Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, March 4, 2020
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    7:30 am
    Advisory Council Breakfast: (VIP / INVITE ONLY)
    • session level icon
    Topic: Privacy, Common Sense and Other Myths
    Registration Level:
    • session level iconVIP / Exclusive
    7:30 am - 9:15 am
    Location / Room: 216AB

    This session is for our Advisory Council members only. Light breakfast, coffee and tea will be served.

    8:00 am
    [SecureWorld PLUS] Part 1 - Understanding and Using the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Board of Advisors, University of Detroit Mercy, Center for Cybersecurity and Intelligence Studies
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 215

    This course provides in depth awareness of the knowledge, skill, ability (KSA), and competency requirements, of the NIST NICE Cybersecurity Workforce Framework. The student will be given a broad, understanding of the architecture and intent of the NICE model, as well as the purpose and intent of each of the component knowledge, and specialty areas. Students will learn how to design and implement a practical cybersecurity infrastructure solution, that directly applies the job role recommendations, which are specified in the NICE Workforce Model, to the real-world cybersecurity policy guidance requirements of the NIST Cybersecurity Framework.

    Who should attend:
    Any type of C-Level (including CFO and COO)
    Strategic Planners
    Cybersecurity Architects
    Cybersecurity Analysts
    Human Resources Planners

    What will be the audience “take-away”?:
    The student will be able to produce a cybersecurity solution that is tailored to their specific organizational application, which is based on the two most commonly accepted models for cybersecurity best practice.

    8:00 am
    [SecureWorld PLUS] Part 1 - Deciphering Cloud Security Architecture
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    VP, IT Security, McCormick
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 206A

    The training course will include foundational cloud security materials such as cloud fundamentals, securing cloud infrastructure (IaaS, PaaS), practical steps to managing cloud security risks, and data security in the cloud sphere. In the first part we will cover introduction to cloud computing and relevant services. This is crucial for anyone aspiring to manage, architect or support cloud computing. The topics will include fundamentals of cloud computing, including definitions, architectures, and the role of data virtualization. The session will also include cloud computing service models, delivery models, and the fundamental characteristics of cloud and the shared the shared responsibilities model.

    In part two we will be covering steps necessary to be taken in order to achieve infrastructure security for cloud computing and security risks. This is will include how to secure the core infrastructure for cloud computing, cloud components, networks, management interfaces, administrator credentials and identity access management. Also, we will a cursory discussion on virtual networking and workload security, basics of containers and serverless infrastructure. We will conclude this section by introducing cloud risk management and considerations of managing security for cloud computing.

    Part three will begin by covering a continuation of risk management from part two. The topics will include risk assessment and governance, legal and compliance issues, and discovery requirements in the cloud. We will also cover a select list of CSA risk tools including the CAIQ, CCM, and STAR registry and how cloud impacts IT audits. This will include data security in the cloud, delving deep into data protection in the cloud, how data is stored and secured in the cloud.  Finally, we will go over how data security lifecycle is impacted by cloud, how to apply security controls in a cloud environment, data security issues with different delivery models, and managing encryption in and for the cloud.

    The key takeaway from this course is that it this course can be used as an introductory preparation for both ISC2-CCSP certification or CCSK examinations. Also, the body of knowledge covered in this course will enhance any practitioner’s preparedness to respond to cloud security related risks.

    8:30 am
    Setting Common Language When Talking to Leadership About IT Risks
    • session level icon
    speaker photo
    CISO & VP, Information Security, Carolina Complete Health
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 219AB
    To be successful in presenting IT security to senior leadership, it’s important it is done in way that they can ingest, process, and understand; because ultimately, IT risk management decisions are business decisions, not technical decisions.

    This session will discuss approaches to present to individual business decision makers, understanding that each as his/her own goals, incentives, currency, and biases. We will discuss 3 simple concepts to be defined and agreed on by senior leadership to move forward: what does success look like?; what does failure look like?; how do we measure these? This session will be very conversational and interactive, so bring questions!

    8:30 am
    10 Application Security Myths
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 211AB
    “AppSec is hard”, “We need (insert blinky box)”, “I’m not a programmer”, “Our company isn’t a target”, “Security is emergent”, “Internal apps don’t need to be secured”, etc…
    I suspect none of these will come as a surprise for anyone in Application Security but I continue to encounter these same myths year after year, company after company. My hope is that by sharing my pain and some of the approaches I’ve taken to educate development teams, we can share your successes and together we can bring development out of the rut it’s currently in.
    8:30 am
    The Hunt for Cybersecurity Talent: It's Time to Rethink Your Organization's Recruitment Strategy
    • session level icon
    speaker photo
    Co-Founder & Managing Partner, HuntSource
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 212AB
    Thousands of organizations across the globe are experiencing “hunt fatigue” when it comes to finding cyber talent. Most don’t even know where to start. In this session, Cybersecurity and Technology recruiting industry expert, Matt Donato, will discuss the various challenges organizations are facing when it comes to hiring top cyber talent and how you may need to rethink your recruitment strategy.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    [OPENING KEYNOTE] Living in a Resilient World
    • session level icon
    speaker photo
    Ponemon Institute Distinguished Fellow, Career CISO & Former CISO, Time Warner Cable; CEO & Founder, CyAlliance
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    With over 25 years in Security and Technology and a Career CISO, Tammy Moskites, CEO and Founder of CyAlliance has much to share about leadership, the journey and resilience. Tammy will share her journey from being an Administrative Assistant to owning her own company. She will share stories, discuss the gaps in recruiting techniques, and how to create high performing teams. She will highlight the importance, individually, of what you can be doing mentally, emotionally, and physically to help you focus where you want to be in your career. Resilience is not just being in charge – it is finding the road to where you want to be now and in the future. The Journey. How her passion around doing the right things right and for the right reasons coupled with a foundation of trust and integrity, will guide you to also find the road to Success. #DoWhatYouLove #LoveWhatYouDo
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: Prioritizing Risk in an Ever Changing Threatscape
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 216AB

    This session is for Advisory Council members only.

    11:15 am
    ISACA Chapter Meeting and Guest Presentation - Open to all Attendees
    • session level icon
    [Presentation] ToR of the WiLD SiD3 of the Internet-Dark Web, Deep Web and Dark Net
    speaker photo
    Sr. Manager Information Security, Krispy Kreme
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 219AB

    Interested in your local associations? Join ISACA for their monthly meeting,  and guest speaker.
    Presentation:
    We always hear about the “Dark Web” and how various services advertise the use of such a resource but what does that mean? Better yet, what does it look like. This will be a full LIVE presentation demonstrating where “various” type of activity i.e. personal identifiable information, transaction information and other related content reside.

     

     

     

    11:15 am
    [Attack]tive Directory: Compromising Domains via Active Directory Exploits in 2020
    • session level icon
    speaker photo
    Instructor, University of North Carolina at Charlotte
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 218AB

    As a red teamer and penetration tester, I’ve compromised several networks from small/medium businesses to enterprises in a very short time via Active Directory exploits that take advantage of default policy settings or common misconfigurations. Often times, businesses will focus on a vulnerability scan to gauge their vulnerability posture when in reality, 90% of engagements are done purely through exploiting Active Directory — something vulnerability scans miss.. This presentation highlights some of the most common and recent attacks I’ve conducted in an AD environment, from a technical overview to live demonstrations. In addition, mitigations for these attacks are given and can be accomplished without needing any paid tools. This talk is targeted to both red teamers and blue teamers

    Presentation Level: TECHNICAL (deeper dive including TTPs)

    11:15 am
    [Check Point] Protecting You from You Is the #1 Challenge in the Age of SDE (Software Defined Everything)
    • session level icon
    speaker photo
    Global Cloud Evangelist, Check Point Software Technologies
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Using public clouds for enterprise datacenters is now mainstream; the advantages are significant and the gained agility undisputable. However, the number of services and options being offered is daunting. And, with these choices come consequences; one misconfiguration can put your entire organization at risk…or worse. Another reality you will face as you scale is the challenge of using a ‘one-size-fits-all’ interface. Imagine scrolling through lists of assets when the numbers are in the hundreds or even thousands. Just imagine trying to find a misconfigured or exposed S3 bucket when you have thousands; it’s finding a needle in a stack of needles.

    If you’re like most enterprises, you have a resource gap and don’t have the experienced, trained security professionals maintaining your cloud environment(s). This gap exacerbates risks. The cloud environments available today are extremely comprehensive and powerful, but in unskilled hands, one fat-finger can have dire consequences. And, as you implement ephemeral cloud-native services like Lambda functions and other cloud-native platform components, new challenges will arise when conducting threat-detection and attribution.

    In this session you’ll see your future and what to expect managing your public cloud-based datacenter. You’ll learn why Gartner says, “Through 2022, at least 95% of cloud security failures will be the customer’s fault.” We will highlight the top challenges you will face and show you what you should prepare for before you scale. We will also detail recommended best practices for securing and maintaining compliance in your public cloud data center.

    12:15 pm
    LUNCH KEYNOTE: Executive Leadership Panel
    • session level icon
    Topic: Establishing and Evaluating Effective Cybersecurity Programs
    speaker photo
    Sr. Manager, Global Security, Aflac Subsidiary Security
    speaker photo
    CISO, Premiere, Inc.
    speaker photo
    Director of Physical and Cyber Security, Red Ventures
    speaker photo
    Director, Infrastructure & Security, National Gypsum
    speaker photo
    IT Advisory Executive, CareSource
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:15 pm
    Location / Room: Keynote Theater

    How to do it and how to test it involves strategic planning and leadership at the executive level.  The practical take-aways from this discussion will be immensely meaningful.
    Panelists:
    Stephen Head, Director, Experis Finance
    Frank Depaola, Head of Info Sec, Enpro Industries
    Larry Eighmy, CISO, The Halo Group
    Torry Crass, INMA Cybercamp Program Director, InfraGard
    Mike Hillhouse, CIO/CISO, Cadrillion Capital
    Andre Mintz, Executive Vice President, CISO and CPO, Red Ventures
    Thomas Tollerton, Senior Manager, IT Advisory, Dixon Hughes Goodman LLP

     

     

    1:30 pm
    [Panel] Emerging Threats – Hackers and Exploits and Phishing Attacks! Oh My!
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:30 pm - 2:15 pm
    Location / Room: 219AB

    We all have heard email is the #1 attack vector. Based on the numbers we are seeing; it is pretty indisputable. But what about the other stuff? Zero Day exploits still make headlines. New ransomware attacks every week. IoT devices are easily hacked. BEC/CEO fraud attacks are at an all time high. Will AI be a tool for the hackers? Join our panelists as they share knowledge on the current threatscape and make some predictions on what is coming soon to a network near you.

    1:30 pm
    Birds of a Feather Discussion Groups
    • session level icon
    Topic: Cloud Security: Securing Your Organization’s Digital Transformation
    speaker photo
    Director, Information Security, Essent Guaranty, Inc.
    Registration Level:
    • session level iconOpen Sessions
    1:30 pm - 2:15 pm
    Location / Room: Exhibitor Floor (Booth #105)

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

    1:30 pm
    Birds of a Feather Discussion Groups
    • session level icon
    Topic: Responding to the Evolving Privacy Landscape
    speaker photo
    Director, Infrastructure & Security, National Gypsum
    Registration Level:
    • session level iconOpen Sessions
    1:30 pm - 2:15 pm
    Location / Room: Exhibitor Floor (Booth #130)

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Cloud Security Alliance Meeting and Presentation - Open to all Attendees
    • session level icon
    Presenting: Securing Your (SD)-WAN Journey to Your Cloud
    speaker photo
    Regional Architect - Mid-Atlantic, Check Point Software Technologies
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 4:00 pm
    Location / Room: 219AB

    Interested in your local associations? Join Cloud Security Alliance (CSA) for a chapter meeting and guest presentation.
    Presentation:
    SD-WAN has evolved through three main stages to meet the business needs of its users. The rise of cloud, mobile, and business agility demands has required SD-WAN to become smarter by providing security, optimization, intelligence, and better reach.
    Presentation Level: TECHNICAL (deeper dive including TTPs)

    3:00 pm
    Penetration Testing The Cybersecurity Maturity Model (CMM)
    • session level icon
    speaker photo
    Sr. Manager Information Security, Krispy Kreme
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 211AB

    Many organizations have heard or used the Cybersecurity Maturity Model (CMM) to help improve their organization’s overall security posture.  In many cases the results provide a broad view that meet a predetermined requirement i.e. audit, assessment or gap analysis  This presentation considers the valuable output produced from that process and provides, through live demonstrations, a comprehensive look at what would happen if those vulnerabilities identified previously, are compromised at an operational security level.

    * Learning Objective #1:
    Operational Cybersecurty Exposure – A method by which to measure the maturity level of the organization’s operational security.

    * Learning Objective #2:
    Actions Matrix – Will provide an active template to identify actionable components of internal operations that map back to the technology security layers.

    * Learning Objective #3:
    High Level understanding of mapping Vulnerability assessment (NIST) vs Penetration testing output to CMM.

    Presentation Level: TECHNICAL (deeper dive including TTPs)

    3:00 pm
    Security @ The Speed of Business
    • session level icon
    speaker photo
    VP, Information Security, Risk & Compliance, LMC (a Lennar Company)
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 212AB

    There is an urgent need to innovate on the part of the business. The reality of today’s business mandates a more agile and innovative approach to security. The old guard of draconian security focused on technology, compliance, and boundaries of protection is no longer effective and has prevented security from having a seat at the business table. All this, when a shift in the threat landscape, and a real impact to the bottom line have negatively affected most organizations. This presentation will deep dive into practical, attainable and effective methods to shift the mentality and allow security organizations to function at the speed of business.
    Presentation Level: MANAGERIAL (security and business leaders)

    3:00 pm
    [SecureWorld PLUS] Part 2 - Understanding and Using the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Board of Advisors, University of Detroit Mercy, Center for Cybersecurity and Intelligence Studies
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 215

    This course provides in depth awareness of the knowledge, skill, ability (KSA), and competency requirements, of the NIST NICE Cybersecurity Workforce Framework. The student will be given a broad, understanding of the architecture and intent of the NICE model, as well as the purpose and intent of each of the component knowledge, and specialty areas. Students will learn how to design and implement a practical cybersecurity infrastructure solution, that directly applies the job role recommendations, which are specified in the NICE Workforce Model, to the real-world cybersecurity policy guidance requirements of the NIST Cybersecurity Framework.

    Who should attend:
    Any type of C-Level (including CFO and COO)
    Strategic Planners
    Cybersecurity Architects
    Cybersecurity Analysts
    Human Resources Planners

    What will be the audience “take-away”?:
    The student will be able to produce a cybersecurity solution that is tailored to their specific organizational application, which is based on the two most commonly accepted models for cybersecurity best practice.

    3:00 pm
    [SecureWorld PLUS] Part 2 - Deciphering Cloud Security Architecture
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    VP, IT Security, McCormick
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 206A

    The training course will include foundational cloud security materials such as cloud fundamentals, securing cloud infrastructure (IaaS, PaaS), practical steps to managing cloud security risks, and data security in the cloud sphere. In the first part we will cover introduction to cloud computing and relevant services. This is crucial for anyone aspiring to manage, architect or support cloud computing. The topics will include fundamentals of cloud computing, including definitions, architectures, and the role of data virtualization. The session will also include cloud computing service models, delivery models, and the fundamental characteristics of cloud and the shared the shared responsibilities model.

    In part two we will be covering steps necessary to be taken in order to achieve infrastructure security for cloud computing and security risks. This is will include how to secure the core infrastructure for cloud computing, cloud components, networks, management interfaces, administrator credentials and identity access management. Also, we will a cursory discussion on virtual networking and workload security, basics of containers and serverless infrastructure. We will conclude this section by introducing cloud risk management and considerations of managing security for cloud computing.

    Part three will begin by covering a continuation of risk management from part two. The topics will include risk assessment and governance, legal and compliance issues, and discovery requirements in the cloud. We will also cover a select list of CSA risk tools including the CAIQ, CCM, and STAR registry and how cloud impacts IT audits. This will include data security in the cloud, delving deep into data protection in the cloud, how data is stored and secured in the cloud.  Finally, we will go over how data security lifecycle is impacted by cloud, how to apply security controls in a cloud environment, data security issues with different delivery models, and managing encryption in and for the cloud.

    The key takeaway from this course is that it this course can be used as an introductory preparation for both ISC2-CCSP certification or CCSK examinations. Also, the body of knowledge covered in this course will enhance any practitioner’s preparedness to respond to cloud security related risks.

    4:00 pm
    GuidePoint Reception
    • session level icon
    Join your fellow security professionals for drinks and appetizers compliments of GuidePoint and Partners
    Registration Level:
    • session level iconOpen Sessions
    4:00 pm - 7:00 pm
    Location / Room: Merchant & Trade: 303 S Church St.

    Join your peers for complimentary hors d’oeuvres, drinks, and conversation following SecureWorld. This is a great opportunity to network with other security professionals from the Charlotte area, and to discuss the hot topics from the day.
    Compliments of GuidePoint Security and Partners.
    Merchant and Trade, 303 S Church St. Charlotte, NC 28202
    4:00 – 7:00 p.m.
    Register Here (space is limited) 

  • Thursday, March 5, 2020
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    [SecureWorld PLUS] Part 3 - Understanding and Using the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Board of Advisors, University of Detroit Mercy, Center for Cybersecurity and Intelligence Studies
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 215

    This course provides in depth awareness of the knowledge, skill, ability (KSA), and competency requirements, of the NIST NICE Cybersecurity Workforce Framework. The student will be given a broad, understanding of the architecture and intent of the NICE model, as well as the purpose and intent of each of the component knowledge, and specialty areas. Students will learn how to design and implement a practical cybersecurity infrastructure solution, that directly applies the job role recommendations, which are specified in the NICE Workforce Model, to the real-world cybersecurity policy guidance requirements of the NIST Cybersecurity Framework.

    Who should attend:
    Any type of C-Level (including CFO and COO)
    Strategic Planners
    Cybersecurity Architects
    Cybersecurity Analysts
    Human Resources Planners

    What will be the audience “take-away”?:
    The student will be able to produce a cybersecurity solution that is tailored to their specific organizational application, which is based on the two most commonly accepted models for cybersecurity best practice.

    8:00 am
    [SecureWorld PLUS] Part 3 - Deciphering Cloud Security Architecture
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    VP, IT Security, McCormick
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 206A

    The training course will include foundational cloud security materials such as cloud fundamentals, securing cloud infrastructure (IaaS, PaaS), practical steps to managing cloud security risks, and data security in the cloud sphere. In the first part we will cover introduction to cloud computing and relevant services. This is crucial for anyone aspiring to manage, architect or support cloud computing. The topics will include fundamentals of cloud computing, including definitions, architectures, and the role of data virtualization. The session will also include cloud computing service models, delivery models, and the fundamental characteristics of cloud and the shared the shared responsibilities model.

    In part two we will be covering steps necessary to be taken in order to achieve infrastructure security for cloud computing and security risks. This is will include how to secure the core infrastructure for cloud computing, cloud components, networks, management interfaces, administrator credentials and identity access management. Also, we will a cursory discussion on virtual networking and workload security, basics of containers and serverless infrastructure. We will conclude this section by introducing cloud risk management and considerations of managing security for cloud computing.

    Part three will begin by covering a continuation of risk management from part two. The topics will include risk assessment and governance, legal and compliance issues, and discovery requirements in the cloud. We will also cover a select list of CSA risk tools including the CAIQ, CCM, and STAR registry and how cloud impacts IT audits. This will include data security in the cloud, delving deep into data protection in the cloud, how data is stored and secured in the cloud.  Finally, we will go over how data security lifecycle is impacted by cloud, how to apply security controls in a cloud environment, data security issues with different delivery models, and managing encryption in and for the cloud.

    The key takeaway from this course is that it this course can be used as an introductory preparation for both ISC2-CCSP certification or CCSK examinations. Also, the body of knowledge covered in this course will enhance any practitioner’s preparedness to respond to cloud security related risks.

     

    8:30 am
    Building a Cybersecurity Program
    • session level icon
    speaker photo
    CISO, DuHart Consulting
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 211AB

    Smaller organizations and first time program leads often struggle with the building blocks of a solid Cybersecurity program. This presentation will help individuals and organizations understand what are the core building blocks and how to use those to build and effective program for your organization.  Attending this presentation will provide a better understanding of:

    • Why build a Cybersecurity program
    • Tailoring a program to your organization and it’s risks
    • Understanding of cyber frameworks and how to use them
    • Embedding culture into a program
    • Sustaining your program
    8:30 am
    Pandemic Planning: What Security Professionals Need to Know
    • session level icon
    speaker photo
    Director, IT Risk Advisory Services, Experis Finance
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 212AB

    Managing operational resilience in today’s digital environment is extremely challenging, whether your organization is public, private or governmental. But what happens when the threat is not a computer virus, but a biological one causing much of your workforce to call in sick, either because they are infected or because they are afraid to come in to work. In response to the potential for a widespread pandemic, many organizations have decided it’s time to create a plan for how essential business processes can be sustained and operated securely in the face of a pandemic. This approach to proactively dealing with the potential threat of a pandemic increases the organization’s awareness of the potential impacts and costs, and enables them to take actions that reduce the overall risk to the organization, minimize the impact of a pandemic on essential operations, and more predictably ensure the continuity of essential services such as information security.

    This session will provide a high-level overview of the impact of a pandemic and explore the following aspects of what is involved:

    • How past pandemics provide us with a baseline for understanding the potential impact on an organization
    • Which elements of business resiliency planning are most applicable to pandemic planning
    • Which elements of pandemic planning differ from traditional business resiliency planning
    • Estimating the impact of a pandemic on your supply chain and service providers
    • How to determine your organization’s readiness to continue essential operations during a pandemic
    • Practical ways to assess your current and future organizational exposure under different scenarios
    • Who are the major players (internal and external) that should be involved in pandemic planning
    • What are some practical steps to begin implementing pandemic planning in your organization

    Whether or not you have created and tested a formal pandemic plan through tabletop exercises or actual resiliency tests, this session will provide practical advice on what is involved in pandemic planning, how to incorporate it in your organization’s overall business resiliency efforts, and what pandemic planning can mean to improving your organization’s ability to continue to operate during such a crisis.

    8:30 am
    Connected Devices Need Connected Teams
    • session level icon
    speaker photo
    CISO, SPX Corporation
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 219AB
    IoT security is a growing concern as the number of connected devices increases. California, Oregon and the EU now regulate the security of IoT devices. Leveraging compliance to create IT/Security partnership with Engineering, Application and R&D teams is an opportunity to create successes for your business.
    Leveraging compliance to create IT/Security partnership with Engineering, Application and R&D teams is an opportunity to create successes for your business.
    Presentation Level: MANAGERIAL (security and business leaders)
    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    [OPENING KEYNOTE]: The Cyberlous Mrs. Maisel: A Comedic (and Slightly Terrifying) Introduction to Information Warfare
    • session level icon
    speaker photo
    Reuben Everett Cyber Scholar and Researcher, Duke University Center on Law & Technology
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Like a dear family relative who won’t stop talking at Thanksgiving dinner, a backdoor exploit also talks to anyone who’ll listen. Come listen to the Cyberlous Mrs. Maisel! She’ll offer a satirical reflection on how we engage with technology in the Information Age and explain the basic historical principles that animate Russia’s approach to information warfare. Topics covered include maskirovka (i.e., camouflage, concealment, and deception), reflexive control, and disinformation, among others. Although a strategic objective of information warfare is to induce complacency with falsehoods, this presentation’s unique style can help jolt the public’s consciousness awake through its originality and bite.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council LUNCH Roundtable — (VIP / Invite Only)
    • session level icon
    Topic: Prioritization of Top 20 Critical Security Controls
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 1:00 pm
    Location / Room: 216AB

    This session is for our Advisory Council members only.
    Lunch will be served.

    11:15 am
    [IntSights] CISO's Guide to Proactive Breach Mitigation Using Threat Intelligence
    • session level icon
    speaker photo
    Sales Engineer Manager, IntSights
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 219AB
    Juan Marin, Sales Engineer Manager at IntSights will take you on a tour of the dark web and explain how CISO’s can successfully implement a threat intelligence strategy to neutralize threats outside the wire and at the earliest stages of the cyber kill chain. Join this session to learn active measures to bolster your external cyber defense and response, including practical strategies to accelerate SecOps activities with dark web threat intelligence.
    Presentation Level: MANAGERIAL (security and business leaders)
    11:15 am
    The DoD’s Cybersecurity Maturity Model Certification (CMMC) is Coming – Are You Ready?
    • session level icon
    speaker photo
    Sr. Member, Technical Staff, CERT Division, Software Engineering Institute - Carnegie Mellon University
    speaker photo
    Sr. Member, Technical Staff, CERT Division, Software Engineering Institute - Carnegie Mellon University
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 211AB
    To achieve better security across the US DIB supply chain, the DoD is developing the Cybersecurity Maturity Model Certification (CMMC). Companies will be required to acquire a CMMC Certification Level ranging from basic hygiene to “State-of-the-Art”. A required CMMC level will be contained in each contract and will be a “go/no-go decision”.
    The model architects will present:
    • The call to action for the development of CMMC
    • A look at included sources and standards
    • A detailed explanation of the maturity aspect of CMMC, both technical capability and process institutionalization
    • A look at current references available to DIB contractors on CMMC

    Presentation Level: MANAGERIAL (security and business leaders)

    11:15 am
    [DHG] How Prepared is Your Organization for a Ransomware Attack?
    • session level icon
    speaker photo
    Sr. Cybersecurity Manager - IT Advisory, Dixon Hughes Goodman LLP
    speaker photo
    Co-Founder & President of Consulting Services, Soteria
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 212AB

    While ransomware has become the new exploit of choice for adversaries, these attacks can usually be thwarted by default configurations most organizations do not have enabled. By coupling these changes with techniques employed by cybersecurity experts, we will review key approaches to implement and help protect your organization today.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

     

    12:15 pm
    LUNCH KEYNOTE
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:15 pm
    Location / Room: Keynote Theater
    1:15 pm
    [Panel] Incident Response – Clean up on Aisle 9. Bring a Mop!
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 219AB

    Just about every week we hear about some new breach, attack, scheme, etc. Sadly, it’s widely accepted in the business world that it is not a case of if but when your will be compromised. When do you get law enforcement involved? PR? The Board of Directors? General council? There is a lot of moving parts that need to be addressed after an incident so, you better have a plan in place AND the right people.  Our panel will help you wrap your head around a proper response plan as well as insights on conducting practice drills and maturing your IR plan.

    1:15 pm
    Birds of a Feather Discussion Groups
    • session level icon
    Topic: Career Development: Becoming a CISO
    speaker photo
    Vulnerability Management, Bank of America
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Exhibitor Floor (Booth #105)
    1:15 pm
    Birds of a Feather Discussion Groups
    • session level icon
    Topic: Communicating to the Board
    speaker photo
    Director, Risk Science, FAIR Institute
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Exhibitor Floor (Booth #130)

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Corporate Threat Actor Psychological Profiles: Towards a Formal Ontology for Automatic Detection of Psychological Risk Factors
    • session level icon
    speaker photo
    CISSP, Cyber Threat Researcher, Federal Reserve Bank at Cleveland
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 211AB

    Human psychology plays an important role in organizational performance. However, understanding our employees is a difficult task, due to issues such as psychological complexities, unpredictable dynamics, and the lack of data. Decision support systems with artificial intelligence can be a scalable solution, but such systems require a human-designed ontology for Symbolic AI reasoning. This talk aims to provide a list of corporate threat actor psychological profiles including those of insider hackers; emphasizing the similarities and differences between them, on which, future ontologies can be built for automatic detection of related psychological risk factors.
    Take-away:
    1. Definitions of Corporate Threat Actors
    2. Their profiles based on clinical psychology research
    3. How are they compared to each other
    4. A sample ontology for moving forward
    Presentation Level: TECHNICAL (deeper dive including TTPs)

     

    3:00 pm
    Maturing a Cybersecurity Program
    • session level icon
    speaker photo
    CISO, DuHart Consulting
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 219AB

    Whether you are a small organization, single person on a cybersecurity team or inheriting a multinational cybersecurity program, this talk will provide context for you to mature your program.  This presentation will help you define your own program maturity level and how to better your program. Attending the presentation will provide a better understanding of:

    • Why and what is maturity in a cybersecurity program
    • How to build risk based maturity into running a program
    • Cybersecurity as a culture
    • Communicating maturity and KPIs to the board and senior leaders including examples
    3:00 pm
    Are You Ready for the Convergence of IIoT, OT, and IT Security?
    • session level icon
    speaker photo
    VP, IT Security, McCormick
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 212 AB

    Business transformation and drive for smart factory initiatives has placed demands on business leaders to leverage relevant technologies to achieve the desire end goal of operational excellence. The technologies such as industrial internet of things (IIoT) are being layered on top of manufacturing floor machinery to provide that needed insight into business operations and productivity. These improvement and perceived operational excellence have come with cyber security risks which were not a common place in manufacturing space previously. It for this reason that there is now a convergence between operation technology (OT), Industrial internet of things (IIoT) and IT. This intersection is becoming very evident in manufactural, supply chain and traditional production organization or companies.

    Most of these manufacturing machineries were never directly connected to the ethernet networks and as such the risk was very minimal. In some cases, these organizations had organized security based on perimeter controls such as data center firewalls, site firewalls, floor firewalls that provide segmentation or microsegment between corporate IT and manufacturing operation technology (OT space). However, if the individual devices that are connected on the OT side become compromised and the threat has access to that communication link, a hacker can push malicious data, cause denial of service (DoS), or introduce malware or viruses to the entire network — even if there is a secure communication link. There are many ways to run into problems on the OT/IoT front if companies are not careful in their network design security implementation. These increase the risk and a re-thinking of how to architect security appropriately to meet the ever-evolving threat landscape with relevant implications to OT/IIoT and larger enterprise network.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

Exhibitors
  • AccessIT Group
    Booth: 215

    AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.

    AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.

  • Arctic Wolf Networks
    Booth: 110

    Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOCTMservice is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit https://www.arcticwolf.com.

  • Ballantyne IT Professionals
    Booth: 115

    A non-profit technology professional group formed in 2011 under the premise to provide a relaxing atmosphere for IT Professionals living and working in the Ballantyne area of Charlotte North Carolina to build relationships and share ideas. Our mission is to Connect IT, Build IT, Create IT and Give Back to IT & Our Community.

  • Bitglass
    Booth: TBD

    Your company’s move to the cloud delivers flexibility and cost savings, but that doesn’t mean you should lose control of your data. Bitglass’ Cloud Access Security Broker (CASB) solution enables your enterprise to adopt cloud apps while ensuring data security and regulatory compliance. Bitglass secures your data in the cloud, at access, on any device.

    Bitglass was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.

  • BitSight
    Booth: TBD

    BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog or follow @BitSight on Twitter

  • Check Point Security
    Booth: 155

    Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. We are committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.

  • Checkmarx
    Booth: 185

    Checkmarx is the global leader in software security solutions for modern enterprise software development. Checkmarx delivers the industry’s most comprehensive software security platform that unifies with DevOps and provides static and interactive application security testing, SCA and developer AppSec training to reduce and remediate risk from software vulnerabilities. www.checkmarx.com.

  • Cloud Passage
    Booth: 150

    CloudPassage® Halo® is the world’s leading agile security platform that provides instant visibility and continuous protection for servers in any combination of data centers, private clouds and public clouds. Halo uses minimal system resources; so layered security can be deployed right at every workload – servers, instances and containers.

  • Cloud Security Alliance (CSA)
    Booth: 235

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • CyberArk Software
    Booth: 145

    CyberArk (NASDAQ: CYBR) is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including 50 percent of the Fortune 500, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.

  • Cybereason
    Booth: TBD

    Cybereason was founded in 2012 by a team of ex-military cybersecurity experts with the mission of detecting and responding to complex cyber-attacks in real time. Cybereason is the only Endpoint Detection and Response platform deployed in user space that detects both known and unknown attacks and connects isolated indicators of compromise to form a complete, contextual attack story. Cybereason’s behavioral analytics engine continuously hunts for adversaries and reveals the timeline, root cause, adversarial activity, related communication and affected endpoints and users of every attack. Cybereason provides security teams with actionable data, enabling fast decision making and proper response.

  • Darktrace
    Booth: 100

    Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,000 organizations to protect against threats to the cloud, email, IoT, networks and industrial systems.

    The company has over 1000 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.

  • DHG
    Booth: 205

    Headquartered in Charlotte, NC, DHG ranks among the top 20 public accounting firms in the nation. With more than 2,000 professionals in 13 states, we combine deep experience with a strong commitment to personal service. We are passionate about helping our clients succeed—and we do so through a resourceful approach to solving problems, providing solutions and helping our clients achieve their goals.

    Dedicated client focus and relationships have been and always will be our touchstone. Here at DHG, you’ll receive personalized service provided by a team of professionals who are eager to share their knowledge and experience with you. We draw on our extensive resources to combine comprehensive assurance, tax and advisory services.

  • Digital Shadows
    Booth: TBD

    Digital Shadows monitors and manages an organization’s digital risk, providing relevant threat intelligence across the widest range of data sources within the open, deep, and dark web to protect their brand, and reputation.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Exabeam
    Booth: 170

    The Exabeam Security Intelligence Platform provides organizations of all sizes with end-to-end detection, analytics, and response capabilities from a single security management and operations platform. Exabeam SIP includes Exabeam Log Manager, a modern log management system, built on top of ElasticSearch to provide unlimited data ingestion at a predictable, cost effective price. Exabeam SIP detects complex, multi-stage threats using the analytics capabilities of Exabeam Advanced Analytics; the world’s most deployed User and Entity Behavior Analytics (UEBA) solution. Finally, Exabeam SIP improves incident response efficiency with Exabeam Incident Responder, an API based security orchestration and automation solution.

  • ForeScout Technologies, Inc.
    Booth: 145

    ForeScout Technologies, Inc. has pioneered an agentless approach to network security to address the explosive growth of the Internet of Things (IoT), cloud computing and operational technologies (OT). We offer a highly scalable, heterogeneous platform that provides Global 2000 enterprises and government agencies with agentless visibility and control of today’s vast array of physical and virtual devices the instant they connect to the network. Our technology continuously assesses, remediates and monitors devices and works with disparate security tools to help accelerate incident response, break down silos, automate workflows and optimize existing investments. As of June 30, 2018, more than 2,900 customers in over 80 countries improve their network security and compliance posture with ForeScout solutions.

  • FRSecure
    Booth: 160

    FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution, and destruction. Information security is not a one-size-fits-all as others would lead you to believe. FRSecure works hard to assess your most significant vulnerabilities, put a plan together for managing those risks, and helps you execute that plan.

  • Gigamon
    Booth: 148

    Gigamon is leading the convergence of network and security operations to reduce complexity and increase efficiency of security stacks. Our GigaSECURE® Security Delivery Platform is a next generation network packet broker that makes threats more visible – across cloud, hybrid and on-premises environments, deploy resources faster and maximize the performance of security tools.

  • Gradient Cyber
    Booth: 245

    We uniquely visualize an organization’s cybersecurity risks, reduce logs and alert noise to actionable insights and establish a cyber health roadmap for immediate value and long term improvements to its security posture.

  • GuidePoint Security LLC
    Booth:

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

  • Institute of Internal Auditors (IIA)
    Booth:

    Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.

  • InfraGard
    Booth:

    InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of individuals, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.

    The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.

  • Insight
    Booth: 275

    Insight is a leader in providing smart, cutting-edge technology solutions for global organizations of all sizes. From developing unique strategies to delivering the products, services and expertise, we’ll help your business run more efficiently and modernize through Insight Intelligent Technology Solutions.

  • Intsights
    Booth: 250

    IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the open, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world.

  • ISACA Charlotte
    Booth: 180

    Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the region.

  • ISSA Charlotte Chapter
    Booth: 240

    The Charlotte ISSA chapter is committed to providing the Information Security professionals of Charlotte opportunities to grow both technically and professionally through training, meetings and summits.

  • Lake Norman IT Professionals
    Booth:

    Our vision is to meet IT professionals within our Local IT community for learning, sharing, community outreach, leadership and professional growth. We are a 501c4 Non-Profit entity, and donate a significant portion of our sponsorship dollars to the E2D organization, who is helping to eliminating the digital divide!

  • Mimecast
    Booth: 240

    Mimecast Is Making Email Safer For Business.

    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service. Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • NCTECH Association
    Booth: 120

    Founded in 1993, the North Carolina Technology Association (NCTA) is a 501 (c) (6) not-for-profit association focused on advancing the state’s tech industry. NCTA has 700+ member companies, organizations and institutions representing more than 200,000 North Carolina based employees.

  • NetSkope
    Booth: TBD

    Netskope offers the industry’s only all-mode architecture that supports any use case. This starts with the option of being deployed 100 percent in the cloud, as an on-premises appliance, or via a hybrid configuration that includes both. When it comes to traffic steering, Netskope supports every possible out-of-band and inline mode, including forward and reverse proxy, secure TAP, API, and log-based discovery. These modes are often used in parallel to cover customers’ multiple use cases.

  • North Carolina Center For Cybersecurity
    Booth: 135

    Headquartered in Winston-Salem, the North Carolina Center for Cybersecurity, a 501(c)3 organization, accelerate regional economic development through applied cybersecurity to foster economic development. It will also position North Carolina as a leader in cybersecurity workforce development at the community level to help existing businesses meet the global demand for a more secure supply chain. Regional hubs across the state, operating under the umbrella of the North Carolina Center for Cybersecurity (NCCC), will concentrate on: Workforce development aimed at training students and retraining the local workforce to solve practical cybersecurity problems and help companies seeking a consistent supply of cybersecurity talent across multiple disciplines. Public, private, and academic collaboration focused on developing practical solutions to commercial cybersecurity problems that match each region’s economic strengths.

  • Okta
    Booth: 260

    Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

  • Optiv
    Booth: 255

    The world’s most trusted and reputable security solutions integrator, Optiv enables its clients to realize stronger, simpler and less costly cyber security programs. The company combines decades of real-world business, security strategy and technical experiences with in-depth security products knowledge to bring order to the cyber security chaos.

  • OWASP
    Booth:

    The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

  • Preempt Security
    Booth: 230

    Preempt delivers a modern approach to authentication and securing identity in the Enterprise. Using patented technology for Conditional Access, Preempt helps Enterprises optimize Identity hygiene and stop attackers and insider threats in real-time before they impact business. Preempt continuously detects and preempts threats based on identity, behavior and risk across all cloud and on-premises authentication & access platforms. This low friction and more prescriptive approach empowers security teams more visibility & control over accounts and privileged access, achieve compliance and auto-resolve incidents. Learn more:  www.preempt.com.

  • Proofpoint
    Booth: 140

    Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.

    Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.

  • RedSeal
    Booth: TBD

    At RedSeal, our vision is to become the essential analytics and decision-making platform for building digitally resilient organizations people can trust. We do this by becoming the measure by which every organization can quantify its digital resilience. As thought leaders on resilience, we envision every organization starting the security discussion with the question “What’s our Digital Resilience Score?” Founded in 2004, RedSeal is headquartered in Sunnyvale, California.

  • ReliaQuest
    Booth: 210

    ReliaQuest fortifies the world’s most trusted brands against cyber threats with its platform for proactive security model management. Acting as a force multiplier on an organization’s existing cybersecurity investments, only ReliaQuest’s GreyMatter integrates disparate technologies to provide a unified, actionable view that fills the gaps in enterprise security programs.

  • Securonix
    Booth: 200

    Securonix is redefining the next generation of cyber-threat detection using the power of machine learning and big data. Our purpose-built security analytics platform uses machine learning to track and create baselines of user, account, and system behavior and detects the most advanced insider threats, cyber threats, and fraud activities in real time. Built on a Hadoop platform, the Securonix solution provides an open platform with unlimited scalability. Securonix provides incident orchestration capabilities with playbooks that enable automated incident response. Globally, customers use Securonix to address their insider threat, cyber threat, cloud security, fraud, and application security monitoring requirements. Visit www.securonix.com.

  • SentinelOne
    Booth: TBD

    SentinelOne is the future of Endpoint Protection. It unifies prevention, detection and response in a single platform driven by sophisticated machine learning and intelligent automation. With SentinelOne, organizations can detect malicious behavior across multiple vectors, rapidly eliminate threats with fully-automated, integrated response capabilities, and adapt their defenses against the most advanced cyber attacks.

  • Siemplify
    Booth: 175

    The  Siemplify  team is comprised of cyber-security professionals, veterans of Israeli intelligence agencies. We bring rich experience in security analysis,  management  and operations and are backed by experts in data science and applied mathematics.

    WE BELIEVE In the modern world of cyber threat analysis, investigation and management should be more holistic, intuitive and simple. Technology and data science should serve cyber security experts by providing all the relevant information about the threat in real-time and focus them  in  rapid decision making.

  • Snyk
    Booth: TBD

    Snyk is a developer-first security company that helps organizations use open source and stay secure. Snyk is the only solution that seamlessly and proactively finds and fixes vulnerabilities and license violations in open source dependencies and container images. Founded in 2015, Snyk is based in London, England.

  • Spirion
    Booth: TBD

    Spirion is a leading enterprise data management software solution that provides high-precision searches and automated classification of unstructured and structured data with unparalleled accuracy.  Spirion helps businesses reduce their sensitive data footprint and proactively minimize risks, costs and reputational damage of cyberattacks by discovering, classifying, monitoring and protecting sensitive data.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Triaxiom Security
    Booth: 220

    Triaxiom Security is an information security firm that specializes in penetration testing and strategic security consulting. Based out of Charlotte, NC, we’re a team of creative and collaborative individuals dedicated to providing top-of-the-line security services to our customers of all sizes and across all industries throughout the United States.

    Our goal is to build lasting relationships with our customers, helping them to bolster their organizational security posture. We aim to do that by providing critical information to your team for you to make data-driven decisions that can optimize your internal resources and help you navigate the current cybersecurity landscape.

  • Trustwave
    Booth: 165

    Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries.

  • WhiteSource
    Booth: 195

    WhiteSource empowers software & security teams to develop better software by harnessing the power of open source. We help you manage open source components used in your products, automatically & continuously.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Ken E. Sigler
    Board of Advisors, University of Detroit Mercy, Center for Cybersecurity and Intelligence Studies

    Ken Sigler has served as a full-time faculty member of the Computer Information Systems program at the Auburn Hills Michigan campus of Oakland Community College since 2001, while his primary research is in the area of cybersecurity education, policy, and management; software management; and software assurance. Ken serves as the Liaison for the college as one of three founding members of the Midwest Chapter for CISSE and is an active member of the University of Detroit Mercy Center for Cybersecurity and Intelligence Studies Board of Advisors.

    Ken is co-author of these books:
    • “Cybersecurity: Engineering a Secure Information Technology Organization"
    • “Securing an IT Organization through Governance, Risk Management, and Audit”
    • "Cyber Security: A Guide to the National Initiative for Cybersecurity Education (NICE) Framework (2.0)"
    • "The Complete Guide to Cyber Security Risks and Controls"
    • "Implementing Cybersecurity: A Guide to the National Institute of Standards and Technology Risk Management Framework"
    • “Supply Chain Risk Management – Applying Secure Acquisition Principles to Ensure a Trusted Technology Project"
    • "How to Build a Cyber-Resilient Organization"
    • "The Cybersecurity Body of Knowledge: The ACM/IEEE/AIS/IFIP Recommendations for a Complete Curriculum in Cybersecurity," due to be published in spring 2020.

  • speaker photo
    Dr. John Opala
    VP, IT Security, McCormick

    Cybersecurity thought leader with over 19 years of technical and leadership experience in multiple disciplines.

  • speaker photo
    Rick Doten
    CISO & VP, Information Security, Carolina Complete Health

    Rick is CISO of Carolina Complete Health, a state healthcare plan for Centene Corporate. Rick has run ethical hacking, application security, incident response & forensics, and risk management teams throughout his 25 years in IT Security. Rick has been the first CISO for two companies. He has also consulted as a virtual CISO for many industries and companies around the world. Other notable roles over last 20 years have been as a Risk Management consultant at Gartner, Chief Scientist for Lockheed Martin’s Center for Cyber Security Innovation, and Managing Principal in the Professional Security Services practice at Verizon.

  • speaker photo
    Matt Donato
    Co-Founder & Managing Partner, HuntSource

    Matt Donato is a Co-Founder & Managing Partner of HuntSource- the preeminent Executive Search and Talent Solutions firm with a niche focus in Cyber Security & Data Intelligence. Matt possesses fifteen years of experience in executive recruiting, talent solutions, workforce planning, and talent management. He is a thought leader and recruiting industry expert with in-depth knowledge of working with small to large size organizations across all industries. Over the years his experience has included leading a variety of strategic and tactical functions, organizational training, and talent mapping. Donato continues to help elevate companies by identifying key talent and fostering relationships within the Cybersecurity and Technology industry. Matt received his BS in Economics from Roanoke College and his Executive MBA from Wake Forest School of Business.

  • speaker photo
    Tammy Moskites
    Ponemon Institute Distinguished Fellow, Career CISO & Former CISO, Time Warner Cable; CEO & Founder, CyAlliance

    Tammy is the CEO and Founder of CyAlliance. She is a strategic advisor to companies, vendors and startups by leading, building and scaling security offerings while providing CISO as a Service and virtual CISO (vCISO) services for companies worldwide. With her 30 years of experience, she is noted by her peers to be a results-driven and passionate executive leader. She is a distinguished career CISO, and she has held many security and technology leadership roles which include; Accenture (Managing Director), Venafi (CIO/CISO), Time Warner Cable (CISO), The Home Depot (CISO) and Huntington Bank (ISO). She has dedicated her career to guide CISOs worldwide to help defend organizations from cyber threats and attacks. Amongst the many things she is involved in, she has CISM and ITIL certifications and is a Distinguished Fellow with the Ponemon Institute and volunteers her time with organizations including ISACA and ISSA. She hosts CISO Networking dinners globally to allow CISO’s to share, network and build local relationships. She is an advisor to YL Ventures where she assesses startups/early stage companies for investment in the security space. Her passion for security and her leadership expertise has been quoted, podcasted and written about in numerous articles, newspapers and magazines around the world, including London Financial Times, MIS Asia, CSO Australia, FORBES, Women’s Agenda Australia, and the cover of CSO Magazine. She holds multiple accolades which include the top fifteen 2018 Global Cyber Security thought leaders by IFSEC Global, 2013 Top 25 Global CISO’s Evanta, ISE North America’s People’s Choice 2011 and 2012, Australia's Woman of the Week, Finalist for CIO of the Year and Security Champion of the Year at the Women in IT Awards Silicon Valley 2018. She is an internationally recognized keynote/speaker, not only on security and governance, but also on career building, women in technology and leadership mentoring. She is a diversity champion. Tammy also dedicates her personal time as a professional independent leadership and career mentor. Tammy continually provides strategic guidance to other industry-leading security vendors where she is currently a company board advisor to Attivo Networks, Raxis, RiskIQ and Venafi – previously to Box and Qualys.

  • speaker photo
    Mike Muscatell
    Sr. Manager Information Security, Krispy Kreme

    Mike Muscatell is a seasoned IT veteran with more than 21 years in the Information Security field. He is a certified ethical hacker. Was honored as top 100 professionals in the Information Security Field by Strathmore's for 2014. Member of a number of security organizations including Infragard, US Chamber of Commerce Cyber Committee.

  • speaker photo
    Ryan Hausknecht
    Instructor, University of North Carolina at Charlotte

    Ryan Hausknecht specializes in red teaming as a Security Consultant at SpecterOps and is an instructor for cybersecurity at UNC Charlotte. He is a former Forensic Consultant, Information Security Analyst, and Penetration Tester who has dealt with clients ranging from local government to enterprise-sized businesses. Ryan graduated Summa Cum Laude from Norwich University with a Bachelor's in Cyber Security and is a current SANS GPEN, SANS GWAPT, and OSCP holder.

  • speaker photo
    Grant Asplund
    Global Cloud Evangelist, Check Point Software Technologies

    Through the acquisition of Dome9 Security, Grant Asplund has returned to Evangelize for Check Point Software Technologies. Grant was the first Check Point Evangelist in 1998. Grant has more than 30 years of experience in sales, marketing, business development and management in enterprise software with the last 20 years focused within security. Grant was Principal Evangelist for Dome9 when Check Point made the acquisition. Grant has held worldwide evangelist roles at Check Point Software Technologies and more recently Blue Coat Systems, Inc. where he was Director of Evangelism. Grant has also held the Head of Market Development and Sales for Altor Networks, and was Vice President, Enterprise Sales for NeuStar. Additionally, he was President and CEO of MetaInfo before successfully selling the company to NeuStar. Grant brings his unique story-telling style mixed with high energy and passion, representing Dome9 at public events and conferences worldwide. Grant has also been a featured speaker and panelist at numerous industry trade shows, conferences and several radio blogs which include RSAC, Next100 CIO’s and BlogTalkRadio.

  • speaker photo
    Moderator: Benjamin Agner
    Sr. Manager, Global Security, Aflac Subsidiary Security
  • speaker photo
    Ben Schwering
    CISO, Premiere, Inc.
  • speaker photo
    Joel Lowe
    Director of Physical and Cyber Security, Red Ventures

    Joel Lowe has more than 14 years of experience in remediating threats, vulnerability management, risk management, data privacy, and information security programs. These programs focus on overseeing private data protection, corporate governance, risk management strategy, Certification & Accreditation, Incident Response, forensics and executive leadership for fortune 300 companies. Mr. Lowe has a track record of being a strong collaborator, industry advisor, thought leader, and business partner. He is chartered to build a best in class security program to stay ahead of the regulatory and threat landscape. Mr. Lowe is the former Director of physical and cyber security at Red Ventures and former Director of Information security at Sonic Automotive. He also worked over 8 years with the United State Department of Energy (DOE) as a Cyber Security leader.

    Mr. Lowe holds a master’s degree in Information Systems with a concentration in Networking from North Carolina Central University and a bachelor’s degree from North Carolina Agricultural & Technical State University. He also possesses the Chief Information Security Officer Certification (C|CISO), and Payment Card Industry Professional (PCIP) certifications.

  • speaker photo
    Mike Brannon
    Director, Infrastructure & Security, National Gypsum

    Mike Brannon is an experienced IT professional and long-term employee at National Gypsum Company (NGC). His IT career began in 1977, and he joined NGC in 1985. Mike leads the teams that provide infrastructure and security: "We Keep National Gypsum Running."

  • speaker photo
    Pete Murphy
    IT Advisory Executive, CareSource

    Pete Murphy is a well-established leader, builder and collaborator with high standards for personal integrity and a bias for action. He has demonstrated senior level leadership experience building, growing, improving and operating business systems and processes as a CIO, CTO, CISO, Risk Leader and Data and Analytics executive.
    He specializes in solving big and small problems with people (teams and organizations), processes (reliable and scalable stand-alone and cross-functional operating processes) and technology (implementing, integrating and managing technology and digital transformation improvements). He has developed his expertise in both large and small companies, including entrepreneurial start-ups.
    As a Cybersecurity leader, Pete has been fortunate to have been a pioneer on the front lines as Cybersecurity moved from the side stream of business into the mainstream. Select highlights include:
    • Designed and built Bank of America’s first capabilities for Security Awareness, Security Engineering, Global Incident Response and Network Defense, Attack and Penetration Testing, Vulnerability Management and Investigations and Digital Forensics.
    • Represented Bank of America in the national effort to improve critical infrastructure protection under PDD 63.
    • Managed investigations with the FBI, Secret Service and corporate counsel.
    • Managed global incident responses for internet-based malware and threat actors.
    • First corporate CISO for AmSouth Bank (now Regions Financial) and TIAA and built their first cybersecurity programs.
    • Co-patent holder for systematic analysis and assessment of technology risks.
    • Implemented security and resiliency designs which successfully defended against ransomware attacks.
    • Co-founder, UNC Charlotte Cybersecurity Symposium.

  • speaker photo
    James Keegan
    Director, Information Security, Essent Guaranty, Inc.
  • speaker photo
    Mike Brannon
    Director, Infrastructure & Security, National Gypsum

    Mike Brannon is an experienced IT professional and long-term employee at National Gypsum Company (NGC). His IT career began in 1977, and he joined NGC in 1985. Mike leads the teams that provide infrastructure and security: "We Keep National Gypsum Running."

  • speaker photo
    Michael Butterfield
    Regional Architect - Mid-Atlantic, Check Point Software Technologies

    Michael Butterfield is Security Architect at Check Point, where he supports 30+ engineering teams responsible for hundreds of customers across the Mid-Atlantic. He is primarily focused on helping enterprises design, consolidate, and integrate security controls into emerging technology platforms. Over an 18-year career in cybersecurity, Michael has designed, built, and maintained network security systems for organizations ranging from small business to large international enterprise, in both commercial and government sectors. Most recently, he has focused on helping customers secure their digital transformation to cloud systems.

  • speaker photo
    Mike Muscatell
    Sr. Manager Information Security, Krispy Kreme

    Mike Muscatell is a seasoned IT veteran with more than 21 years in the Information Security field. He is a certified ethical hacker. Was honored as top 100 professionals in the Information Security Field by Strathmore's for 2014. Member of a number of security organizations including Infragard, US Chamber of Commerce Cyber Committee.

  • speaker photo
    Margarita Rivera
    VP, Information Security, Risk & Compliance, LMC (a Lennar Company)

    An Information Security Executive with over 15 years of experience, Margarita Rivera has thrived her entire career on solving complex problems. Margarita has dedicated her professional journey to building Information Security Risk, Compliance and Privacy Programs and continues to do so as the Head of Information Security at LMC, a Lennar Corporation. Margarita has a bachelor’s degree in Business Administration and is currently pursuing her Masters in Cybersecurity at Harvard University. She has several professional certifications including the Certified Information Systems Security Professional (CISSP), Certified Information Privacy Technologist (CIPT), and the Certified Risk and Information Systems Controls (CRISC) to name a few. Margarita is also very involved within the Security community. She currently serves on the Governing Body for Evanta, the Advisory Board for SecureWorld and is a member of the ISACA and ISSA.

  • speaker photo
    Ken E. Sigler
    Board of Advisors, University of Detroit Mercy, Center for Cybersecurity and Intelligence Studies

    Ken Sigler has served as a full-time faculty member of the Computer Information Systems program at the Auburn Hills Michigan campus of Oakland Community College since 2001, while his primary research is in the area of cybersecurity education, policy, and management; software management; and software assurance. Ken serves as the Liaison for the college as one of three founding members of the Midwest Chapter for CISSE and is an active member of the University of Detroit Mercy Center for Cybersecurity and Intelligence Studies Board of Advisors.

    Ken is co-author of these books:
    • “Cybersecurity: Engineering a Secure Information Technology Organization"
    • “Securing an IT Organization through Governance, Risk Management, and Audit”
    • "Cyber Security: A Guide to the National Initiative for Cybersecurity Education (NICE) Framework (2.0)"
    • "The Complete Guide to Cyber Security Risks and Controls"
    • "Implementing Cybersecurity: A Guide to the National Institute of Standards and Technology Risk Management Framework"
    • “Supply Chain Risk Management – Applying Secure Acquisition Principles to Ensure a Trusted Technology Project"
    • "How to Build a Cyber-Resilient Organization"
    • "The Cybersecurity Body of Knowledge: The ACM/IEEE/AIS/IFIP Recommendations for a Complete Curriculum in Cybersecurity," due to be published in spring 2020.

  • speaker photo
    Dr. John Opala
    VP, IT Security, McCormick

    Cybersecurity thought leader with over 19 years of technical and leadership experience in multiple disciplines.

  • speaker photo
    Happy Hour
  • speaker photo
    Ken E. Sigler
    Board of Advisors, University of Detroit Mercy, Center for Cybersecurity and Intelligence Studies

    Ken Sigler has served as a full-time faculty member of the Computer Information Systems program at the Auburn Hills Michigan campus of Oakland Community College since 2001, while his primary research is in the area of cybersecurity education, policy, and management; software management; and software assurance. Ken serves as the Liaison for the college as one of three founding members of the Midwest Chapter for CISSE and is an active member of the University of Detroit Mercy Center for Cybersecurity and Intelligence Studies Board of Advisors.

    Ken is co-author of these books:
    • “Cybersecurity: Engineering a Secure Information Technology Organization"
    • “Securing an IT Organization through Governance, Risk Management, and Audit”
    • "Cyber Security: A Guide to the National Initiative for Cybersecurity Education (NICE) Framework (2.0)"
    • "The Complete Guide to Cyber Security Risks and Controls"
    • "Implementing Cybersecurity: A Guide to the National Institute of Standards and Technology Risk Management Framework"
    • “Supply Chain Risk Management – Applying Secure Acquisition Principles to Ensure a Trusted Technology Project"
    • "How to Build a Cyber-Resilient Organization"
    • "The Cybersecurity Body of Knowledge: The ACM/IEEE/AIS/IFIP Recommendations for a Complete Curriculum in Cybersecurity," due to be published in spring 2020.

  • speaker photo
    Dr. John Opala
    VP, IT Security, McCormick

    Cybersecurity thought leader with over 19 years of technical and leadership experience in multiple disciplines.

  • speaker photo
    Andrew Dutton
    CISO, DuHart Consulting

    Strategic Global Cybersecurity leader that is accomplished in complex multinational organizations. Strong interpersonal skills and communicator. Extensive experience in cybersecurity, compliance, governance, architecture. Expert in deployment of enterprise standards, processes, and policies. Strong project management experience. Dedicated and well versed in analyzing and mitigating risk, deployment of cost-effective solutions based on business requirements, and technical architecture. Adept in changing culture and developing engaged/motivated teams as well as working individually with resources.

  • speaker photo
    Stephen Head
    Director, IT Risk Advisory Services, Experis Finance

    Stephen Head is Director of IT Risk Advisory Services for Experis Finance. He has broad-based experience in cyber risk, regulatory compliance, IT governance and aligning controls with multiple standards and frameworks. He is the author of the internationally recognized Internal Auditing Manual and Practical IT Auditing, both published by Thomson Reuters. He was International Chair of ISACA’s Standards Board and a member of the AICPA Information Technology Executive Committee. As a Certified Business Continuity Professional (CBCP), CISSP, and a CISM, he brings a unique perspective to cyber resiliency, having managed information security practices as well as business continuity programs.

  • speaker photo
    Lisa Tuttle
    CISO, SPX Corporation

    Lisa Tuttle has served as an executive leader of global organizations, managing technology teams with her engaging enthusiasm and unique combination of information security, privacy, legal, compliance, project management and business management expertise. As CISO of SPX Corporation, she provides technology vision and strategic leadership for the company's IT security, directory services, privacy/compliance, project/change management, and contracts/vendor management programs. She excels at partnering with IT and Business teams, mentoring Women in Technology and encouraging STEM education.

  • speaker photo
    J. Zhanna Malekos Smith
    Reuben Everett Cyber Scholar and Researcher, Duke University Center on Law & Technology

    J. Zhanna Malekos Smith, J.D., served as a captain in the U.S. Air Force Judge Advocate General’s Corps and is a delegate in Stanford University’s U.S.-Russia Forum. She received a B.A. from Wellesley College, an M.A. and A.K.C. from King’s College London, Department of War Studies, and J.D. from the University of California, Davis School of Law. Malekos Smith has held fellowships with the Madeleine K. Albright Institute for Global Affairs, the Belfer Center’s Cyber Security Project at the Harvard Kennedy School, and Duke University Law School as the Everett Cyber Scholar. She has presented at DEF CON, RSA, and ShmooCon, and published her research in The Hill, Defense One, and The National Interest, among others.

  • speaker photo
    Juan Marin
    Sales Engineer Manager, IntSights

    A cybersecurity professional and avid technologist advocate with 10 years of experience in effective cyber-security practices, advanced threat prevention, malware and incident response; Juan has worked with the likes of McAfee/Intel Security and Trend Micro in the past, fulfilling technical sales, advisory and customer success roles, and today forms part of the IntSights as manager of sales engineering for the Americas.

  • speaker photo
    Katie Stewart
    Sr. Member, Technical Staff, CERT Division, Software Engineering Institute - Carnegie Mellon University

    Katie Stewart is a senior member of the technical staff within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. She has more than 15 years of experience advising clients in engineering, information technology, and telecommunications industries. Katie’s current research interests include information security governance, risk management, and measurement and analysis. Katie holds a Bachelor of Science and a Master of Science in Computer Engineering from North Carolina State University and has completed executive education at the Wharton School of the University of Pennsylvania. Katie is a Certified Information Systems Security Professional (CISSP) and has served as an adjunct professor.

  • speaker photo
    Andrew Hoover
    Sr. Member, Technical Staff, CERT Division, Software Engineering Institute - Carnegie Mellon University

    Andrew Hoover is a Senior Engineer with the CERT Division of Carnegie Mellon University’s Software Engineering Institute. As a member of the Cybersecurity Assurance Team, he performs risk and resilience management work for a variety of organizations, mostly relating to critical infrastructure protection. Andrew has 16 years of experience in information technology field. Prior to joining the SEI, he worked as a technical auditor performing risk and vulnerability assessments for government and industry clients. In addition to the customer focused work Andrew teaches the public offering of the CERT Resilience Management Model (CERT-RMM) course.

  • speaker photo
    Douglas Jambor
    Sr. Cybersecurity Manager - IT Advisory, Dixon Hughes Goodman LLP

    Douglas has 13 years of penetration testing experience in the information technology field, focusing on information systems security and information security risk management. He is DHG’s cybersecurity subject leader and manager over all of the firm’s technical cybersecurity services, which includes internal, external, wireless and web application security assessments and testing end-user awareness levels via social engineering assessments. Douglas has performed penetration testing and IT audit engagements for clients located in every industry across the firm. Douglas is a Certified Information Systems Security Professional (CISSP), Certified Computer Examiner (CCE) and a member of the international Society of Forensic Computer Examiners.

  • speaker photo
    Paul Ihme
    Co-Founder & President of Consulting Services, Soteria

    Paul is an accomplished Security Professional with 14 years of experience in multiple information technology domains, specializing in computer network exploitation, computer network defense and security incident response. His expertise includes planning, coordinating and performing offensive computer operations.
    Paul leads the firm’s managed detection and incident response business, which specializes in preventing and responding to cybersecurity intrusions. He can translate complex cybersecurity issues and present solutions to any client, including c-suite leadership, focused management teams and engineers tasked with defending networks. Ihme oversees and guides Soteria’s internal information security program and has an advisory role to the company’s engineering team.

  • speaker photo
    Rob Dalzell
    Vulnerability Management, Bank of America
  • speaker photo
    Jack Freund, PhD
    Director, Risk Science, FAIR Institute

    Dr. Jack Freund is a leading voice in cyber risk measurement and management. He is an expert at building relationships to collaborate, persuade, and sell information risk and security programs. Jack is currently serving as Director, Risk Science at RiskLens and previously worked for TIAA as Director, Cyber Risk. Jack holds a PhD in Information Systems and has been named an IAPP Fellow of Information Privacy. Jack’s book on quantifying risk (Measuring and Managing Information Risk: A FAIR Approach) was inducted into the Cybersecurity Canon in 2016. Jack’s writings have appeared in the ISSA Journal and he currently writes a column for the @ISACA newsletter.

  • speaker photo
    Tam Nguyen
    CISSP, Cyber Threat Researcher, Federal Reserve Bank at Cleveland

    Tam Nguyen is an IEEE and ACM peer-reviewed cybersecurity researcher whose with recent publications on Software Defined Network's security (CSNet - Paris, France), and instructional design evaluation of CEH v10 Online Course (IC4E - Tokyo, JP). Tam's research interests include large-scale cyber threat modeling, cyber behavioral science, and applications of quantum computing in cybersecurity. Tam is a CISSP and is working for the Federal Reserve Bank at Cleveland.

  • speaker photo
    Andrew Dutton
    CISO, DuHart Consulting

    Strategic Global Cybersecurity leader that is accomplished in complex multinational organizations. Strong interpersonal skills and communicator. Extensive experience in cybersecurity, compliance, governance, architecture. Expert in deployment of enterprise standards, processes, and policies. Strong project management experience. Dedicated and well versed in analyzing and mitigating risk, deployment of cost-effective solutions based on business requirements, and technical architecture. Adept in changing culture and developing engaged/motivated teams as well as working individually with resources.

  • speaker photo
    Dr. John Opala
    VP, IT Security, McCormick

    Cybersecurity thought leader with over 19 years of technical and leadership experience in multiple disciplines.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Don't miss out!

Join us for high-quality, affordable cybersecurity training and networking. Sign up today!