- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, March 13, 20199:00 am[SecureWorld PLUS] Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework9 a.m. - 3 p.m. • Earn 12 CPEs!CISO and Adjunct Faculty, University of MassachusettsRegistration Level:
9:00 am - 3:00 pmLocation / Room: 216AB
- SecureWorld Plus
The University of Massachusetts has developed a 6-hour SecureWorld PLUS training class that instructs attendees on the best practices for designing, building, and maintaining a cybersecurity program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the Framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program, and a Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M), and Executive Report
The class will help individuals and organizations acquire knowledge, skills, and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the instructor:
- Larry Wilson is the CISO for UMass President’s Office since 2009.
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation.
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past five years.
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework.
The program and its author have won the following industry awards:
9:00 amSecureWorld PLUS - Insider Threat: A White Hat Hacking Methodology Approach to Insider Threats9 a.m. - 3 p.m. - Earn 12 CPEs!Sr. Manager, Information Security, Krispy KremeRegistration Level:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
9:00 am - 3:00 pmLocation / Room: 215
- SecureWorld Plus
There are several courses which teach insider threat program development. While the methods and controls taught are very comprehensive and effective, often-times they can also be bypassed.
Learn how the controls of your current security program can be bypassed by utilizing routine IT procedures. Will also show how to identify business processes which can contribute to insider threats. Learn how to enhance procedures required to identify insider threat exposures.
This program is designed to help organizations identify existing critical controls needed to develop an Insider Threat Program using a white hat hacking methodology. A series of live demonstrations will be performed to show the white hat hacking techniques used to bypass various controls.
- Learn the methodologies utilized by individuals within the organization that would be defined as insider threat activity.
- How to identify system based behavioral indicators.
- Learn which existing or enhanced security layer can provide insider threat profile data.
- Learn how areas of the organization i.e. Legal, Procurement & HR are key stakeholders in assisting to identify insider threat activity.
Take-Aways from the Course:
- Establishing or enhancing an existing cyber security program to include insider threat.
- Define self-assessments of insider threat segment of the cyber security program.
- Enhance awareness training to include additional methods of insider threat.
- Enhance existing security layers to better identify specific insider threat activity.
- Thursday, March 14, 20197:00 amRegistration OpenRegistration Level:
7:00 am - 3:00 pmLocation / Room: Registration Desk7:30 amAdvisory Council Breakfast: (VIP / INVITE ONLY)Topic: Privacy, Common Sense and Other MythsRegistration Level:
- Open Sessions
7:30 am - 8:30 amLocation / Room: 216AB
- VIP / Exclusive
This session is for our Advisory Council members only. Light breakfast, coffee and tea will be served.8:00 amExhibit Floor OpenRegistration Level:
8:00 am - 3:00 pmLocation / Room: Exhibitor Floor
- Open Sessions
This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!8:00 amISACA Chapter Meeting and Guest Presentation - Open to all Attendees[Presentation] ToR of the WiLD SiD3 of the Internet-Dark Web, Deep Web and Dark NetAudit Analytics Leader, Wells FargoRegistration Level:
8:00 am - 9:15 amLocation / Room: Keynote Theater
- Open Sessions
Interested in your local associations? Join ISACA for their monthly meeting, and guest speaker.
We always hear about the “Dark Web” and how various services advertise the use of such a resource but what does that mean? Better yet, what does it look like. This will be a full LIVE presentation demonstrating where “various” type of activity i.e. personal identifiable information, transaction information and other related content reside.8:30 amCyber Resiliency: Reducing Your Risk by Increasing Your ResiliencyRegistration Level:
8:30 am - 9:15 amLocation / Room: 213BC
- Open Sessions
Cyber Resiliency enables organizations to take actions that reduce their overall risk, minimize the impact of cyber-attacks, and more predictably ensure the continuity of essential services.
This presentation will provide a high-level overview of cyber resiliency and explore the following aspects of cyber resiliency:
• Where cyber resiliency differs from traditional business continuity management
• How to determine your organization’s need for cyber resiliency
• Practical ways to assess your current and future organizational exposure
• Who should be involved in cyber resiliency
• What are some practical steps to begin implementing a cyber resiliency program8:30 am[SentinelOne] The Power of One: Autonomous Endpoint ProtectionRegistration Level:
8:30 am - 9:15 amLocation / Room: 215
- Open Sessions
As a decision maker trying to improve security posture in an increasingly sophisticated threat landscape, you should look for products which make use of AI to build attack context, simplify the story, and automate as much as possible to save you time.
SentinelOne is an enterprise security platform that uses patented behavioral AI to prevent, detect, respond, and hunt cyber attacks autonomously. With endpoints serving as the elastic barrier of today’s networks, SentinelOne creates a software-defined security layer that not only operates as an SOC on each endpoint—but also unifies existing and future cybersecurity investments through integrations with other technologies.8:30 am[Check Point Software Technologies] My CEO Told Me We Have to Move Our Datacenter to the Public Cloud... So, What's the Big Deal?Registration Level:
8:30 am - 9:15 amLocation / Room: 213D
- Open Sessions
In this session, we will discuss why today’s IT organizations require mature and complete native tools—built in the cloud for the cloud—which provide:
– Complete visibility
– Configuration management – Identity protection
– Secure DevOps
– Compliance Automation
– Governance Enforcement
– Environment Lockdown
We will discuss the subtle yet profound differences in operating your datacenter in the public cloud versus operating your own datacenter. We will discuss the ‘Shared Responsibility Model’ and what it really means to you and your IT department as you expand the number of workloads you move to the public cloud. And, as your sophistication increases and you expand your use of PaaS and IaaS, the complexities follow in tandem. We will show how today’s IT organizations require new, purpose-built tools designed and capable of ‘speaking the same language’ as the public cloud infrastructures and built to leverage the extensive APIs they provide.9:30 amOPENING KEYNOTE: Recent Cyber Threats and Trends from the FBIRegistration Level:
9:30 am - 10:15 amLocation / Room: Keynote Theater
- Open Sessions
Special Agent Brian Cyprian will highlight recent cyber threats and trends seen by the FBI, and provide a case study on cybercriminals located overseas who committed crimes against U.S. citizens. These criminals were arrested, extradited to North Carolina, and brought to justice.10:15 amConference Break / Exhibitor Product DemonstrationRegistration Level:
10:15 am - 11:15 amLocation / Room: Exhibitor Floor
- Open Sessions
Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.11:00 amAdvisory Council LUNCH Roundtable — (VIP / Invite Only)Topic: Prioritization of Top 20 Critical Security ControlsRegistration Level:
11:00 am - 12:00 pmLocation / Room: 216AB
- VIP / Exclusive
This session is for our Advisory Council members only.
Lunch will be served.11:15 amMoving Your Business Securely Out of Your Data Center - Into the CloudRegistration Level:
11:15 am - 12:00 pmLocation / Room: 215
- Conference Pass
Your business can adopt new tools, new processes that add lots of value – and become more secure at the same time.
I used to think that cloud solutions to business problems were too risky – NOW I believe that our cloud solution is MORE SECURE than our other alternatives. I firmly believe that security works BEST when it is embedded in what people routinely do and it makes what they do EASIER and more SECURE at the same time. New cloud services and tools from Microsoft are key to NGC becoming more secure and saving serious money overall.11:15 am[Radware] Cybersecurity Pushed to the LimitRegistration Level:
11:15 am - 12:00 pmLocation / Room: 213A
- Open Sessions
Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.
Join the session to learn more about:
• The threat landscape deep dive—the who, what and why of attacks
• Potential impact on your business, including associated costs of different cyber-attacks
• Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
• Emerging threats and how to protect against them
• A look ahead – predictions and what to prepare for11:15 am[DHG] Operational Technology: The “Other” CybersecuritySr. Manager, IT Advisory, DHGDirector of Cybersecurity , Intelligent Buildings, LLCRegistration Level:
11:15 am - 12:00 pmLocation / Room: 213D
- Open Sessions
Organizations have traditionally focused cybersecurity initiatives on enterprise IT infrastructure and systems. Yet, non-traditional, legacy systems responsible for controlling building technology, including HVAC, elevators, metering, lighting and parking systems introduce significant risk to sensitive data, brand reputation, and even health and safety. In spite of becoming more connected to corporate networks, Operational Technology (OT), is often overlooked as a vulnerability point and large organizations often struggle with understanding how to effectively manage the security around these systems.
DHG has teamed up with Intelligent Buildings to provide an overview of how operational technology and building automation systems work, and how they can be exploited to compromise a company. DHG and Intelligent Buildings have developed a framework and approach for managing operational technology. This session will teach you how to identify and assess your risks, prepare a gap analysis and move toward remediation.11:15 amAddressing the Cybersecurity Talent Gap at Fever Pitch LevelsRegistration Level:
11:15 am - 12:00 pmLocation / Room: 213BC
- Conference Pass
The growing number and size of data breaches indicates that threats are outpacing security measures taken by organizations and lack of cybersecurity workforce to effectively thwart such attacks. Cybersecurity threats and exploits are growing faster at a rate of 24 percent since 2016 which is greater than the capacity of most organizations security teams. At this rate, the global shortfall of cybersecurity professionals is expected to reach 3.5 million by 2022. The impact of such resource deficiency is realized when on average only 50 percent of applicants for cybersecurity positions are qualified for the jobs. Also, more than half or 53 percent of organizations face delays for as long as six months to find and hire qualified cybersecurity candidates. Since the responsibility for keeping data breaches from doing serious damage falls on either internal staff or offshored managed security service providers it is necessary to re-think how colleges prepare the work force for cyber security roles, recruiters build a bench of qualified resources and human resources approach compensation for qualified resources.12:15 pmLUNCH KEYNOTE: Executive Leadership PanelTopic: Establishing and Evaluating Effective Cybersecurity ProgramsDirector, IT Governance , NovolexRegistration Level:
12:15 pm - 1:15 pmLocation / Room: Keynote Theater
- Open Sessions
How to do it and how to test it involves strategic planning and leadership at the executive level. The practical take-aways from this discussion will be immensely meaningful.
Stephen Head, Director, Experis Finance
Frank Depaola, Head of Info Sec, Enpro Industries
Larry Eighmy, CISO, The Halo Group
Torry Crass, INMA Cybercamp Program Director, InfraGard
Mike Hillhouse, CIO/CISO, Cadrillion Capital
Andre Mintz, Executive Vice President, CISO and CPO, Red Ventures
Thomas Tollerton, Senior Manager, IT Advisory, Dixon Hughes Goodman LLP1:30 pmPanel: Building a Better Mouse Trap (Emerging Threats)Registration Level:
1:30 pm - 2:15 pmLocation / Room: 213A
- Open Sessions
To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
Ron Winward, Radware
Patrick Barry, Rebyc Security
John McClurg, Cylance
Rich Burke, Delta Risk
Chris Steven, SentinelOne
Mike Kiser, SailPoint
Moderator: Danielle Fritzler1:30 pmPanel: Access Control – the End of the Password?Registration Level:
1:30 pm - 2:15 pmLocation / Room: Keynote Theater
- Open Sessions
“Open Sesame!” Whether you recognize the term coming from Ali Baba or one of the forty thieves, this timeless password ranks up there with “password123” or “admin” on your home wireless router. Passwords were created to keep us safe or keep something safe for us. Back in the day you were able to look the person in the eye when they said the password. You knew (roughly) what you were getting, and you could perform a risk assessment (of sorts) on the speaker. Now, with some many ways at getting our information, the password is going the way of the dodo. Is 2FA good enough? Zero Trust? Biometrics? Pass phrases? Perhaps your own voice is the password? I don’t know the answer, but I’d be willing to bet that some of the experts on this panel will be able to help you decide what to do with the password dilemma.
Jorge Alago, Veristor
Gary Walderich, Check Point Security
William Clay James, Marine Federal Credit Union
William Curtis, Hanes
Moderator: RJ Sudlow, DHG2:15 pmConference Break / Exhibitor Product DemonstrationRegistration Level:
2:15 pm - 3:00 pmLocation / Room: Exhibitor Floor
- Open Sessions
Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.2:30 pmDash for Prizes and CyberHunt Winners AnnouncedRegistration Level:2:30 pm - 2:45 pmLocation / Room: Exhibitor Floor
Be sure to have your badge scanned with participating exhibitors. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win.3:00 pmFinding Your Vulnerabilities—Before Attackers and Auditors DoRegistration Level:
3:00 pm - 3:45 pmLocation / Room: 213A
- Conference Pass
Do you know where all of your cyber security vulnerabilities are? As enterprise defenders and security leaders, we can take the initiative in looking for these vulnerabilities, both within the organization as well as on our systems exposed directly to the Internet. This presentation provides some considerations and practical tips for organizations in strengthening, or establishing, their own vulnerability management program and ensuring the most benefit from outside vulnerability assessments and penetration tests.3:00 pmScoping Insights for Compliance DataRegistration Level:
3:00 pm - 3:45 pmLocation / Room: 213BC
- Conference Pass
This presentation addresses the scoping issues that exists in compliance programs. It reviews de-scoping techniques and highlights potential scope creeps. The presentation also gives an overview about the categorization of assets and services depending on their roles within the compliance program. To conclude, the presentation will show possible remediation path and good practices to keep the scope current and relevant.3:00 pmApplying the Scientific Method to Cybersecurity Event AnalysisRegistration Level:
3:00 pm - 3:45 pmLocation / Room: 213D
- Conference Pass
What is one of the biggest frustrations when analyzing a cybersecurity event? To me, it is a simple frustration of not knowing where to go next with my investigation. I find that it is easy to trail down what we like to call “rabbit holes.” These rabbit holes may not lead anywhere, which is fine. However, it is frustrating when you are deep in a rabbit hole and end up at a cross tunnel not knowing which way to go next or where you just came from.
By applying the scientific method to our analysis we are able to better organize our thought process, focus on where we should go next, and where we have already been in the investigation that took us to a dead-end. The scientific method can be used for even the simplest adverse cybersecurity events, as well as complex cybersecurity incidents.4:00 pmGuidePoint ReceptionJoin your fellow security professionals for drinks and appetizers compliments of GuidePoint and PartnersRegistration Level:
4:00 pm - 6:00 pmLocation / Room: Merchant and Trade - 303 S Church St,, Charlotte
- Open Sessions
Join your peers for complimentary hors d’oeuvres, drinks, and conversation following SecureWorld. This is a great opportunity to network with other security professionals from the Charlotte area, and to discuss the hot topics from the day.
Compliments of GuidePoint Security and Partners.
Merchant and Trade, 303 S Church St. Charlotte, NC 28202
4:00 – 7:00 p.m.
Register Here (space is limited)
- Arctic Wolf NetworksBooth: 630
Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOCTMservice is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit https://www.arcticwolf.com.
- Ballantyne IT ProfessionalsBooth: 350
A non-profit technology professional group formed in 2011 under the premise to provide a relaxing atmosphere for IT Professionals living and working in the Ballantyne area of Charlotte North Carolina to build relationships and share ideas. Our mission is to Connect IT, Build IT, Create IT and Give Back to IT & Our Community.
- BlackBerryBooth: 580
BlackBerry provides intelligent security software and services to enterprises and governments around the world. The company secures more than 500M endpoints including more than 175M cars on the road today. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy solutions, and is a leader in the areas of endpoint security management, encryption, and embedded systems. BlackBerry’s vision is clear—to secure a connected future you can trust.
BlackBerry. Intelligent Security. Everywhere.
For more information, visit BlackBerry.com and follow @BlackBerry.
- Burwood Group, Inc.Booth: 500
Burwood Group, Inc. is an IT consulting and integration firm. We help forward-thinking leaders design, use, and manage technology to transform their business and improve outcomes. Our services in consulting, technology, and operations are rooted in business alignment and technical expertise in cloud, automation, security, and collaboration.
