- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, July 15, 20208:00 amExecutive Roundtable [VIP invite only]Topic to be announcedRegistration Level:
8:00 am - 8:45 am
- VIP / Exclusive
This session is for Advisory Council members only.8:30 amExhibit Floor OpenRegistration Level:
8:30 am - 9:00 amLocation / Room: Exhibitor Floor
- Open Sessions
This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!9:00 am[Opening Keynote] Exposing The Dark Overlord: An Inside Look at the Journey that Led to the Identification of Cyber TerroristsRegistration Level:
9:00 am - 9:45 am
- Open Sessions
The Dark Overlord is considered to be one of the world’s most well-known hacking groups because of its unwillingness to discriminate in the selection of its victims. The group has made millions attacking and extorting hundreds of organizations, ranging from small medical facilities to mega fortune companies like Netflix and Disney. The group’s continued escalation of cyber terrorism and violence eventually led to the closure of over 30 school districts in the U.S. for an entire week, and the publishing of a stolen insurance video of a man’s death in a construction site accident. Based on my book, “Hunting Cyber Criminals,” this talk will present the investigative tools and techniques that led to the identification of the group’s core members.9:45 amNetworking BreakVisit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.Registration Level:
9:45 am - 10:00 amLocation / Room: Exhibitor Floor10:00 am[OneTrust] Vendor Risk Management: Overcoming Today’s Most Common ChallengesRegistration Level:
- Open Sessions
10:00 am - 10:30 am
- Open Sessions
Managing vendor risk before, during and after procurement is a continuous challenge that organizations of all sizes face. While outsourcing operations to vendors can alleviate business challenges, managing the associated risk with manual tools like spreadsheets is complex and time consuming. To streamline this process, organizations must put procedures in place to ensure that sufficient vendor security safeguards are in place. In this session, we’ll breakdown a practical approach for automating vendor risk management, as well as offer real-world practical advice to help you on your journey to developing a mature third-party risk management program.
Presentation Level: GENERAL (InfoSec best practices, trends, solutions)10:00 am[Panel Discussion] What Our Security Team Learned During COVID-19Registration Level:
10:00 am - 10:30 amLocation / Room: 103
- Open Sessions
This panel features honest dialogue about securing an organization through the pandemic, so far. What changed at an organizational level that required security to pivot? What kind of immediate impacts did the security team face and how were those overcome? How did security maintain adequate communication and controls in the midst of this rapid change? What are the greatest lessons for security coming out of COVID-19? Where do we go from here?10:30 amNetworking BreakVisit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.Registration Level:
10:30 am - 10:45 am10:45 am[Darktrace] Offensive AI vs. Defensive AI: Battle of the AlgorithmsRegistration Level:
- Open Sessions
10:45 am - 11:15 am
- Open Sessions
Among rapidly evolving technological advancements, the emergence of AI-enhanced malware is making cyber-attacks exponentially more dangerous and harder to identify. In the near future, we will begin to see supercharged, AI-powered cyber-attacks leveraged at scale. To protect against Offensive AI attacks, organizations are turning to defensive cyber AI, which can identify and neutralize emerging malicious activity, no matter when, or where, it strikes.
In this session, learn about:
- Paradigm shifts in the cyber landscape
- Advancements in offensive AI attack techniques
- The Immune System Approach to cyber security and defensive, Autonomous Response capabilities
- Real-world examples of emerging threats that were stopped with Cyber AI
GENERAL (InfoSec best practices, trends, solutions, etc.)10:45 amLeveraging Culture to Optimize Information SecurityRegistration Level:
10:45 am - 11:15 am
- Open Sessions
To build a culture that optimizes security, an organization needs to set information security leadership appropriately. Strategically, it needs to understand the organization’s risk tolerance, codify it as policy, and communicate it. Based on risk tolerance, it needs to create a roadmap that moves the organization from ad hoc and compliance-based cultures to one that’s risk-based. Tactically, security management needs to regularly drive buy-in for risk tolerance and policy. In addition, management needs to foster a culture that learns from incidents and failures rather than a culture that focuses on assigning blame.10:45 am[Panel] No Perimeter: Security in the CloudRegistration Level:
10:45 am - 11:15 am
- Open Sessions
Worldwide events have accelerated cloud adoption trends. Organizational reliance on the cloud is at an all-time high. This panel will explore cloud security risks, controls, and best practices to help ensure a secure cloud computing environment.11:15 amNetworking BreakVisit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.Registration Level:
11:15 am - 11:30 am11:30 am[Mid-Day Keynote] Tracking Down the Cyber Criminals: Revealing Malicious Infrastructures with UmbrellaRegistration Level:
- Open Sessions
11:30 am - 12:15 pm
- Open Sessions
Cyber criminals are exploiting the internet to build agile and resilient infrastructures. The internet is open and information to expose these infrastructures is out there; the challenge is making sense of the fragmented data. Connecting the dots by analyzing data (DNS queries, BGP anomalies, ASN reputation, network prefixes/IP fluctuations), allows us to map out where malicious infrastructure is and attacks are staged. This gives the defender the upper hand by letting them pivot through the criminal infrastructure.
This session will explain how some of the Cisco Umbrella classifiers work and provide examples of threats that have been detected using this technology. First, we focus on the detection models that can be built and applied (such as co-occurrences, NLP Rank, Spike Detectors, Malvertising clustering), and how these can expose malicious infrastructures and APTs. The next part provides a practical use case on how this innovative approach can be used to pivot through attackers’ infrastructure and protect organizations from advanced threats. Examples include crypto phishing and crypto jacking. Finally, we will show some of this analysis visualized in 3D.12:15 pmNetworking BreakVisit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.Registration Level:
12:15 pm - 12:30 pm12:30 pmHey, Information Security: Be Part of the Digital Transformation or Be Left Behind!Registration Level:
- Open Sessions
12:30 pm - 1:00 pm
- Open Sessions
“Digital transformation” (Dx) as a buzzword may be approaching the end of its life, but the fundamental concept—continuously improving the use of technology and data to provide value to customers—is real and critical to the survival of businesses. If information security teams don’t evolve to deliver the same Dx value and benefits to our organizations, then we risk losing our “customers” to intentional circumvention or preference for shadow IT providers. Make sure your information security team provides the core Dx attributes to your organization to cultivate value, loyalty, and trust.
Join this session to learn how you can:
•Embed security into your culture, technologies and processes
•Empower innovation and expedite time-to-market through consistent security risk governance
•Assess the impacts, goals and methods of likely cyber attacks and incidents
•Align IT and security professionals with business objectives and risk tolerance
•Prepare now for effective detection and response to reduce business impacts of incidents
Presentation Level: MANAGERIAL (security and business leaders)12:30 pmLeveraging the Three Lines of Defense to Improve Your Security PositionRegistration Level:
12:30 pm - 1:00 pm
- Open Sessions
Depending on your role, a three lines of defense risk management model can be your best friend or worst enemy. No matter your view, the data produced through these channels can help you better understand your weaknesses, work more effectively with senior management, and respond to a variety of scenarios.
Presentation Level: MANAGERIAL (security and business leaders)12:30 pm[Panel] Addressing Weakness: Vulnerability ManagementRegistration Level:
12:30 pm - 1:00 pm
- Open Sessions
NIST defines vulnerabilities as, “Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.” This panel will discuss current vulnerabilities and risk management through proper controls and best practices.12:30 pmRemote Work Risk: Privacy & Security Pitfalls and Best PracticesRegistration Level:
12:30 pm - 1:00 pm
- Open Sessions
The sudden growth in the remote workforce exposed critical cybersecurity and privacy concerns that should be considered. This presentation will provide an overview of key legal considerations with remote work when it comes to privacy and security, as well as discuss some solutions to help mitigate risk as your employees work from home.1:00 pmNetworking BreakVisit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.Registration Level:
1:00 pm - 1:15 pm1:15 pmBlue-Teaming and Incident Response for the "Win"Registration Level:
- Open Sessions
1:15 pm - 1:45 pm
- Open Sessions
Does your company use Windows or is most of the environment Windows? Come to this session to specifically learn the ins and outs of what are the most critical things needed in order to establish a respectable blueteam program at your organization. Do you know what Windows security event log 4688 mean? What about others? What are the event logs that you should know by hand or have a cheat-sheet for? What are some tools that you should be using and how can you automate them to help detect lateral movement. Also, we will be leveraging opensource tools. No, additional $ is not required. Trying harder, building your technical skills and doing proactive threat hunting will help you and your team. “Don’t worry all of this information will be useful for all no matter what level.” Per time permitting, we might also quickly talk about incident response as well, initially. Also, bring your technical questions too during our Q&A session.
Presentation Level: TECHNICAL (deeper dive including TTPs)1:15 pmEthical Hacking and Cyber Ecosystems: Anticipating the PredatorsRegistration Level:
1:15 pm - 1:45 pm
- Open Sessions
In an ever-evolving digital landscape with cloud computing, mobility and IoT systems, more sophisticated approaches to vulnerability assessment are necessary. One of the central tools used in vulnerability testing is penetration testing, along with other techniques that are more broadly classified as ethical hacking. This discussion includes highlights from three case studies of ethical hacking in different settings. Highlights include approaches to ethical hacking and specific penetration techniques relevant to cloud computing and network security. Topics will also include challenges faced in ethical hacking within cybersecurity ecosystems and a discussion of a robust, integrative multi-layered used in ethical hacking.
Presentation Level: TECHNICAL (deeper dive including TTPs)1:15 pm[Panel] Threat Landscape in Flux: Emerging ThreatsRegistration Level:
1:15 pm - 1:45 pm
- Open Sessions
The attack surface is shifting, threat actors are adapting, and security teams must also pivot. This panel will take a dive into various attack vectors, security gaps, and emerging threats organizations are now facing.1:15 pm[Rapid7] Risk-Based Vulnerability Management: Changing the Narrative for Your OrganizationRegistration Level:
1:15 pm - 1:45 pm
- Open Sessions
Vulnerability Management is a core process to reducing risk for organizations, yet IT and Security teams often struggle to communicate metrics that are meaningful for business leaders. Risk is often not even part of the discussion. How can we change the narrative to support a culture of collaboration? How can we overcome the IT versus Security mindset and the battle for resources? How can we communicate overall risk reduction? We’ll discuss ways you can start rethinking vulnerability management and risk.1:45 pmNetworking BreakVisit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.Registration Level:
1:45 pm - 2:00 pmLocation / Room: Exhibitor Floor2:00 pm[Closing Keynote] Identity and Access Management: A Case Study from Harvard Medical SchoolRegistration Level:
- Open Sessions
2:00 pm - 2:45 pm
- Open Sessions
Good identity management is one of the keys to good cyber hygiene within an organization, but it’s not without its fair share of challenges. Consider a large university with several schools within it, as well as a medical facility. You’ve got students, faculty, doctors, patients, and a host of random visitors all expecting access to your network.
In this keynote address from Joe Zurba, CISO at Harvard Medical School, we will hear first-hand insight about his team’s approach to developing a robust and cohesive identity strategy: how they give the right levels of access to the right people, and how they track all of the moving pieces. We will also evaluate best practices in managing key components of identities, including: verification, validation, lifecycle management, and password management. Join us for this unique opportunity to get an insider’s perspective on cybersecurity at one of the most prestigious institutions in the nation.
GENERAL (InfoSec best practices, trends, solutions, etc.)
- AccedianBooth: https://www.engagez.net/apcon-accedian
Accedian Networks is the leader in Performance Assured Networking™ for mobile backhaul, business services and cloud connectivity. Our solutions provide service providers and network operators with visibility into their networks and this differentiating ability empowers them to optimize, improve and manage the performance of their network, thereby delivering the best possible experience to their subscribers.
- Alert LogicBooth: https://www.engagez.net/alert-logic
Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.
- APCONBooth: https://www.engagez.net/apcon-accedian
APCON, an industry leader in network visibility and security solutions, provides an unparalleled level of confidence to enterprise and midsize businesses seeking network insights for enhanced investigation, threat detection and response. Our customers include Fortune 1000 companies to midsize organizations as well as government and defense agencies. Organizations in over 40 countries depend on APCON solutions.
- Arctic Wolf NetworksBooth: https://www.engagez.net/arctic-wolf
Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOCTMservice is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit https://www.arcticwolf.com.
- Armis, IncBooth: https://www.engagez.net/armis-inc
Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust Armis’ unique out-of-band sensing technology to discover and analyze all managed and unmanaged devices, analyze endpoint behavior to identify risks and attacks, and protect information and systems.
- AxoniusBooth: https://www.engagez.net/axonius
Axonius is the cybersecurity asset management platform that gives organizations a comprehensive asset inventory, uncovers security solution coverage gaps, and automatically validates and enforces security policies. By seamlessly integrating with over 200 security and management solutions, Axonius is deployed in minutes, improving cyber hygiene immediately.
- BitglassBooth: https://www.engagez.net/bitglass
Your company’s move to the cloud delivers flexibility and cost savings, but that doesn’t mean you should lose control of your data. Bitglass’ Cloud Access Security Broker (CASB) solution enables your enterprise to adopt cloud apps while ensuring data security and regulatory compliance. Bitglass secures your data in the cloud, at access, on any device.
Bitglass was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.
- BitSightBooth: https://www.engagez.net/bitsight
BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog or follow @BitSight on Twitter
- BlackBerry CylanceBooth: https://www.engagez.net/blackberry-cylance
BlackBerry Cylance develops artificial intelligence to deliver prevention-first, predictive security products and smart, simple, secure solutions that change how organizations approach endpoint security. BlackBerry Cylance provides full spectrum predictive threat prevention and visibility across the enterprise to combat the most notorious and advanced cybersecurity attacks. With AI-based malware prevention, threat hunting, automated detection and response, and expert security services, BlackBerry Cylance protects the endpoint without increasing staff workload or costs. We call it the Science of Safe. Learn more at www.cylance.com.
- Check Point SecurityBooth: https://www.engagez.net/check-point
Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. We are committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.
- CiscoBooth: https://www.engagez.net/cisco
Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.
- Cloud Security Alliance (CSA)Booth: N/a
The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.
- Cobalt.ioBooth: https://www.engagez.net/cobaltio
Cobalt’s Pentest as a Service (PtaaS) Platform transforms traditional pentesting into a data-driven vulnerability management engine. Fueled by a global talent pool of certified freelancers, our modern pentest platform delivers actionable results that empowers agile teams to pinpoint, track, and remediate vulnerabilities.
- Code42Booth: https://www.engagez.net/code42
Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.
- CyberXBooth: https://www.engagez.net/cyberx
CyberX delivers the only cybersecurity platform built by blue-team experts with a track record of defending critical national infrastructure. That difference is the foundation for the most widely deployed platform for continuously reducing IoT risk and preventing costly outages, safety and environmental incidents, theft of intellectual property, and operational inefficiencies. For more information, visit CyberX.io
- DarktraceBooth: https://www.engagez.net/darktrace-AI
Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,000 organizations to protect against threats to the cloud, email, IoT, networks and industrial systems.
The company has over 1000 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.
- DGCBooth: https://www.engagez.net/dgc
Every business faces a variety of challenges, including rapidly changing technology, cybersecurity threats, and regulations. DGC provides a wide range of IT audit, compliance, and cyber & information security services that can help identify, evaluate, measure, and manage compliance and cybersecurity risks. Our professionals are trained to identify areas of exposure and recommend size-appropriate, cost-conscious corrective actions. DGC’s team will put together a tailored plan to safeguard your organization.
- EC-CouncilBooth: N/a
International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.
- Egress Software TechnologiesBooth: https://www.engagez.net/egress
Egress Software Technologies Ltd is a UK-based software company. It provides a range of data security services designed to protect shared information throughout its lifecycle, offering on-demand security for organisations and individuals sharing confidential information electronically.
- ForgeRockBooth: https://www.engagez.net/forgerock
ForgeRock® is the digital identity management company transforming the way organizations interact securely with customers, employees, devices, and things. Organizations adopt the ForgeRock Identity Platform™ as their digital identity system of record to monetize customer relationships, address stringent regulations for privacy and consent (GDPR, HIPAA, FCC privacy, etc.), and leverage the internet of things. ForgeRock serves hundreds of brands, including Morningstar, Vodafone, GEICO, Toyota, TomTom, and Pearson, as well as governments like Norway, Canada, and Belgium, securing billions of identities worldwide. ForgeRock has offices across Europe, the USA, and Asia
- HackerOneBooth: https://www.engagez.net/hackerone
HackerOne is the #1 hacker-powered security platform. More than 1,400 organizations, including the U.S. Department of Defense, General Motors, Google Play, Twitter, GitHub, Nintendo, Panasonic Avionics, Qualcomm, Starbucks, and Dropbox, trust HackerOne to find critical software vulnerabilities.
- HTCIABooth: N/a
Investigators on the Leading Edge of Technology
The High Technology Crime Investigation Association (HTCIA) was formed to provide education and collaboration to our global members for the prevention and investigation of high tech crimes. As such, we are an organization that aspires to help all those in the high technology field by providing extensive information, education, collective partnerships, mutual member benefits, astute board leadership and professional management. Association Mission: Provide education and collaboration to our global members for the prevention and investigation of high tech crimes.
- HUB TechBooth: https://www.engagez.net/hub-tech
HUB Tech partners with its clients becoming part of their support team. We work beside you to ensure you have a strategy that allows you to transform your Information infrastructure to keep up with the needs of your organization and your users. We have developed proprietary tools and strategies that have enabled us to lower cost and increase the quality of service to our client base, especially to state agencies, municipalities and school districts, where cost is a deciding factor in everyday decision making.
Our mission is simple – to take full ownership for all that we do, to protect those who trust in us, and to make lifelong clients from every customer contact.
- InfraGard BostonBooth: N/a
InfraGard is a United States government (FBI) and private sector alliance. InfraGard Boston was developed by the Boston FBI office in 1998 to promote protection of critical information systems. InfraGard provides formal and informal channels for the exchange of information about infrastructure threats and vulnerabilities. The purpose of the synergistic exchange is to allow members to better protect themselves and their corporate interests while enhancing the ability of the United States government to provide national security.
- Infused InnovationsBooth: https://www.engagez.net/infused-innovations
We are consultants that operate at the intersection of technology, business, data, and human interaction. We are passionate and committed to delivering the right solutions to our clients.
With staff with all manner of experiences – private business, startups, non-profit, healthcare, legal, education, data analytics, financial services, and more, we can speak your language. Our unique experiences don’t just allow us to tell you what your peers are doing, but how other industries have solved similar problems.
When you partner with Infused Innovations you get to work with people who want to be a part of the solution with you, and are genuinely excited about the opportunity to bring something new to the table.
- Institute of Internal Auditors (IIA)Booth: N/a
Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.
- IOvationsBooth: https://www.engagez.net/iovations
IOvations, founded in 2006, is a value added reseller focused on protecting the data, infrastructure and applications of our customers through a combination of services and products that extend to the end point, traditional network and cloud environment. Some of the things that make us unique include multiple industry awards, a long history of working with clients who appreciate how easy we are to work with, and our strong engineering expertise providing value and thought leadership.
- ISACA New England ChapterBooth: N/a
The New England Chapter of ISACA was founded in 1976. From the modest beginnings of its first meeting — which was held at Valle’s Steak House on Route 9 in Newton, Massachusetts.
Since, the New England Chapter has grown to over 2000 members across four states (MA, NH, ME, VT).
The primary objective of the New England Chapter of ISACA ® is to provide quality Information Systems audit and security-related education to support its members and their professional certifications.
- (ISC)2 Eastern MassachusettsBooth: N/a
Advancing Information Security One Community at a Time
As anyone seriously involved in the information security profession can attest, peer networking is an invaluable resource. (ISC)² Eastern Massachusetts Chapter provide members with the opportunity to build a local network of peers to share knowledge, exchange resources, collaborate on projects, and create new ways to earn CPE credits!
- ISSA New EnglandBooth: N/a
The Information Systems Security Association (ISSA) is an international organization providing educational forums, publications, and peer interaction opportunities that enhance the knowledge, skills, and professional growth of its members’ information security professionals. The primary goal of ISSA is to promote management practices that will ensure availability, integrity, and confidentiality of organizational resources.
Since its inception in 1982, ISSA’s membership has grown to include more than 100 chapters around the world with members who represent a diverse collection of organizations, including major U.S. and international corporations, leading consulting firms, world-class educational institutions, and government agencies. From EDP audit and corporate security to contingency planning and disaster recovery, ISSA members are committed to protecting their organizations’ assets and resources.
Visit the National Headquarter’s website at www.issa.org.
- KasperskyBooth: https://www.engagez.net/kaspersky
We’re an independent global cybersecurity company that empowers people to make the most of technology and the endless opportunities it brings. Backed by our deep threat intelligence, security and training expertise, we give businesses the power to stay safe—and the confidence to accelerate their own success. With insights gained from our unique international reach, we secure consumers, governments and more than 270,000 organizations. We’re proud to be the world’s most tested and awarded cybersecurity, and we look forward to keeping your business safe. Bring on the future.
- LogRhythmBooth: https://www.engagez.net/logrhythm
LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.
- MalwarebytesBooth: https://www.engagez.net/malwarebytes
Malwarebytes secures endpoints, making workplaces resilient. Our adaptive attack protection predicts and detects attacks with multi-layer detection across the kill chain. We enable active threat response with machine learning that is actionable and automated, allowing for full recovery when a compromise occurs. We empower enterprise endpoint orchestration across siloed IT and Security organizations, simplifying security management and making responses effective. Malwarebytes makes endpoints resilient so workplaces can protect and remediate, and employees can regain control of their digital lives. Visit us at www.malwarebytes.com/business.
- MCPABooth: N/a
The Military Cyber Professionals Association is dedicated to developing the American military cyber profession and investing in our nation’s future through STEM education. We are working towards an American military cyber profession that is accomplishing what our nation needs, expects, and deserves. Our goal is to secure cyberspace for military, economic, and private individual pursuits.
- MimecastBooth: https://www.engagez.net/mimecast
Mimecast Is Making Email Safer For Business.
Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service. Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.
- nCipherBooth: https://www.engagez.net/ncipher
nCipher Security, a leader in the hardware security module (HSM) market, empowers world-leading organizations by delivering trust, integrity and control to their business critical information and applications, IoT, blockchain and digital payments
- NinjaRMMBooth: https://www.engagez.net/ninjarmm
NinjaRMM was founded in 2013 to help MSPs and IT professionals simplify their workday with an intuitive and user-friendly RMM. 5 years later and the company has grown to support over 4,000 customers across the globe.
- OktaBooth: https://www.engagez.net/okta-boston
Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.
- OneTrustBooth: https://www.engagez.net/onetrust
OneTrust is the leading and fastest growing privacy management software platform used by hundreds of organizations globally to comply with data privacy regulations across sectors and jurisdictions, including the EU GDPR and Privacy Shield.
- OptivBooth: https://www.engagez.net/optiv
The world’s most trusted and reputable security solutions integrator, Optiv enables its clients to realize stronger, simpler and less costly cyber security programs. The company combines decades of real-world business, security strategy and technical experiences with in-depth security products knowledge to bring order to the cyber security chaos.
- OWASPBooth: N/a
The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
- Palo Alto NetworksBooth: https://www.engagez.net/palo-alto-networks
Palo Alto Networks™ is the network security company. Its next-generation firewalls enable unprecedented visibility and granular policy control of applications and content – by user, not just IP address – at up to 20Gbps with no performance degradation. Based on patent-pending App-ID™ technology, Palo Alto Networks firewalls accurately identify and control applications – regardless of port, protocol, evasive tactic or SSL encryption – and scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. Most recently, Palo Alto Networks has enabled enterprises to extend this same network security to remote users with the release of GlobalProtect™ and to combat targeted malware with its WildFire™ service. For more information, visit www.paloaltonetworks.com.
- ProofpointBooth: https://www.engagez.net/proofpoint-boston
Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.
Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.
- Radiant LogicBooth: https://www.engagez.net/radiant-logic-idmworks
Radiant Logic’s federated identity and directory platform, RadiantOne FID, is designed specifically for deployment in high-volume, high-complexity identity environments. RadiantOne FID includes an abstraction layer, extracting and virtualizing identity and context information out of various application and data silos, including AD domains and forests, LDAP directories, SQL databases, and more. RadiantOne FID also includes a scalable directory, HDAP, which is fully LDAP v3 compatible. RadiantOne FID re-maps the underlying data sources and presents the identity data in views customized for the needs of enterprise applications to enable authentication and fine-grained authorization for identity management and context-driven applications.
Radiant Logic’s global customer base includes many Fortune 1000 companies in the fields of banking, finance, insurance, government, communications, manufacturing, education, entertainment and healthcare. Headquartered in Novato, CA, Radiant Logic has satellite offices in Chicago and Washington, DC, and distribution channels throughout the world.
- Rapid7Booth: https://www.engagez.net/rapid7
Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.
- RedSealBooth: https://www.engagez.net/redseal
At RedSeal, our vision is to become the essential analytics and decision-making platform for building digitally resilient organizations people can trust. We do this by becoming the measure by which every organization can quantify its digital resilience. As thought leaders on resilience, we envision every organization starting the security discussion with the question “What’s our Digital Resilience Score?” Founded in 2004, RedSeal is headquartered in Sunnyvale, California.
- ReliaQuestBooth: https://www.engagez.net/reliaquest
ReliaQuest fortifies the world’s most trusted brands against cyber threats with its platform for proactive security model management. Acting as a force multiplier on an organization’s existing cybersecurity investments, only ReliaQuest’s GreyMatter integrates disparate technologies to provide a unified, actionable view that fills the gaps in enterprise security programs.
- Secure DiversityBooth: N/a
Seecure Diversity is an innovative non-profit organization with leaders that think out of the box who have created strategies & solutions in placing qualified women and underrepresented humans into cybersecurity roles. We foster gender diversity, equity, and inclusion in the cybersecurity industry through conferences, networking, mentoring, professional development, and community outreach. One of our primary goals is to raise awareness and increase the number of women and underrepresented humans in the cybersecurity workforce. Founded in 2015 by Deidre Diamond; our mission is the equal representation of women and men in the cybersecurity workforce by engaging and collaborating with organizations and businesses to improve the recruitment and retention of women; utilize marketing and social media platforms to raise awareness of women in cybersecurity careers; remove cybersecurity institutional barriers and innovate new strategies to leverage existing resources.
- SiemplifyBooth: https://www.engagez.net/siemplify
The Siemplify team is comprised of cyber-security professionals, veterans of Israeli intelligence agencies. We bring rich experience in security analysis, management and operations and are backed by experts in data science and applied mathematics.
WE BELIEVE In the modern world of cyber threat analysis, investigation and management should be more holistic, intuitive and simple. Technology and data science should serve cyber security experts by providing all the relevant information about the threat in real-time and focus them in rapid decision making.
- SonicWallBooth: https://www.engagez.net/sonicwall
SonicWall has been fighting the cybercriminal industry for over 28 years defending small and medium businesses, enterprises and government agencies worldwide. Backed by research from SonicWall Capture Labs, our award-winning, real-time breach detection and prevention solutions secure more than a million networks, and their emails, applications and data, in over 215 countries and territories. These organizations run more effectively and fear less about security.
- SwimlaneBooth: https://www.engagez.net/swimlane
Swimlane is at the forefront of the security orchestration, automation and response (SOAR) solution market and was founded to deliver scalable security solutions to organizations struggling with alert fatigue, vendor proliferation and chronic staffing shortages.
- TechTargetBooth: N/a
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- Trend MicroBooth: https://www.engagez.net/trend-micro
Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.
- Whalley Computer AssociatesBooth: https://www.engagez.net/whalley-computer-associates
Whalley Computer Associates, Inc. (WCA) employs some of the region’s best engineers and is equipped to accommodate all computer and communication needs for businesses of all sizes in every industry. As an aggressive entrepreneurial business, we’re capable of responding to your needs with a level of flexibility and speed that other organizations can only dream of.
While we’ve grown tremendously since 1979, we remain a friendly, flexible, family-owned business that prioritizes the needs of our customers. As we’ve evolved, we’ve expanded our reach to service customers throughout the nation. To provide each customer with superior service, we now employ over 140 computer professionals and 10,000 affiliated technicians and engineers. In response to making these advancements, VarBusiness magazine ranked WCA as being a high-level engineering firm in the largest 1% of all Solution Providers in North America.
- Women in CyberSecurity (WiCyS)Booth: N/a
Women in CyberSecurity (WiCyS) is the premier nonprofit organization with international reach dedicated to bringing together women in cybersecurity. Founded by Dr. Ambareen Siraj from Tennessee Tech University through a National Science Foundation grant in 2013, WiCyS offers opportunities and resources for its members and collaboration benefits for its sponsors and partners. The organization’s founding partners are Cisco, Facebook and Palo Alto Networks. WiCyS’ strategic partners include Amazon Web Services, Bloomberg, Cisco, Equifax, Facebook, Google, HERE Technologies, IBM, Lockheed Martin, Nike, Optum, Palo Alto Networks, PayPal, SANS Institute, Target, and University of California San Diego. To learn more about WiCyS, visit https://www.wicys.org.
- Vinny TroiaSecurity Researcher and Pentester, Author "Hunting Cyber Criminals"
Founder and Principal Security Consultant of Night Lion Security, Vinny Troia brings 20+ years of IT security and development experience. He is also a featured speaker on ABC, CNBC, and Fox News.
"One afternoon, I drafted an email to the CEO and CISO of a major airline company. The title read – URGENT – Data breach in your network. During our phone conversation later that evening, I proceeded to tell the security admin that I received word from a dark web contact that sensitive data from their network was about to go on sale later that week. Working in tandem with my dark web contacts and the company’s security team, we were able to identify the hacker’s position within their network, turned off their access, and closed the vulnerabilities that allowed them to gain access. This is the kind of thing I do day in and day out, and I love my job." - Vinny Troia
- Achint SehgalGlobal Head of Solutions Engineering, OneTrust
Achint Sehgal, CIPP/E, CIPM, serves as a Global Head of Solutions Engineering for OneTrust Vendorpedia—a purpose-built software designed to operationalize third-party risk management. In his role, Sehgal advises companies throughout their third-party risk management implementations to help meet requirements relating to relevant standards, frameworks, and laws (e.g. ISO, NIST, SIG, GDPR, and CCPA). Sehgal works with clients to centralize their third-party information across business units, assess risks and performance, and monitor threats throughout the entire third-party relationship, from onboarding to offboarding.
- Ravi ThatavarthyVP & CISO, BJ's Wholesale Club
Ravi Thatavarthy brings 20+ years of experience in Information Security to his role with a strong background in Security Architecture and building Security programs from ground up. His approach to Information Security is unique and well-balanced with a focus on ‘Business Value’ and ‘User Delight’. He recently appeared in ‘Profiles in Confidence’ as a Security leader running confident Security program. He spoke and served as a panelist in multiple conferences. Before joining BJ's, he was the Head of Information Security at iRobot, and previously led the Security, Policy & Compliance programs at Haemonetics where he worked as Director of Global Security & Policy.
- Esmond KaneCISO, Steward Health Care
Prior to his role at Steward, Esmond was the Deputy CISO at Partners HealthCare, where he was responsible for the operational component of the "Lighthouse" program, a radical transformation in Partners approach to security and privacy risk management. Esmond spent 10 years helping to guide improvements in IT delivery and information security in Harvard University. Before working in Harvard, Esmond spent 10 years in several roles and industries including KPMG and BIDMC. In his spare time, Esmond likes to fret about spare time and annoy people who read bios.
- Sabrina StanichCybersecurity Manager, Darktrace
Sabrina Stanich is a Cyber Security Manager at Darktrace, the world’s leading machine learning company for cyber defense. She has worked extensively with clients across numerous industry verticals, from financial services to manufacturing, helping them deploy Darktrace’s Enterprise Immune System, the only AI technology capable of detecting and autonomously responding to early-stage cyber-threats. Stanich graduated with a bachelor’s degree from the University of Pennsylvania and is based out of Darktrace’s New York City office.
- Don McKeownInformation Security Manager, Wolters Kluwer Health
Don McKeown is currently an information security manager for a provider of healthcare solutions that facilitate effective clinical decisions. There he developed and teaches a threat modeling course, teaches code scanning, contributes to corporate application security advisory committees, and consults for technical and product teams. Previously he helped mature security programs at LogMeIn and athenahealth. Before focusing exclusively on information security, he contributed to several infrastructure teams over many years. He earned an MBA with Distinction from Bentley University and holds the CISSP, CRISC, and GIAC Security Leadership (GSLC) certifications. For more information, go to https://www.donmckeown.net/
- Adam WinnProduct Manager, Cisco Umbrella, Cisco
Adam Winn is the platform product management lead for Cisco Umbrella. He got into cloud security product management in 2013 and never looked back. In 2016, he joined OpenDNS shortly before it was rebranded as Cisco Umbrella. He is a life-long California resident and a fan of live music (and can't wait for it to come back).
- Sandy SilkDirector, Information Security Education & Consulting, Harvard University
Sandy Silk is the Director of Information Security Education and Consulting at Harvard University, Founder of Cyber Risk and Resilience Consulting, and a member of the Board of Advisors for the MS in Information Security Leadership at Brandeis University. She excels at bringing together executive leaders, business teams, and IT professionals to align cyber risk management with strategic priorities and culture, risk tolerance levels, and positive customer experience. Sandy is also involved in several WIT organizations and programs. Her prior information security career included positions with Fidelity Investments, Bose Corporation, and Wellington Management Company.
- Brendan CampbellAVP, Global Technology Governance & Control, Manulife
Brendan Campbell is currently the leader for Manulife’s Global Technology Governance & Control function and has prior experience across audit, risk management, information security. He is a part of the Global Technology Executive team and is responsible for leading the execution of risk activities globally. In addition, he is responsible for the company’s Executive Crisis Management plan. Prior to joining Technology he head of the global IT Audit function at Manulife. Prior to joining Manulife in 2007, Brendan held roles in information security specific to managing infrastructure security compliance and identity and access management initiatives.
- Rebecca RakoskiManaging Partner, XPAN Law Group, LLC
Rebecca Rakoski is co-founder and managing partner at XPAN Law Group, a certified Women Owned boutique law firm. Rebecca focuses her practice exclusively on cybersecurity and data privacy. She has extensive experience in all aspects of cybersecurity, data privacy and cross border data transfer issues. Rebecca performs in-depth cybersecurity assessments and audits in accordance with regulatory requirements. Rebecca counsels clients through a breach by navigating the complexities of different state and federal regulations. Rebecca also performs cybersecurity and data privacy due diligence in M&A transactions, protecting intellectual property, and even transition and succession planning.
- Roy WattanasinInformation Security Leader, Healthcare Industry
Roy Wattanasin is currently a healthcare information security professional. Additionally, Roy is an avid speaker who has spoken at many conferences and webinars. Roy also enjoys data forensics & incident response and building security in. He is heavily involved with many computer security groups including OWASP Boston, ISSA and the local communities. Roy is also a member of multiple advisory groups. He was an adjunct instructor at Brandeis University as part of the Health and Medical Informatics and is also the co-founder of that program. He is credited for bringing back the Security BSides Boston conference (setting the standards) and enjoys seeing it grow each year and being successful with its new team members.
- Lauren ProvostProfessor, Computer Science, Western Governors University
Dr. Lauren E. Provost is an ethical hacker, author and professor. She directs The Ethical Hackers Cybersecurity organization, a virtual community for educators and industry providing comprehensive planning and risk management updates, network and cloud security knowledge and information on other cybersecurity topics such as general penetration testing and compliance readiness. Her publications span these areas. Her current research and practice focuses on ethical hacking. She earned her doctorate in mathematics from the University of New Hampshire after an undergraduate degree in computer science at the University of Texas at Austin.
- Brian CareyManager, Advisory Services, Rapid7
Brian Carey is a Rapid7 Manager of Advisory Consulting, specializing in: Security Program Assessments, Security Program Development, Risk Management, Vulnerability Management Program Development, Security Awareness and Policy Development. Before joining Rapid7 Brian was Information Security Director and interim Security Officer at LafargeHolcim NA, a multinational manufacturer, where he managed and supervised the North American ISO27002 compliant ITSEC program. Brian was with LafargeHolcim (previously Holcim NA) for 14 years and held many positions over that time period. Brian is a motivated, independent security professional comfortable speaking with both technical individuals as well as business leaders about a myriad of security-related topics Brian is a team player and leader with proven experience in security management.
- Joe ZurbaCISO, Harvard Medical School
In his role as the leader of Information Security at Harvard Medical School, Joe Zurba has been responsible for defining and building capabilities to meet the requirements of an extraordinarily diverse community of clinical and research faculty, students, and staff. Joe develops strategy, improves capabilities, and manages risk for all information security, Identity and Access Management, and IT compliance efforts across the school. Joe also serves on several committees in his role as the school’s information security leader. He is a non-scientific, voting member of the Harvard Medical School Institutional Review Board (IRB), which oversees human subjects research. He is also a co-chair of Harvard Catalyst subcommittee on Emerging Technologies, Ethics, and Research Data. His expertise is often sought in the creation of University policy, programs, and other initiatives that seek to benefit from his experiences working with biomedical and basic science research. Joe has worked for over 20 years in Information Security roles within Higher education, Health Care, High Tech Manufacturing, and Technology. Prior to his current role, he served as Research Information Security Officer in the Partners Healthcare Information Security and Privacy Office and 11 years previously in information security at Harvard Medical School and Director of IT Security at Harvard University Information Technology. He currently holds certifications as a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Auditor (CISA).
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Join your InfoSec peers for high-quality, affordable training and collaboration. Sign up today!