Click here to view registration types and pricing (PDF)
2017 Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, March 22, 2017
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast: IOT and Block Chain – (VIP / INVITE ONLY)
    • session level icon
    Advisory Council Members Only
    speaker photo
    Deputy CISO, Partners HealthCare
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: 109

    Welcome breakfast and round-table discussion.

    8:00 am
    ISSA Chapter Meeting and Guest Speaker
    • session level icon
    Presenting: Protecting the Human Point
    speaker photo
    CISO, Forcepoint
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 9:15 am
    Location / Room: 104

    8:00-8:30 Breakfast – Closed to chapter members
    8:30-9:15 Chapter Meeting – Open to all attendees

    Speaker Presentation:
    In 2016, organizations spent over 80 billion dollars in cybersecurity technology to try and improve their security outcomes. The challenge of protecting your organization is getting exponentially worse. Users are everywhere. Sensitive data can be anywhere. User behaviors can range from legitimate to not. The technology is always one step behind the threats. Instead of focusing on the technology and threats, let’s focus on the one constant in all of this noise: people. How does your sensitive Data and IP get compromised? It simply starts at the intersection of people and data – the human point. Those in your network can be content one day and malicious the next. Understanding your users’ behaviors and their intentions will help you identify threat risks before they happen.

    8:00 am
    SecureWorld PLUS Part I – Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, University of Massachusetts, President’s Office
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 110

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    8:00 am
    SecureWorld PLUS Part I – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 111

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    8:00 am
    SecureWorld PLUS Part I – Building a Successful Information Security Awareness Program
    • session level icon
    SecureWorld PLUS registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 105

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    8:30 am
    Wombat: State of the Phish: Understanding End User Behaviors Towards Phishing
    • session level icon
    speaker photo
    CTO, Wombat Security Technologies
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: 107

    Hear direct feedback from infosec professionals on the latest phishing exploits and vulnerabilities in their organizations and how they are protecting themselves and learn about the most devastating types
    of phishing emails used and how to thwart them.

    8:30 am
    Trends in Cyber Security Education
    • session level icon
    speaker photo
    Dean, Boston University Metropolitan College
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 102

    The workforce shortage of qualified cybersecurity professionals is acute and growing. But acquiring knowledge in cyber science that spans technology, law, ethics, psychology and more is an intellectual and organizational challenge. This talk discusses the educational choices of broad interdisciplinary vs. specialized programs, degrees vs. certificates, and face-to-face vs. online studies.

    8:30 am
    Security & Privacy Considerations for System Decommissioning & Hosting Migration
    • session level icon
    speaker photo
    Founder & Managing Partner, SolutionLab, LLC
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 108

    With the continued growth and trust in cloud-based infrastructure and software services, many organizations are looking to retire on-premise solutions or migrate them to the cloud. Scott will present the security and privacy oversight, planning, and monitoring required for any system decommissioning or hosting migration effort involving regulated data with a focus on data retention, system sanitization, cloud migration, continuous monitoring, regulatory compliance and leadership accountability practices.

    8:30 am
    Securonix: Big Data Security Analytics – Operational and Organizational Things to Consider
    • session level icon
    speaker photo
    CISO and Chief Security Strategist, Securonix
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: 103
    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Optiv – Have Your Cake and Eat it Too – Running a Cloud-Powered Business Without Security Compromises
    • session level icon
    speaker photo
    Senior Research Principal, Optiv
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Mark will provide seven security considerations when developing a cloud adoption strategy, as well as tips on where to initially focus when planning to regain control over cloud-based technologies after they have made their way into the enterprise.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    10:15 am
    ISACA Boston Meet & Greet
    • session level icon
    Open to All Attendees
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: 111

    Interested in your local associations? Join ISACA for a social meet & greet and chapter news.

    11:00 am
    Advisory Council Roundtable: Boardroom Buy-In Sourcing Cybersecurity – (VIP / Invite Only)
    • session level icon
    Advisory Council Members Only
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 109
    11:15 am
    baramundi Software: Automating Endpoint Management: Patching, Deployment and System Building Made Easy
    • session level icon
    speaker photo
    Executive Manager, baramundi Software USA
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 108

    With increasing demands on IT Managers, new ways for handling security and user requirements are needed. This seminar will show you how to automate your patch management, drastically simplify system building, and find out about ways to enroll software while avoiding complex repackaging procedures – inside and outside of your network.

    11:15 am
    Surviving the Siege: Medieval Lessons in Modern Security
    • session level icon
    Discover the 2017 SecureWorld Theme
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 102

    Warfare and the arts of intrusion have advanced considerably since the Middle Ages, but in many ways the principles of fortification we use today remain the same. The great castles of antiquity were ingeniously designed with multiple layers of physical security to protect their inhabitants from persistent, even advanced enemy threats. Their carefully planned and creative defensive measures provide rich metaphors, both positive and negative, for today’s cyber guardians. On the other hand, clever, daring, sometimes brilliant offensive strategies and tactics have historically breached battlements thought to be unassailable. Come join us as we examine lessons that can be applied to securing our own sophisticated digital fortresses.

    11:15 am
    Centrify: Enforcing Least Access and Least Privilege in Public and Private Clouds
    • session level icon
    A Password-Based Strategy is not Enough
    speaker photo
    Product Manager, Centrify
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 104

    Some organizations have implemented only a shared-credential strategy for privileged account management; this approach alone may not provide alignment with security regulations or security best practices. Discover Centrify's approach to PAM that focuses on the principles of least access and least privilege that can be deployed in hybrid clouds.

    11:15 am
    Radware: Cyber War Chronicles – Stories from the Virtual Trenches
    • session level icon
    speaker photo
    Systems Engineer, Radware
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 103

    2016 saw a continuation of some cybersecurity threats, as well as the emergence of some attack types and trends. Ransom attacks, political hacks, and new dynamics around the accessibility and capability of attack tools have added even more challenges to security. This session will explore some of the latest evolutions of the threat landscape, through a combination of market intelligence, real-world case studies, and direct insights from those on the front lines of cybersecurity.

    11:15 am
    Vendor Risk Management – Understanding and Managing 3rd Party Cyber Risk
    • session level icon
    speaker photo
    Technology Advisor, GE (Retired)
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 107

    Now more than ever an effective Vendor Risk Management (VRM) Program should be a pillar of any Enterprise Risk Management strategy. The Cybersecurity risks that are inherent to your organization multiply exponentially whenever you introduce external vendors. In this session learn how to effectively audit, measure and continuously monitor your 3rd parties.

    12:00 pm
    Advisory Council LUNCH Roundtable: Third Party Vendor/Supplier Security Management – (VIP / Invite Only)
    • session level icon
    Advisory Council Members Only
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 109

    Lunch will be served
    Moderator: David Dumas

    12:15 pm
    LUNCH KEYNOTE: Cisco – An Anatomy of an Attack
    • session level icon
    speaker photo
    Sr. Security Researcher, Cisco Cloud Security
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Cyber Criminals are increasingly exploiting the Internet services to build agile and resilient infrastructures, and consequently to protect themselves from being exposed and taken over. This session will explain how the correlation of Internet data on multiple levels (DNS, BGP, ASN, Prefixes/IPs) can be used to build and deliver a new model of security that is pervasive and predictive, and that allows us to expose the attackers' infrastructure. Learn how detection models that can be built and applied (such as co-occurrences, NLPRank, and Spike Detectors), and how the different detectors can be integrated to expose malicious infrastructures and advanced persistent threats.

    1:15 pm
    Panel: Hazards on the Horizon
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Just as in the days of yore, you must have watch guards in the tower scanning the horizon for enemy banners. If you follow cyber threats, then you know that the landscape is constantly changing. From the bring your own device (BYOD) workplace to mobile-malware, social engineering, and everything in between, information security has transformed. In order stay ahead of the ever-changing threats, it is imperative to constantly improve and change security policies. Join industry experts as they discuss the importance of rolling with the changes, and how your company can stop the threat before it gets to the castle gate.

    Panelists:
    Joshua Etsten, Cloud Passage
    Mark Ostrowski, Check Point Security
    Sean Carty, Qualys
    Ed Cabrera, Trend Micro
    David Remington, F5
    Mike Lipinski, Securonix
    Moderator: Dan Lohrmann

    1:15 pm
    Panel: Beware the Highwaymen: Rise of the Cyber Criminal
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 103

    Modern civilization has always been plagued by various classes of criminals. Travelers would hire guards to protect their caravans from hijackers. Thieves came up with various ploys to trick travelers on the road. In today’s day and age the advent of interconnected devices, allowing for portability of corporate secrets, has given rise to a completely different class of nefarious actors. Cyber criminals range from those bent on stealing your personal information to “cyber terrorists” who have the capability to inflict harm on a much wider scale. Uninhibited by current laws, they are very effective given the speeds of networks, lack of appropriate security controls, and the anonymous nature of the attacker. Making matters worse, the crime may be perpetrated by entities outside of the legal jurisdiction where the unlawful act took place. This panel will explore the tools these criminals use, what can be done to prevent them, and how to safeguard your data.

    Mark Bloom, Sumo Logic
    Dave Klein, GuardiCore
    Ron Winward, Radware
    Jimmy Nguyen, HPE Software
    Israel Aloni, Empow Cybersecurity
    Daniel Katz, Anomali
    Moderator: Larry Wilson

    1:15 pm
    LogRhythm: Arming SecOps Warriors: Detect, Respond, Neutralize
    • session level icon
    Understanding the Elements of a Unified Approach to Threat Life Cycle Management
    speaker photo
    Director, Sales Engineering, LogRhythm
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 104

    The days of layered, prevention-centric security strategies are behind us. Motivated and well-funded cyber criminals, organizations, and nation states have proven that traditional strategies are futile. Cyber threats are growing, are a daily challenge for our SecOps organizations, and require a new integrated approach to detection and response. Effective Threat Lifecycle Management (TLM) is the key to technology-enabling efficient workflow that optimally aligns SecOps efforts around key performance metrics. Learn how technologies such as Log Management, SIEM, User/Entity Behavioral Analytics, Endpoint and Network Forensics, and Security Automation and Orchestration can be incorporated to provide a single optimally efficient workflow to improve your ability to detect, respond, and neutralize threats.

    1:15 pm
    Rapid7: Brothers in Arms – Pen Testing & Incident Detection
    • session level icon
    speaker photo
    Solutions Mgr., Incident Detection & Response, Rapid7
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 108

    It’s challenging to build out your Incident Detection & Response program when you’re wading in tedious, often false-positive alerts. Join Eric Sun to learn findings from Rapid7’s Pen Test research and see how orgs are combining detection technologies to find intruders earlier in the attack chain.

    2:15 pm
    (ISC)2 Meet and Greet
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: 104

    Open to all attendees

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Trend Micro: Cloud Security Essentials / Cyber Risk & Resiliency in the Enterprise
    • session level icon
    speaker photo
    Chief Cybersecurity Officer, Trend Micro
    speaker photo
    Vice President Global Hybrid Cloud Security, Trend Micro
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 108

    Carlos Gonzalez will discuss security challenges faced in cloud migration such as visibility, agility, purchasing and compliance as well as the “shared security responsibility” where organizations are responsible for their workload security. Ed Cabrera, Chief Cybersecurity Officer and former CISO of the US Secret Service, will discuss cyber risk and resiliency in the Enterprise.

    3:00 pm
    Application / System Security Development Life Cycle
    • session level icon
    Check List and Business Discussion Points
    speaker photo
    Director Information Security / Information Security Officer, Verscend
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 107

    ADLC / SDLC should and needs to have security stage gates and requirements built in so that all processes have information protection in mind from the beginning. This will show the simple things and requirements that need to be built in the life cycle processes, which can apply to projects.

    3:00 pm
    Win Win Conversations, Pwn Your Career
    • session level icon
    speaker photo
    Founder and CEO, #brainbabe
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 102

    Effective communication is necessary for high productivity, career advancement, feeling valued in the workplace and having fun while we work. With job attrition rates at an all-time high, the win/win communication skill set is more valuable than ever. This talk offers the framework to pwn your career.

    3:00 pm
    Panel: Manage the Damage
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 103

    In the old days it didn’t take a lot to eventually take the castle. Smart commanders would hole up just outside the defenders range of attack and starve out the enemy while digging a tunnel under the castle walls. It was only a matter of time. Today it is more important than ever for companies to have plans in place to reduce damages, recovery time, and costs, in case of a siege. Join our experts as they discuss challenges security teams face, tools and proven initiatives, and guidance in creating a program that will work for your organization.

    Panelists:
    Daniel Allen, Gigamon
    Larry Cote, Netscout
    Chris Sullivan, Core Security
    Moderator: Tom Hart

    3:00 pm
    SecureWorld PLUS Part II – Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, University of Massachusetts, President’s Office
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 110

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    3:00 pm
    SecureWorld PLUS Part II – Big Data and IoT: Wonderful, Terrible, Inevitable
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    3:00 pm - 4:30 pm
    Location / Room: 111

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    3:00 pm
    SecureWorld PLUS Part II – Building a Successful Information Security Awareness Program
    • session level icon
    SecureWorld PLUS registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 105

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    3:45 pm
    #brainbabe Mixer – Open to All Attendees
    • session level icon
    Meet the founder and members of #brainbabe
    speaker photo
    Founder and CEO, #brainbabe
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 4:30 pm
    Location / Room: 102
    3:30 pm
    Optiv Reception
    • session level icon
    Join Optiv and Partners for Happy Hour!
    Registration Level:
    • session level iconOpen Sessions
    3:30 pm - 6:00 pm
    Location / Room: Town Stove and Spirits (First Floor)

    Join your peers for complimentary hors d'oeuvres and cocktails following the first day of SecureWorld. Register here: https://live.optiv.com/profile/form/index.cfm?PKformID=0x16075f5b9

    Towne Stove and Spirits (First Floor)
    900 Boylston Street | Boston, MA 02115

  • Thursday, March 23, 2017
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part III – Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, University of Massachusetts, President’s Office
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 110

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    8:00 am
    SecureWorld PLUS Part III – Big Data and IoT: Wonderful, Terrible, Inevitable
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    8:00 am - 9:30 am
    Location / Room: 111

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    8:00 am
    SecureWorld PLUS Part III – Building a Successful Information Security Awareness Program
    • session level icon
    SecureWorld PLUS registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 105

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful tool kits are covered.

    8:00 am
    InfraGard Boston Chapter Meeting
    • session level icon
    speaker photo
    Legal and Consulting Services, Former Senior Counsel at the National Security Agency
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 9:15 am
    Location / Room: Keynote Theater

    Join InfraGard for their chapter meeting.
    8:00-8:15 InfraGard Networking & Breakfast
    8:15-8:30 Boston FBI SAC Harold H. Shaw
    8:30 - 9:15 Chapter Meeting - Speaker Joel Brenner

    8:30 am
    IoT and Blockchain in Healthcare
    • session level icon
    speaker photo
    Deputy CISO, Partners HealthCare
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 103

    Tens of billions of connected devices will form the smart homes, cities and user experience of the future. The "Internet of Things" is a rich opportunity for IT Leaders but also presents some headaches, particularly when we think of medical and consumer devices in Healthcare. Hear the unique perspective from one of the nations largest healthcare providers on how they plan to step up to the challenge and how one notorious upstart technology, the "Blockchain", can potentially benefit the "Smart Hospital."

    8:30 am
    Using Public Cloud Platforms to Increase Enterprise Security
    • session level icon
    speaker photo
    CTO, Finomial
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: 104

    AWS and Microsoft Azure are the dominant public cloud platforms – but are they secure enough for your enterprise? The facts may surprise you! We’ll consider security services, compliance, scale, economics, and advanced capabilities you’ll wish you had in your enterprise. While still imperfect, you’ll leave appreciating why cloud security features are making adoption irresistible.

    8:30 am
    Data Breach Digest – Perspective is Reality
    • session level icon
    speaker photo
    Digital Forensics Investigator, Verizon RISK Team
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 108

    Data breaches are complex affairs. Response activities are proportionately complex involving various stakeholders with slightly different perspectives. This presentation covers the 2017 "Data Breach Digest – Perspective is Reality"; a compendium of data breach scenarios told from different stakeholder points of view covering their decisions, actions and crucial lessons learned.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Technology as a Complement, Not as a Substitute
    • session level icon
    speaker photo
    Cyber Security Strategic Partnerships Director, Humana
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    As our daily lives become more integrated with technology, we need to ensure we do not become so dependent to the point of losing our ability to think and communicate without it.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable: Getting Traction on Your Risk Initiative – (VIP / Invite Only)
    • session level icon
    Advisory Council Members Only
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 109

    Moderator: Brendan Campbell

    11:15 am
    RSA: Bridging the Gap of Grief with Business Driven Security
    • session level icon
    Strategies for bridging the silos between security inclusion, security exclusion and risk management.
    speaker photo
    Sr. Consultant, Solutions Marketing, RSA
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 102

    As the threat of cyber attacks rises to first among risks that Boards of Directors want closely managed, the gap between the technical language of IT security and business metrics only widening. It's time for Business-Driven Security.

    11:15 am
    Cisco: Stories of the Bad Within the Good – Illuminating Threats Deep Within a Network
    • session level icon
    speaker photo
    Systems Engineering Manager, Cisco
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 104

    Cisco Security expert Jeff Moncrief has identified zero day and insider threats within dozens of organizations leveraging netflow analysis and network behavioral anomaly detection.  

    11:15 am
    Cloud and Outsourcing, Oh No
    • session level icon
    speaker photo
    Director Information Security / Information Security Officer, Verscend
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 108

    Everyone does some sort of outsourcing or using the cloud. Do you have the necessary requirements and third party programs built and implemented? Many companies continue to “Oops, I forgot” or “Oops, I didn’t think about that.” What are basic items that need to be in place BEFORE you contract.

    11:15 am
    U.S. National Airspace Systems of Systems: A Useful Strategic Model for Internet Security Management?
    • session level icon
    speaker photo
    InfoSec Protagonist, Act 1 Security, (ISC)² , (ISC)² Eastern Chapter, HIMSS
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 103

    In the 1920's, as more planes took to U.S. skyways, our national air space (NAS) traffic control model evolved: from individual aircraft - to individual airline - to today’s centralized, coordination and control approach. Can today's organization-by-organization approach for Internet communications security leverage the NAS management model?

    11:15 am
    GuidePoint: The Path to Strategic Application Security
    • session level icon
    speaker photo
    Managing Security Consultant - Application Security, GuidePoint Security
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 107

    Application Security is a critical function of any business that develops any of their own software. As we’ve seen in recent reports and studies, attacks against applications are a significant risk and are on the rise. Having a Strategic Application Security program as part of any business’s overall security program is becoming more and more important. We will discuss, how organizations are similar but have different Application Security needs, Application Security trends, Strategic Application Security and what it entails, and Application Security challenges we face. Attendees will leave with an understanding of Strategic Application Security and the steps an organization can take to begin to strategize and implement an Application Security program of their own.

    12:00 pm
    Advisory Council LUNCH Roundtable: Growing the Future Cybersecurity Workforce – (VIP / Invite Only)
    • session level icon
    Advisory Council Members Only
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 109

    Lunch Served
    Moderator: Peter Kurek

    12:15 pm
    LUNCH KEYNOTE: Radware – The Current Economics of Cyber Attacks
    • session level icon
    speaker photo
    Security Evangelist, Radware
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Often we discuss the changing threat landscape from a pure technical or vulnerability picture, however this does an injustice to element of ease, cost and access to attacks. This presentation will provide attendees with the an up-to-date picture of the rapidly changing landscape of attack tools and services, the buying criteria, and locations for the tools and ease of use. In addition, the presentation will provide an understanding of how the combination of the proliferation of these tools and their corresponding use has dramatically changed the dynamics of the return on defense strategies. This presentation will provide unique insight into the world of the Darknet, specific customer attack stories, new economic models of measuring security deployments, and a refreshed look at how controls should be deployed going forward.

    1:15 pm
    Panel: Close the Front Gate: Identify all Travelers
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    One of the first lines of defense for a castle was the front gate or portcullis. When the need arose, they would simply close the gate and stop everyone from entering. Castle guards would stop each traveler and determine their identity and if they were a threat before letting them in. Sort of like today’s network access control and firewalls. Identity or the perception of one’s identity was all that mattered and a smart spy or thief would gain access to the castle with only minor delays. Our experts will discuss your options for defending your castle.

    Panelists:
    Jonathan Lange, baramundi
    John McGovern, ExtraHop
    Matt Hathaway, Rapid7
    Mike Kiser, SailPoint
    Robertson Pimentel, Centrify
    Daniel Katz, Anomali
    Moderator: Jim Cusson

    1:15 pm
    Panel: The Court Jester Has the Crown Jewels (Ransomware)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 103

    Way back in the day if you wanted to get someone to bend to your will you could just kidnap the princess or steal the Crown Jewels. Kingdoms would do just about anything to get these things back. It was probably a bit easier to grab the princess and leave a note with your demands. The exchange of coin for the princess was a risky maneuver but worth the reward if you escaped. Now it just takes one foolish click to become a victim of ransomware. Sadly, they are not easily caught when you make the trade with bitcoin. This panel will talk about the current schemes happening with ransomware and how you can try to keep the Crown Jewels safe.

    Panelists:
    Israel Barak, Cybereason
    Tom Pace, Cylance
    Trevor Hawthorn, Wombat
    Andrew Pozhogin, Kaspersky
    Scott Donnelly, Recorded Future
    Moderator: Ans Claiborn, StateStreet

    1:15 pm
    Aruba: Adaptive Trust in a Mobile and IoT World
    • session level icon
    speaker photo
    Director of ClearPass Sales East, HPE Aruba
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm
    Location / Room: 104

    The explosion and entry points of connected devices has increased the need for greater visibility and enforceable security policy in today’s enterprise networks. The rise of mobile devices, the cloud, and IoT has eroded the historical security perimeter. This discussion will walk through how context based policy enforcement can deliver a security trust model which adapts to meet today’s security needs. It will also touch on the rise of User and Entity Behavior Analytics (UEBA) to provide continuous and consistent monitoring and alerting of insider threats. The conversation will then provide a brief overview of Aruba’s ClearPass access control and policy management platform, and the recent acquisition of the UEBA platform Niara – and how they can work together to provide an integrated defense strategy for both insider threats as well as the “new perimeter” of today’s networks.

    1:15 pm
    Sumo Logic: Advanced Security Analytics – Detect, Respond, Comply
    • session level icon
    speaker photo
    Director of Product Marketing, Security & Compliance, Sumo Logic
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm
    Location / Room: 108

    Advanced security analytics reduces noise and operational intelligence to help security professionals address the tsunami of data of today's modern applications.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    The Principals of Persuasion (POP) utilized in Social Engineering Leading to Your Moments of Misery and Vulnerability (MOVE) or Moments of Mitigation (MOM)
    • session level icon
    speaker photo
    Principal Advisor, NSA, ISSA, ISACA, FCI
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 102

    Empowered with the principles of persuasion, white hats can help everyone in an organization create innumerable moments of mitigation (MOM). More importantly, fluency with the use of principals of persuasion utilized by black hats will empower you to stay ahead of their nefarious intent.
    Questions we will answer:

    • What are the primary persuasion methods utilized for good and evil in social engineering?

    • What are your organization’s Moments of Truth (MOT) that result in mitigation and maintained security or breach?

    • How do you leverage MOM and POP to influence and empower ALL members of your organization and significantly mitigate attacks and reduce risk?

    3:00 pm
    Introduction into the World of Windows Forensics
    • session level icon
    speaker photo
    Director of Cyber Security Operations, Massachusetts Advanced Secure Technologies
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 103

    This course will provide an introduction into The World of Windows Forensics. The attendee will learn how to obtain and analyze digital information for possible use as evidence in civil, criminal or administrative cases. Topics: computer forensics law, volatile memory & hard drive analysis, using freeware and other inexpensive options.

    3:00 pm
    Ransomware Response – Rejecting the Threat
    • session level icon
    speaker photo
    Executive Consultant, CGI
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 104

    Ransomware is among the hottest topics in the list of cybersecurity concerns for 2017. Chasing after ransomware components requires constant attention and often yields results that are inconclusive or too late. This session will focus on the protection from the harm threatened by a ransomware attack.

    3:00 pm
    Rethinking Network Security With a Software-Defined Perimeter
    • session level icon
    speaker photo
    Co-Chair for the Cloud Security Alliance
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 108

    Traditional network security is failing us. This session introduces a new, open network security model, the Software-Defined Perimeter. This architecture, published by the Cloud Security Alliance, verifies and secures all user access to network resources, improving security and compliance for both on-premises and cloud environments.

Exhibitors
  • ACP – Greater Boston
    Booth: 214

    ACP is a professional organization that provides a forum for the exchange of information and experiences for business continuity leaders. We serve the greater Boston area, including Rhode Island and southern New Hampshire. Meetings are held on the second Wednesday of every month (except July & August). We invite you to attend our next meeting.

  • Alert Logic
    Booth: 213

    Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.

  • Anomali
    Booth: 203

    Anomali delivers earlier detection and identification of adversaries in your organizations network by making it possible to correlate tens of millions of threat indicators against your real time network activity logs and up to a year or more of forensic log data. Anomali’s approach enables detection at every point along the kill chain, making it possible to mitigate threats before material damage to your organization has occurred.

  • Arbor Networks
    Booth: 328

    Arbor Networks is the leading provider of network security and management solutions for enterprise and service provider networks. Arbor Networks protects enterprises from distributed denial of service attacks and advanced malware using Arbor’s global network intelligence. Arbor's proven solutions help grow and protect customer networks, businesses and brands.

  • Arctic Wolf
    Booth: 702

    Arctic Wolf redefines the economics of security with a turnkey SOC-as-a-service that deploys in minutes. Concierge Security Engineers use the AWN Platform to provide insights into your security to answer the question, “Am I safe?” We lead the industry in making security simple, actionable and affordable for mid-market companies.

  • ARMA
    Booth: TBD

    ARMA International is a not-for-profit organization representing the RIM profession. Its primary purpose is the advancement of the profession and the professional through advocacy, education and professional development.

    ARMA International members include records and information managers, MIS and ADP professionals, imaging specialists, archivists, hospital administrators, legal administrators, librarians, corporate counsel, compliance professionals, and educators. ARMA, its chapters, and its members are dedicated to helping individuals, organizations, and government agencies successfully meet the challenges of the increasingly complex records and information management field.

  • Aruba
    Booth: 420

    Mobile, IoT, and cloud are disrupting traditional businesses and declaring new winners. We are building smarter networks that are insightful and predictable to accelerate the transition. Infrastructure services are offered as software from the public or private cloud, enabling secure connectivity for mobile and IoT — under one roof.

  • ASIS
    Booth: TBD

    ASIS International, with more than 32,000 members, is the preeminent international organization for professionals responsible for security, including managers and directors of security. In addition, corporate executives and other management personnel, as well as consultants, architects, attorneys, and federal, state, and local law enforcement, are becoming involved with ASIS to better understand the constant changes in security issues and solutions.

  • Attivo
    Booth: 104

    Attivo is an award-winning leader in deception for inside-the-network real-time threat detection and incident response for the networks, data centers, cloud, ICS-SCADA and IoT infrastructure.

  • Avecto
    Booth: 505

    Avecto’s award-winning Defendpoint software uniquely combines privilege management, application control and content isolation to protect every endpoint in your business. It stops malware that isn’t yet known to the antivirus vendors from executing, so that your data is protected from the latest threats.

  • baramundi software USA, Inc.
    Booth: 409

    baramundi software USA, Inc. provides companies and organizations with efficient, secure, and cross-platform management of workstation environments. Around the world, over 2,000 customers of all sizes and from every sector benefit from the independent German manufacturer's many years of experience and outstanding products. These are compiled into an integrated, future-orientated unified endpoint management approach in the baramundi Management Suite: endpoint management, mobile device management, and endpoint security are provided via a shared interface, using a single database, and according to global standards.

  • Big Switch Networks
    Booth: 706

    Big Switch Networks was founded in 2010, with roots in the original Stanford research team that invented software-defined Networking (SDN), and the company is widely considered one of the original pioneers of SDN. In 2013 the company made available its first commercial product, Big Monitoring Fabric™ for network visibility and security and in 2014 the company released Big Cloud Fabric™, a hyperscale-inspired data center switching fabric. While data center switching and network monitoring is a primary area of focus, both solutions break down the silos in the data center with open APIs and programmable SDN fabrics, facilitating integration and automation that spans servers and storage to help customers around the world realize the benefits of a truly software-defined data center.

  • Binary Defense Systems
    Booth: 110

    BDS is a company that works with you to understand your environment, what you have and building defenses to combat what we face today and for the attacks of tomorrow. Technology is continuously changing, businesses change every day – in order to keep up with the changes, BDS has created an extensively flexible yet highly accurate way of detecting attackers. We are attackers, and we know the best ways in detecting how attackers breach your network. An added bonus with BDS – continual penetration tests are performed regularly to enhance and develop additional safeguards. We are here to defend, protect and secure your company.

  • Bitglass
    Booth: 614

    Your company's move to the cloud delivers flexibility and cost savings, but that doesn't mean you should lose control of your data. Bitglass' Cloud Access Security Broker (CASB) solution enables your enterprise to adopt cloud apps while ensuring data security and regulatory compliance. Bitglass secures your data in the cloud, at access, on any device.

    Bitglass was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.

  • BitSight Technologies
    Booth: 102

    BitSight Technologies is transforming how companies manage information security risk with objective, evidence-based security ratings. The company's Security Rating Platform continuously analyzes vast amounts of external data on security behaviors in order to help organizations manage third party risk, benchmark performance, and assess and negotiate cyber insurance premiums.For more information, please visit www.bitsighttech.com or follow us on Twitter (@BitSight)

  • #brainbabe
    Booth: 708

    #brainbabe is directly impacting three statistics: 10% of the cyber security workforce is women, 1% of the cyber community are women leaders 53% of women end up leaving the industry.
    1) Classroom training for women who want to join the cyber security profession.
    2) Providing soft skills training to all cyber security professionals, enabling effective and harmonious interactions with team members in any environment.
    3) Raising awareness about the numerous careers in cyber security for girls and women.

  • Carbon Black
    Booth: 118

    Carbon Black is the market leader in next-generation endpoint security. The company expects that by the end of 2015 it will achieve $70M+ in annual revenue, 70 percent growth, 7 million+ software licenses sold, almost 2,000 customers worldwide, partnerships with 60+ leading managed security service providers and incident response companies, and integrations with 30+ leading security technology providers. Carbon Black was voted Best Endpoint Protection by security professionals in the SANS Institute’s Best of 2014 Awards, and a 2015 SANS survey found that Carbon Black is being used or evaluated by 68 percent of IR professionals. Companies of all sizes and industries—including more than 25 of the Fortune 100—use Carbon Black to increase security and compliance.

  • Centrify
    Booth: 408

    Centrify provides unified identity management across data center, cloud and mobile environments. Centrify software and cloud-based Identity-as-a-Service (IDaaS) solutions leverage an organization’s existing identity infrastructure to enable single sign-on, multi-factor authentication, privileged identity management, auditing for compliance and mobile device management.
    Centrify customers can typically reduce their total cost of identity management and compliance by more than 50 percent.

  • Check Point Security
    Booth: 512, 102, 405

    Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. We are committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.

  • Cisco
    Booth: 406

    As a provider of integrated, interoperable safety and security products and services, Cisco is helping to solve some of today?s toughest societal and business challenges. Governments, partners, and private institutions worldwide are using Cisco solutions to increase citizen safety and coordinate rapid responses to emergencies, while maximizing their technology investments.

  • Citrix
    Booth: 320

    At Citrix, we focus on a single driving principle: making the world’s apps and data secure and easy to access. Anywhere. At any time. And on any device or network.
    We believe that technology should be a great liberator. Freeing organizations to push the limits of productivity and innovation. Empowering people to work anywhere and at anytime. And giving IT the peace of mind that critical systems will always be accessible and secure.
    That’s why, at Citrix, our mission is to power a world where people, organizations, and things are securely connected and accessible. A place where all business is digital business. A world where our customers are empowered to make the extraordinary possible. We will accomplish this by building the world’s best integrated technology services for secure delivery of apps and data ⎯ anytime, anywhere.

  • Cloud Passage
    Booth: 416

    CloudPassage® Halo® is the world’s leading agile security platform that provides instant visibility and continuous protection for servers in any combination of data centers, private clouds and public clouds. Halo uses minimal system resources; so layered security can be deployed right at every workload – servers, instances and containers.

  • Core Security
    Booth: 604

    Enterprises are responsible for securing and managing access to corporate data and ensuring availability of enterprise applications and services at all times. Core Security offers threat-aware identity, access, authentication and vulnerability management solutions to help identity, security, and risk teams control access, reduce risk, and maintain continuous compliance.

    Our solutions provide actionable intelligence and context needed to manage identity access and security risk across the enterprise. By combining real-time insight into identity analytics with prioritized infrastructure vulnerabilities, organizations receive a more comprehensive view of their security posture. Organizations gain context and intelligence through analytics to make more informed, prioritized, and better security remediation decisions. This allows them to more rapidly and accurately identify, validate and proactively stop unauthorized access and defend against security threats.

  • Cloud Security Alliance (CSA)
    Booth: TBD

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • CrowdStrike
    Booth: 314

    CrowdStrike was founded in 2011 to fix a fundamental problem: The sophisticated attacks that were forcing the world’s leading businesses into the headlines could not be solved with existing malware-based defenses. Co-founders George Kurtz and Dmitri Alperovitch realized that a brand new approach was needed — one that combines the most advanced endpoint protection with expert intelligence to pinpoint the adversaries perpetrating the attacks, not just the malware.

  • Cybereason
    Booth: 308

    Cybereason was founded in 2012 by a team of ex-military cybersecurity experts with the mission of detecting and responding to complex cyber-attacks in real time. Cybereason is the only Endpoint Detection and Response platform deployed in user space that detects both known and unknown attacks and connects isolated indicators of compromise to form a complete, contextual attack story. Cybereason's behavioral analytics engine continuously hunts for adversaries and reveals the timeline, root cause, adversarial activity, related communication and affected endpoints and users of every attack. Cybereason provides security teams with actionable data, enabling fast decision making and proper response.

  • Cylance
    Booth: 313

    Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.

  • Cyphort
    Booth: 305

    Cyphort is the next generation APT defense solution for the enterprise. Cyphort provides a single pane of glass across perimeter and laterally moving threats, correlates threat signals before and after an incident while eliminating noise from false alerts and red herrings.

  • Darktrace
    Booth: 218

    Named ‘Technology Pioneer’ by the World Economic Forum, Darktrace is one of the world’s leading cyber threat defense companies. Its Enterprise Immune System technology detects previously unidentified threats in real time, powered by machine learning and mathematics developed at the University of Cambridge, which analyze the behavior of every device, user and network within an organization. Some of the world’s largest corporations rely on Darktrace’s self-learning appliance across many industries. The company was founded in 2013 by leading machine learning specialists and government intelligence experts, and is headquartered in Cambridge, UK and San Francisco, including 18 offices across the globe.

  • DirectDefense
    Booth: 217

    Founded in 2011, DirectDefense offers security services that are unmatched within the industry. Our core strength is our deep experience in performing assessments for a wide array of networks, platforms, and applications. Our seasoned consultants are focused on providing world-class security services to our clients.

    Regardless of industry – financial, insurance, retail, hospitality, healthcare, education, gaming, technology, or energy and utilities, our wealth of knowledge and experience can assist you in achieving your security testing and strategy goals.

  • EC-Council
    Booth: TBD

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • empow
    Booth: 315

    We’ve been fighting attackers for years; now, we’ve started empow because the traditional, uncoordinated approach of siloed security solutions is fundamentally flawed. empow radically up-ends these by creating a smart, abstracted security language that sits on top - and orchestrates - your existing tools and solutions, by breaking them into primary Security ParticlesTM, which are then reassembled to deploy a new security apparatus for each individual attack, turning what you have into what you need.

  • Exabeam
    Booth: 704

    The Exabeam Security Intelligence Platform provides organizations of all sizes with end-to-end detection, analytics, and response capabilities from a single security management and operations platform. Exabeam SIP includes Exabeam Log Manager, a modern log management system, built on top of ElasticSearch to provide unlimited data ingestion at a predictable, cost effective price. Exabeam SIP detects complex, multi-stage threats using the analytics capabilities of Exabeam Advanced Analytics; the world's most deployed User and Entity Behavior Analytics (UEBA) solution. Finally, Exabeam SIP improves incident response efficiency with Exabeam Incident Responder, an API based security orchestration and automation solution.

  • ExtraHop
    Booth: 515

    ExtraHop is a force multiplier for IT teams struggling with increasing complexity. With the ExtraHop platform, organizations can regain control over the security and performance of their applications and infrastructure, and capitalize on their data analytics opportunity to improve business operations and results. Learn more at www.extrahop.com

  • F5
    Booth: 502

    F5 provides solutions for an application world. F5 helps organizations seamlessly scale cloud, data center, telecommunications, and software defined networking (SDN) deployments to successfully deliver applications and services to anyone, anywhere, at any time. F5 solutions broaden the reach of IT through an open, extensible framework and a rich partner ecosystem of leading technology and orchestration vendors. This approach lets customers pursue the infrastructure model that best fits their needs over time. The world’s largest businesses, service providers, government entities, and consumer brands rely on F5 to stay ahead of cloud, security, and mobility trends

  • FactorChain
    Booth: 102

    We’ve invented an incident response acceleration system that breaks open persistent bottlenecks in security operations - FactorChain delivers the speed demanded for continuous defense at scale.

