- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, June 12, 20199:00 am[SecureWorld PLUS] Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework9 a.m. - 3 p.m. • Earn 12 CPEs!Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:
- SecureWorld Plus
9:00 am - 3:00 pmLocation / Room: 31The University of Massachusetts has developed a 6-hour SecureWorld PLUS training class that instructs attendees on the best practices for designing, building, and maintaining a cybersecurity program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the Framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program, and a Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M), and Executive Report
The class will help individuals and organizations acquire knowledge, skills, and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the instructor:
- Larry Wilson is the CISO for UMass President’s Office since 2009.
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation.
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past five years.
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework.
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
9:00 am[SecureWorld PLUS] Cyber Defense Ineffectiveness and What We Can Do About It9 a.m. - 3 p.m. • Earn 12 CPEs!CEO, Blue Goat CyberRegistration Level:- SecureWorld Plus
9:00 am - 3:00 pmLocation / Room: 30Alpine Security CEO, Christian Espinosa, a bronze sponsor of SecureWorld Chicago, hosts SecureWorld Plus training session on Cyber Defense Ineffectiveness and What We Can Do About It. Attendees will be exposed to data gathered from real-world penetration tests, audits, and incident responses, bringing attention to the current state of cyber defense. Attendees will become familiar with the top 5 trending cybersecurity misconceptions and learn actionable solutions and tools to approach cyber defense and to create a more secure world. Upon completion of this 6-hour training session, attendees will be eligible to receive 12 CPE’s.
“Ransomware & cyber extortion are effective because organizations blindly implement controls without a risk-based strategy, have poor cybersecurity awareness, and have difficulty determining the validity of ‘incriminating data’ used for cyber extortion.” -Christian Espinosa
Throughout this training session, Christian Espinosa will candidly discuss the following key elements:
- Despite all the Next-Gen tools, latest products, compliance requirements, etc., breaches still happen daily. Why is this, and what can we do about it?
- Data gathered from real-world penetration tests, audits, and incident responses to focus on the current state of cyber defense.
- Motivations, breaches, and primary tactics used by attackers.
- Opportunities and solutions to address common issues such as how more organizations focus on the wrong items, how egos get in the way, how compliance doesn’t really help, how risk is rarely assessed, and how cloud migrations can actually make security worse.
During this training session, you can expect to participate in group activities and discussions. Be open to new ideas and approaches. We can learn from each other.
Meet the Trainer:
Christian Espinosa is Alpine Security’s CEO/Founder and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a US Air Force veteran with a BS in Engineering from the US Air Force Academy and MBA from Webster University. Christian holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons. - Thursday, June 13, 20197:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 3:00 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 amAdvisory Council RoundTable (Breakfast & Coffee Served) - (VIP / Invite Only)CNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLCRegistration Level:- VIP / Exclusive
7:30 am - 8:30 amLocation / Room: 30This Roundtable is for our Advisory Council Members Only.
8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 3:00 pmLocation / Room: Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:30 amAdvisory Council Roundtable - (VIP / Invite Only)CISO, Tempus, Inc.Registration Level:- VIP / Exclusive
8:30 am - 9:30 amLocation / Room: 308:30 amThird Party Vendor/Supply Chain Security Risk ManagementSr. Strategic Advisor & vCISO, Sentinel TechnologiesRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 27How to build out and effectively run your own third-party vendor risk management program and/or begin conversations with the appropriate legal, procurement, and vendor management teams to begin implementing a third-party risk program.
8:30 am[Cisco] Crypto Gold Mine: Are Your Clients Safe?Technical Solutions Architect, Cisco UmbrellaRegistration Level:- Open Sessions
8:30 am - 9:15 amLocation / Room: 258:30 amISACA Chapter Meeting & Guest Presentation - Open to all AttendeesTopic: Planning Effective, Scenario-Driven Purple Team EngagementsBlue Team Coordinator, Zurich Insurance GroupRed Team Coordinator, Zurich Insurance GroupRegistration Level:- Open Sessions
8:30 am - 9:15 amLocation / Room: Keynote TheaterJoin this presentation to inquire how setting goals and starting with a solid scenario is key to building a Purple Team test that maximizes results. Hear how maintaining flexibility during the engagement can keep everyone on track and on schedule. Whether you are looking to improve effectiveness of internal Purple Team members or maximize value of third-party consultants, this presentation will help you start with a solid foundation, avoid some common pitfalls and extract the most value from this unique engagement.
9:30 amOPENING KEYNOTE — The Nation-State, the Corporation, and You: Cybersecurity in the Cyber AgeCNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLCRegistration Level:- Open Sessions
9:30 am - 10:15 amLocation / Room: Keynote Theater10:15 amConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
10:15 am - 11:15 amLocation / Room: Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
11:15 amLegal Issues in AI, IoT and the Cloud of the FutureProfessor, Researcher, Lawyer, EducationRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 31AI, IoT and the Cloud are no doubt changing the way we live in the future. This presentation discusses current and predicted legal issues in AI, IoT and the Cloud into the future. Legal areas cover privacy and security law, marketing law, and tech law more generally. Trends in how AI, IoT and the Cloud will be used in the future will be married with the potential legal issues that may present themselves in that context. This will permit insight into how the law may evolve in these areas and how we can be ready for our cyber future from this perspective. 11:15 amProtecting the BrandVP & CISO, DeVry UniversityRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 27When security practitioners look at brand risk, they often rely on security controls that focus on securing the organization for threat actors targeting the organization’s infrastructure in order to disrupt service, or steal confidential information. Often times, we forget about what is going on outside of the organization that could cause the organization’s brand harm as well. This presentation will discuss what is brand risk, how organizations need to account for the brand, and best practices to mitigate that risk.
11:15 am[Mimecast] Anatomy of an Attack: Live Email HackDirector, Systems Engineering, MimecastRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: 25Let’s face it: E-Mail is still the biggest entry point into your organization, even in secure environments. Security threats are real and debilitating, and they aren’t going away anytime soon. During this session, Mike Shine will paint the current threat landscape for email-borne attacks and demonstrate an actual live e-mail hack against a secure e-mail server. You will learn e-mail based attack methodologies and the tactics and tools being used to exploit your users, as well as how to enhance your email security posture going forward.
11:15 am[Trend Micro] Protecting Your Organization from Cyber-Physical AttacksVP, Infrastructure Strategies, Trend MicroRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: 26IoT poses huge security and privacy challenges to individuals and businesses. Technical measures, deployed at the endpoint, in the network, and on connected devices, are necessary but not sufficient to secure these extensions. Utilizing wide-ranging examples from smart buildings, smart ports, and smart cars to connected home and office devices, we will examine attack modes and effective layered protection. The session will then outline four methods for governing behavior—a mix of social pressure, financial sanctions, laws, and architecture—and reveal the secret to using a mix of these methods when developing an effective IoT security strategy.
12:15 pmLUNCH KEYNOTE: Quantum Computing, Blockchain, AI, STOP - Get Back to the BasicsCISO, The Kraft Heinz CompanyRegistration Level:- Open Sessions
12:15 pm - 1:00 pmLocation / Room: Keynote TheaterThere are more than 500 security vendors at any given time and as security practitioners we are bombarded with new technology at all times. While there is a need to stay ahead of the curve, we need to focus on the fundamentals. Tools can be ineffective if you cannot patch properly or in a timely fashion! In this presentation, I will highlight a couple breaches and dissect how security fundamentals would have either mitigated the impact of the breach or prevented it in the first place. Let’s fine tune the basics and then have AI tell us that we’re awesome.
1:15 pmPanel: Building a Better Mouse Trap (Emerging Threats)Director, Information and Technology Services, Gift of Hope Organ and Tissue Donor NetworkRegistration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: Keynote TheaterTo be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
Panelists:
Mike Shine, Mimecast
Ted Shorter, Keyfactor
John Kellerhals, Wheels Inc.
Brian Kovick, Mercy Home for Boys & Girls
Moderator: Edward Marchewka, Gift of Hope1:15 pmPanel: Battle for the Endpoint ContinuesFormer CISO, City of Chicago; President, Bradford Garrett GroupRegistration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: 25What are you doing to keep the network safe for your employees? You’ve got your fancy next-gen firewall and some A/V. Maybe even some biometrics or 2FA thrown in for safekeeping. We also keep hearing the IAM acronym thrown around. And what is Zero Trust? What are you missing? Oh, yeah… remote workers and IoT. Wouldn’t it be cool if you had someone to ask? Now you do. This panel will go through these questions and more. Join the group discussion as we address the challenges in endpoint and network security.
Panelists:
John Fatten, Cisco
Keith Weisman, Endgame
Gary Patterson, Home Partners of America
Brandon Meyer, Ensilo
Ron Pipkins, Alert Logic
Moderator: Tina Hauri, Bradford Garrett Group2:15 pmConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
2:15 pm - 3:00 pmLocation / Room: Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
2:30 pmNetworking Break — Dash for Prizes and CyberHunt winners announcedRegistration Level:- Open Sessions
2:30 pm - 2:45 pmLocation / Room: Exhibitor FloorBe sure to have your badge scanned with participating exhibitors throughout the day. Past prizes have included Kindles, Bose wireless headphones, gift cards, iPads, drones, and more! *Must be present to win.
3:00 pmInfraGard Meeting & Presentation- Open to all AttendeesTopic: Integrating Public and Private SectorBoard Member & Sector Chief Program Leader, InfraGard Chicago Members AllianceRegistration Level:- Open Sessions
3:00 pm - 3:45 pmLocation / Room: 25Interested in your local associations? Join InfraGard for a chapter meeting and guest presentation. This session is open to all attendees.
Presentation:
This session will show how the public/private sector integrates intelligence for mutual benefit.3:00 pmEmployer Data Breach Liability: The Employee as a Threat VectorLearn 6 big decisions organizations must make in response to insider threatFounder, Herrin Health Law, P.C.Registration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 31According to a 2014 IBM study, 31.5% of all cybersecurity incidents were perpetrated by malicious insiders, and 23.5% resulted from the activities of non-malicious insider threats. In 2017, statistics reported by the MIT Sloan Interdisciplinary Consortium showed that between 67% and 80% of cybersecurity incidents were linked to persons with legitimate access to the breached data infrastructure. A 2018 Ponemon Institute report confirms that this upward trend is not abating, as 64% of successful cyber attacks resulted from privileged user negligence, with another 23% being perpetrated by malicious insiders – a total of 87% of all incidents. Education having failed in many instances, with criminals becoming ever more sophisticated, and with the return on investment for perimeter defenses becoming slight, perhaps employers should consider their employees threat vectors and not innocent victims in cybercrime. 3:00 pmBuilding a Better Cyber Awareness Training System with Machine Learning and Artificial IntelligenceCybersecurity Engineer, CISSP, MS, MCS, MA, U.S. Department of Health and Human ServicesRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 26Cybersecurity awareness training (CAT) should be adaptable to the evolving cyber threat landscape, cost effective, and integrated well with other components. Unfortunately, few CAT systems can satisfy those requirements.
This presentation introduces a new smart model for conducting cybersecurity trainings based on ML/AI with three main goals: (1) training efforts are initiated by emerging relevant threats and delivered first to the most vulnerable members; (2) training results must be able to provide actionable intelligence to be employed by enterprise risk management, enterprise threat intelligence, and other systems; and (3) the CAT system must be effective and affordable.
3:00 pmRise of Industrial 4.0: Crippling a Country Through Cyber Attacks in ManufacturingDirector, Center for Cyber Security and Forensics Education and Assistant Professor, Illinois Institute of TechnologyRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 27When we think of the breach of data, it could be the least of the industry’s problems. The “hyperconnectivity” between smart robots and the cloud could leave entire sectors vulnerable to large-scale attacks with catastrophic cascading effects. At worse, these could take out a significant chunk of a country’s GDP. Tampering with equipment in factories producing food, for instance, could lead to incorrect nutrient levels and unsafe items bypassing proper checks.
- Alert LogicBooth: 115
Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.
- Alpine SecurityBooth: 430
Alpine Security is a Service Disabled Veteran owned Small Business. We have extensive experience with security audits, regulatory compliance audits, vulnerability assessments, penetration testing (network, application, web application, and physical), social engineering, incident response, digital forensics, and user awareness & technical training. Our team members are Industry Certified, bring vast project experience, highly educated, trusted, and experienced. We have been on United States government red teams and have experience with military cyber operations – offensive and defensive. Our team is also well-versed and experienced with commercial security assessments, audits, penetration testing, risk assessments, and incident response. We have performed penetration tests and assessments for numerous industries, including aerospace & defense, education, healthcare, financial, energy, and oil & gas. Our extensive experience in high-risk and complex environments ensures we are prepared to test your environment, regardless of the risk-level or complexity. We’ve been tested under fire.
- AppViewXBooth: 100
AppViewX is the most advanced certificate and key lifecycle automation platform. With their certificate lifecycle automation and management platform, CERT+, your enterprise can protect itself from cyber-attacks that can happen easily due to misused keys or expiring certificates. AppViewX CERT+ provides automated discovery, enrollment, monitoring, validation, expiry notification, renewal, provisioning, remediation, reporting and revocation of SSL/TLS certificates across networks including app servers, web servers, ADCs, proxies, firewalls, client and mobile devices. CERT+ helps enterprise IT manage and automate the entire lifecycle of their internal and external PKI.
- ApricornBooth: 435
Founded in 1983, Apricorn designs, manufactures, and supports storage innovations with your data’s security as our top priority. Our unique, patented approach is centered on being 100% hardware-encrypted, software-free, and cross-platform compatible. Trusted by numerous state, national, and international governments, as well as small and large corporations alike, Apricorn delivers advanced data security innovations designed to address today’s threats, as well as tomorrow’s.
- BackBoxBooth: 215
BackBox is the leading provider of Intelligent Automation for all Network and Security devices. BackBox provides the ability to schedule automated backup and storing of device configurations, single-click recovery, real-time inventory management, custom task automation, and pre-emptive health checks for all your critical devices on the network.
- BarracudaBooth: 320
At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-first, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data and applications with innovative solutions that grow and adapt with our customers’ journey. More than 200,000 organizations worldwide trust Barracuda to protect them—in ways they may not even know they are at risk—so they can focus on taking their business to the next level. For more information, visit barracuda.com.
- BinferBooth: 400
Binfer is the next generation of secure communication software that allows messaging, collaboration, file sharing, synchronization and more without storing user’s data on any third party systems.
- BitdefenderBooth: 119
Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.
From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.
- Checkmarx Inc.Booth: 217
Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.
- CHICAGO MetricsBooth: 400
CHICAGO Metrics® is a suite of SaaS tools to help you to have a better conversation with business leadership in terms that they understand. Translate between executives and technicians with a solid metrics program that takes any number of tactical metrics and aggregates them into the six business aligned Key Performance/Risk Indicators: Confidentiality, Human Resources, Integrity, Character, Availability, and GOld. Use the ROI Calculator to get the funding and resources you need. Evaluate vendors with our Vendor Risk Assessment Platform, which focuses on risk management and allows you to compare your program to your vendor’s program.
- Cisco UmbrellaBooth: 220
Cisco Umbrella is a cloud security platform that provides the first line of defense against threats on the internet wherever users go. And because its built into the foundation of the internet and delivered from the cloud, Umbrella is the simplest security product to deploy and delivers powerful, effective protection.
- Cloud Security Alliance – Chicago ChapterBooth: TBD
We are the Chicago Chapter of the Cloud Security Alliance (CSA). Our goal is to promote Cloud Computing Security in the Chicagoland area. We are actively recruiting knowledgeable security professionals to join help grow our Chapter. This is an excellent opportunity to meet take your career to the next level by networking with passionate Security professionals.
The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.
- CobaltBooth: 400
Cobalt’s Pentest as a Service (PtaaS) platform is modernizing traditional pentesting. By combining a SaaS platform with an exclusive community of testers, we deliver the real-time insights you need to remediate risk quickly and innovate securely.
- Code42Booth: 304
Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.
- DarktraceBooth: 301
Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.
The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.
- EC-CouncilBooth: n/a
International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.
- EndaceBooth: 140
Customers choose Endace products for one primary reason: they deliver, where competitor products fail. Whether it is capture accuracy, fidelity of time stamps, write-to-disk performance or speed of traffic retrieval, Endace is famous for delivering the very best performing products. Telcos, broadcasters, governments, defence departments, investment banks and many other large enterprises trust our products to help them manage their critical data networks.
- EndgameBooth: 117
Organizations spent $75 billion on security last year, yet they still face breaches at an alarming rate. Endgame exists to transform that paradigm and not accept breaches as the status quo.
To solve these challenges, we can’t apply the same people, processes and technology and expect different results.
We bring to bear the best across enterprise tech, security domain expertise, data science, user experience, and academia to challenge the industry-standard of what makes a good security product.
That’s what we’re doing everyday at Endgame.
- enSiloBooth: 135
enSilo protects businesses around the world from data breaches and disruption caused by cyber attacks. The enSilo Endpoint Security Platform comprehensively secures endpoints in real-time pre- and post-infection without alert fatigue, excessive dwell time or breach anxiety while also containing incident response costs by orchestrating automated detection, prevention and incident response actions against advanced malware. enSilo’s patented approach stops advanced malware with a high degree of precision, provides full system visibility and an intuitive user interface and combines next-generation antivirus (NGAV), application communication control, automated endpoint detection and response (EDR) with real-time blocking, threat hunting, incident response, and virtual patching capabilities in a single agent. The platform can be deployed either in the cloud or on-premises and supports multi-tenancy.
- ExabeamBooth: 213
Exabeam is a global cybersecurity leader that adds intelligence to every IT and security stack. The leader in Next-gen SIEM and XDR, Exabeam is reinventing the way security teams use analytics and automation to solve Threat Detection, Investigation, and Response (TDIR), from common security threats to the most critical that are difficult to identify. Exabeam offers a comprehensive cloud-delivered solution that leverages machine learning and automation using a prescriptive, outcomes-based approach to TDIR. We design and build products to help security teams detect external threats, compromised users and malicious adversaries, minimize false positives and best protect their organizations.
- Global Cyber AllianceBooth: TBD
The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org
- InfoSec-Conferences.comBooth: n/a
We’re the InfoSec community’s #1 ‘Go To’ resource for cybersecurity conference listings. Since 2012 we’ve provided cybersecurity professionals with accurate event listings that are manually checked and updated every day.
- InfraGard ChicagoBooth: TBD
All InfraGard participants are committed to the proposition that a robust exchange of information about threats to and actual attacks on these critical infrastructures is an important element for successful infrastructure protection efforts. This chapter is governed by our local bylaws.
The goal of InfraGard is to enable the flow of information so that the owners and operators of infrastructure assets can better protect themselves and so that the United States government can better discharge its law enforcement and national security responsibilities.
- ISACA Chicago ChapterBooth: TBD
Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the metro Chicago area.
Chapter meetings are generally held the third Thursday of each month at The Conference Center at One North Wacker (1 N. Wacker Drive, 2nd Floor, Chicago, Illinois 60606)
Please check our web site from time to time for the most up-to-date listing of chapter related events and training opportunities.
- ISC2 Chicago ChapterBooth: TBD
The mission of the Chicago Chapter is to advance the local Chicagoland information security community by providing its members with opportunities to increase knowledge, grow professional networks, share information and advance the profession as a whole by promoting certification, ethical behavior, and social responsibility.
Our members consist of ISC2 credentialed professionals who hold either a SSCP, CAP, CSSLP, and/or a CISSP or advanced concentration certification. Our chapter program is focused on sharing knowledge and exchanging ideas among security professionals in the local area. Ultimately, we want to advance the field of information security by educating practitioners and the public at large on how to protect and defend against security threats.
- ISSA Chicago ChapterBooth: TBD
The Chicago Chapter of the Information Systems Security Association (ISSA) has a mission to offer a stimulating combination of discussion forums, hands-on learning, CISSP certification training, conferences, and other events which are designed to enhance understanding and awareness of information security issues for information security professionals.
Whether you are exploring a career in cybersecurity, honing your technical expertise or an established security executive, the ISSA offers you a network of 10,000 colleagues worldwide to support you in managing technology risk and protecting critical information and infrastructure. Enhance your professional stature, expand your peer network and achieve your personal career goals. Your local chapter and ISSA International will provide you with a wealth of resources to keep you current with industry trends and developments in our ever-evolving field.
- Ixia, a Keysight BusinessBooth: 108
We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.
- KeyfactorBooth: 122
Keyfactor brings digital trust to the hyper-connected world with identity-first security for every machine and human. By simplifying PKI, automating certificate lifecycle management, and securing every device, workload, and thing, Keyfactor helps organizations move fast to establish digital trust at scale—and then maintain it. In a zero-trust world, every machine needs an identity and every identity must be managed. For more, visit keyfactor.com or follow @keyfactor.
- MimecastBooth: 225
Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.
- OktaBooth: 148
Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.
- ProcessUnityBooth: 324
ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources.
- SailPointBooth: 421
SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.
- Security InnovationBooth: 375
For almost two decades, global clients have trusted Security Innovation to help them learn how to defend software applications and sensitive data from cyber-threats and attacks. We understand the challenges facing today’s enterprise, where reputation and customer trust is on the front lines. That’s why we continually work to discover and overcome the latest security threats with our Centers of Excellence, and integrate this knowledge into every training and assessment solution we deliver.
- SiemplifyBooth: 422
The Siemplify team is comprised of cyber-security professionals, veterans of Israeli intelligence agencies. We bring rich experience in security analysis, management and operations and are backed by experts in data science and applied mathematics.
WE BELIEVE In the modern world of cyber threat analysis, investigation and management should be more holistic, intuitive and simple. Technology and data science should serve cyber security experts by providing all the relevant information about the threat in real-time and focus them in rapid decision making.
- Soliton Systems, Inc.Booth: 311
Soliton Systems is the #1 IT security solution provider in Japan, most notably providing market-leading authentication solutions for 13 consecutive years with over 16,000 installations. From users to devices to networks to applications, Soliton enables a seamless and effortless authentication experience for customers ranging from small businesses to multi-national enterprises across all industries.
Soliton Systems was founded in 1979 with the vision to create innovative solutions to exceed customer expectations, all without adding complexity, and we continue to set new standards in performance, quality and reliability. - TechTargetBooth: TBD
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- TrapX SecurityBooth: 133
TrapX Security is the pioneer and global leader in cyber deception technology. Their DeceptionGrid solution rapidly detects, deceives, and defeats advanced cyberattacks and human attackers in real-time. DeceptionGrid also provides automated, highly-accurate insight into malicious activity unseen by other types of cyber defenses. By deploying DeceptionGrid, you can create a proactive security posture, fundamentally halting the progression of an attack while changing the economics of cyberattacks by shifting the cost to the attacker. The TrapX Security customer-base includes Forbes Global 2000 commercial and government customers worldwide in sectors that include defense, healthcare, finance, energy, consumer products, and other key industries.
- Trend MicroBooth: 230
Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.
- VenafiBooth: 211
Venafi is the cybersecurity market leader in machine identity management, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, SSH, code signing, mobile and IoT. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise—on premises, mobile, virtual, cloud and IoT—at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.
With more than 30 patents, Venafi delivers innovative solutions for the world’s most demanding, security-conscious Global 5000 organizations and government agencies, including the top five U.S. health insurers; the top five U.S. airlines; the top four credit card issuers; three out of the top four accounting and consulting firms; four of the top five U.S. retailers; and the top four banks in each of the following countries: the U.S., the U.K., Australia and South Africa. Venafi is backed by top-tier investors, including TCV, Foundation Capital, Intel Capital, QuestMark Partners, Mercato Partners and NextEquity.
For more information, visit: www.venafi.com.
- VerodinBooth: 127
Verodin is mission-driven to help organizations remove assumptions and prove cybersecurity effectiveness with evidence-based data. Verodin’s Security Instrumentation Platform (SIP) enables customers to continuously validate that their cybersecurity controls are fully protecting their business-critical assets.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Christian EspinosaCEO, Blue Goat Cyber
Christian Espinosa is the CEO & Founder of Blue Goat Cyber and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a U.S. Air Force veteran with a BS in Engineering from the U.S. Air Force Academy and an MBA from Webster University. He holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.
- Col. Cedric LeightonCNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC
Cedric Leighton is a CNN Military Analyst and a retired United States Air Force Colonel. On CNN, he has provided incisive commentaries on the Israel-Hamas War, the War in Ukraine, the U.S. withdrawal from Afghanistan, and numerous other conflicts around the world. His analysis has been seen by millions of viewers around the world and provided much needed context to some of the most pressing national security issues of our time. As a U.S. Air Force officer, Colonel Leighton served at U.S. Special Operations Command, the Joint Staff, and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star. After serving 26 years as a U.S. Air Force Intelligence Officer, Col. Leighton founded a strategic risk consultancy and became the co-founder of CYFORIX, where he advises multinational businesses on developing better cyber strategies designed to reduce risk and unpredictability.
- Arvin VermaSr. Strategic Advisor & vCISO, Sentinel Technologies
Arvin Verma is a highly motivated cybersecurity professional, with over 14 years of experience across a multitude of cyber and IT domains. He has worked in multiple industries spanning over 5 Fortune 500 companies and Big 4 consulting. He is currently a vCISO within the SMB segment.
In addition, Arvin proudly served in the US Navy Reserves as a Cryptologic Warfare Officer. He also serves as a research fellow with the Cybersecurity Forum Initiative where he has co-authored several research papers in new cyber trends and best practices.
Arvin holds several leadership positions with InfraGard Chicago and InfraGard National. He currently serves as the National Sector Chief for the Information Technology Sector, National Sector Security and Resilience Program of InfraGard National.He also serves as an advisor to several private and public entities, several startup organizations and is a guest lecturer at several universities across the State of Illinois.
Arvin is ISC2 CISSP certified, CompTIA Security+ certified, ISO 27001 Lead Auditor certified and a CMMC Registered Practitioner. - John FattenTechnical Solutions Architect, Cisco Umbrella
- Austin RappeportBlue Team Coordinator, Zurich Insurance Group
Austin Rappeport is a Threat Defense Consultant working for Zurich Insurance on their global cybersecurity team. His team is responsible for managing Zurich's SIEM and integrating Zurich's security toolkit to allow for the automated detection of suspicious or malicious activity across Zurich's network. Previously, Austin worked for the Federal Energy Regulatory Commission, where he helped develop and audit compliance to the North American Electric Reliability Corporation's Critical Infrastructure Protection standards for the United States' electric sector. Austin graduated with a Bachelor's degree in Computer Engineering from the University of Illinois in Urbana/Champaign in 2011.
- Chris CarlisRed Team Coordinator, Zurich Insurance Group
Chris Carlis is a member of the Zurich Insurance Group Red Team and has built a career helping organizations become more secure through offensive testing. Locally, Chris is a community organizer in the Chicago area and helps coordinate several monthly gatherings designed to connect like-minded information security professionals. In his spare time, Chris enjoys practicing operational security and the spreading of misinformation.
- Col. Cedric LeightonCNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC
Cedric Leighton is a CNN Military Analyst and a retired United States Air Force Colonel. On CNN, he has provided incisive commentaries on the Israel-Hamas War, the War in Ukraine, the U.S. withdrawal from Afghanistan, and numerous other conflicts around the world. His analysis has been seen by millions of viewers around the world and provided much needed context to some of the most pressing national security issues of our time. As a U.S. Air Force officer, Colonel Leighton served at U.S. Special Operations Command, the Joint Staff, and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star. After serving 26 years as a U.S. Air Force Intelligence Officer, Col. Leighton founded a strategic risk consultancy and became the co-founder of CYFORIX, where he advises multinational businesses on developing better cyber strategies designed to reduce risk and unpredictability.
- Dr. Raj SachdevProfessor, Researcher, Lawyer, Education
Dr. Raj Sachdev is a professor, researcher, and internationally qualified lawyer (USA and England/Wales). He holds several degrees in business and law and has guest spoken at such institutions as Oxford, Cambridge, Stanford and major industry conferences including having given a TEDx talk. Over the last 15 years, he has taught 50+ different courses at other institutions including some as a part-time instructor at Stanford. He was formerly a visiting researcher at UC Berkeley.
Sachdev is the Dean of the Robert W. Plaster School of Business at Columbia College, where he has been faculty since 2017 and served as chair of the business department since 2018.
- Dr. Fred KwongVP & CISO, DeVry University
Dr. Fred Kwong has been in the information security and technology field for the past 20 years in working in education, financial, telecommunication, healthcare, and insurance sectors. He is an award-winning thought leader in security and currently works at DeVry University where he currently serves as the VP and Chief Information Security Officer. He is a member of several advisory boards and is a frequent speaker at national security forums on cyber security and information technology and is often asked to consult on matters of security and leadership
Fred also serves as an adjunct faculty member at Roosevelt and Benedictine Universities. He received his Bachelor of Arts in psychology and professional communications, Master of Business Administration in management information systems from Roosevelt University, and holds his Doctorate in organization development from Benedictine University. Fred has earned several certifications including the CISSP, CISA, CISM, CDPE, PCIP, PMP and ITILv3f.
- Mike ShineDirector, Systems Engineering, Mimecast
Mike has over 15 years’ experience designing and implementing IT security solutions for large enterprises, and he’s currently focused on making email safer for businesses. He actively participates in combating existing cyber threats and researching new threats out of Mimecast’s Chicago office. Mike holds a degree in Computer Engineering from Valparaiso University, and was born and raised on the south side of Chicago.
- William J. Malik, CISAVP, Infrastructure Strategies, Trend Micro
William Malik helps clients structure their IT environments to minimize the loss, alternation, or inadvertent exposure of sensitive information. His information technology career spans over four decades. Prior to Trend Micro, he worked at Gartner for twelve years where he led the information security strategies service and the application integration and middleware strategies service. Before Gartner, William was CTO of Waveset, an identity management vendor. He also co-authored the Cobit version 3 standard. In addition, he spent 12 years at IBM, where he worked in MVS development, testing, and business planning. William is a Certified Information Systems Auditor (CISA).
- Ricardo LafosseCISO, The Kraft Heinz Company
Ricardo Lafosse is responsible for IT risk governance, software and product security, incident management, technical disaster recovery, and determining enterprise-wide security policies and procedures. Lafosse regularly presents on security topics at global conferences, including Defcon, MirCon, and ISACA CACS. Lafosse has more than 15 years of experience in information security for the government, finance, legal, and healthcare. Lafosse holds a Master’s in Information Assurance from the Iowa State University. He also holds the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) designations.
- Edward MarchewkaDirector, Information and Technology Services, Gift of Hope Organ and Tissue Donor Network
Edward Marchewka is the Director of Information Technology for Gift of Hope Organ & Tissue Donor Network. He is also the creator of CHICAGO Metrics™, a platform to help manage your company's key IT and Information Security risks. Edward has completed, from Northern Illinois University, an MBA and an MS in Mathematics and, from Thomas Edison State College, a BS in Nuclear Engineering Technologies and a BA in Liberal Studies. He also holds a Certificates in Nonprofit Management and Leadership from the Kellogg School of Management at Northwestern University.
- Tina HauriFormer CISO, City of Chicago; President, Bradford Garrett Group
Tina is President of the Bradford Garrett Group. Her prior roles include CISO for the City of Chicago, Global CISO for AON, CIO for Kudoz.com, Director of Enterprise Risk Management for Discover Financial Services, and Global IT Security Program Manager for Perot Systems at Swiss Bank. As co-founder of the Chicago CISO Networking group, President Emeritus of the Chicago chapter of the ISSA, former Executive Board Member of AITP, and co-founder of the Chicago CISO of the Year Award program, she continuously works to elevate the position of, respect for, and viability of the role of the CISO. As a mentor, she works with others to achieve their objectives.
Tina is Adjunct Professor of IT Risk Management and a member of the Industry Advisory Board of the Master of Science in IT at the McCormick School of Engineering at Northwestern University. She holds an MBA from the Quinlan School of Business at Loyola University of Chicago, and a Bachelor's degree from Northwestern University. She has completed ongoing professional educational programs in Executive Financial and Strategic Leadership at Boston University, with the American Bankers Association, and Executive Education coursework at Northwestern University Kellogg School of Management. She is a also graduate of the Society of Information Management (SIM) Mid-Atlantic Regional Learning Forum.
- Scott SwansonBoard Member & Sector Chief Program Leader, InfraGard Chicago Members Alliance
Scott Swanson is a former cleared national security intelligence professional who has focused for the past decade on Business Risk Intelligence and Financial Crimes as a thought leader and practitioner. He currently works for PwC’s Financial Crimes Unit, is certified in Fraud Investigations, Mobile Forensics, Anti-Money Laundering, and focuses on applying threat intelligence across Cybercrime and Cyber Counterintelligence, Counterterrorism, Corporate/Competitive Intelligence and Crisis/Incident Response preparedness. He has a post-graduate degree from the University of St. Andrews in Security and Counterterrorism, a Master’s Degree in Strategic Intelligence, and undergraduate studies in Foreign Languages.
- Barry HerrinFounder, Herrin Health Law, P.C.
Barry Herrin is the Founder of Herrin Health Law, P.C., a boutique law practice located in Atlanta, Georgia. He regularly assists health care providers in all segments of the industry on health care operations and compliance, medical information privacy and confidentiality, cybersecurity, and data breach response. He is admitted to the bars of the District of Columbia, Florida, Georgia, and North Carolina. Mr. Herrin is a Fellow of the American College of Healthcare Executives, a Fellow of the American Health Information Management Association, and a Fellow of the Healthcare Information and Management Systems Society. He also holds a certificate in cybersecurity from Georgia Tech and has been recognized as a subject matter expert in health care by the Infragard National Member Alliance.
- Tam NguyenCybersecurity Engineer, CISSP, MS, MCS, MA, U.S. Department of Health and Human Services
Tam Nguyen is an IEEE and ACM peer-reviewed cybersecurity researcher whose with recent publications on Software Defined Network's security (CSNet - Paris, France), and instructional design evaluation of CEH v10 Online Course (IC4E - Tokyo, JP). Tam's research interests include large-scale cyber threat modeling, cyber behavioral science, and applications of quantum computing in cybersecurity. Tam is a CISSP and is working for the Federal Reserve Bank at Cleveland.
- Dr. Maurice Dawson Jr.Director, Center for Cyber Security and Forensics Education and Assistant Professor, Illinois Institute of Technology
Maurice Dawson is a faculty member in the School of Applied Technology to serve as Director of Illinois Institute of Technology's Center for Cyber Security and Forensics Education, which is accredited by the National Security Agency. Maurice has earned a Doctor of Computer Science from Colorado Technical University in 2009 and a Ph.D. in Cybersecurity from London Metropolitan University in 2017. Prior to joining Illinois Tech, Maurice served as an Assistant Professor at the University of Missouri - St. Louis. Dawson has received multiple Fulbright Scholar Specialist Grants to Russia and Saudi Arabia for cybersecurity and data analytics. Recognized by the DoDD 8140 as an IA System Architect and Engineer, Manager, and Cybersecurity Service Provider.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes