- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, March 1, 20178:30 amSecureWorld PLUS Course – Threat Hunting and AnalysisThreat Hunting and Analysis - Earn 12 CPEs!Technology Editor and author of "Threat Hunter" blog, SC MagazineRegistration Level:
- SecureWorld Plus
8:30 am - 3:30 pmLocation / Room: 215Threat intelligence has become the coin of the realm in fighting cybercrime. However, simply knowing who the bad guys are and what they do is not enough. You must be able to dig for actionable intelligence and apply that explicitly to your environment. Broadly speaking, we call that threat hunting. Once you have determined the nature and details of threats to your enterprise, you must be able to disseminate them in a manner that is understandable by both humans and machines.
This full-day, hands-on workshop will introduce you to threat hunting techniques and tools—both free and commercial—that you can use and how to translate your findings to Stix for dissemination to a variety of audiences, as well as consumption by an increasing number of security devices such as IPSs and firewalls. You will work in a virtual lab environment using tools and techniques to discover threats, research them in depth, and create Stix profiles. By the end of the workshop you will have compiled a list of tools that you can use, evaluated those tools in a lab environment, created a Stix profile of an actual cyber campaign, and presented your profile to the rest of the class.
Visit the Center for Digital Forensic Studies’ Training Portal to read the syllabus and other course related materials.
For this workshop you will need to bring your own Windows laptop and have the current version of the Chrome browser pre-installed. All other tools will be available on a virtual lab machine you will connect to remotely.
- Thursday, March 2, 20177:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 3:00 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 amAdvisory Council Round Table Breakfast: The Cost and Consequence of Insider Threats – (VIP / INVITE ONLY)Chairman and Founder, Ponemon InstituteRegistration Level:- VIP / Exclusive
7:30 am - 8:30 amLocation / Room: 216 ABThis session is for Advisory Council members only.
8:00 amISACA Breakfast Meet & GreetMembers OnlyRegistration Level:- VIP / Exclusive
8:00 am - 8:30 amLocation / Room: Keynote TheaterLight breakfast served
8:30 amCloud and Outsourcing, Oh NoDirector, Audit and Compliance, CipherTechs, Inc.Registration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 211BEveryone does some sort of outsourcing or using the cloud. Do you have the necessary requirements and third party programs built and implemented? Many companies continue to “Oops, I forgot” or “Oops, I didn’t think about that.” What are basic items that need to be in place BEFORE you contract.
8:30 amHow to Up-Level Your Skills to Enhance Your CareervCISO, ConfidentialRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 211AUp-Level Your Hard and Soft Skills to Turbo-Charge Your Career
8:30 amPractical Application of the NIST CSFRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 212BThe NIST Cybersecurity Framework is a valuable tool for mapping security posture and maturity in an organization. This presentation strives to take some of the confusion out of how to approach and apply the framework to an organization in an effective manner, including an expanded CSF worksheet template.
8:30 amFour Levels of Thinking as a Geek LeaderISACA Meeting - Open to all attendeesPrincipal Geek, BrightHill GroupRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: Keynote TheaterThe best technical experts are often moved to leadership positions. But did you know that in order to succeed as a leader of people you will need to think differently? Discover two myths that hold you back and the Four Levels of Thinking Great Geek Leaders use to succeed.
9:00 amExhibitor Hall openRegistration Level:- Open Sessions
9:00 am - 3:00 pmLocation / Room: Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
9:30 amOPENING KEYNOTE: The Cost and Consequences of Complexity in IT SecurityChairman and Founder, Ponemon InstituteRegistration Level:- Open Sessions
9:30 am - 10:15 amLocation / Room: Keynote TheaterThe actions of Imposters, negligent and malicious insiders can have significant financial and reputational consequences for companies. Most companies, according to recent Ponemon Institute research, admit they have failed to detect a data breach involving the loss or theft of business-critical information. They also believe it is highly likely that one or more pieces of information critical to the success and competitiveness of their companies is now in the hands of a competitor. In this session, Dr. Larry Ponemon will quantify the cost of the insider risk, why the threat is serious and how to secure business-critical information in the workplace.
10:15 amConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
10:15 am - 11:15 amLocation / Room: Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
11:15 amCurrent Cyber Threats, Trends & ImpactCharlotte Supervisory Intelligence Analyst for Cyber, FBICharlotte Cyber, FBIRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 211BReview of the current threats and trends impacting businesses through Cyber methodology. A “look into the future” of potential new, upcoming trends based upon consumer use of the IoT.
11:15 amCylance: Hitchhiker’s Guide to Ransomware – From Genesis to Current MenaceVP, Global Enterprise Solutions, BlackBerryRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: 211AThis presentation will cover: ransomware, ransomware infection vectors, the history & evolution of ransomware, business model for ransomware and what the best ways to detect and prevent ransomware.
11:15 amRisk-Based SecurityEvent Director, ISSARegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 212ARisk-based cybersecurity: a viable choice or an unreachable goal?
In this presentation, the audience will see the evolution of the security perimeter of the enterprise with its new defense challenges such as vendor-managed equipment and IT function outsourcing, cloud offerings and compliance vs security. Then, the presentation will focus on risk-based solutions to meet those challenges.12:00 pmAdvisory Council Roundtable: Navigating 3rd Party Risk(VIP / Invite Only)Registration Level:- VIP / Exclusive
12:00 pm - 1:00 pmLocation / Room: 216AB12:15 pmLUNCH KEYNOTE: Hacked Again – It Can Happen to Anyone, Even a Cybersecurity ExpertPresident / CEO of BVS, Cybersecurity Expert, Author, BVSRegistration Level:- Open Sessions
12:15 pm - 1:00 pmLocation / Room: Keynote TheaterScott Schober shares his personal accounts as a business owner, thought leader, and wireless technology expert as his book ‘Hacked Again’ examines a multitude of cybersecurity issues affecting all of us, including: malware, hackers, email scams, identity theft, spam, social engineering, passwords, the dark web.
1:15 pmPanel: Access Control – the End of the Password?Registration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: Keynote Theater“Open Sesame!” Whether you recognize the term coming from Ali Baba or one of the forty thieves, this timeless password ranks up there with “password123” or “admin” on your home wireless router. Passwords were created to keep us safe or keep something safe for us. Back in the day you were able to look the person in the eye when they said the password. You knew (roughly) what you were getting, and you could perform a risk assessment (of sorts) on the speaker. Now, with some many ways at getting our information, the password is going the way of the dodo. Is 2FA good enough? Zero Trust? Biometrics? Pass phrases? Perhaps your own voice is the password? I don’t know the answer, but I’d be willing to bet that some of the experts on this panel will be able to help you decide what to do with the password dilemma.
Panelists:
Jorge Alago, Veristor
Gary Walderich, Check Point Security
William Clay James, Marine Federal Credit Union
William Curtis, Hanes
Moderator: RJ Sudlow, DHG1:15 pmPanel: Building a Better Mouse Trap (Emerging Threats)Registration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: 211BTo be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
Panelists:
Ron Winward, Radware
Patrick Barry, Rebyc Security
John McClurg, Cylance
Rich Burke, Delta Risk
Chris Steven, SentinelOne
Mike Kiser, SailPoint
Moderator: Danielle Fritzler2:15 pmConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
2:15 pm - 3:00 pmLocation / Room: Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
2:30 pmNetworking Break — Dash for Prizes and CyberHunt winners announcedRegistration Level:2:30 pm - 2:45 pmLocation / Room: Exhibitor FloorBe sure to have your badge scanned with participating exhibitors throughout the day. Past prizes have included Kindles, Bose wireless headphones, gift cards, iPads, drones, and more! *Must be present to win.
3:00 pmMobile Cyber TargetsSr. Director, Cyber Security, Acumatica, Inc.Registration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 211BMobile devices currently come in a large variety of options and as technology progresses those options and cyber risks will potentially become more a reality. So how are devices and data on them targeted now and how can a cyber mobile attack affect you and your business.
3:00 pmIntegration of a Secure System Development Life Cycle (SSDL)Senior Associate, PwCRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 211AThis presentation reviews the essential need of security being introduced early into the system development life cycles (SDLC). Effective integration of security requirements can be challenging. The key to success is where the process is:
• based on policy and controls,
• consistent and repeatable,
• efficient, with a clear path to production.11:15 amFirst 90 Days. New (or Renewed) CISO AssessmentChapter Member, (ISC)2Registration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 212BNew leaders are afforded a grace period as they come into a new position. This is an extremely valuable window where the leader can assess him/herself, his relationships, his team, his organization and assess strengths and weaknesses, opportunities and weakness. This discussion will walk through the exercise and share lessons from a recently placed CISO.
3:00 pmHow do Bad Guys Dream? Tales From the Criminal MindPenetration Tester, Wells Fargo, Charlotte ISSA Board MemberRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 212AHow are our systems really being impacted? Lets take a deep dive into the world of the criminal mind, from a professional penetration tester / red team member.
- Binary DefenseBooth: 415
Binary Defense is a managed security services provider and software developer with leading cybersecurity solutions that include SOC-as-a-Service, Managed Detection & Response, Security Information & Event Management, Threat Hunting and Counterintelligence. Binary Defense believes its unique approach resolves infosec’s biggest challenges such as limited in-house security expertise, lack of innovative resources and the significant budgetary and time investment required to ensure protection from today’s threats.
- Carbon BlackBooth: 125
Carbon Black is Transforming Security Through Big Data and Analytics in the Cloud Growing trends in mobility and cloud have made the endpoint the new perimeter. New and emerging attacks are beating traditional defenses, and security teams are too reactive and held back by their technologies. Carbon Black is leveraging the power of big data and analytics to solve the challenges surrounding endpoint security. With the Cb Predictive Security Cloud platform, we are transforming cybersecurity to deliver a new generation of cloud-delivered security solutions designed to protect against the most advanced threats.
- CloudPassageBooth: 230
CloudPassage® Halo® is the world’s leading agile security platform that provides instant visibility and continuous protection for servers in any combination of data centers, private clouds and public clouds. Halo uses minimal system resources; so layered security can be deployed right at every workload – servers, instances and containers.
- Cloud Security Alliance (CSA)Booth: 115
The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.
- CPACBooth: 610
CPAC is an all volunteer, 501-(c)3, professional peer group. CPAC promotes promotes awareness about the value contingency planning provides business, government and individuals, by identifying common problems, proposing solutions and sharing lessons learned from past experiences. CPAC also assists in objectively identifying vendor resources which may facilitate effective contingency planning and disaster recovery. While CPAC is a membership organization, all regular meetings are free and open to the public.
- CylanceBooth: 430
Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.
- DHGBooth: 105
Headquartered in Charlotte, NC, DHG ranks among the top 20 public accounting firms in the nation. With more than 2,000 professionals in 13 states, we combine deep experience with a strong commitment to personal service. We are passionate about helping our clients succeed—and we do so through a resourceful approach to solving problems, providing solutions and helping our clients achieve their goals.
Dedicated client focus and relationships have been and always will be our touchstone. Here at DHG, you’ll receive personalized service provided by a team of professionals who are eager to share their knowledge and experience with you. We draw on our extensive resources to combine comprehensive assurance, tax and advisory services.
- FireEyeBooth: 330
FireEye (https://www.fireeye.com/) is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 7,100 customers across 67 countries, including more than 45 percent of the Forbes Global 2000.
- Institute of Internal Auditors (IIA)Booth: 310
Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.
- InfraGardBooth: 510
InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of individuals, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.
The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.
- Internetwork EngineeringBooth: 410
Internetwork Engineering (IE) is a private technology consulting company that improves business outcomes with the expert selection, implementation and operation of information technology. Since 1996, our expert combination of people, partners and process have allowed us to become a strategic service provider for clients throughout the Southeast. With our Blueprint for Business (B4B) methodology, we deliver customized technology solutions that align with business goals to create a distinct competitive advantage.
To learn more about IE, visit ineteng.com or subscribe to our blog at http://blog.ineteng.com. - IntraLinksBooth: 300
Intralinks helps enterprises extend business processes and content across traditional organizational, corporate and geographical boundaries.
- ISACABooth: 215
As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.
- ISC2Booth: 600
ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, ISC2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation, The Center for Cyber Safety and Education™.
- Charlotte Metro ISSABooth: 515
The Charlotte ISSA chapter is committed to providing the Information Security professionals of Charlotte opportunities to grow both technically and professionally through training, meetings and summits.
- KasperskyBooth: 530
We’re an independent global cybersecurity company that empowers people to make the most of technology and the endless opportunities it brings. Backed by our deep threat intelligence, security and training expertise, we give businesses the power to stay safe—and the confidence to accelerate their own success. With insights gained from our unique international reach, we secure consumers, governments and more than 270,000 organizations. We’re proud to be the world’s most tested and awarded cybersecurity, and we look forward to keeping your business safe. Bring on the future.
- Kudelski SecurityBooth: 210
Kudelski Security is the premier cybersecurity innovator for Fortune 500 organizations. Our approach continuously evaluates customer’s security posture to reduce risk, maintain compliance and increase security effectiveness. Our partner, Wombat Security Technologies provides awareness and training to teach secure behavior. Wombat’s solutions reduce phishing attacks and malware infections up to 90%.
- NCTECH AssociationBooth: No Booth
Founded in 1993, the North Carolina Technology Association (NCTA) is a 501 (c) (6) not-for-profit association focused on advancing the state’s tech industry. NCTA has 700+ member companies, organizations and institutions representing more than 200,000 North Carolina based employees.
- NETSCOUTBooth: 100
NETSCOUT nGenius packet flow switches provide security visibility by optimizing the flow of traffic from the network to security systems. These appliances collect and organize packet flows—creating a unified packet plane that logically separates the network layer from the security systems. Our customers use packet flow switches to optimize and scale out their cyber security deployments, so that they can spend less time in adding, testing and managing their security systems.
- SailPointBooth: 400
SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.
- Spectrum EnterpriseBooth: 315
Spectrum Enterprise, a division of Charter Communications, is a national provider of scalable, fiber-based technology solutions serving many of America’s largest businesses and communications service providers. The broad Spectrum Enterprise portfolio includes Internet access, Ethernet access and networks, Voice and TV solutions extending to Managed IT solutions, including Application, Cloud Infrastructure and Managed Hosting Services offered by its affiliate, Navisite. Our industry-leading team of experts works closely with clients to achieve greater business success by providing these right-fit solutions designed to meet their evolving needs. For more information, visit enterprise.spectrum.com. Charter Communications was formerly Time Warner Cable.
- StalwartBooth: 125
Since 2002, Stalwart has been focused on architecting, implementing, and managing secure, enterprise-class IT infrastructure solutions. Our high impact professional services are delivered through a proprietary project management methodology – Accelerated Integration Management (AIM), resulting in a sterling (and 100% referenceable) reputation for quality of service. In 2015, Stalwart became a wholly-owned subsidiary of North State Communications.
- TechTargetBooth: No Booth
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- TrustedSecBooth: 415
TrustedSec is a leader in attack intelligence and security advisory services. Our team of highly talented, skilled, senior consultants sets us apart from other commodity-service security companies. We form partnerships with our number one goal to help you holistically improve your security program. You’ll find that working with us amounts to more than “just another engagement”—it’s establishing an understanding with your organization, and working to make you more secure, and better as a whole.
- WatchGuardBooth: 110
WatchGuard offers industry-leading network security, secure Wi-Fi, and multi-factor authentication solutions to businesses around the world. In a world where the threat landscape is constantly evolving, and new threats emerge each day, WatchGuard provides robust security in a simple, easy-to-manage way.
- Wombat Security TechnologiesBooth: 210
Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS cyber security education solution includes a platform of integrated broad assessments, and a library of simulated attacks and brief interactive training modules, to reduce employee susceptibility to attack, even phishing attacks, over 80%.
- ZiftenBooth: 200
Ziften delivers all-the-time visibility and control for any asset, anywhere – client devices, servers, and cloud VMs – whether on-network or remote; connected or not. Our SysSecOps platform empowers enterprises, governments, and MSSPs to quickly repair endpoint issues, reduce their overall risk posture, speed threat response, and increase operations productivity.
- Dr. Peter StephensonTechnology Editor and author of "Threat Hunter" blog, SC Magazine
Dr. Peter Stephenson is the Technology Editor and author of the “Threat Hunter” blog in SC Magazine, a leading industry publication for which he has written for over 20 years. He is a cyber criminologist, digital investigator and digital forensic research scientist, as well as being a writer, researcher and lecturer on cyber threat analysis, cyber criminology, cyber jurisprudence and cyber criminalistics on large-scale computer networks.
He has lectured extensively on digital investigation and security, and has written, edited or contributed to 20 books and several hundred articles and peer-reviewed papers in major national and international trade, technical and scientific publications. He is the series editor of the new Peter Stephenson Series on Cyber Crime Investigation (Auerbach). He spends his time in retirement as a writer and researcher specializing in cyber threat analysis, cyber criminology, and cyber jurisprudence.
Dr. Stephenson was an Associate Professor and the Chief Information Security Officer for Norwich University and, prior to his retirement in July of 2015, was Director of the Norwich University Global Cyber Threat Observatory and Center for Advanced Computing and Digital Forensics, both of which he founded. He received the Distinguished Faculty Award in the Norwich College of Graduate and Continuing Studies. He retired from the university in July, 2015.
Dr. Stephenson has lectured or delivered consulting engagements for the past 45 years in eleven countries plus the United States and has been a technologist for fifty-three years.
Dr. Stephenson obtained his PhD by research in computing at Oxford Brookes University, Oxford, England where his research was in the structured investigation of digital incidents in complex computing environments. He holds a Master of Arts degree (cum laude) in diplomacy with a concentration in terrorism from Norwich University. He currently is pursuing a second PhD in law focusing on cyber jurisprudence research.
Dr. Stephenson is a full member of the Vidocq Society, for which he acts as Chief Information Security Officer, and has retired as a Fellow of the American Academy of Forensic Sciences. He is a member of the Albany chapter of InfraGard. He held—but has retired from—the CCFP, CISSP, CISM, FICAF and FAAFS designations, and currently is a licensed professional investigator in Michigan.
- Dr. Larry PonemonChairman and Founder, Ponemon Institute
Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management (RIM) framework.
Ponemon Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University’s CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Corporation.
Dr. Ponemon consults with leading multinational organizations on global privacy management programs. He has extensive knowledge of regulatory frameworks for managing privacy and data security, including financial services, healthcare, pharmaceutical, telecom, and internet. Dr. Ponemon was appointed to the Advisory Committee for Online Access & Security for the United States Federal Trade Commission. He was appointed by the White House to the Data Privacy and Integrity Advisory Committee for the Department of Homeland Security. He was also an appointed to two California State task forces on privacy and data security laws.
Dr. Ponemon earned his Ph.D. at Union College in Schenectady, New York. He has a Master’s degree from Harvard University, and attended the doctoral program in system sciences at Carnegie Mellon University. He earned his Bachelor's with Highest Distinction from the University of Arizona. He is a Certified Public Accountant and a Certified Information Privacy Professional.
- Sandy BacikDirector, Audit and Compliance, CipherTechs, Inc.
Sandy Bacik, CISSP, ISSMP, CGEIT, CISA, CDPSE, PCI QSA, is CipherTechs’ Director Audit & Compliance, has over 20 years’ direct information security and operational experience in the areas of IT Audit and Compliance, BCP/DR, Incident Response, Physical security, Privacy, Regulatory Compliance and Audit, Policies/Procedures, Operations, and Management and is a former CISO. With an additional 15 years in Information Technology Operations. Ms. Bacik has been heavily involved with local, national, and international security industry events. Ms. Bacik is the author of Building an Effective Security Policy Architecture and a contributing author to the past years of Information Security Management Handbook.
- Cheri SigmonvCISO, Confidential
Leveraging 21 years of experience in leadership, information security and workforce development, as a Chief Information Security Officer (CISO), Office of the Secretary of Defense (OSD), Cheri secured sensitive military networks/communications/technology. The Joint Staff; USSTRATCOM Joint Task Force-Global Network Operations; Headquarters Air Combat Command; US Joint Forces Command. Retired US Air Force officer, Clemson University alum, native of York, SC.
- Tom CooperPrincipal Geek, BrightHill Group
Tom Cooper, PMP is the founder of BrightHill Group, where he believes that "Because People Matter, We Must Lead Them Well.” Because of his deep experience in software development and enterprise IT implementation, Tom specializes in working with highly technical experts.
- Dr. Larry PonemonChairman and Founder, Ponemon Institute
Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management (RIM) framework.
Ponemon Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University’s CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Corporation.
Dr. Ponemon consults with leading multinational organizations on global privacy management programs. He has extensive knowledge of regulatory frameworks for managing privacy and data security, including financial services, healthcare, pharmaceutical, telecom, and internet. Dr. Ponemon was appointed to the Advisory Committee for Online Access & Security for the United States Federal Trade Commission. He was appointed by the White House to the Data Privacy and Integrity Advisory Committee for the Department of Homeland Security. He was also an appointed to two California State task forces on privacy and data security laws.
Dr. Ponemon earned his Ph.D. at Union College in Schenectady, New York. He has a Master’s degree from Harvard University, and attended the doctoral program in system sciences at Carnegie Mellon University. He earned his Bachelor's with Highest Distinction from the University of Arizona. He is a Certified Public Accountant and a Certified Information Privacy Professional.
- Joseph SzczerbaCharlotte Supervisory Intelligence Analyst for Cyber, FBI
- Special Agent David KatowskiCharlotte Cyber, FBI
- Thomas PaceVP, Global Enterprise Solutions, BlackBerry
Thomas Pace has an extensive background in building incident response programs, policies, procedures and playbooks at multiple top-tier organizations. Thomas has 11 years of security experience in various fields including physical security, intelligence gathering and analysis, sensitive site exploitation, incident response, intrusion analysis, and endpoint and network forensics. Thomas also has extensive experience in conducting assessments against various NIST special publications such as 800-53 and 800-171. Thomas is also currently an Adjunct Professor at Tulane University where he has developed a portion of the Homeland Security Studies program curriculum centered on cybersecurity. Thomas also currently provides guidance and expertise to the New Orleans cloud security community as the Louisiana Cloud Security Alliance Co-Chair.
Thomas served as a Senior Cybersecurity Engineer at Fluor Federal Petroleum Operations, a Department of Energy contractor supporting the Strategic Petroleum Reserve worth billions of dollars. In this role, Thomas was the lead incident response official and was responsible for ensuring all incidents were appropriately identified, contained and remediated in a timely manner and reported to proper authorities if necessary. Additionally, Thomas was responsible for conducting intrusion analysis and threat hunting on a daily basis to ensure the organization was not breached. While conducting a multitude of analyses based on intrusions and incidents, Thomas built a multitude of playbooks and processes so junior technical personnel could also conduct analyses in an efficient manner.
