- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, March 13, 20199:00 amSecureWorld PLUS - Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework9 a.m. - 3 p.m. • Earn 12 CPEs!CISO and Adjunct Faculty, University of MassachusettsRegistration Level:
9:00 am - 3:00 pmLocation / Room: 216AB
- SecureWorld Plus
The University of Massachusetts has developed a 6-hour SecureWorld PLUS training class that instructs attendees on the best practices for designing, building, and maintaining a cybersecurity program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the Framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program, and a Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M), and Executive Report
The class will help individuals and organizations acquire knowledge, skills, and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the instructor:
- Larry Wilson is the CISO for UMass President’s Office since 2009.
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation.
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past five years.
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework.
The program and its author have won the following industry awards:
9:00 amSecureWorld PLUS - Insider Threat: A White Hat Hacking Methodology Approach to Insider Threats9 a.m. - 3 p.m. - Earn 12 CPEs!Information Security Advisor, Enterprise IT SolutionsRegistration Level:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
9:00 am - 3:00 pmLocation / Room: 215
- SecureWorld Plus
There are several courses which teach insider threat program development. While the methods and controls taught are very comprehensive and effective, often-times they can also be bypassed.
Learn how the controls of your current security program can be bypassed by utilizing routine IT procedures. Will also show how to identify business processes which can contribute to insider threats. Learn how to enhance procedures required to identify insider threat exposures.
This program is designed to help organizations identify existing critical controls needed to develop an Insider Threat Program using a white hat hacking methodology.
A series of live demonstrations will be performed to show the white hat hacking techniques used to bypass various controls.
- Learn the methodologies utilized by individuals within the organization that would be defined as insider threat activity.
- How to identify system based behavioral indicators.
- Learn which existing or enhanced security layer can provide insider threat profile data.
- Learn how areas of the organization i.e. Legal, Procurement & HR are key stakeholders in assisting to identify insider threat activity.
Take-Aways From the Course:
- Establishing or enhancing an existing cyber security program to include insider threat.
- Define self-assessments of insider threat segment of the cyber security program.
- Enhance awareness training to include additional methods of insider threat.
- Enhance existing security layers to better identify specific insider threat activity.
- Thursday, March 14, 20197:00 amRegistration OpenRegistration Level:
7:00 am - 3:00 pmLocation / Room: Registration Desk7:30 amAdvisory Council Breakfast: (VIP / INVITE ONLY)Topic: 3rd Party Risk- Establish and ManageRegistration Level:
- Open Sessions
7:30 am - 8:30 amLocation / Room: 216AB
- VIP / Exclusive
This session is for our Advisory Council members only. Light breakfast, coffee and tea served.8:00 amExhibit Floor OpenRegistration Level:
8:00 am - 3:00 pmLocation / Room: Exhibitor Floor
- Open Sessions
This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!8:00 amISACA Chapter Meeting - Open to all attendees - Light breakfast servedPresentation — Hack Yourself: Going Dark on the InternetAudit Analytics Leader, Wells FargoRegistration Level:
8:00 am - 9:15 amLocation / Room: 213A
- Open Sessions
Interested in your local associations? Join ISACA for their monthly meeting, light breakfast, and guest speaker.
8:00-8:15 am – networking
8:15-9:15 am – guest presentation
8:30 amCyber Resiliency: Reducing Your Risk by Increasing Your ResiliencyRegistration Level:
- Information on the internet
- Why hack yourself?
- Cleaning your information
- Maintaining cleanliness
- Basic safety going forward
- Privacy legislation – what can we do?
8:30 am - 9:15 amLocation / Room: 213BC
- Open Sessions
Cyber Resiliency enables organizations to take actions that reduce their overall risk, minimize the impact of cyber-attacks, and more predictably ensure the continuity of essential services.
This presentation will provide a high-level overview of cyber resiliency and explore the following aspects of cyber resiliency:
• Where cyber resiliency differs from traditional business continuity management
• How to determine your organization’s need for cyber resiliency
• Practical ways to assess your current and future organizational exposure
• Who should be involved in cyber resiliency
• What are some practical steps to begin implementing a cyber resiliency program8:30 amGDPR Compliance 101Registration Level:
8:30 am - 9:15 am
- Open Sessions
This presentation outlines the requirements of the EU General Data Protection Regulation and highlights key compliance challenges.8:30 amApplication / System Security Development Life CycleCheck List and Business Discussion PointsRegistration Level:
8:30 am - 9:15 am
- Open Sessions
ADLC / SDLC should and needs to have security stage gates and requirements built in so that all processes have information protection in mind from the beginning. This will show the simple things and requirements that need to be built in the life cycle processes, which can apply to projects.9:30 amOPENING KEYNOTE: Recent Cyber Threats and Trends from the FBIRegistration Level:
9:30 am - 10:15 amLocation / Room: Keynote Theater
- Open Sessions
Special Agent Brian Cyprian will highlight recent cyber threats and trends seen by the FBI, and provide a case study on cybercriminals located overseas who committed crimes against U.S. citizens. These criminals were arrested, extradited to North Carolina, and brought to justice.10:15 amConference Break / Exhibitor Product DemonstrationRegistration Level:
10:15 am - 11:15 amLocation / Room: Exhibitor Floor
- Open Sessions
Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.11:00 amAdvisory Council Roundtable — (VIP / Invite Only)Topic — Security Metrics: The Good, the Bad, and the UglyRegistration Level:
11:00 am - 12:00 pmLocation / Room: 216AB
- VIP / Exclusive
This session is for our Advisory Council members only.11:15 amMoving Your Business Securely Out of Your Data Center - Into the CloudRegistration Level:
11:15 am - 12:00 pmLocation / Room: 215
- Conference Pass
Your business can adopt new tools, new processes that add lots of value – and become more secure at the same time.
I used to think that cloud solutions to business problems were too risky – NOW I believe that our cloud solution is MORE SECURE than our other alternatives. I firmly believe that security works BEST when it is embedded in what people routinely do and it makes what they do EASIER and more SECURE at the same time. New cloud services and tools from Microsoft are key to NGC becoming more secure and saving serious money overall.11:15 amRadware: Cybersecurity Pushed to the LimitRegistration Level:
11:15 am - 12:00 pmLocation / Room: 213A
- Open Sessions
Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.
Join the session to learn more about:
• The threat landscape deep dive—the who, what and why of attacks
• Potential impact on your business, including associated costs of different cyber-attacks
• Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
• Emerging threats and how to protect against them
• A look ahead – predictions and what to prepare for11:15 amDHG: Operational Technology: The “Other” CybersecuritySenior Manager, IT Advisory, DHGDirector of Cybersecurity , Intelligent Buildings, LLCRegistration Level:
11:15 am - 12:00 pmLocation / Room: 213D
- Open Sessions
Organizations have traditionally focused cybersecurity initiatives on enterprise IT infrastructure and systems. Yet, non-traditional, legacy systems responsible for controlling building technology, including HVAC, elevators, metering, lighting and parking systems introduce significant risk to sensitive data, brand reputation, and even health and safety. In spite of becoming more connected to corporate networks, Operational Technology (OT), is often overlooked as a vulnerability point and large organizations often struggle with understanding how to effectively manage the security around these systems.
DHG has teamed up with Intelligent Buildings to provide an overview of how operational technology and building automation systems work, and how they can be exploited to compromise a company. DHG and Intelligent Buildings have developed a framework and approach for managing operational technology. This session will teach you how to identify and assess your risks, prepare a gap analysis and move toward remediation.11:15 amAddressing the Cybersecurity Talent Gap at Fever Pitch LevelsRegistration Level:
11:15 am - 12:00 pmLocation / Room: 213BC
- Conference Pass
The growing number and size of data breaches indicates that threats are outpacing security measures taken by organizations and lack of cybersecurity workforce to effectively thwart such attacks. Cybersecurity threats and exploits are growing faster at a rate of 24 percent since 2016 which is greater than the capacity of most organizations security teams. At this rate, the global shortfall of cybersecurity professionals is expected to reach 3.5 million by 2022. The impact of such resource deficiency is realized when on average only 50 percent of applicants for cybersecurity positions are qualified for the jobs. Also, more than half or 53 percent of organizations face delays for as long as six months to find and hire qualified cybersecurity candidates. Since the responsibility for keeping data breaches from doing serious damage falls on either internal staff or offshored managed security service providers it is necessary to re-think how colleges prepare the work force for cyber security roles, recruiters build a bench of qualified resources and human resources approach compensation for qualified resources.12:15 pmLUNCH KEYNOTE: Executive Leadership PanelTopic: Establishing and Evaluating Effective Cybersecurity ProgramsDirector, IT Governance , NovolexRegistration Level:
12:15 pm - 1:15 pmLocation / Room: Keynote Theater
- Open Sessions
How to do it and how to test it involves strategic planning and leadership at the executive level. The practical take-aways from this discussion will be immensely meaningful.
Stephen Head, Director, Experis Finance
Frank Depaola, Head of Info Sec, Enpro Industries
Larry Eighmy, CISO, The Halo Group
Torry Crass, INMA Cybercamp Program Director, InfraGard
Mike Hillhouse, CIO/CISO, Cadrillion Capital
Andre Mintz, Executive Vice President, CISO and CPO, Red Ventures
Thomas Tollerton, Senior Manager, IT Advisory, Dixon Hughes Goodman LLP1:30 pmPanel: Building a Better Mouse Trap (Emerging Threats)Registration Level:
1:30 pm - 2:15 pmLocation / Room: 213A
- Open Sessions
To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.1:30 pmPanel: Access Control – the End of the Password?Registration Level:
1:30 pm - 2:15 pmLocation / Room: Keynote Theater
- Open Sessions
“Open Sesame!” Whether you recognize the term coming from Ali Baba or one of the forty thieves, this timeless password ranks up there with “password123” or “admin” on your home wireless router. Passwords were created to keep us safe or keep something safe for us. Back in the day you were able to look the person in the eye when they said the password. You knew (roughly) what you were getting, and you could perform a risk assessment (of sorts) on the speaker. Now, with some many ways at getting our information, the password is going the way of the dodo. Is 2FA good enough? Zero Trust? Biometrics? Pass phrases? Perhaps your own voice is the password? I don’t know the answer, but I’d be willing to bet that some of the experts on this panel will be able to help you decide what to do with the password dilemma.2:15 pmConference Break / Exhibitor Product DemonstrationRegistration Level:
2:15 pm - 3:00 pmLocation / Room: Exhibitor Floor
- Open Sessions
Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.2:30 pmDash for Prizes and CyberHunt Winners AnnouncedRegistration Level:2:30 pm - 2:45 pmLocation / Room: Exhibitor Floor
Be sure to have your badge scanned with participating exhibitors. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win.3:00 pmFinding Your Vulnerabilities—Before Attackers and Auditors DoRegistration Level:
3:00 pm - 3:45 pmLocation / Room: 213A
- Conference Pass
Do you know where all of your cyber security vulnerabilities are? As enterprise defenders and security leaders, we can take the initiative in looking for these vulnerabilities, both within the organization as well as on our systems exposed directly to the Internet. This presentation provides some considerations and practical tips for organizations in strengthening, or establishing, their own vulnerability management program and ensuring the most benefit from outside vulnerability assessments and penetration tests.3:00 pmBuilding Mental Models for Cyber SuccessRegistration Level:
3:00 pm - 3:45 pm
- Open Sessions
Using mental models can help us succeed in any area of life and can help us make intelligent, efficient and practical decisions when it comes to cyber security. Each area of an organization’s information security program can be enhanced by building and leveraging mental models specifically for their teams’ own unique needs. This presentation will look at building mental models aligned with the Top 20 Critical Security Controls, though the principals discussed can be applied to any existing framework.3:00 pmIoT Cybersecurity: Evolution, Risks and Executive ResponsibilitiesRegistration Level:
3:00 pm - 3:45 pm
- Open Sessions
The focus of this talk is the connected product ecosystem (IoT) and the blurring of traditional boundaries that requires a “true” end to end security strategy. Topics will include evolution of IoT products, impact on companies who use IoT devices, supply chain risks, and management and board responsibilities.3:00 pmApplying the Scientific Method to Cybersecurity Event AnalysisRegistration Level:
3:00 pm - 3:45 pmLocation / Room: 213D
- Conference Pass
What is one of the biggest frustrations when analyzing a cybersecurity event? To me, it is a simple frustration of not knowing where to go next with my investigation. I find that it is easy to trail down what we like to call “rabbit holes.” These rabbit holes may not lead anywhere, which is fine. However, it is frustrating when you are deep in a rabbit hole and end up at a cross tunnel not knowing which way to go next or where you just came from.
By applying the scientific method to our analysis we are able to better organize our thought process, focus on where we should go next, and where we have already been in the investigation that took us to a dead-end. The scientific method can be used for even the simplest adverse cybersecurity events, as well as complex cybersecurity incidents.
- Burwood Group, Inc.Booth: 500
Burwood Group, Inc. is an IT consulting and integration firm. We help forward-thinking leaders design, use, and manage technology to transform their business and improve outcomes. Our services in consulting, technology, and operations are rooted in business alignment and technical expertise in cloud, automation, security, and collaboration.
- Check Point SecurityBooth: 870
Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. We are committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.
- Cloud Security Alliance (CSA)Booth:
The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.
- Cobalt.ioBooth: 810
At Cobalt, we use a combination of data, technology and talent to meet the security challenges of the modern web or mobile application, and ensure we provide the smartest, most efficient services possible. From Cobalt Central, our powerful vulnerability dashboard, to Cobalt Insights, which gives you an intelligent overview of your application security program, we are driven by great technology.
- Comodo CybersecurityBooth: 260
In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.
- Delta RiskBooth: 550
Delta Risk was founded in 2007 from a vision of strategic and operational effectiveness to assist private sector and government organizations in understanding their current cyber security posture and building advanced cyber defense and risk management capabilities. We are a global provider of strategic, operational, and advisory solutions, including managed security services and security consulting services. Delta Risk is a Chertoff Group company.
- DHGBooth: 300
Headquartered in Charlotte, NC, DHG ranks among the top 20 public accounting firms in the nation. With more than 2,000 professionals in 13 states, we combine deep experience with a strong commitment to personal service. We are passionate about helping our clients succeed—and we do so through a resourceful approach to solving problems, providing solutions and helping our clients achieve their goals.
Dedicated client focus and relationships have been and always will be our touchstone. Here at DHG, you’ll receive personalized service provided by a team of professionals who are eager to share their knowledge and experience with you. We draw on our extensive resources to combine comprehensive assurance, tax and advisory services.
International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.
- Global Cyber AllianceBooth:
The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org
- IBM ResilientBooth: 460
IBM Resilient’s mission is to help organizations thrive in the face of any cyberattack or business crisis. The industry’s leading Incident Response Platform (IRP) empowers security teams to analyze, respond to, and mitigate incidents faster, more intelligently, and more efficiently. The Resilient IRP is the industry’s only complete IR orchestration and automation platform, enabling teams to integrate and align people, processes, and technologies into a single incident response hub. With Resilient, security teams can have best-in-class response capabilities. IBM Resilient has more than 150 global customers, including 50 of the Fortune 500, and hundreds of partners globally. Learn more at www.resilientsystems.com.
- InfoSec-Conferences.comBooth: n/a
We’re the InfoSec Community’s #1 ‘Go To’ resource for Cybersecurity Conferences. Since 2012 we’ve provided Cybersecurity Professionals with accurate event listings that are manually checked and updated every day.
InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of individuals, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.
The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.
- Institute of Internal Auditors (IIA)Booth:
Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.
As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.
(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.
- ISSA Charlotte ChapterBooth:
The Charlotte ISSA chapter is committed to providing the Information Security professionals of Charlotte opportunities to grow both technically and professionally through training, meetings and summits.
- Ixia, a Keysight BusinessBooth: 140
We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.
- Jazz NetworksBooth: 700
Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.
- MimecastBooth: 160
Mimecast Is Making Email Safer For Business.
Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service.
Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.
- NCTECH AssociationBooth:
Founded in 1993, the North Carolina Technology Association (NCTA) is a 501 (c) (6) not-for-profit association focused on advancing the state’s tech industry. NCTA has 700+ member companies, organizations and institutions representing more than 200,000 North Carolina based employees.
- RadwareBooth: 220
Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.
- SailPointBooth: 240
SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.
- SentinelOneBooth: 660
SentinelOne is the future of Endpoint Protection. It unifies prevention, detection and response in a single platform driven by sophisticated machine learning and intelligent automation. With SentinelOne, organizations can detect malicious behavior across multiple vectors, rapidly eliminate threats with fully-automated, integrated response capabilities, and adapt their defenses against the most advanced cyber attacks.
- Sherpa SoftwareBooth: 600
Sherpa Software is the cost-effective solution for information security, data governance, GDPR, and eDiscovery compliance. With more than 18 years of experience in the landscape, Sherpa Software was founded in 2010 and is based in Pittsburgh, PA. Our SaaS platform, Altitude IG, is the first step in cybersecurity: it’s scalable, affordable information governance and data compliance software that provides complete transparency and visibility into your unstructured data. With Altitude IG, data protection begins here.
- SiemplifyBooth: 530
The Siemplify team is comprised of cyber-security professionals, veterans of Israeli intelligence agencies. We bring rich experience in security analysis, management and operations and are backed by experts in data science and applied mathematics.
WE BELIEVE In the modern world of cyber threat analysis, investigation and management should be more holistic, intuitive and simple. Technology and data science should serve cyber security experts by providing all the relevant information about the threat in real-time and focus them in rapid decision making.
- SynopsysBooth: 250
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- VeristorBooth: 400
At VeriStor, we design, implement and manage IT solutions that fuel business productivity. As an end-to-end solutions provider, VeriStor specializes in enterprise data storage, virtual infrastructure, public, private and hybrid cloud services, migration, and technology financing. Headquartered in Atlanta, VeriStor delivers solutions nationwide to enterprise and mid-market companies in all industries including financial services, manufacturing, healthcare, education and federal, state and local government. To learn how VeriStor can help you achieve an IT infrastructure that accelerates business growth, improves efficiencies and reduces costs, visit: http://www.veristor.com
- Larry WilsonCISO and Adjunct Faculty, University of Massachusetts
Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.
- Mike MuscatellInformation Security Advisor, Enterprise IT Solutions
Mike Muscatell is a seasoned IT veteran with more than twenty years in the Information Security field. He is a certified ethical hacker. Was honored as top 100 professionals in the Information Security Field by Strathmore's for 2014. Member of a number of security organizations including Infragard, US Chamber of Commerce Cyber Committee.
- Ron ReidyAudit Analytics Leader, Wells Fargo
Ron has been working in IT for over 30 years. Starting as a
software engineer writing database programs on CP/M, MSDOS,
VAX/VMS, and UNIX in C, Pascal, VAX/VMS
assembler, and FORTRAN. After 15 years, he switched into
a database administration role, managing large Oracle
databases as well as smaller SQL Server and Sybase
databases. Ron became interested in security while working
for a biotech firm when he was required to secure databases
to comply with Sox and FDA requirements. He has been
working in INFOSEC and audit for over 10 years, performing
security assessments and testing, and as a database and
general security instructor.
- Stephen HeadDirector, Experis Finance
Stephen Head is Director of IT Risk Advisory Services for Experis Finance. He has broad-based experience in cyber risk, regulatory compliance, IT governance and aligning controls with multiple standards and frameworks. He is the author of the internationally recognized Internal Auditing Manual and Practical IT Auditing, both published by Thomson Reuters. He was International Chair of ISACA’s Standards Board and a member of the AICPA Information Technology Executive Committee. As a Certified Business Continuity Professional (CBCP), CISSP, and a CISM, he brings a unique perspective to cyber resiliency, having managed information security practices as well as business continuity programs.
- Brian CyprianSupervisory Special Agent, FBI
Brian N. Cyprian has been the supervisor for the FBI’s Charlotte Cyber Task Force since March 2016. He worked at FBI Headquarters managing national security computer intrusion investigations prior to arriving in Charlotte. Brian has a B.S. in Computer Information Systems and an MBA in Commerce from Texas A&M University.
- Mike BrannonDirector, Infrastructure & Security, National Gypsum
Mike Brannon is an experienced IT professional and long-term employee at National Gypsum Company (NGC). His IT career began in 1977, and he joined NGC in 1985. Mike leads the teams that provide infrastructure and security: "We Keep National Gypsum Running."
- Ron WinwardSecurity Evangelist, Radware
Ron Winward is a Security Evangelist for Radware, where he helps execute the company’s thought leadership on today’s security threat landscape. Ron brings nearly 20 years of experience in the Internet service provider space, most recently as Director of Network Engineering for a global infrastructure and colocation provider. With an expertise in network architectures and DDoS mitigation, Ron has helped design solutions for carriers, enterprises, and cybersecurity service providers around the world.
- Tom TollertonSenior Manager, IT Advisory, DHG
Tom has 15+ years of experience in the Information Technology industry, and has extensive experience performing SOC 1 and 2 examinations and reporting, cybersecurity risk assessments, PCI compliance assessments, and system security assessments. Tom is one of DHG’s PCI Qualified Security Assessors and has completed multiple Reports on Compliance for PCI Level 1 merchants and service providers.
Tom advises on development of holistic security governance and risk management programs integrated into IT and business operations across a wide variety of industries including financial services, retail, technology, healthcare, manufacturing, government contractors, and state and local government agencies.
Licenses & Certifications
Certified Information Systems Auditor (CISA)
Certified Information Systems Security Professional (CISSP)
Payment Card Industry Qualified Security Assessor (PCI QSA)
Florida State University, Master of Business Administration, Management Information Systems; Bachelor of Science
- Fred GordyDirector of Cybersecurity , Intelligent Buildings, LLC
Fred Gordy is the Director of Cybersecurity at Intelligent Buildings, LLC and is a nationally recognized thought leader, speaker and expert in building systems cybersecurity specializing in organizational and technical vulnerabilities. He has over 20 years of industry experience including information technology and building controls systems. Fred has been the Chairperson of the Cyber Security Committee for the InsideIQ 55 international member companies, Security Steering Committee Member for S.E.A.T. (Sports & Entertainment Alliance in Technology), founding member of Cyber Security for Control Systems Association International (CS2AI), past president and current president emeritus the Atlanta CS2AI Chapter.
- John OpalaDirector of Cybersecurity Engineering and Operations, Sealed Air
As it is evident that the posted jobs far exceed the applicants, it is incumbent on colleges to partner with employers for technical development programs that allows students work experience with guaranteed placement. Such partnerships give employers an opportunity to advice colleges and universities required skillsets relevant for the ever-changing roles of cyber security. The study recommends a change on training for cybersecurity roles, optimization of recruitment process, partnering with colleges to provide a path to employment for the students, and automation for mundane security tasks as some of the steps to mitigate the lack of cybersecurity resources.
- Moderator: James KidwellDirector, IT Governance , Novolex
- Michael HolcombDirector, Information Security, Fluor
Michael Holcomb is the Director of Information Security for Fluor, one of the world's largest construction, engineering and project services companies with 60,000 employees around the world. In his role at Fluor, Michael is responsible for vulnerability management, incident detection/response, penetration testing and industrial controls for the global organization. He also teaches cyber security as an adjunct instructor at Greenville Technical College and helps students, career transitioners and others that are new to cyber security at becomeacybersecuritypro.com.
- Brandi KeoughInformation Security Analyst, Novant Health
Brandi Keough is a Charlotte, North Carolina, native who started her college career at UNC Charlotte as a Chemistry major and graduated from Utica College in 2016 with her Bachelors of Science in Cybersecurity and Information Assurance with a concentration in Forensics and Investigations. Brandi is currently an information security analyst with Novant Health’s Cybersecurity Incident Response Center (CIRC), supporting their clinical counterparts and patients by providing continuous monitoring and incident response of cybersecurity events.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Join your InfoSec peers for high-quality, affordable training and collaboration. Sign up today!