Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, June 12, 2019
    9:00 am
    [SecureWorld PLUS] Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    9 a.m. - 3 p.m. • Earn 12 CPEs!
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm
    Location / Room: 31

    The University of Massachusetts has developed a 6-hour SecureWorld PLUS training class that instructs attendees on the best practices for designing, building, and maintaining a cybersecurity program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the Framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program, and a Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M), and Executive Report

    The class will help individuals and organizations acquire knowledge, skills, and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the instructor:

    • Larry Wilson is the CISO for UMass President’s Office since 2009.
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation.
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past five years.
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework.

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    9:00 am
    [SecureWorld PLUS] Cyber Defense Ineffectiveness and What We Can Do About It
    • session level icon
    9 a.m. - 3 p.m. • Earn 12 CPEs!
    speaker photo
    CEO, Alpine Security
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm
    Location / Room: 30

    Alpine Security CEO, Christian Espinosa, a bronze sponsor of SecureWorld Chicago, hosts SecureWorld Plus training session on Cyber Defense Ineffectiveness and What We Can Do About It. Attendees will be exposed to data gathered from real-world penetration tests, audits, and incident responses, bringing attention to the current state of cyber defense. Attendees will become familiar with the top 5 trending cybersecurity misconceptions and learn actionable solutions and tools to approach cyber defense and to create a more secure world. Upon completion of this 6-hour training session, attendees will be eligible to receive 12 CPE’s.

    “Ransomware & cyber extortion are effective because organizations blindly implement controls without a risk-based strategy, have poor cybersecurity awareness, and have difficulty determining the validity of ‘incriminating data’ used for cyber extortion.” -Christian Espinosa

    Throughout this training session, Christian Espinosa will candidly discuss the following key elements:

    • Despite all the Next-Gen tools, latest products, compliance requirements, etc., breaches still happen daily. Why is this, and what can we do about it?
    • Data gathered from real-world penetration tests, audits, and incident responses to focus on the current state of cyber defense.
    • Motivations, breaches, and primary tactics used by attackers.
    • Opportunities and solutions to address common issues such as how more organizations focus on the wrong items, how egos get in the way, how compliance doesn’t really help, how risk is rarely assessed, and how cloud migrations can actually make security worse.

    During this training session, you can expect to participate in group activities and discussions. Be open to new ideas and approaches. We can learn from each other.

    Meet the Trainer:
    Christian Espinosa is Alpine Security’s CEO/Founder and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a US Air Force veteran with a BS in Engineering from the US Air Force Academy and MBA from Webster University. Christian holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.

  • Thursday, June 13, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    7:30 am
    Advisory Council RoundTable (Breakfast & Coffee Served) - (VIP / Invite Only)
    • session level icon
    Topic: Are Our Cybersecurity Solutions Ready For an AI World?
    speaker photo
    CNN Military Analyst; USAF (Ret.), CEO, Cedric Leighton Associates
    Registration Level:
    • session level iconVIP / Exclusive
    7:30 am - 8:30 am
    Location / Room: 30

    This Roundtable is for our Advisory Council Members Only.

    8:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    8:30 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: Selling the Value of Security to Your Organization
    speaker photo
    CISO, Tempus, Inc.
    Registration Level:
    • session level iconVIP / Exclusive
    8:30 am - 9:30 am
    Location / Room: 30
    8:30 am
    Third Party Vendor/Supply Chain Security Risk Management
    • session level icon
    speaker photo
    Cybersecurity Strategist, InfraGard National Sector IT Subject Matter Expert
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 27

    How to build out and effectively run your own third-party vendor risk management program and/or begin conversations with the appropriate legal, procurement, and vendor management teams to begin implementing a third-party risk program.

    8:30 am
    [Cisco] Crypto Gold Mine: Are Your Clients Safe?
    • session level icon
    speaker photo
    Cloud Security Systems Engineer, Cisco
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: 25
    8:30 am
    ISACA Chapter Meeting & Guest Presentation - Open to all Attendees
    • session level icon
    Topic: Planning Effective, Scenario-Driven Purple Team Engagements
    speaker photo
    Blue Team Coordinator, Zurich Insurance Group
    speaker photo
    Red Team Coordinator, Zurich Insurance Group
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Keynote Theater

    Join this presentation to inquire how setting goals and starting with a solid scenario is key to building a Purple Team test that maximizes results. Hear how maintaining flexibility during the engagement can keep everyone on track and on schedule. Whether you are looking to improve effectiveness of internal Purple Team members or maximize value of third-party consultants, this presentation will help you start with a solid foundation, avoid some common pitfalls and extract the most value from this unique engagement.

    9:30 am
    OPENING KEYNOTE — The Nation-State, the Corporation, and You: Cybersecurity in the Cyber Age
    • session level icon
    speaker photo
    CNN Military Analyst; USAF (Ret.), CEO, Cedric Leighton Associates
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:15 am
    Legal Issues in AI, IoT and the Cloud of the Future
    • session level icon
    speaker photo
    Professor, Researcher, Lawyer, Education
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 31
    AI, IoT and the Cloud are no doubt changing the way we live in the future. This presentation discusses current and predicted legal issues in AI, IoT and the Cloud into the future. Legal areas cover privacy and security law, marketing law, and tech law more generally. Trends in how AI, IoT and the Cloud will be used in the future will be married with the potential legal issues that may present themselves in that context. This will permit insight into how the law may evolve in these areas and how we can be ready for our cyber future from this perspective.
    11:15 am
    Protecting the Brand
    • session level icon
    speaker photo
    CISO, Delta Dental Plan Associates
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 27

    When security practitioners look at brand risk, they often rely on security controls that focus on securing the organization for threat actors targeting the organization’s infrastructure in order to disrupt service, or steal confidential information. Often times, we forget about what is going on outside of the organization that could cause the organization’s brand harm as well. This presentation will discuss what is brand risk, how organizations need to account for the brand, and best practices to mitigate that risk.

    11:15 am
    [Mimecast] Anatomy of an Attack: Live Email Hack
    • session level icon
    speaker photo
    Director, Systems Engineering, Mimecast
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 25
    Let’s face it: E-Mail is still the biggest entry point into your organization, even in secure environments. Security threats are real and debilitating, and they aren’t going away anytime soon. During this session, Mike Shine will paint the current threat landscape for email-borne attacks and demonstrate an actual live e-mail hack against a secure e-mail server.

    You will learn e-mail based attack methodologies and the tactics and tools being used to exploit your users, as well as how to enhance your email security posture going forward.

    11:15 am
    [Trend Micro] Protecting Your Organization from Cyber-Physical Attacks
    • session level icon
    speaker photo
    VP, Infrastructure Strategies, Trend Micro
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 26

    IoT poses huge security and privacy challenges to individuals and businesses. Technical measures, deployed at the endpoint, in the network, and on connected devices, are necessary but not sufficient to secure these extensions. Utilizing wide-ranging examples from smart buildings, smart ports, and smart cars to connected home and office devices, we will examine attack modes and effective layered protection. The session will then outline four methods for governing behavior—a mix of social pressure, financial sanctions, laws, and architecture—and reveal the secret to using a mix of these methods when developing an effective IoT security strategy.

    12:15 pm
    LUNCH KEYNOTE: Quantum Computing, Blockchain, AI, STOP - Get Back to the Basics
    • session level icon
    speaker photo
    CISO, Morningstar
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    There are more than 500 security vendors at any given time and as security practitioners we are bombarded with new technology at all times. While there is a need to stay ahead of the curve, we need to focus on the fundamentals. Tools can be ineffective if you cannot patch properly or in a timely fashion! In this presentation, I will highlight a couple breaches and dissect how security fundamentals would have either mitigated the impact of the breach or prevented it in the first place. Let’s fine tune the basics and then have AI tell us that we’re awesome.

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    speaker photo
    Director, Information and Technology Services, Gift of Hope Organ and Tissue Donor Network
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
    Panelists:
    Mike Shine, Mimecast
    Ted Shorter, Keyfactor
    John Kellerhals, Wheels Inc.
    Brian Kovick, Mercy Home for Boys & Girls
    Moderator: Edward Marchewka, Gift of Hope

    1:15 pm
    Panel: Battle for the Endpoint Continues
    • session level icon
    speaker photo
    President and Practice Leader, CISO Advisory Services, Bradford Garrett Group, Former CISO for City of Chicago and Discover Financial
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 25

    What are you doing to keep the network safe for your employees? You’ve got your fancy next-gen firewall and some A/V. Maybe even some biometrics or 2FA thrown in for safekeeping. We also keep hearing the IAM acronym thrown around. And what is Zero Trust? What are you missing? Oh, yeah… remote workers and IoT. Wouldn’t it be cool if you had someone to ask? Now you do. This panel will go through these questions and more. Join the group discussion as we address the challenges in endpoint and network security.
    Panelists:
    John Fatten, Cisco
    Keith Weisman, Endgame
    Gary Patterson, Home Partners of America
    Brandon Meyer, Ensilo
    Ron Pipkins, Alert Logic
    Moderator: Tina Hauri, Bradford Garrett Group

     

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes and CyberHunt Winners Announced
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: Exhibitor Floor

    Be sure to have your badge scanned with participating exhibitors. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win.

    3:00 pm
    InfraGard Meeting & Presentation- Open to all Attendees
    • session level icon
    Topic: Integrating Public and Private Sector
    speaker photo
    Board Member & Sector Chief Program Leader, InfraGard Chicago Members Alliance
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 25
    Interested in your local associations? Join InfraGard for a chapter meeting and guest presentation. This session is open to all attendees.
    Presentation:
    This session will show how the public/private sector integrates intelligence for mutual benefit.
    3:00 pm
    Employer Data Breach Liability: The Employee as a Threat Vector
    • session level icon
    Learn 6 big decisions organizations must make in response to insider threat
    speaker photo
    Founder, Herrin Health Law, P.C.
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 31
    According to a 2014 IBM study, 31.5% of all cybersecurity incidents were perpetrated by malicious insiders, and 23.5% resulted from the activities of non-malicious insider threats. In 2017, statistics reported by the MIT Sloan Interdisciplinary Consortium showed that between 67% and 80% of cybersecurity incidents were linked to persons with legitimate access to the breached data infrastructure. A 2018 Ponemon Institute report confirms that this upward trend is not abating, as 64% of successful cyber attacks resulted from privileged user negligence, with another 23% being perpetrated by malicious insiders – a total of 87% of all incidents. Education having failed in many instances, with criminals becoming ever more sophisticated, and with the return on investment for perimeter defenses becoming slight, perhaps employers should consider their employees threat vectors and not innocent victims in cybercrime.

     

    3:00 pm
    Building a Better Cyber Awareness Training System with Machine Learning and Artificial Intelligence
    • session level icon
    speaker photo
    Cyber Threat Researcher, Federal Reserve Bank of Cleveland
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 26

    Cybersecurity awareness training (CAT) should be adaptable to the evolving cyber threat landscape, cost effective, and integrated well with other components. Unfortunately, few CAT systems can satisfy those requirements.

    This presentation introduces a new smart model for conducting cybersecurity trainings based on ML/AI with three main goals: (1) training efforts are initiated by emerging relevant threats and delivered first to the most vulnerable members; (2) training results must be able to provide actionable intelligence to be employed by enterprise risk management, enterprise threat intelligence, and other systems; and (3) the CAT system must be effective and affordable.

    3:00 pm
    Rise of Industrial 4.0: Crippling a Country Through Cyber Attacks in Manufacturing
    • session level icon
    speaker photo
    Director, Center for Cyber Security and Forensics Education and Assistant Professor, Illinois Institute of Technology
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 27

    When we think of the breach of data, it could be the least of the industry’s problems. The “hyperconnectivity” between smart robots and the cloud could leave entire sectors vulnerable to large-scale attacks with catastrophic cascading effects. At worse, these could take out a significant chunk of a country’s GDP. Tampering with equipment in factories producing food, for instance, could lead to incorrect nutrient levels and unsafe items bypassing proper checks.

Exhibitors
  • Alert Logic
    Booth: 115

    Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.

  • Alpine Security
    Booth: 430

    Alpine Security is a Service Disabled Veteran owned Small Business. We have extensive experience with security audits, regulatory compliance audits, vulnerability assessments, penetration testing (network, application, web application, and physical), social engineering, incident response, digital forensics, and user awareness & technical training.  Our team members are Industry Certified, bring vast project experience, highly educated, trusted, and experienced.  We have been on United States government red teams and have experience with military cyber operations – offensive and defensive.  Our team is also well-versed and experienced with commercial security assessments, audits, penetration testing, risk assessments, and incident response.  We have performed penetration tests and assessments for numerous industries, including aerospace & defense, education, healthcare, financial, energy, and oil & gas.  Our extensive experience in high-risk and complex environments ensures we are prepared to test your environment, regardless of the risk-level or complexity.  We’ve been tested under fire.

  • AppViewX
    Booth: 100

    AppViewX is the most advanced certificate and key lifecycle automation platform. With their certificate lifecycle automation and management platform, CERT+, your enterprise can protect itself from cyber-attacks that can happen easily due to misused keys or expiring certificates. AppViewX CERT+ provides automated discovery, enrollment, monitoring, validation, expiry notification, renewal, provisioning, remediation, reporting and revocation of SSL/TLS certificates across networks including app servers, web servers, ADCs, proxies, firewalls, client and mobile devices. CERT+ helps enterprise IT manage and automate the entire lifecycle of their internal and external PKI.

  • Apricorn
    Booth: 435

    Founded in 1983, Apricorn designs, manufactures, and supports storage innovations with your data’s security as our top priority. Our unique, patented approach is centered on being 100% hardware-encrypted, software-free, and cross-platform compatible. Trusted by numerous state, national, and international governments, as well as small and large corporations alike, Apricorn delivers advanced data security innovations designed to address today’s threats, as well as tomorrow’s.

  • BackBox
    Booth: 215

    BackBox is the leading provider of Intelligent Automation for all Network and Security devices. BackBox provides the ability to schedule automated backup and storing of device configurations, single-click recovery, real-time inventory management, custom task automation, and pre-emptive health checks for all your critical devices on the network.

  • Barracuda
    Booth: 320

    Barracuda Networks, Inc. is a company providing security, networking and storage products based on network appliances and cloud services. The company’s security products include products for protection against email, web surfing, web hackers and instant messaging threats such as spam, spyware, trojans, and viruses. The company’s networking and storage products include web filtering, load balancing, application delivery controllers, message archiving, NG firewalls, backup services and data protection.

  • Binfer
    Booth: 400

    Binfer is the next generation of secure communication software that allows messaging, collaboration, file sharing, synchronization and more without storing user’s data on any third party systems.

  • Bitdefender
    Booth: 119

    Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.

    From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.

  • Checkmarx
    Booth: 217

    Checkmarx is the global leader in software security solutions for modern enterprise software development. Checkmarx delivers the industry’s most comprehensive software security platform that unifies with DevOps and provides static and interactive application security testing, SCA and developer AppSec training to reduce and remediate risk from software vulnerabilities. www.checkmarx.com.

  • CHICAGO Metrics
    Booth: 400

    CHICAGO Metrics® is a suite of SaaS tools to help you to have a better conversation with business leadership in terms that they understand. Translate between executives and technicians with a solid metrics program that takes any number of tactical metrics and aggregates them into the six business aligned Key Performance/Risk Indicators: Confidentiality, Human Resources, Integrity, Character, Availability, and GOld. Use the ROI Calculator to get the funding and resources you need. Evaluate vendors with our Vendor Risk Assessment Platform, which focuses on risk management and allows you to compare your program to your vendor’s program.

  • Cisco Umbrella
    Booth: 220

    Cisco Umbrella is a cloud security platform that provides the first line of defense against threats on the internet wherever users go. And because its built into the foundation of the internet and delivered from the cloud, Umbrella is the simplest security product to deploy and delivers powerful, effective protection.

  • Cloud Security Alliance – Chicago Chapter
    Booth: TBD

    We are the Chicago Chapter of the Cloud Security Alliance (CSA). Our goal is to promote Cloud Computing Security in the Chicagoland area. We are actively recruiting knowledgeable security professionals to join help grow our Chapter. This is an excellent opportunity to meet take your career to the next level by networking with passionate Security professionals.

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Cobalt.io
    Booth: 400

    Cobalt’s Pentest as a Service (PtaaS) Platform transforms traditional pentesting into a data-driven vulnerability management engine. Fueled by a global talent pool of certified freelancers, our modern pentest platform delivers actionable results that empowers agile teams to pinpoint, track, and remediate vulnerabilities.

  • Code42
    Booth: 304

    Code42 is the leader in information security. We secure more than 50,000 organizations worldwide, including the most recognized brands in business and education. Because Code42 can secure every version of every file, we offer security, legal and IT teams total visibility and recovery of data–wherever it lives and moves.

  • Darktrace
    Booth: 301

    Darktrace is the world’s leading AI company for cyber defense. With over 7,000 deployments worldwide, the Enterprise Immune System is relied on to detect and fight back against cyber-attacks in real time. The self-learning AI takes one hour to install, works across the cloud, SaaS, corporate networks, IoT and industrial systems, and protects against the full range of cyber-threats and vulnerabilities, from insider threats and ransomware, to stealthy and silent attackers. Darktrace has 800 employees and 40 offices worldwide, with headquarters in San Francisco, and Cambridge, UK.

  • EC-Council
    Booth: n/a

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Endace
    Booth: 140

    Customers choose Endace products for one primary reason: they deliver, where competitor products fail. Whether it is capture accuracy, fidelity of time stamps, write-to-disk performance or speed of traffic retrieval, Endace is famous for delivering the very best performing products. Telcos, broadcasters, governments, defence departments, investment banks and many other large enterprises trust our products to help them manage their critical data networks.

  • Endgame
    Booth: 117

    Organizations spent $75 billion on security last year, yet they still face breaches at an alarming rate. Endgame exists to transform that paradigm and not accept breaches as the status quo.

    To solve these challenges, we can’t apply the same people, processes and technology and expect different results.

    We bring to bear the best across enterprise tech, security domain expertise, data science, user experience, and academia to challenge the industry-standard of what makes a good security product.

    That’s what we’re doing everyday at Endgame.

  • enSilo
    Booth: 135

    enSilo protects businesses around the world from data breaches and disruption caused by cyber attacks. The enSilo Endpoint Security Platform comprehensively secures endpoints in real-time pre- and post-infection without alert fatigue, excessive dwell time or breach anxiety while also containing incident response costs by orchestrating automated detection, prevention and incident response actions against advanced malware. enSilo’s patented approach stops advanced malware with a high degree of precision, provides full system visibility and an intuitive user interface and combines next-generation antivirus (NGAV), application communication control, automated endpoint detection and response (EDR) with real-time blocking, threat hunting, incident response, and virtual patching capabilities in a single agent. The platform can be deployed either in the cloud or on-premises and supports multi-tenancy.

  • Exabeam
    Booth: 213

    The Exabeam Security Intelligence Platform provides organizations of all sizes with end-to-end detection, analytics, and response capabilities from a single security management and operations platform. Exabeam SIP includes Exabeam Log Manager, a modern log management system, built on top of ElasticSearch to provide unlimited data ingestion at a predictable, cost effective price. Exabeam SIP detects complex, multi-stage threats using the analytics capabilities of Exabeam Advanced Analytics; the world’s most deployed User and Entity Behavior Analytics (UEBA) solution. Finally, Exabeam SIP improves incident response efficiency with Exabeam Incident Responder, an API based security orchestration and automation solution.

  • Global Cyber Alliance
    Booth: TBD

    The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

  • InfoSec-Conferences.com
    Booth: n/a

    We’re the InfoSec community’s #1 ‘Go To’ resource for cybersecurity conference listings. Since 2012 we’ve provided cybersecurity professionals with accurate event listings that are manually checked and updated every day.

  • InfraGard Chicago
    Booth: TBD

    All InfraGard participants are committed to the proposition that a robust exchange of information about threats to and actual attacks on these critical infrastructures is an important element for successful infrastructure protection efforts. This chapter is governed by our local bylaws.

    The goal of InfraGard is to enable the flow of information so that the owners and operators of infrastructure assets can better protect themselves and so that the United States government can better discharge its law enforcement and national security responsibilities.

  • ISACA Chicago Chapter
    Booth: TBD

    Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the metro Chicago area.

    Chapter meetings are generally held the third Thursday of each month at The Conference Center at One North Wacker (1 N. Wacker Drive, 2nd Floor, Chicago, Illinois 60606)

    Please check our web site from time to time for the most up-to-date listing of chapter related events and training opportunities.

  • (ISC)2 Chicago Chapter
    Booth: TBD

    The mission of the Chicago Chapter is to advance the local Chicagoland information security community by providing its members with opportunities to increase knowledge, grow professional networks, share information and advance the profession as a whole by promoting certification, ethical behavior, and social responsibility.

    Our members consist of (ISC)² credentialed professionals who hold either a SSCP, CAP, CSSLP, and/or a CISSP or advanced concentration certification. Our chapter program is focused on sharing knowledge and exchanging ideas among security professionals in the local area.  Ultimately, we want to advance the field of information security by educating practitioners and the public at large on how to protect and defend against security threats.

  • ISSA Chicago Chapter
    Booth: TBD

    The Chicago Chapter of the Information Systems Security Association (ISSA) has a mission to offer a stimulating combination of discussion forums, hands-on learning, CISSP certification training, conferences, and other events which are designed to enhance understanding and awareness of information security issues for information security professionals.

    Whether you are exploring a career in cybersecurity, honing your technical expertise or an established security executive, the ISSA offers you a network of 10,000 colleagues worldwide to support you in managing technology risk and protecting critical information and infrastructure. Enhance your professional stature, expand your peer network and achieve your personal career goals. Your local chapter and ISSA International will provide you with a wealth of resources to keep you current with industry trends and developments in our ever-evolving field.

  • Ixia, a Keysight Business
    Booth: 108

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Keyfactor
    Booth: 122

    Keyfactor, formerly Certified Security Solutions (CSS), is a leading provider of secure digital identity management solutions that enables organizations to confirm authenticity, and ensure the right things are interacting in the right ways in our connected world. From an enterprise managing millions of devices and applications that affect people’s lives every day, to a manufacturer aiming to ensure its product will function safely throughout its lifecycle, Keyfactor empowers global enterprises with the freedom to master every digital identity. Its clients are the most innovative brands in the industries where trust and reliability matter most.

  • Mimecast
    Booth: 225

    Mimecast Is Making Email Safer For Business.

    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service. Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • Okta
    Booth: 148

    Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

  • ProcessUnity
    Booth: 324

    ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources.

  • SailPoint
    Booth: 421

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • Security Innovation
    Booth: 375

    For almost two decades, global clients have trusted Security Innovation to help them learn how to defend software applications and sensitive data from cyber-threats and attacks. We understand the challenges facing today’s enterprise, where reputation and customer trust is on the front lines. That’s why we continually work to discover and overcome the latest security threats with our Centers of Excellence, and integrate this knowledge into every training and assessment solution we deliver.

  • Siemplify
    Booth: 422

    The  Siemplify  team is comprised of cyber-security professionals, veterans of Israeli intelligence agencies. We bring rich experience in security analysis,  management  and operations and are backed by experts in data science and applied mathematics.

    WE BELIEVE In the modern world of cyber threat analysis, investigation and management should be more holistic, intuitive and simple. Technology and data science should serve cyber security experts by providing all the relevant information about the threat in real-time and focus them  in  rapid decision making.

  • Soliton Systems, Inc.
    Booth: 311

    Soliton Systems is the #1 IT security solution provider in Japan, most notably providing market-leading authentication solutions for 13 consecutive years with over 16,000 installations. From users to devices to networks to applications, Soliton enables a seamless and effortless authentication experience for customers ranging from small businesses to multi-national enterprises across all industries.
    Soliton Systems was founded in 1979 with the vision to create innovative solutions to exceed customer expectations, all without adding complexity, and we continue to set new standards in performance, quality and reliability.

  • TechTarget
    Booth: TBD

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • TrapX Security
    Booth: 133

    TrapX Security is the pioneer and global leader in cyber deception technology. Their DeceptionGrid solution rapidly detects, deceives, and defeats advanced cyberattacks and human attackers in real-time. DeceptionGrid also provides automated, highly-accurate insight into malicious activity unseen by other types of cyber defenses. By deploying DeceptionGrid, you can create a proactive security posture, fundamentally halting the progression of an attack while changing the economics of cyberattacks by shifting the cost to the attacker. The TrapX Security customer-base includes Forbes Global 2000 commercial and government customers worldwide in sectors that include defense, healthcare, finance, energy, consumer products, and other key industries.

  • Trend Micro
    Booth: 230

    Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.

  • Venafi
    Booth: 211

    Venafi secures and protects keys and certificates so they can’t be used by bad guys in cyber attacks. Criminals want to gain trusted status and go undetected. This makes keys and certificates a prime target. Criminals steal and compromise keys and certificates that are not properly protected, and use them to circumvent security controls. This has become the attack of choice. As a Gartner-recognized Cool Vendor, Venafi delivered the first trust protection platform to secure cryptographic keys and digital certificates that businesses and governments depend on for secure communications, commerce, computing, and mobility. Venafi finds all keys and certificates and puts them under surveillance to detect anomalies. Vulnerable keys and certificates are fixed to prevent attack. Ongoing remediation is performed automatically. Venafi strengthens defenses of today’s critical security controls.

  • Verodin
    Booth: 127

    Verodin is mission-driven to help organizations remove assumptions and prove cybersecurity effectiveness with evidence-based data. Verodin’s Security Instrumentation Platform (SIP) enables customers to continuously validate that their cybersecurity controls are fully protecting their business-critical assets.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Christian Espinosa
    CEO, Alpine Security

    Christian Espinosa is Alpine Security's CEO/Founder and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a US Air Force veteran with a BS in Engineering from the US Air Force Academy and MBA from Webster University. Christian holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.

  • speaker photo
    Col. Cedric Leighton
    CNN Military Analyst; USAF (Ret.), CEO, Cedric Leighton Associates

    Founder of a strategic risk consultancy after serving 26 years in the US Air Force, Cedric Leighton oversaw numerous critical intelligence missions throughout his career. He served at US Special Operations Command, the Joint Staff and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star.

    Currently, Cedric advises multinational businesses on cyber attacks and the management of complex global strategies to reduce risk and unpredictability.

  • speaker photo
    Matthew DeChant
    CISO, Tempus, Inc.
  • speaker photo
    Arvin Verma
    Cybersecurity Strategist, InfraGard National Sector IT Subject Matter Expert

    Arvin Verma is a highly motivated and talented cybersecurity professional with over 8 years of experience across a diverse set of cyber domains and industries such as Aerospace and Defense, Technology, Financial and Insurance, Commercial Retail, Manufacturing and several more. He has filed more than 4 invention disclosures in the field of cybersecurity with one being granted as a patent and continues to leverage new concepts to drive higher confidence in today’s continuously changing environment. Arvin is CISSP certified, Security+ Certified and a ISO 27001 Certified Lead Auditor.

  • speaker photo
    John Fatten
    Cloud Security Systems Engineer, Cisco
  • speaker photo
    Austin Rappeport
    Blue Team Coordinator, Zurich Insurance Group

    Austin Rappeport is a Threat Defense Consultant working for Zurich Insurance on their global cybersecurity team. His team is responsible for managing Zurich's SIEM and integrating Zurich's security toolkit to allow for the automated detection of suspicious or malicious activity across Zurich's network. Previously, Austin worked for the Federal Energy Regulatory Commission, where he helped develop and audit compliance to the North American Electric Reliability Corporation's Critical Infrastructure Protection standards for the United States' electric sector. Austin graduated with a Bachelor's degree in Computer Engineering from the University of Illinois in Urbana/Champaign in 2011.

  • speaker photo
    Chris Carlis
    Red Team Coordinator, Zurich Insurance Group

    Chris Carlis is a member of the Zurich Insurance Group Red Team and has built a career helping organizations become more secure through offensive testing. Locally, Chris is a community organizer in the Chicago area and helps coordinate several monthly gatherings designed to connect like-minded information security professionals. In his spare time, Chris enjoys practicing operational security and the spreading of misinformation.

  • speaker photo
    Col. Cedric Leighton
    CNN Military Analyst; USAF (Ret.), CEO, Cedric Leighton Associates

    Founder of a strategic risk consultancy after serving 26 years in the US Air Force, Cedric Leighton oversaw numerous critical intelligence missions throughout his career. He served at US Special Operations Command, the Joint Staff and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star.

    Currently, Cedric advises multinational businesses on cyber attacks and the management of complex global strategies to reduce risk and unpredictability.

  • speaker photo
    Dr. Raj Sachdev
    Professor, Researcher, Lawyer, Education

    Dr. Raj Sachdev is a professor, researcher, and‎ internationally qualified lawyer (USA and England/Wales). He holds‎ several degrees in business and law and has guest spoken at such institutions as Oxford, Cambridge, Stanford and major industry‎ conferences including having given a Tedx talk. Over the last 15‎ years, he has taught 50‎+ different courses at other institutions including some as a part-time‎ instructor at Stanford. He was formerly a visiting researcher at UC Berkeley.

  • speaker photo
    Fred Kwong
    CISO, Delta Dental Plan Associates

    Fred Kwong is currently the CISO for Delta Dental Plans Association. He is a highly recognized thought leader in security and is often asked to speak and chair at national/international security conferences. Fred serves on several advisory boards and is often asked to consult on matters of security and leadership. He currently holds the CISSP, CISA, CISM, PMP and ITILv3 certifications. He earned his Bachelor of Arts in psychology and professional communications, Master of Business Administration in management information systems from Roosevelt University, and holds his Doctorate in organization development from Benedictine University.

  • speaker photo
    Mike Shine
    Director, Systems Engineering, Mimecast

    Mike has over 15 years’ experience designing and implementing IT security solutions for large enterprises, and he’s currently focused on making email safer for businesses. He actively participates in combating existing cyber threats and researching new threats out of Mimecast’s Chicago office. Mike holds a degree in Computer Engineering from Valparaiso University, and was born and raised on the south side of Chicago.

  • speaker photo
    William J. Malik, CISA
    VP, Infrastructure Strategies, Trend Micro

    William Malik is VP of Infrastructure Strategies at Trend Micro. As a founder of Gartner’s Information Security Strategies service in the mid-1990s, Bill has deep expertise in information security matters. During his IBM career he guided the mainframe operating system zOS (then MVS) through the process leading to a NIST/NSA B1-level security rating. He taught a graduate class on Information Security Policy at Georgia Tech and authored the chapter “Information Security Policy in the US National Context” for the text “Information Security: Policy, Processes, and Practices,” Detmar Straub, et al., editors. M. E. Sharpe, 2008.

  • speaker photo
    Ricardo Lafosse
    CISO, Morningstar

    Ricardo Lafosse is chief information security officer for Morningstar. Lafosse is responsible for IT risk governance, software and product security, incident management, technical disaster recovery, and determining enterprise-wide security policies and procedures. Lafosse regularly presents on security topics at global conferences, including Defcon, MirCon, and ISACA CACS. Lafosse has more than 15 years of experience in information security for the government, finance, legal, and healthcare. Lafosse holds a Master’s in Information Assurance from the Iowa State University. He also holds the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) designations.

  • speaker photo
    Edward Marchewka
    Director, Information and Technology Services, Gift of Hope Organ and Tissue Donor Network

    Edward Marchewka is the Director of Information Technology for Gift of Hope Organ & Tissue Donor Network. He is also the creator of CHICAGO Metrics™, a platform to help manage your company's key IT and Information Security risks. Edward has completed, from Northern Illinois University, an MBA and an MS in Mathematics and, from Thomas Edison State College, a BS in Nuclear Engineering Technologies and a BA in Liberal Studies. He also holds a Certificates in Nonprofit Management and Leadership from the Kellogg School of Management at Northwestern University.

  • speaker photo
    Tina LaCroix-Hauri
    President and Practice Leader, CISO Advisory Services, Bradford Garrett Group, Former CISO for City of Chicago and Discover Financial

    Tina LaCroix-Hauri is the President and Practice Leader, CISO Advisory Services, for Bradford Garrett Group, a full service security professional services firm. Formerly the CISO for the City of Chicago, Global CISO for AON, CIO of Kudoz.com, and Director of Enterprise Risk Management for Discover Financial Services, Tina brings a considered and practical viewpoint to the executive core. Currently Tina is also an Adjunct Professor of IT Risk Management and member of the Industry Advisory Board of the Master of Science in Information Technology, McCormick School of Engineering, at Northwestern University, directly impacting future IT leaders. As Co-founder of the Chicago CISO Networking group, President Emeritus of the Chicago Chapter of the ISSA, former Executive Board Member of AITP, and Co-founder of the Chicago CISO of the Year Award program, she continuously works to elevate the position of, respect for, and viability of the role of the CISO.

    Tina holds an MBA from the Quinlan School of Business at Loyola University of Chicago, and a Bachelor's degree from Northwestern University. She has completed ongoing professional educational programs in Executive Financial and Strategic Leadership at Boston University, with the American Bankers Association, and Executive Education coursework at Northwestern University Kellogg School of Management. She is a also graduate of the Society of Information Management (SIM) Mid-Atlantic Regional Learning Forum.

  • speaker photo
    Scott Swanson
    Board Member & Sector Chief Program Leader, InfraGard Chicago Members Alliance

    Scott Swanson is a former cleared national security intelligence professional who has focused for the past decade on Business Risk Intelligence and Financial Crimes as a thought leader and practitioner. He currently works for PwC’s Financial Crimes Unit, is certified in Fraud Investigations, Mobile Forensics, Anti-Money Laundering, and focuses on applying threat intelligence across Cybercrime and Cyber Counterintelligence, Counterterrorism, Corporate/Competitive Intelligence and Crisis/Incident Response preparedness. He has a post-graduate degree from the University of St. Andrews in Security and Counterterrorism, a Master’s Degree in Strategic Intelligence, and undergraduate studies in Foreign Languages.

  • speaker photo
    Barry Herrin
    Founder, Herrin Health Law, P.C.

    Barry Herrin is the Founder of Herrin Health Law, P.C., a boutique law practice located in Atlanta, Georgia. He regularly assists health care providers in all segments of the industry on health care operations and compliance, medical information privacy and confidentiality, cybersecurity, and data breach response. He is admitted to the bars of the District of Columbia, Florida, Georgia, and North Carolina. Mr. Herrin is a Fellow of the American College of Healthcare Executives, a Fellow of the American Health Information Management Association, and a Fellow of the Healthcare Information and Management Systems Society. He also holds a certificate in cybersecurity from Georgia Tech and has been recognized as a subject matter expert in health care by the Infragard National Member Alliance.

  • speaker photo
    Tam Nguyen
    Cyber Threat Researcher, Federal Reserve Bank of Cleveland

    Tam Nguyen is an IEEE peer-reviewed cybersecurity researcher whose recent works include a long-term cyber threat evaluation & prediction strategy for the Federal Reserve Bank of Cleveland, and an accepted research paper on Software Defined Network's security to be presented in Paris, France. Tam's research interests include large-scale cyber threat modeling, cyber behavioral science, and applications of quantum computing in cybersecurity.

  • speaker photo
    Dr. Maurice Dawson Jr.
    Director, Center for Cyber Security and Forensics Education and Assistant Professor, Illinois Institute of Technology

    Maurice Dawson is a faculty member in the School of Applied Technology to serve as Director of Illinois Institute of Technology's Center for Cyber Security and Forensics Education, which is accredited by the National Security Agency. Maurice has earned a Doctor of Computer Science from Colorado Technical University in 2009 and a Ph.D. in Cybersecurity from London Metropolitan University in 2017. Prior to joining Illinois Tech, Maurice served as an Assistant Professor at the University of Missouri - St. Louis. Dawson has received multiple Fulbright Scholar Specialist Grants to Russia and Saudi Arabia for cybersecurity and data analytics. Recognized by the DoDD 8140 as an IA System Architect and Engineer, Manager, and Cybersecurity Service Provider.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store