Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, October 10, 2018
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Topic: IOT in the Business Environment. Security and Privacy Pitfalls
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    The University of Massachusetts has developed a 4.5 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor – Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    8:00 am
    SecureWorld PLUS Part 1 - GDPR Workshop: A Deep Dive into the Legal, Administrative, and Technological Requirements
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Managing Partner & Co-Founder, XPAN Law Group, LLC
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    These three SecureWorld PLUS courses will provide an administrative, legal, and technical overview of the European Union’s General Data Protection Regulation (GDPR). The GDPR, which took effect in May 2018, significantly changes the way in which entities collect, process,
    store, maintain, and alter personal information related to any natural person within the European Union. These changes create increased liabilities on the part of any entity that is involved in the chain of custody of data and requires granular alterations to existing technological and network infrastructures.

    The goal of these SecureWorld PLUS courses is to provide stakeholders with the opportunity to learn about the legal, technological, and business requirements of the GDPR.

    Part 1: 8-9:30 a.m. (Day 1)
    The first course will provide an overview of the historical background on data privacy in Europe and the origins and evolution of the GDPR. This will include an examination of the the fundamental rights associated with data privacy and the extra-territorial application of the GDPR.
    Discussion will also include the role of Information Governance and Administration to create a holistic approach to GDPR compliance including understanding the role of all parties involved in any “data transaction.” Additionally, this first course will address the first steps any organization
    should undertake to achieve GDPR compliance: data discovery and assessment of current network infrastructure, including data classification, categorization, and inventory.

    8:30 am
    The Resource Dilemma: How Security Professionals Can Win the Funding Battle to Get the Resources They Need to Prepare an Adequate Cyber Defense
    • session level icon
    speaker photo
    Principal Consultant, Aberfoyle Associates
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    I believe most security professionals find themselves in the awkward position of having to create and implement the best cybersecurity defenses they possibly can despite insufficient funding and resources and the constant threat of attacks that will harm their business and possibly threaten their employment.

    This presentation is focused on helping these security professionals to prove the business case for additional funding (for tools, consulting, training, third-party testing, and assessments) and resources (for staffing, floorspace, collaboration from other departments).

    8:30 am
    Machine Learning-Based Software Defined Networking Security: Current and Future Challenges
    • session level icon
    speaker photo
    Cyber Threat Researcher, Federal Reserve Bank of Cleveland
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Machine Learning (ML) is gaining popularity in the network security domain as many more network-enabled devices get connected, as malicious activities become stealthier, and as new technologies like Software Defined Networking (SDN) emerge. From the application layer, ML-based security models can automatically defend an SDN network with speed and flexibility. However, nothing is perfect. Through the examination of ML/SDN specific vulnerabilities accompanied by a successful sample attack, several recommendations can be made for both solution designers and potential buyers on how to build or choose a future-proof ML-based SDN security solution.
    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Future of Cybersecurity: A Hydra of Risks and Opportunities
    • session level icon
    speaker photo
    Founder & CEO, Binary Sun Cyber Risk Advisors
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    This keynote will explore the present and emerging risks of cybersecurity to your organization. We will discuss the intersections of cyber with privacy, law, and business, and how to prepare for the future. Specifically, we will tackle the threat landscape, control methodologies, internal and external risks, and how to turn many of these into business opportunities.

     

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council LUNCH Roundtable (VIP / Invite Only)
    • session level icon
    Topic: Prioritization of Top 20 Critical Security Controls
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 1:00 pm
    11:15 am
    Security Awareness 3.0 - The 10 Easiest Things You Can do Today to Protect Yourself From Cyber Attacks
    • session level icon
    speaker photo
    Security Architect, Cimarex Energy Co.
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    In my presentation you will learn Why You are the Target of phishing attacks, but more importantly, how to defend against it, I will talk about:
    1. Why you are the target – it’s all about Money!
    2. Social Media
    3. Protect your PC at home
    4. Pedro’s 5 rules for home PC
    5.. With so many passwords, let’s learn how to manage
    6. Protect your home network with a simple change in your router
    7. Two Factor Authentication (This is now the new normal)
    8. Online purchases – we all do! – How to protect yourself
    9. Back up your data (Work – Home – Phone)
    10. BYOD, IOT – Are you ready?

     

    11:15 am
    Radware: Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Security Evangelist, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Throughout 2017 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    11:15 am
    Crime in a Box – Revisited
    • session level icon
    How technology changed the landscape of cyber crime and predicting future attack vectors
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Twenty years ago I read an article titled “Crime in a Box.” It was a futuristic vision of how cyber crime could evolve to be the perfect crime. This session will compare and contrast the scenario described in that article to the data breach, spear-phishing, and ransomware attacks that have become our reality in the 21st century.

    12:15 pm
    LUNCH KEYNOTE — IoT and Smart Home Security Trends: Reducing the Fear Factor
    • session level icon
    speaker photo
    CISO, iRobot Corporation
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    This presentation will provide an overview of the trends in IoT and Smart Home technology. Understanding the growing number of connected products in homes, what does it means for consumers to evaluate risks vs. benefits? At the same time, this presentation will also educate the security industry on how to promote consumerization and reduce the fear factor. Finally, we will also look at the responsibilities of product companies towards the consumers.

    1:15 pm
    Panel: Stopping the Attacks (Incident Response)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    Security teams are struggling to keep up with the myriad of attack vectors that exist. Future InfoSec professionals will take a more adversarial approach to incident response. Will we have artificial intelligence helping threat hunters squash attacks before they can do any significant damage on the network while alerting the authorities in real time? Can a true partnership form between organizations and law enforcement to share information? Join our experts as they discuss challenges modern security teams face and how we can build a better plan for tomorrow.

     

    1:15 pm
    Panel: What Will They Think of Next? (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    It would seem the more we “build a better mousetrap” the better the threats become. Will machine learning and AI be used against us in the future? Will these and other innovations be hacked and used for gain? Will the Crime as a Business platform take off where business competitors are utilizing these attacks for the upper hand? Perhaps the cars that are being hacked will evolve into driverless vehicles that are hacking companies from inside there own parking lots. What about drones? So many questions, let’s see what our experts say on this panel.

     

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Quantum Computing & Quantum Cryptography: The Current State of the Art
    • session level icon
    speaker photo
    Computer Scientist Consultant
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    This presentation will provide an overview of quantum computing and what that implies for cryptography. The current state of both quantum computing and post-quantum cryptography will be presented.

    3:00 pm
    Bio-Metric Cyber Exposure
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Imagine someone using your stolen fingerprints to access your bank accounts – or worse, your organization’s treasure trove of data? After all, recovering a stolen fingerprint is substantially tougher than a password. Through a series of live demonstrations, Mike will share how to calculate your personal and business Bio-metric risk and, more importantly, how to reduce it. Question to be asked is “What are my Bio-metric Cyber Exposures @home and @work?”

    3:00 pm
    Cyber Risk: It’s All About People
    • session level icon
    speaker photo
    Director, Global Data Risk, Duff & Phelps
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    In organizations, employees, customers and vendors expect to be able to interact dynamically with core systems. Therefore, the enterprise needs to be concerned about its entire ecosystem of partners and their associated cyber risks. In that regard, the cyber security supply chain and vendor risk is critical. One important aspect is not to overlook the human element in cybersecurity risk. Much cybersecurity vulnerability lies in a disconnect between studying only the technical issues, and ignoring human dimensions of the problem. In this talk, the speaker discusses a holistic approach to cybersecurity, examining both the technical and human elements of risk.
    3:00 pm
    Securing the IoT Battleground
    • session level icon
    speaker photo
    CTO, Welsh Harris Capital
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    The Internet of Things (IoT) is morphing at an exceptional rate and adoption of IoT products is being slowed by the question: What about Security? Are we looking at a David facing Goliath scenario for our IoT future? Although we are still morphing, what are the possible viable security options being adopted for IoT?

    3:00 pm
    Data Mapping
    • session level icon
    Understanding How Your Data Moves Within and Without Your Organization
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    One essential component of health IT interoperability and improved care is the exchange of information. Data mapping plays a key role in not only moving data but also in understanding where and how the data moves.

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    The University of Massachusetts has developed a 4.5 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor – Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    3:00 pm
    SeccureWorld PLUS Part 2 - GDPR Workshop: A Deep Dive into the Legal, Administrative, and Technological Requirements
    • session level icon
    Earn 16 CPEs with this in-depth 3-part course
    speaker photo
    Managing Partner & Co-Founder, XPAN Law Group, LLC
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    These three SecureWorld PPLUS courses will provide an administrative, legal, and technical overview of the European Union’s General Data Protection Regulation (GDPR). The GDPR, which took effect in May 2018, significantly changes the way in which entities collect, process,
    store, maintain, and alter personal information related to any natural person within the European Union. These changes create increased liabilities on the part of any entity that is involved in the chain of custody of data and requires granular alterations to existing technological and network infrastructures.

    The goal of these SecureWorld PLUS courses is to provide stakeholders with the opportunity to learn about the legal, technological, and business requirements of the GDPR.

    Part 2: 3-4:30 p.m. (Day 1)
    The second course in the series will focus on the requirements of the GDPR as they relate to privacy-by-design. We will discuss how to architect a network infrastructure to comply with the legal requirements of the GDPR. This session will include discussion on data automation, data protection impact assessments, and the administrative and technological requirements related to data subject rights. The second course will also cover how to transfer data internationally (i.e. data transfer mechanisms) and key documentation required to demonstrate GDPR compliance.

    3:45 pm
    Casino Happy Hour
    • session level icon
    Join us for the Casino After Party: Networking, Games, Prizes, Drinks, and Snacks
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 5:30 pm
    Location / Room: Exhibitor Floor

    Join your peers at 3:45 p.m. in the Exhibit Hall for beverages and snacks. Test your luck at Blackjack, Roulette, and Craps. Hand the voucher you receive at registration to one of the participating exhibitors to get started with $1,000 and win big for your chance at some cool prizes! Casino tables sponsored by Critical Start.

  • Thursday, October 11, 2018
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    The University of Massachusetts has developed a 4.5 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor – Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    8:00 am
    SecureWorld PLUS Part 3 - GDPR Workshop: A Deep Dive into the Legal, Administrative, and Technological Requirements
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Managing Partner & Co-Founder, XPAN Law Group, LLC
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    These three SecureWorld PLUS courses will provide an administrative, legal and technical overview of the European Union’s General Data Protection Regulation (GDPR). The GDPR, which took effect in May 2018, significantly changes the way in which entities collect, process,
    store, maintain, and alter personal information related to any natural person within the European Union. These changes create increased liabilities on the part of any entity that is involved in the chain of custody of data and requires granular alterations to existing technological and network infrastructures.

    The third course will integrate the concepts of security-by-design into the legal obligations of the GDPR, detailing the technological requirements that can be used to create an integrated approach to privacy and security. Discussion will include security incident event management
    under the GDPR, proactive security measures, and notification requirements. It will also cover key tools and documentation that can be used to address security obligations, including data encryption, security and access controls, and data redundancy.

    8:30 am
    "I Know What You Did" - The Future of Security Decision Making
    • session level icon
    speaker photo
    Information Security Architecture, State Farm
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    The future of IT security processes will be continuous, pervasive monitoring and visibility that is constantly analyzed for indications of compromise. Security Monitoring will encompass as many layers of the IT stack as possible, including network activity, endpoints, system interactions, application transactions, and user activity. This presentation will walk through several security related scenarios where data analytics and adaptive security architecture are used to respond in a dynamic way to enable this next generation security protection.
    8:30 am
    When the “IT” Hits the Fan, Stick to the Plan: Incident Response Plan Management
    • session level icon
    speaker photo
    Cyber Team Lead / Incident Coordinator, Aramco Services
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Incident Response is a critical process for any organization. The effectiveness of the incident response plan can determine whether or not an organization can sustain and recover from a cyber attack. As with any process within the organization, the incident response plan needs continuous testing and review to ensure it remains effective for the organization.

    8:30 am
    Culture Eats Cybersecurity for Breakfast
    • session level icon
    speaker photo
    Chief Security Officer, Southern Methodist University
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Leadership guru Peter Drucker is widely credited with coining the phrase, “Culture eats strategy for breakfast,” but culture can also overwhelm any cybersecurity program. Looking at the security breaches that have occurred in 2018, companies with a low rating on the website Glassdoor.com are three times more likely to have been breached as those with ratings above 4.0. This talk will examine key aspects of cybersecurity culture in our organizations and what security professionals can do to help influence the culture of our organizations and to have meaningful impact on protecting companies against hackers, rogue insiders, or corporate competition.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Leveraging SDN Technology to Improve Enterprise Security
    • session level icon
    speaker photo
    Vice President, Marketing and Business Development, Pluribus Networks
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    With increasing numbers of high profile breaches, focusing on securing the perimeter is no longer sufficient. New traffic types and the proliferation of diverse end-points along with increased mobility and wireless access fuels a dramatic increase in untrusted traffic entering the network. In addition, the growth of multi-cloud environments and cloud services requiring access to Enterprise resources pose additional challenges. As mixed-use networks continue to grow and Internet of Things (IoT) traffic is introduced to the network, security organizations need a more dynamic approach to secure the increases of unsecure and untrusted traffic.

    Imagine being able to build a simple, automated and secure network overlay that empowers the enterprise with cloud-scale, elasticity and adaptability and enables independence from network operations. This session will discuss the evolution of SDN technologies and explore how to leverage a dynamic SDN architecture to enable dynamic traffic segmentation, distributed policy enforcement, shared security services and increased operational intelligence to reduce risk, contain infiltrations and prevent attack proliferation.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: ROI for Risk Management
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    11:15 am
    DevOps: Security’s Big Opportunity
    • session level icon
    speaker photo
    Contributing Editor, DevOps.com
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:15 pm
    DevOps culture creates an opportunity for us to improve application security. Since developers are the ones producing code, integrating components and creating the innovations that fuel our digital economy, they are also the ones who will determine whether or not security is part of development or not. Security professionals must therefore learn to how to talk to developers about how to create a security program that will accelerate development and not slow it down.
    11:15 am
    Forensic Analysis of a Ransomware Attack
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Given the number of institutions hit and the amount of media generated, ransomware is a huge threat. But what does ransomware actually do to a system? For this presentation, we’ll disable any anti-ransomware, anti-malware, and threat emulation so that we can see what an attack does when encrypting a system.

    11:15 am
    Building a Robust, Collaborative, and Responsive Security Organization for Today’s Changing Threat Environment
    • session level icon
    speaker photo
    Chief Information Officer / Chief Information Security Officer , RoundPoint Mortgage Servicing Corporation
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Participants will learn how to structure an organization to effectively combat these threats including what internal teams should be involved (Audit, Risk, IT, Operations), the lines of defense, and the roles and responsibilities of team members. They’ll also be instructed on how a cyber-security team should function in terms of specific standards and operating methodologies, how to encourage collaboration, and ways to promote responsiveness.

    11:15 am
    All Risks Are Business Risks
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Defining accurate cybersecurity measurements has always been difficult. We need to alter the perception of cybersecurity from a primarily IT concern, to an everyday function of the business. This presentation will provide some ammunition to allow us to make that argument and move us beyond our current limitations.

    12:00 pm
    Advisory Council LUNCH Round Table - (VIP / Invite Only)
    • session level icon
    Topic: Ransomware- Breaking the Criminal Business Model
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    12:15 pm
    LUNCH KEYNOTE: Prevent Nightmares in the IoT
    • session level icon
    speaker photo
    CEO, The Privacy Professor, President, SIMBUS, LLC
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    1:15 pm
    Panel: Extortion as a Service? (Ransomware and Beyond)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    Remember when ransomware just seized up your computer and wanted you to send Bitcoin to unlock it? With the advances in cybercrime, the thieves are not only locking and encrypting your files, but they are also finding your dirty little secrets. You may not pay for the run of the mill files you have backed up, but you might be more inclined to pay even more to make sure no one finds out about you and a certain someone in accounting you are messaging. Or, what about all the credit card numbers you aren’t storing correctly? It would be a shame if your boss knew you were sending out resumes… Will these attacks also be available for purchase on the dark web?Join the discussion with our experts and come up with a plan to mitigate this problem.

     

    1:15 pm
    Panel: Phishing and other Social Engineering Scams
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    Phishing continues to be the #1 attack vector for the bad guys. Why? Simply put: it works. These attacks keep getting more realistic and sophisticated. In the future we should expect nothing less. Criminals will do more homework on their potential victims and possible pose as business leads or clients to gain our trust. What sales person doesn’t want email from a potential client who wants a new solution? Or they may just lay in wait until they’ve collected enough information to strike. Will they actually come to your business and drop thumb drives like pen testers do? Use drones to do their dirty work? Our experts will discuss the current state of affairs and brainstorm possible new scenarios.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Cyber Resiliency Evolution
    • session level icon
    speaker photo
    Principal Engineer, Cybersecurity Engineering, Lockheed Martin Aeronautics Company
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Cyber Resiliency is the hot new topic for Department of Defense information systems. This presentation traces the evolution from a focus on Confidentiality, Integrity, and Availability toward development and sustainment of systems that can maintain mission execution in a cyber contested environment and provides recommendations for determining when resiliency is needed as well as tips and techniques for designing and developing resilient systems.

     

    3:00 pm
    Rethinking Network Security With a Software-Defined Perimeter
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Traditional network security is failing us. This session introduces a new, open network security model, the Software-Defined Perimeter. This architecture, published by the Cloud Security Alliance, verifies and secures all user access to network resources, improving security and compliance for both on-premises and cloud environments.

Exhibitors
  • NetScout Arbor
    Booth: TBD

    For fifteen years, the world’s leading network operators across ISP, cloud and enterprise markets have relied on NETSCOUT Arbor for traffic visibility, advanced threat detection and DDoS mitigation. Through a combination of market-leading technology, elite security research, intuitive workflows and powerful data visualizations, NETSCOUT Arbor allows you to efficiently connect the dots to understand attack activity and to take action with confidence. See the threat, understand the risk and protect your business with NETSCOUT Arbor.

  • CIOReview
    Booth:

    CIOReview is a technology magazine that talks about the enterprise solutions that can redefine the business goals of enterprises tomorrow. It is the leading source that shares innovative enterprise solutions developed by established solutions providers, upcoming hot enterprises and is a neutral source for technology decision makers. Published from Fremont, California, CIOReview is an excellent platform for the enterprise to showcase their innovative solutions.

  • Cloud Security Alliance (CSA)
    Booth:

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Comodo Cybersecurity
    Booth: TBD

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • Critical Start
    Booth: TBD

    Critical Start is a cybersecurity company with a holistic, customer-focused approach. We work with our customers to understand the impact of IT on their business and determine the associated risks. Using this risk profile, we can offer big-picture guidance on the strategies and controls that will enable them to effectively manage risk and improve security. Critical Start is 100% employee owned by a team of experts who are passionate about security, quality and service. For more information on what sets us apart, visit criticalstart.com.

  • Cyberbit
    Booth: TBD

    Cyberbit provides a consolidated detection and response platform that protects an organization’s entire attack surface across IT, OT and IoT networks. Cyberbit products have been forged in the toughest environments on the globe and include: behavioral threat detection, incident response automation and orchestration, ICS/SCADA security, and the world’s leading cyber range. Since founded in mid-2015 Cyberbit’s products were rapidly adopted by enterprises, governments, academic institutions and MSSPs around the world. Cyberbit is a subsidiary of Elbit Systems (NASDAQ: ESLT) and has offices in Israel, the US, Europe, and Asia.

  • Cylance
    Booth: TBD

    Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Infoblox, Inc
    Booth: TBD

    For 17 years, we’ve been the market leader for core network services, including DNS, DHCP, and IP address management, a category known as DDI.

  • InfraGard North Texas
    Booth:

    The primary purpose of the InfraGard North Texas Members Alliance is to assist in increasing the security of the United States national infrastructures through ongoing exchanges of information relevant to infrastructure protection and through education, outreach, and similar efforts. In addition to the benefits offered by the national InfraGard organization, there are several ways our local chapter accomplishes these objectives, including:

    • Local quarterly membership meetings focused on infrastructure protection
    • Sector-specific meetings and information exchanges
    • Partnerships and discounts to training offerings with other organizations such as ISSA and SecureWorld
    • Networking opportunities with peers within and across all sectors
  • (ISC)2 Dallas-Fort Worth
    Booth:

    The Dallas-Fort Worth Chapter of (ISC)2 is based in the DFW area and serves the counties of the Dallas-Fort Worth Metroplex. Members include those with security certifications from (ISC)2 as well as other professionals practicing or interested in information, software and communications security. Our mission is to advance information security in the DFW area by providing our members and other security professionals with the opportunity to share knowledge, grow professionally, educate others, and collaborate on projects. Our chapter programs provide members a forum to facilitate the exchange of knowledge and ideas, development of leadership and professional skills, and advancement of information systems security. We also provide our members with access to a variety of industry resources and educational programs to keep them up to date with the latest advances in technology as well as information assurance.

  • ISSA: North Texas
    Booth:

    The Dallas/Fort Worth area has many large corporations, government organizations, and educational institutions. Our membership comes from the network and information systems professionals of these organizations and institutions, as well as vendors of security products. We seek to provide our members with access to information and resources to assist their employers in securing critical information resources. Our monthly luncheon meetings, conferences, and other resources are available to members and non-members alike to assist in educating security practitioners of all types.

  • Ixia, a Keysight Business
    Booth: TBD

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Mimecast
    Booth: TBD

    Mimecast Is Making Email Safer For Business.
    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service.
    Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • Pluribus Networks
    Booth: TBD

    Pluribus Networks delivers a programmable software-defined security fabric with a distributed architecture to integrate and orchestrate multiple security functionalities for internal security protections. The Fabric enables establishing a transparent and secure control layer to segment and control all traffic across the enterprise independent of the underlying physical network infrastructure. The Fabric enables network virtualization and segmentation with adaptive security policies, enables security service insertion and provides real-time visibility to identify emerging threats and speed cyber incident response.

  • Radware
    Booth: TBD

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • Rapid7
    Booth: TBD

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • RedSeal
    Booth: TBD

    At RedSeal, our vision is to become the essential analytics and decision-making platform for building digitally resilient organizations people can trust. We do this by becoming the measure by which every organization can quantify its digital resilience. As thought leaders on resilience, we envision every organization starting the security discussion with the question “What’s our Digital Resilience Score?” Founded in 2004, RedSeal is headquartered in Sunnyvale, California.

  • SailPoint
    Booth: TBD

    In 2005, Mark and Kevin set out to create a new type of company – one that promised to provide innovative solutions to business problems and an exciting, collaborative work environment for identity rock stars. Together, we’re redefining identity’s place in the security ecosystem.

    We love taking on new challenges that seem daunting to others. We hold ourselves to the highest standards, and deliver upon our promises to our customers. We bring out the best in each other, and we’re having a lot of fun along the way.

  • SecPod
    Booth: TBD

    SecPod is an endpoint security and systems management technology company. SecPod (Security Podium, incarnated as SecPod) was founded in the year 2008 with the goal to create a technology company that creates a platform for managing and securing every connected endpoint system.’

  • SentinelOne
    Booth: TBD

    SentinelOne is the future of Endpoint Protection. It unifies prevention, detection and response in a single platform driven by sophisticated machine learning and intelligent automation. With SentinelOne, organizations can detect malicious behavior across multiple vectors, rapidly eliminate threats with fully-automated, integrated response capabilities, and adapt their defenses against the most advanced cyber attacks.

  • SparkCognition
    Booth: TBD

    SparkCognition is a global leader in cognitive computing analytics. A highly awarded company recognized for cutting-edge technology, SparkCognition is successfully deploying a cognitive, data-driven analytics platform for clouds, devices, and the Internet of Things industrial and security markets by applying patented algorithms that deliver out-of-band, symptom-sensitive analytics, insights, and security. For more information on the company, its technology and team, please visit http://www.sparkcognition.com.

  • Spirion
    Booth: TBD

    Spirion is a leading enterprise data management software solution that provides high-precision searches and automated classification of unstructured and structured data with unparalleled accuracy.  Spirion helps businesses reduce their sensitive data footprint and proactively minimize risks, costs and reputational damage of cyberattacks by discovering, classifying, monitoring and protecting sensitive data.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Thales e-Security
    Booth: TBD

    Thales e-Security is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales e-Security is part of Thales Group.

  • Tools4ever
    Booth: TBD

    Tools4ever is one of the largest vendors in Identity Governance & Administration (also known as Identity & Access Management) with more than 5 million managed user accounts.

    Since 1999 Tools4ever has developed and delivered several software solutions and consultancy services such as User Provisioning, Downstream Provisioning, Workflow Management, Employee Self-Service and Access Governance (RBAC). In the area of Password Management, Tools4ever offers Single Sign-On and Self-Service Password Reset among others.

    Tools4ever’s Identity Governance & Administration (IGA) solutions are installed in organizations from various sectors ranging in size from 300 to over 200,000 user accounts.

  • WhiteHat Security
    Booth: TBD

    Digital life consists of digital experiences, and applications drive these digital experiences. The only way enterprises can truly provide safe digital experiences to their customers, partners, employees and entire ecosystem, is by securing the applications at the heart of their business.

    WhiteHat exists to make this possible. The WhiteHat Application Security Platform enables enterprises to secure their digital businesses. From application creation through production, and from the desktop to mobile devices, we secure the apps that people rely on in their personal and professional lives.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    Jordan Fischer
    Managing Partner & Co-Founder, XPAN Law Group, LLC

    Jordan is a co-founder and managing partner of XPAN Law Group, LLC, a certified Women-Owned Enterprise law firm. She focuses her practice on international data privacy, cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations and the forthcoming GDPR. She has extensive experience in the intersection of law and technology. With a global perspective, Jordan works with clients to create cost-effective and business oriented approaches to cybersecurity and data privacy compliance. Jordan is also an adjunct law professor at the Thomas R. Kline School of Law, where she teaches a variety of legal courses.

  • speaker photo
    Mark Langford
    Principal Consultant, Aberfoyle Associates

    Mark Langford is the Principal Consultant of Aberfoyle Associates and advises companies on how to develop their cyber defense strategies. Mark has lived and worked in 4 countries, obtained his Bachelor's degree from Clemson University and his Master's degree in Telecommunications Management from Oklahoma State University.

  • speaker photo
    Tam Nguyen
    Cyber Threat Researcher, Federal Reserve Bank of Cleveland

    Tam Nguyen is an IEEE peer-reviewed cybersecurity researcher whose recent works include a long-term cyber threat evaluation/prediction strategy for the Federal Reserve Bank of Cleveland, and an accepted research paper on Software Defined Network's security to be presented in Paris, France. Tam will graduate with a Master of Computer Science in Security from the North Carolina State University in December 2018.

  • speaker photo
    Christopher Pierson
    Founder & CEO, Binary Sun Cyber Risk Advisors

    Dr. Chris Pierson is the Founder & CEO of Binary Sun Cyber Risk Advisors - providing strategic & operational advice on the intersection of cybersecurity, business, risk and law for companies and boards. He is a globally recognized cybersecurity expert and entrepreneur who holds several cybersecurity, anti-fraud, and technology patents. Dr. Pierson serves on the Department of Homeland Security’s Data Privacy & Integrity Advisory Committee and Cybersecurity Subcommittee and is a Distinguished Fellow of the Ponemon Institute. Previously, Chris was a founding executive of Viewpost, a FinTech payments company, serving as their CSO and General Counsel and was also the first Chief Privacy Officer, SVP for the Royal Bank of Scotland’s (RBS) U.S. banking operations leading its privacy and data protection program. Chris was also a corporate attorney for Lewis and Roca where he established its Cyber Security Practice representing companies on cybersecurity and data breaches. Chris is a graduate of Boston College (B.A., M.A.) and The University of Iowa (Ph.D., J.D.), is a sought after keynote speaker on cybersecurity and privacy, board advisor for startups, and is frequently quoted by the media on these topics.

  • speaker photo
    Pedro Serrano
    Security Architect, Cimarex Energy Co.

    Pedro Serrano has over 35 years of experience managing and installing cyber security controls in networks around the world, 20 of those in military systems while serving in the United States Air Force. He is the Security Architect for Cimarex Energy Company, an Oil and Gas exploration company and Professor at his local University and Technical Institute teaching infrastructure systems, security controls, networking, and security awareness. Pedro has two postgraduates degrees one in Telecommunications Management from Oklahoma State University and the other in Computer Science from Tulsa University. Pedro serves as the President of the Information System Security Association (ISSA) chapter in Tulsa, Oklahoma.

  • speaker photo
    Ron Winward
    Security Evangelist, Radware

    Ron Winward is a Security Evangelist for Radware, where he helps execute the company’s thought leadership on today’s security threat landscape. Ron brings nearly 20 years of experience in the Internet service provider space, most recently as Director of Network Engineering for a global infrastructure and colocation provider. With an expertise in network architectures and DDoS mitigation, Ron has helped design solutions for carriers, enterprises, and cybersecurity service providers around the world.

  • speaker photo
    Ravi Thatavarthy
    CISO, iRobot Corporation

    Ravi Thatavarthy is Information Security Officer at iRobot heading both IT and Product Security. He brings 20+ years of experience in Information Security to his role with a strong background in Security Architecture and building Security programs from ground up. His approach to Information Security is unique and well-balanced with a focus on ‘Business Value’ and ‘User Delight’. He recently appeared in ‘Profiles in Confidence’ as a Security leader running confident Security program. He spoke and served as a panelist in multiple conferences. Before joining iRobot, he led the Security, Policy & Compliance programs at Haemonetics where he worked as Director of Global Security & Policy.

  • speaker photo
    Chuck Easttom
    Computer Scientist Consultant

    Mr. Easttom is the author of 25 books (10 with chapters on cryptography and 1 book on cryptography) and over 40 research papers (including several on cryptography), and an inventor with 13 patents. He is also a frequent speaker on computer security topics including cryptography.

  • speaker photo
    John Bass
    Director, Global Data Risk, Duff & Phelps

    John W. Bass is a director in the Global Data Risk Practice at Duff & Phelps. John is an acknowledged thought leader on risk management, the human dimensions of cyber risk, and insider threats. John was a Central Intelligence Agency (CIA) National Clandestine Service (NCS) operational executive with 27 years in national security and international affairs in Africa, the Middle East, Central Asia, Europe and Latin America. An alumnus of Mercer Benefits Consulting, John has an MBA from Johns Hopkins, focused on enterprise risk management. John earned an undergraduate degree in physics and mathematics from Bradley University. Full bio: https://www.duffandphelps.com/about-us/our-team/john-bass

  • speaker photo
    Robin Austin
    CTO, Welsh Harris Capital

    CSO Colliers Group former CTO of Welsh Harris Capital / President of Cyber Defense Resources
    Through consolidating operational services for efficiency and providing game changing solutions, Robin Austin has reduced Operational and Capital Expenses for many. Robin’s 30+ years in technology and extensive knowledge of cyber security, infrastructure, mobility, and emerging technological advancements has made her the “go to” knowledgeable person for the best solutions for cyber security.

  • speaker photo
    Larry Wilson
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    Jordan Fischer
    Managing Partner & Co-Founder, XPAN Law Group, LLC

    Jordan is a co-founder and managing partner of XPAN Law Group, LLC, a certified Women-Owned Enterprise law firm. She focuses her practice on international data privacy, cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations and the forthcoming GDPR. She has extensive experience in the intersection of law and technology. With a global perspective, Jordan works with clients to create cost-effective and business oriented approaches to cybersecurity and data privacy compliance. Jordan is also an adjunct law professor at the Thomas R. Kline School of Law, where she teaches a variety of legal courses.

  • speaker photo
    Larry Wilson
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    Jordan Fischer
    Managing Partner & Co-Founder, XPAN Law Group, LLC

    Jordan is a co-founder and managing partner of XPAN Law Group, LLC, a certified Women-Owned Enterprise law firm. She focuses her practice on international data privacy, cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations and the forthcoming GDPR. She has extensive experience in the intersection of law and technology. With a global perspective, Jordan works with clients to create cost-effective and business oriented approaches to cybersecurity and data privacy compliance. Jordan is also an adjunct law professor at the Thomas R. Kline School of Law, where she teaches a variety of legal courses.

  • speaker photo
    Bill White
    Information Security Architecture, State Farm

    Bill White is an Information Technology professional with 30 years' experience in IT Security, Fraud investigation, Information Security, and Risk Assessment processes. CISSP, CRISC, CISA.

  • speaker photo
    Levone Campbell
    Cyber Team Lead / Incident Coordinator, Aramco Services

    Levone Campbell is the Cyber Security Lead / Incident Coordinator for his organization. Levone holds two Bachelor degrees in Management and Marketing from North Carolina A&T State University, a Masters in Business Administration from Walden University, and a Masters in Technology Management from Georgetown University. He also holds numerous certifications.

  • speaker photo
    George Finney
    Chief Security Officer, Southern Methodist University

    George Finney is the Chief Security Officer for Southern Methodist University and the author of “No More Magic Wands: Transformative Cybersecurity Change for Everyone.” He previously worked with several startups and global telecommunications firms designing networks, writing policy, hardening servers, and educating users. George is a member of the Texas CISO Council, a governing body member of the Evanta CISO Coalition, an advisory board member for SecureWorld, and a board member of the Palo Alto Networks FUEL User Group.

  • speaker photo
    Steven Shalita
    Vice President, Marketing and Business Development, Pluribus Networks

    Steven Shalita has 20+ years of technology experience across the Enterprise, Cloud and Service Provider technology segments. He has market and technology expertise spanning across Cybersecurity, network security, forensics, SDN/NFV, and IT infrastructure. He has spent a considerable amount of time in the performance monitoring marker and was a key evangelist for adapting network monitoring technology for security use cases to identify zero-attacks. Steven is currently Vice President at Pluribus Networks and is a frequent featured speaker at leading industry events. He has held senior technology marketing leadership positions at NetScout, Check Point Software Technologies, Alcatel-Lucent, Cisco, and HP Networking.

  • speaker photo
    Peter Chestna
    Contributing Editor, DevOps.com

    Pete Chestna has more than 25 years of experience developing software and leading development teams, and has been granted three patents. Pete has been developing web applications since 1996, including one of the first applications to be delivered through a web interface. He led his company from Waterfall to Agile and finally to DevOps, in addition to taking the company from a monolithic architecture to one based on microservices.

    Since 2006, Pete has been a leader in the Application Security (AppSec) space and has consulted with some of the world’s largest companies on their AppSec programs. In addition to his role as a contributing editor at DevOps.com and SecurityBoulevard.com, he now shares his experience by speaking internationally at both security and developer conferences on the topics of AppSec, Agile, and DevSecOps. Buy him a whisk(e)y and he’ll tell you all about it.

  • speaker photo
    Brent Chapman
    Chief Information Officer / Chief Information Security Officer , RoundPoint Mortgage Servicing Corporation

    Brent Chapman is a successful technology executive with 17 years’ experience and currently serves as Chief Information Officer and Chief Information Security Officer of RoundPoint Mortgage Servicing Corporation. Mr. Chapman is the senior leader responsible for technology and information security, developing short and long term corporate strategic and operational plans with emphasis on the role that technology, information, and communication services support the plans and growth of the business. Mr. Chapman is a Six Sigma Black Belt, Certified ScrumMaster (CSM), has an MBA from Oakland University and a BA from Carthage College.

  • speaker photo
    Rebecca Herold
    CEO, The Privacy Professor, President, SIMBUS, LLC

    Rebecca is CEO of The Privacy Professor® consultancy and President of SIMBUS, LLC, an infosec, privacy, technology, and compliance management cloud service. Rebecca has over 25 years of experience, has authored 19 books and hundreds of book chapters and published articles, and serves as an expert witness for information security, privacy, and compliance issues. Rebecca appears regularly on the KCWI23 morning television show and is based in Des Moines, Iowa.

  • speaker photo
    Teresa Merklin
    Principal Engineer, Cybersecurity Engineering, Lockheed Martin Aeronautics Company

    Teresa Merklin is a Principal Information Assurance Engineer for Cybersecurity Engineering at Lockheed Martin Aeronautics, where she is responsible for technology identification and evaluation for aeronautics platforms. Teresa holds a BS in Electrical Engineering from Oklahoma State University, a Masters of Software Engineering from Texas Christian University, an MBA in Information Assurance from the University of Dallas. She is a CISSP and CSSLP.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Don't miss out!

Join us for high-quality, affordable cybersecurity training and networking. Sign up today!