googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, March 13, 2019
    9:00 am
    [SecureWorld PLUS] Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    9 a.m. - 3 p.m. • Earn 12 CPEs!
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm
    Location / Room: 216AB

    The University of Massachusetts has developed a 6-hour SecureWorld PLUS training class that instructs attendees on the best practices for designing, building, and maintaining a cybersecurity program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the Framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program, and a Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M), and Executive Report

    The class will help individuals and organizations acquire knowledge, skills, and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the instructor:

    • Larry Wilson is the CISO for UMass President’s Office since 2009.
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation.
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past five years.
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework.

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    9:00 am
    SecureWorld PLUS - Insider Threat: A White Hat Hacking Methodology Approach to Insider Threats
    • session level icon
    9 a.m. - 3 p.m. - Earn 12 CPEs!
    speaker photo
    Sr. Director, Cyber Security, Acumatica, Inc.
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm
    Location / Room: 215

    There are several courses which teach insider threat program development. While the methods and controls taught are very comprehensive and effective, often-times they can also be bypassed.

    Learn how the controls of your current security program can be bypassed by utilizing routine IT procedures. Will also show how to identify business processes which can contribute to insider threats. Learn how to enhance procedures required to identify insider threat exposures.

    This program is designed to help organizations identify existing critical controls needed to develop an Insider Threat Program using a white hat hacking methodology. A series of live demonstrations will be performed to show the white hat hacking techniques used to bypass various controls.

    Learning Objectives:

    • Learn the methodologies utilized by individuals within the organization that would be defined as insider threat activity.
    • How to identify system based behavioral indicators.
    • Learn which existing or enhanced security layer can provide insider threat profile data.
    • Learn how areas of the organization i.e. Legal, Procurement & HR are key stakeholders in assisting to identify insider threat activity.

    Take-Aways from the Course:

    • Establishing or enhancing an existing cyber security program to include insider threat.
    • Define self-assessments of insider threat segment of the cyber security program.
    • Enhance awareness training to include additional methods of insider threat.
    • Enhance existing security layers to better identify specific insider threat activity.
  • Thursday, March 14, 2019
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    Advisory Council Breakfast: (VIP / INVITE ONLY)
    • session level icon
    Topic: Privacy, Common Sense and Other Myths
    Registration Level:
    • session level iconVIP / Exclusive
    7:30 am - 8:30 am
    Location / Room: 216AB

    This session is for our Advisory Council members only. Light breakfast, coffee and tea will be served.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    ISACA Chapter Meeting and Guest Presentation - Open to all Attendees
    • session level icon
    [Presentation] ToR of the WiLD SiD3 of the Internet-Dark Web, Deep Web and Dark Net
    speaker photo
    Audit Analytics Leader, Wells Fargo
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 9:15 am
    Location / Room: Keynote Theater

    Interested in your local associations? Join ISACA for their monthly meeting,  and guest speaker.
    Presentation:
    We always hear about the “Dark Web” and how various services advertise the use of such a resource but what does that mean? Better yet, what does it look like. This will be a full LIVE presentation demonstrating where “various” type of activity i.e. personal identifiable information, transaction information and other related content reside.

     

     

     

    8:30 am
    Cyber Resiliency: Reducing Your Risk by Increasing Your Resiliency
    • session level icon
    speaker photo
    National Director – Cyber Risk Center of Expertise, Jefferson Wells
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: 213BC
    Cyber Resiliency enables organizations to take actions that reduce their overall risk, minimize the impact of cyber-attacks, and more predictably ensure the continuity of essential services.

    This presentation will provide a high-level overview of cyber resiliency and explore the following aspects of cyber resiliency:
    • Where cyber resiliency differs from traditional business continuity management
    • How to determine your organization’s need for cyber resiliency
    • Practical ways to assess your current and future organizational exposure
    • Who should be involved in cyber resiliency
    • What are some practical steps to begin implementing a cyber resiliency program

    8:30 am
    [SentinelOne] The Power of One: Autonomous Endpoint Protection
    • session level icon
    speaker photo
    Senior Sales Architect, SentinelOne
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: 215

    As a decision maker trying to improve security posture in an increasingly sophisticated threat landscape, you should look for products which make use of AI to build attack context, simplify the story, and automate as much as possible to save you time.

    SentinelOne is an enterprise security platform that uses patented behavioral AI to prevent, detect, respond, and hunt cyber attacks autonomously. With endpoints serving as the elastic barrier of today’s networks, SentinelOne creates a software-defined security layer that not only operates as an SOC on each endpoint—but also unifies existing and future cybersecurity investments through integrations with other technologies.

    8:30 am
    [Check Point Software Technologies] My CEO Told Me We Have to Move Our Datacenter to the Public Cloud... So, What's the Big Deal?
    • session level icon
    speaker photo
    Growth Technologies Evangelist, Check Point Software Technologies
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: 213D
    In this session, we will discuss why today’s IT organizations require mature and complete native tools—built in the cloud for the cloud—which provide:
    – Complete visibility
    – Configuration management – Identity protection
    – Secure DevOps
    – Compliance Automation
    – Governance Enforcement
    – Environment Lockdown

    We will discuss the subtle yet profound differences in operating your datacenter in the public cloud versus operating your own datacenter. We will discuss the ‘Shared Responsibility Model’ and what it really means to you and your IT department as you expand the number of workloads you move to the public cloud. And, as your sophistication increases and you expand your use of PaaS and IaaS, the complexities follow in tandem. We will show how today’s IT organizations require new, purpose-built tools designed and capable of ‘speaking the same language’ as the public cloud infrastructures and built to leverage the extensive APIs they provide.

    9:30 am
    OPENING KEYNOTE: Recent Cyber Threats and Trends from the FBI
    • session level icon
    speaker photo
    Special Agent for the Cyber Intrusion Squad, FBI Charlotte Division
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Special Agent Brian Cyprian will highlight recent cyber threats and trends seen by the FBI, and provide a case study on cybercriminals located overseas who committed crimes against U.S. citizens. These criminals were arrested, extradited to North Carolina, and brought to justice.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council LUNCH Roundtable — (VIP / Invite Only)
    • session level icon
    Topic: Prioritization of Top 20 Critical Security Controls
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 216AB

    This session is for our Advisory Council members only.
    Lunch will be served.

    11:15 am
    Moving Your Business Securely Out of Your Data Center - Into the Cloud
    • session level icon
    speaker photo
    Director, Infrastructure & Security, National Gypsum
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 215
    Your business can adopt new tools, new processes that add lots of value – and become more secure at the same time.
    I used to think that cloud solutions to business problems were too risky – NOW I believe that our cloud solution is MORE SECURE than our other alternatives. I firmly believe that security works BEST when it is embedded in what people routinely do and it makes what they do EASIER and more SECURE at the same time. New cloud services and tools from Microsoft are key to NGC becoming more secure and saving serious money overall.
    11:15 am
    [Radware] Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Security Evangelist, North America, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 213A

    Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    11:15 am
    [DHG] Operational Technology: The “Other” Cybersecurity
    • session level icon
    speaker photo
    Sr. Manager, IT Advisory, DHG
    speaker photo
    Director, Operational Technology Risk Assessment, Michael Baker International
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 213D

    Organizations have traditionally focused cybersecurity initiatives on enterprise IT infrastructure and systems. Yet, non-traditional, legacy systems responsible for controlling building technology, including HVAC, elevators, metering, lighting and parking systems introduce significant risk to sensitive data, brand reputation, and even health and safety.  In spite of becoming more connected to corporate networks, Operational Technology (OT), is often overlooked as a vulnerability point and large organizations often struggle with understanding how to effectively manage the security around these systems.
    DHG has teamed up with Intelligent Buildings to provide an overview of how operational technology and building automation systems work, and how they can be exploited to compromise a company.  DHG and Intelligent Buildings have developed a framework and approach for managing operational technology.  This session will teach you how to identify and assess your risks, prepare a gap analysis and move toward remediation.

    11:15 am
    Addressing the Cybersecurity Talent Gap at Fever Pitch Levels
    • session level icon
    speaker photo
    VP & Global CISO, Hanesbrands Inc.
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 213BC

    The growing number and size of data breaches indicates that threats are outpacing security measures taken by organizations and lack of cybersecurity workforce to effectively thwart such attacks. Cybersecurity threats and exploits are growing faster at a rate of 24 percent since 2016 which is greater than the capacity of most organizations security teams. At this rate, the global shortfall of cybersecurity professionals is expected to reach 3.5 million by 2022. The impact of such resource deficiency is realized when on average only 50 percent of applicants for cybersecurity positions are qualified for the jobs. Also, more than half or 53 percent of organizations face delays for as long as six months to find and hire qualified cybersecurity candidates. Since the responsibility for keeping data breaches from doing serious damage falls on either internal staff or offshored managed security service providers it is necessary to re-think how colleges prepare the work force for cyber security roles, recruiters build a bench of qualified resources and human resources approach compensation for qualified resources.

    12:15 pm
    LUNCH KEYNOTE: Executive Leadership Panel
    • session level icon
    Topic: Establishing and Evaluating Effective Cybersecurity Programs
    speaker photo
    Vice President, Security & Infrastructure, E4E Relief
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:15 pm
    Location / Room: Keynote Theater

    How to do it and how to test it involves strategic planning and leadership at the executive level.  The practical take-aways from this discussion will be immensely meaningful.
    Panelists:
    Stephen Head, Director, Experis Finance
    Frank Depaola, Head of Info Sec, Enpro Industries
    Larry Eighmy, CISO, The Halo Group
    Torry Crass, INMA Cybercamp Program Director, InfraGard
    Mike Hillhouse, CIO/CISO, Cadrillion Capital
    Andre Mintz, Executive Vice President, CISO and CPO, Red Ventures
    Thomas Tollerton, Senior Manager, IT Advisory, Dixon Hughes Goodman LLP

     

     

    1:30 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:30 pm - 2:15 pm
    Location / Room: 213A

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
    Panelists:
    Ron Winward, Radware
    Patrick Barry, Rebyc Security
    John McClurg, Cylance
    Rich Burke, Delta Risk
    Chris Steven, SentinelOne
    Mike Kiser, SailPoint
    Moderator: Danielle Fritzler

    1:30 pm
    Panel: Access Control – the End of the Password?
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:30 pm - 2:15 pm
    Location / Room: Keynote Theater

    “Open Sesame!” Whether you recognize the term coming from Ali Baba or one of the forty thieves, this timeless password ranks up there with “password123” or “admin” on your home wireless router. Passwords were created to keep us safe or keep something safe for us. Back in the day you were able to look the person in the eye when they said the password. You knew (roughly) what you were getting, and you could perform a risk assessment (of sorts) on the speaker. Now, with some many ways at getting our information, the password is going the way of the dodo. Is 2FA good enough? Zero Trust? Biometrics? Pass phrases? Perhaps your own voice is the password? I don’t know the answer, but I’d be willing to bet that some of the experts on this panel will be able to help you decide what to do with the password dilemma.
    Panelists:
    Jorge Alago, Veristor
    Gary Walderich, Check Point Security
    William Clay James, Marine Federal Credit Union
    William Curtis, Hanes
    Moderator: RJ Sudlow, DHG

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Networking Break — Dash for Prizes and CyberHunt winners announced
    Registration Level:
    2:30 pm - 2:45 pm
    Location / Room: Exhibitor Floor

    Be sure to have your badge scanned with participating exhibitors throughout the day. Past prizes have included Kindles, Bose wireless headphones, gift cards, iPads, drones, and more! *Must be present to win.

    3:00 pm
    Finding Your Vulnerabilities—Before Attackers and Auditors Do
    • session level icon
    speaker photo
    Fellow and Director of Cybersecurity, Fluor
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 213A
    Do you know where all of your cyber security vulnerabilities are? As enterprise defenders and security leaders, we can take the initiative in looking for these vulnerabilities, both within the organization as well as on our systems exposed directly to the Internet. This presentation provides some considerations and practical tips for organizations in strengthening, or establishing, their own vulnerability management program and ensuring the most benefit from outside vulnerability assessments and penetration tests.
    3:00 pm
    Scoping Insights for Compliance Data
    • session level icon
    speaker photo
    Event Director, ISSA
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 213BC
    This presentation addresses the scoping issues that exists in compliance programs. It reviews de-scoping techniques and highlights potential scope creeps. The presentation also gives an overview about the categorization of assets and services depending on their roles within the compliance program. To conclude, the presentation will show possible remediation path and good practices to keep the scope current and relevant.

     

    3:00 pm
    Applying the Scientific Method to Cybersecurity Event Analysis
    • session level icon
    speaker photo
    Information Security Analyst, Novant Health
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 213D
    What is one of the biggest frustrations when analyzing a cybersecurity event? To me, it is a simple frustration of not knowing where to go next with my investigation. I find that it is easy to trail down what we like to call “rabbit holes.” These rabbit holes may not lead anywhere, which is fine. However, it is frustrating when you are deep in a rabbit hole and end up at a cross tunnel not knowing which way to go next or where you just came from.
    By applying the scientific method to our analysis we are able to better organize our thought process, focus on where we should go next, and where we have already been in the investigation that took us to a dead-end. The scientific method can be used for even the simplest adverse cybersecurity events, as well as complex cybersecurity incidents.
    4:00 pm
    GuidePoint Reception
    • session level icon
    Join your fellow security professionals for drinks and appetizers compliments of GuidePoint and Partners
    Registration Level:
    • session level iconOpen Sessions
    4:00 pm - 6:00 pm
    Location / Room: Merchant and Trade - 303 S Church St,, Charlotte

    Join your peers for complimentary hors d’oeuvres, drinks, and conversation following SecureWorld. This is a great opportunity to network with other security professionals from the Charlotte area, and to discuss the hot topics from the day.
    Compliments of GuidePoint Security and Partners.
    Merchant and Trade, 303 S Church St. Charlotte, NC 28202
    4:00 – 7:00 p.m.
    Register Here (space is limited) 

Exhibitors
  • Arctic Wolf Networks
    Booth: 630

    Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOC™ service is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting, and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit  https://www.arcticwolf.com.

  • Ballantyne IT Professionals
    Booth: 350

    A non-profit technology professional group formed in 2011 under the premise to provide a relaxing atmosphere for IT Professionals living and working in the Ballantyne area of Charlotte North Carolina to build relationships and share ideas. Our mission is to Connect IT, Build IT, Create IT and Give Back to IT & Our Community.

  • BlackBerry Corporation
    Booth: 580

    BlackBerry Cybersecurity is a leader in endpoint security, endpoint management, encryption, and embedded systems, protecting enterprises and governments around the world. Our end-to-end approach is deeply rooted in Cylance® AI and machine learning, providing continuous preventative protection, detection, and instant response. We extend protection for your organization against current and future cyberthreats by combining network and endpoint telemetry and by delivering innovative solutions in the areas of cybersecurity, safety, and data privacy.

  • Burwood Group, Inc.
    Booth: 500

    Burwood Group, Inc. is an IT consulting and integration firm. We help forward-thinking leaders design, use, and manage technology to transform their business and improve outcomes. Our services in consulting, technology, and operations are rooted in business alignment and technical expertise in cloud, automation, security, and collaboration.

  • Cyber Lounge Sponsor: Mimecast
    Booth: 160 (Cyber Lounge)

    Mimecast Is Making Email Safer For Business.

    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service. Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • Check Point Software Technologies
    Booth: 650

    Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • Cloud Security Alliance (CSA)
    Booth: 150

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Cobalt
    Booth: 630

    Cobalt’s Pentest as a Service (PtaaS) platform is modernizing traditional pentesting. By combining a SaaS platform with an exclusive community of testers, we deliver the real-time insights you need to remediate risk quickly and innovate securely.

  • Cofense
    Booth: 820

    Cofense® provides the world’s most effective email threat detection and remediation solutions. Cofense PhishMe® and the Cofense Phishing Detection and Response Platform (PDR), are powered by over 35 million Cofense-trained employees who report phishing and other dangerous email threats in real time. Exclusive to Cofense, our network detects and eradicates threats other email security systems miss and removes them from our customer inboxes. For more information, visit www.cofense.com or connect with Cofense on X and LinkedIn.

  • Comodo Cybersecurity
    Booth: 260

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • Delta Risk
    Booth: 550

    Delta Risk is breaking the mold for managed security, delivering Security Operations Center (SOC)-as-a-Service and security services that bridge the gap to a modern security approach. We enable any size organization to leverage our expert security operations team and respond to endpoint, network, and cloud security threats 24×7. ActiveEye, our proprietary platform, uses Security Orchestration Automation and Response (SOAR) to cut through the noise and address the most critical threats faster. The ActiveEye Portal is the cornerstone of our customer-centric approach, providing clients a transparent view into SOC activities and Key Performance Indicators (KPIs) that demonstrate the value of our co-managed security approach.

  • DHG
    Booth: 300

    Headquartered in Charlotte, NC, DHG ranks among the top 20 public accounting firms in the nation. With more than 2,000 professionals in 13 states, we combine deep experience with a strong commitment to personal service. We are passionate about helping our clients succeed—and we do so through a resourceful approach to solving problems, providing solutions and helping our clients achieve their goals.

    Dedicated client focus and relationships have been and always will be our touchstone. Here at DHG, you’ll receive personalized service provided by a team of professionals who are eager to share their knowledge and experience with you. We draw on our extensive resources to combine comprehensive assurance, tax and advisory services.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • ForeScout Technologies, Inc.
    Booth: 860

    ForeScout Technologies, Inc. has pioneered an agentless approach to network security to address the explosive growth of the Internet of Things (IoT), cloud computing and operational technologies (OT). We offer a highly scalable, heterogeneous platform that provides Global 2000 enterprises and government agencies with agentless visibility and control of today’s vast array of physical and virtual devices the instant they connect to the network. Our technology continuously assesses, remediates and monitors devices and works with disparate security tools to help accelerate incident response, break down silos, automate workflows and optimize existing investments. As of June 30, 2018, more than 2,900 customers in over 80 countries improve their network security and compliance posture with ForeScout solutions.

  • Gigamon
    Booth: 830

    Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com. 

  • Global Cyber Alliance
    Booth:

    The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

  • GuidePoint Security LLC
    Booth: 840

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

  • IBM Resilient
    Booth: 460

    In an industry focused on building walls, IBM Security is focused on creating an open, connected security ecosystem that leverages AI, cloud, orchestration and collaboration to help clients improve compliance, stop threats and grow their businesses securely. Our strategy reflects our belief that today’s defenses will not suffice tomorrow. It challenges us to approach our work, support our clients and lead the industry, allowing you to be fearless in the face of cyber uncertainty.

  • InfoSec-Conferences.com
    Booth: n/a

    We’re the InfoSec community’s #1 ‘Go To’ resource for cybersecurity conference listings. Since 2012 we’ve provided cybersecurity professionals with accurate event listings that are manually checked and updated every day.

  • InfraGard
    Booth: 340

    InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of individuals, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.

    The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.

  • IntSights
    Booth: 322

    IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the open, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world.

  • Institute of Internal Auditors (IIA)
    Booth: 330

    Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.

  • ISACA Charlotte
    Booth: 540

    Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the region.

  • Charlotte Metro ISSA
    Booth: 230

    The Charlotte ISSA chapter is committed to providing the Information Security professionals of Charlotte opportunities to grow both technically and professionally through training, meetings and summits.

  • Ixia, a Keysight Business
    Booth: 140

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Jazz Networks
    Booth: 760

    Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.

  • NCTECH Association
    Booth: 360

    Founded in 1993, the North Carolina Technology Association (NCTA) is a 501 (c) (6) not-for-profit association focused on advancing the state’s tech industry. NCTA has 700+ member companies, organizations and institutions representing more than 200,000 North Carolina based employees.

  • Okta
    Booth: 740

    Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.

  • Radware
    Booth: 220

    Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.

  • RedSeal
    Booth: 730

    By focusing on cybersecurity fundamentals, RedSeal helps government agencies and Global 2000 companies measurably reduce their cyber risk. With RedSeal’s cyber terrain analytics platform and professional services, enterprises improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif.

  • SailPoint
    Booth: 240

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • Securonix
    Booth: 430

    Securonix is redefining threat detection and response for today’s hybrid cloud, data-driven enterprise. Securonix Next-Gen SIEM and XDR are powered by the most advanced analytics and built on a scalable, flexible cloud native architecture. Securonix leverages behavioral analytics technology that pioneered the UEBA category to reduce noise, prioritize high fidelity alerts, and enable fast and precise response to insider and cyber threats.

  • SentinelOne
    Booth: 870

    SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.

  • Sherpa Software
    Booth: 600

    Sherpa Software is the cost-effective solution for information security, data governance, GDPR, and eDiscovery compliance. With more than 18 years of experience in the landscape, Sherpa Software was founded in 2010 and is based in Pittsburgh, PA. Our SaaS platform, Altitude IG, is the first step in cybersecurity: it’s scalable, affordable information governance and data compliance software that provides complete transparency and visibility into your unstructured data. With Altitude IG, data protection begins here.

  • Siemplify
    Booth: 530

    The  Siemplify  team is comprised of cyber-security professionals, veterans of Israeli intelligence agencies. We bring rich experience in security analysis,  management  and operations and are backed by experts in data science and applied mathematics.

    WE BELIEVE In the modern world of cyber threat analysis, investigation and management should be more holistic, intuitive and simple. Technology and data science should serve cyber security experts by providing all the relevant information about the threat in real-time and focus them  in  rapid decision making.

  • SolveiT
    Booth: 630

    Solve iT (aka SolveiT.rocks) introduces:

    •  Failsafe SD-WAN with best-in-breed “Oracle + Talari” connecting 911 Emergency Call Centers. Why Fail Over?

    •  “White Glove” Security Operations Center as a Service for Managed Detection & Response (MDR). Security Incident and Response with guided remediation is every CISO’s best friend.

  • Sonatype
    Booth: 750

    Every day, developers rely on millions of third party and open source building blocks – known as components – to build the software that runs our world. Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don’t have to make the tradeoff between going fast and being secure. More than 120,000 organizations use Sonatype’s Nexus solutions to support agile, Continuous Delivery, and DevOps practices globally

  • Synopsys
    Booth: 250

    Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tenable
    Booth: 660

    Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

  • Veristor
    Booth: 400

    At VeriStor, we design, implement and manage IT solutions that fuel business productivity. As an end-to-end solutions provider, VeriStor specializes in enterprise data storage, virtual infrastructure, public, private and hybrid cloud services, migration, and technology financing. Headquartered in Atlanta, VeriStor delivers solutions nationwide to enterprise and mid-market companies in all industries including financial services, manufacturing, healthcare, education and federal, state and local government. To learn how VeriStor can help you achieve an IT infrastructure that accelerates business growth, improves efficiencies and reduces costs, visit: http://www.veristor.com

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Mike Muscatell
    Sr. Director, Cyber Security, Acumatica, Inc.

    Mike Muscatell is a seasoned IT veteran with more than 21 years in the Information Security field. He is a certified ethical hacker (CEH). Was honored as top 100 professionals in the Information Security field by Strathmore's for 2014. Member of a number of security organizations, including InfraGard and the U.S. Chamber of Commerce Cyber Committee.

  • speaker photo
    Ron Reidy
    Audit Analytics Leader, Wells Fargo

    Ron has been working in IT for over 30 years. Starting as a software engineer writing database programs on CP/M, MSDOS, VAX/VMS, and UNIX in C, Pascal, VAX/VMS assembler, and FORTRAN. After 15 years, he switched into a database administration role, managing large Oracle databases as well as smaller SQL Server and Sybase databases. Ron became interested in security while working for a biotech firm when he was required to secure databases to comply with Sox and FDA requirements. He has been working in InfoSec and audit for over 10 years, performing security assessments and testing, and as a database and general security instructor.

  • speaker photo
    Stephen Head
    National Director – Cyber Risk Center of Expertise, Jefferson Wells

    As the National Director for the Cyber Risk Center of Expertise at Jefferson Wells, Stephen has broad-based experience in cyber risk, regulatory compliance, IT governance and aligning controls with multiple standards and frameworks. He is the author of the internationally recognized Internal Auditing Manual and Practical IT Auditing, both published by Thomson Reuters. He served as International Chair of the ISACA Standards Board and as a Director on the ISACA international Board, was a Commissioner on the AICPA National Accreditation Commission, and served on the AICPA Information Technology Executive Committee at the National level. Stephen has spoken at numerous national and international events, including the IIA International Conference and the Association of Certified Fraud Examiners (ACFE) Annual Global Conference. He is a CPA, CISSP, CISM, CDPSE, QSA, PCIP, CMA, CFE, CISA, CGEIT, CRISC, CBCP, MCSE, CHP, CHSS, CITP, CGMA, CPCU, and holds an MBA from Wake Forest University.

  • speaker photo
    Parker Crook
    Senior Sales Architect, SentinelOne

    Parker Crook has been in the security industry for over 10 years across multiple verticals. He has experience working on both blue and red teams and has been asked to speak at various regional security conferences. Some of his speaking engagements have covered topics such as purple-teaming, wargaming, orchestration, and his own research. Parker is currently a Solution Architect at SentinelOne, where he helps companies across North America solve some of the most challenging cybersecurity issues.

  • speaker photo
    Grant Asplund
    Growth Technologies Evangelist, Check Point Software Technologies

    For more than 20 years, Grant Asplund has been sharing his insights on how businesses can best protect themselves from sophisticated cyber-attacks in an increasingly complex world. As Check Point’s chief evangelist, he travels the world enthralling audiences with his passionate and relational storytelling at conferences like RSA and Next100 CIOs and numerous media interviews. Grant’s wide range of cyber security experience informs his talks, having served in diverse roles ranging from sales, marketing, business development, and senior management for Dome 9, Blue Coat Systems, Neustar, and Altor Networks. As CEO of MetaInfo, he led its acquisition by Neustar. Grant is the host of the CISO Secrets podcast (cp.buzzsprout.com) and the Talking Cloud Podcast (www.talkingcloudpodcast.com) on Cloud security.

  • speaker photo
    Brian Cyprian
    Special Agent for the Cyber Intrusion Squad, FBI Charlotte Division

    Brian N. Cyprian has been the supervisor for the FBI’s Charlotte Cyber Task Force since March 2016. He worked at FBI Headquarters managing national security computer intrusion investigations prior to arriving in Charlotte. Brian has a B.S. in Computer Information Systems and an MBA in Commerce from Texas A&M University.

  • speaker photo
    Mike Brannon
    Director, Infrastructure & Security, National Gypsum

    Mike Brannon is an experienced IT professional and long-term employee at National Gypsum Company (NGC). His IT career began in 1977, and he joined NGC in 1985. Mike leads the teams that provide infrastructure and security: "We Keep National Gypsum Running."

  • speaker photo
    Ron Winward
    Security Evangelist, North America, Radware

    As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America.
    Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
    Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
    Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
    Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation.

  • speaker photo
    Tom Tollerton
    Sr. Manager, IT Advisory, DHG

    Tom has 15+ years of experience in the IT industry, and has extensive experience performing SOC 1 and 2 examinations and reporting, cybersecurity risk assessments, PCI compliance assessments, and system security assessments. Tom is one of DHG’s PCI Qualified Security Assessors and has completed multiple Reports on Compliance for PCI Level 1 merchants and service providers.
    Tom advises on development of holistic security governance and risk management programs integrated into IT and business operations across a wide variety of industries including financial services, retail, technology, healthcare, manufacturing, government contractors, and state and local government agencies.
    Licenses & Certifications:
    • Certified Information Systems Auditor (CISA)
    • Certified Information Systems Security Professional (CISSP)
    • Payment Card Industry Qualified Security Assessor (PCI QSA)
    Education:
    • Florida State University, MBA, Management Information Systems; Bachelor of Science

  • speaker photo
    Fred Gordy
    Director, Operational Technology Risk Assessment, Michael Baker International

    Fred Gordy is a nationally recognized thought leader, speaker, and expert in building systems cybersecurity specializing in organizational and technical vulnerabilities. He has over 20 years of industry experience including information technology and building controls systems. Fred has been the Chairperson of the Cyber Security Committee for the InsideIQ 55 international member companies, Security Steering Committee Member for S.E.A.T. (Sports & Entertainment Alliance in Technology), founding member of Cyber Security for Control Systems Association International (CS2AI), past president and current president emeritus the Atlanta CS2AI Chapter.

  • speaker photo
    John Opala, PhD
    VP & Global CISO, Hanesbrands Inc.

    Cybersecurity thought leader with over 19 years of technical and leadership experience in multiple disciplines.

  • speaker photo
    James Kidwell, Moderator
    Vice President, Security & Infrastructure, E4E Relief
  • speaker photo
    Michael Holcomb, Moderator
    Fellow and Director of Cybersecurity, Fluor

    Michael Holcomb is the Fellow and Director of Information Security for Fluor, one of the world's largest construction, engineering, and project services companies with 60,000 employees around the world. In his role at Fluor, Michael is responsible for vulnerability management, incident detection/response, penetration testing and industrial controls for the global organization. He also teaches cybersecurity as an adjunct instructor at Greenville Technical College and helps students, career transitioners, and others that are new to cybersecurity.

  • speaker photo
    Claire LaVelle
    Event Director, ISSA

    Claire LaVelle is a Security Consultant for the North America PCI team at Verizon with over 15 years of Information Technology experience, including a decade dedicated to all facets of Information Security (compliance, architecture, operational, privacy and forensics).

    Claire has two Masters Degrees in Computer Science. She earned her first Masters Degree at Mills College while working on her thesis with Guidance Software, which she published with Elesvier. She earned her second Masters Degree at Naval Post Graduate School under the Scholarship for Service (SFS), sponsored mainly by the National Science Foundation (NSF). At Naval Post Graduate, she focused on Information Security familiarizing herself intimately with topics such as ethical hacking, reverse engineering, protocol analysis (encryption), privacy, ethics and the internet, advance networking, vulnerability management, compliance and much more in addition to participating in practical defense exercises against government agencies and hacking competitions.

    Claire loves to share her passion for computer security via speaking engagements inside her company and at various conferences. She presented at the CFO (Chief Financial Officer) Risk Summit in Boston, in front of the Association of Forensic Document Examiners in Myrtle Beach, and at local colleges, last year.

  • speaker photo
    Brandi Keough
    Information Security Analyst, Novant Health

    Brandi Keough is a Charlotte, North Carolina, native who started her college career at UNC Charlotte as a Chemistry major and graduated from Utica College in 2016 with her Bachelors of Science in Cybersecurity and Information Assurance with a concentration in Forensics and Investigations. Brandi is currently an information security analyst with Novant Health’s Cybersecurity Incident Response Center (CIRC), supporting their clinical counterparts and patients by providing continuous monitoring and incident response of cybersecurity events.

  • speaker photo
    Happy Hour
Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes