Click here to view registration types and pricing (PDF)
2017 Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, October 18, 2017
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: Spring Glade
    8:00 am
    SecureWorld PLUS Part 1 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Windhaven

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    8:00 am
    SecureWorld PLUS Part 1 – How To Build And Maintain A Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Shady Grove

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, University of Massachusetts, President’s Office
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    8:30 am
    Trends in Cyber Security Education
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    The workforce shortage of qualified cybersecurity professionals is acute and growing. But acquiring knowledge in cyber science that spans technology, law, ethics, psychology and more is an intellectual and organizational challenge. This talk discusses the educational choices of broad interdisciplinary vs. specialized programs, degrees vs. certificates, and face-to-face vs. online studies.

    8:30 am
    Encrypting the Human Mind
    • session level icon
    speaker photo
    ESD Tech Analyst, Army Corp of Engineers - ACE-IT
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Fairview

    The human mind is the weakest link in cyber space. We will show what to look for to be safe online.

    8:30 am
    Blockchain + IoT = <3
    • session level icon
    speaker photo
    Co-Founder, Oaken Innovations
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Keynote Theater

    Blockchain technology is very young and often times overhyped. In this talk we will cut through the hype and explore the use of blockchain technology to secure IoT devices. No previous understanding of blockchain technology is required to attend.

    8:30 am
    Shifting from “Incident” to “Continuous” Response
    • session level icon
    speaker photo
    Security Architecture - Information Security, ISSA, ISACA, ISC2
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Northbrook I

    The core of the next-generation security protection process will be continuous, pervasive monitoring and visibility that is constantly analyzed for indications of compromise. Security Monitoring will encompass as many layers of the IT stack as possible including network activity, endpoints, system interactions, application transactions and user activity
    My presentation will provide several security related scenarios where centralized security data analytics and adaptive security architecture are used to respond in a dynamic way to enable this next generation security protection. The design and benefit of joining the foundational elements of intelligence, context, and correlation with an adaptive architecture will be discussed. I will look behind the curtain of "marketecture" to the real and aspirational solutions for the SOC that will likely materialize as vendor products mature over the next few years.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: The Internet of Threats - A Look at Macro Trends in Technology and the Ever Expanding Cyber Threat Landscape
    • session level icon
    FUD is back, can you pitch it correctly?
    speaker photo
    CISO, Cigna
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Round Table: Selling Security to the C-Suite (Proactively selling security to the Executive Team)
    • session level icon
    (VIP / Invite Only)
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Spring Glade
    11:15 am
    GDPR Compliance: Key Issues and Practical Guidance
    • session level icon
    speaker photo
    Attorney, Katherine E. Britton, Esq.
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Northbrook II

    The General Data Protection Regulation (GDPR) is a uniform data security law becomes effective in May 25, 2018, as the primary law regulating how companies that store or process an EU citizens' personal data must protect that data. It applies to businesses in the EU and all businesses marketing services or goods to EU citizens regardless of their geographic location. The GDPR provides a baseline set of standards for companies that handle EU citizens’ data to better safeguard how EU citizens' personal data is processed and transferred. Penalties for non-compliance can be up to 4% of the violating company’s global annual revenue depending on the nature of the violation.

    The GDPR contains 11 chapters and 91 articles that:
    • give data subjects more control over personal data that is processed automatically.
    • require data breach notification to a government enforcer within 72 hours of learning of the breach and must provide certain specific details of the breach and requires data controllers to notify data subjects as quickly as possible of breaches when the breaches place their rights and freedoms at high risk.
    • require companies to perform Data Protection Impact Assessments to identify risks to consumer data and Data Protection Compliance Reviews to ensure those risks are addressed.
    • require most all companies to appoint a data protection officer to advise about GDPR compliance and act as a point of contact.

    Those data protection officers have certain reporting responsibilities as outlined in the GDPR. US regulators have looked to European privacy laws in their own enforcement and legislative actions. As geographic boundaries where companies do business and where customers access products and services, it is important to be aware of the GDPR’s requirements. Where the GDPR does apply, it is crucial for companies to comply in order to avoid potentially devastating fines.

    11:15 am
    Mobile Cyber Targets
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Mobile devices currently come in a large variety of options and as technology progresses those options and cyber risks will potentially become more a reality. So how are devices and data on them targeted now and how can a cyber mobile attack affect you and your business.

    11:15 am
    Radware: Cyber War Chronicles – Stories from the Virtual Trenches
    • session level icon
    speaker photo
    Security Evangelist, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    2016 saw a continuation of some cybersecurity threats, as well as the emergence of some attack types and trends. Ransom attacks, political hacks, and new dynamics around the accessibility and capability of attack tools have added even more challenges to security. This session will explore some of the latest evolutions of the threat landscape, through a combination of market intelligence, real-world case studies, and direct insights from those on the front lines of cybersecurity.

    11:15 am
    Surviving the Siege: Medieval Lessons in Modern Security
    • session level icon
    Discover the 2017 SecureWorld Theme
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Northbrook I

    Warfare and the arts of intrusion have advanced considerably since the Middle Ages, but in many ways the principles of fortification we use today remain the same. The great castles of antiquity were ingeniously designed with multiple layers of physical security to protect their inhabitants from persistent, even advanced enemy threats. Their carefully planned and creative defensive measures provide rich metaphors, both positive and negative, for today’s cyber guardians. On the other hand, clever, daring, sometimes brilliant offensive strategies and tactics have historically breached battlements thought to be unassailable. Come join us as we examine lessons that can be applied to securing our own sophisticated digital fortresses.

    12:00 pm
    Advisory Council LUNCH Round Table - Public Cloud- Friend or Foe? (What is your Strategy?)
    • session level icon
    (VIP / Invite Only)
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Spring Glade
    12:15 pm
    LUNCH KEYNOTE: The Legal Case for Cybersecurity
    • session level icon
    speaker photo
    Cybersecurity & Data Privacy Attorney, Scheef & Stone, LLP and Cyber Future Foundation
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Shawn Tuma will explain why cybersecurity is a legal issue and overall business risk issue that companies must manage. He will address why federal, state, and international law (including the GDPR and NY Cyber Regs) requires companies to have a cyber risk management program and key components to include.

    1:15 pm
    Panel: Hazards on the Horizon - Emerging Threats
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Windhaven

    Just as in the days of yore, you must have watch guards in the tower scanning the horizon for enemy banners. If you follow cyber threats, then you know that the landscape is constantly changing. From the bring your own device (BYOD) workplace to mobile-malware, social engineering, and everything in between, information security has transformed. In order stay ahead of the ever-changing threats, it is imperative to constantly improve and change security policies. Join industry experts as they discuss the importance of rolling with the changes, and how your company can stop the threat before it gets to the castle gate.

    1:15 pm
    Panel: Manage the Damage
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Every week we learn about some business, government entity, bank, or healthcare entity in the news that has been hacked. Often times the intruders had been sitting collecting information for months before being discovered. Now more than ever it is crucial for organizations to develop, practice, and fine tune their incident response plans. When do you get law enforcement involved? What about the legal team or PR? Will your business recover? This panel discussion will tackle these issues as well as your questions on what you need to know after the hack.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Your First and Last Line of Defense!
    • session level icon
    speaker photo
    Security Architect, Cimarex Energy Co.
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Easy to remember actions that they can implement in their environment today, use my presentation as a template to create your own Security Awareness. Educate attendees about their home / private cyber lives today. Security Awareness has become the number one action in many companies that pays the most dividends in your network, do you have one?

    3:00 pm
    Internet of Bio-Nano Things: Using the In Vivo Biochemical & Connecting to the Electrical of the Human Internet
    • session level icon
    speaker photo
    Owner, GCE, LLC
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 3:45 pm

    The Internet of Things has become a topic of concern over the past few years: the interconnection of devices have brought to life the Internet in a manner seldom conceived in science and is looking to broaden its expansive nature. Enter nano-robotics with an extension of IoT called the Internet of Bio-NanoRobotic Things: linking human physiology and human vulnerability to the internet. How do we secure what we do not understand?

    3:00 pm
    Darktrace: The Enterprise Immune System: Using Machine Learning for Next-Generation Cyber Defense
    • session level icon
    AI for Cyber Defense: That Machine Fights Back
    speaker photo
    Account Executive, Darktrace
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: Northbrook 2

    From insiders to sophisticated external attackers, the reality of cyber security today is that the threat is already inside. A fundamentally new approach to cyber defense is needed to detect and investigate these threats that are already inside the network - before they turn into a full-blown crisis.

    Based on unsupervised machine learning and probabilistic mathematics developed by specialists from the University of Cambridge, new ‘immune system’ technologies are capable of learning the ‘self’ of an organization. By analyzing every network, device, and user, and modeling them as they go about their day-to-day activity, the Enterprise Immune System can establish a highly accurate understanding of normal behavior. It can therefore spot abnormal activity as it emerges, and even take precise, measured actions to automatically curb the threat.

    Rules and signatures are not keeping pace with today’s rapidly evolving cyber attacks. The Enterprise Immune System represents a fundamental step-change in automated cyber defense, is relied upon by organizations around the world, and can cover up to millions of devices.

    In this session, learn:
    • How new machine learning and mathematics are automating advanced cyber defense
    • Why 100% network visibility allows you to detect threats as they happen, or before they happen
    • How smart prioritization and visualization of threats allows for better resource allocation and lower risk
    • Real-world examples of unknown threats detected by ‘immune system’ technology

    3:00 pm
    Cryptography: What You Don't Know, and How it Can Hurt You
    • session level icon
    speaker photo
    Computer Scientist, Chuck Easttom Consulting
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    There are gaps in most security professionals knowledge of cryptography, and these lead to significant security issues. This presentation is about filling those gaps.

    3:00 pm
    SecureWorld PLUS Part 2 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    3:00 pm
    SecureWorld PLUS Part 2 – How To Build And Maintain A Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, University of Massachusetts, President’s Office
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

  • Thursday, October 19, 2017
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    8:00 am
    SecureWorld PLUS Part 3 – How To Build And Maintain A Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, University of Massachusetts, President’s Office
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    8:00 am
    InfraGard Chapter Meeting - Open to all Attendees
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 9:15 am

    Join InfraGard for their chapter meeting and presentation. This session is for InfraGard members and anyone interested in the association. This is a great networking opportunity.

    8:30 am
    You’ve Issued the Risk Letter-Now What?
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    The principle reason for managing risk in an organization is to protect the mission and assets of the organization. In this interactive session, we will explore ways to deal with the business when they refuse to mitigate the risks and/or accept them.

    8:30 am
    A New Framework for Overcoming Common Security Challenges
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am

    This session will focus on challenges typically encountered in managing security operations teams like budget, talent management, and reducing noise. Often times, these challenges directly connect to tangible gaps in mission/vision/strategy. We will introduce a framework and approach for managing these challenges.

    8:30 am
    Cybersecurity Crisis Management: A Prep Guide
    • session level icon
    Understanding why crisis management is different from incident response
    speaker photo
    CISO, Nationstar Mortgage
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 pm

    Data breaches are inevitable. A company’s survival could depend on the way it reacts and responds to a data breach. Cybersecurity crisis management goes beyond the nuances of day to day incident response and addresses the very specific elements that a company needs to implement in order to effectively survive a breach.

    8:30 am
    Data Breach Digest – Perspective is Reality
    • session level icon
    speaker photo
    Digital Forensics Investigator , Verizon RISK Team
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Data breaches are complex affairs. Response activities are proportionately complex involving various stakeholders with slightly different perspective. This presentation covers the 2017 "Data Breach Digest – Perspective is Reality"; a compendium of data breach scenarios told from different stakeholder points of view covering their decisions, actions and crucial lessons learned.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Defending the Nation in Cyber Space
    • session level icon
    Former Director of Operations at U.S. Cyber Command
    speaker photo
    Major General, U.S. Air Force (Retired)
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am

    The Russians hacked the election, the Chinese are stealing our trade secrets, the Iranians and North Koreans see cyber as the ultimate asymmetric attack vector against the United States. Every day, the country’s critical infrastructure is under attack—financial services, the electric grid, oil and gas, telecommunications, transportation. As the former Director of Operations at U.S. Cyber Command, Maj Gen (Ret) Brett Williams is one of the few speakers available who can talk with the credibility that comes from being on the front lines of defending the Nation in cyberspace. General Williams unique combination of both military and private sector experience, provides a clear understanding of the nation-state cyber threat and how it could impact business interests in every sector.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Round Table: Embracing & Securing IoT (What to do about Securing IoT Data)
    • session level icon
    (VIP / Invite Only)
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    11:15 am
    The World at Cyber War!
    • session level icon
    speaker photo
    CTO, Welsh Harris Capital
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:15 pm

    We are blinded and handcuffed to the truth of our current cyber war and how it affects us every day. As long as we are constantly reacting to threats both personally and for our business, we are like the man brow sweating and running mad to keep all of his plates spinning in the air without dropping one.
    The only question you should ask yourself is…Not If, but when, you will prepare for your enemies? Where is your data?

    11:15 am
    Gaining Better Visibility Into Risk – The Future of GRC
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    In this session we will be discussing the general achievements and failings that clients have experienced utilizing GRC platforms and processes, where the market is headed, and how integration of different data sources and risk correlation techniques are starting to be utilized to get a better picture of risk.

    11:15 am
    Data Breach Digest – Perspective is Reality
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Data breaches are complex affairs. Response activities are proportionately complex involving various stakeholders with slightly different perspectives. This presentation covers the 2017 "Data Breach Digest – Perspective is Reality"; a compendium of data breach scenarios told from different stakeholder points of view covering their decisions, actions and crucial lessons learned.

    11:15 am
    Protecting Intellectual Property: Especially Trade Secrets
    • session level icon
    speaker photo
    Counsel with Elkins PLC, Elkins PLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    A data breach can cost a company millions of dollars and irreparable harm to reputation. The key lies in developing an Information Security Plan that employs administrative, technical, and physical controls. Mr. Farwell will discuss what companies need to know to develop and implement their own Information Security Plans.

    12:00 pm
    Advisory Council LUNCH Round Table - Is Your Security Framework Up to Par? (Getting the most out of your Security Framework)
    • session level icon
    (VIP / Invite Only)
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    12:15 pm
    LUNCH KEYNOTE
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    1:15 pm
    Panel: The Court Jester Has the Crown Jewels (Ransomware)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    Way back in the day if you wanted to get someone to bend to your will you could just kidnap the princess or steal the Crown Jewels. Kingdoms would do just about anything to get these things back. It was probably a bit easier to grab the princess and leave a note with your demands. The exchange of coin for the princess was a risky maneuver but worth the reward if you escaped. Now it just takes one foolish click to become a victim of ransomware. Sadly, they are not easily caught when you make the trade with bitcoin. This panel will talk about the current schemes happening with ransomware and how you can try to keep the Crown Jewels safe.

    1:15 pm
    Panel: Close the Front Gate: Identify all Travelers - Locking Down the Endpoints
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    One of the first lines of defense for a castle was the front gate or portcullis. When the need arose, they would simply close the gate and stop everyone from entering. Castle guards would stop each traveler and determine their identity and if they were a threat before letting them in. Sort of like today’s network access control and firewalls. Identity or the perception of one’s identity was all that mattered and a smart spy or thief would gain access to the castle with only minor delays. Our experts will discuss your options for defending your castle.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Data Privacy for Information Security Professionals
    • session level icon
    Changing Our Old Compliance Methods
    speaker photo
    Data Protection, Privacy, and Security Professional, PS Innovations
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Just as we are getting IoT, cloud computing, SOX/HIPAA/FISMA etc. under our belts, Europe changed the rules. The General Data Protection Regulation (GDPR) may just change the way we look at "compliance" once and for all. This isn't just another regulation. We're going to need to make a fundamental change in the way we think about data to get past this newest challenge.

    3:00 pm
    Day in the Life of a Security Architect
    • session level icon
    speaker photo
    Lead Security Solutions Architect, (ISC)²
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    This presentation will be engaging for technical & not-so-technical audiences, as I explain career progressions from IT Analyst, to software consultant, to lead security architect, & my experience designing security solutions for businesses & governments. I’ll gladly answer questions & share my advice for upcoming security professionals.

    3:00 pm
    Cyber Threats – Are You Mitigating Your Most Vulnerable Risk?
    • session level icon
    speaker photo
    Vice President, Information Security, Financial Institution
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    The human factor - what are you doing to mitigate your most vulnerable cyber security risk?

Exhibitors
  • Arbor Networks
    Booth: 710

    Arbor Networks is the leading provider of network security and management solutions for enterprise and service provider networks. Arbor Networks protects enterprises from distributed denial of service attacks and advanced malware using Arbor’s global network intelligence. Arbor's proven solutions help grow and protect customer networks, businesses and brands.

  • Binary Defense Systems
    Booth: 340

    BDS is a company that works with you to understand your environment, what you have and building defenses to combat what we face today and for the attacks of tomorrow. Technology is continuously changing, businesses change every day – in order to keep up with the changes, BDS has created an extensively flexible yet highly accurate way of detecting attackers. We are attackers, and we know the best ways in detecting how attackers breach your network. An added bonus with BDS – continual penetration tests are performed regularly to enhance and develop additional safeguards. We are here to defend, protect and secure your company.

  • Cloud Security Alliance (CSA)
    Booth: 420

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Critical Start
    Booth: 600

    Critical Start is a cybersecurity company with a holistic, customer-focused approach. We work with our customers to understand the impact of IT on their business and determine the associated risks. Using this risk profile, we can offer big-picture guidance on the strategies and controls that will enable them to effectively manage risk and improve security. Critical Start is 100% employee owned by a team of experts who are passionate about security, quality and service. For more information on what sets us apart, visit criticalstart.com.

  • Darktrace
    Booth: 840

    Darktrace is the world’s leading machine learning company for cyber security. Created by mathematicians from the University of Cambridge, the Enterprise Immune System uses AI algorithms to automatically detect and take action against cyber-threats within all types of networks, including physical, cloud and virtualized networks, as well as IoT and industrial control systems. A self-configuring platform, Darktrace requires no prior set-up, identifying advanced threats in real time, including zero-days, insiders and stealthy, silent attackers. Headquartered in San Francisco and Cambridge, UK, Darktrace has 24 offices worldwide.

  • Delta Risk
    Booth: 810

    Delta Risk was founded in 2007 from a vision of strategic and operational effectiveness to assist private sector and government organizations in understanding their current cyber security posture and building advanced cyber defense and risk management capabilities. We are a global provider of strategic, operational, and advisory solutions, including managed security services and security consulting services. Delta Risk is a Chertoff Group company.

  • DirectDefense
    Booth: 610

    Founded in 2011, DirectDefense offers security services that are unmatched within the industry. Our core strength is our deep experience in performing assessments for a wide array of networks, platforms, and applications. Our seasoned consultants are focused on providing world-class security services to our clients.

    Regardless of industry – financial, insurance, retail, hospitality, healthcare, education, gaming, technology, or energy and utilities, our wealth of knowledge and experience can assist you in achieving your security testing and strategy goals.

  • EC-Council
    Booth: TBD

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • FireMon
    Booth: 410

    FireMon is at the forefront of the security management category, delivering first-ever functionality such as firewall behavior testing, workflow integration, traffic flow analysis and rule recertification. Our solutions have helped more than 1,500 organizations around the world gain visibility into and control over their complex network security infrastructures.

  • InfraGard
    Booth: 310

    InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of individuals, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.

    The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.

  • IronNet
    Booth: 460

    IronNet is a Cybersecurity / Behavior Analytics Product and Cyber Services company started by former NSA Director Keith Alexander (retired 4-star General). IronDefense, our behavior analytics system, brings real-time visibility and cutting edge analytics to customer networks to discover the most elusive threats, then ranks them by risk through an expert system to amplify analyst capabilities.

  • ISACA
    Booth: TBD

    As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

  • ISC2
    Booth: TBD

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation - The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • ISSA Fort Worth
    Booth: 440

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. Learn more at the ISSA, International website. The Fort Worth Chapter of ISSA brings all of the benefits of International membership, along with opportunities for experiencing great speakers, local networking, earning CPEs, job prospecting and more.

  • ISSA: North Texas
    Booth: 440

    The Dallas/Fort Worth area has many large corporations, government organizations, and educational institutions. Our membership comes from the network and information systems professionals of these organizations and institutions, as well as vendors of security products. We seek to provide our members with access to information and resources to assist their employers in securing critical information resources. Our monthly luncheon meetings, conferences, and other resources are available to members and non-members alike to assist in educating security practitioners of all types.

  • Ixia
    Booth: 300

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks.
    Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • LockPath
    Booth: 630

    LockPath is a leader in integrated risk management solutions. We empower companies of all sizes to manage risk, demonstrate compliance, monitor information security and achieve audit-ready status. In 2017, we are expanding our application portfolio to provide our customers with more efficient and effective programs. Learn more at lockpath.com.

  • LogRhythm
    Booth: 150

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • Mimecast
    Booth: 850

    Mimecast Is Making Email Safer For Business.
    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service.
    Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • Radware
    Booth: 400

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware's solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • Rapid7
    Booth: 130

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • SAINT Corporation
    Booth: 140

    SAINT Corporation offers integrated vulnerability assessment, penetration testing, and security checklist compliance. Examine your network with the SAINT® vulnerability scanner, and expose where an attacker could breach your network. Go to a higher level of visibility with the SAINTexploit® penetration testing tool and exploit the vulnerability to prove its existence.

  • Skybox Security
    Booth: 830

    Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.

  • Somansa
    Booth: 820

    Somansa is a global leader in Data Loss Prevention security to protect sensitive data from leakage. Somansa provides its worldwide customers in financial services, healthcare, government with a total DLP solution to Monitor, Prevent, and Discover sensitive data in the Network, Emails, Cloud Storage and Endpoints, USB’s, and Printing.

  • Synopsys
    Booth: 210

    Synopsys offers the most comprehensive solution for integrating security and quality into your SDLC and supply chain. Whether you’re well-versed in software security or just starting out, we provide the tools you need to ensure the integrity of the applications that power your business. We don’t stop when the test is over. Our experts also provide remediation guidance, program design services, and training that empower you to build and maintain secure software. For more information go to www.synopsys.com/software.

  • TechTarget
    Booth: TBD

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tech Titans
    Booth: TBD

    Tech Titans includes a diverse group of technology leaders from start-ups to fortune 500 companies from North Texas who collaborate, share and inspire creative thinking that fuels tomorrow’s innovations. As part of its goals, Tech Titans is active in:

    • Cultivating a technology community of companies, entrepreneurs, investors and students
    • Growing future tech leaders with its talent and workforce development initiative
    • Advocating technology's advancement in governmental arenas
    • Connecting people and inspiring innovative ideas through its special interest forums and annual Awards Gala

    Tech Titans is the largest technology trade association in Texas, representing individuals and more than a quarter million employees through 300 member companies.

  • Thales e-Security
    Booth: 120

    Thales e-Security is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales e-Security is part of Thales Group.

  • Trend Micro
    Booth: 640

    As a global leader in cloud security, Trend Micro develops Internet content security and threat management solutions that make the world safe for businesses and consumers to exchange digital information. With more than 20 years of experience, we're recognized as the market leader in server security for delivering top-ranked client, server, and cloud-based security solutions that stop threats faster and protect data in physical, virtualized, and cloud environments.

  • TrustedSec
    Booth: 340

    Our #1 priority is you, our customer. We believe in our services and our quality of them. We truly care about each and every organization as much as you do. Our team is highly talented, skilled, senior, and not a commodity service like other INFOSEC consulting companies. TrustedSec’s model is to staff with only senior level resources and the highest quality of information security consulting. Our brand, reputation, and quality is how we have established ourselves in this industry and with the mindset of “always doing the right thing”. When we work with our customers, it’s more than “just another engagement” – it’s establishing an understanding with an organization, and working to make them better.

  • Unisys
    Booth: 150

    Unisys is a global information technology company that specializes in providing industry-focused solutions integrated with leading-edge security to clients in diverse markets. Unisys combines experienced security consulting, Stealth micro-segmentation security solutions and efficient managed security services to deliver dramatic improvement in security posture and operational efficiencies.
    Visit http://unisys.com/security for more information.

  • Venafi
    Booth: 100

    Venafi secures and protects keys and certificates so they can’t be used by bad guys in cyber attacks. Criminals want to gain trusted status and go undetected. This makes keys and certificates a prime target. Criminals steal and compromise keys and certificates that are not properly protected, and use them to circumvent security controls. This has become the attack of choice. As a Gartner-recognized Cool Vendor, Venafi delivered the first trust protection platform to secure cryptographic keys and digital certificates that businesses and governments depend on for secure communications, commerce, computing, and mobility. Venafi finds all keys and certificates and puts them under surveillance to detect anomalies. Vulnerable keys and certificates are fixed to prevent attack. Ongoing remediation is performed automatically. Venafi strengthens defenses of today’s critical security controls.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Larry Wilson
    CISO, University of Massachusetts, President’s Office

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    Robert Hergenroeder
    ESD Tech Analyst, Army Corp of Engineers - ACE-IT

    Hugh cyber security buff. Worked in Computer IT over the past 10 years and would like to do my part training people in online safety.

  • speaker photo
    Hudson Jameson
    Co-Founder, Oaken Innovations

    Hudson Jameson is a blockchain enthusiast and smart contract developer exploring the intersection of decentralized technologies and security. He is the co-founder at Oaken Innovations, an IoT blockchain start-up that builds identity and security solutions to smart cities and IoT devices.

  • speaker photo
    Bill White
    Security Architecture - Information Security, ISSA, ISACA, ISC2

    Bill is a professional with 30 years’ experience in IT Security, Fraud, InfoSec, and Risk Management. Bill is currently a member of the security architecture (DETECT, RESPOND and RECOVER) for a Fortune 50 company. He is a SME in the DETECT function, but also has extensive experience in Incident Response.

  • speaker photo
    James Beeson
    CISO, Cigna

    James has over 28 years of experience in cyber security and technology. He has 17 years of direct experience as an information security leader and is currently the Chief Information Security Officer at Cigna, a global health insurance company. James previously worked 20 years for General Electric in various security and technology leadership positions.

    James was an Evanta 2016 Breakaway Leadership Award finalist and a T.E.N. ISE North America Executive Award finalist in 2011.

    He has Co-Chaired the CISO Executive Summit in Dallas for the past eight years, and participates as a keynote speaker at various events across the globe.

    James also works closely with the SINET, the Security Innovation Network, to promote public and private sector collaboration and increase the awareness of innovative emerging companies.

    James is actively involved in FS-ISAC (Financial Services – Information Sharing and Analysis Center), ISSA (Information Systems Security Association), and ISACA (Information Systems Audit and Control Association), which work to drive standards, improvements, and networking in security and risk management globally.

    He has an MBA from Southern Methodist University and a BBA in Management and Leadership.

    He is a Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), and Six Sigma Quality certified.

  • speaker photo
    Katherine Britton
    Attorney, Katherine E. Britton, Esq.

    Katherine Elvira Britton is an attorney with a broad range of experience in regulatory compliance, corporate training and presentation and focuses her law practice on privacy and data security law, complex civil litigation, employment and human resources counseling, and consumer protection.

    Katherine advises clients and trains management and employees on compliance with federal and state privacy and data security laws, best practices, and self-regulatory programs, specifically focusing on issues involving emerging technologies. She evaluates clients’ compliance with federal, state, and self-regulatory requirements relating to the storage, transfer, sharing, and disposal of customer personal information. Katherine reviews, drafts, and negotiates vendor/supplier contracts, technology transactions, services and consulting agreements, and licensing agreements. Additionally, she drafts privacy policies, social media policies, and terms of use agreements for websites and applications tailored to clients’ business practices and implements changes to existing policies to address current and future data collection and use.

    Katherine earned her J.D. in 2007 from The John Marshall Law School, where she was an editor for The John Marshall Review of Intellectual Property Law, and her B.A. in 2004 from Tulane University. Katherine is a Certified Information Privacy Professional, Certified Privacy Manager, and is admitted to the bars in Illinois, the District of Columbia, and Texas.

  • speaker photo
    Ron Winward
    Security Evangelist, Radware

    Ron Winward is a Security Evangelist for Radware, where he helps execute the company’s thought leadership on today’s security threat landscape. Ron brings nearly 20 years of experience in the Internet service provider space, most recently as Director of Network Engineering for a global infrastructure and colocation provider. With an expertise in network architectures and DDoS mitigation, Ron has helped design solutions for carriers, enterprises, and cybersecurity service providers around the world.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Shawn E. Tuma
    Cybersecurity & Data Privacy Attorney, Scheef & Stone, LLP and Cyber Future Foundation

    Shawn Tuma is an attorney internationally recognized in cybersecurity and data privacy law, which he has practiced since 1999. He is a Partner at Scheef & Stone. In 2016, the National Law Journal selected him as a Cybersecurity Law Trailblazer and Texas SuperLawyers selected him for the Top 100 Lawyers in DFW.

  • speaker photo
    Pedro Serrano
    Security Architect, Cimarex Energy Co.

    Pedro Serrano has over 35 years of experience managing and installing technical controls in networks around the world, 20 of those in military systems. He is the Security Architect for Cimarex Energy Company, an Oil and Gas exploration company and Professor at his local University and Technical Institute teaching infrastructure systems, security controls, and networking. Pedro has two postgraduates degrees one in Telecommunications Management from Oklahoma State University and the other in Computer Science from Tulsa University. Pedro serves as the Active Vice-president of the Information System Security Association (ISSA) chapter in Tulsa, Oklahoma and holds the CISSP certification from ISC2.

  • speaker photo
    Gregory Carpenter
    Owner, GCE, LLC

    Former NSA/CSS & retired military, owner: GCE, National & Cyber Security contributer - newsl.org, BOD ATNA Systems, International Board of Advisors MacKenzie Institute; radio host, author: Reverse
    Deception translated into 4 languages. Frequently on Fox, ABD & SiriusXM; International Keynote Speaker. Recipient of NSA Military Performer of the Year Award.

  • speaker photo
    Andrew Gyenis
    Account Executive, Darktrace

    Andrew Gyenis is a Cybersecurity Account Executive at Darktrace, the world's leading machine learning company for cyber defense. He has worked extensively with clients across the numerous industry verticals, from Fortune 500 energy companies to the federal government, helping them deploy Darktrace's Enterprise Immune System, the only AI technology capabale of detecting and autonomously responding to early-stage cyber threats. Gyenis graduated with a bachelor's degree from Stanford University and is based out of Darktrace's Washington D.C. office.

  • speaker photo
    Chuck Easttom
    Computer Scientist, Chuck Easttom Consulting

    Mr. Easttom is the author of 21 books (3 more in progress), over 40 research papers, and an inventor with 9 patents. He is also a frequent speaker on computer security topics.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Larry Wilson
    CISO, University of Massachusetts, President’s Office

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Larry Wilson
    CISO, University of Massachusetts, President’s Office

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    Dr. Shamoun Siddiqui
    CISO, Nationstar Mortgage

    Dr. Shamoun Siddiqui has been a leader in the information security space for the past 10 years. He possesses a Bachelor’s and a Master’s degree in Mechanical Engineering and a Doctorate in Aerospace Engineering from the University of Texas at Austin. His recent employments include well known companies like Nationstar Mortgage, Sabre, CVS Caremark and Hitachi.

  • speaker photo
    Darren Windham
    Digital Forensics Investigator , Verizon RISK Team

    Darren is a Senior Investigative Response Consultant for the Verizon RISK Team. In this capacity, Darren responds to an array of cybersecurity incidents, performs forensic examinations, and assists organizations in implementing IR policies and procedures.

  • speaker photo
    Brett Williams
    Major General, U.S. Air Force (Retired)

    Major General (Ret) Brett Williams co-founded IronNet Cybersecurity and is the President of the Operations, Training and Security Division. Providing strategic vision and the foundational security platform solutions for IronNet, General Williams also serves as the Chief Security Officer responsible for product, enterprise and physical security. His division provides security analytics, hunt operations, and threat analysis and intelligence support for the IronNet Cyber Operations Center, as well as product training and support for client operations centers.

    A highly experienced combat fighter pilot, General Williams held several significant command positions during his 33-year career with the U.S. Air Force. As Director of Operations for U.S. Cyber Command, General Williams was the architect of DoD's operational approach to cyberspace operations. He was responsible for the operations and defense of DoD networks, and offensive cyberspace operations in support of U.S. strategic objectives. General Williams also served as Director of Operations (A30) at the Pentagon, leading more than 1,300 Airmen and civilians stationed worldwide; and as Director of Communications, Command and Control for U.S Pacific Command.

    As an authority on cybersecurity, General Williams has appeared on NBC's Meet the Press with Chuck Todd, ABC's This Week with George Stephanopoulos and MSNBC's The Last Word with Lawrence O'Donnell. In addition, he conducts cyber-risk training seminars for corporate boards as a faculty member of the National Association of Corporate Directors. He earned a BS in Computer Science from Duke University and three additional graduate degrees in management and national security studies.

  • speaker photo
    Robin Austin
    CTO, Welsh Harris Capital

    Through consolidating operational services for efficiency and providing game changing solutions, Robin Austin has reduced Operational and Capital Expenses for many. Robin’s 30+ years in technology and extensive knowledge of cyber security, infrastructure, mobility, and emerging technological advancements has made her the “go to” knowledgeable person for the best solutions for cyber security.

  • speaker photo
    James Farwell
    Counsel with Elkins PLC, Elkins PLC

    James counsels clients in the areas of Cybersecurity and Privacy Protection. He has a CIPP/US certification from the International Association of Privacy Professionals. James advised the U.S. Department of Defense and U.S. Special Operations Command on cybersecurity and strategic communication. He served as consultant to the U.S. Department of Defense,

  • speaker photo
    Dione McBride, CISSP, CIPP/E
    Data Protection, Privacy, and Security Professional, PS Innovations

    Dione McBride is a subject matter expert who advises and develops privacy, information security and operational processes across multiple regulatory stands. Formerly a CISO for a publically held healthcare organization, she has held operational roles, created system architectures, developed software, managed customer support. She is the author of a technology textbook, has trained legal professionals on IT and translates geek to business value whenever possible. Her presentations are designed for a thought provoking and informative session.

  • speaker photo
    Marco Fernandes
    Lead Security Solutions Architect, (ISC)²

    Born & raised in Dallas, Marco loved cyber security since youth, leading him to become a Security Architect after graduating from UNT. Marco also served as President of the North Texas Cyber Security Association to help upcoming security professionals. Marco’s hobbies include fitness, card games, & marksmanship.

  • speaker photo
    Jacqueline Scarlett
    Vice President, Information Security, Financial Institution

    Over 20 years of experience within information technology management and information security applied within operations, cyber training and awareness and enterprise risk assessment and process auditing and partnering with financial services, automotive and legal industries. Proven track record developing, implementing strategies and systems to increase security to defend against cyber attacks.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
DON'T MISS OUT

Join us for high-quality, affordable cybersecurity training and networking. Sign up today!