  • Fidelis Cybersecurity
    Booth: 710

    Fidelis Cybersecurity protects the world’s most sensitive data by equipping organizations to detect, investigate and stop advanced cyber attacks. Our products, services and proprietary threat intelligence enable customers to proactively face advanced threats and prevent data theft with immediate detection, monitoring and response capabilities. With our Fidelis Network and Fidelis Endpoint, customers can get one step ahead of any attacker before a major breach hits. To learn more about Fidelis Cybersecurity, please visit www.fidelissecurity.com and follow us on Twitter @FidelisCyber

  • Flexera Software
    Booth: 613

    Flexera Software is the leading provider of next-generation software licensing, compliance, security and installation solutions for application producers and enterprises. Our next-generation software licensing, compliance and installation solutions are essential to ensure continuous licensing compliance, optimized software investments and to future-proof businesses against the risks and costs of constantly changing technology.

  • Forcepoint
    Booth: 510

    Forcepoint safeguards users, data and networks against the most determined adversaries, from insider threats to outside attackers, across the threat lifecycle – in the cloud, on the road, in the office. It simplifies compliance and enables better decision-making for more efficient remediation, empowering organizations to focus on what’s most important to them.

  • ForeScout Technologies, Inc.
    Booth: 215

    ForeScout Technologies, Inc. offers Global 2000 enterprises and government organizations the unique ability to see networked devices, including non-traditional devices, control them, and orchestrate information sharing and operation among disparate security tools. As of January 2016, more than 2,000 customers in over 60 countries improve their network security and compliance posture with ForeScout solutions.

  • Foresite
    Booth: 102

    Foresite is a global service provider, delivering a range of managed security and consulting solutions designed to help our clients meet their information security and compliance objectives. In the face of increasingly persistent cyber-threats, Foresite’s solutions empower organizations with vigilance and expertise to proactively identify, respond to, and remediate cyber-attacks and breaches where they occur.

    Our team of industry veterans work as an extension of our clients’ staff, providing peace of mind while securing their most important assets. For more information, visit us at http://foresite.com or contact us at info@foresite.com.

  • Fortinet
    Booth: 104

    We provide top-rated network and content security, as well as secure access products that share intelligence and work together to form a cooperative fabric. Our unique security fabric combines Security Processors, an intuitive operating system, and applied threat intelligence to give you proven security, exceptional performance, and better visibility and control--while providing easier administration.
    Our flagship enterprise firewall platform, FortiGate, is available in a wide range of sizes and form factors to fit any environment, and provides a broad array of next generation security and networking functions.

  • Gemalto
    Booth: 617

    SafeNet and Gemalto have joined forces to create the worldwide leader in enterprise and banking security from core data protection to secure access at the edge of the network. Together, we protect more data, transactions, and identities than any other company, delivering security services that are used by more than 30,000 businesses and two billion people in more than 190 countries around the world. We support 3,000 financial institutions and secure more than 80% of the world’s intra-bank fund transfers, and protect the world’s leading software applications.

  • Gigamon
    Booth: 618

    Gigamon (NYSE: GIMO) provides active visibility into physical and virtual network traffic, enabling stronger security and superior performance. Gigamon’s Visibility Fabric™ and GigaSECURE®, the industry’s first Security Delivery Platform, deliver advanced intelligence so that security, network, and application performance management solutions in enterprise, government, and service provider networks operate more efficiently. As data volumes and network speeds grow and threats become more sophisticated, tools are increasingly overburdened. One hundred percent visibility is imperative. Gigamon is installed in more than three-quarters of the Fortune 100, more than half of the Fortune 500, and seven of the 10 largest service providers.

  • GuardiCore
    Booth: 514

    GuardiCore is specially designed for today’s software-defined and virtualized data centers and clouds, providing unparalleled visibility, active breach detection and real-time response. Its lightweight architecture scales easily to support the performance requirements of high traffic data center environments. A unique combination of threat deception, process-level visibility, semantics-based analysis and automated response engages, investigates and then thwarts confirmed attacks with pin-point accuracy.

  • GuidePoint Security LLC
    Booth: 118

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com.

  • HP
    Booth: 718

    Our vision is to create technology that makes life better for everyone, everywhere — every person, every organization, and every community around the globe. This motivates us — inspires us — to do what we do. To make what we make. To invent, and to reinvent. To engineer experiences that amaze. We won’t stop pushing ahead, because you won’t stop pushing ahead. You’re reinventing how you work. How you play. How you live. With our technology, you’ll reinvent your world.

    This is our calling. This is a new HP.

  • HTCIA
    Booth: TBD

    Investigators on the Leading Edge of Technology

    The High Technology Crime Investigation Association (HTCIA) was formed to provide education and collaboration to our global members for the prevention and investigation of high tech crimes. As such, we are an organization that aspires to help all those in the high technology field by providing extensive information, education, collective partnerships, mutual member benefits, astute board leadership and professional management. Association Mission: Provide education and collaboration to our global members for the prevention and investigation of high tech crimes.

  • HUB Tech
    Booth: 205

    HUB Tech partners with its clients becoming part of their support team. We work beside you to ensure you have a strategy that allows you to transform your Information infrastructure to keep up with the needs of your organization and your users. We have developed proprietary tools and strategies that have enabled us to lower cost and increase the quality of service to our client base, especially to state agencies, municipalities and school districts, where cost is a deciding factor in everyday decision making.

    Our mission is simple – to take full ownership for all that we do, to protect those who trust in us, and to make lifelong clients from every customer contact.

  • IBM
    Booth: 511, 102

    Digital is the wires, but digital intelligence, or artificial intelligence as some people call it, is about much more than that. This next decade is about how you combine those and become a cognitive business. It’s the dawn of a new era.

  • IBM Resilient
    Booth: 303

    IBM Resilient’s mission is to help organizations thrive in the face of any cyberattack or business crisis. The industry’s leading Incident Response Platform (IRP) empowers security teams to analyze, respond to, and mitigate incidents faster, more intelligently, and more efficiently. The Resilient IRP is the industry’s only complete IR orchestration and automation platform, enabling teams to integrate and align people, processes, and technologies into a single incident response hub. With Resilient, security teams can have best-in-class response capabilities. IBM Resilient has more than 150 global customers, including 50 of the Fortune 500, and hundreds of partners globally. Learn more at www.resilientsystems.com.

  • Institute of Internal Auditors (IIA)
    Booth: TBD

    Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession's global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.

  • InfraGard
    Booth: 212

    InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of individuals, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.

    The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.

  • Integration Partners
    Booth: 104

    We know and understand you have options when choosing the right partner. Networking technology alone isn’t a differentiator, it’s how we do business with you. We’ve curated the best solutions not just to support IT needs, but to support your business strategy. Our culture is one that influences the customer experience. We never stop improving, and so we will never let you fall behind. From this simple and often overlooked practice, we believe the greatest customer relationships come from our mutual and shared strategies. Now just think… WHAT’S POSSIBLE.

  • IntraSystems
    Booth: 320

    Since 1996, IntraSystems has empowered companies to deliver secure, on-demand access….anytime, anywhere. By assisting in the design, installation, security, and maintenance of networked technologies, IntraSystems enables corporations to focus on business growth while utilizing new technologies to enhance corporate productivity. Recommending, customizing, and implementing IT configurations form the backbone of our key strengths. It’s an approach that works well in everyday situations — and it’s precisely what drives our success.

  • IOvations
    Booth: 302

    IOvation provides innovative enterprise Security, Network, and Storage IT solutions and professional services that enable our clients to achieve optimal results.

    With over 25 years of deep Security, Network, and Storage domain experience, you can count on IOvation for trusted advice, real-time response, and superior service.

  • ISACA
    Booth: 215

    As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

  • (ISC)2
    Booth: 210

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation - The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • ISSA New England
    Booth: 208

    The Information Systems Security Association (ISSA) is an international organization providing educational forums, publications, and peer interaction opportunities that enhance the knowledge, skills, and professional growth of its members' information security professionals. The primary goal of ISSA is to promote management practices that will ensure availability, integrity, and confidentiality of organizational resources.

    Since its inception in 1982, ISSA's membership has grown to include more than 100 chapters around the world with members who represent a diverse collection of organizations, including major U.S. and international corporations, leading consulting firms, world-class educational institutions, and government agencies. From EDP audit and corporate security to contingency planning and disaster recovery, ISSA members are committed to protecting their organizations' assets and resources.

    Visit the National Headquarter's website at www.issa.org.

  • Ixia
    Booth: 712

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks.
    Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Kaspersky Lab
    Booth: 106

    In 1999, Kaspersky Lab was the first company to introduce integrated antivirus software for workstations, file servers and application servers running on Linux/FreeBSD operating systems. Today, the company offers a whole range of effective corporate security solutions for the most popular operating systems specifically designed for different types of businesses. The company?s product range covers all of the main information security requirements that businesses and large state organizations have to adhere to, including: excellent protection levels, adaptability to changing circumstances, scalability, compatibility with different platforms, high performance, high fault tolerance, ease of use and high value.

    One of the primary advantages of Kaspersky Lab?s corporate range is the easy, centralized management provided by Kaspersky Security Center that extends to the entire network regardless of the number and type of platforms used.

  • LightCyber
    Booth: 217

    Stop Attackers in their Tracks: How to Incorporate Smart Detection Strategies

    If an attacker was on your network would you know? How long would the breach go undetected? Statistics show that attackers can remain hidden on a network up to 200 days before being detected, and cause untold damage in that time period. And while it’s accepted that perimeter defenses cannot provide 100% protection against attacker’s technology that lets you find attackers quickly and efficiently has been a challenge.

    LightCyber delivers on the promise of just that. Accurate, efficient detection of attackers after they have breached your network, providing you clarity about the attacker from network intelligence combined with added context detailing using our ability to access critical device data. Combined together, LightCyber lets you quickly zero in on the exact device accessed by the attacker, which allows fast remediation to stop damage before it happens.

  • LogRhythm
    Booth: 503

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • Menlo Security
    Booth: 118

    The Menlo Security approach delivers 100% safety via isolation — stopping the never-ending search for risky content, while delivering a seamless end-user experience. Deployed in a public or private cloud, the Menlo Security Isolation Platform reduces security complexity and increases scale by eliminating end-point software and out-dated appliances.

  • NEDRIX
    Booth: TBD

    We are professionals in the public and private sector with an interest in emergency response, crisis management, business continuity, or disaster recovery. Experience levels range from novices in the industry to experts with over 35 years experience. NEDRIX itself is a not-for-profit organization staffed entirely by volunteers.
    NEDRIX membership provides you with real time notifications based on the states you subscribe to, as well as with industry news, events, trends, conferences, networking, and more!

  • Netanium
    Booth: 102

    At Netanium, we don’t have full-time teachers. Instead, all of our classes are led by engineers who possess both exceptional technical skill and a strong capacity to teach – with the certifications to back up both. When not in the classroom, our engineers are out using and working with the products they teach. This gives us the up-to-date, applicable, real-world experience that you can only get by working in the field.

  • NETSCOUT
    Booth: 317

    NETSCOUT nGenius packet flow switches provide security visibility by optimizing the flow of traffic from the network to security systems. These appliances collect and organize packet flows—creating a unified packet plane that logically separates the network layer from the security systems. Our customers use packet flow switches to optimize and scale out their cyber security deployments, so that they can spend less time in adding, testing and managing their security systems.

  • ObserveIT
    Booth: 216

    ObserveIT is a lightweight endpoint solution that empowers organizations to precisely identify and proactively protect against malicious and negligent behavior of everyday users, privileged users and remote vendors. We significantly reduce security incidents by changing user behavior through real-time education and deterrence coupled with full-screen video capture of security policy violations. This cuts investigation time from days sifting through logs to minutes of playing back video. ObserveIT is trusted by over 1,400 customers in 87 countries across all verticals.

  • Okta
    Booth: 508

    Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

  • Optiv
    Booth: 506

    Optiv is the largest holistic pure-play cyber security solutions provider in North America. Our diverse and talented employees are committed to helping businesses, governments and educational institutions plan, build and run successful security programs through the right combination of products, services and solutions related to security program strategy, enterprise risk and consulting, threat and vulnerability management, enterprise incident management, security architecture and implementation, training, identity and access management, and managed security.

    Created in 2015 as a result of the Accuvant and FishNet Security merger, Optiv has served more than 12,000 clients of various sizes across multiple industries, offers an extensive geographic footprint, and has premium partnerships with more than 300 of the leading security product manufacturers.

  • Palo Alto Networks
    Booth: 509

    Palo Alto Networks™ is the network security company. Its next-generation firewalls enable unprecedented visibility and granular policy control of applications and content – by user, not just IP address – at up to 20Gbps with no performance degradation. Based on patent-pending App-ID™ technology, Palo Alto Networks firewalls accurately identify and control applications – regardless of port, protocol, evasive tactic or SSL encryption – and scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. Most recently, Palo Alto Networks has enabled enterprises to extend this same network security to remote users with the release of GlobalProtect™ and to combat targeted malware with its WildFire™ service. For more information, visit www.paloaltonetworks.com.

  • Proofpoint
    Booth: 316

    Proofpoint secures and improves enterprise email infrastructure with solutions for email security, archiving, encryption and data loss prevention. Proofpoint solutions defend against spam and viruses, prevent leaks of confidential and private information, encrypt sensitive emails and archive messages for retention, e-discovery and easier mailbox management. Proofpoint solutions can be deployed on-demand (SaaS), on-premises (appliance) or in a hybrid architecture for maximum flexibility and scalability. For more information, please visit http://www.proofpoint.com.

  • Qualys, Inc.
    Booth: 309

    Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The Qualys Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA). For more information, please visit www.qualys.com.

  • Radware
    Booth: 411

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware's solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • Rapid7
    Booth: 402

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • Recorded Future
    Booth: 306

    Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.

  • Red River
    Booth: 304

    Red River’s Security Practice has nearly 20 years of experience helping federal and enterprise customers strengthen their security stance with strategically-integrated data- and network-centric physical and cyber security solutions designed to protect critical assets, enable situational awareness and simplify security management. We not only hold the coveted Cisco Master Security Specialization, but our highly-certified experts use a balanced approach that blends leading-edge technology, systems, policies and proven processes to deliver secure, effective solutions that offer complete protection and long-term value to our customers.

  • RedSeal
    Booth: 209

    At RedSeal, our vision is to become the essential analytics and decision-making platform for building digitally resilient organizations people can trust.

    We do this by becoming the measure by which every organization can quantify its digital resilience.

    As thought leaders on resilience, we envision every organization starting the security discussion with the question “What’s our Digital Resilience Score?”

    Founded in 2004, RedSeal is headquartered in Sunnyvale, California.

  • RSA Security
    Booth: 516, 118

    Business-Driven Security™ solutions for a complex world
    More than 30,000 customers worldwide—including nearly half the global Fortune 500—rely on RSA Business-Driven Security™ solutions for cyber threat detection and response, identity and access management, online fraud prevention, and business risk management solutions. Armed with the industry’s most powerful tools, enterprises can better focus on growth, innovation and transformation in today’s volatile business environment.

  • SecureAuth
    Booth: 612

    SecureAuth enables companies to determine identities with absolute confidence. Whether you're seeking to continuously secure employee,
    customer or partner access, SecureAuth's flexible and adaptive platform makes everything fast, frictionless and pain-free. Guaranteed.

  • SailPoint
    Booth: 602

    In 2005, Mark and Kevin set out to create a new type of company – one that promised to provide innovative solutions to business problems and an exciting, collaborative work environment for identity rock stars. Together, we’re redefining identity’s place in the security ecosystem.

    We love taking on new challenges that seem daunting to others. We hold ourselves to the highest standards, and deliver upon our promises to our customers. We bring out the best in each other, and we’re having a lot of fun along the way.

  • Securonix
    Booth: 415

    Securonix radically transforms enterprise security with actionable intelligence. Our purpose-built security analytics platform mines, enriches, analyzes, scores and visualizes data into actionable intelligence on the highest risk threats to organizations. Using signature-less anomaly detection techniques, Securonix detects data security, insider threat and fraud attacks automatically and accurately. Visit www.securonix.com.

  • SIM
    Booth: 417

    At the Boston Chapter of SIM, we provide leading information technology executives, consultants, and academics with a place to share ideas. Our collaborative community shares best practices, trends and lessons learned for you: the person that is responsible for shaping and influencing the future of IT and IT management.

    Our goal is to provide you with access to a robust community of the area’s top IT leaders so you can exchange ideas, share best practices, and stimulate your mind. As a senior-level IT profession providing both strategic and tactical direction to your division on a daily basis, you need someplace to turn for advice, answers, and guidance, too.

  • Skybox Security
    Booth: 513

    Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.

  • Sumo Logic
    Booth: 112

    Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world.

  • TechTarget
    Booth: TBD

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tenable
    Booth: 312

    Tenable Network Security transforms security technology for the business needs of tomorrow through comprehensive solutions that provide continuous visibility and critical context, enabling decisive actions to protect your organization. Tenable eliminates blind spots, prioritizes threats, and reduces exposure and loss. With more than one million users and more than 20,000 enterprise customers worldwide, organizations trust Tenable for proven security innovation. Tenable's customers range from Fortune Global 500 companies, to the U.S. Department of Defense, to mid-sized and small businesses in all sectors, including finance, government, healthcare, higher education, retail and energy. Transform security with Tenable, the creators of Nessus and leaders in continuous monitoring.

  • Thales e-Security
    Booth: 504

    Thales e-Security is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales e-Security is part of Thales Group.

  • Trend Micro
    Booth: 413

    As a global leader in cloud security, Trend Micro develops Internet content security and threat management solutions that make the world safe for businesses and consumers to exchange digital information. With more than 20 years of experience, we're recognized as the market leader in server security for delivering top-ranked client, server, and cloud-based security solutions that stop threats faster and protect data in physical, virtualized, and cloud environments.

  • Tripwire
    Booth: 616

    Tripwire Enterprise is a security configuration management suite whose Policy Management, Integrity Management, and Remediation Management capabilities stand alone or work together as a comprehensive, tightly integrated SCM solution. Along with Tripwire Configuration Compliance Manager, Tripwire can address the range of enterprise systems that can be monitored with an agent or agentlessly.

  • TrustedSec
    Booth: 110

    Our #1 priority is you, our customer. We believe in our services and our quality of them. We truly care about each and every organization as much as you do. Our team is highly talented, skilled, senior, and not a commodity service like other INFOSEC consulting companies. TrustedSec’s model is to staff with only senior level resources and the highest quality of information security consulting. Our brand, reputation, and quality is how we have established ourselves in this industry and with the mindset of “always doing the right thing”. When we work with our customers, it’s more than “just another engagement” – it’s establishing an understanding with an organization, and working to make them better.

  • Varonis
    Booth: 118

    Varonis is the foremost innovator and solution provider of comprehensive, actionable data governance solutions for unstructured and semi-structured data with over 4000 installations spanning leading firms in financial services, government, healthcare, energy, media, education, manufacturing and technology worldwide. Based on patented technology, Varonis' solutions give organizations total visibility and control over their data, ensuring that only the right users have access to the right data at all times.

  • Venafi
    Booth: 118

    Venafi secures and protects keys and certificates so they can’t be used by bad guys in cyber attacks. Criminals want to gain trusted status and go undetected. This makes keys and certificates a prime target. Criminals steal and compromise keys and certificates that are not properly protected, and use them to circumvent security controls. This has become the attack of choice. As a Gartner-recognized Cool Vendor, Venafi delivered the first trust protection platform to secure cryptographic keys and digital certificates that businesses and governments depend on for secure communications, commerce, computing, and mobility. Venafi finds all keys and certificates and puts them under surveillance to detect anomalies. Vulnerable keys and certificates are fixed to prevent attack. Ongoing remediation is performed automatically. Venafi strengthens defenses of today’s critical security controls.

  • WatchGuard
    Booth: 422

    Seattle-based WatchGuard has deployed nearly a million of its integrated, multi-function threat management appliances worldwide, to businesses that range from SMEs to large distributed enterprises. Recognizing an unmet need for a security solution that addresses the rapidly evolving threat landscape, WatchGuard architected its high-throughput, highly scalable, and flexible Fireware® operating system to form the backbone of its products. This platform yields dramatically higher performance at a much lower cost than competitors in environments where multiple security engines are enabled.

  • Wombat Security Technologies
    Booth: 404

    Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS cyber security education solution includes a platform of integrated broad assessments, and a library of simulated attacks and brief interactive training modules, to reduce employee susceptibility to attack, even phishing attacks, over 80%.

  • Zensar
    Booth: 405

    Zensar is a leading digital solutions and technology services company that specializes in partnering with global organizations across industries on their Digital Transformation journey. Zensar empowers customers to develop strategies to adhere to comprehensive security frameworks while implementing security solutions to meet industry practices and compliance requirements.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Esmond Kane
    Deputy CISO, Partners HealthCare

    Esmond Kane is the Deputy Chief Information Security Officer in the Partners HealthCare Information Security and Privacy Office. In this role, Esmond is responsible for the operational component of the "Lighthouse" program, a radical transformation in Partners approach to security and privacy risk management. Prior to Partners, Esmond spent 10 years helping to guide improvements in IT delivery and information security in various roles in Harvard University. Prior to Harvard, Esmond spent 10 years in several roles and industries including KPMG and BIDMC. In his spare time, Esmond likes to fret about spare time and annoy people who read bios…

  • speaker photo
    David Barton
    CISO, Forcepoint

    David Barton is the Chief Information Security Officer for Forcepoint, responsible for securing the company and sharing key learnings with customers. Barton brings to his role more than 20 years of experience in security leadership across a variety of sectors, including telecommunications, healthcare, software development, finance and government. Prior to joining the company in 2015, he spent three years as the Head of Information Security at Hireright, where he was responsible for securing the company’s information and physical assets on a global scale. Barton holds an MBA from the University of Missouri – Kansas City and a bachelor’s degree in Management Information Systems from Simpson College. He is also a Certified Information Systems Security Professional (CISSP).

  • speaker photo
    Larry Wilson
    CISO, University of Massachusetts, President’s Office

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Trevor Hawthorn
    CTO, Wombat Security Technologies

    Trevor joined the Wombat team in October 2015 with the acquisition of ThreatSim , where he was co-founder and CTO. Trevor has a technical and hands-on background, with over eighteen years of information security experience in both consulting and enterprise security across a wide-range of industries. Besides being a regular presenter to the FBI NIPC classes at Quantico, VA, he has held positions at Earthlink, UUNET, and Cybertrust.

  • speaker photo
    Tanya Zlateva
    Dean, Boston University Metropolitan College

    Tanya Zlateva is the Dean of Boston University’s Metropolitan College and founding director of the Center for Reliable Information Systems and Cyber Security. She spearheaded the development of cybersecurity programs both face-to-face and online. She holds a Ph.D. in computer science and pursues research in cybersecurity, educational technologies, and privacy.

  • speaker photo
    Scott Margolis
    Founder & Managing Partner, SolutionLab, LLC

    Scott Margolis leads the Commonwealth of Massachusetts, Health Exchange Security & Privacy Compliance program comprised of State Agencies and IT Service Providers, established to meet the Centers for Medicare & Medicaid (CMS) and Internal Revenue Service (IRS) mandated Certification & Accreditation requirements necessary to operate a State-Based Health Insurance Exchange under the Patient Protection and Affordable Care Act (ACA) of 2010. Mr. Margolis has more than 25 years of information technology, security governance, and regulatory compliance experience as an entrepreneur, senior leader and consultant. He has worked across the healthcare continuum having worked for payer, consulting and product organizations. He has successfully managed information technology and security organizations, led large consulting initiatives in both the public and private sectors, and developed products for the commercial marketplace.

  • speaker photo
    Michael Lipinski
    CISO and Chief Security Strategist, Securonix

    Michael J. Lipinski is CISO and chief security strategist at Securonix. He has over 28 years of experience in risk and information security, digital forensic investigations including HR interrogation, legal process support and testimony. Lipinski has helped organizations of all sizes design, build and run risk, IT governance and information security programs. He has held IT executive roles in the end user space and numerous roles in IT hardware and software organizations.

    Lipinski spent the last 8 years serving as CISO of an acquisition driven, rapidly growing marketing services and business process outsourcer. He was responsible for the development of the information security, risk, IT governance, IT CERT and insider threat programs. Prior to his role as CISO, Lipinski consulted for 15 plus years in the information security, risk and business continuity space, helping large organizations in diverse industries solve their risk and information security challenges.

    Lipinski has started and owned several IT and IT security companies. He created a new, disruptive technology that defends organizations from insider threats and took to market a patented set of insider threat focused risk analysis tools that detect unauthorized network communications from large data sources such as network flow, firewall and IDS/IPS systems.

  • speaker photo
    Mark Arnold
    Senior Research Principal, Optiv

    Mark Arnold brings more than 20 years of technical and leadership experience to his role as a senior
    research principal for solutions research and development at Optiv. Arnold develops strategy deliverables
    and frameworks to help industry verticals mature and grow efficient security programs.

    Prior to joining Optiv, Arnold was responsible for building and maintaining vulnerability management programs and security engineering at Thermo Fisher Scientific and TJX, both Fortune 200 companies.
    Under Arnold’s leadership, TJX formed its advanced threats team. Previously, Arnold served as regional
    security architect at Computershare, where he was responsible for building the company’s application
    security practice. He also worked as a security architect at @stake, which was acquired by Symantec in 2004.
    Arnold most recently held the role of director of information security at PTC.

    Arnold holds several industry certifications including the Certified Information Systems Security
    Professional (CISSP) from ISC2 and a Certified Information Security Management (CISM) from ISACA.
    Arnold holds an A.M. and Ph.D. from Harvard University in Comparative Semitics where he was a Harvard
    Teaching Fellow. Arnold has a bachelor’s degree in electrical engineering from Stanford University and
    earned a graduate degree from Princeton Theological Seminary.

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Jonathan Lange
    Executive Manager, baramundi Software USA

    Jonathan Lange is responsible for Sales in the US market. Having advised customers in various countries from small businesses to global enterprises, he is well aware of the challenges IT departments face today in order to keep their infrastructure up-to-date, safe and efficient. Specialized on efficient methods for endpoint management, he has an in-depth knowledge of the baramundi Management Suite and how it can benefit IT departments.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Robertson Pimentel
    Product Manager, Centrify

    Robertson Pimentel is a product manager and evangelist at Centrify Corporation. He has held security-related positions at Ford Motor Company and Intel Corporation. His focus is primarily in Centrify Server Suite and Privilege Service and his goal is to balance product capability and operational efficiency.

  • speaker photo
    Steven Dougherty
    Systems Engineer, Radware
  • speaker photo
    Tom Stumpek
    Technology Advisor, GE (Retired)

    Tom Stumpek spent over 20 years with the General Electric Company in various IT leadership positions including C-level positions (CISO, CTO, CIO) in the financial services, insurance, manufacturing and corporate sectors. Recently Tom has presented at several executive IT events on technology strategy, enterprise risk, innovation and leading a culture of change.

  • speaker photo
    Brad Antoniewicz
    Sr. Security Researcher, Cisco Cloud Security

    Brad Antoniewicz works in Cisco Umbrella’s security research group. He is an Adjunct Professor teaching Vulnerability Analysis and Exploitation and a Hacker in Residence at NYU’s Tandon School of Engineering. Antoniewicz is also a Contributing Author to both the Hacking Exposed and Hacking Exposed: Wireless series of books.

  • speaker photo
    Michael Dalgleish
    Director, Sales Engineering, LogRhythm

    Michael Dalgleish is a Director of Sales Engineering at LogRhythm, where he has built a team of security professionals who are growing strategic relationships with the partner community. Michael is an industry veteran, spending the last 15 years deeply entrenched in the network and security world. When not on the road evangelizing security intelligence and SIEM, Mr. Dalgleish spends a majority of his time researching the latest attack vectors, kill chains and advanced evasion techniques.

  • speaker photo
    Eric Sun
    Solutions Mgr., Incident Detection & Response, Rapid7

    As a solutions manager for Rapid7’s Incident Detection & Response offerings, Eric works closely with Metasploit, their penetration testers, and managed SOC to help security teams model their programs after the intruder attack chain. Eric brings a layer of behavior analytics and risk management from his many years in Asia as a professional poker player.

  • speaker photo
    Ed Cabrera
    Chief Cybersecurity Officer, Trend Micro

    Eduardo Cabrera is responsible for analyzing emerging cyber threats to develop innovative and resilient enterprise risk management strategies for Fortune 500 clients and strategic partners. Before joining Trend Micro, he was a 20-year veteran and former CISO of the United States Secret Service.

  • speaker photo
    Carlos Gonzales
    Vice President Global Hybrid Cloud Security, Trend Micro

    Carlos has over 20 years of expertise in enterprise software and infrastructure. Prior to joining Trend Micro, Mr. Gonzalez was a Sr. Sales Director at Oracle, responsible for sales and services of Oracle’s Cloud Computing and security initiatives for Latin America.

  • speaker photo
    Sandy Bacik
    Director Information Security / Information Security Officer, Verscend

    Sandy Bacik, former VF Corp, Global Risk Assessment Manager and author, has many years direct development, implementation, and management information security experience in the areas of audit, DR/BCP, incident investigation, physical security, privacy, compliance, policies/procedures, and data center operations. She has developed enterprise-wide security conscious culture through information assurance programs.

  • speaker photo
    Deidre Diamond
    Founder and CEO, #brainbabe

    Deidre Diamond is the Founder of #brainbabe (brainbabe.org) and ICMCP Strategic Board Member. Deidre was previously the CEO of Percussion Software, the first VP of Sales at Rapid7 (NYSE:RPD) and the VP of Sales at Motion Recruitment.

  • speaker photo
    Larry Wilson
    CISO, University of Massachusetts, President’s Office

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Deidre Diamond
    Founder and CEO, #brainbabe

    Deidre Diamond is the Founder of #brainbabe (brainbabe.org) and ICMCP Strategic Board Member. Deidre was previously the CEO of Percussion Software, the first VP of Sales at Rapid7 (NYSE:RPD) and the VP of Sales at Motion Recruitment.

  • speaker photo
    Larry Wilson
    CISO, University of Massachusetts, President’s Office

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Joel Brenner
    Legal and Consulting Services, Former Senior Counsel at the National Security Agency

    Joel F. Brenner specializes in cyber and physical security, data protection and privacy, intelligence law, the administration of classified information and facilities, and the regulation of sensitive cross-border transactions. He has represented companies and individuals in a wide variety of transactions and proceedings including sensitive foreign acquisitions involving the Committee on Foreign Investment in the U.S. (CFIUS), the law governing network operations, the liability of foreign governments, export controls, and internal corporate and government investigations. He has years of experience inside and outside government involving national and homeland security.

    Joel was Senior Counsel at the National Security Agency, advising Agency leadership on the public-private effort to create better security for the Internet. From 2006 until mid-2009, he was the head of U.S. counterintelligence under the Director of National Intelligence and was responsible for integrating the counterintelligence activities of the 17 departments and agencies with intelligence authorities, including the FBI and CIA and elements of the Departments of Defense, Energy, and Homeland Security. From 2002 – 2006, Joel was NSA’s Inspector General, responsible for that agency’s top-secret internal audits and investigations. He has also served as a prosecutor in the Justice Department’s Antitrust Division and has extensive trial and arbitration experience in private practice.

  • speaker photo
    Esmond Kane
    Deputy CISO, Partners HealthCare

    Esmond Kane is the Deputy Chief Information Security Officer in the Partners HealthCare Information Security and Privacy Office. In this role, Esmond is responsible for the operational component of the "Lighthouse" program, a radical transformation in Partners approach to security and privacy risk management. Prior to Partners, Esmond spent 10 years helping to guide improvements in IT delivery and information security in various roles in Harvard University. Prior to Harvard, Esmond spent 10 years in several roles and industries including KPMG and BIDMC. In his spare time, Esmond likes to fret about spare time and annoy people who read bios…

  • speaker photo
    Bill Wilder
    CTO, Finomial

    Bill Wilder is a cloud computing veteran and CTO at Finomial, providing SaaS solutions to the global hedge fund industry from the public cloud. Bill is recognized by Microsoft as a 7-time Azure MVP awardee for his cloud expertise and community leadership. Bill is the author of Cloud Architecture Patterns (O’Reilly Media, 2012).

  • speaker photo
    Joshua Costa
    Digital Forensics Investigator, Verizon RISK Team

    Joshua is a Senior Investigative Response Consultant for the Verizon RISK Team. In this capacity, Joshua responds to an array of cybersecurity incidents, performs forensic examinations, and assists organizations in implementing IR policies and procedures. Prior to Verizon, Josh worked in various consulting roles where he performed digital forensic investigations in corporation.

  • speaker photo
    Sheri Donahue
    Cyber Security Strategic Partnerships Director, Humana

    Sheri Donahue spent 20 years as a civilian Navy engineer, most recently as Program Manager for Security & Intelligence (Indian Head Division). She is President-Emeritus of InfraGard National where she served on the national board for 11 years. Currently, she is the Cyber Security Strategic Partnerships Director for Humana.

  • speaker photo
    Peter Beardmore
    Sr. Consultant, Solutions Marketing, RSA

    Peter Beardmore has nearly two decades of IT, security, and software marketing and business development experience. He began his career as a Signal Corps Officer in the U.S. Army. Prior to joining RSA to help lead messaging and solutions development, Peter led product marketing at Kaspersky Lab.

  • speaker photo
    Jeff Moncrief
    Systems Engineering Manager, Cisco

    Jeff Moncrief is a Systems Engineering Manager at Cisco. Jeff has over 17 years of Information Security Industry experience, holding leadership roles in Support, Sales Engineering and Pre/Post-Sales Technical Account Management.  Jeff’s specializations include compliance, vulnerability management, incident response and security architecture.  

  • speaker photo
    Sandy Bacik
    Director Information Security / Information Security Officer, Verscend

    Sandy Bacik, former VF Corp, Global Risk Assessment Manager and author, has many years direct development, implementation, and management information security experience in the areas of audit, DR/BCP, incident investigation, physical security, privacy, compliance, policies/procedures, and data center operations. She has developed enterprise-wide security conscious culture through information assurance programs.

  • speaker photo
    Dan Walsh
    InfoSec Protagonist, Act 1 Security, (ISC)² , (ISC)² Eastern Chapter, HIMSS

    Dan Walsh, MBA, CISSP
    Act 1 Security founder & principal protagonist, consulting on the information security challenges facing the healthcare, public, and retail sectors.
    • Commonwealth of Massachusetts’ Chief Security Officer (2006-2011)
    • Information Security Officer - South Shore Hospital
    • Information Systems Security Architect - Partners Healthcare System
    Information Security Programs design and implementation
    Enterprise information systems risk management & assessment strategies

  • speaker photo
    David Bressler
    Managing Security Consultant - Application Security, GuidePoint Security

    David is a Managing Consultant at GuidePoint Security within the Application Security Team. David has broad-based experience managing and conducting application penetration testing, source code review, application architecture review, network penetration testing, digital and physical social-engineering assessments, dating back to 2008. David manages a team of Application Security consultants and focuses on team operations, mentoring, optimizing delivery of assessments, and oversees all assessments his team delivers. David’s experience includes developing numerous open-source security tools and Paterva Maltego open-source intelligence integrations. David holds the Offensive Security Certified Professional (OSCP) and Microsoft Certified Systems Administrator (MCSA) certifications, as well as several COMPTIA certifications, including the Security+, Network+, and A+.

  • speaker photo
    Ron Winward
    Security Evangelist, Radware

    Ron Winward is a Security Evangelist for Radware, where he helps execute the company’s thought leadership on today’s security threat landscape. Ron brings nearly 20 years of experience in the Internet service provider space, most recently as Director of Network Engineering for a global infrastructure and colocation provider. With an expertise in network architectures and DDoS mitigation, Ron has helped design solutions for carriers, enterprises, and cybersecurity service providers around the world.

  • speaker photo
    Pete Ryan
    Director of ClearPass Sales East, HPE Aruba

    Pete Ryan is a sales professional with over 25 years of experience in building and leading motivated sales teams in the networking and networking security industry. He accepted his current position as ClearPass Sales Director for the East for Aruba HPE in 2013. In this role, he is responsible for strategy, promotion and sales execution on the East Coast for ClearPass, HPE Aruba’s access control and policy management platform.
    Prior to HPE Aruba, Pete managed account teams for Avaya’s largest Global Accounts, was Northeast regional director for Alcatel-Lucent, and has held sales positions for IBM, Foundry Networks, and FORE Systems. Pete has a proven track record of engaging with some of the largest and most complex Global Financial accounts in the New York region, but has also supported Healthcare, Education, and general Enterprise accounts in the Northeast.

  • speaker photo
    Mark Bloom
    Director of Product Marketing, Security & Compliance, Sumo Logic

    Mark Bloom has more than 15 years of experience in sales, marketing and business development across financial services and high tech industries. His previous roles include Cisco, Compuware, SonicWall/Dell, Trend Micro and more.

  • speaker photo
    Michael Horsch Fizz
    Principal Advisor, NSA, ISSA, ISACA, FCI

    With more than 20 years of experience, Michael brings an in-depth understanding of currently available solutions empowering clients to achieve operational excellence. Over his career, Michael has delivered over three thousand consultations to technology and financial organizations.

  • speaker photo
    Gene Kingsley
    Director of Cyber Security Operations, Massachusetts Advanced Secure Technologies

    Gene Kingsley, Director of Security Operations Center where he leads his team to help protect the clients of Massachusetts Advanced Security Technologies.

    Gene has 20 years of experience in Information Management and Security having worked in Higher Ed and the Finance Industry. GCFE, BS in CJ, MS CIM, ITIL Foundations.

  • speaker photo
    Michael Corby
    Executive Consultant, CGI

    Mr. Corby has more than 40 years in IT strategy, operations, development and security. He is the founder of (ISC)², Inc. the organization that established the CISSP security professional credential. A frequent Secureworld speaker and author, he was CIO for a division of Ashland Oil and for Bain & Company.

  • speaker photo
    Jason Garbis
    Co-Chair for the Cloud Security Alliance

    Jason Garbis, CISSP, is a leader of the Software-Defined Perimeter working group at the Cloud Security Alliance. He’s Vice President of Products for Cryptzone, responsible for product strategy and product management. He has over 25 years of experience at technology vendors, including roles in engineering, professional services, and product management.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store