25 years of experience developing and managing security programs for organizations as diverse as pre-IPO startups to large Fortune 500 enterprises. Prior to joining RMS, Dave was a co-founder of a company that provided a hosted marketing platform with full service ecommerce and data analytics capabilities to drive higher engagement and customer retention for globally distributed users in 23 languages, and he has been a strong advocate of data protection and privacy rights throughout his career.

  • speaker photo
    John Heasman
    CISO, Chegg

    John Heasman is the CISO of Chegg, the leading student-first connected learning platform where he is focused on proactive approaches to building secure software. Prior to Chegg, John was the Deputy CISO at DocuSign. He has presented at Black Hat, DEF CON, OWASP AppSec and other industry forums on a diverse range of topics from web application security through to firmware APTs. He co-authored The Shellcoder’s Handbook (2nd Ed.) and The Database Hacker’s Handbook, and he has a Master's degree from Oxford University.

  • speaker photo
    Zach Turner
    Enterprise Sales Engineer, Mimecast

    Zach joined Mimecast in 2017 as an Enterprise Sales Engineer in Denver, CO. Previously, Zach worked in the enterprise space for AirWatch by VMware, where he focused on cloud-based Mobile Device Management solutions involving mobile security, content management, and email management. Most recently, he worked for Fuze, Inc., a $1 billion UCaaS startup, based in Boston, MA. There, Zach was on the enterprise sales engineering team assigned to the southeast U.S. and focused on enterprise communications, specializing in verticals where data encryption and security were key requirements. Zach is a graduate of Brigham Young University-Idaho and is based in San Diego, CA.

  • speaker photo
    Jonathan Cran
    Head of Research , Kenna Security

    Jonathan Cran is an information security expert based in Austin, Texas. He’s a principal at the strategic consulting firm Pentestify, and founder of the the open security intelligence platform, Intrigue. His passion is security assessment, architecting systems to measure and ultimately prevent security incidents. Currently, he’s building a world-class research team at Kenna Security, working on the next generation of proactive security decision support.

  • speaker photo
    Philip Cox
    VP, Security & Compliance, Coupa Software
  • speaker photo
    Elvis M. Chan
    Supervisory Special Agent, Squad CY-1, National Cyber Center, FBI San Francisco

    Elvis Chan is a Supervisory Special Agent (SSA) assigned to FBI San Francisco. SSA Chan manages a squad responsible for investigating national security cyber matters. With 14 years in the Bureau, he is a decorated agent who is recognized within the Intelligence Community as a cyberterrorism expert. SSA Chan was the lead agent on significant cyber investigations and managed joint counterterrorism operations with domestic and foreign law enforcement agencies. Prior to joining the Bureau, SSA Chan was a process development engineer in the semiconductor industry for 12 years. He holds two U.S. patents, presents at many technical and law enforcement symposiums, and published multiple articles in technical journals.

  • speaker photo
    Ethan Sailers
    Solutions Engineer, OneTrust

    Ethan Sailers serves as a Privacy Engineer at OneTrust, the largest and most widely-used dedicated privacy management technology platform to operationalize privacy, security, and third-party risk management. In his role, he advises companies large and small on EU GDPR, California Consumer Privacy Act (CCPA), Brazil LGPD, and hundreds of the world's privacy laws, focused on formulating efficient and effective responses to data protection requirements as well as building and scaling privacy programs. Ethan is a Certified Information Privacy Professional (CIPP/E, CIPM), and earned a Bachelor of Science in Industrial and Systems Engineering from the Georgia Institute of Technology.

  • speaker photo
    Ann Marie Mortimer
    Managing Partner, Los Angeles Office, Hunton Andrews Kurth LLP

    Mortimer is the managing partner of Hunton Andrews Kurth LLP’s Los Angeles office and co-head of the firm’s commercial litigation practice. Her practice is cross-disciplinary and includes significant business and class action consumer claims litigation experience and crisis management in relation to data breach, consumer related labeling claims, and multi-party risk situations. Mortimer earned her J.D. from UC Berkeley, Boalt Hall School of Law, her M.Sc. from the London School of Economics and her A.B. from Smith College.

  • speaker photo
    Selim Aissi
    SVP and CISO, Ellie Mae

    Selim Aissi is Senior Vice President & Chief Security Officer at Ellie Mae’. He is responsible for Ellie Mae’s Security Engineering, Operations, Strategy and Information Technology Risk & Compliance. Before joining Ellie Mae, Selim was the Vice President of Global Information Security at Visa. In that role, Selim transformed Visa’s information security program into the industry leader, led critical security programs including product security innovation, and enabled global growth and datacenter expansion. He also led the definition of security technologies for protecting Visa’s data, networks, data centers, digital wallets, applications, end-point devices, and other core capabilities for corporate network as well as issuer- and consumer-facing products and services. Selim was recognized for leading company-wide Security Initiatives including ApplePay, Visa’s APAC Data Center, and Visa’s Data Protection Programs. Previously, Selim spent over 11 years at Intel where he held senior management and technology roles and championed several security technologies for Intel’s server, desktop, and mobile products. Prior to Intel, Selim held senior engineering positions at General Dynamics - Land Systems Division (M1A2 Battle Tank Vehicle Electronics), General Motors (Embedded Software Center of Excellence), and Applied Dynamics International. Selim earned his B.S., M.S., and Ph.D. engineering degrees from the University of Michigan, Ann Arbor. He is a Certified Information Systems Security Professional (CISSP), Senior Member of IEEE, and member of ACM and ISACA. He holds over 100 patents in various areas of computer and information security. Selim has been a Board Member for several Startups (BlackDuck and MagicCube), VCs (Ten Eleven Ventures, BGV), and Security Organizations & Institutions (FS-ISAC, State of California’s Cybersecurity Task Force, National Technology Security Coalition (NTSC), UC Berkeley CISO Institute, Bay Area CISO Executive Governing Body, and CISO Magazine). He co-authored the book Security for Mobile Networks and Platforms (Artech House). Selim has also been recognized for security innovation and leadership and received the CSO50 Award (2018 and 2019), Reboot Technology Leadership Award (2018), Top 100 CISOs Globally (2017) and Most Influential CISOs (2016), and Security 500 Award (2016 and 2018).

  • speaker photo
    Sudesh Gadewar
    Security Engineer, Ellie Mae

    Sudesh Gadewar is Sr Staff Security Engineer at EllieMae. Sudesh holds 10+ years of experience in security where passion is in offense and defense of security. Sudesh holds various Security Certifications which he use as attestations to his skillset. His core area of expertise is in product and application security, where he build SSLDC lifecycle, Security Automation On-Prim and Cloud. He build threat intel automation where aggregating feeds, validating, cleansing and integrate with sensors. He does spend lots of time on threats kill chain analysis. In his spare time he like to educate people, kids around security and 101 of cyber security. Sudesh presented in various conferences such as Cisco Live, DEFCON, Tech Summits, Meet up to share the best practices and new analysis around threats and information Security.

  • speaker photo
    Steven Lentz
    Head of Security, Mojio

    Steven is the Head of Security, CISSP, CIPP/US. He has presented for SC Magazine and in Las Vegas regarding Cybersecuirty and Security Awareness.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes