Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, June 12, 2019
    9:00 am
    SecureWorld PLUS - Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    9 a.m. - 3 p.m. - Earn 12 CPEs!
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    9:00 am
    SecureWorld PLUS
    • session level icon
    Join us the day before the conference for 6 additional CPE credits.
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm

    This in-depth course is with one instructor.

  • Thursday, June 13, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    7:30 am
    Advisory Council RoundTable (Breakfast & Coffee Served) - (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    7:30 am - 8:30 am
    8:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    8:30 am
    Cybercrime and What Your Insurance Company Is Doing About It
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Being insured isn’t the same as being prepared. As cyber criminals continue to attack businesses at an alarming rate across every possible point of vulnerability, business insurers are taking dramatic steps to provide a more comprehensive and preventative solution to combat the growing cyber threats. Tech forensic companies, network security specialists and white hat hackers have come together with insurance providers to offer a new generation of threat intelligence services. While an unusual pairing, tech and insurance professionals are now collaborating to create state-of-the-art cyber security solutions.
    8:30 am
    IoT Defense: A Holistic Approach
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am

    Reviewing the current state of IoT devices, their cloud endpoints and the connection between them to understand the threat landscape and where our focus needs to be in the years ahead.

    9:30 am
    OPENING KEYNOTE:
    • session level icon
    speaker photo
    EVP & CISO, U.S. Bank
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:15 am
    Legal Issues in AI, IoT and the Cloud of the Future
    • session level icon
    speaker photo
    Professor, Researcher, Lawyer, Education
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    AI, IoT and the Cloud are no doubt changing the way we live in the future. This presentation discusses current and predicted legal issues in AI, IoT and the Cloud into the future. Legal areas cover privacy and security law, marketing law, and tech law more generally. Trends in how AI, IoT and the Cloud will be used in the future will be married with the potential legal issues that may present themselves in that context. This will permit insight into how the law may evolve in these areas and how we can be ready for our cyber future from this perspective.
    11:15 am
    Governance, Risk, and Compliance (GRC): Hit Refresh, Do It Again
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    With the complexity and sheer volume of business groups, each with different level of maturity, enabling an overarching governance, risk and compliance (GRC) program at a global organization such as Microsoft, is no easy task. Join us to learn how Microsoft leveraged technology and a few key best practices to transform their governance, risk, and compliance efforts into something far more meaningful, strategic, and most importantly effective. By enabling cognitive decision-making through telemetry and innovating our GRC processes powered by a unified compliance framework and common risk methodology, we just might be on the way to revolutionizing the GRC realm.
    11:15 am
    Lessons Learned From a Real Security Incident That You Need to Take Public
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    This presentation will cover lessons learned from an actual public security incident. We will discuss what worked and what didn’t, and what you need to be prepared if you have an incident.

    11:15 am
    Privacy Impact Assessments and Emerging Technologies
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Privacy laws and regulations continue to evolve rapidly in the U.S. at the federal and state levels. Combined with the European Union GDPR, these emerging standards underline the need for businesses to manage data as a regulated asset. The risks are heightened when developing or implementing emerging technologies, such as artificial intelligence, blockchain and biometric technologies. A key part of governance, both to reduce risk and to enable new innovations, is to perform impact assessments when implementing new technologies into the business, and as part of any new product development or innovation operations. This presentation will focus on privacy regulatory issues associated with emerging technologies, trends in structuring impact assessments, approaches to and objectives of PIAs, and ways in which to integrate PIA processes into the business.
    12:00 pm
    Advisory Council Round Table (Lunch Served) - VIP / Invite Only
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    12:15 pm
    LUNCH KEYNOTE
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.

    1:15 pm
    Panel: Stopping the Attacks (Incident Response)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    1:15 pm
    Panel: Phishing and Social Engineering Scams
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    1:15 pm
    Cloud Provider Security – The Evolution Continues
    • session level icon
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:15 pm

    Cloud providers have always stated that they secure the data residing in their cloud. As I have presented at a few Cloud Security Alliance conferences in the past, the security that is provided is dependent on the Service Level Agreement (SLA) verbiage. The same is still true, but some of the providers actually have essentially a menu of security tools. This presentation will explore these tools.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes and CyberHunt Winners Announced
    Registration Level:
    2:30 pm - 2:45 pm
    Location / Room: Exhibitor Floor

    Be sure to have your badge scanned with participating exhibitors. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win.

    3:00 pm
    Building a Better Cyber Awareness Training System With Machine Learning and Artificial Intelligence
    • session level icon
    speaker photo
    Cyber Threat Researcher, Federal Reserve Bank of Cleveland
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Cybersecurity awareness training (CAT) should be adaptable to evolving cyber threat landscape, cost effective and integrated well with other components. Unfortunately, few CAT systems can satisfy those requirements.
    This presentation introduces a new smart model for conducting cyber security trainings based on ML/AI with three main goals: (1) training efforts are initiated by emerging relevant threats and delivered first to the most vulnerable members (2) training results must be able to provide actionable intelligence to be employed by enterprise risk management, enterprise threat intelligence, and other systems (3) the CAT system must be effective and affordable.

    3:00 pm
    Present the Security Strategy to the Board for a Budget
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    We will share the strategy of how the VP of IT at APi Group presented the Security Strategy to the Board for budget approval.

    3:00 pm
    Employer Data Breach Liability: The Employee as a Threat Vector
    • session level icon
    Learn 6 big decisions organizations must make in response to insider threat
    speaker photo
    Founder, Herrin Health Law, P.C.
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    According to a 2014 IBM study, 31.5% of all cybersecurity incidents were perpetrated by malicious insiders, and 23.5% resulted from the activities of non-malicious insider threats. In 2017, statistics reported by the MIT Sloan Interdisciplinary Consortium showed that between 67% and 80% of cybersecurity incidents were linked to persons with legitimate access to the breached data infrastructure. A 2018 Ponemon Institute report confirms that this upward trend is not abating, as 64% of successful cyber attacks resulted from privileged user negligence, with another 23% being perpetrated by malicious insiders – a total of 87% of all incidents. Education having failed in many instances, with criminals becoming ever more sophisticated, and with the return on investment for perimeter defenses becoming slight, perhaps employers should consider their employees threat vectors and not innocent victims in cybercrime.

     

Exhibitors
  • Bitdefender
    Booth: TBD

    Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.

    From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.

  • Cisco
    Booth: TBD

    Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.

  • Colbalt.io
    Booth: TBD

    At Cobalt, we use a combination of data, technology and talent to meet the security challenges of the modern web or mobile application, and ensure we provide the smartest, most efficient services possible. From Cobalt Central, our powerful vulnerability dashboard, to Cobalt Insights, which gives you an intelligent overview of your application security program, we are driven by great technology.

  • Darktrace
    Booth: TBD

    Darktrace is the world’s leading machine learning company for cyber security. Created by mathematicians from the University of Cambridge, the Enterprise Immune System uses AI algorithms to automatically detect and take action against cyber-threats within all types of networks, including physical, cloud and virtualized networks, as well as IoT and industrial control systems. A self-configuring platform, Darktrace requires no prior set-up, identifying advanced threats in real time, including zero-days, insiders and stealthy, silent attackers. Headquartered in San Francisco and Cambridge, UK, Darktrace has 24 offices worldwide.

  • EC-Council
    Booth: TBD

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • eSentire, Inc
    Booth: 111

    Keeping up with emerging cyber threats and evolving regulatory measures isn’t easy. At eSentire, we simplify cybersecurity, delivering an advanced service that protects your high-risk assets from the complex threats that technology alone can miss, 24×7.

  • Global Cyber Alliance
    Booth: TBD

    The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

  • InfoSec-Conferences.com
    Booth: TBD

    We’re the InfoSec Community’s #1 ‘Go To’ resource for Cybersecurity Conferences. Since 2012 we’ve provided Cybersecurity Professionals with accurate event listings that are manually checked and updated every day.

  • InfraGard Chicago
    Booth: TBD

    All InfraGard participants are committed to the proposition that a robust exchange of information about threats to and actual attacks on these critical infrastructures is an important element for successful infrastructure protection efforts. This chapter is governed by our local bylaws.

    The goal of InfraGard is to enable the flow of information so that the owners and operators of infrastructure assets can better protect themselves and so that the United States government can better discharge its law enforcement and national security responsibilities.

  • ISACA Chicago Chapter
    Booth: TBD

    Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the metro Chicago area.

    Chapter meetings are generally held the third Thursday of each month at The Conference Center at One North Wacker (1 N. Wacker Drive, 2nd Floor, Chicago, Illinois 60606)

    Please check our web site from time to time for the most up-to-date listing of chapter related events and training opportunities.

  • (ISC)2 Chicago Chapter
    Booth: TBD

    The mission of the Chicago Chapter is to advance the local Chicagoland information security community by providing its members with opportunities to increase knowledge, grow professional networks, share information and advance the profession as a whole by promoting certification, ethical behavior, and social responsibility.

    Our members consist of (ISC)² credentialed professionals who hold either a SSCP, CAP, CSSLP, and/or a CISSP or advanced concentration certification. Our chapter program is focused on sharing knowledge and exchanging ideas among security professionals in the local area.  Ultimately, we want to advance the field of information security by educating practitioners and the public at large on how to protect and defend against security threats.

  • ISSA Chicago Chapter
    Booth: TBD

    The Chicago Chapter of the Information Systems Security Association (ISSA) has a mission to offer a stimulating combination of discussion forums, hands-on learning, CISSP certification training, conferences, and other events which are designed to enhance understanding and awareness of information security issues for information security professionals.

    Whether you are exploring a career in cybersecurity, honing your technical expertise or an established security executive, the ISSA offers you a network of 10,000 colleagues worldwide to support you in managing technology risk and protecting critical information and infrastructure. Enhance your professional stature, expand your peer network and achieve your personal career goals. Your local chapter and ISSA International will provide you with a wealth of resources to keep you current with industry trends and developments in our ever-evolving field.

  • Mimecast
    Booth: TBD

    Mimecast Is Making Email Safer For Business.
    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service.
    Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • TechTarget
    Booth: TBD

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Jason Witty
    EVP & CISO, U.S. Bank

    Jason Witty is the EVP, CISO at U.S. Bancorp, providing singular accountability for information security controls in the company. An award winning CISO, Jason has 23 years of information security and risk management experience and was recently named the 2017 SecureWorld Ambassador of the Year in addition to a “CISO Superhero” at I.S.E. North America in 2015. Jason simultaneously serves as the Vice-Chairman of the Board of Directors at the FS/ISAC, as well as being FBI’s Chicago Infragard Sector Chief for Finance Services.

  • speaker photo
    Dr. Raj Sachdev
    Professor, Researcher, Lawyer, Education

    Dr. Raj Sachdev is a professor, researcher, and‎ internationally qualified lawyer (USA and England/Wales). He holds‎ several degrees in business and law and has guest spoken at such institutions as Oxford, Cambridge, Stanford and major industry‎ conferences including having given a Tedx talk. Over the last 15‎ years, he has taught 50‎+ different courses at other institutions including some as a part-time‎ instructor at Stanford. He was formerly a visiting researcher at UC Berkeley.

  • speaker photo
    Tam Nguyen
    Cyber Threat Researcher, Federal Reserve Bank of Cleveland

    Tam Nguyen is an IEEE peer-reviewed cybersecurity researcher whose recent works include a long-term cyber threat evaluation/prediction strategy for the Federal Reserve Bank of Cleveland, and an accepted research paper on Software Defined Network's security to be presented in Paris, France. Tam's research interests include large-scale cyber threat modeling, cyber behavioral science, and applications of quantum computing in cyber security.

  • speaker photo
    Barry Herrin
    Founder, Herrin Health Law, P.C.

    Barry Herrin is the Founder of Herrin Health Law, P.C., a boutique law practice located in Atlanta, Georgia. He regularly assists health care providers in all segments of the industry on health care operations and compliance, medical information privacy and confidentiality, cybersecurity, and data breach response. He is admitted to the bars of the District of Columbia, Florida, Georgia, and North Carolina. Mr. Herrin is a Fellow of the American College of Healthcare Executives, a Fellow of the American Health Information Management Association, and a Fellow of the Healthcare Information and Management Systems Society. He also holds a certificate in cybersecurity from Georgia Tech and has been recognized as a subject matter expert in health care by the Infragard National Member Alliance.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Invest in yourself

Join your InfoSec peers for high-quality, affordable training and collaboration. Sign up today!