Thomas served in the United States Marine Corps as an infantryman and intelligence specialist. During this time, Thomas deployed to both Iraq and Afghanistan as part of the Marine Corps.
Thomas holds an M.S. in Information Science with a concentration in Information Assurance. Thomas also possesses multiple certifications such as GIAC GCIH, GCFA, GCIA, GICSP and GCWN. Thomas also is a Sourcefire certified professional, CISSP, and possesses CNSS 4011, 4012, 4013, 4014 and 4015.
- Claire LaVelleEvent Director, ISSA
Claire LaVelle is a Security Consultant for the North America PCI team at Verizon with over 15 years of Information Technology experience, including a decade dedicated to all facets of Information Security (compliance, architecture, operational, privacy and forensics).
Claire has two Masters Degrees in Computer Science. She earned her first Masters Degree at Mills College while working on her thesis with Guidance Software, which she published with Elesvier. She earned her second Masters Degree at Naval Post Graduate School under the Scholarship for Service (SFS), sponsored mainly by the National Science Foundation (NSF). At Naval Post Graduate, she focused on Information Security familiarizing herself intimately with topics such as ethical hacking, reverse engineering, protocol analysis (encryption), privacy, ethics and the internet, advance networking, vulnerability management, compliance and much more in addition to participating in practical defense exercises against government agencies and hacking competitions.
Claire loves to share her passion for computer security via speaking engagements inside her company and at various conferences. She presented at the CFO (Chief Financial Officer) Risk Summit in Boston, in front of the Association of Forensic Document Examiners in Myrtle Beach, and at local colleges, last year.
- Scott SchoberPresident / CEO of BVS, Cybersecurity Expert, Author, BVS
Scott Schober is the president and CEO of Berkeley Varitronics Systems, an experienced provider of wireless test and security solutions. He is considered one of the foremost wireless technology and cybersecurity experts in the world, and is regularly interviewed for leading national publications, as well as appearing on major network television and radio stations to offer his expertise.
- Mike MuscatellSr. Director, Cyber Security, Acumatica, Inc.
Mike Muscatell is a seasoned IT veteran with more than 21 years in the Information Security field. He is a certified ethical hacker (CEH). Was honored as top 100 professionals in the Information Security field by Strathmore's for 2014. Member of a number of security organizations, including InfraGard and the U.S. Chamber of Commerce Cyber Committee.
- Diane McCarthySenior Associate, PwC
Diane holds a Bachelor’s in Telecommunications\Network Management, CISSP, CISA, and CRISC. She has 15 years of technical knowledge including 13 years in IT risk and cybersecurity. She is currently collaborating on multiple projects to automate security assessments including compliance to policy and controls, issue management and exception processing.
- Terry Ziemniak, CISSPChapter Member, (ISC)2
Terry has over 25 years' experience in the information security field with work ranging from hands on security penetration testing to the build out of complex, state of the art cyber protections. Additionally, he has spent over a decade in the role of Chief Information Security Officer for very large organizations (including Atrium Health here in Charlotte). Terry brings that technical experience and business acumen into the consulting space—helping business leaders navigate the risks and rewards of cybersecurity. Terry has achieved the CISSP (Certified Information System Security Practitioner) designation as well as having completed his Master's degree in Information Security from DePaul University. He has spoken on cybersecurity topics to groups all over the country and as far away as Germany.
- Dave KeenePenetration Tester, Wells Fargo, Charlotte ISSA Board Member
Dave enjoys the outdoors as much as he can get away from his computer. He is active in the security community in Charlotte as well as international endeavors.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes