Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, October 18, 2017
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: Spring Glade
    8:00 am
    SecureWorld PLUS Part 1 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Hillhaven

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, University of Massachusetts, President’s Office
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Windhaven

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    8:30 am
    Encrypting the Human Mind
    • session level icon
    speaker photo
    ESD Tech Analyst, Army Corp of Engineers - ACE-IT
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Fairview

    The human mind is the weakest link in cyber space. We will show what to look for to be safe online.

    8:30 am
    Blockchain + IoT = <3
    • session level icon
    speaker photo
    Co-Founder, Oaken Innovations
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Northbrook II

    Blockchain technology is very young and often times overhyped. In this talk we will cut through the hype and explore the use of blockchain technology to secure IoT devices. No previous understanding of blockchain technology is required to attend.

    8:30 am
    Shifting from “Incident” to “Continuous” Response
    • session level icon
    speaker photo
    Security Architecture - Information Security, ISSA, ISACA, ISC2
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Northbrook I

    The core of the next-generation security protection process will be continuous, pervasive monitoring and visibility that is constantly analyzed for indications of compromise. Security Monitoring will encompass as many layers of the IT stack as possible including network activity, endpoints, system interactions, application transactions and user activity
    My presentation will provide several security related scenarios where centralized security data analytics and adaptive security architecture are used to respond in a dynamic way to enable this next generation security protection. The design and benefit of joining the foundational elements of intelligence, context, and correlation with an adaptive architecture will be discussed. I will look behind the curtain of "marketecture" to the real and aspirational solutions for the SOC that will likely materialize as vendor products mature over the next few years.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: The Internet of Threats - A Look at Macro Trends in Technology and the Ever Expanding Cyber Threat Landscape
    • session level icon
    FUD is back, can you pitch it correctly?
    speaker photo
    CISO, Cigna
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Round Table: Selling Security to the C-Suite (Proactively selling security to the Executive Team)
    • session level icon
    (VIP / Invite Only)
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Spring Glade
    11:15 am
    GDPR Compliance: Key Issues and Practical Guidance
    • session level icon
    speaker photo
    Attorney, Katherine E. Britton, Esq.
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Northbrook II

    The General Data Protection Regulation (GDPR) is a uniform data security law becomes effective in May 25, 2018, as the primary law regulating how companies that store or process an EU citizens' personal data must protect that data. It applies to businesses in the EU and all businesses marketing services or goods to EU citizens regardless of their geographic location. The GDPR provides a baseline set of standards for companies that handle EU citizens’ data to better safeguard how EU citizens' personal data is processed and transferred. Penalties for non-compliance can be up to 4% of the violating company’s global annual revenue depending on the nature of the violation.

    The GDPR contains 11 chapters and 91 articles that:
    • give data subjects more control over personal data that is processed automatically.
    • require data breach notification to a government enforcer within 72 hours of learning of the breach and must provide certain specific details of the breach and requires data controllers to notify data subjects as quickly as possible of breaches when the breaches place their rights and freedoms at high risk.
    • require companies to perform Data Protection Impact Assessments to identify risks to consumer data and Data Protection Compliance Reviews to ensure those risks are addressed.
    • require most all companies to appoint a data protection officer to advise about GDPR compliance and act as a point of contact.

    Those data protection officers have certain reporting responsibilities as outlined in the GDPR. US regulators have looked to European privacy laws in their own enforcement and legislative actions. As geographic boundaries where companies do business and where customers access products and services, it is important to be aware of the GDPR’s requirements. Where the GDPR does apply, it is crucial for companies to comply in order to avoid potentially devastating fines.

    11:15 am
    Trend Micro: The Trends Within the Cyber Threat Landscape in 1H 2016
    • session level icon
    speaker photo
    Cybersecurity Expert, Trend Micro
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Sunnyslope

    The evolution of the TTP’s or Tactics, Techniques and Procedures in cybercrime in the 1H of 2016 based on threat intelligence derived from Trend Micro’s global Smart Protection Network™ with focus on ransomware and other key threats.

    11:15 am
    Representing Cyber Maturity
    • session level icon
    Finding an easy way to represent your program to the board.
    speaker photo
    Sr. Information Systems Auditor, Parkland Health
    speaker photo
    Director, Information Technology & Security, Texas Scottish Rite Hospital for Children
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Northbrook I

    Every organization has a unique way of representing their cyber security maturity. In this informative session, we will be covering a variety of topics including risk management, the full spectrum of security considerations, and 2 different approaches you can use to represent a maturing security program. Join Michael R. Smith and James Carpenter as they present two different views on how to evaluate whether an Information Security Department is maturing.

    11:15 am
    Radware: Cyber War Chronicles – Stories from the Virtual Trenches
    • session level icon
    speaker photo
    Security Evangelist, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Fairview

    2016 saw a continuation of some cybersecurity threats, as well as the emergence of some attack types and trends. Ransom attacks, political hacks, and new dynamics around the accessibility and capability of attack tools have added even more challenges to security. This session will explore some of the latest evolutions of the threat landscape, through a combination of market intelligence, real-world case studies, and direct insights from those on the front lines of cybersecurity.

    12:00 pm
    Advisory Council LUNCH Round Table - Public Cloud- Friend or Foe? (What is your Strategy?)
    • session level icon
    (VIP / Invite Only)
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Spring Glade
    12:15 pm
    LUNCH KEYNOTE: The Legal Case for Cybersecurity
    • session level icon
    speaker photo
    Cybersecurity & Data Privacy Attorney, Scheef & Stone, LLP and Cyber Future Foundation
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Shawn Tuma will explain why cybersecurity is a legal issue and overall business risk issue that companies must manage. He will address why federal, state, and international law (including the GDPR and NY Cyber Regs) requires companies to have a cyber risk management program and key components to include.

    1:15 pm
    Panel: Hazards on the Horizon - Emerging Threats
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Windhaven

    Just as in the days of yore, you must have watch guards in the tower scanning the horizon for enemy banners. If you follow cyber threats, then you know that the landscape is constantly changing. From the bring your own device (BYOD) workplace to mobile-malware, social engineering, and everything in between, information security has transformed. In order stay ahead of the ever-changing threats, it is imperative to constantly improve and change security policies. Join industry experts as they discuss the importance of rolling with the changes, and how your company can stop the threat before it gets to the castle gate.
    Panelists:
    Jon Clay, Trend Micro
    Mark Sanders, Venafi
    Mark Snyder, Juniper Networks
    Mark McDaniel, Arbor Networks
    Ron Winward, Radware
    Moderator: Robin Austin, Welsh Harris

    1:15 pm
    Panel: Manage the Damage
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Every week we learn about some business, government entity, bank, or healthcare entity in the news that has been hacked. Often times the intruders had been sitting collecting information for months before being discovered. Now more than ever it is crucial for organizations to develop, practice, and fine tune their incident response plans. When do you get law enforcement involved? What about the legal team or PR? Will your business recover? This panel discussion will tackle these issues as well as your questions on what you need to know after the hack.
    Panelists:
    Chris Murphy, Delta Risk
    Sean Stoutmeyer, Thales
    Carl Bolterstein, IronNet
    Tom Kulik, Scheef & Stone
    Moderator: Shaun Drutar, Fujitsu

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Your First and Last Line of Defense!
    • session level icon
    speaker photo
    Security Architect, Cimarex Energy Co.
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Sunnyslope

    Easy to remember actions that they can implement in their environment today, use my presentation as a template to create your own Security Awareness. Educate attendees about their home / private cyber lives today. Security Awareness has become the number one action in many companies that pays the most dividends in your network, do you have one?

    3:00 pm
    Internet of Bio-Nano Things: Using the In Vivo Biochemical & Connecting to the Electrical of the Human Internet
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Northbrook I

    The Internet of Things has become a topic of concern over the past few years: the interconnection of devices have brought to life the Internet in a manner seldom conceived in science and is looking to broaden its expansive nature. Enter nano-robotics with an extension of IoT called the Internet of Bio-NanoRobotic Things: linking human physiology and human vulnerability to the internet. How do we secure what we do not understand?

    3:00 pm
    Darktrace: AI for Cyber Defense
    • session level icon
    AI for Cyber Defense: That Machine Fights Back
    speaker photo
    Account Executive, Darktrace
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: Northbrook II

    From insiders to sophisticated external attackers, the reality of cyber security today is that the threat is already inside. A fundamentally new approach to cyber defense is needed to detect and investigate these threats that are already inside the network - before they turn into a full-blown crisis.

    Based on unsupervised machine learning and probabilistic mathematics developed by specialists from the University of Cambridge, new ‘immune system’ technologies are capable of learning the ‘self’ of an organization. By analyzing every network, device, and user, and modeling them as they go about their day-to-day activity, the Enterprise Immune System can establish a highly accurate understanding of normal behavior. It can therefore spot abnormal activity as it emerges, and even take precise, measured actions to automatically curb the threat.

    Rules and signatures are not keeping pace with today’s rapidly evolving cyber attacks. The Enterprise Immune System represents a fundamental step-change in automated cyber defense, is relied upon by organizations around the world, and can cover up to millions of devices.

    In this session, learn:
    • How new machine learning and mathematics are automating advanced cyber defense
    • Why 100% network visibility allows you to detect threats as they happen, or before they happen
    • How smart prioritization and visualization of threats allows for better resource allocation and lower risk
    • Real-world examples of unknown threats detected by ‘immune system’ technology

    3:00 pm
    Cryptography: What You Don't Know, and How it Can Hurt You
    • session level icon
    speaker photo
    Computer Scientist, Northcentral University
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Fairview

    There are gaps in most security professionals knowledge of cryptography, and these lead to significant security issues. This presentation is about filling those gaps.

    3:00 pm
    SecureWorld PLUS Part 2 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Hillhaven

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, University of Massachusetts, President’s Office
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Windhaven

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    3:45 pm
    Casino Happy Hour
    • session level icon
    Join us For the Casino After-Party: Networking, Games, Prizes, Drinks and Snacks
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 5:30 pm
    Location / Room: Exhibitor Floor

    Join your peers at 3:45 p.m. in the Exhibit Hall for beverages and snacks compliments of Juniper Networks. Test your luck at Blackjack, Roulette and Craps. Hand the voucher you receive at registration to one of the participating exhibitors to get started with $1,000 and win big for your chance at some cool prizes!
    Casino tables sponsored by: Critical Start, ISSA, Proofpoint, Secure Data Solutions and Delta Risk, Ixia

  • Thursday, October 19, 2017
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Hillhaven

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, University of Massachusetts, President’s Office
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Windhaven

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    8:00 am
    InfraGard Chapter Meeting: Insider Threat Indicators with short film: "Made in America"
    • session level icon
    Open to all Attendees - Light Breakfast Included
    speaker photo
    Special Agent, Federal Bureau of Investigation
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 9:15 am
    Location / Room: Keynote Theater

    Join InfraGard for their chapter meeting and presentation discussing: "Threat posed by insiders, and how a public/private partnership helps mitigate this threat." This session is for InfraGard members and anyone interested in the association.

    Presentation from an FBI Agent in the Counter Intelligence and Insider Threat group along with a showing of the movie, "Made in America," which tells the story of the formation of a powerful partnership between the FBI, a U.S. manufacturing company, and an informant willing to serve against a nuclear proliferation network. "Made in America” is based on a real investigation involving an Iranian proliferation network; however, the lessons learned are country agnostic and the “red flags” highlighted apply to all countries whose proliferation of exported, dual-use technologies could cause harm to our Nation’s security. It is a short film intended to educate private industry about the illicit procurement of U.S. export controlled items. This cautionary tale shows why every company should monitor the "red flags" exposing export control violations.
    Breakfast will be complimentary and we look forward to seeing you there!

    8:30 am
    Cybersecurity Crisis Management: A Prep Guide
    • session level icon
    Understanding why crisis management is different from incident response
    speaker photo
    CISO, Nationstar Mortgage
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 pm
    Location / Room: Northbrook I

    Data breaches are inevitable. A company’s survival could depend on the way it reacts and responds to a data breach. Cybersecurity crisis management goes beyond the nuances of day to day incident response and addresses the very specific elements that a company needs to implement in order to effectively survive a breach.

    8:30 am
    Data Breach Digest – Perspective is Reality
    • session level icon
    speaker photo
    Digital Forensics Investigator , Verizon RISK Team
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Fairview

    Data breaches are complex affairs. Response activities are proportionately complex involving various stakeholders with slightly different perspective. This presentation covers the 2017 "Data Breach Digest – Perspective is Reality"; a compendium of data breach scenarios told from different stakeholder points of view covering their decisions, actions and crucial lessons learned.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Defending the Nation in Cyber Space
    • session level icon
    Former Director of Operations at U.S. Cyber Command
    speaker photo
    Major General, U.S. Air Force (Retired)
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    The Russians hacked the election, the Chinese are stealing our trade secrets, the Iranians and North Koreans see cyber as the ultimate asymmetric attack vector against the United States. Every day, the country’s critical infrastructure is under attack—financial services, the electric grid, oil and gas, telecommunications, transportation. As the former Director of Operations at U.S. Cyber Command, Maj Gen (Ret) Brett Williams is one of the few speakers available who can talk with the credibility that comes from being on the front lines of defending the Nation in cyberspace. General Williams unique combination of both military and private sector experience, provides a clear understanding of the nation-state cyber threat and how it could impact business interests in every sector.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Round Table: Embracing & Securing IoT (What to do about Securing IoT Data)
    • session level icon
    (VIP / Invite Only)
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Spring Glade
    11:15 am
    The World at Cyber War!
    • session level icon
    speaker photo
    CTO, Welsh Harris Capital
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:15 pm
    Location / Room: Fairview

    We are blinded and handcuffed to the truth of our current cyber war and how it affects us every day. As long as we are constantly reacting to threats both personally and for our business, we are like the man brow sweating and running mad to keep all of his plates spinning in the air without dropping one.
    The only question you should ask yourself is…Not If, but when, you will prepare for your enemies? Where is your data?

    11:15 am
    Emerging Trends in Security
    • session level icon
    speaker photo
    Security Manager, Fujitsu
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Northbrook I

    Come hear and participate in discussion around new trends in security, threats, mitigations, and real
    world approaches to addressing the operational and security needs of your organization.

    11:15 am
    Mimecast: Email Security and the Importance of Cyber-Resiliency
    • session level icon
    speaker photo
    Solutions Engineer, Mimecast, North America
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Northbrook II

    The concept of cyber-resiliency and how it relates to the #1 attack vector for organizations.

    11:15 am
    Information Security Plans
    • session level icon
    speaker photo
    Counsel, Elkins PLC, ; Associate Fellow, Kings College, U. of London; non-resident Senior Fellow, Middle East Institute, Washington, D.C.
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Sunny Slope

    The presentation examines the need for policies, objectives, controls, processes and procedures to help companies manage the risk, threats, and vulnerabilities that can cause loss as a result of a cyber breach or loss of confidential/proprietary information. It examines organizational responsibilities, key steps in forging and executing an Information Security Plan, and what you can do to better protect yourself from loss.

    12:00 pm
    Advisory Council LUNCH Round Table - Is Your Security Framework Up to Par? (Getting the most out of your Security Framework)
    • session level icon
    (VIP / Invite Only)
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Spring Glade
    12:15 pm
    LUNCH KEYNOTE: Surviving the Siege: Medieval Lessons in Modern Security
    • session level icon
    Discover the 2017 SecureWorld Theme
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Warfare and the arts of intrusion have advanced considerably since the Middle Ages, but in many ways the principles of fortification we use today remain the same. The great castles of antiquity were ingeniously designed with multiple layers of physical security to protect their inhabitants from persistent, even advanced enemy threats. Their carefully planned and creative defensive measures provide rich metaphors, both positive and negative, for today’s cyber guardians. On the other hand, clever, daring, sometimes brilliant offensive strategies and tactics have historically breached battlements thought to be unassailable. Come join us as we examine lessons that can be applied to securing our own sophisticated digital fortresses.

    1:15 pm
    Security Vs Compliance
    • session level icon
    speaker photo
    CISO, Secutor Consulting
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:15 pm
    Location / Room: Windhaven
    1:15 pm
    Panel: Close the Front Gate: Identify all Travelers - Locking Down the Endpoints
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    One of the first lines of defense for a castle was the front gate or portcullis. When the need arose, they would simply close the gate and stop everyone from entering. Castle guards would stop each traveler and determine their identity and if they were a threat before letting them in. Sort of like today’s network access control and firewalls. Identity or the perception of one’s identity was all that mattered and a smart spy or thief would gain access to the castle with only minor delays. Our experts will discuss your options for defending your castle.
    Panelists:
    TJ Adamowicz, Mimecast
    Tom Roeh, ExtraHop
    Shawn Tuma, Scheef & Stone
    Bill White, State Farm
    Rick Pither, Sparkcognition
    Moderator: Scott Bonneau, Dr. Pepper Snapple Group

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Data Privacy for Information Security Professionals
    • session level icon
    Changing Our Old Compliance Methods
    speaker photo
    Data Protection, Privacy, and Security Professional, PS Innovations
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Northbrook I

    Just as we are getting IoT, cloud computing, SOX/HIPAA/FISMA etc. under our belts, Europe changed the rules. The General Data Protection Regulation (GDPR) may just change the way we look at "compliance" once and for all. This isn't just another regulation. We're going to need to make a fundamental change in the way we think about data to get past this newest challenge.

    3:00 pm
    Day in the Life of a Security Architect
    • session level icon
    speaker photo
    Lead Security Architect, DXC Technology
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Fairview

    This presentation will be engaging for technical & not-so-technical audiences, as I explain career progressions from IT Analyst, to software consultant, to lead security architect, & my experience designing security solutions for businesses & governments. I’ll gladly answer questions & share my advice for upcoming security professionals.

    3:00 pm
    Cyber Threats – Are You Mitigating Your Most Vulnerable Risk?
    • session level icon
    speaker photo
    Vice President, Information Security, Financial Institution
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Sunny Slope

    The human factor - what are you doing to mitigate your most vulnerable cyber security risk?

Exhibitors
  • Arbor Networks
    Booth: 710

    Arbor Networks is the leading provider of network security and management solutions for enterprise and service provider networks. Arbor Networks protects enterprises from distributed denial of service attacks and advanced malware using Arbor’s global network intelligence. Arbor's proven solutions help grow and protect customer networks, businesses and brands.

  • Bay Pay Forum
    Booth: n/a

    The BayPay Forum, a Silicon Valley-based international network composed of over 14,000 payment and commerce executives, entrepreneurs and investors from thousands of different companies, serves as a forum to connect members in identifying and understanding the emerging trends and innovations in the industry.

  • Binary Defense Systems
    Booth: 340

    BDS is a company that works with you to understand your environment, what you have and building defenses to combat what we face today and for the attacks of tomorrow. Technology is continuously changing, businesses change every day – in order to keep up with the changes, BDS has created an extensively flexible yet highly accurate way of detecting attackers. We are attackers, and we know the best ways in detecting how attackers breach your network. An added bonus with BDS – continual penetration tests are performed regularly to enhance and develop additional safeguards. We are here to defend, protect and secure your company.

  • CIOReview
    Booth: n/a

    CIOReview is a technology magazine that talks about the enterprise solutions that can redefine the business goals of enterprises tomorrow. It is the leading source that shares innovative enterprise solutions developed by established solutions providers, upcoming hot enterprises and is a neutral source for technology decision makers. Published from Fremont, California, CIOReview is an excellent platform for the enterprise to showcase their innovative solutions.

  • Cloud Security Alliance (CSA)
    Booth: 420

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Critical Start
    Booth: 600

    Critical Start is a cybersecurity company with a holistic, customer-focused approach. We work with our customers to understand the impact of IT on their business and determine the associated risks. Using this risk profile, we can offer big-picture guidance on the strategies and controls that will enable them to effectively manage risk and improve security. Critical Start is 100% employee owned by a team of experts who are passionate about security, quality and service. For more information on what sets us apart, visit criticalstart.com.

  • Darktrace
    Booth: 840

    Darktrace is the world’s leading machine learning company for cyber security. Created by mathematicians from the University of Cambridge, the Enterprise Immune System uses AI algorithms to automatically detect and take action against cyber-threats within all types of networks, including physical, cloud and virtualized networks, as well as IoT and industrial control systems. A self-configuring platform, Darktrace requires no prior set-up, identifying advanced threats in real time, including zero-days, insiders and stealthy, silent attackers. Headquartered in San Francisco and Cambridge, UK, Darktrace has 24 offices worldwide.

  • Delta Risk
    Booth: 810

    Delta Risk was founded in 2007 from a vision of strategic and operational effectiveness to assist private sector and government organizations in understanding their current cyber security posture and building advanced cyber defense and risk management capabilities. We are a global provider of strategic, operational, and advisory solutions, including managed security services and security consulting services. Delta Risk is a Chertoff Group company.

  • DirectDefense
    Booth: 610

    Founded in 2011, DirectDefense offers security services that are unmatched within the industry. Our core strength is our deep experience in performing assessments for a wide array of networks, platforms, and applications. Our seasoned consultants are focused on providing world-class security services to our clients.

    Regardless of industry – financial, insurance, retail, hospitality, healthcare, education, gaming, technology, or energy and utilities, our wealth of knowledge and experience can assist you in achieving your security testing and strategy goals.

  • EC-Council
    Booth: n/a

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • ExtraHop
    Booth: 650

    ExtraHop is a force multiplier for IT teams struggling with increasing complexity. With the ExtraHop platform, organizations can regain control over the security and performance of their applications and infrastructure, and capitalize on their data analytics opportunity to improve business operations and results. Learn more at www.extrahop.com

  • FireMon
    Booth: 410

    FireMon is at the forefront of the security management category, delivering first-ever functionality such as firewall behavior testing, workflow integration, traffic flow analysis and rule recertification. Our solutions have helped more than 1,500 organizations around the world gain visibility into and control over their complex network security infrastructures.

  • HOPZERO
    Booth: 200

    Firewalls control access, HOPZERO controls distance. Learn how newly patented technology automates setting of "packet toll value" controlling distance data may travel across networks. We keep sensitive database information inside the data center so hackers can't get a login prompt – even when firewalls fail.

  • InfraGard
    Booth: 310

    InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of individuals, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.

    The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.

  • IronNet
    Booth: 460

    IronNet is a Cybersecurity / Behavior Analytics Product and Cyber Services company started by former NSA Director Keith Alexander (retired 4-star General). IronDefense, our behavior analytics system, brings real-time visibility and cutting edge analytics to customer networks to discover the most elusive threats, then ranks them by risk through an expert system to amplify analyst capabilities.

  • ISC2
    Booth: 330

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation - The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • ISSA: North Texas
    Booth: 440

    The Dallas/Fort Worth area has many large corporations, government organizations, and educational institutions. Our membership comes from the network and information systems professionals of these organizations and institutions, as well as vendors of security products. We seek to provide our members with access to information and resources to assist their employers in securing critical information resources. Our monthly luncheon meetings, conferences, and other resources are available to members and non-members alike to assist in educating security practitioners of all types.

  • Ixia
    Booth: 300

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks.
    Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Juniper
    Booth: 510

    Our customers don’t set out to build networks. They build on ideas that reinvent, reimagine, and improve the world around them. It makes sense that we should begin there, too.

    Through our passion for creating high-performing networks, Juniper extends knowledge, collaboration, and human advancement in industries around the world—such as energy, healthcare, education, and many others.

    While our innovative product and services portfolio evolves continuously, we need to reach farther to secure our customers’ long-term success. We’re looking beyond the horizons of today’s business challenges, and the technology future we see is built on real-time service integration. That means everything we develop must align with our vision.

  • Kaspersky Lab
    Booth: 318

    In 1999, Kaspersky Lab was the first company to introduce integrated antivirus software for workstations, file servers and application servers running on Linux/FreeBSD operating systems. Today, the company offers a whole range of effective corporate security solutions for the most popular operating systems specifically designed for different types of businesses. The company?s product range covers all of the main information security requirements that businesses and large state organizations have to adhere to, including: excellent protection levels, adaptability to changing circumstances, scalability, compatibility with different platforms, high performance, high fault tolerance, ease of use and high value.

    One of the primary advantages of Kaspersky Lab?s corporate range is the easy, centralized management provided by Kaspersky Security Center that extends to the entire network regardless of the number and type of platforms used.

  • LockPath
    Booth: 630

    LockPath is a leader in integrated risk management solutions. We empower companies of all sizes to manage risk, demonstrate compliance, monitor information security and achieve audit-ready status. In 2017, we are expanding our application portfolio to provide our customers with more efficient and effective programs. Learn more at lockpath.com.

  • LogRhythm
    Booth: 150

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • Mimecast
    Booth: 850

    Mimecast Is Making Email Safer For Business.
    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service.
    Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • Proofpoint
    Booth: 540

    Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.

    Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.

  • Radware
    Booth: 400

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware's solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • Rapid7
    Booth: 130

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • Reblaze
    Booth: TBD

    A comprehensive, cloud-based protective shield for web platforms. Reblaze offers an all-in-one virtual private cloud solution (VPC) that includes DDoS protection, WAF, IPS, bot detection and anti-scraping solutions, and more. Using a unique approach, Reblaze protects its customers’ sites, web apps, and services by monitoring and cleansing incoming traffic before it reaches the protected data centers. Bandwidth and other resources auto-scale as needed. The platform is fully managed, always up-to-date, and provided via a SaaS monthly subscription. Reblaze is available on a try-before-you-buy basis, and can easily work with existing security solutions.

  • SAINT Corporation
    Booth: 140

    SAINT Corporation offers integrated vulnerability assessment, penetration testing, and security checklist compliance. Examine your network with the SAINT® vulnerability scanner, and expose where an attacker could breach your network. Go to a higher level of visibility with the SAINTexploit® penetration testing tool and exploit the vulnerability to prove its existence.

  • Secure Data Solutions
    Booth: 540

    Secure Data Solutions is a Texas based Security Partner providing comprehensive results to our clients and giving them confidence in their security strategy. Using fundamental and leading-edge security technologies, Secure Data Solutions delivers expertise and visibility in all aspects of Network and Cyber-Security.

  • Skybox Security
    Booth: 830

    Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.

  • Somansa
    Booth: 820

    Somansa is a global leader in Data Loss Prevention security to protect sensitive data from leakage. Somansa provides its worldwide customers in financial services, healthcare, government with a total DLP solution to Monitor, Prevent, and Discover sensitive data in the Network, Emails, Cloud Storage and Endpoints, USB’s, and Printing.

  • SparkCognition
    Booth: 450

    SparkCognition is a global leader in cognitive computing analytics. A highly awarded company recognized for cutting-edge technology, SparkCognition is successfully deploying a cognitive, data-driven analytics platform for clouds, devices, and the Internet of Things industrial and security markets by applying patented algorithms that deliver out-of-band, symptom-sensitive analytics, insights, and security. For more information on the company, its technology and team, please visit http://www.sparkcognition.com.

  • Synopsys
    Booth: 210

    Synopsys offers the most comprehensive solution for integrating security and quality into your SDLC and supply chain. Whether you’re well-versed in software security or just starting out, we provide the tools you need to ensure the integrity of the applications that power your business. We don’t stop when the test is over. Our experts also provide remediation guidance, program design services, and training that empower you to build and maintain secure software. For more information go to www.synopsys.com/software.

  • TechTarget
    Booth: n/a

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Thales e-Security
    Booth: 120

    Thales e-Security is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales e-Security is part of Thales Group.

  • Trend Micro
    Booth: 640

    As a global leader in cloud security, Trend Micro develops Internet content security and threat management solutions that make the world safe for businesses and consumers to exchange digital information. With more than 20 years of experience, we're recognized as the market leader in server security for delivering top-ranked client, server, and cloud-based security solutions that stop threats faster and protect data in physical, virtualized, and cloud environments.

  • TrustedSec
    Booth: 340

    Our #1 priority is you, our customer. We believe in our services and our quality of them. We truly care about each and every organization as much as you do. Our team is highly talented, skilled, senior, and not a commodity service like other INFOSEC consulting companies. TrustedSec’s model is to staff with only senior level resources and the highest quality of information security consulting. Our brand, reputation, and quality is how we have established ourselves in this industry and with the mindset of “always doing the right thing”. When we work with our customers, it’s more than “just another engagement” – it’s establishing an understanding with an organization, and working to make them better.

  • Unisys
    Booth: 150

    Unisys is a global information technology company that specializes in providing industry-focused solutions integrated with leading-edge security to clients in diverse markets. Unisys combines experienced security consulting, Stealth micro-segmentation security solutions and efficient managed security services to deliver dramatic improvement in security posture and operational efficiencies.
    Visit http://unisys.com/security for more information.

  • Venafi
    Booth: 100

    Venafi secures and protects keys and certificates so they can’t be used by bad guys in cyber attacks. Criminals want to gain trusted status and go undetected. This makes keys and certificates a prime target. Criminals steal and compromise keys and certificates that are not properly protected, and use them to circumvent security controls. This has become the attack of choice. As a Gartner-recognized Cool Vendor, Venafi delivered the first trust protection platform to secure cryptographic keys and digital certificates that businesses and governments depend on for secure communications, commerce, computing, and mobility. Venafi finds all keys and certificates and puts them under surveillance to detect anomalies. Vulnerable keys and certificates are fixed to prevent attack. Ongoing remediation is performed automatically. Venafi strengthens defenses of today’s critical security controls.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Larry Wilson
    CISO, University of Massachusetts, President’s Office

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    Robert Hergenroeder
    ESD Tech Analyst, Army Corp of Engineers - ACE-IT

    Hugh cyber security buff. Worked in Computer IT over the past 10 years and would like to do my part training people in online safety.

  • speaker photo
    Hudson Jameson
    Co-Founder, Oaken Innovations

    Hudson Jameson is a blockchain enthusiast and smart contract developer exploring the intersection of decentralized technologies and security. He is the co-founder at Oaken Innovations, an IoT blockchain start-up that builds identity and security solutions to smart cities and IoT devices.

  • speaker photo
    Bill White
    Security Architecture - Information Security, ISSA, ISACA, ISC2

    Bill is a professional with 30 years’ experience in IT Security, Fraud, InfoSec, and Risk Management. Bill is currently a member of the security architecture (DETECT, RESPOND and RECOVER) for a Fortune 50 company. He is a SME in the DETECT function, but also has extensive experience in Incident Response.

  • speaker photo
    James Beeson
    CISO, Cigna

    James has over 28 years of experience in cyber security and technology. He has 17 years of direct experience as an information security leader and is currently the Chief Information Security Officer at Cigna, a global health insurance company. James previously worked 20 years for General Electric in various security and technology leadership positions.

    James was an Evanta 2016 Breakaway Leadership Award finalist and a T.E.N. ISE North America Executive Award finalist in 2011.

    He has Co-Chaired the CISO Executive Summit in Dallas for the past eight years, and participates as a keynote speaker at various events across the globe.

    James also works closely with the SINET, the Security Innovation Network, to promote public and private sector collaboration and increase the awareness of innovative emerging companies.

    James is actively involved in FS-ISAC (Financial Services – Information Sharing and Analysis Center), ISSA (Information Systems Security Association), and ISACA (Information Systems Audit and Control Association), which work to drive standards, improvements, and networking in security and risk management globally.

    He has an MBA from Southern Methodist University and a BBA in Management and Leadership.

    He is a Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), and Six Sigma Quality certified.

  • speaker photo
    Katherine Britton
    Attorney, Katherine E. Britton, Esq.

    Katherine Elvira Britton is an attorney with a broad range of experience in regulatory compliance, corporate training and presentation and focuses her law practice on privacy and data security law, complex civil litigation, employment and human resources counseling, and consumer protection.

    Katherine advises clients and trains management and employees on compliance with federal and state privacy and data security laws, best practices, and self-regulatory programs, specifically focusing on issues involving emerging technologies. She evaluates clients’ compliance with federal, state, and self-regulatory requirements relating to the storage, transfer, sharing, and disposal of customer personal information. Katherine reviews, drafts, and negotiates vendor/supplier contracts, technology transactions, services and consulting agreements, and licensing agreements. Additionally, she drafts privacy policies, social media policies, and terms of use agreements for websites and applications tailored to clients’ business practices and implements changes to existing policies to address current and future data collection and use.

    Katherine earned her J.D. in 2007 from The John Marshall Law School, where she was an editor for The John Marshall Review of Intellectual Property Law, and her B.A. in 2004 from Tulane University. Katherine is a Certified Information Privacy Professional, Certified Privacy Manager, and is admitted to the bars in Illinois, the District of Columbia, and Texas.

  • speaker photo
    Jon Clay
    Cybersecurity Expert, Trend Micro

    Jon Clay is responsible for managing marketing messages and external publication of all the threat research and intelligence within Trend Micro as well different core technologies. As an accomplished public speaker with hundreds of speaking sessions around the globe, Jon focuses on the threat landscape and the use of big data in protecting against today’s sophisticated threats.

  • speaker photo
    Michael Smith
    Sr. Information Systems Auditor, Parkland Health

    Michael R. Smith, MBA, CISSP, CFE, CISA, CIA, PMP, ITIL, is a Healthcare Information Technology Professional with over thirty years of IT experience. Michael is a Sr. I.S. Auditor at Parkland in Dallas Texas specializing in performing information security assessments and audits focused around IT governance and regulatory compliance.

  • speaker photo
    James Carpenter
    Director, Information Technology & Security, Texas Scottish Rite Hospital for Children

    James Carpenter is a healthcare information technology & security professional with over 17 years of IT experience. James is currently the Director of Information Technology & Security for Texas Scottish Rite Hospital for Children in Dallas, Texas. Over the course of his career James has created and led healthcare information security teams and helped organizations successfully navigate the complex and ever-changing landscape of security and technology. James has been responsible for strategic design of information security programs, implementation of key enterprise information security technologies such as DLP, IDM/IAM, eDiscovery, MDM, and the teams and processes that support successful integration. James is a CISSP, CISM, and CISA and holds a Master’s degree in Strategic Planning from Amberton University.

  • speaker photo
    Ron Winward
    Security Evangelist, Radware

    Ron Winward is a Security Evangelist for Radware, where he helps execute the company’s thought leadership on today’s security threat landscape. Ron brings nearly 20 years of experience in the Internet service provider space, most recently as Director of Network Engineering for a global infrastructure and colocation provider. With an expertise in network architectures and DDoS mitigation, Ron has helped design solutions for carriers, enterprises, and cybersecurity service providers around the world.

  • speaker photo
    Shawn E. Tuma
    Cybersecurity & Data Privacy Attorney, Scheef & Stone, LLP and Cyber Future Foundation

    Shawn Tuma is an attorney internationally recognized in cybersecurity and data privacy law, which he has practiced since 1999. He is a Partner at Scheef & Stone. In 2016, the National Law Journal selected him as a Cybersecurity Law Trailblazer and Texas SuperLawyers selected him for the Top 100 Lawyers in DFW.

  • speaker photo
    Pedro Serrano
    Security Architect, Cimarex Energy Co.

    Pedro Serrano has over 35 years of experience managing and installing technical controls in networks around the world, 20 of those in military systems. He is the Security Architect for Cimarex Energy Company, an Oil and Gas exploration company and Professor at his local University and Technical Institute teaching infrastructure systems, security controls, and networking. Pedro has two postgraduates degrees one in Telecommunications Management from Oklahoma State University and the other in Computer Science from Tulsa University. Pedro serves as the Active Vice-president of the Information System Security Association (ISSA) chapter in Tulsa, Oklahoma and holds the CISSP certification from ISC2.

  • speaker photo
    DrPH Gregory "Junkbond" Carpenter
    Owner, GCE, LLC

    Former NSA/CSS & retired military, owner: GCE, National & Cyber Security contributer - newsl.org, BOD ATNA Systems, International Board of Advisors MacKenzie Institute; radio host, author: Reverse
    Deception translated into 4 languages. Frequently on Fox, ABD & SiriusXM; International Keynote Speaker. Recipient of NSA Military Performer of the Year Award.

  • speaker photo
    Andrew Gyenis
    Account Executive, Darktrace

    Andrew Gyenis is a Cybersecurity Account Executive at Darktrace, the world's leading machine learning company for cyber defense. He has worked extensively with clients across the numerous industry verticals, from Fortune 500 energy companies to the federal government, helping them deploy Darktrace's Enterprise Immune System, the only AI technology capabale of detecting and autonomously responding to early-stage cyber threats. Gyenis graduated with a bachelor's degree from Stanford University and is based out of Darktrace's Washington D.C. office.

  • speaker photo
    Chuck Easttom
    Computer Scientist, Northcentral University

    Mr. Easttom is the author of 25 books and over 40 research papers, and an inventor with 13 patents. He is also a frequent speaker on computer security topics.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Larry Wilson
    CISO, University of Massachusetts, President’s Office

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Larry Wilson
    CISO, University of Massachusetts, President’s Office

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    John C. Powers
    Special Agent, Federal Bureau of Investigation

    FBI Agent in the Counter Intelligence and Insider Threat group.

  • speaker photo
    Dr. Shamoun Siddiqui
    CISO, Nationstar Mortgage

    Dr. Shamoun Siddiqui has been a leader in the information security space for the past 10 years. He possesses a Bachelor’s and a Master’s degree in Mechanical Engineering and a Doctorate in Aerospace Engineering from the University of Texas at Austin. His recent employments include well known companies like Nationstar Mortgage, Sabre, CVS Caremark and Hitachi.

  • speaker photo
    Darren Windham
    Digital Forensics Investigator , Verizon RISK Team

    Darren is a Senior Investigative Response Consultant for the Verizon RISK Team. In this capacity, Darren responds to an array of cybersecurity incidents, performs forensic examinations, and assists organizations in implementing IR policies and procedures.

  • speaker photo
    Brett Williams
    Major General, U.S. Air Force (Retired)

    Major General (Ret) Brett Williams co-founded IronNet Cybersecurity and is the President of the Operations, Training and Security Division. Providing strategic vision and the foundational security platform solutions for IronNet, General Williams also serves as the Chief Security Officer responsible for product, enterprise and physical security. His division provides security analytics, hunt operations, and threat analysis and intelligence support for the IronNet Cyber Operations Center, as well as product training and support for client operations centers.

    A highly experienced combat fighter pilot, General Williams held several significant command positions during his 33-year career with the U.S. Air Force. As Director of Operations for U.S. Cyber Command, General Williams was the architect of DoD's operational approach to cyberspace operations. He was responsible for the operations and defense of DoD networks, and offensive cyberspace operations in support of U.S. strategic objectives. General Williams also served as Director of Operations (A30) at the Pentagon, leading more than 1,300 Airmen and civilians stationed worldwide; and as Director of Communications, Command and Control for U.S Pacific Command.

    As an authority on cybersecurity, General Williams has appeared on NBC's Meet the Press with Chuck Todd, ABC's This Week with George Stephanopoulos and MSNBC's The Last Word with Lawrence O'Donnell. In addition, he conducts cyber-risk training seminars for corporate boards as a faculty member of the National Association of Corporate Directors. He earned a BS in Computer Science from Duke University and three additional graduate degrees in management and national security studies.

  • speaker photo
    Robin Austin
    CTO, Welsh Harris Capital

    Through consolidating operational services for efficiency and providing game changing solutions, Robin Austin has reduced Operational and Capital Expenses for many. Robin’s 30+ years in technology and extensive knowledge of cyber security, infrastructure, mobility, and emerging technological advancements has made her the “go to” knowledgeable person for the best solutions for cyber security.

  • speaker photo
    Shaun Drutar
    Security Manager, Fujitsu

    A leading security practitioner with over 18 year of experience in cybersecurity, forensics, and incident
    response. Shaun leads security practice and persuits for a global technology organization.

  • speaker photo
    T.J. Adamowicz
    Solutions Engineer, Mimecast, North America

    An IT professional for over 15 years with more than half of that time dedicated to email, T.J. has worked in the university
    and financial sectors before coming to Mimecast, where he engages with many organizations in protecting against
    email-borne threats.

  • speaker photo
    James Farwell
    Counsel, Elkins PLC, ; Associate Fellow, Kings College, U. of London; non-resident Senior Fellow, Middle East Institute, Washington, D.C.

    James counsels clients in the areas of Cybersecurity and Privacy Protection. He has a CIPP/US certification from the International Association of Privacy Professionals. James advised the U.S. Department of Defense and U.S. Special Operations Command on cybersecurity and strategic communication. He served as consultant to the U.S. Department of Defense,

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    JP Hill
    CISO, Secutor Consulting

    With over 25 years experience, Mr. Hill provides expertise in cyber security management, control assessment, penetration testing, cloud security, threat and vulnerability management, business continuity planning, and Governance Risk and Compliance (GRC). He also is the President of (ISC)² Dallas-Fort Worth and he is a member of several advisory boards.

  • speaker photo
    Dione McBride, CISSP, CIPP/E
    Data Protection, Privacy, and Security Professional, PS Innovations

    Dione McBride is a subject matter expert who advises and develops privacy, information security and operational processes across multiple regulatory stands. Formerly a CISO for a publically held healthcare organization, she has held operational roles, created system architectures, developed software, managed customer support. She is the author of a technology textbook, has trained legal professionals on IT and translates geek to business value whenever possible. Her presentations are designed for a thought provoking and informative session.

  • speaker photo
    Marco Fernandes
    Lead Security Architect, DXC Technology

    Born & raised in Dallas, Marco loved cyber security since youth, leading him to become a Security Architect after graduating from UNT. Marco also served as President of the North Texas Cyber Security Association to help upcoming security professionals. Marco’s hobbies include fitness, card games, & marksmanship.

  • speaker photo
    Jacqueline Scarlett
    Vice President, Information Security, Financial Institution

    Over 20 years of experience within information technology management and information security applied within operations, cyber training and awareness and enterprise risk assessment and process auditing and partnering with financial services, automotive and legal industries. Proven track record developing, implementing strategies and systems to increase security to defend against cyber attacks.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store