- Cyber Lounge Sponsor: MimecastBooth: 160 (Cyber Lounge)
Mimecast Is Making Email Safer For Business.
Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service. Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.
- Check Point Software Technologies Inc.Booth: 650
Check Point Software Technologies Inc. is a leading provider of cyber security solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.
- Cloud Security Alliance (CSA)Booth: 150
The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.
- Cobalt.ioBooth: 630
Cobalt’s Pentest as a Service (PtaaS) Platform transforms traditional pentesting into a data-driven vulnerability management engine. Fueled by a global talent pool of certified freelancers, our modern pentest platform delivers actionable results that empowers agile teams to pinpoint, track, and remediate vulnerabilities.
- CofenseBooth: 820
With more than 90% of breaches attributed to successful phishing campaigns, it’s easy for organizations to point to the everyday employee as the root cause – as the problem to be solved. We disagree. CofenseTM believes employees – humans – should be empowered as part of the solution to help strengthen defenses and gather real-time attack intelligence to stop attacks in progress.
- Comodo CybersecurityBooth: 260
In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.
- Delta RiskBooth: 550
Delta Risk is breaking the mold for managed security, delivering Security Operations Center (SOC)-as-a-Service and security services that bridge the gap to a modern security approach. We enable any size organization to leverage our expert security operations team and respond to endpoint, network, and cloud security threats 24×7. ActiveEye, our proprietary platform, uses Security Orchestration Automation and Response (SOAR) to cut through the noise and address the most critical threats faster. The ActiveEye Portal is the cornerstone of our customer-centric approach, providing clients a transparent view into SOC activities and Key Performance Indicators (KPIs) that demonstrate the value of our co-managed security approach.
- DHGBooth: 300
Headquartered in Charlotte, NC, DHG ranks among the top 20 public accounting firms in the nation. With more than 2,000 professionals in 13 states, we combine deep experience with a strong commitment to personal service. We are passionate about helping our clients succeed—and we do so through a resourceful approach to solving problems, providing solutions and helping our clients achieve their goals.
Dedicated client focus and relationships have been and always will be our touchstone. Here at DHG, you’ll receive personalized service provided by a team of professionals who are eager to share their knowledge and experience with you. We draw on our extensive resources to combine comprehensive assurance, tax and advisory services.
International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.
- ForeScout Technologies, Inc.Booth: 860
ForeScout Technologies, Inc. has pioneered an agentless approach to network security to address the explosive growth of the Internet of Things (IoT), cloud computing and operational technologies (OT). We offer a highly scalable, heterogeneous platform that provides Global 2000 enterprises and government agencies with agentless visibility and control of today’s vast array of physical and virtual devices the instant they connect to the network. Our technology continuously assesses, remediates and monitors devices and works with disparate security tools to help accelerate incident response, break down silos, automate workflows and optimize existing investments. As of June 30, 2018, more than 2,900 customers in over 80 countries improve their network security and compliance posture with ForeScout solutions.
- GigamonBooth: 830
Gigamon is the first company to deliver unified network visibility and analytics on all information-in-transit, from raw packets to apps, across physical, virtual and cloud infrastructure. We aggregate, transform and analyze network traffic to solve for critical performance and security needs, including rapid threat detection and response, freeing your organization to drive digital innovation. Gigamon has been awarded over 75 technology patents and enjoys industry-leading customer satisfaction with more than 3,000 organizations, including over 80 percent of the Fortune 100. Headquartered in Silicon Valley, Gigamon operates globally. For the full story on how Gigamon can help you to run fast, stay secure and innovate, please visit www.gigamon.com.
- Global Cyber AllianceBooth:
The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org
- GuidePoint Security LLCBooth: 840
GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com
- IBM ResilientBooth: 460
In an industry focused on building walls, IBM Security is focused on creating an open, connected security ecosystem that leverages AI, cloud, orchestration and collaboration to help clients improve compliance, stop threats and grow their businesses securely. Our strategy reflects our belief that today’s defenses will not suffice tomorrow. It challenges us to approach our work, support our clients and lead the industry, allowing you to be fearless in the face of cyber uncertainty.
- InfoSec-Conferences.comBooth: n/a
We’re the InfoSec community’s #1 ‘Go To’ resource for cybersecurity conference listings. Since 2012 we’ve provided cybersecurity professionals with accurate event listings that are manually checked and updated every day.
- InfraGardBooth: 340
InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of individuals, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.
The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.
- IntsightsBooth: 322
IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the open, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world.
- Institute of Internal Auditors (IIA)Booth: 330
Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.
- ISACA CharlotteBooth: 540
Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the region.
- ISSA Charlotte ChapterBooth: 230
The Charlotte ISSA chapter is committed to providing the Information Security professionals of Charlotte opportunities to grow both technically and professionally through training, meetings and summits.
- Ixia, a Keysight BusinessBooth: 140
We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.
- Jazz NetworksBooth: 760
Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.
- NCTECH AssociationBooth: 360
Founded in 1993, the North Carolina Technology Association (NCTA) is a 501 (c) (6) not-for-profit association focused on advancing the state’s tech industry. NCTA has 700+ member companies, organizations and institutions representing more than 200,000 North Carolina based employees.
- OktaBooth: 740
Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.
- RadwareBooth: 220
Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.
- RedSealBooth: 730
By focusing on cybersecurity fundamentals, RedSeal helps government agencies and Global 2000 companies measurably reduce their cyber risk. With RedSeal’s cyber terrain analytics platform and professional services, enterprises improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif.
- SailPointBooth: 240
SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.
- SecuronixBooth: 430
Securonix is redefining the next generation of cyber-threat detection using the power of machine learning and big data. Our purpose-built security analytics platform uses machine learning to track and create baselines of user, account, and system behavior and detects the most advanced insider threats, cyber threats, and fraud activities in real time. Built on a Hadoop platform, the Securonix solution provides an open platform with unlimited scalability. Securonix provides incident orchestration capabilities with playbooks that enable automated incident response. Globally, customers use Securonix to address their insider threat, cyber threat, cloud security, fraud, and application security monitoring requirements. Visit www.securonix.com.
- SentinelOneBooth: 870
SentinelOne is the future of Endpoint Protection. It unifies prevention, detection and response in a single platform driven by sophisticated machine learning and intelligent automation. With SentinelOne, organizations can detect malicious behavior across multiple vectors, rapidly eliminate threats with fully-automated, integrated response capabilities, and adapt their defenses against the most advanced cyber attacks.
- Sherpa SoftwareBooth: 600
Sherpa Software is the cost-effective solution for information security, data governance, GDPR, and eDiscovery compliance. With more than 18 years of experience in the landscape, Sherpa Software was founded in 2010 and is based in Pittsburgh, PA. Our SaaS platform, Altitude IG, is the first step in cybersecurity: it’s scalable, affordable information governance and data compliance software that provides complete transparency and visibility into your unstructured data. With Altitude IG, data protection begins here.
- SiemplifyBooth: 530
The Siemplify team is comprised of cyber-security professionals, veterans of Israeli intelligence agencies. We bring rich experience in security analysis, management and operations and are backed by experts in data science and applied mathematics.
WE BELIEVE In the modern world of cyber threat analysis, investigation and management should be more holistic, intuitive and simple. Technology and data science should serve cyber security experts by providing all the relevant information about the threat in real-time and focus them in rapid decision making.
- SolveiTBooth: 630
Solve iT (aka SolveiT.rocks) introduces:
• Failsafe SD-WAN with best-in-breed “Oracle + Talari” connecting 911 Emergency Call Centers. Why Fail Over?
• “White Glove” Security Operations Center as a Service for Managed Detection & Response (MDR). Security Incident and Response with guided remediation is every CISO’s best friend.
- SonatypeBooth: 750
Every day, developers rely on millions of third party and open source building blocks – known as components – to build the software that runs our world. Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don’t have to make the tradeoff between going fast and being secure. More than 120,000 organizations use Sonatype’s Nexus solutions to support agile, Continuous Delivery, and DevOps practices globally
- SynopsysBooth: 250
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- TenableBooth: 660
Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.
- VeristorBooth: 400
At VeriStor, we design, implement and manage IT solutions that fuel business productivity. As an end-to-end solutions provider, VeriStor specializes in enterprise data storage, virtual infrastructure, public, private and hybrid cloud services, migration, and technology financing. Headquartered in Atlanta, VeriStor delivers solutions nationwide to enterprise and mid-market companies in all industries including financial services, manufacturing, healthcare, education and federal, state and local government. To learn how VeriStor can help you achieve an IT infrastructure that accelerates business growth, improves efficiencies and reduces costs, visit: http://www.veristor.com
- Larry WilsonCISO and Adjunct Faculty, University of Massachusetts
Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.
- Mike MuscatellSr. Manager, Information Security, Krispy Kreme
Mike Muscatell is a seasoned IT veteran with more than 21 years in the Information Security field. He is a certified ethical hacker (CEH). Was honored as top 100 professionals in the Information Security field by Strathmore's for 2014. Member of a number of security organizations, including InfraGard and the U.S. Chamber of Commerce Cyber Committee.
- Ron ReidyAudit Analytics Leader, Wells Fargo
Ron has been working in IT for over 30 years. Starting as a software engineer writing database programs on CP/M, MSDOS, VAX/VMS, and UNIX in C, Pascal, VAX/VMS assembler, and FORTRAN. After 15 years, he switched into a database administration role, managing large Oracle databases as well as smaller SQL Server and Sybase databases. Ron became interested in security while working for a biotech firm when he was required to secure databases to comply with Sox and FDA requirements. He has been working in InfoSec and audit for over 10 years, performing security assessments and testing, and as a database and general security instructor.
- Stephen HeadDirector, IT Risk Advisory Services, Experis Finance
Stephen Head is Director of IT Risk Advisory Services for Experis Finance. He has broad-based experience in cyber risk, regulatory compliance, IT governance and aligning controls with multiple standards and frameworks. He is the author of the internationally recognized Internal Auditing Manual and Practical IT Auditing, both published by Thomson Reuters. He was International Chair of ISACA’s Standards Board and a member of the AICPA Information Technology Executive Committee. As a Certified Business Continuity Professional (CBCP), CISSP, and a CISM, he brings a unique perspective to cyber resiliency, having managed information security practices as well as business continuity programs.
- Parker CrookSenior Sales Architect, SentinelOne
Parker Crook has been in the security industry for over 10 years across multiple verticals. He has experience working on both blue and red teams and has been asked to speak at various regional security conferences. Some of his speaking engagements have covered topics such as purple-teaming, wargaming, orchestration, and his own research. Parker is currently a Solution Architect at SentinelOne, where he helps companies across North America solve some of the most challenging cybersecurity issues.
- Grant AsplundChief Cyber Security Evangelist, Check Point Software Technologies
For more than 20 years, Grant Asplund has been sharing his insights on how businesses can best protect themselves from sophisticated cyber attacks in an increasingly complex world. As Check Point’s chief evangelist he travels the world enthralling audiences with his passionate and relational storytelling at conferences like RSA and Next100 CIOs and numerous media interviews. Grant’s wide range of cyber security experience informs his talks, having served in diverse roles ranging from sales, marketing, business development and senior management for Dome 9, Blue Coat Systems, Neustar and Altor Networks. As CEO of MetalInfo he led its acquisition by Neustar. Grant is the host of the TalkingCloud podcast (www.talkingcloud.podbean.com) on Cloud security.
- Brian CyprianSupervisory Special Agent, FBI
Brian N. Cyprian has been the supervisor for the FBI’s Charlotte Cyber Task Force since March 2016. He worked at FBI Headquarters managing national security computer intrusion investigations prior to arriving in Charlotte. Brian has a B.S. in Computer Information Systems and an MBA in Commerce from Texas A&M University.
- Mike BrannonDirector, Infrastructure & Security, National Gypsum
Mike Brannon is an experienced IT professional and long-term employee at National Gypsum Company (NGC). His IT career began in 1977, and he joined NGC in 1985. Mike leads the teams that provide infrastructure and security: "We Keep National Gypsum Running."
- Ron WinwardSecurity Evangelist, North America, Radware
As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America.
Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation.
- Tom TollertonSr. Manager, IT Advisory, DHG
Tom has 15+ years of experience in the IT industry, and has extensive experience performing SOC 1 and 2 examinations and reporting, cybersecurity risk assessments, PCI compliance assessments, and system security assessments. Tom is one of DHG’s PCI Qualified Security Assessors and has completed multiple Reports on Compliance for PCI Level 1 merchants and service providers.
Tom advises on development of holistic security governance and risk management programs integrated into IT and business operations across a wide variety of industries including financial services, retail, technology, healthcare, manufacturing, government contractors, and state and local government agencies.
Licenses & Certifications:
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Payment Card Industry Qualified Security Assessor (PCI QSA)
• Florida State University, MBA, Management Information Systems; Bachelor of Science
- Fred GordyDirector of Cybersecurity , Intelligent Buildings, LLC
Fred Gordy is the Director of Cybersecurity at Intelligent Buildings, LLC and is a nationally recognized thought leader, speaker and expert in building systems cybersecurity specializing in organizational and technical vulnerabilities. He has over 20 years of industry experience including information technology and building controls systems. Fred has been the Chairperson of the Cyber Security Committee for the InsideIQ 55 international member companies, Security Steering Committee Member for S.E.A.T. (Sports & Entertainment Alliance in Technology), founding member of Cyber Security for Control Systems Association International (CS2AI), past president and current president emeritus the Atlanta CS2AI Chapter.
- Dr. John OpalaVP, IT Security, McCormick
Cybersecurity thought leader with over 19 years of technical and leadership experience in multiple disciplines.
- Moderator: James KidwellDirector, IT Governance , Novolex
- Michael HolcombDirector, Information Security, Fluor
Michael Holcomb is the Director of Information Security for Fluor, one of the world's largest construction, engineering and project services companies with 60,000 employees around the world. In his role at Fluor, Michael is responsible for vulnerability management, incident detection/response, penetration testing and industrial controls for the global organization. He also teaches cyber security as an adjunct instructor at Greenville Technical College and helps students, career transitioners and others that are new to cyber security at becomeacybersecuritypro.com.
- Claire LaVelleEvent Director, ISSA
Claire LaVelle is a Security Consultant for the North America PCI team at Verizon with over 15 years of Information Technology experience, including a decade dedicated to all facets of Information Security (compliance, architecture, operational, privacy and forensics).
Claire has two Masters Degrees in Computer Science. She earned her first Masters Degree at Mills College while working on her thesis with Guidance Software, which she published with Elesvier. She earned her second Masters Degree at Naval Post Graduate School under the Scholarship for Service (SFS), sponsored mainly by the National Science Foundation (NSF). At Naval Post Graduate, she focused on Information Security familiarizing herself intimately with topics such as ethical hacking, reverse engineering, protocol analysis (encryption), privacy, ethics and the internet, advance networking, vulnerability management, compliance and much more in addition to participating in practical defense exercises against government agencies and hacking competitions.
Claire loves to share her passion for computer security via speaking engagements inside her company and at various conferences. She presented at the CFO (Chief Financial Officer) Risk Summit in Boston, in front of the Association of Forensic Document Examiners in Myrtle Beach, and at local colleges, last year.
- Brandi KeoughInformation Security Analyst, Novant Health
Brandi Keough is a Charlotte, North Carolina, native who started her college career at UNC Charlotte as a Chemistry major and graduated from Utica College in 2016 with her Bachelors of Science in Cybersecurity and Information Assurance with a concentration in Forensics and Investigations. Brandi is currently an information security analyst with Novant Health’s Cybersecurity Incident Response Center (CIRC), supporting their clinical counterparts and patients by providing continuous monitoring and incident response of cybersecurity events.
- Happy Hour
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes