googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, October 10, 2018
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Topic: How Mature is Your Cybersecurity Incident Response Plan?
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: Spring Glade

    This session is for Advisory Council members only.

    8:00 am
    [SecureWorld PLUS] Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Northbrook 1

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:30 am
    Cybersecurity is a Team Sport
    • session level icon
    Why strategic leadership and an understanding of roles, personalities, and psychology is important for building and managing effective cybersecurity teams.
    speaker photo
    Co-Chair, Data Privacy & Cybersecurity Practice, Spencer Fane LLP
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Northbrook 2

    This presentation will examine issues such as:

    • Who should be on the team and what should they know?
    • How should the team be organized?
    • Who is responsible for developing the strategy and seeing the whole playing field?
    • What are the team members responsibilities?
    • How do team members personalities affect their roles and performance? 

      Is there a role for lawyers if the “privilege” “magic wand” turns out to be more fairy-tale than reality?

    8:30 am
    Machine Learning-Based Software Defined Networking Security: Current and Future Challenges
    • session level icon
    speaker photo
    Cybersecurity Engineer, CISSP, MS, MCS, MA, U.S. Department of Health and Human Services
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Windhaven
    Machine Learning (ML) is gaining popularity in the network security domain as many more network-enabled devices get connected, as malicious activities become stealthier, and as new technologies like Software-Defined Networking (SDN) emerge. From the application layer, ML-based security models can automatically defend an SDN network with speed and flexibility. However, nothing is perfect. Through the examination of ML/SDN specific vulnerabilities accompanied by a successful sample attack, several recommendations can be made for both solution designers and potential buyers on how to build or choose a future-proof ML-based SDN security solution.
    8:30 am
    Spirion: Celebrity Regulation Smackdown: GDPR vs. CCPA
    • session level icon
    speaker photo
    VP, Corporate Privacy, and General Counsel, Spirion
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Fairview

    The General Data Protection Regulation (GDPR) represents the most sweeping data protection regulation to be brought into force in the last 20 years.  It addresses not only data traditionally considered “sensitive,” but so-called “online identifiers,” such as MAC/IP addresses, geolocation data, and browser fingerprints.  Barely a month after the Regulation’s May 25, 2018 commencement date, the California Consumer Privacy Act of 2018 (CCPA) was passed into law, the result of a frenetic 6-day drafting process.  Many consider the two laws to effectively be the same, but a close inspection reveals some striking differences.  In this presentation, a privacy industry veteran will offer some perspective on both laws.  Key takeaways include:

    • An understanding of the primary differences between the two laws;
    • Information security requirements under both laws; and
    • Leveraging GDPR compliance efforts to meet the requirements of the CCPA
    8:30 am
    The Resource Dilemma: How Security Professionals Can Win the Funding Battle to Get the Resources They Need to Prepare an Adequate Cyber Defense
    • session level icon
    speaker photo
    Principal Consultant, Aberfoyle Associates
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Sunnyslope

    I believe most security professionals find themselves in the awkward position of having to create and implement the best cybersecurity defenses they possibly can despite insufficient funding and resources and the constant threat of attacks that will harm their business and possibly threaten their employment.

    This presentation is focused on helping these security professionals to prove the business case for additional funding (for tools, consulting, training, third-party testing, and assessments) and resources (for staffing, floorspace, collaboration from other departments).

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibit Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    OPENING KEYNOTE: Future of Cybersecurity: A Hydra of Risks and Opportunities
    • session level icon
    speaker photo
    Founder & CEO, BlackCloak
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    This keynote will explore the present and emerging risks of cybersecurity to your organization. We will discuss the intersections of cyber with privacy, law, and business, and how to prepare for the future. Specifically, we will tackle the threat landscape, control methodologies, internal and external risks, and how to turn many of these into business opportunities.

     

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council LUNCH Roundtable (VIP / Invite Only)
    • session level icon
    Topic: Prioritization of the Top 20 Critical Security Controls
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 1:00 pm
    Location / Room: Spring Glade

    This session is for Advisory Council members only.

    11:15 am
    Establishing Academic Programs and Career Pathways for the Cyber Workforce
    • session level icon
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Windhaven
    As the former CISO for the University of Massachusetts, I have had many opportunities to interact with IT professionals, IT managers, business leaders and other management / operations personnel who would benefit with a baseline knowledge, skills and abilities in the Cybersecurity field. As we continue to move to a more digital / cloud based world, the need for advanced skills in cybersecurity will only increase. This presentation will focus on developing academic curriculum that meets the changing workforce needs as well as establishing career pathways for individuals who are interested in a career in cybersecurity.
    11:15 am
    Risk Assessment Plan Addressing Cybersecurity Propagation, Aggregation, and Exfiltration
    • session level icon
    speaker photo
    Sr. Information Systems Auditor, Parkland Health & Hospital System
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Fairview
    Michael presents a 3 year Cyber Security Risk Review program that addresses Propagation, Aggregation, and Exfiltration. Part of the planning process should involve avoiding the problem in the first place. To achieve this goal, or at least improve your odds of never having a catastrophic breach, make sure your basic security systems are running at top form,
    11:15 am
    [Radware] Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Security Evangelist, North America, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Sunnyslope

    Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    11:15 am
    Security Awareness 3.0 - The 10 Easiest Things You Can do Today to Protect Yourself From Cyber Attacks
    • session level icon
    speaker photo
    Sr. Security Architect, CDW
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Northbrook 2
    In my presentation you will learn Why You are the Target of phishing attacks, but more importantly, how to defend against it, I will talk about:
    1. Why you are the target – it’s all about Money!
    2. Social Media
    3. Protect your PC at home
    4. Pedro’s 5 rules for home PC
    5.. With so many passwords, let’s learn how to manage
    6. Protect your home network with a simple change in your router
    7. Two Factor Authentication (This is now the new normal)
    8. Online purchases – we all do! – How to protect yourself
    9. Back up your data (Work – Home – Phone)
    10. BYOD, IOT – Are you ready?

     

    12:15 pm
    LUNCH KEYNOTE: Boosting InfoSec’s Influence (and Yours) by Approaching Communication Differently
    • session level icon
    speaker photo
    Director of Media & Content, Podcast Host, SecureWorld
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Grow your personal influence, your leadership possibilities and move your InfoSec objectives forward (faster) by thinking differently about how you communicate. Whether your audience is the board, your team, or any part of the business, this session will help you and your communication stand out. Lead by a long-time TV reporter turned cybersecurity journalist who shares a framework for powerful communication you can implement immediately.

    1:15 pm
    Panel: Stopping the Attacks (Incident Response)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Security teams are struggling to keep up with the myriad of attack vectors that exist. Future InfoSec professionals will take a more adversarial approach to incident response. Will we have artificial intelligence helping threat hunters squash attacks before they can do any significant damage on the network while alerting the authorities in real time? Can a true partnership form between organizations and law enforcement to share information? Join our experts as they discuss challenges modern security teams face and how we can build a better plan for tomorrow.
    Panelists:
    Rick Miles, Red Seal
    Tommy Hui, SentinelOne
    Ron Winward, Radware
    Marcelo Brunner, CloverIT
    Moderator: Dion McBride

     

    1:15 pm
    Panel: What Will They Think of Next? (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Windhaven

    It would seem the more we “build a better mousetrap” the better the threats become. Will machine learning and AI be used against us in the future? Will these and other innovations be hacked and used for gain? Will the Crime as a Business platform take off where business competitors are utilizing these attacks for the upper hand? Perhaps the cars that are being hacked will evolve into driverless vehicles that are hacking companies from inside there own parking lots. What about drones? So many questions, let’s see what our experts say on this panel.
    Panelists:
    Kristi Thiele, Ixia
    Bryan Lares, Sparkcognition
    John Macintosh, Comodo
    Paul Trulove, SailPoint
    Steve Shalita, Pluribus Networks
    Moderator: JP Hill, (ISC)2

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Cyber Risk: It’s All About People
    speaker photo
    Managing Director, Cyber Risk, Kroll
    Registration Level:
    3:00 pm - 3:45 pm
    Location / Room: Windhaven
    In organizations, employees, customers and vendors expect to be able to interact dynamically with core systems. Therefore, the enterprise needs to be concerned about its entire ecosystem of partners and their associated cyber risks. In that regard, the cyber security supply chain and vendor risk is critical. One important aspect is not to overlook the human element in cybersecurity risk. Much cybersecurity vulnerability lies in a disconnect between studying only the technical issues, and ignoring human dimensions of the problem. In this talk, the speaker discusses a holistic approach to cybersecurity, examining both the technical and human elements of risk.
    3:00 pm
    Quantum Computing & Quantum Cryptography: The Current State of the Art
    • session level icon
    speaker photo
    Computer Scientist, Northcentral University
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Fairview

    This presentation will provide an overview of quantum computing and what that implies for cryptography. The current state of both quantum computing and post-quantum cryptography will be presented.

    3:00 pm
    Role of Information Risk and Compliance in Digital Healthcare
    • session level icon
    speaker photo
    CEO & Founder, HAYAG Corp
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Northbrook 2
    Information technology is becoming a core part of healthcare with the new technology innovation. The risk and compliance strategy and guidance is challenging.
    This presentation focuses on some of the key attributes to take into consideration for creating an IT GRC model to ensure the safety, privacy, and security of the patients.Some of the attributes include:
    – Data as the centerpoint/ focus point of building the GRC model
    – Data classification based on its risk and impact
    – Thinking through Data Lifecycle Approach to attain a detailed      understanding of data and its impact
    3:00 pm
    Securing the IoT Battleground
    • session level icon
    speaker photo
    CTO / CISO, Colliers Group
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Sunnyslope

    The Internet of Things (IoT) is morphing at an exceptional rate and adoption of IoT products is being slowed by the question: What about Security? Are we looking at a David facing Goliath scenario for our IoT future? Although we are still morphing, what are the possible viable security options being adopted for IoT?

    3:00 pm
    [SecureWorld PLUS] Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Northbrook I

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:45 pm
    Happy Hour Reception
    • session level icon
    Join us for happy hour and trivia in the venue lobby.
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 5:30 pm
    Location / Room: Venue Lobby

    Join your peers for complimentary hors d’oeuvres beverages and conversation following the first day of SecureWorld. This is a great opportunity to network with other security professionals from the Dallas area, and to discuss the hot topics from the day.
    Generous Sponsors: Mimecast and Critical Start

  • Thursday, October 11, 2018
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    InfraGard Chapter Meeting and Presentation - Open to all Attendees
    • session level icon
    Topic: When Does a Data Theft Incident Qualify as a Reportable Data Breach?
    Registration Level:
    • session level iconOpen Sessions
    7:30 am - 9:15 pm
    Location / Room: Keynote Theater

    Join InfraGard for their chapter meeting and guest presentation. This opportunity is open to all attendees.
    Presentation:
    Upon discovering that a data theft incident has occurred, a significant question arises: Is there an obligation to report the data theft incident, to victims and authorities, as a data breach? The “encryption exception” that is within the GDPR and many US laws indicates that if the data was encrypted when stolen, there has not been a breach and so reporting is not required. This presentation will provide an alternative view: for example, seven different ways that encrypted data may be compromised will be presented. Only by eliminating all seven as possibilities, should you rely on the “encryption exception.”
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    8:00 am
    [SecureWorld PLUS] Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Northbrook I

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:30 am
    "I Know What You Did" - The Future of Security Decision Making
    • session level icon
    speaker photo
    DevOps Revolutionary - Information Security, State Farm
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Sunnyslope
    The future of IT security processes will be continuous, pervasive monitoring and visibility that is constantly analyzed for indications of compromise. Security Monitoring will encompass as many layers of the IT stack as possible, including network activity, endpoints, system interactions, application transactions, and user activity. This presentation will walk through several security related scenarios where data analytics and adaptive security architecture are used to respond in a dynamic way to enable this next generation security protection.
    8:30 am
    When the “IT” Hits the Fan, Stick to the Plan: Incident Response Plan Management
    • session level icon
    speaker photo
    Cyber Team Lead / Incident Coordinator, Aramco Services
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Fairview

    Incident Response is a critical process for any organization. The effectiveness of the incident response plan can determine whether or not an organization can sustain and recover from a cyber attack. As with any process within the organization, the incident response plan needs continuous testing and review to ensure it remains effective for the organization.

    8:30 am
    Culture Eats Cybersecurity for Breakfast
    • session level icon
    speaker photo
    Chief Security Officer, Southern Methodist University
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Windhaven

    Leadership guru Peter Drucker is widely credited with coining the phrase, “Culture eats strategy for breakfast,” but culture can also overwhelm any cybersecurity program. Looking at the security breaches that have occurred in 2018, companies with a low rating on the website Glassdoor.com are three times more likely to have been breached as those with ratings above 4.0. This talk will examine key aspects of cybersecurity culture in our organizations and what security professionals can do to help influence the culture of our organizations and to have meaningful impact on protecting companies against hackers, rogue insiders, or corporate competition.

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    OPENING KEYNOTE: Leveraging SDN Technology to Improve Enterprise Security
    • session level icon
    speaker photo
    Vice President, Marketing and Business Development, Pluribus Networks
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    With increasing numbers of high profile breaches, focusing on securing the perimeter is no longer sufficient. New traffic types and the proliferation of diverse end-points along with increased mobility and wireless access fuels a dramatic increase in untrusted traffic entering the network. In addition, the growth of multi-cloud environments and cloud services requiring access to Enterprise resources pose additional challenges. As mixed-use networks continue to grow and Internet of Things (IoT) traffic is introduced to the network, security organizations need a more dynamic approach to secure the increases of unsecure and untrusted traffic.

    Imagine being able to build a simple, automated and secure network overlay that empowers the enterprise with cloud-scale, elasticity and adaptability and enables independence from network operations. This session will discuss the evolution of Software-Defined Networking (SDN) technologies and explore how to leverage a dynamic SDN architecture to enable dynamic traffic segmentation, distributed policy enforcement, shared security services and increased operational intelligence to reduce risk, contain infiltrations and prevent attack proliferation.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: Privacy Versus Security (CCPA, GDPR, DevOpsSec)
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Spring Glade

    This session is for Advisory Council members only.

    11:15 am
    DevOps: Security’s Big Opportunity
    • session level icon
    speaker photo
    CISO of North America, Checkmarx
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:15 pm
    Location / Room: Northbrook 2
    DevOps culture creates an opportunity for us to improve application security. Since developers are the ones producing code, integrating components and creating the innovations that fuel our digital economy, they are also the ones who will determine whether or not security is part of development or not. Security professionals must therefore learn to how to talk to developers about how to create a security program that will accelerate development and not slow it down.
    11:15 am
    Comodo: Re-Think Cyber - AI and the Human Touch Safeguarding Against Known and Unknown Threats
    • session level icon
    speaker photo
    Sr. Systems Engineer, Comodo Cybersecurity
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Fairview

    Today’s cybersecurity threat level remains at its highest in history: malware runs rampant, and organizations large and small are besieged by phishing, breaches, take-downs and DDoS attacks. In this environment, cybersecurity presents the greatest challenges to IT organizations. Join Comodo Cybersecurity experts and see how their patented auto-containment technology works defending against known and unknown malware signatures. In conjunction, they will talk to and demonstrate the visibility they have throughout their global customer footprint of nearly 89 million endpoint users. To conclude, Comodo will give a brief overview of their budding partner program and how they’re growing the Comodo Cybersecurity ecosystem.

    11:15 am
    Building a Robust, Collaborative, and Responsive Security Organization for Today’s Changing Threat Environment
    • session level icon
    speaker photo
    Chief Information Officer / Chief Information Security Officer , RoundPoint Mortgage Servicing Corporation
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Windhaven

    Participants will learn how to structure an organization to effectively combat these threats including what internal teams should be involved (Audit, Risk, IT, Operations), the lines of defense, and the roles and responsibilities of team members. They’ll also be instructed on how a cyber-security team should function in terms of specific standards and operating methodologies, how to encourage collaboration, and ways to promote responsiveness.

    11:15 am
    Cisco: Anatomy of an Attack
    • session level icon
    speaker photo
    Consulting Sales Engineer, Cloud Security, Cisco
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Sunnyslope
    Cyber Criminals are increasingly exploiting the Internet services to build agile and resilient infrastructures, and consequently to protect themselves from being exposed and taken over. This session will explain how the correlation of Internet data on multiple levels (DNS, BGP, ASN, Prefixes/IPs) can be used to build and deliver a new model of security that is pervasive and predictive, and that allows us to expose the attackers’ infrastructure. Detection models that can be built and applied (such as co-occurrences, NLPRank, and Spike Detectors), and how the different detectors can be integrated to expose malicious infrastructures and advanced persistent threats.
    12:00 pm
    Advisory Council LUNCH Round Table - (VIP / Invite Only)
    • session level icon
    Topic: Zero Trust, What’s the Big Deal?
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Spring Glade

    This session is for Advisory Council members only.

    12:15 pm
    LUNCH KEYNOTE: Prevent Nightmares in the IoT
    • session level icon
    speaker photo
    CEO, The Privacy Professor; CEO, Privacy & Security Brainiacs
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    1:15 pm
    Panel: Cyber Extortion as a Service? (Ransomware and Beyond)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Remember when ransomware just seized up your computer and wanted you to send Bitcoin to unlock it? With the advances in cybercrime, the thieves are not only locking and encrypting your files, but they are also finding your dirty little secrets. You may not pay for the run of the mill files you have backed up, but you might be more inclined to pay even more to make sure no one finds out about you and a certain someone in accounting you are messaging. Or, what about all the credit card numbers you aren’t storing correctly? It would be a shame if your boss knew you were sending out resumes… Will these attacks also be available for purchase on the dark web?Join the discussion with our experts and come up with a plan to mitigate this problem.
    Panelists:
    Scott Giordano, Spirion
    Tom Moore, Cisco
    Tom Kulik, Scheef & Stone LLP
    Jon Allen, Catalyst Corp
    Gabe Deale, Cylance
    Moderator: John Sapp

     

    1:15 pm
    Panel: Phishing and other Social Engineering Scams
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Windhaven

    Phishing continues to be the #1 attack vector for the bad guys. Why? Simply put: it works. These attacks keep getting more realistic and sophisticated. In the future we should expect nothing less. Criminals will do more homework on their potential victims and possible pose as business leads or clients to gain our trust. What sales person doesn’t want email from a potential client who wants a new solution? Or they may just lay in wait until they’ve collected enough information to strike. Will they actually come to your business and drop thumb drives like pen testers do? Use drones to do their dirty work? Our experts will discuss the current state of affairs and brainstorm possible new scenarios.
    Panelists:
    Jason Robohm, Thales
    Caspian Kilkelly, Rapid7
    Luis Rodriguez, Mimecast
    Brent Chapman, RoundPoint Mortgage
    Duaine Styles, Torchmarkcorp
    Moderator: Chris Mears

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Cyber Resiliency Evolution
    • session level icon
    speaker photo
    Fellow, Cyber Risk Assessment, Lockheed Martin
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Sunnyslope
    Cyber Resiliency is the hot new topic for Department of Defense information systems. This presentation traces the evolution from a focus on Confidentiality, Integrity, and Availability toward development and sustainment of systems that can maintain mission execution in a cyber contested environment and provides recommendations for determining when resiliency is needed as well as tips and techniques for designing and developing resilient systems.

     

    3:00 pm
    California Knows How to Privacy
    • session level icon
    speaker photo
    Attorney, Law Office of Katherine Britton
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Windhaven
    The State of California has passed the California Consumer Privacy Act of 2018, a digital privacy law that goes into effect in January 2020 that will give consumers more control over and insight into how their personal information is used online. California has long lead the nation in privacy protections for its citizens and for The new law is one of the most significant regulations overseeing the data-collection practices of technology companies in the United States. This program will cover what the law provides, prohibited conduct, how the law is enforced and what you and your business can do to comply.

    As it is written now, the California Consumer Privacy Act of 2018 gives consumers the right to know what information companies are collecting about them, why they are collecting that data and with whom they are sharing it.

    It gives consumers the right to tell companies to delete their information as well as to not sell or share their data and requires businesses to give consumers who opt out the same quality of service as those who do not.

    The Act makes it more difficult to share or sell data on children younger than 16.

    To comply with the Act, covered businesses will need to implement data management practices that increase consumers’ transparency and choice, including practices to track personal information collected about consumers and inform consumers of the categories of personal information collected as well as the business and commercial purposes for collection of each category of personal information. In addition, to comply with the Act, a business must provide access to and portability of consumer information and delete consumer personal information upon request.

    The Act has teeth that makes it easier for consumers to sue companies after a data breach and it gives the California Attorney General more authority to fine companies that do not adhere to the Act’s requirements.

Exhibitors
  • NETSCOUT Arbor
    Booth: 220

    For 15 years, the world’s leading network operators across ISP, cloud and enterprise markets have relied on NETSCOUT Arbor for traffic visibility, advanced threat detection and DDoS mitigation. Through a combination of market-leading technology, elite security research, intuitive workflows and powerful data visualizations, NETSCOUT Arbor allows you to efficiently connect the dots to understand attack activity and to take action with confidence. See the threat, understand the risk and protect your business with NETSCOUT Arbor.

  • BackBox
    Booth: 500

    BackBox is the leading provider of Intelligent Automation for all Network and Security devices. BackBox provides the ability to schedule automated backup and storing of device configurations, single-click recovery, real-time inventory management, custom task automation, and pre-emptive health checks for all your critical devices on the network.

  • Cisco
    Booth: 540

    Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.

  • CloverIT
    Booth: 820

    Founded in July 2011, Clover IT is known as an innovative company from the Information Security market. We offer differentiated tech solutions and seek to offer our clients cutting-edge technology capable of resolving the most complex security, compliance and regulatory problems. We’re specialized in addressing our customers challenges for IAM, PAM, managing unstructured data and more. We also offer customized services for solution deployment, regulatory support, and privilege clean up.

  • Comodo Cybersecurity
    Booth: 850

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • Critical Start
    Booth: 160

    Critical Start Managed Cyber Risk Reduction solutions deliver continuous security cyber risk monitoring and mitigation enabling strong protection against threats. Combined with a team of expert risk mitigators, our platform provides maturity assessments, posture and event analytics, response capabilities, comprehensive threat intelligence, and security workload management capabilities. We help you achieve the highest level of cyber risk reduction for every dollar invested, leading to increased confidence in reaching your desired level of security posture.

  • Cyberbit
    Booth: 200

    Cyberbit provides a consolidated detection and response platform that protects an organization’s entire attack surface across IT, OT and IoT networks. Cyberbit products have been forged in the toughest environments on the globe and include: behavioral threat detection, incident response automation and orchestration, ICS/SCADA security, and the world’s leading cyber range. Since founded in mid-2015 Cyberbit’s products were rapidly adopted by enterprises, governments, academic institutions and MSSPs around the world. Cyberbit is a subsidiary of Elbit Systems (NASDAQ: ESLT) and has offices in Israel, the US, Europe, and Asia.

  • Cylance
    Booth: 530

    Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.

  • EC-Council
    Booth: 600

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • HOPZERO
    Booth: 810B

    Firewalls control access, HOPZERO controls distance. Learn how newly patented technology automates setting of “packet toll value” controlling distance data may travel across networks. We keep sensitive database information inside the data center so hackers can’t get a login prompt – even when firewalls fail.

  • Illusive Networks
    Booth: 810

    Illusive Networks is a pioneer of deception technology, empowering security teams to take informed action against advanced, targeted cyberattacks by detecting and disrupting lateral movement toward critical business assets early in the attack life cycle. Agentless and driven by intelligent automation, Illusive technology enables organizations to significantly increase proactive defense ability while adding almost no operational overhead. Illusive’s Deceptions Everywhere® approach was conceived by cybersecurity experts with over 50 years of combined experience in cyber warfare and cyber intelligence. With the ability to proactively intervene in the attack process, technology-dependent organizations can preempt significant operational disruption and business losses, and function with greater confidence in today’s complex, hyper-connected world.

  • Infoblox
    Booth: 190

    Infoblox delivers modern, cloud-first networking and security experiences that are simple, automated, scalable and reliable. The company is the market leader with over 12,000 customers worldwide, including over 70 percent of the Fortune 500. The company’s portfolio of SaaS, data center, and hybrid offerings for DHCP, DNS, IPAM and security solutions enable organizations to leverage the advantages of on-premises and cloud-first architectures. The combination of NIOS, BloxOne DDI, BloxOne Threat Defense and threat intelligence services provide a robust foundation for connecting and securing the modern enterprise.

  • InfraGard North Texas
    Booth: 550

    The primary purpose of the InfraGard North Texas Members Alliance is to assist in increasing the security of the United States national infrastructures through ongoing exchanges of information relevant to infrastructure protection and through education, outreach, and similar efforts. In addition to the benefits offered by the national InfraGard organization, there are several ways our local chapter accomplishes these objectives, including:

    • Local quarterly membership meetings focused on infrastructure protection
    • Sector-specific meetings and information exchanges (see Sector Chief Program).
    • Partnerships and discounts to training offerings with other organizations such as ISSA and SecureWorld
    • Networking opportunities with peers within and across all sectors
  • ISC2 Dallas-Fort Worth
    Booth: 350

    The Dallas-Fort Worth Chapter of ISC2 is based in the DFW area and serves the counties of the Dallas-Fort Worth Metroplex. Members include those with security certifications from ISC2 as well as other professionals practicing or interested in information, software and communications security. Our mission is to advance information security in the DFW area by providing our members and other security professionals with the opportunity to share knowledge, grow professionally, educate others, and collaborate on projects. Our chapter programs provide members a forum to facilitate the exchange of knowledge and ideas, development of leadership and professional skills, and advancement of information systems security. We also provide our members with access to a variety of industry resources and educational programs to keep them up to date with the latest advances in technology as well as information assurance.

  • North Texas ISSA
    Booth: 710

    The Dallas/Fort Worth area has many large corporations, government organizations, and educational institutions. Our membership comes from the network and information systems professionals of these organizations and institutions, as well as vendors of security products. We seek to provide our members with access to information and resources to assist their employers in securing critical information resources. Our monthly luncheon meetings, conferences, and other resources are available to members and non-members alike to assist in educating security practitioners of all types.

  • Ixia, a Keysight Business
    Booth: 420

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Mimecast
    Booth: 510

    Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.

  • Pluribus Networks
    Booth: 830

    Pluribus Networks delivers a programmable software-defined security fabric with a distributed architecture to integrate and orchestrate multiple security functionalities for internal security protections. The Fabric enables establishing a transparent and secure control layer to segment and control all traffic across the enterprise independent of the underlying physical network infrastructure. The Fabric enables network virtualization and segmentation with adaptive security policies, enables security service insertion and provides real-time visibility to identify emerging threats and speed cyber incident response.

  • Radware
    Booth: 300

    Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.

  • Rapid7
    Booth: 320

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • RedSeal
    Booth: 310

    By focusing on cybersecurity fundamentals, RedSeal helps government agencies and Global 2000 companies measurably reduce their cyber risk. With RedSeal’s cyber terrain analytics platform and professional services, enterprises improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif.

  • SailPoint
    Booth: 120

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • SecPod
    Booth: 100

    SecPod is an endpoint security and systems management technology company. SecPod (Security Podium, incarnated as SecPod) was founded in the year 2008 with the goal to create a technology company that creates a platform for managing and securing every connected endpoint system.’

  • SentinelOne
    Booth: 630

    SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.

  • SparkCognition
    Booth: 700

    SparkCognition is a global leader in cognitive computing analytics. A highly awarded company recognized for cutting-edge technology, SparkCognition is successfully deploying a cognitive, data-driven analytics platform for clouds, devices, and the Internet of Things industrial and security markets by applying patented algorithms that deliver out-of-band, symptom-sensitive analytics, insights, and security. For more information on the company, its technology and team, please visit http://www.sparkcognition.com.

  • Spirion
    Booth: 640

    Spirion is a leading enterprise data management software solution that provides high-precision searches and automated classification of unstructured and structured data with unparalleled accuracy.  Spirion helps businesses reduce their sensitive data footprint and proactively minimize risks, costs and reputational damage of cyberattacks by discovering, classifying, monitoring and protecting sensitive data.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Thales
    Booth: 340

    As the global leader in cloud and data protection, we help the most trusted brands and largest organizations in the world protect their most sensitive data and software, secure the cloud and achieve compliance through our industry-leading data encryption, access management, and software licensing solutions.

  • Tools4ever
    Booth: 140

    Tools4ever is one of the largest vendors in Identity Governance & Administration (also known as Identity & Access Management) with more than 5 million managed user accounts.

    Since 1999 Tools4ever has developed and delivered several software solutions and consultancy services such as User Provisioning, Downstream Provisioning, Workflow Management, Employee Self-Service and Access Governance (RBAC). In the area of Password Management, Tools4ever offers Single Sign-On and Self-Service Password Reset among others.

    Tools4ever’s Identity Governance & Administration (IGA) solutions are installed in organizations from various sectors ranging in size from 300 to over 200,000 user accounts.

  • Varonis Systems, Inc.
    Booth: 820

    Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • WhiteHat Security
    Booth: 180

    Digital life consists of digital experiences, and applications drive these digital experiences. The only way enterprises can truly provide safe digital experiences to their customers, partners, employees and entire ecosystem, is by securing the applications at the heart of their business.

    WhiteHat exists to make this possible. The WhiteHat Application Security Platform enables enterprises to secure their digital businesses. From application creation through production, and from the desktop to mobile devices, we secure the apps that people rely on in their personal and professional lives.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Shawn E. Tuma
    Co-Chair, Data Privacy & Cybersecurity Practice, Spencer Fane LLP

    Shawn Tuma is an internationally recognized cybersecurity, computer fraud and data privacy law attorney, areas in which he has practiced for two decades. He is Co-Chair of Spencer Fane’s Data Privacy & Cybersecurity Practice where he regularly serves as cybersecurity and privacy counsel advising a wide variety of businesses ranging from small and mid-sized companies to Fortune 100 enterprises. Shawn has been named a Cybersecurity Law Trailblazer by the National Law Journal, SuperLawyers Top 100 Lawyers in DFW, and Best Lawyers in Dallas. He serves as the Practitioner Editor for Bloomberg Law’s Texas Privacy & Data Security Law, among many other activities.

  • speaker photo
    Tam Nguyen
    Cybersecurity Engineer, CISSP, MS, MCS, MA, U.S. Department of Health and Human Services

    Tam Nguyen is an IEEE and ACM peer-reviewed cybersecurity researcher whose with recent publications on Software Defined Network's security (CSNet - Paris, France), and instructional design evaluation of CEH v10 Online Course (IC4E - Tokyo, JP). Tam's research interests include large-scale cyber threat modeling, cyber behavioral science, and applications of quantum computing in cybersecurity. Tam is a CISSP and is working for the Federal Reserve Bank at Cleveland.

  • speaker photo
    Scott M. Giordano
    VP, Corporate Privacy, and General Counsel, Spirion

    Scott M. Giordano is an attorney with more than 25 years of legal, technology, and risk management consulting experience. IAPP Fellow, CISSP, CCSP, Scott is also former General Counsel at Spirion LLC, where he specialized in global data protection, tech, compliance, investigations, governance, and risk. Scott is a member of the bar in Washington state, California, and the District of Columbia.

  • speaker photo
    Mark Langford
    Principal Consultant, Aberfoyle Associates

    Mark is the Founder and Principal Consultant at Aberfoyle Associates, a Plano based cybersecurity consulting firm. Mark is a Board Member of the North Texas ISSA, was recently inducted into Infragard, and is called upon periodically to speak at cybersecurity industry events. He holds a Bachelor’s Degree in Management from Clemson University and a Master's Degree in Telecommunications Management from Oklahoma State University.

  • speaker photo
    Dr. Christopher Pierson
    Founder & CEO, BlackCloak

    Dr. Chris Pierson is the Founder & CEO of BlackCloak, a pioneer of personal digital protection for corporate executives, high-profile and high-net-worth individuals and their families. Chris has been on the front lines of cybersecurity, privacy protection, and fighting cybercrime in both the public and private sectors over 20 years. At the Department of Homeland Security, Chris served as a special government employee on their Cybersecurity and Privacy Committees. He’s also spent time as the Chief Privacy Officer for Royal Bank of Scotland, the world’s 3rd largest bank, as the Chief Information Security Officer for two prominent FinTechs, and as President of the Federal Bureau of Investigation’s Arizona InfraGard. Chris is also a Distinguished Fellow of the Ponemon Institute, a globally recognized keynote speaker & cybersecurity thought leader, and is frequently quoted by the media on cybersecurity & privacy topics.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Michael R. Smith
    Sr. Information Systems Auditor, Parkland Health & Hospital System

    Michael R. Smith, MBA, CISSP, CFE, CISA, CIA, PMP, ITIL, is a Healthcare Information Technology Professional with over thirty years of IT experience. Michael is a Sr. I.S. Auditor at Parkland in Dallas, Texas, specializing in performing information security assessments and audits focused around IT governance and regulatory compliance.

    Industry Certifications, Licensure, & Training
    Certified Information Security Specialist (CISSP)
    Certified Internal Auditor (CIA)
    Project Management Professional (PMP)
    Certified Fraud Examiner (CFE)
    Certified Information Systems Auditor (CISA)
    Information Library Information Technology (ITIL)

  • speaker photo
    Ron Winward
    Security Evangelist, North America, Radware

    As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America.
    Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
    Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
    Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
    Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation.

  • speaker photo
    Pedro Serrano, Moderator
    Sr. Security Architect, CDW

    Pedro Serrano has over 35 years of experience managing and installing technical controls in networks around the world, 20 of those in military systems. Previously Pedro was a former CISO, Network Security for an integrated healthcare system as well as Security Architect for major Oil and Gas Exploration company, today he is CDW’s Senior Security Architect. He holds two postgraduates’ degrees one in Telecommunications Management and Computer Science and serves in the Board of Directors of The Information System Security Association (ISSA) chapter in Tulsa, and BSides Oklahoma. He also serves as an advisor to the Latino Leadership Institute and is a graduate from the Leadership Oklahoma program. Pedro holds the CISSP certification from ISC2.

  • speaker photo
    Bruce Sussman
    Director of Media & Content, Podcast Host, SecureWorld

    Emmy-winning journalist Bruce Sussman spent more than 20 years on TV screens in Portland, Oregon. During his "second career," he became fascinated by cybersecurity while working with CISOs at Gartner. He joined SecureWorld in 2017 to help grow its media division. Currently, he hosts the Remote Sessions daily web conference series and SecureWorld podcast published each Tuesday, and oversees news content for secureworldexpo.com. Sussman graduated from the University of Missouri School of Journalism back in the dark ages. Message him on LinkedIn if you'd like to connect!

  • speaker photo
    Stacy Scott
    Managing Director, Cyber Risk, Kroll

    Stacy Scott is a Managing Director in Kroll’s Cyber Risk practice, based in Dallas. In addition to founding and operating her own consultancy, Stacy has served in high-profile roles with a leading cyber security consulting firm, a Big Four accounting firm, and the largest not-for-profit healthcare system in Texas. She joined Kroll with over 16 years of experience, during which she built a successful track record of developing and implementing strategic information security initiatives that help organizations better safeguard data, manage risk, and enhance business operations.

  • speaker photo
    Chuck Easttom
    Computer Scientist, Northcentral University

    Dr. Easttom is the author of 26 computer science books and over 40 research papers, as well as an inventor with 14 patents. He is a frequent speaker at computer science and security conferences, and is a Distinguished Speaker of the ACM (Association of Computing Machinery). He holds a Doctor of Science in cyber security and three masters degrees.

  • speaker photo
    Hema Lakkaraju
    CEO & Founder, HAYAG Corp

    Hema Lakkaraju has worked in the healthcare industry for 10 years in software and IT compliance.

  • speaker photo
    Robin Austin
    CTO / CISO, Colliers Group

    As a CTO/CISO, Robin is responsible for overseeing all technical aspects of the company including Cyber Security, Risk and Compliance. Using an active and practical approach, Robin oversees all employees in IT, IO and OT departments to attain the company's strategic goals established in the company's digital strategic plan. Robin has also built several successful technology companies like Cyber Defense Resources providing additional lines of revenue for the company. As a critical thinker and Technology Evangelist, Robin publishes articles and books on disruptive technology in AI/ML and cryptography and acts as Fortune 1000 C-Suite Executives Trusted Advisor.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Happy Hour
  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Moderator--Bill White
    DevOps Revolutionary - Information Security, State Farm

    Bill is an Information Security professional with 30 years’ experience in IT, Fraud investigation, Information Security, and Risk Assessment processes. He is a member of the team responsible for Information Security architectural at a Fortune 50 company. He started as a bench technician while learning his way up to Information Security Management. Bill is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Controls (CRISC) and a GIAC Certified Python Coder. (GPYC).

  • speaker photo
    Levone Campbell
    Cyber Team Lead / Incident Coordinator, Aramco Services

    Levone Campbell is the Cyber Security Lead / Incident Coordinator for his organization. Levone holds two Bachelor degrees in Management and Marketing from North Carolina A&T State University, a Masters in Business Administration from Walden University, and a Masters in Technology Management from Georgetown University. He also holds numerous certifications.

  • speaker photo
    George Finney
    Chief Security Officer, Southern Methodist University

    George Finney is a Chief Information Security Officer that believes that people are the key to solving our cybersecurity challenges. He is the CEO and founder of Well Aware Security and the CSO for Southern Methodist University In Dallas, Texas. George has worked in Cybersecurity for nearly 20 years and has helped startups, global telecommunications firms, and nonprofits improve their security posture. As a part of his passion for education, George has taught cybersecurity at SMU and is the author of several cybersecurity books, including "Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future" and "No More Magic Wands: Transformative Cybersecurity Change for Everyone." George has been recognized by Security Magazine as one of their top cybersecurity leaders in 2018 and is a part of the Texas CISO Council, is a member of the Board of Directors for the Palo Alto Networks FUEL User Group, and is an Advisory Board member for SecureWorld. George holds a Juris Doctorate from SMU and a Bachelor of Arts from St. John's College, as well as multiple cybersecurity certifications including the CISSP, CISM, and CIPP.

  • speaker photo
    Steven Shalita
    Vice President, Marketing and Business Development, Pluribus Networks

    Steven Shalita has 20+ years of technology experience across the Enterprise, Cloud and Service Provider technology segments. He has market and technology expertise spanning across Cybersecurity, network security, forensics, SDN/NFV, and IT infrastructure. He has spent a considerable amount of time in the performance monitoring marker and was a key evangelist for adapting network monitoring technology for security use cases to identify zero-attacks. Steven is currently Vice President at Pluribus Networks and is a frequent featured speaker at leading industry events. He has held senior technology marketing leadership positions at NetScout, Check Point Software Technologies, Alcatel-Lucent, Cisco, and HP Networking.

  • speaker photo
    Peter Chestna
    CISO of North America, Checkmarx

    Pete Chestna serves as the CISO of North America at Checkmarx, where he provides customers and prospects with practical advice for building successful application security programs. Bringing more than 15 years of direct AppSec practitioner experience, Pete has held roles ranging from developer and development leader to his most recent position as the Global Head of AppSec for the Bank of Montreal.

    Over the years, Pete has led organizational transformations from Waterfall to Agile to DevOps and from monolith to microservice architectures. He is certified as both a scrum master and product owner. Stemming from his experience as both an avid practitioner and consultant, Pete has spoken internationally at numerous prominent security and developer conferences including DevOpsDays, All Day DevOps, OWASP AppSec, and DevSecCon.

    Pete has been granted three patents. He enjoys whiskey tourism, astronomy model rocketry, and listening to Rush in his spare time.

  • speaker photo
    John Macintosh
    Sr. Systems Engineer, Comodo Cybersecurity

    John is a Senior Systems Engineer with over 10 years of experience in the security field. He’s previously worked with other cybersecurity firms such as Centrify, bringing trust to devices, users, and applications, and Barracuda Networks, where he worked on a wide range of perimeter defense technologies.

  • speaker photo
    Brent Chapman
    Chief Information Officer / Chief Information Security Officer , RoundPoint Mortgage Servicing Corporation

    Brent Chapman is a successful technology executive with 17 years’ experience and currently serves as Chief Information Officer and Chief Information Security Officer of RoundPoint Mortgage Servicing Corporation. Mr. Chapman is the senior leader responsible for technology and information security, developing short and long term corporate strategic and operational plans with emphasis on the role that technology, information, and communication services support the plans and growth of the business. Mr. Chapman is a Six Sigma Black Belt, Certified ScrumMaster (CSM), has an MBA from Oakland University and a BA from Carthage College.

  • speaker photo
    Tom Moore
    Consulting Sales Engineer, Cloud Security, Cisco

    Tom has more than 20 years of experience in the information security industry. He has extensive experience in corporate security policy review and design, auditing, vulnerability testing and analysis, network security and application administration. He has held positions as a chief security officer for a worldwide leader in broadcast television and media, director of global security at a Fortune 500 company, and as a senior security strategy and risk management consultant for a major technology consulting company. For eight years, he led an independent security firm performing in-depth analysis of network infrastructures, program management, regulatory compliance strategy (PCI, GLBA, SOX) and mentoring. Certifications – CISSP, CISA, CIPP, CCNA

  • speaker photo
    Rebecca Herold
    CEO, The Privacy Professor; CEO, Privacy & Security Brainiacs

    Rebecca Herold has more than 30 years of security, privacy, and compliance experience. She is founder of The Privacy Professor Consultancy (2004) and of Privacy & Security Brainiacs SaaS services (2021) and has helped hundreds of clients throughout the years. Rebecca has been a subject matter expert (SME) for the National Institute of Standards and Technology (NIST) on a wide range of projects since 2009, including: seven and a half years leading the smart grid privacy standards creation initiative, and co-authoring those informative references and standards; two years being a co-author of and a SME member of the team that created the Privacy Framework (PF) and associated documents; and three years as a SME team member, and co-author of the Internet of Things (IoT) technical and non-technical standards and associated informative references; and performing throughout the years proof of concept (PoC) tests for a variety of technologies, such as field electricity solar inverters, PMU reclosers, and associated sensors. Rebecca has served as an expert witness for cases covering HIPAA, privacy compliance, criminals using IoT devices to track their victims, stolen personal data of retirement housing residents, tracking apps and website users via Meta Pixels and other tracking tech, and social engineering using AI. Rebecca has authored 22 books, and was adjunct professor for nine and a half years for the Norwich University MSISA program. Since early 2018, Rebecca has hosted the Voice America podcast/radio show, Data Security & Privacy with the Privacy Professor. Rebecca is based in Des Moines, Iowa, USA. www.privacysecuritybrainiacs.com

  • speaker photo
    Teresa Merklin
    Fellow, Cyber Risk Assessment, Lockheed Martin

    Teresa Merklin is a Principal Information Assurance Engineer for Cybersecurity Engineering at Lockheed Martin Aeronautics, where she is responsible for technology identification and evaluation for aeronautics platforms. Teresa holds a BS in Electrical Engineering from Oklahoma State University, a Masters of Software Engineering from Texas Christian University, an MBA in Information Assurance from the University of Dallas. She is a CISSP and CSSLP.

  • speaker photo
    Katherine Britton
    Attorney, Law Office of Katherine Britton

    Katherine Elvira Britton is an attorney with a broad range of experience in regulatory compliance, corporate training and presentation and focuses her law practice on privacy and data security law, complex civil litigation, employment and human resources counseling, and consumer protection. Katherine advises clients and trains management and employees on compliance with federal and state privacy and data security laws, best practices, and self-regulatory programs, specifically focusing on issues involving emerging technologies. She evaluates clients’ compliance with federal, state, and self-regulatory requirements relating to the storage, transfer, sharing, and disposal of customer personal information. Katherine reviews, drafts, and negotiates vendor/supplier contracts, technology transactions, services and consulting agreements, and licensing agreements. Additionally, she drafts privacy policies, social media policies, and terms of use agreements for websites and applications tailored to clients’ business practices and implements changes to existing policies to address current and future data collection and use. Katherine earned her J.D. in 2007 from The John Marshall Law School, where she was an editor for The John Marshall Review of Intellectual Property Law, and her B.A. in 2004 from Tulane University. Katherine is a Certified Information Privacy Professional, Certified Privacy Manager, and is admitted to the bars in Illinois, the District of Columbia, and Texas.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes