Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Tuesday, June 14, 2022
    9:00 am
    [PLUS Course] Developing a Comprehensive Ransomware Security Program
    • session level icon
    speaker photo
    CISO, Worcester Polytechnic Institute
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm

    The impact of the Colonial Pipeline hack on millions of homes and businesses is a sobering reminder of the way ransomware can paralyze essential infrastructure. Sadly, this strategy seems to be paying off for some hacking groups, as they see their success in payouts and financial value increasing—with multi-million dollar payouts now the new normal. Many of these at-risk industries have made the decision that ransom payment is the best of a bad set of options available to them.

    Malicious actors continue to adjust their ransomware tactics over time, to include pressuring victims for payment by threatening to release stolen data if they refuse to pay, and publicly naming and shaming victims as secondary forms of extortion. Malicious actors engage in lateral movement to target critical data and propagate ransomware across entire networks. These actors also increasingly use tactics, such as deleting system backups, that make restoration and recovery more difficult or infeasible for impacted organizations.

    This comprehensive training course will help organizations to design, build, and manage a comprehensive Ransomware Security Program.

    Part 1: Ransomware Overview – The Current Threat Landscape

    • What is ransomware and how does it work?
    • How ransomware attacks have changed—from 2016 to today
    • Today’s Ransomware Attacks: Big Game Hunting
    • Ransomware attacks against Critical Infrastructure

    Part 2: Understanding Ransomware Attacks  

    • What is the MITRE ATT&CK Framework?
    • MITRE ATT&CK Tactics, Techniques, Procedures
    • Mapping Ransomware Attacks to the MITRE Attack Framework
    • Key Stages of Ransomware Attacks (Initial Access, Lateral Movement, Privilege Escalation, …)

    Part 3:  Ransomware Security Best Practices 

    • CISA MS-ISAC Ransomware Guide
    • Higher Education Ransomware Playbook
    • NIST IR 8374 – Cybersecurity Framework Profile for Ransomware Risk Management
    • Ransomware and Cyber Insurance

    Part 4:  Conducting a Ransomware Readiness Assessment 

    • Step 1 – Ransomware Mitigation Strategy: Protect, Detect, Recover
    • Step 2 – Identify Critical Systems
    • Step 3 – Assess the Current State
    • Step 4 – Determine the Target State
    • Step 5 – Analyze Gaps, Assign Resources, Implement Safeguards
    • Step 6 – Report Results / Key Metrics / Dashboards
  • Wednesday, June 15, 2022
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge.

    7:30 am
    Advisory Council Roundtable Breakfast – (VIP / Invite only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    7:30 am - 8:20 am

    This roundtable discussion is for our Advisory Council members only.

    7:30 am
    Association Chapter Meetings
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:30 am - 8:20 am

    Participating professional associations and details to be announced.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 3:00 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:30 am
    [Opening Fireside Chat] BEC Attacks, Crypto, and the Investigative Powers of the Secret Service
    • session level icon
    speaker photo
    Financial Fraud Investigator, Global Investigative Operations Center, U.S. Secret Service
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    9:15 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:15 am - 9:45 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    9:45 am
    Cyber Workforce: REIMAGINED
    • session level icon
    speaker photo
    Executive Director, Women in CyberSecurity - WiCyS
    Registration Level:
    • session level iconConference Pass
    9:45 am - 10:30 am

    Imagine a workforce where inclusive cultures drive nonuniformity while lending itself to the powerful diversity of thought. One that challenges the status quo and inspires an environment where all genders, identities, cultures, ethnicities, races, backgrounds, and experiences are entered into a shared space of the cybersecurity workforce. Where the obstacles that existed before are tackled strategically and patiently. And a new reality of a gender-balanced workforce emerges.

    For us at Women in CyberSecurity (WiCyS), this new workforce is tomorrow’s reality that we work towards building every day. It’s more than a mission; it is the core of our existence and the driver of our actions. Join this session to hear stories of risks and change-makers where, collectively, we build the new workforce that represents us all.

    Key take-aways will include:

    • The diversity of thought is critical in the cybersecurity workforce
    • Programs that bridge the gap for underrepresented populations to enter and advance in cybersecurity careers exists
    • The needle for women in the cybersecurity workforce has moved ever so slightly; there is still more work to do
    9:45 am
    Déjà Vu All Over Again: The Student Body Left Problem
    • session level icon
    speaker photo
    CISO of North America, Checkmarx
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:30 am

    Recent Common Vulnerabilities and Exposures (CVE) announcements like Apache Log4j have upended software teams all over the world. Scheduled work comes to a grinding halt, and triage and emergency surgery must be performed on applications. If not prepared, this unplanned work can derail productivity for weeks or even months. The longer it takes, the more pressure is applied by management. You can reduce the impact.

    Secure software development isn’t always a top concern to the business unless you are in a highly regulated industry. Today, time to market is often more important than security, increasing the value of the product that you sell with continuous improvement and quick software releases. To create and maintain a lead on the competition, you have to be really good at Agile and DevOps.

    A potential scenario: the security team has called an emergency meeting. A new vulnerability has been publicly disclosed that impacts not only your software, but your company and your customers. Will the required remediation take hours or even weeks to complete? It depends on your preparedness.

    To improve your readiness and reduce impact, we will look at tips and actions you can take now.

    1. Learn more about the scope of the mess that was created by the Log4j CVE.
    2. Why most companies struggled to address it quickly.
    3. What steps you can take now to be ready for the next one.
    9:45 am
    Paving the Way to AppSec Program Success
    • session level icon
    How to build a scaleable enterprise-wide application security program.
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:30 am

    This presentation offers a fundamental approach to creating a foundation for an application security program that holistically addresses findings by creating a conduit between the information security teams—who often discover the issues—and the development teams, who know the application better than anyone and can re-mediate issues in the best possible fashion.

    10:40 am
    Seize the Breach: Why Breaches Still Occur and How to Mitigate Them
    • session level icon
    speaker photo
    Principal Engineer, Exabeam
    Registration Level:
    • session level iconOpen Sessions
    10:40 am - 11:25 am

    Breaches happen and 2021 was a record-breaking year for them. According to Identity Theft Resource Center (ITRC) research, there were 1,291 breaches publicly reported in 2021 as of Sept. 2021 compared to 1,108 breaches in 2020; that’s a 17% year-over-year increase. Meanwhile, millions are spent on security operations centers that aren’t stopping the breaches from happening. Join us for a discussion on:

    • Why SOC and security teams are way too limited by legacy SIEM
    • How machine learning-driven analytics and automation technologies provide unmatched threat detection, investigation, and response (TDIR) capabilities so security teams can respond more quickly and accurately to seize the breach and mitigate damage.
    • A simple maturity model based on outcomes and use cases that can vastly improved Security Operations
    10:40 am
    Reducing Implicit Trust in Your Cloud Service Provider
    • session level icon
    speaker photo
    Principal Solution Architect, Digital Identity and Security, Thales Cloud Security
    Registration Level:
    • session level iconOpen Sessions
    10:40 am - 11:25 am

    As organizations embark on a cloud-first strategy, they often find they’re placing excessive trust in their cloud service provider to protect the sensitivity of their organization’s assets, especially sensitive data. During this presentation, we provide an overview of how the cloud service provider requires you to participate in a shared security model and how your organization can retain control of your sensitive data encryption. In other words: your data, their cloud! We’ll discuss and show how using newer tools and techniques—that include split trust, ubiquitous data encryption, and contextual access—reduce and mitigate implicit trust in your cloud provider along with allowing you to manage your own encryption and manage access to your data in the cloud.

    10:40 am
    Ransomware Incident Command and Lessons Learned for Managers
    • session level icon
    Registration Level:
    • session level iconConference Pass
    10:40 am - 11:25 am

    This presentation presents a practical approach to incident command for managers at all levels, irrelevant of cyber expertise. Managers of all types are asked to take charge in critical situations and can benefit from leveraging proven crisis management processes during ransomware response.

    11:30 am
    [Lunch Keynote] Demystifying Zero Trust and Its Role in Cybersecurity
    • session level icon
    speaker photo
    CEO & Co-Founder, ThreatLocker
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:30 pm
    Location / Room: Keynote Theater

    The Zero Trust framework is based on the principle of “never trust, always verify.” Join us to learn about Zero Trust, how to adopt it, and the technologies you need to take control of your environment in the fight against ransomware.

    12:30 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:30 pm - 1:00 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    1:00 pm
    [Panel] The Current Threat Landscape
    • session level icon
    speaker photo
    Managing Principal - Security Services, Insight
    speaker photo
    Global Director of Sales Engineering, Digital Shadows
    speaker photo
    Solutions Director, Deepwatch
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:50 pm

    If we’ve learned one thing from the pandemic it’s that cybercriminals do not take breaks. They are constantly retooling and trying new approaches. They collaborate—often better than we do. It is time for us to join forces, identify the most likely of risks to our organizations, and strengthen our networks. We’ve got to get our developers on board, as well, as it’s got to be secure before it goes to market. And what about all the careless clicking from employees?

    It’s a huge task, but we don’t have to do it alone. Join our panel of experts as they unpack the current threat landscape and offer ideas on how to start making effective changes within your organization.

    1:00 pm
    [Panel] Tales from the Cloud: Doing More with Less
    • session level icon
    speaker photo
    Information Security Manager, Cobalt
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:50 pm

    The cloud saved many businesses when the pandemic hit. Some were already there and found new ways to thrive. For others, it was their first jump. It’s been almost two years now. Our panel will share what we’ve learned in this journey to the cloud—from doing more with less, to the ever-present insider threat risk, to supporting our DevOps teams like never before.

    2:00 pm
    Incident Response: Look Who's Talking
    • session level icon
    Registration Level:
    • session level iconConference Pass
    2:00 pm - 2:45 pm

    Key Takeaway:
    Learn the essential elements of crisis communications and reputation control for the cybersecurity team and the elements not exercised in most Incident Response plans.

    The ability to control the narrative during a cyber event will shape public perception of the company’s preparedness for a cyber event. In a cyber crisis, for everyone outside of the technical teams, perception is reality, and that reality may affect the company’s reputation long after the incident is over. Businesses have a significant reliance on technology; a breach of customer trust can be just as devastating as a network breach. Employees who are unsure of the circumstances will not hesitate to share on social media. Does the Incident Response plan account for reputation control? How will the company handle crisis communications during a cyber incident?

    2:00 pm
    Developing Cybersecurity Programs with Framework & Architecture Considerations
    • session level icon
    speaker photo
    Managing Principal - Security Services, Insight
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:45 pm

    Insight’s Darren Carroll offers critical perspective on today’s most important cybersecurity concerns. He explains how organizations can begin to build a measurable, monitorable, repeatable approach to a preventive security posture with respect to both framework and architecture. Learn how an all-in approach to enterprise risk management can prevent your organization from being caught off guard—and mitigate the risks, costs, and chaos of pivoting cybersecurity on the fly.

    2:00 pm
    (ISC)2 Chicago Chapter Meeting — Open to all attendees
    • session level icon
    Agent vs. Agentless Security
    speaker photo
    Executive Board Member, Chicago Chapter, (ISC)2
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:45 pm

    Discussion Topic: Agent vs. Agentless Security

    2:00 pm
    Going Passwordless: Authentication Fact or Fiction?
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:45 pm

    Are your internal customers tired of passwords? Are you tired of easily breaking their passwords? Well, look no further. Passwordless authentication is upon us and can be achieved for multi-factor authentication (MFA), while making our internal customers happy. How is this possible? Come and listen with your colleagues as I share how we rolled it out, describe the lessons learned, and share who the players are.

    Passwords are one of the most loathed controls in the wild. If you can’t beat ’em, join ’em. Learn who the passwordless alphas are and the lessons learned to achieve a win-win strategy within your company.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    2:45 pm
    Networking Break and Dash for Prizes
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:45 pm - 3:15 pm
    Location / Room: Exhibitor Hall

    Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

    Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

    3:15 pm
    [Closing Keynote] Suing the CISO and Beyond
    • session level icon
    What's Next? And How Worried Should C-Suite Executives Be?
    speaker photo
    Co-Founder & Managing Partner, XPAN Law Partners
    speaker photo
    CSO, Trexin Group
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 4:00 pm

    Starting at the end of 2020, the information security sector saw what could fairly be characterized as a seismic shift in the world of data privacy and cybersecurity as a result of the SolarWinds hacking incident. While cybersecurity and data privacy professionals hoped this would signal a change in the way organizations view that part of their business operations, it appears something different happened instead. A lawsuit arguably had been brewing for years in the industry, waiting for the right circumstances, and was finally filed against the C-Suite of SolarWinds, notably the Chief Information Security Officer (CISO). The complaint specifically, and maybe predictably, alleged in very direct language that the C-Suite intended to deceive investors into believing that SolarWinds was impenetrable against cyberattacks. The reality, we now know, is somewhat different but could nonetheless dramatically alter the way companies, and their appointed officers, view and react to assigned liability. So, there are several immediate and overarching questions currently idling, perhaps loudly, at the starting gate. Is it fair? Is this the future of cybersecurity litigation? How unpredictable will this terrain now be for information security leaders? Or better yet, for how long?

    This keynote will unpack the ramifications the SolarWinds lawsuit—along with other litigation involving the C-Suite—will have on the entire information security community, who will see long-reaching consequences to already-established practices and possibly unsettling legal fallout. We will discuss the diverse internal CISO versus outside attorney perspectives, contrasting what is fact versus fiction and hype. Lastly, we will also discuss how both organizations and industry leaders can prepare themselves to mitigate risks not related to a cyberattack while being diligent in addressing potential new liabilities wrapped with increased litigation worries in the legal sphere.

Exhibitors
  • Abnormal Security
    Booth:

    Abnormal is the most precise human behavior security engine for blocking all email attacks, including phishing, malware, ransomware, social engineering, executive impersonation, supply chain compromise, internal account compromise, spam, and graymail.
    Secure email gateways and built-in Microsoft and Google security struggle to block email attacks that pass reputation checks, have no URLs or attachments, and appear to come from trusted sources.

    Only Abnormal uses behavioral AI to profile known good behavior and analyzes over 45,000 signals to detect anomalies that deviate from these baselines, delivering maximum protection for global enterprises.

  • Armis, Inc
    Booth:

    Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust Armis’ unique out-of-band sensing technology to discover and analyze all managed and unmanaged devices, analyze endpoint behavior to identify risks and attacks, and protect information and systems.

  • Centripetal
    Booth:

    Centripetal is a three-time Deloitte Fast 500 company, whose cyber security systems are deployed in many of the world’s most mission critical networks. Our mission is to make the most advanced intelligence-based defense available to everyone as a service. Through our research we are resolving each of the technological challenges to put trust back into internet connection.

  • Checkmarx Inc.
    Booth:

    Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.

  • Cobalt Labs
    Booth:

    Cobalt’s Pentest as a Service (PtaaS) platform is modernizing traditional pentesting. By combining a SaaS platform with an exclusive community of testers, we deliver the real-time insights you need to remediate risk quickly and innovate securely.

  • Cybercrime Support Network
    Booth: N/A

    Cybercrime Support Network (CSN) is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime. CSN’s mission is to improve the plight of Americans facing the ever growing impact of cybercrime by bringing together national partners to support cybercrime victims before, during, and after.

  • Cybereason
    Booth:

    Cybereason was founded in 2012 by a team of ex-military cybersecurity experts with the mission of detecting and responding to complex cyber-attacks in real time. Cybereason is the only Endpoint Detection and Response platform deployed in user space that detects both known and unknown attacks and connects isolated indicators of compromise to form a complete, contextual attack story. Cybereason’s behavioral analytics engine continuously hunts for adversaries and reveals the timeline, root cause, adversarial activity, related communication and affected endpoints and users of every attack. Cybereason provides security teams with actionable data, enabling fast decision making and proper response.

  • Cyberhaven
    Booth:

    When the DLP market first emerged 20 years ago, the goal was to protect confidential information in on-premises databases, file servers, application servers, other data repositories, and endpoints. Today millions of sensitive documents, files, and other data are being exfiltrated in violation of corporate data policies every day because DLP is completely ineffective in the era of cloud-first applications and Zero Trust security. These data breaches result in stolen IP, damaged brands, and significant financial penalties. Let’s face it, DLP in its current form is nothing more than a compliance checkbox. Cyberhaven is transforming the DLP market and helping organizations secure all of the high-value data they must protect in order to compete and thrive in the digital economy. It’s a big hairy problem, and we are up to the challenge.

  • Cynet
    Booth:

    Cynet 360 is the world’s first autonomous breach protection platform. Cynet eliminates the need of complex multi-product stacks, making robust breach protection within reach for any organization.

  • Cyral
    Booth:

    Cyral delivers enterprise data security and governance across all data services such as S3, Snowflake, Kafka, MongoDB, Oracle and more.

    The cloud-native service is built on a stateless interception technology that monitors all data endpoint activity in real-time and enables unified visibility, identity federation and granular access controls.

    Cyral automates workflows and enables collaboration between DevOps and Security teams to operationalize assurance and prevent data leakage.

  • deepwatch
    Booth:

    deepwatch’s cloud SecOps platform and relentless customer focus are redefining the managed security services industry. Designed to be different, deepwatch provides customers with world-class managed security services and unrivaled value by extending their cybersecurity teams, curating leading technologies into deepwatch’s cloud SecOps platform, and proactively driving their SecOps maturity.

  • Digital Shadows
    Booth:

    Digital Shadows monitors and manages an organization’s digital risk, providing relevant threat intelligence across the widest range of data sources within the open, deep, and dark web to protect their brand, and reputation.

  • Exabeam
    Booth:

    Exabeam is a global cybersecurity leader that adds intelligence to every IT and security stack. The leader in Next-gen SIEM and XDR, Exabeam is reinventing the way security teams use analytics and automation to solve Threat Detection, Investigation, and Response (TDIR), from common security threats to the most critical that are difficult to identify. Exabeam offers a comprehensive cloud-delivered solution that leverages machine learning and automation using a prescriptive, outcomes-based approach to TDIR. We design and build products to help security teams detect external threats, compromised users and malicious adversaries, minimize false positives and best protect their organizations.

  • Insight
    Booth:

    Insight is a comprehensive solutions integrator that helps organizations transform technology, operations, and service delivery to meet challenges and future-proof the business. With a client-focused approach to delivery, we recommend the most appropriate solutions to drive digital transformation and modernization for innovation. As clients look for ways to optimize data for better business, empower speed and scale of service, and drive next-gen security, Insight delivers expertise that is grounded, unbiased, and refreshingly straightforward.

  • (ISC)2 Chicago Chapter
    Booth:

    The mission of the Chicago Chapter is to advance the local Chicagoland information security community by providing its members with opportunities to increase knowledge, grow professional networks, share information and advance the profession as a whole by promoting certification, ethical behavior, and social responsibility.

    Our members consist of (ISC)² credentialed professionals who hold either a SSCP, CAP, CSSLP, and/or a CISSP or advanced concentration certification. Our chapter program is focused on sharing knowledge and exchanging ideas among security professionals in the local area.  Ultimately, we want to advance the field of information security by educating practitioners and the public at large on how to protect and defend against security threats.

  • Okta
    Booth:

    Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

  • Open Systems
    Booth:

    The escalated threat level, the cyber talent shortage, and the sheer complexity of deploying and managing a multitude of security solutions, are the perfect storm for security and IT teams. We are deeply passionate about protecting organizations from that storm.

    We provide a set of AI-based, cloud-delivered security solutions that are simple to deploy and manage, and provide the highest level of protection. And Mission Control, our integrated NOC and SOC, is staffed by experts, not only in threat hunting and cyber hygiene, but also in the proper configuration and maintenance of the Microsoft security stack. So we can leverage what you already own.

    The combination is changing the lives of our customers, giving them security traditionally reserved for only the largest organizations. We give them “shelter from the storm”. That is our passion.

  • Recorded Future
    Booth:

    Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.

  • Red Canary
    Booth:

    Red Canary was founded to create a world where every organization can make its greatest impact without fear of cyber attacks. As a security operations ally, we arm businesses of all sizes with outcome-focused solutions to quickly identify and shut down attacks from adversaries. Security teams can make a measurable improvement to security operations within minutes.

  • RiskRecon
    Booth:

    RiskRecon, a Mastercard company, provides cybersecurity ratings and insights that make it
    easy for enterprises to understand and act on their risks. RiskRecon is the only security rating
    solution that delivers risk-prioritized action plans custom-tuned to match customer risk priorities,
    enabling organizations to efficiently operate scalable, third-party risk management programs for
    dramatically better risk outcomes. Request a demo to learn more about our solution.

  • SALT Security
    Booth:

    The Salt Labs team of security researchers identifies API security vulnerabilities across both published and private applications and services. The team publishes its findings, following responsible disclosure or preserving anonymity, so that the larger industry can learn from the exposures and improve their API security.

  • Synopsys
    Booth:

    Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

  • TechTarget
    Booth: N/A

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tessian
    Booth:

    Tessian’s mission is to secure the human layer. Using machine learning technology, Tessian automatically stops data breaches and security threats caused by human error – like data exfiltration, accidental data loss, business email compromise and phishing attacks – with minimal disruption to employees’ workflow. As a result, employees are empowered to do their best work, without security getting in their way. Founded in 2013, Tessian is backed by renowned investors like March Capital, Sequoia, Accel, and Balderton and has offices in San Francisco, Boston and London.

  • ThreatLocker
    Booth:

    ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com

  • Women in CyberSecurity (WiCyS)
    Booth:

    Women in CyberSecurity (WiCyS) is the premier nonprofit organization with international reach dedicated to bringing together women in cybersecurity. Founded by Dr. Ambareen Siraj from Tennessee Tech University through a National Science Foundation grant in 2013, WiCyS offers opportunities and resources for its members and collaboration benefits for its sponsors and partners. The organization’s founding partners are Cisco, Facebook and Palo Alto Networks. WiCyS’ strategic partners include Amazon Web Services, Bloomberg, Cisco, Equifax, Facebook, Google, HERE Technologies, IBM, Lockheed Martin, Nike, Optum, Palo Alto Networks, PayPal, SANS Institute, Target, and University of California San Diego. To learn more about WiCyS, visit https://www.wicys.org.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson
    CISO, Worcester Polytechnic Institute

    Larry Wilson is a senior consultant and was formerly the Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Stephen Dougherty
    Financial Fraud Investigator, Global Investigative Operations Center, U.S. Secret Service

    Stephen Dougherty has over a decade of investigative experience. His career as a Financial Fraud Investigator in support of the federal government has played a pivotal role in criminal investigations, surrounding cyber-enabled financial crime, money laundering, human trafficking, identity theft, healthcare fraud, embezzlement, tax/government program fraud, dark web crimes, among others. Stephen’s main area of expertise is combatting money laundering in all its forms. Aside from this, Stephen has been proactive in identifying new and future trends in the world of financial crime. Such trends include the cyber security nexus of financial crimes and its ever-growing relationship in major financial crimes such as Business Email Compromise and the rise of the dark web and the use of virtual currency as a vehicle for facilitation of financial crimes. Stephen has been a leader and a mentor to other investigators teaching them how to uncover fraud internally and externally. Stephen is currently an investigator contracted to the U.S. Secret Service’s Global Investigative Operations Center (GIOC) in Washington D.C.

  • speaker photo
    Lynn Dohm
    Executive Director, Women in CyberSecurity - WiCyS

    Lynn Dohm brings more than 25 years of organizational and leadership experience to the WiCyS team as the Executive Director. She has long been committed to cybersecurity education and for the last 14 years held active roles in grant-funded programs and nonprofits that assist in providing educational solutions for the cybersecurity workforce. She is passionate about the need for diverse mindsets, skill sets and perspectives to solve problems that never previously existed and aims to facilitate learning opportunities and discussions on leading with inclusion, equity and allyship. In addition to Lynn being awarded Top 100 Women in Cybersecurity by Cyber Defense Magazine, she accepted the Nonprofit of the Year Award for WiCyS in 2020 and 2021, is on numerous cybersecurity judging panels, advisory boards, and is an inaugural member of (ISC)2’s DEI Task Force. She has been interviewed on TV and radio throughout the nation and is a keynote presenter, panelist and moderator for multiple international conferences, events and organizations.

  • speaker photo
    Peter Chestna
    CISO of North America, Checkmarx

    Pete Chestna serves as the CISO of North America at Checkmarx, where he provides customers and prospects with practical advice for building successful application security programs. Bringing more than 15 years of direct AppSec practitioner experience, Pete has held roles ranging from developer and development leader to his most recent position as the Global Head of AppSec for the Bank of Montreal.

    Over the years, Pete has led organizational transformations from Waterfall to Agile to DevOps and from monolith to microservice architectures. He is certified as both a scrum master and product owner. Stemming from his experience as both an avid practitioner and consultant, Pete has spoken internationally at numerous prominent security and developer conferences including DevOpsDays, All Day DevOps, OWASP AppSec, and DevSecCon.

    Pete has been granted three patents. He enjoys whiskey tourism, astronomy model rocketry, and listening to Rush in his spare time.

  • speaker photo
    Jim Chrisos
    Principal Engineer, Exabeam

    Jim officially started working in security as an analyst at a large MSSP. This experience enabled him to gain employment at large global organizations as an analyst before becoming an incident handler. It was in his capacity as an incident handler where he witnessed, first hand, nation state attacks. This left such a profound impact on Jim that he wanted to do whatever he could to assist other organizations defend against this threat. An opportunity arose that introduced a career change and ensuing uncertainty for Jim, now a seasoned incident handler. Jim took this chance with a small, unknown startup named FireEye and got into sales. Jim has been a sales engineer since that time and has not looked back. Jim is proud to call Exabeam home today where he is able to cater to incident handlers and security teams to help them defend themselves on the Internet. Jim has his father to thank for introducing him to InfoSec and also Cliff Stoll for the inspiration to become an incident handler. Other interests of Jim include collecting certifications, computers, cars and things that fly. He holds industry certifications including CISSP, GCIH, GCFA and Security+.

  • speaker photo
    David Ortega
    Principal Solution Architect, Digital Identity and Security, Thales Cloud Security

    David Ortega been a cybersecurity professional for more than 20 years with deep expertise in digital innovation utilizing modern cloud, data, and security solutions. David has had the pleasure of working with various industry leaders in finance, healthcare, government, higher education, and manufacturing services. His highly sought-after expertise is in security advisory services, architecture and solutions engineering, and digital transformation data-centric solutions that drives business value and manages risks.

  • speaker photo
    Danny Jenkins
    CEO & Co-Founder, ThreatLocker

    Danny Jenkins is the CEO and Co-Founder of ThreatLocker, a cybersecurity firm providing Zero Trust endpoint security. Danny is a leading expert in cybersecurity with over two decades of experience in building and securing corporate networks, including many roles on red teams and blue teams. He is dedicated to educating industry professionals about the latest cyber threats and frequently speaks on the topics of ransomware and Zero Trust. Before ThreatLocker, Danny co-founded MXSweep, a global provider of email and internet security SaaS applications that sold exclusively through the channel. Danny was also the CEO at Sirrustec, specializing in whitelabeled channel delivered email security.

  • speaker photo
    Darren Carroll
    Managing Principal - Security Services, Insight

    Darren is a risk management and information security leader with diverse global experience in operational, technical, management, and presales roles. He has had the pleasure to build and lead multiple diverse, dynamic, high-performing teams. Throughout his career, he has provided consultative thought leadership, strategic direction, and tactical response to multiple federal, state, and local agencies, many of the Fortune 100, and hundreds of mid-sized enterprises.

  • speaker photo
    MJ Knudsen
    Global Director of Sales Engineering, Digital Shadows
  • speaker photo
    Dan Janiczek
    Solutions Director, Deepwatch
  • speaker photo
    Mark Scrano
    Information Security Manager, Cobalt

    Mark Scrano is an information security manager at Cobalt, the leading pentest as a service company, where he focuses on maintaining network security, threat management and mitigation, vulnerability assessments, amongst other responsibilities. With over 15 years of experience he’s worked at notable companies including Vimeo, Paxos, and General Assembly. Previous to joining the world of infosec, Mark was a computer networking engineer.

  • speaker photo
    Panel Discussion
  • speaker photo
    Darren Carroll
    Managing Principal - Security Services, Insight

    Darren is a risk management and information security leader with diverse global experience in operational, technical, management, and presales roles. He has had the pleasure to build and lead multiple diverse, dynamic, high-performing teams. Throughout his career, he has provided consultative thought leadership, strategic direction, and tactical response to multiple federal, state, and local agencies, many of the Fortune 100, and hundreds of mid-sized enterprises.

  • speaker photo
    Nate Brady
    Executive Board Member, Chicago Chapter, (ISC)2
  • speaker photo
    Rebecca Rakoski
    Co-Founder & Managing Partner, XPAN Law Partners

    Rebecca L. Rakoski, Esq., is the managing partner at XPAN Law Partners. Rebecca counsels and defends public and private corporations, and their boards, during data breaches and responds to state/federal regulatory compliance and enforcement actions. She manages the intersection of state, federal, and international regulations that affect the transfer, storage, and collection of data to aggressively mitigate her client's litigation risks. As an experienced litigator, she has handled hundreds of matters in state and federal courts. Rebecca advises her clients on a proactive, multi-jurisdictional approach to identify and address data privacy and cybersecurity compliance gaps and potential liabilities. She works with clients to create and tailor a security and privacy governance program that fits their specific needs in order to limit their regulatory exposure.

    As a thought leader in the area of data privacy and cybersecurity, Rebecca serves on the New Jersey State Bar Association's Cyber Task Force. Rebecca is Vice-Chair Elect for the New Jersey State Bar Association's Bankruptcy Law Section, and also served on the Complex Business Litigation Committee that drafted and revised the Court Rules involving electronic discovery in complex litigation matters. She has been appointed in several litigation matters by the New Jersey Superior Court as a Discovery Special Master.

    Rebecca is on the Board of Governors for Temple University Health Systems, and is an adjunct professor at Drexel University’s Thomas R. Kline School of Law and Rowan University.

  • speaker photo
    Glenn Kapetansky
    CSO, Trexin Group

    Glenn Kapetansky has a passion for building systems, organizations, and teams, and has done so across a number of business sectors, technologies, and roles. For over 20 years, Glenn has advised senior executives and built teams throughout the delivery cycle: strategy, architecture, development, quality assurance, deployment, operational support, financials, and project planning. His credentials were earned in such diverse industries as healthcare, finance, energy, consumer products, and telecommunications. Glenn's current focus areas—as Senior Principal and Chief Security Officer at Trexin Group—are agile management, data protection, and audit/regulatory compliance.

    Glenn speaks and publishes on occasion. He has been named numerous times in various Who's Who, and is a repeat recipient of Bell Labs' Arno Penzias Award for Innovation in the Marketplace. He is active in CIO Roundtables, CISO Chicago, the Chicago Life Sciences Consortium, and the Technology Leaders' Association. Glenn's certifications and memberships include IEEE, ISC2 (CISSP), ISACA (CISA), and ITIL (SM).

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Don't miss out!

Join us for high-quality, affordable cybersecurity training and networking. Sign up today!