- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, May 15, 20199:00 am[SecureWorld PLUS] Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework9 a.m. - 3 p.m. • Earn 12 CPEs!Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:
- SecureWorld Plus
9:00 am - 3:00 pmLocation / Room: 202The University of Massachusetts has developed a 6-hour SecureWorld PLUS training class that instructs attendees on the best practices for designing, building, and maintaining a cybersecurity program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the Framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program, and a Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M), and Executive Report
The class will help individuals and organizations acquire knowledge, skills, and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the instructor:
- Larry Wilson is the CISO for UMass President’s Office since 2009.
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation.
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past five years.
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework.
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
- Thursday, May 16, 20197:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 3:00 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 3:00 pmLocation / Room: SecureWorld Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:30 amBuilding a Better Cyber Awareness Training System with Machine Learning and Artificial IntelligenceCybersecurity Engineer, CISSP, MS, MCS, MA, U.S. Department of Health and Human ServicesRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 203Cybersecurity awareness training (CAT) should be adaptable to the evolving cyber threat landscape, cost effective, and integrated well with other components. Unfortunately, few CAT systems can satisfy those requirements.
This presentation introduces a new smart model for conducting cybersecurity trainings based on ML/AI with three main goals: (1) training efforts are initiated by emerging relevant threats and delivered first to the most vulnerable members; (2) training results must be able to provide actionable intelligence to be employed by enterprise risk management, enterprise threat intelligence, and other systems; and (3) the CAT system must be effective and affordable.
8:30 amThe Anatomy of a HackSecurity Administrator, 19-facility Healthcare SystemRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 204This presentation will introduce you to the dark side of hacking. We’ll take you through the thought process, the preparation and the actual efforts that a true Black Hat hacker undertakes to compromise your systems. Once you are able to think like a Black Hat, then you can better defend your environment from a Black Hat. 8:30 amWhy a SIEM Isn't Always What It SeemsSr. Security Consultant, CroweRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 202Security Incident and Event Managers (SIEM) are a key tool for any good security program. The problem? SIEMs are often improperly implemented, lack proper configuration and tuning, and are not staffed properly. This leaves organizations with an expensive tool that doesn’t provide much of a return. From a financial and a value standpoint, small- and medium-sized organizations are better off partnering with an outsourced Security Operations Center (SOC). 9:30 amOPENING KEYNOTE: Growing the Cyber WorkforceAdvisory CISO, Cisco; Former CISO, The Ohio State UniversityRegistration Level:- Open Sessions
9:30 am - 10:30 amLocation / Room: Keynote TheaterWe know there is a shortage of talent, so what can a CISO do about it? Let’s explore ways to help the community grow, while helping your own company to find diverse, capable, affordable talent when and where you need it. We will talk about how to keep and develop that talent, and explore the pros and cons of formal education and on-the-job training approaches.
10:30 amConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
10:30 am - 11:15 amLocation / Room: SecureWorld Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
11:00 amAdvisory Council Roundtable - (VIP / Invite Only)CISO, American Financial GroupRegistration Level:- VIP / Exclusive
11:00 am - 12:00 pmLocation / Room: 108This session is for Advisory Council members only.
11:15 amIncident Response: Ready, Set, Test!Director of Compliance and Risk Management, Dinsmore & Shohl LLPRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 203Studies show the single most impactful factor to reducing the cost of a cyber breach is an Incident Response Team. Everyone knows the importance of having an Incident Response Plan, but what is the value of having one if it isn’t tested and communicated? This presentation describes how our security team planned, developed and executed our first IR Tabletop as well as will provide guidance on other considerations such as how to get leadership support to hold one for your organization.
11:15 am[Mimecast] Critical Areas to Improve Email Security & Resilience for Office 365Principal Security Strategist, MimecastRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: 202The success of Office 365 as a SaaS application is undeniable. In fact, Microsoft reports that 70% of the Fortune 500 have purchased it in the last year. If your organization isn’t currently using it there is an excellent chance it will soon! But what of security and resilience? Does Microsoft provide you everything you need here? In this session I will go through 10 critical security and resilience issues you should consider when using Office 365 in your organization.
11:15 amSocial Media and Why It Remains the Most Prevalent VectorVP, Threat Management & Cybersecurity Operations, GE AviationRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 204Social engineering remains a challenge to cyber professionals as it is a threat surface that is hard to control: human behavior. We will discuss different forms of social engineering and ways to reduce these threats.
11:15 am[Tenable] Quantifying the Attacker’s First-Mover AdvantageEnterprise Security Engineer, TenableRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: 201Security professionals are engaged in a continuous arms race with threat actors. In relation to vulnerabilities, this arms race is between attackers’ access to exploits and defenders’ ability to assess, remediate and mitigate them. The attackers gain and maintain the advantage if they can stay at least one step ahead of the defender, resulting in a window of exposure. The race is never-ending and begins again with every new vulnerability discovered. The finish line keeps shifting, with the attacker setting the pace.
12:00 pmAdvisory Council Lunch Roundtable – (VIP / Invite Only)CISO, American Financial GroupRegistration Level:- VIP / Exclusive
12:00 pm - 1:00 pmLocation / Room: 108This session is for Advisory Council members only.
12:15 pmLUNCH KEYNOTE: Building a Culture that Engages and Retains Top Talent: A Cincinnati Cybersecurity Start-Up Case StudyCISO, Fifth Third BankRegistration Level:- Open Sessions
12:15 pm - 1:00 pmLocation / Room: Keynote TheaterIn today’s cybersecurity job market, the talent on your team has a lot of options. In this session we will look at what Morphick, a Cincinnati-based cybersecurity start-up, did to attract, engage, and retain talent even when funding was tight. We will look at specific elements of culture, such as aligning to a mission and vision, creating a sense of team, creating opportunities for growth (even within a 30-40 person company), and more. If a start-up can grow and retain top talent over the course of years, so can you! 1:15 pmPanel: Cloudy With a Chance of BreachRegistration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: Keynote TheaterEverything old is new again. Migrating to the cloud certainly is not a new thing. It is for some smaller companies that are just now able to afford making the move to the cloud. Cloud boasts a secure, disaster proof option for companies to store their data offsite with access to that data from practically anywhere. So, who’s fault is it when the data is compromised? What if your information is stolen from the cloud because another user’s data was at fault? At the end of the day, isn’t the cloud just someone else’s computer? Join this panel discussion as they guide you through the pros and cons in migrating to the cloud.
Panelists:
Geoff Rance, Trend Micro
Kes Jecius, Redseal
Tim O’Connor, Cadre
Moderator: Tom Dager1:15 pmPanel: Building a Better Mouse Trap (Emerging Threats)Registration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: 201To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
Panelists:
Adam Gates, Malwarebytes
Paul Schofield, enSilo
Matthew Gardiner, Mimecast
Donovan Blaylock, Sailpoint
Moderator: Andy Willingham2:15 pmConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
2:15 pm - 3:00 pmLocation / Room: SecureWorld Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
2:30 pmNetworking Break — Dash for Prizes and CyberHunt winners announcedRegistration Level:- Open Sessions
2:30 pm - 2:45 pmLocation / Room: SecureWorld Exhibitor FloorBe sure to have your badge scanned with participating exhibitors throughout the day. Past prizes have included Kindles, Bose wireless headphones, gift cards, iPads, drones, and more! *Must be present to win.
3:00 pmStar Wars: How an Ineffective Data Governance Program Destroyed the Galactic EmpireVice President, Greater Cincinnati ISSARegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 202This session will be 100% vendor agnostic and focus on exploring the different types of data governance tools and control categories within IT Security. We will actively compare and contrast tools, techniques and tactics to allow an IT Security Practitioner to build actionable policies on how users can store, process, transmit and access data. We will discuss data governance role in the small, medium, large, and enterprise businesses, who the key stakeholders are, and strategies on how to win their support.
3:00 pmPCI’s Evolving Approach to Address NextGen ThreatsChief Technology Officer, PCI Security Standards CouncilRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 201Don’t miss this session for a look into the evolution of payments and security standards. Hear about some opportunities and challenges that have been created by the innovations in technology. This session will also cover how PCI SSC is addressing these changes and how you can help.
Note: Tools include people (e.g. ISA/QIR), process (DSE, DSS), and technology (P2PE, SPOC, Contactless).3:00 pmUtilizing Dashboards and Metrics to Drive Performance, Measure Success, and Decrease VulnerabilitiesHead of Information Security and Privacy, Safelite GroupRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 203Cyber and threat intel teams leverage numerous dashboards and metrics to guide key actions, intelligence and even performance. In a world of limited resources, capitalizing on these feeds and harnessing the business intelligence captured is critical for every security leader. In this session, Grant Sewell will speak on his experiences with operationalizing metrics in real-life scenarios to drive better results in security programs. This talk will emphasize the importance of leveraging the right BI from feeds to drive action across teams, and provide real-world examples of metrics to increase performance and establish more proactive partnerships across technology teams.
- Cincinnati Tri-State ASISBooth: TBD
The Cincinnati Tri-State Chapter and its members are committed to not only their own professional careers, but the security industry as a whole. The chapter promotes networking, education, and friendship with those in the fields of security and law enforcement. Our membership is comprised of professionals that work in different aspects of security and law enforcement.
If you are interested in joining ASIS, the Cincinnati Chapter, or attending a meeting to see what we are all about please contact us to find out more information. We look forward to hearing from you and growing with you professionally!
- Cadre Information SecurityBooth: 204
Data and network security is a critical element for any business, but it is not enough to win. To win, cybersecurity must be viewed through the prism of business process management, align with capabilities and core competencies of the business and be optimized to minimize or eliminate the friction. For more than 25 years, Cadre Information Security enables operationally obsessed, mid-market companies to lower their costs, gain more control and increase the velocity and impact of the efforts. For more information, visit www.cadre.net
- CDWBooth: 306
CDW is a leading multi-brand technology solutions provider to business, government, education and healthcare organizations in the United States, the United Kingdom and Canada. A Fortune 500 company with multi-national capabilities, CDW was founded in 1984 and employs more than 9,000 coworkers. For the year ended December 31, 2018, the company generated net sales over $16 billion. For more information about CDW, please visit www.CDW.com.
- Cincinnati Networking Professionals AssociationBooth: TBD
Established in 1991, the non-profit Network Professional Association (NPA) is a professional association for computer network professionals. Members adhere to a code-of ethics, demonstrate continual professional development and knowledge, adhere to the latest best practice standards, and strive for continual growth. International awards for professionalism honor individuals for outstanding achievements and meeting the values of professionalism.
The NPA offers a Certified Network Professional CNP credential and provides advocacy for workers in the field. Members receive a certificate of membership, quarterly journal publications, chapters and programs, and opportunities to volunteer and publish.
- EC-CouncilBooth: TBD
International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.
- ECTFBooth: TBD
As a result of the amalgamation of advanced technology and the Internet, both the quantity and sophistication of cybercrimes targeting U.S. financial institutions and critical infrastructure have increased. Today, criminal trends show an increased use of phishing emails, account takeovers, malicious software, hacking attacks and network intrusions resulting in significant data breaches. To protect the nation’s financial infrastructure from cyber and financial criminals, the Secret Service has adopted a multipronged approach.
- enSiloBooth: 104
enSilo protects businesses around the world from data breaches and disruption caused by cyber attacks. The enSilo Endpoint Security Platform comprehensively secures endpoints in real-time pre- and post-infection without alert fatigue, excessive dwell time or breach anxiety while also containing incident response costs by orchestrating automated detection, prevention and incident response actions against advanced malware. enSilo’s patented approach stops advanced malware with a high degree of precision, provides full system visibility and an intuitive user interface and combines next-generation antivirus (NGAV), application communication control, automated endpoint detection and response (EDR) with real-time blocking, threat hunting, incident response, and virtual patching capabilities in a single agent. The platform can be deployed either in the cloud or on-premises and supports multi-tenancy.
- GemaltoBooth: 302
Today’s enterprises depend on the cloud, data and software to make decisive decisions. That’s why the most respected brands and largest organizations in the world rely on Thales to help them protect their most sensitive information and software wherever it is created, accessed or stored – from the cloud and data centers to devices and across networks. As the global leader in cloud and data protection, our solutions enable organizations to move to the cloud securely, achieve compliance with confidence, and create more value from their software in the devices and services used by millions of consumers every day.
- InfoSec-Conferences.comBooth: n/a
We’re the InfoSec community’s #1 ‘Go To’ resource for cybersecurity conference listings. Since 2012 we’ve provided cybersecurity professionals with accurate event listings that are manually checked and updated every day.
- InfraGard CincinnatiBooth: TBD
The mission of the InfraGard Cincinnati Members Alliance is to increase the security of the United States’ national infrastructure through information exchange, education, outreach, and similar efforts. To accomplish our goal, we strive to maintain a close working relationship between federal agencies such as the Federal Bureau of Investigation and the Department of Homeland Security, law enforcement agencies, subject matter experts such as cybersecurity and physical security professionals, industry-specific experts, and numerous other professionals.
- ISACA CincinnatiBooth: TBD
The Greater Cincinnati ISACA® Chapter is a not-for-profit professional association serving the information technology audit, security, and control community. We support the areas of Cincinnati & Dayton, Ohio and Northern Kentucky. The chapter consists of over 450 professionals that represent a cross-section of the public, private, and not-for-profit business sectors at all levels within those industries.
Purpose: To promote the education of individuals for the improvement and development of their capabilities relating to the auditing of and/or management consulting in the field of Information Technology audit and control.
- ISC2 Cincinnati Tri-State ChapterBooth: TBD
Follow us on Twitter: https://twitter.com/Cinci_Tri_ISC2
- ISSA Greater Cincinnati ChapterBooth: TBD
The Greater Cincinnati Information Systems Security Association is a non-profit group dedicated to providing educational and networking opportunities to promote the exchange of ideas, knowledge, and member’s growth within the information security profession. The Greater Cincinnati Chapter will host monthly meetings with a variety of security professionals. Please check our events page for further information on upcoming events.
- Ixia, a Keysight BusinessBooth: 201
We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.
- MalwarebytesBooth: 106
Malwarebytes secures endpoints, making workplaces resilient. Our adaptive attack protection predicts and detects attacks with multi-layer detection across the kill chain. We enable active threat response with machine learning that is actionable and automated, allowing for full recovery when a compromise occurs. We empower enterprise endpoint orchestration across siloed IT and Security organizations, simplifying security management and making responses effective. Malwarebytes makes endpoints resilient so workplaces can protect and remediate, and employees can regain control of their digital lives. Visit us at www.malwarebytes.com/business.
- MimecastBooth: 202
Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.
- NexumBooth: 305
Nexum, Inc. is a cybersecurity and networking company that builds and secures global networks for organizations across multiple verticals around the world. In addition to its Chicago headquarters, Nexum has sales, training and support presence in Kentucky, Michigan, New Hampshire, Ohio, and Wisconsin, as well as the Security and Network Operations Command Centers (SNOCC) in New Mexico and Illinois.
- OktaBooth: 406
Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.
- OWASP CincinnatiBooth: TBD
OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas.
The Cincinnati chapter leads are Andy Willingham and Allison Shubert. Chapter meetings are free and open to anyone interested in information security, risk management, data protection and application security.
- ProcessUnityBooth: 205
ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources.
- RedSealBooth: 223
By focusing on cybersecurity fundamentals, RedSeal helps government agencies and Global 2000 companies measurably reduce their cyber risk. With RedSeal’s cyber terrain analytics platform and professional services, enterprises improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif.
- RSA a Dell Technologies CompanyBooth: 204
RSA Business-Driven Security™ solutions provide organizations with a unified approach to managing digital risk that hinges on integrated visibility, automated insights and coordinated actions. With solutions for rapid detection and response, user access control, consumer fraud protection, and integrated risk management, RSA customers can thrive and continuously adapt to transformational change.
- SailPointBooth: 206
SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.
- SiemplifyBooth: 303
The Siemplify team is comprised of cyber-security professionals, veterans of Israeli intelligence agencies. We bring rich experience in security analysis, management and operations and are backed by experts in data science and applied mathematics.
WE BELIEVE In the modern world of cyber threat analysis, investigation and management should be more holistic, intuitive and simple. Technology and data science should serve cyber security experts by providing all the relevant information about the threat in real-time and focus them in rapid decision making.
- SonatypeBooth: 304
Every day, developers rely on millions of third party and open source building blocks – known as components – to build the software that runs our world. Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don’t have to make the tradeoff between going fast and being secure. More than 120,000 organizations use Sonatype’s Nexus solutions to support agile, Continuous Delivery, and DevOps practices globally
- SymantecBooth: 306
Symantec is the world’s leading cyber security company. Organizations worldwide look to Symantec for strategic, integrated solutions to defend against sophisticated attacks, and more than 50 million people rely on Symantec’s Norton and LifeLock product suites to protect their digital lives at home. For more information, please visit www.symantec.com.
- TechTargetBooth: TBD
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- TenableBooth: 108
Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.
- The CircuitBooth: TBD
Our goal is to deliver education and informational programs; enable members to connect and foster collaboration between IT solution and service providers, corporate IT departments, the individuals within these organizations and the businesses that support them.
- Trend MicroBooth: 102
Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Tam NguyenCybersecurity Engineer, CISSP, MS, MCS, MA, U.S. Department of Health and Human Services
Tam Nguyen is an IEEE and ACM peer-reviewed cybersecurity researcher whose with recent publications on Software Defined Network's security (CSNet - Paris, France), and instructional design evaluation of CEH v10 Online Course (IC4E - Tokyo, JP). Tam's research interests include large-scale cyber threat modeling, cyber behavioral science, and applications of quantum computing in cybersecurity. Tam is a CISSP and is working for the Federal Reserve Bank at Cleveland.
- David HowardSecurity Administrator, 19-facility Healthcare System
David Howard is a CISSP, Certified Ethical Hacker, and holder of many other certifications. He also has 20 years of experience and currently is the senior member of the security staff of a regional hospital system. He is the host of Bring Your Own Security Radio, heard on iHeartRadio's app and many of their AM/FM stations nationwide, and is known as Dave The IT Guy on air.
- Joseph ThackerSr. Security Consultant, Crowe
Joseph Thacker, CISSP, is a Senior Staff Member in Crowe’s cybersecurity practice. With experience in software development, automation, and cybersecurity, he is serving in Security Engineer and Analyst roles to assist in the development and maturing of one of Crowe’s cybersecurity programs. He has a Bachelor’s degree in Computer Science and a Master’s degree in Cybersecurity and Information Assurance.
- Helen PattonAdvisory CISO, Cisco; Former CISO, The Ohio State University
With more years working in the Security, Risk, Privacy and Resiliency professions than she cares to say, Helen Patton advocates using information risk, security and privacy to enable the mission of organizations and to support society at large.
Helen is an Advisory CISO at Duo Security (now CISCO), where she shares security strategies with the security community. Previously, she was the CISO at The Ohio State University where she was awarded the ISE North American Academic/Public Sector Executive of the Year, and an Executive Director at JPMorgan Chase.
Helen actively encourages collaboration across and within industries, to enable better information security and privacy practices. She believes in improving diversity and inclusion in the workforce, and mentors people interested in pursuing careers in security, privacy and risk management.
Helen has a Master’s degree in Public Policy and has earned Certified Information Systems Auditor and Certified In Risk and Systems Control certifications from ISACA. She serves on the State of Ohio Cybersecurity Advisory Board and is a founding board member of the National Technology Security Coalition.
- JD RogersCISO, American Financial Group
JD Rogers is the Chief Information Security Officer for American Financial Group, where he leads the IT security vision, strategy and function for the insurance holding company. JD has more than 20 years of information security experience working in the energy, manufacturing, finance and insurance industries. He joined American Financial Group in 2008 as the Director of Information Security for Great American’s Annuity Group, and assumed leadership of this function enterprise-wide in 2013. In this role, he created a cross-company information security group—the first of its kind for the organization. Previously, he held information security positions at Toyota, Duke Energy and Cinergy. Placing a strong focus on security integration into business process and culture, JD serves as a security evangelist to the 36 different business units within American Financial Group, regularly conducting department-wide presentations and one-on-one conversations, as well as presenting at industry conferences such as Black Hat, SecureWorld and the Dayton Defense Conference. JD Rogers holds a Bachelor of Science in computer science from Northern Kentucky University and a Master of Science in information systems from the University of Denver. He also holds numerous designations, including Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and GIAC Certified ISO-27000 Specialist (G2700).
- Lynn WatsonDirector of Compliance and Risk Management, Dinsmore & Shohl LLP
Lynn is the Director of Compliance & Risk Management for Dinsmore & Shohl, a national law firm with 1,300 attorneys and employees in 26 offices. Lynn oversees the cybersecurity team and is responsible for all firm security policies, procedures, technology, and initiatives, including the incident response program.
- Matthew GardinerPrincipal Security Strategist, Mimecast
Matthew Gardiner is a Director of Security at Mimecast and is currently focused on email & web security, phishing, awareness training, malware, and cloud security. With more than 15 years focused in security, Matthew’s expertise in various roles includes threat detection & response, network monitoring, SIEM, endpoint threat detection, threat intelligence, identity & access management, Web access management, identity federation, cloud security, and IT compliance at RSA, Netegrity, and CA Technologies. Previously he was President and a member of the board of trustees of the security industry non-profit, the Kantara Initiative. Matthew has a BS in Electrical Engineering from the University of Pennsylvania and an SM in Management from MIT's Sloan School of Management.
- Lori AnelloVP, Threat Management & Cybersecurity Operations, GE Aviation
Lori Anello is an adaptive leader with broad background in leading large enterprise teams in the areas of infrastructure, security technology, application architecture, and business solutions. She started her career working for the National Institutes of Health and then moved into private industry in the areas of consulting and manufacturing companies. Lori is presently Executive VP of Threat Management and Cyber Operations for GE Aviation.
- Paul RussoEnterprise Security Engineer, Tenable
Paul is a passionate technologist focusing on solutions at the intersection of business and technology. He has over 20 years of industry experience architecting, deploying and consulting on enterprise solutions. In his current role as a Sr. Security Engineer for Tenable he helps organizations reduce risk due to Cyber Exposure.
- JD RogersCISO, American Financial Group
JD Rogers is the Chief Information Security Officer for American Financial Group, where he leads the IT security vision, strategy and function for the insurance holding company. JD has more than 20 years of information security experience working in the energy, manufacturing, finance and insurance industries. He joined American Financial Group in 2008 as the Director of Information Security for Great American’s Annuity Group, and assumed leadership of this function enterprise-wide in 2013. In this role, he created a cross-company information security group—the first of its kind for the organization. Previously, he held information security positions at Toyota, Duke Energy and Cinergy. Placing a strong focus on security integration into business process and culture, JD serves as a security evangelist to the 36 different business units within American Financial Group, regularly conducting department-wide presentations and one-on-one conversations, as well as presenting at industry conferences such as Black Hat, SecureWorld and the Dayton Defense Conference. JD Rogers holds a Bachelor of Science in computer science from Northern Kentucky University and a Master of Science in information systems from the University of Denver. He also holds numerous designations, including Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and GIAC Certified ISO-27000 Specialist (G2700).
- Brian MinickCISO, Fifth Third Bank
Brian Minick is CISO at Fifth Third Bank. Brian has responsibility for the bank’s information protection program. Brian is a noted speaker and published author. He brings 20 years of technology and cybersecurity leadership and experience to this position. Prior, Brian was VP of Managed Threat Services at Booz Allen Hamilton following the acquisition of Morphick, a pioneer in the Managed Detection and Response market, where Brian was Co-Founder and CEO. Before founding Morphick, he was CISO at General Electric’s Aviation, Energy and Transportation businesses where he was responsible for developing and implementing advanced cybersecurity strategies.
- Micah BrownVice President, Greater Cincinnati ISSA
Micah K. Brown is a member of the IT Security Engineering team at American Modern Insurance, part of the Munich RE Group. Over the past two years he has served as the lead Engineer on the DLP implementation for Data Loss Prevention for the Munich RE organizations located in North and South America. In this role Micah has learned the many intricacies of what works in a successful DLP project. In his free time, Micah serves on the Greater Cincinnati ISSA Chapter as Vice President. Micah graduated from the University of Cincinnati and holds an active CISSP.
- Troy LeachChief Technology Officer, PCI Security Standards Council
: Troy Leach is the Chief Technology Officer for the PCI Security Standards Council. In his role, Mr. Leach partners with Council representatives, Participating Organizations and industry leaders to develop comprehensive standards and strategies to secure payment card data and the supporting infrastructure. He is a congressional subject matter expert on payment security and holds advanced degrees from Syracuse University in network management and information security.
- Grant SewellHead of Information Security and Privacy, Safelite Group
Grant Sewell manages the Information Security and Privacy program at Safelite Group, the largest provider of vehicle glass repair, replacement, and calibration services in the United States. He serves on the board of directors for the Retail & Hospitality ISAC, the Central Ohio Chapter of (ISC)², and has held information security leadership roles with several Fortune 500 companies and U.S. Government agencies. Grant has more than a decade of experience in security, holds numerous industry certifications, and is a frequent speaker at regional and national conferences.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes