- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Thursday, May 6, 20217:30 amAdvisory Council RoundtableMoving Forward Together: The State of Your IndustryDigital Event Director, SecureWorldRegistration Level:
- VIP / Exclusive
7:30 am - 8:15 amThis session is for SecureWorld Advisory Council members by invite only.
8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 9:00 amLocation / Room: Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:15 amISSA KC Chapter Meeting [Open to all attendees]Aligning with the Business: Where Are We Going Wrong?President, ISSA International; CISO, NeuEonPresident, ISSA KC ChapterHead of Information Security, Netflix DVDRegistration Level:- Open Sessions
8:15 am - 8:55 amJoin the ISSA KC Chapter meeting to hear the future of the organization from ISSA International President Candy Alexander, and stay for the panel discussion on technology risk versus business risk.
Aligning with the Business: Where Are We Going Wrong?
Many in our profession now operate under a “business enablement” mindset. We recognize the fact that we must align security efforts with the needs of the business, or we will continue towards becoming irrelevant. But what does “aligning with the business” really mean? Some believe we may be misunderstanding this concept and applying it incorrectly within our organizations. Attend this panel discussion with the ISSA International leadership for an honest and possibly controversial take on aligning security with the business.
8:15 amA Modern Approach to Information ProtectionSr. Director, Enterprise Security Strategy, ProofpointRegistration Level:8:15 am - 8:55 amData Loss Prevention (DLP) solutions alone can no longer address today’s data privacy requirements. Customer PII data is the most often lost or stolen data, and more than half of these breaches involve malicious attacks. Challenges like increasing threat activity, difficulty protecting a remote workforce, and accelerating migration of data to cloud platforms make it harder to secure data and comply with privacy regulations—especially when analysts need multiple tools to investigate data leakages. So how can you better protect your company in 2021?
9:00 am[Opening Keynote] Fireside Chat with Pentesters Arrested for Doing Their JobDirecting, Center of Excellence for Red Team, Social Engineering, and Physical Penetration Testing, CoalfireSr. Security Consultant, CoalfireRegistration Level:- Open Sessions
9:00 am - 9:45 amWhen an Iowa Sheriff arrested Coalfire pentesters Gary DeMercurio and Justin Wynn on the job, it sent shockwaves through the cybersecurity community. The two InfoSec professionals faced felony charges, jail time, and the possibility of a criminal record for doing what they were hired to do. And information security professionals faced a possible chilling effect around a common strategy for testing defenses. Now, Gary and Justin will tell their story on the SecureWorld New England virtual stage during a candid fireside chat. They will take us through what happened to them and share what they learned in the process.
For more background, read our original news story here.
9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:00 amLocation / Room: Exhibitor FloorVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:00 amSecurity as an Innovation LabSystem VP & CISO, SSM HealthRegistration Level:- Open Sessions
10:00 am - 10:30 amTraditionally, security is seen as a cost center. What if we could flip that on its head by using security concepts to drive business revenue? Every department would want the security team at the table. In this session, I’ll talk about innovative ways to draw positive attention to information security in a way that makes people want to give time and resources to security.
10:00 amReducing Complexity While Increasing Data Protection in Financial ServicesVP, Security and Privacy, PKWARERegistration Level:- Open Sessions
10:00 am - 10:30 amFinancial service firms have a responsibility to provide fool-proof security to instill faith in customers, and send a strong message that combating threats is a prime objective. They cannot afford to be complacent, especially when the majority of information produced or utilized in financial services is private and sensitive, not to mention highly regulated. All this adds up to make cybersecurity vital to business.
Building sustainable ongoing security starts with all-inclusive optics into the sensitivity of data and automated organization-wide control of it. Organizations can assemble all this with multiple solutions, but doing so is time-consuming, expensive, and can be fraught with integration woes.
There’s a better way. This session takes a deep dive into reducing complexity in sensitive and private data protection, including:
- How to dig deep across the enterprise into every place sensitive data may be stored, from data lakes to endpoint devices
- The benefit of automatic policy-specific remediation, including masking, redaction, deletion, and encryption
- How to scale data protection and compliance as data volumes increase
10:00 amThe Implementation Journey of Zero Trust and SASE: Realizing the BenefitsVP, CSO - Cloud Security Transformation, NetskopeRegistration Level:- Open Sessions
10:00 am - 10:30 amMost organizations have a hybrid implementation of cloud and on-prem services. With the rapid adoption of business digitalization and expanding remote work force, how do we consolidate controls and enhance the security of the systems?
In this hybrid mode, enterprises need speed, visibility, security, and reliability without compromise. Enter the secure access service edge, better known as SASE. It’s inevitable that SASE implementations and Zero Trust implementations will provide a more comprehensive security capability to truly support digital transformation. How can your organization best position itself for the transition?
In this session, James Christianson will discuss:
· How to migrate your security controls to take advantage of SASE
· Reducing cost while increasing your security posture
· Implementing a road map for SASE / Zero Trust10:30 amNetworking BreakRegistration Level:- Open Sessions
10:30 am - 10:45 amVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:45 amThe Case for Security AutomationDirector of Cybersecurity, Waddell & ReedRegistration Level:- Open Sessions
10:45 am - 11:15 amThis presentation will highlight the cost and benefits of engaging in security automation. Pedro will discuss what’s needed to get started, potential applications, and how it can be tied to other security components.
10:45 amConquering Cloud ComplexityCTO, RedSeal NetworksRegistration Level:- Open Sessions
10:45 am - 11:15 amCloud security is hard, not least because cloud platforms change so quickly. This talk presents several lessons learned from security teams struggling to get their arms around the sprawl of modern infrastructure, using practical analogies from pandemics and earthquakes.
10:45 amRansomware in Focus: How AI Stays One Step Ahead of AttackersDirector for Cyber Intelligence and Analysis, DarktraceRegistration Level:- Open Sessions
10:45 am - 11:15 amAs the world continues to endure ongoing global disruption, cyberattackers have been constantly updating their tactics in light of emerging trends. According to MIT Technology Review, 121 million ransomware attacks were recorded in the first half of 2020, each one attempting to encrypt private data and extort payment for its release. The automated elements of these attacks—malware that moves faster than security teams can respond—is one of the most damaging hallmarks of these ransomware campaigns.
Join Justin Fier, Director of Cyber Intelligence & Analytics at Darktrace, as he unpacks the nuances of some of today’s most costly and advanced ransomware and shares how self-learning AI uniquely empowers organizations across industries to fight back.
11:15 amNetworking BreakRegistration Level:- Open Sessions
11:15 am - 11:30 amVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
11:30 am[Panel] Operationalizing Your Knowledge for Maximum ImpactGlobal BISO & Director of Business Partnership, Cardinal HealthAssociate CISO, Washington University in St. LouisCISO & C-Suite Advisor, Check Point Software TechnologiesRegistration Level:- Open Sessions
11:30 am - 12:00 pmWe have a lot of collective knowledge within security. However, we still have work to do to operationalize this for maximum impact within organizations. What kind of trends can we take advantage of given security’s rise in importance? Do organizations really know what they need when hiring cybersecurity leadership? What do organizations need to see more of from CISOs and information security teams? This panel will explore these questions and more.
11:30 amSecuring the Cloud Control Plane: How to Make Security Predictable in the CloudSr. Director, Product Management, CrowdStrikeDirector, Product Management, CrowdStrikeRegistration Level:- Open Sessions
11:30 am - 12:00 pmIn a new survey from Enterprise Strategy Group (ESG), 88% of respondents said their cybersecurity program needs to evolve to secure their cloud-native applications and use of public cloud infrastructure, with many citing challenges around maintaining visibility and consistency across disparate environments.
Join CrowdStrike’s session to learn about cloud-native security challenges and how to prevent inconsistency, uncover misconfigurations, and improve visibility. Spencer Parker and Sowmya Karmali will highlight best practices that DevOps and SecOps teams can employ to secure your applications in the cloud.
11:30 amGet Beyond Compliance and Achieve Real Data SecuritySVP, Strategy and Imperva Fellow, ImpervaRegistration Level:- Open Sessions
11:30 am - 12:00 pmTo keep pace with the database activity explosion that has accompanied recent rapid technology innovations, organizations must rethink their strategy for securing their data assets. A strategy designed to meet compliance requirements is not enough. Organizations need to develop new approaches that augment traditional agent-based monitoring to achieve real data security today and in the future.
We’ll provide insight into how you can automate data collection and monitoring so you may apply more resources to identifying non-compliant behavior and orchestrating rapid responses, regardless of where your data is or the size of your data estate.
12:00 pmNetworking BreakRegistration Level:- Open Sessions
12:00 pm - 12:15 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
12:15 pmFrom Technologist to CISOCISO, Veterans United Home LoansRegistration Level:- Open Sessions
12:15 pm - 1:00 pmAre you a technician feeling the call towards leadership? Are you just interested in learning more about leadership? Just being a good tech is no guarantee of being a good leader. There are many things that good leaders need to know that have nothing to do with technical knowledge. Come to this session and join in a conversation about the path from the Information Security technical role to an IS leadership role. Learn the right knowledge that will be powerful in helping you become a great IS leader!
12:15 pmManaging Insider Risk without Compromising Speed of BusinessSecurity Community Evangelist, Manager, Code42Registration Level:- Open Sessions
12:15 pm - 1:00 pmAs companies double down on time to innovation, time to market, and time to revenue, they are inherently introducing more risk from the inside. The more cloud-based, collaborative, and fast an organization becomes, the greater the Insider Risks posed to its people, technology, and data. The upside is that cloud collaboration tools make employees more productive. The downside is that these same tools make it easier to exfiltrate data.
Adding to the complexities of working from home and off the corporate network, more employees are routinely using unauthorized devices, tools, and cloud-based applications to share files and ideas with colleagues.
Join us to discuss the growing Insider Risk problem and how the right data protection methods can set security teams up for success, without slowing down company productivity.
12:15 pm[Panel] Managing a Remote Workforce in the CloudSr. Solutions Engineer, OktaVP of Marketing, AppaegisSr. Director, Product Management, CrowdStrikeSr. Sales Engineer, GigamonRegistration Level:- Open Sessions
12:15 pm - 1:00 pmOur panelists will discuss the continued challenges with managing the remote workforce securely. Whether people go back to an office again is up in the air, but InfoSec and Operations must have processes and technology in place to keep the business running with an acceptable risk. Bring your questions for our panel.
1:00 pmNetworking BreakRegistration Level:- Open Sessions
1:00 pm - 1:15 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pmVERIS A4 Threat ModelingHead of Research, Development, Innovation, Verizon Threat Research Advisory CenterRegistration Level:- Open Sessions
1:15 pm - 2:00 pmVERIS, the Vocabulary for Event Recording and Incident Sharing, is a set of metrics designed to provide a common language for describing cybersecurity incidents (and data breaches) in a structured and repeatable manner. VERIS provides cyber defenders and intelligence practitioners with the ability to collect and share useful incident-related information—anonymously and responsibly—with others. The VERIS Framework underpins the Data Breach Investigations Report (DBIR); it’s what Verizon uses to codify the data and build this annual report.
VERIS employs the A4 Threat Model to describe key aspects of incidents and breaches that affect victim organizations. Simply put, the A4 Threat Model seeks to answer: who (Actor) did what (Action) to what (Asset) in what way (Attribute) for threat modeling, intelligence analysis, breach mitigation, and detection / response improvement.
Takeaways from this session will include:
• VERIS Framework Overview
• A4 Threat Model Components
• VERIS Use Cases1:15 pm[Panel] The Current ThreatscapeSr. Sales Engineer, LogRhythmRegional Director, Security Engineering, Check Point Evangelist, Check Point Software TechnologiesDirector of Technology - Office of the CTO, ImpervaGlobal Principal Engineer, CorelightSolutions Architect, ArmisRegistration Level:- Open Sessions
1:15 pm - 2:00 pmEven a pandemic didn’t slow the roll of hackers and other nefarious groups. Ransomware and BEC attacks are at an all-time high, and insider threats (malicious and unknowing) are on the rise, as well. It seems if a dollar is to be had, someone is trying to take it. So, how do we arm our clients, partners, and coworkers with the tools they need to identify these next-level threats?
1:15 pm[Panel] We Need a New Plan: Business Continuity, GRC, and PrivacyDirector of Product Marketing, SiemplifyPrincipal Security Program Manager, MicrosoftCo-Founder & Managing Partner, XPAN Law PartnersRegistration Level:1:15 pm - 2:00 pmThe pandemic has taught InfoSec many lessons; among them, your IR/BC/DR plans must be scalable and flexible. Compliance and regulations still matter, and many states are initiating new data privacy and security laws. Our panel will go over some of the items you may have missed over the last year. Our experts will let you know which ones you need to really be concerned with and provide some guidance on what to include in your future Incident Response, Business Continuity, and Disaster Recovery plans.
1:15 pmAdvisory Council RoundtableLeading with Purpose: Mentorship and Succession Planning 101CISO, Veterans United Home LoansRegistration Level:- VIP / Exclusive
1:15 pm - 2:00 pmDiscussion moderated by Randy Raw. This session is for SecureWorld Advisory Council members by invite only.
2:00 pmNetworking BreakRegistration Level:- Open Sessions
2:00 pm - 2:15 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:15 pm[Closing Keynote] Digital Extortion Drama: Deconstructing the Ransomware Response LifecycleCo-Chair, Data Privacy & Cybersecurity Practice, Spencer Fane LLPRegistration Level:- Open Sessions
2:15 pm - 3:00 pmThis session is part drama and part virtual tabletop exercise. Cyber attorney Shawn Tuma will make the lifecycle of a successful ransomware attack come alive. From initial discovery and ransom negotiation, to IR team activation, to data recovery and restoration, all the way through the process to lingering litigation. Attend this session to more fully understand the impact a ransomware attack can create for any organization, including yours.
- AppaegisBooth:
Appaegis provides the most secure agentless zero trust access solution to connect authorized users and devices to enterprise application. Appaegis’ cloud native solution fits into any organizations secure access service edge (SASE) framework, integrates with existing workflow, security infrastructure and is agnostic to the types of applications or endpoints. Appaegis provides complete visibility into every interaction between end points and applications, control access to applications and identify abnormal or anomalous transactions by leveraging its differentiated isolation technology.
Appaegis solutions are built on the principal that organizations security posture must be based on the foundation of Zero Trust plus least privilege access, and account for the fact that every organization relies on a mix of internal applications, cloud native applications and SaaS.
- Armis, IncBooth:
Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust Armis’ unique out-of-band sensing technology to discover and analyze all managed and unmanaged devices, analyze endpoint behavior to identify risks and attacks, and protect information and systems.
- Check Point Software TechnologiesBooth:
Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.
- CiscoBooth:
Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.
- Code42Booth:
Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.
- CorelightBooth:
Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com
- CrowdStrikeBooth:
CrowdStrike sets the standard for cybersecurity in the cloud era. The CrowdStrike Falcon® platform protects and enables the people, processes, and technologies that drive modern enterprise, delivering superior protection, better performance, reduced complexity, and immediate time-to-value. CrowdStrike secures the most critical areas of enterprise risk—endpoints and cloud workloads, identity, and data—to keep organizations ahead of today’s adversaries and stop breaches.
- Cybercrime Support NetworkBooth:
Cybercrime Support Network (CSN) is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime. CSN’s mission is to improve the plight of Americans facing the ever growing impact of cybercrime by bringing together national partners to support cybercrime victims before, during, and after.
- DarktraceBooth:
Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.
The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.
- GigamonBooth:
Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com.
- ImpervaBooth:
Imperva is a leading provider of data and application security solutions that protect business-critical information in the cloud and on-premises. Cybercriminals constantly change their tactics. But what they are after, and how they ultimately make money, doesn’t change. They are after data. They make their money through extortion, via DDoS and ransomware, and through theft via data breaches. Today, data and applications are the fundamental assets of any enterprise. Data are the intellectual property and apps are what run the business. Imperva has a singular purpose: protect these critical assets from the ever-changing attacks of the cybercrime industry.
- ISSA Kansas CityBooth:
The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. Through its membership, ISSA – Kansas City helps security professionals in the Kansas City area learn of information security issues and trends, which promote education, collaboration, and leadership, and further the information security profession.
- LogRhythmBooth:
LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.
- NetskopeBooth:
The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.
- OktaBooth:
Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.
- PKWAREBooth:
PKWARE protects the world’s data with smart encryption software and solutions. In use by more than 35,000 customers, including government agencies and global corporations, PKWARE’s easy-to-use security armors data itself and eliminates vulnerabilities wherever data is used, shared or stored.
PKWARE offers the only data discovery and protection solution that locates and secures sensitive data to minimize organizational risks and costs, regardless of device or environment. Our software enables visibility and control of personal data, even in complex environments, making PKWARE a global leader in data discovery, security, and compliance.
- ProofpointBooth:
Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.
Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.
- Recorded FutureBooth:
Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.
- RedSealBooth:
By focusing on cybersecurity fundamentals, RedSeal helps government agencies and Global 2000 companies measurably reduce their cyber risk. With RedSeal’s cyber terrain analytics platform and professional services, enterprises improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif.
- SiemplifyBooth:
The Siemplify team is comprised of cyber-security professionals, veterans of Israeli intelligence agencies. We bring rich experience in security analysis, management and operations and are backed by experts in data science and applied mathematics.
WE BELIEVE In the modern world of cyber threat analysis, investigation and management should be more holistic, intuitive and simple. Technology and data science should serve cyber security experts by providing all the relevant information about the threat in real-time and focus them in rapid decision making.
- TechTargetBooth:
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- Tom BechtoldDigital Event Director, SecureWorld
Tom has been part of the SecureWorld team for over 14 years. He has launched several of the regional conferences we hold today. Tom is currently responsible for SecureWorld Digital, which provides educational content to the SecureWorld audience. He produces, executes, and moderates the majority of the Remote Sessions webcasts while also working closely with the SecureWorld event directors to build relevant agendas at the regional conferences.
- Candy AlexanderPresident, ISSA International; CISO, NeuEon
Ms. Alexander has over 30 years of experience in the cybersecurity profession. She has held several positions as CISO (Chief Information Security Officer) for which she developed and managed corporate security programs. She is now working as a CISO and Cyber Risk Practice lead for NeuEon, Inc., assisting companies large and small to improve their cyber risk and security programs through effective business alignment.
Ms. Alexander is a leader within the cyber profession, where her contributions include being twice-elected as Information Systems Security Association's (ISSA) International President, chief architect for the Cyber Security Career Lifecycle, and a long-standing Director on the International Board. She is also the inaugural President and past Board Member of the ISSA Education and Research Foundation. She has been instrumental in establishing the annual ISSA/ESG research project to better understand challenges face by cybersecurity professionals worldwide.
- Naeem BabriPresident, ISSA KC Chapter
Naeem Babri is a cybersecurity practitioner who works at T-Mobile, focusing on cyber risk assessments, information security, and cyber security controls. Naeem has worked in IT and cybersecurity for the last 20+ years. His expertise in information security, IT operations, and support has led to various roles at T-Mobile, formerly Sprint. His various Board services include serving as President and advisor of ISSA-KC since 2014, board member for InfraGard, and as an advisor for various conferences. Naeem is an avid runner, enjoys photography, and is an arts patron in addition to his various community projects. He holds a Master's degree in Computer Resource Management and a Bachelor of Science in Mathematics and Computer Science.
- Jimmy SandersHead of Information Security, Netflix DVD
Jimmy has spent the better part of two decades securing data and systems from cyber threats. In addition to his duties at DVD.com, Jimmy has served as the San Francisco Bay Area chapter president of the Information Systems Security Association (ISSA) since 2014. He is also on the ISSA International Board of Directors. Furthermore, he has been a speaker at BlackHat, SecureWorld, InfoSec World, as well as other notable events. Prior to DVD.com, Jimmy has also held senior security management roles at organizations that include Samsung, Fiserv, and SAP. He is a Cyber Security Committee advisor for Merritt College, Ohlone College as well as on advisory board for other colleges and non-profit movements. Jimmy Sanders maintains the certifications of Certified Information Systems Security Professional (CISSP), Certified in Risk Information and Information Systems Control (CRISC), and Certified Information Systems Manager (CISM). He holds degrees in Psychology and Behavioral Science from San Jose State University.
- Mike StacySr. Director, Enterprise Security Strategy, Proofpoint
Mike works with customers and oversees technical strategy for areas which include cloud security, advanced email defense, SOAR, browsing security, and SDP. Prior to joining Proofpoint, Mike held numerous technical leadership and product strategy roles across a variety of solutions.
- Gary DeMercurioDirecting, Center of Excellence for Red Team, Social Engineering, and Physical Penetration Testing, Coalfire
Gary DeMercurio runs one of the largest groups in Coalfire Labs as a Director, where he leads Coalfire’s “Center of Excellence” for Red Teaming, Social Engineering and Physical Penetration. At Coalfire, Gary manages day-to-day business involved with FedRAMP, PCI, HIPPA, and penetration testing, while helping to spearhead the physical and social engineering portion of testing. Gary is also a proud member of Coalfire Veterans.
- Justin WynnSr. Security Consultant, Coalfire
As a Senior Security Consultant, Justin Wynn is responsible for actively compromising and reporting on virtual environments typically encountered at Fortune 500 companies. Justin performs wireless, physical, red team and social engineering engagements. Justin also conducts research to include the production of open-source models for printing/milling to aid in red team engagements, with specific regard to tool gaps in the locksport industry as well as master keys for access control/elevator overrides.
- Gary S. ChanSystem VP & CISO, SSM Health
Gary S. Chan helps organizations innovate, stay secure, and meet compliance using information security as the vehicle. He has architected anti-fraud systems for state agencies, led the information security teams for a large-cap technology company, leads the information security department for a large multi-state healthcare system, owns an information security consulting company, and is an evaluator and mentor for cybersecurity start-ups. He served as President of the FBI St. Louis Citizens Academy Alumni Association and is on the board of the Greater St. Louis Area Association of Certified Fraud Examiners. An adaptable individual with international experience, Gary has been based out of Asia, Europe, and the U.S. and has a refined ability to resolve conflict through negotiations and mediations. He holds four security certifications and a degree in Electrical Engineering & Computer Science from MIT.
- Chris PinVP, Security and Privacy, PKWARE
Chris Pin serves as PKWARE’s VP, Security and Privacy. In this role, Chris drives value and awareness for all PKWARE customers regarding the various challenges that both privacy and security regulations bring to the data-driven world. He works closely with all customers and potential customers to help them better understand how PKWARE solutions best fit into their environments and processes. He also works very closely with many other departments such as Sales, Marketing, Partners, and Product to help build brand awareness and product insights.
With over 15 years of experience, Chris’s career began at the Pentagon where he supported the Army Headquarters as a Systems Engineer. Following his tenure at the Pentagon, he transitioned into global architecture and engineering for SOCOM, focusing on global networks and security. This is where he developed a deep understanding of what it takes to operate global networks at scale while ensuring the best security and privacy without jeopardizing the end-user experience.
Prior to joining PKWARE as part of the Dataguise acquisition, Chris spent four years at Costco leading the data center migration of the e-commerce domain before transitioning into Privacy and Compliance where he was a PCI-ISA and assisted through yearly PCI assessments. Most notably, Chris also led Costco’s GDPR and CCPA efforts on a global scale, working with teams across the company, Infosec, development, policy, legal, employee education, change review, marketing, HR, buyers, and more.
Chris has a CIPM certification and studied Aviation Management at Dowling College. When not working, he enjoys spending time with family, flying drones, kayaking, and adventuring the Pacific Northwest.
- James ChristiansenVP, CSO - Cloud Security Transformation, Netskope
James Christiansen is Netskope’s vice president of cloud security transformation and leader of the Global Chief Strategy Office. He is focused on enhancing Netskope’s global clients understand the challenges and solutions of cloud deployments by helping drive thought leadership in cloud security transformation.
James brings extensive expertise as a global leader in information security. Prior to joining Netskope, he was vice president CISO at Teradata where he led the global security, physical, and information security teams. Previously, James was vice president of information risk management at Optiv, chief information risk officer for Evantix, and CISO at Experian Americas, General Motors, and Visa International.
As a sought-after expert speaker on security, James has been featured at numerous prestigious events, including the Business Roundtable, Research Board, American Bar Association, American Banker, the RSA Conference, BankInfoSecurity, ISSA, ISACA, HIMSS, and MIS Training Institute. He has also been featured in The New York Times and quoted as an expert in USA Today, The Wall Street Journal, Reuters, United States Cybersecurity Magazine, Bloomberg, and Healthcare IT News.
James is a patent inventor and has received three innovation awards in cyber security, GRC, and cloud computing. He is the author of the Internet Survival Series and contributing author of CISO Essentials, as well as numerous industry papers.
- Pedro VazquezDirector of Cybersecurity, Waddell & Reed
As the Director of Cyber Security for Waddell & Reed, Pedro is tasked with leading IR, SECOPS, Vulnerability Management, Security Automation, and IAM. Pedro has previously provided security services for the DoD, IRS, DST, and SS&C.
- Mike LloydCTO, RedSeal Networks
Dr. Mike Lloyd has more than 25 years of experience in the modeling and control of fast-moving, complex systems. He has been granted 21 patents on security, network assessment, and dynamic network control. Before joining RedSeal, Mike Lloyd was Chief Technology Officer at RouteScience Technologies (acquired by Avaya), where he pioneered self-optimizing networks. Mike served as principal architect at Cisco on the technology used to overlay MPLS VPN services across service provider backbones. He joined Cisco through the acquisition of Netsys Technologies, where he was the senior network modeling engineer.
Dr. Mike Lloyd holds a degree in mathematics from Trinity College, Dublin, Ireland, and a PhD in stochastic epidemic modeling from Heriot-Watt University, Edinburgh, Scotland.
- Britney KennedyGlobal BISO & Director of Business Partnership, Cardinal Health
Britney began the first decade of her security career in the U.S. Army where she managed over 90 teams and traveled to assess the security of international government partners. She oversaw the Information Security Department for AMC Theatres where she was responsible for the development and implementation of the global strategy. She has since transitioned to Cardinal Health, initially leading Cyber Operations and now performing as the Director of Information Security Business Partnerships, providing Business Support, Security Awareness, and Compliance Operations across the Globe. Britney is a certified CISSP, CISM, PMP, SSAP. and holds certifications for CompTIA S+, CCSK, and IT Business Management. She holds a BS in Applied & Discrete Mathematics and an MS in Cybersecurity. Britney was also named an IT Security Power Player by SC Magazine and named as the Security Professional of the Year by ASIS Kansas City Chapter in 2020.
- Kevin HardcastleAssociate CISO, Washington University in St. Louis
Kevin Hardcastle, Chief Information Security Officer (CISO) for Washington University in St. Louis, is a member of the CIO Leadership team and serves a key role in University leadership, working closely with senior administration, academic leaders and the campus community. The CISO is responsible for the development and delivery of a holistic information security strategy to optimize the security posture through collaboration with campus-wide resources, facilitate information security governance, advise senior leadership on security direction and direct program functions of risk and incident management, compliance, information security operations, and information security policy development and education.
- Cindi CarterCISO & C-Suite Advisor, Check Point Software Technologies
Cindi Carter is a global, multi-industry Cybersecurity and Information Technology Executive who consistently seeks the optimal outcome for any endeavor. As a transformational leader from startups to enterprises, she excels at building cybersecurity practices in highly-regulated industries, turning strategic goals into actionable outcomes, and highly collaborative engagement across the organization for managing cyber risk.
At Check Point Software Technologies, Cindi is a Chief Information Security Officer in the Office of the CISO, leading Check Point's Healthcare Center of Excellence where human safety is essential to care.
Cindi is the founding President of Women in Security - Kansas City, was honored in SC Media magazine’s “Women to Watch in Cyber Security," and was also featured in Cybersecurity Venture’s book, “Women Know Cyber: 100 Fascinating Females Fighting Cybercrime.” She presents at conferences worldwide, holds several recognized IT, security, and project management certifications, and has a Master of Science degree in Information Technology.
- Spencer ParkerSr. Director, Product Management, CrowdStrike
With over 20 years of product management experience at Cisco, Websense, and most recently Sophos before joining CrowdStrike in 2017, Spencer has been instrumental in leading the Intel/Falcon X and Mobile solutions. Spencer holds a B.S. in Molecular Biology from the University of Portsmouth.
- Sowmya KarmaliDirector, Product Management, CrowdStrike
Sowmya Karmali is a Director of Product Management at CrowdStrike and is responsible for Falcon Horizon (CSPM) and Falcon Discover for Cloud. She has over 20 years of product development and management experience covering cloud, data, and IoT, and has worked in startups and large organizations. Prior to CrowdStrike, Sowmya held product leadership roles for a multitude of cloud services at Microsoft Azure and Cloudera.
- Terry RaySVP, Strategy and Imperva Fellow, Imperva
Terry Ray is the SVP and Imperva Fellow for Imperva Inc. As a technology fellow, Terry supports all of Imperva’s business functions with his years of industry experience and expertise. Previously he served as Chief Technology Officer where he was responsible for developing and articulating the company’s technical vision and strategy, as well as, maintaining a deep knowledge of the Application and Data Security Solution and Threats Landscape.
Earlier in his tenure at Imperva, he held the role of Chief Product Strategist where he consulted directly with Imperva’s strategic global customers on industry best practices, threat landscape, application and data security implementation and industry regulations. He continues to operate as an executive sponsor to strategic customers who benefit from having a bridge between both company’s executive teams. He was the first U.S.-based employee, and during his 15 years at Imperva, he has worked hundreds of data security projects to meet the security requirements of customers and regulators from every industry.
Terry is a frequent speaker for RSA, ISSA, OWASP, ISACA, IANS, CDM, NLIT, The American Petroleum Institute, and other professional security and audit organizations in the Americas and abroad. Terry also provides expert commentary to the media and has been quoted in Security Week, SC Magazine, CBS News, the BBC, and others.
- Randy RawCISO, Veterans United Home Loans
Randy Raw is Chief Information Security Officer at Veterans United Home Loans in Columbia, Missouri. He has more than 25 years of experience in both public entities and private industry, having built several Information Security programs from the ground up. He is a proponent of risk-based, layered security measures that utilize both preventative and detective approaches to achieve the right solution for the organization. Randy is a CISSP and is active in the Central Missouri InfoSec community. He has spoken at SecureWorld on many technical topics and turns his focus towards helping others move from the technical trenches to a leadership role.
- Riley BruceSecurity Community Evangelist, Manager, Code42
Riley is a Security Community Evangelist at Code42, where he enjoys educating Security and IT teams through engaging technical content and presentation. Previously, Riley served in both customer support and customer education roles at Code42. In his spare time, he enjoys photography, travel, and relaxing at the lake in northern Wisconsin with his pug Mimi.
- Igor SorkinSr. Solutions Engineer, Okta
Igor is a 25-year Kansas City IT professional with background across Telecom, Fin-Tech, and Security Technology companies focusing on Software Development, Enterprise Architecture, Security, and Identity and Access Management. A member of Okta's Enterprise Solutions team since 2019, Igor has been helping companies in the Central region to visualize and architect Okta's technology to achieve a variety of Workforce and Customer Identity needs.
- Prakash NagpalVP of Marketing, Appaegis
Prakash Nagpal is VP of Marketing at Appaegis, where he is responsible for bringing the next generation of Zero Trust Secure Application Access solutions to market. His mission is to help customers realize the vision of securing applications and data without compromising user experience, with a Zero Trust application centric approach to security. He has spent over two decades in various leadership roles in technology including marketing, product marketing product management, and engineering in networking, security, and cloud-based services. He has brought several security products to market, including UEBA, security intelligence platforms, data security solutions, and perimeter defense products.
- Spencer ParkerSr. Director, Product Management, CrowdStrike
With over 20 years of product management experience at Cisco, Websense, and most recently Sophos before joining CrowdStrike in 2017, Spencer has been instrumental in leading the Intel/Falcon X and Mobile solutions. Spencer holds a B.S. in Molecular Biology from the University of Portsmouth.
- Keval ShahSr. Sales Engineer, Gigamon
With over 12 years of technical consulting and solution engineering experience in the field of Enterprise Networking & Security, Keval has enjoyed architecting and transforming businesses. Prior to Gigamon, Keval spent a decade at Cisco. He holds a Masters in Science, Electrical Engineering, from University of Southern California and a Master’s in Business, Administration & Management, from Washington University in St. Louis, as well as a BS in Electrical Engineering from Pune University, India. Keval resides in Kansas City with his two children and wife. He enjoys playing sports, primarily soccer, where he learned how important a "team" matters to success.
- John GrimHead of Research, Development, Innovation, Verizon Threat Research Advisory Center
John has over 17 years of experience investigating, and leading teams investigating, data breaches and cybersecurity incidents within the government and civilian security sectors. Currently, John heads the Verizon Threat Research Advisory Center (VTRAC) research, development, and innovation effort. In this role, he focuses on researching cybersecurity incidents, performing digital forensic examinations, advising on data breach containment and eradication efforts, and creating data breach response preparedness training and breach simulation exercises for customers worldwide. Prior to joining Verizon, John served 12 years with the U.S. Army investigating security-related incidents with eight years specifically focused on network intrusion investigations and forensic examinations.
- Michael McGinnisSr. Sales Engineer, LogRhythm
A Senior Sales Engineer for LogRhythm, Michael McGinnis has worked in IT Security for over 15 years, specializing in SIEM technology for the past 10. Michael’s experience began as a Security Architect for the largest hospital network in the Midwest where he developed and matured a security posture that is the framework used by many hospital systems throughout the country. Michael has been a Principal Engineer for multiple Security Vendors. Michael’s SIEM methodologies and strategies have been referenced by organizations throughout the world. During the implementation of the Affordable Care Act Marketplace, Michael was specifically brought in to help identify log collection strategies. Out of all his accomplishments, Michael is most proud of his amazing wife and three beautiful children.
- Joel HollenbeckRegional Director, Security Engineering, Check Point Evangelist, Check Point Software Technologies
Joel Hollenbeck is a Cyber Security Visionary with the Office of the CTO at Check Point Software Technologies Inc., the worldwide leader in securing the internet. His background includes over 20 years of experience deploying application protection and network-based security. Joel has been securing networks and systems since 1994, including developing and executing on strategies to connect some of the most sensitive networks for the federal government and financial institutions to the internet in the earliest days of commercial internet connectivity. Joel has served as a consulting Security Architect with Check Point, advising a wide variety of clients across many verticals on security best practices, security architecture, and deriving the maximum value from investments in security. Prior to joining Check Point, Joel held various security engineering, leadership, and executive roles within organizations local to St. Louis.
- Alex KirkGlobal Principal Engineer, Corelight
Alex Kirk is an open source security veteran, with a combined 17 years at Sourcefire, Cisco, Tenable, and now Corelight, where he serves as Global Principal for Suricata. Formerly a malware zookeeper and IDS signature writer, today he spends his time helping SOC analysts and advising on security policy for government agencies, universities, and large corporations around the world.
- Kristen CooperDirector of Product Marketing, Siemplify
Product marketing specialist with over 15 years of experience at emerging and growing cybersecurity and SaaS companies. Currently heading up product marketing at Siemplify. SecOps solution specialist. Remote work advocate.
- Brian Wasko, ModeratorPrincipal Security Program Manager, Microsoft
- Rebecca RakoskiCo-Founder & Managing Partner, XPAN Law Partners
Rebecca L. Rakoski is the managing partner at XPAN Law Partners, LLC. Rebecca advises her clients on a proactive, multi jurisdictional approach to identify and address data privacy and cybersecurity compliance gaps and potential liabilities. She uses her extensive experience to work with her clients to create and tailor a security and privacy governance program that fits their specific needs in order to limit their regulatory exposure.
Rebecca counsels and aggressively defends public and private corporations, and their boards, during data breaches and responds to state/federal regulatory compliance and enforcement actions. As an experienced litigator, Rebecca has handled hundreds of matters in state and federal courts. Rebecca skillfully manages the intersection of state, federal, and international regulations that affect the transfer, storage, and collection of data to minimize her client's litigation risks.
Rebecca regularly negotiates complex contractual provisions that are impacted by domestic and international data privacy regulations including the California Consumer Privacy Act of 2018, and the European Union's General Data Protection Regulation. She understands how the nature of the data can affect the role her client plays in the data transaction and uses that knowledge to mitigate corporate liability.
As a thought leader in the area of data privacy and cybersecurity, Rebecca serves on the New Jersey State Bar Association's Cyber Task Force. Rebecca is Vice-Chair Elect for the New Jersey State Bar Association's Bankruptcy Law Section.Rebecca has been appointed and served in multiple highly complex litigation matters by the New Jersey Superior Court as a Special Master in the areas of technology and eDiscovery. She also served on the Complex Business Litigation Committee that drafted and revised the New Jersey Court Rules involving electronic discovery. Rebecca was on the eDiscovery committee of her prior law firm and created its eDiscovery subgroup.
Rebecca is on the Board of Governors for Temple University Health Systems and is also the Acting Dean of Online Learning and an adjunct professor at Drexel University’s Thomas R. Kline School of Law.
- Randy RawCISO, Veterans United Home Loans
Randy Raw is Chief Information Security Officer at Veterans United Home Loans in Columbia, Missouri. He has more than 25 years of experience in both public entities and private industry, having built several Information Security programs from the ground up. He is a proponent of risk-based, layered security measures that utilize both preventative and detective approaches to achieve the right solution for the organization. Randy is a CISSP and is active in the Central Missouri InfoSec community. He has spoken at SecureWorld on many technical topics and turns his focus towards helping others move from the technical trenches to a leadership role.
- Shawn E. TumaCo-Chair, Data Privacy & Cybersecurity Practice, Spencer Fane LLP
Shawn Tuma is an internationally recognized cybersecurity, computer fraud and data privacy law attorney, areas in which he has practiced for two decades. He is Co-Chair of Spencer Fane’s Data Privacy & Cybersecurity Practice where he regularly serves as cybersecurity and privacy counsel advising a wide variety of businesses ranging from small and mid-sized companies to Fortune 100 enterprises. Shawn has been named a Cybersecurity Law Trailblazer by the National Law Journal, SuperLawyers Top 100 Lawyers in DFW, and Best Lawyers in Dallas. He serves as the Practitioner Editor for Bloomberg Law’s Texas Privacy & Data Security Law, among many other activities.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes