Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, October 10, 2018
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Topic: IOT in the Business Environment. Security and Privacy Pitfalls
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: Spring Glade
    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Northbrook 1

    The University of Massachusetts has developed a 4.5 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor – Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    8:30 am
    Cybersecurity is a Team Sport
    • session level icon
    Why strategic leadership and an understanding of roles, personalities, and psychology is important for building and managing effective cybersecurity teams.
    speaker photo
    Co-Chair, Cybersecurity & Data Privacy Practice Group, Spencer Fane LLP
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Northbrook 2

    This presentation will examine issues such as:

    • Who should be on the team and what should they know?
    • How should the team be organized?
    • Who is responsible for developing the strategy and seeing the whole playing field?
    • What are the team members responsibilities?
    • How do team members personalities affect their roles and performance? 

      Is there a role for lawyers if the “privilege” “magic wand” turns out to be more fairy-tale than reality?

    8:30 am
    Machine Learning-Based Software Defined Networking Security: Current and Future Challenges
    • session level icon
    speaker photo
    Cyber Threat Researcher, Federal Reserve Bank of Cleveland
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Windhaven
    Machine Learning (ML) is gaining popularity in the network security domain as many more network-enabled devices get connected, as malicious activities become stealthier, and as new technologies like Software-Defined Networking (SDN) emerge. From the application layer, ML-based security models can automatically defend an SDN network with speed and flexibility. However, nothing is perfect. Through the examination of ML/SDN specific vulnerabilities accompanied by a successful sample attack, several recommendations can be made for both solution designers and potential buyers on how to build or choose a future-proof ML-based SDN security solution.
    8:30 am
    Spirion: Celebrity Regulation Smackdown: GDPR vs. CCPA
    • session level icon
    speaker photo
    VP, Data Protection, Spirion
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Fairview

    The General Data Protection Regulation (GDPR) represents the most sweeping data protection regulation to be brought into force in the last 20 years.  It addresses not only data traditionally considered “sensitive,” but so-called “online identifiers,” such as MAC/IP addresses, geolocation data, and browser fingerprints.  Barely a month after the Regulation’s May 25, 2018 commencement date, the California Consumer Privacy Act of 2018 (CCPA) was passed into law, the result of a frenetic 6-day drafting process.  Many consider the two laws to effectively be the same, but a close inspection reveals some striking differences.  In this presentation, a privacy industry veteran will offer some perspective on both laws.  Key takeaways include:

    • An understanding of the primary differences between the two laws;
    • Information security requirements under both laws; and
    • Leveraging GDPR compliance efforts to meet the requirements of the CCPA
    8:30 am
    The Resource Dilemma: How Security Professionals Can Win the Funding Battle to Get the Resources They Need to Prepare an Adequate Cyber Defense
    • session level icon
    speaker photo
    Principal Consultant, Aberfoyle Associates
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Sunnyslope

    I believe most security professionals find themselves in the awkward position of having to create and implement the best cybersecurity defenses they possibly can despite insufficient funding and resources and the constant threat of attacks that will harm their business and possibly threaten their employment.

    This presentation is focused on helping these security professionals to prove the business case for additional funding (for tools, consulting, training, third-party testing, and assessments) and resources (for staffing, floorspace, collaboration from other departments).

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibit Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Future of Cybersecurity: A Hydra of Risks and Opportunities
    • session level icon
    speaker photo
    Founder & CEO, Binary Sun Cyber Risk Advisors
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    This keynote will explore the present and emerging risks of cybersecurity to your organization. We will discuss the intersections of cyber with privacy, law, and business, and how to prepare for the future. Specifically, we will tackle the threat landscape, control methodologies, internal and external risks, and how to turn many of these into business opportunities.

     

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council LUNCH Roundtable (VIP / Invite Only)
    • session level icon
    Topic: Prioritization of Top 20 Critical Security Controls
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 1:00 pm
    Location / Room: Spring Glade
    11:15 am
    Establishing Academic Programs and Career Pathways for the Cyber Workforce
    • session level icon
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Windhaven
    As the former CISO for the University of Massachusetts, I have had many opportunities to interact with IT professionals, IT managers, business leaders and other management / operations personnel who would benefit with a baseline knowledge, skills and abilities in the Cybersecurity field. As we continue to move to a more digital / cloud based world, the need for advanced skills in cybersecurity will only increase. This presentation will focus on developing academic curriculum that meets the changing workforce needs as well as establishing career pathways for individuals who are interested in a career in cybersecurity.
    11:15 am
    Risk Assessment Plan Addressing Cybersecurity Propagation, Aggregation, and Exfiltration
    • session level icon
    speaker photo
    Sr. Information Systems Auditor, Parkland HealthParkland Health & Hospital System
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Fairview
    Michael presents a 3 year Cyber Security Risk Review program that addresses Propagation, Aggregation, and Exfiltration. Part of the planning process should involve avoiding the problem in the first place. To achieve this goal, or at least improve your odds of never having a catastrophic breach, make sure your basic security systems are running at top form,
    11:15 am
    Radware: Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Security Evangelist, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Sunnyslope

    Throughout 2017 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    11:15 am
    Security Awareness 3.0 - The 10 Easiest Things You Can do Today to Protect Yourself From Cyber Attacks
    • session level icon
    speaker photo
    Security Architect, Cimarex Energy Co.
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Northbrook 2
    In my presentation you will learn Why You are the Target of phishing attacks, but more importantly, how to defend against it, I will talk about:
    1. Why you are the target – it’s all about Money!
    2. Social Media
    3. Protect your PC at home
    4. Pedro’s 5 rules for home PC
    5.. With so many passwords, let’s learn how to manage
    6. Protect your home network with a simple change in your router
    7. Two Factor Authentication (This is now the new normal)
    8. Online purchases – we all do! – How to protect yourself
    9. Back up your data (Work – Home – Phone)
    10. BYOD, IOT – Are you ready?

     

    12:15 pm
    LUNCH KEYNOTE: Boosting InfoSec’s Influence (and Yours) by Approaching Communication Differently
    • session level icon
    speaker photo
    Emmy-Winning Journalist, SecureWorld
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Grow your personal influence, your leadership possibilities and move your InfoSec objectives forward (faster) by thinking differently about how you communicate. Whether your audience is the board, your team, or any part of the business, this session will help you and your communication stand out. Lead by a long-time TV reporter turned cybersecurity journalist who shares a framework for powerful communication you can implement immediately.

    1:15 pm
    Panel: Stopping the Attacks (Incident Response)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Security teams are struggling to keep up with the myriad of attack vectors that exist. Future InfoSec professionals will take a more adversarial approach to incident response. Will we have artificial intelligence helping threat hunters squash attacks before they can do any significant damage on the network while alerting the authorities in real time? Can a true partnership form between organizations and law enforcement to share information? Join our experts as they discuss challenges modern security teams face and how we can build a better plan for tomorrow.
    Panelists:
    Rick Miles, Red Seal
    Tommy Hui, SentinelOne
    Ron Winward, Radware
    Marcelo Brunner, CloverIT
    Moderator: Dion McBride

     

    1:15 pm
    Panel: What Will They Think of Next? (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Windhaven

    It would seem the more we “build a better mousetrap” the better the threats become. Will machine learning and AI be used against us in the future? Will these and other innovations be hacked and used for gain? Will the Crime as a Business platform take off where business competitors are utilizing these attacks for the upper hand? Perhaps the cars that are being hacked will evolve into driverless vehicles that are hacking companies from inside there own parking lots. What about drones? So many questions, let’s see what our experts say on this panel.
    Panelists:
    Kristi Thiele, Ixia
    Bryan Lares, Sparkcognition
    John Macintosh, Comodo
    Paul Trulove, SailPoint
    Steve Shalita, Pluribus Networks
    Moderator: JP Hill, (ISC)2

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Cyber Risk: It’s All About People
    speaker photo
    Managing Director, Cyber Risk, Kroll
    Registration Level:
    3:00 pm - 3:45 pm
    Location / Room: Windhaven
    In organizations, employees, customers and vendors expect to be able to interact dynamically with core systems. Therefore, the enterprise needs to be concerned about its entire ecosystem of partners and their associated cyber risks. In that regard, the cyber security supply chain and vendor risk is critical. One important aspect is not to overlook the human element in cybersecurity risk. Much cybersecurity vulnerability lies in a disconnect between studying only the technical issues, and ignoring human dimensions of the problem. In this talk, the speaker discusses a holistic approach to cybersecurity, examining both the technical and human elements of risk.
    3:00 pm
    Quantum Computing & Quantum Cryptography: The Current State of the Art
    • session level icon
    speaker photo
    Computer Scientist Consultant
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Fairview

    This presentation will provide an overview of quantum computing and what that implies for cryptography. The current state of both quantum computing and post-quantum cryptography will be presented.

    3:00 pm
    Role of Information Risk and Compliance in Digital Healthcare
    • session level icon
    speaker photo
    IT Risk and Compliance Lead, PerkinElmer, Inc.
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Northbrook 2
    Information technology is becoming a core part of healthcare with the new technology innovation. The risk and compliance strategy and guidance is challenging.
    This presentation focuses on some of the key attributes to take into consideration for creating an IT GRC model to ensure the safety, privacy, and security of the patients.Some of the attributes include:
    – Data as the centerpoint/ focus point of building the GRC model
    – Data classification based on its risk and impact
    – Thinking through Data Lifecycle Approach to attain a detailed      understanding of data and its impact
    3:00 pm
    Securing the IoT Battleground
    • session level icon
    speaker photo
    CTO, Welsh Harris Capital
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Sunnyslope

    The Internet of Things (IoT) is morphing at an exceptional rate and adoption of IoT products is being slowed by the question: What about Security? Are we looking at a David facing Goliath scenario for our IoT future? Although we are still morphing, what are the possible viable security options being adopted for IoT?

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Northbrook I

    The University of Massachusetts has developed a 4.5 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor – Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    3:45 pm
    Happy Hour Reception
    • session level icon
    Join us for happy hour and trivia in the venue lobby.
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 5:30 pm
    Location / Room: Venue Lobby

    Join your peers for complimentary hors d’oeuvres beverages and conversation following the first day of SecureWorld. This is a great opportunity to network with other security professionals from the Dallas area, and to discuss the hot topics from the day.
    Generous Sponsors: Mimecast and Critical Start

  • Thursday, October 11, 2018
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    7:30 am
    InfraGard North Texas Chapter Meeting and Movie Screening
    • session level icon
    Open to all Attendees - Light Breakfast Included
    Registration Level:
    • session level iconOpen Sessions
    7:30 am - 9:15 pm
    Location / Room: Keynote Theater

    Join InfraGard for their chapter meeting and guest presentation.
    Breakfast will be complimentary and we look forward to seeing you there!

    7:30 am           Open Doors / Breakfast
    8:00 am           Welcome Guests / Introductions
    8:15 am           Redemption Movie
    8:45 am           Questions for FBI Agents
    9:00 am           Raffle Prizes
    9:10 am           Wrap-up / Network

    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Northbrook I

    The University of Massachusetts has developed a 4.5 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor – Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    8:30 am
    "I Know What You Did" - The Future of Security Decision Making
    • session level icon
    speaker photo
    Information Security Architecture, State Farm
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Sunnyslope
    The future of IT security processes will be continuous, pervasive monitoring and visibility that is constantly analyzed for indications of compromise. Security Monitoring will encompass as many layers of the IT stack as possible, including network activity, endpoints, system interactions, application transactions, and user activity. This presentation will walk through several security related scenarios where data analytics and adaptive security architecture are used to respond in a dynamic way to enable this next generation security protection.
    8:30 am
    When the “IT” Hits the Fan, Stick to the Plan: Incident Response Plan Management
    • session level icon
    speaker photo
    Cyber Team Lead / Incident Coordinator, Aramco Services
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Fairview

    Incident Response is a critical process for any organization. The effectiveness of the incident response plan can determine whether or not an organization can sustain and recover from a cyber attack. As with any process within the organization, the incident response plan needs continuous testing and review to ensure it remains effective for the organization.

    8:30 am
    Culture Eats Cybersecurity for Breakfast
    • session level icon
    speaker photo
    Chief Security Officer, Southern Methodist University
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Windhaven

    Leadership guru Peter Drucker is widely credited with coining the phrase, “Culture eats strategy for breakfast,” but culture can also overwhelm any cybersecurity program. Looking at the security breaches that have occurred in 2018, companies with a low rating on the website Glassdoor.com are three times more likely to have been breached as those with ratings above 4.0. This talk will examine key aspects of cybersecurity culture in our organizations and what security professionals can do to help influence the culture of our organizations and to have meaningful impact on protecting companies against hackers, rogue insiders, or corporate competition.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Leveraging SDN Technology to Improve Enterprise Security
    • session level icon
    speaker photo
    Vice President, Marketing and Business Development, Pluribus Networks
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    With increasing numbers of high profile breaches, focusing on securing the perimeter is no longer sufficient. New traffic types and the proliferation of diverse end-points along with increased mobility and wireless access fuels a dramatic increase in untrusted traffic entering the network. In addition, the growth of multi-cloud environments and cloud services requiring access to Enterprise resources pose additional challenges. As mixed-use networks continue to grow and Internet of Things (IoT) traffic is introduced to the network, security organizations need a more dynamic approach to secure the increases of unsecure and untrusted traffic.

    Imagine being able to build a simple, automated and secure network overlay that empowers the enterprise with cloud-scale, elasticity and adaptability and enables independence from network operations. This session will discuss the evolution of Software-Defined Networking (SDN) technologies and explore how to leverage a dynamic SDN architecture to enable dynamic traffic segmentation, distributed policy enforcement, shared security services and increased operational intelligence to reduce risk, contain infiltrations and prevent attack proliferation.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: ROI for Risk Management
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Spring Glade
    11:15 am
    DevOps: Security’s Big Opportunity
    • session level icon
    speaker photo
    Contributing Editor, DevOps.com
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:15 pm
    Location / Room: Northbrook 2
    DevOps culture creates an opportunity for us to improve application security. Since developers are the ones producing code, integrating components and creating the innovations that fuel our digital economy, they are also the ones who will determine whether or not security is part of development or not. Security professionals must therefore learn to how to talk to developers about how to create a security program that will accelerate development and not slow it down.
    11:15 am
    Comodo: Re-Think Cyber - AI and the Human Touch Safeguarding Against Known and Unknown Threats
    • session level icon
    speaker photo
    Sr. Systems Engineer, Comodo Cybersecurity
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Fairview

    Today’s cybersecurity threat level remains at its highest in history: malware runs rampant, and organizations large and small are besieged by phishing, breaches, take-downs and DDoS attacks. In this environment, cybersecurity presents the greatest challenges to IT organizations. Join Comodo Cybersecurity experts and see how their patented auto-containment technology works defending against known and unknown malware signatures. In conjunction, they will talk to and demonstrate the visibility they have throughout their global customer footprint of nearly 89 million endpoint users. To conclude, Comodo will give a brief overview of their budding partner program and how they’re growing the Comodo Cybersecurity ecosystem.

    11:15 am
    Building a Robust, Collaborative, and Responsive Security Organization for Today’s Changing Threat Environment
    • session level icon
    speaker photo
    Chief Information Officer / Chief Information Security Officer , RoundPoint Mortgage Servicing Corporation
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Windhaven

    Participants will learn how to structure an organization to effectively combat these threats including what internal teams should be involved (Audit, Risk, IT, Operations), the lines of defense, and the roles and responsibilities of team members. They’ll also be instructed on how a cyber-security team should function in terms of specific standards and operating methodologies, how to encourage collaboration, and ways to promote responsiveness.

    11:15 am
    Cisco: Anatomy of an Attack
    • session level icon
    speaker photo
    Consulting Sales Engineer, Cloud Security, Cisco
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Sunnyslope
    Cyber Criminals are increasingly exploiting the Internet services to build agile and resilient infrastructures, and consequently to protect themselves from being exposed and taken over. This session will explain how the correlation of Internet data on multiple levels (DNS, BGP, ASN, Prefixes/IPs) can be used to build and deliver a new model of security that is pervasive and predictive, and that allows us to expose the attackers’ infrastructure. Detection models that can be built and applied (such as co-occurrences, NLPRank, and Spike Detectors), and how the different detectors can be integrated to expose malicious infrastructures and advanced persistent threats.
    12:00 pm
    Advisory Council LUNCH Round Table - (VIP / Invite Only)
    • session level icon
    Topic: Ransomware- Breaking the Criminal Business Model
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Spring Glade
    12:15 pm
    LUNCH KEYNOTE: Prevent Nightmares in the IoT
    • session level icon
    speaker photo
    CEO, The Privacy Professor, President, SIMBUS, LLC
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    1:15 pm
    Panel: Cyber Extortion as a Service? (Ransomware and Beyond)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Remember when ransomware just seized up your computer and wanted you to send Bitcoin to unlock it? With the advances in cybercrime, the thieves are not only locking and encrypting your files, but they are also finding your dirty little secrets. You may not pay for the run of the mill files you have backed up, but you might be more inclined to pay even more to make sure no one finds out about you and a certain someone in accounting you are messaging. Or, what about all the credit card numbers you aren’t storing correctly? It would be a shame if your boss knew you were sending out resumes… Will these attacks also be available for purchase on the dark web?Join the discussion with our experts and come up with a plan to mitigate this problem.
    Panelists:
    Scott Giordano, Spirion
    Tom Moore, Cisco
    Tom Kulik, Scheef & Stone LLP
    Jon Allen, Catalyst Corp
    Gabe Deale, Cylance
    Moderator: John Sapp

     

    1:15 pm
    Panel: Phishing and other Social Engineering Scams
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Windhaven

    Phishing continues to be the #1 attack vector for the bad guys. Why? Simply put: it works. These attacks keep getting more realistic and sophisticated. In the future we should expect nothing less. Criminals will do more homework on their potential victims and possible pose as business leads or clients to gain our trust. What sales person doesn’t want email from a potential client who wants a new solution? Or they may just lay in wait until they’ve collected enough information to strike. Will they actually come to your business and drop thumb drives like pen testers do? Use drones to do their dirty work? Our experts will discuss the current state of affairs and brainstorm possible new scenarios.
    Panelists:
    Jason Robohm, Thales
    Caspian Kilkelly, Rapid7
    Luis Rodriguez, Mimecast
    Brent Chapman, RoundPoint Mortgage
    Duaine Styles, Torchmarkcorp
    Moderator: Chris Mears

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Cyber Resiliency Evolution
    • session level icon
    speaker photo
    Principal Engineer, Cybersecurity Engineering, Lockheed Martin Aeronautics Company
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Sunnyslope
    Cyber Resiliency is the hot new topic for Department of Defense information systems. This presentation traces the evolution from a focus on Confidentiality, Integrity, and Availability toward development and sustainment of systems that can maintain mission execution in a cyber contested environment and provides recommendations for determining when resiliency is needed as well as tips and techniques for designing and developing resilient systems.

     

    3:00 pm
    California Knows How to Privacy
    • session level icon
    speaker photo
    Attorney, Law Office of Katherine Britton
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Windhaven
    The State of California has passed the California Consumer Privacy Act of 2018, a digital privacy law that goes into effect in January 2020 that will give consumers more control over and insight into how their personal information is used online. California has long lead the nation in privacy protections for its citizens and for The new law is one of the most significant regulations overseeing the data-collection practices of technology companies in the United States. This program will cover what the law provides, prohibited conduct, how the law is enforced and what you and your business can do to comply.

    As it is written now, the California Consumer Privacy Act of 2018 gives consumers the right to know what information companies are collecting about them, why they are collecting that data and with whom they are sharing it.

    It gives consumers the right to tell companies to delete their information as well as to not sell or share their data and requires businesses to give consumers who opt out the same quality of service as those who do not.

    The Act makes it more difficult to share or sell data on children younger than 16.

    To comply with the Act, covered businesses will need to implement data management practices that increase consumers’ transparency and choice, including practices to track personal information collected about consumers and inform consumers of the categories of personal information collected as well as the business and commercial purposes for collection of each category of personal information. In addition, to comply with the Act, a business must provide access to and portability of consumer information and delete consumer personal information upon request.

    The Act has teeth that makes it easier for consumers to sue companies after a data breach and it gives the California Attorney General more authority to fine companies that do not adhere to the Act’s requirements.

Exhibitors
  • NETSCOUT Arbor
    Booth: 220

    For 15 years, the world’s leading network operators across ISP, cloud and enterprise markets have relied on NETSCOUT Arbor for traffic visibility, advanced threat detection and DDoS mitigation. Through a combination of market-leading technology, elite security research, intuitive workflows and powerful data visualizations, NETSCOUT Arbor allows you to efficiently connect the dots to understand attack activity and to take action with confidence. See the threat, understand the risk and protect your business with NETSCOUT Arbor.

  • BackBox
    Booth: 500

    BackBox is the leading provider of Intelligent Automation for all Network and Security devices. BackBox provides the ability to schedule automated backup and storing of device configurations, single-click recovery, real-time inventory management, custom task automation, and pre-emptive health checks for all your critical devices on the network.

  • Cisco
    Booth: 540

    Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.

  • CloverIT
    Booth: 820

    Founded in July 2011, Clover IT is known as an innovative company from the Information Security market. We offer differentiated tech solutions and seek to offer our clients cutting-edge technology capable of resolving the most complex security, compliance and regulatory problems. We’re specialized in addressing our customers challenges for IAM, PAM, managing unstructured data and more. We also offer customized services for solution deployment, regulatory support, and privilege clean up.

  • Comodo Cybersecurity
    Booth: 850

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • Critical Start
    Booth: 160

    Critical Start is a cybersecurity company with a holistic, customer-focused approach. We work with our customers to understand the impact of IT on their business and determine the associated risks. Using this risk profile, we can offer big-picture guidance on the strategies and controls that will enable them to effectively manage risk and improve security. Critical Start is 100% employee owned by a team of experts who are passionate about security, quality and service. For more information on what sets us apart, visit criticalstart.com.

  • Cyberbit
    Booth: 200

    Cyberbit provides a consolidated detection and response platform that protects an organization’s entire attack surface across IT, OT and IoT networks. Cyberbit products have been forged in the toughest environments on the globe and include: behavioral threat detection, incident response automation and orchestration, ICS/SCADA security, and the world’s leading cyber range. Since founded in mid-2015 Cyberbit’s products were rapidly adopted by enterprises, governments, academic institutions and MSSPs around the world. Cyberbit is a subsidiary of Elbit Systems (NASDAQ: ESLT) and has offices in Israel, the US, Europe, and Asia.

  • Cylance
    Booth: 530

    Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.

  • EC-Council
    Booth: 600

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • HOPZERO
    Booth: 810B

    Firewalls control access, HOPZERO controls distance. Learn how newly patented technology automates setting of “packet toll value” controlling distance data may travel across networks. We keep sensitive database information inside the data center so hackers can’t get a login prompt – even when firewalls fail.

  • Illusive Networks
    Booth: 810

    Illusive Networks is a pioneer of deception technology, empowering security teams to take informed action against advanced, targeted cyberattacks by detecting and disrupting lateral movement toward critical business assets early in the attack life cycle. Agentless and driven by intelligent automation, Illusive technology enables organizations to significantly increase proactive defense ability while adding almost no operational overhead. Illusive’s Deceptions Everywhere® approach was conceived by cybersecurity experts with over 50 years of combined experience in cyber warfare and cyber intelligence. With the ability to proactively intervene in the attack process, technology-dependent organizations can preempt significant operational disruption and business losses, and function with greater confidence in today’s complex, hyper-connected world.

  • Infoblox, Inc
    Booth: 190

    For 17 years, we’ve been the market leader for core network services, including DNS, DHCP, and IP address management, a category known as DDI.

  • InfraGard North Texas
    Booth: 550

    The primary purpose of the InfraGard North Texas Members Alliance is to assist in increasing the security of the United States national infrastructures through ongoing exchanges of information relevant to infrastructure protection and through education, outreach, and similar efforts. In addition to the benefits offered by the national InfraGard organization, there are several ways our local chapter accomplishes these objectives, including:

    • Local quarterly membership meetings focused on infrastructure protection
    • Sector-specific meetings and information exchanges
    • Partnerships and discounts to training offerings with other organizations such as ISSA and SecureWorld
    • Networking opportunities with peers within and across all sectors
  • (ISC)2 Dallas-Fort Worth
    Booth: 350

    The Dallas-Fort Worth Chapter of (ISC)2 is based in the DFW area and serves the counties of the Dallas-Fort Worth Metroplex. Members include those with security certifications from (ISC)2 as well as other professionals practicing or interested in information, software and communications security. Our mission is to advance information security in the DFW area by providing our members and other security professionals with the opportunity to share knowledge, grow professionally, educate others, and collaborate on projects. Our chapter programs provide members a forum to facilitate the exchange of knowledge and ideas, development of leadership and professional skills, and advancement of information systems security. We also provide our members with access to a variety of industry resources and educational programs to keep them up to date with the latest advances in technology as well as information assurance.

  • ISSA: North Texas
    Booth: 710

    The Dallas/Fort Worth area has many large corporations, government organizations, and educational institutions. Our membership comes from the network and information systems professionals of these organizations and institutions, as well as vendors of security products. We seek to provide our members with access to information and resources to assist their employers in securing critical information resources. Our monthly luncheon meetings, conferences, and other resources are available to members and non-members alike to assist in educating security practitioners of all types.

  • Ixia, a Keysight Business
    Booth: 420

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Mimecast
    Booth: 510

    Mimecast Is Making Email Safer For Business.
    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service.
    Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • Pluribus Networks
    Booth: 830

    Pluribus Networks delivers a programmable software-defined security fabric with a distributed architecture to integrate and orchestrate multiple security functionalities for internal security protections. The Fabric enables establishing a transparent and secure control layer to segment and control all traffic across the enterprise independent of the underlying physical network infrastructure. The Fabric enables network virtualization and segmentation with adaptive security policies, enables security service insertion and provides real-time visibility to identify emerging threats and speed cyber incident response.

  • Radware
    Booth: 300

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • Rapid7
    Booth: 320

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • RedSeal
    Booth: 310

    At RedSeal, our vision is to become the essential analytics and decision-making platform for building digitally resilient organizations people can trust. We do this by becoming the measure by which every organization can quantify its digital resilience. As thought leaders on resilience, we envision every organization starting the security discussion with the question “What’s our Digital Resilience Score?” Founded in 2004, RedSeal is headquartered in Sunnyvale, California.

  • SailPoint
    Booth: 120

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • SecPod
    Booth: 100

    SecPod is an endpoint security and systems management technology company. SecPod (Security Podium, incarnated as SecPod) was founded in the year 2008 with the goal to create a technology company that creates a platform for managing and securing every connected endpoint system.’

  • SentinelOne
    Booth: 630

    SentinelOne is the future of Endpoint Protection. It unifies prevention, detection and response in a single platform driven by sophisticated machine learning and intelligent automation. With SentinelOne, organizations can detect malicious behavior across multiple vectors, rapidly eliminate threats with fully-automated, integrated response capabilities, and adapt their defenses against the most advanced cyber attacks.

  • SparkCognition
    Booth: 700

    SparkCognition is a global leader in cognitive computing analytics. A highly awarded company recognized for cutting-edge technology, SparkCognition is successfully deploying a cognitive, data-driven analytics platform for clouds, devices, and the Internet of Things industrial and security markets by applying patented algorithms that deliver out-of-band, symptom-sensitive analytics, insights, and security. For more information on the company, its technology and team, please visit http://www.sparkcognition.com.

  • Spirion
    Booth: 640

    Spirion is a leading enterprise data management software solution that provides high-precision searches and automated classification of unstructured and structured data with unparalleled accuracy.  Spirion helps businesses reduce their sensitive data footprint and proactively minimize risks, costs and reputational damage of cyberattacks by discovering, classifying, monitoring and protecting sensitive data.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Thales e-Security
    Booth: 340

    Thales e-Security is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales e-Security is part of Thales Group.

  • Tools4ever
    Booth: 140

    Tools4ever is one of the largest vendors in Identity Governance & Administration (also known as Identity & Access Management) with more than 5 million managed user accounts.

    Since 1999 Tools4ever has developed and delivered several software solutions and consultancy services such as User Provisioning, Downstream Provisioning, Workflow Management, Employee Self-Service and Access Governance (RBAC). In the area of Password Management, Tools4ever offers Single Sign-On and Self-Service Password Reset among others.

    Tools4ever’s Identity Governance & Administration (IGA) solutions are installed in organizations from various sectors ranging in size from 300 to over 200,000 user accounts.

  • Varonis
    Booth: 820

    Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • WhiteHat Security
    Booth: 180

    Digital life consists of digital experiences, and applications drive these digital experiences. The only way enterprises can truly provide safe digital experiences to their customers, partners, employees and entire ecosystem, is by securing the applications at the heart of their business.

    WhiteHat exists to make this possible. The WhiteHat Application Security Platform enables enterprises to secure their digital businesses. From application creation through production, and from the desktop to mobile devices, we secure the apps that people rely on in their personal and professional lives.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Shawn E. Tuma
    Co-Chair, Cybersecurity & Data Privacy Practice Group, Spencer Fane LLP

    Shawn Tuma (@shawnetuma) is an attorney internationally recognized in cybersecurity, computer fraud and data privacy law, areas in which he has practiced for nearly two decades. He is Co-Chair of Spencer Fane’s Data Privacy & Cybersecurity Practice Group where he regularly serves as cybersecurity and privacy counsel advising a wide variety of businesses ranging from small and mid-sized companies to Fortune 100 enterprises.
    Shawn serves the Bar and Profession in many capacities and has been selected for several professional honors:
    • Practitioner Editor, Bloomberg Law’s Texas Privacy & Data Security Law
    • Board of Advisors, University of North Texas Cyber Forensics Lab
    • Board of Directors & General Counsel, Cyber Future Foundation
    • Policy Council, National Technology Security Coalition
    • Cybersecurity Task Force, Intelligent Transportation Society of America
    • Secretary, Computer and Technology Section, State Bar of Texas
    • National Law Journal honored as a Cyber Security Trailblazers (2016)
    • D Magazine Best Lawyers in Dallas 2014 - 2016 (Digital Information Law)
    • SuperLawyers Top 100 Lawyers in DFW (2016)
    • SuperLawyers 2015 - 2016 (Intellectual Property Litigation)
    • Board of Directors, Collin County Bench Bar Conference
    • Past Chair, Collin County Bar Association Civil Litigation & Appellate Section
    • College of the State Bar of Texas
    • Privacy and Data Security Committee of the State Bar of Texas
    • Litigation, Intellectual Property, and Business Sections, State Bar of Texas
    • North Texas Crime Commission, Cybercrime Committee
    • Information Systems Security Association (ISSA)
    • International Association of Privacy Professionals (IAPP)
    • Texas Association of Bank Counsel (TABC)
    • Editor, Cybersecurity Business Law Blog
    • Contributor, SecureWorld
    Shawn is an accomplished author with several published works on various legal-technology topics. He is a frequent speaker on business cyber risk issues such as cybersecurity, computer fraud, data privacy, and social media law. You can reach Shawn by telephone at 972.324.0317, or email him at stuma@spencerfane.com.
    A list of Shawn’s recent presentations and publications is available here: https://shawnetuma.com/about-the-author/presentations-publications/

  • speaker photo
    Tam Nguyen
    Cyber Threat Researcher, Federal Reserve Bank of Cleveland

    Tam Nguyen is an IEEE peer-reviewed cybersecurity researcher whose recent works include a long-term cyber threat evaluation/prediction strategy for the Federal Reserve Bank of Cleveland, and an accepted research paper on Software Defined Network's security to be presented in Paris, France. Tam will graduate with a Master of Computer Science in Security from the North Carolina State University in December 2018.

  • speaker photo
    Scott Giordano
    VP, Data Protection, Spirion

    Scott M. Giordano is an attorney with more than 20 years of legal, technology, and risk management consulting experience. An IAPP Fellow of Information Privacy and a Certified Information Security Systems Professional (CISSP), Scott serves as Spirion’s subject matter expert on multinational data protection and its intersection with technology, export compliance, internal investigations, information governance, and risk management. Prior to joining Spirion, he served as Director, Data Protection for Robert Half Legal and established the global privacy program for Esterline Technologies Corporation in Bellevue, WA.

  • speaker photo
    Mark Langford
    Principal Consultant, Aberfoyle Associates

    Mark Langford is the Principal Consultant of Aberfoyle Associates and advises companies on how to develop their cyber defense strategies. Mark has lived and worked in 4 countries, obtained his Bachelor's degree from Clemson University and his Master's degree in Telecommunications Management from Oklahoma State University.

  • speaker photo
    Christopher Pierson
    Founder & CEO, Binary Sun Cyber Risk Advisors

    Dr. Chris Pierson is the Founder & CEO of Binary Sun Cyber Risk Advisors - providing strategic & operational advice on the intersection of cybersecurity, business, risk and law for companies and boards. He is a globally recognized cybersecurity expert and entrepreneur who holds several cybersecurity, anti-fraud, and technology patents. Dr. Pierson serves on the Department of Homeland Security’s Data Privacy & Integrity Advisory Committee and Cybersecurity Subcommittee and is a Distinguished Fellow of the Ponemon Institute. Previously, Chris was a founding executive of Viewpost, a FinTech payments company, serving as their CSO and General Counsel and was also the first Chief Privacy Officer, SVP for the Royal Bank of Scotland’s (RBS) U.S. banking operations leading its privacy and data protection program. Chris was also a corporate attorney for Lewis and Roca where he established its Cyber Security Practice representing companies on cybersecurity and data breaches. Chris is a graduate of Boston College (B.A., M.A.) and The University of Iowa (Ph.D., J.D.), is a sought after keynote speaker on cybersecurity and privacy, board advisor for startups, and is frequently quoted by the media on these topics.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Michael Smith
    Sr. Information Systems Auditor, Parkland HealthParkland Health & Hospital System

    Michael R. Smith, MBA, CISSP, CFE, CISA, CIA, PMP, ITIL, is a Healthcare Information Technology Professional with over thirty years of IT experience. Michael is a Sr. I.S. Auditor at Parkland in Dallas Texas specializing in performing information security assessments and audits focused around IT governance and regulatory compliance.

  • speaker photo
    Ron Winward
    Security Evangelist, Radware

    Ron Winward is a Security Evangelist for Radware, where he helps execute the company’s thought leadership on today’s security threat landscape. Ron brings nearly 20 years of experience in the Internet service provider space, most recently as Director of Network Engineering for a global infrastructure and colocation provider. With an expertise in network architectures and DDoS mitigation, Ron has helped design solutions for carriers, enterprises, and cybersecurity service providers around the world.

  • speaker photo
    Pedro Serrano
    Security Architect, Cimarex Energy Co.

    Pedro Serrano has over 35 years of experience managing and installing cyber security controls in networks around the world, 20 of those in military systems while serving in the United States Air Force. He is the Security Architect for Cimarex Energy Company, an Oil and Gas exploration company and Professor at his local University and Technical Institute teaching infrastructure systems, security controls, networking, and security awareness. Pedro has two postgraduates degrees one in Telecommunications Management from Oklahoma State University and the other in Computer Science from Tulsa University. Pedro serves as the President of the Information System Security Association (ISSA) chapter in Tulsa, Oklahoma.

  • speaker photo
    Bruce Sussman
    Emmy-Winning Journalist, SecureWorld

    Bruce Sussman is a life-long storyteller who spent 20 years on TV screens in Portland, Oregon, as a journalist and meteorologist, winning two regional Emmy awards for “Best Weather Anchor.” He still pops up on KATU News occasionally, but he’s more likely to be spotted now on a security podcast, moderating a panel discussion at a SecureWorld InfoSec conference, or leading a session on more powerful communication in a corporate environment. After a brief stint at Gartner working with CISOs, Sussman now leads cybersecurity writing and content for SecureWorld’s media division.

  • speaker photo
    Stacy Scott
    Managing Director, Cyber Risk, Kroll

    Stacy Scott is a Managing Director in Kroll’s Cyber Risk practice, based in Dallas. In addition to founding and operating her own consultancy, Stacy has served in high-profile roles with a leading cyber security consulting firm, a Big Four accounting firm, and the largest not-for-profit healthcare system in Texas. She joined Kroll with over 16 years of experience, during which she built a successful track record of developing and implementing strategic information security initiatives that help organizations better safeguard data, manage risk, and enhance business operations.

  • speaker photo
    Chuck Easttom
    Computer Scientist Consultant

    Dr. Easttom is the author of 26 computer science books and over 40 research papers, as well as an inventor with 14 patents. He is a frequent speaker at computer science and security conferences, and is a Distinguished Speaker of the ACM (Association of Computing Machinery). He holds a Doctor of Science in cybersecurity and three masters degrees

  • speaker photo
    Hema Lakkaraju
    IT Risk and Compliance Lead, PerkinElmer, Inc.

    Hema Lakkaraju is the IT Risk and Compliance Lead for Global IT and Software GRC at PerkinElmer. She has been working in the healthcare industry for 10 years in software and IT compliance.

  • speaker photo
    Robin Austin
    CTO, Welsh Harris Capital

    CSO Colliers Group former CTO of Welsh Harris Capital / President of Cyber Defense Resources
    Through consolidating operational services for efficiency and providing game changing solutions, Robin Austin has reduced Operational and Capital Expenses for many. Robin’s 30+ years in technology and extensive knowledge of cyber security, infrastructure, mobility, and emerging technological advancements has made her the “go to” knowledgeable person for the best solutions for cyber security.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Happy Hour
  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Bill White
    Information Security Architecture, State Farm

    Bill White is an Information Technology professional with 30 years' experience in IT Security, Fraud investigation, Information Security, and Risk Assessment processes. CISSP, CRISC, CISA.

  • speaker photo
    Levone Campbell
    Cyber Team Lead / Incident Coordinator, Aramco Services

    Levone Campbell is the Cyber Security Lead / Incident Coordinator for his organization. Levone holds two Bachelor degrees in Management and Marketing from North Carolina A&T State University, a Masters in Business Administration from Walden University, and a Masters in Technology Management from Georgetown University. He also holds numerous certifications.

  • speaker photo
    George Finney
    Chief Security Officer, Southern Methodist University

    George Finney is the Chief Security Officer for Southern Methodist University and the author of “No More Magic Wands: Transformative Cybersecurity Change for Everyone.” He previously worked with several startups and global telecommunications firms designing networks, writing policy, hardening servers, and educating users. George is a member of the Texas CISO Council, an Advisory Council member for SecureWorld, and a board member of the Palo Alto Networks FUEL User Group.

  • speaker photo
    Steven Shalita
    Vice President, Marketing and Business Development, Pluribus Networks

    Steven Shalita has 20+ years of technology experience across the Enterprise, Cloud and Service Provider technology segments. He has market and technology expertise spanning across Cybersecurity, network security, forensics, SDN/NFV, and IT infrastructure. He has spent a considerable amount of time in the performance monitoring marker and was a key evangelist for adapting network monitoring technology for security use cases to identify zero-attacks. Steven is currently Vice President at Pluribus Networks and is a frequent featured speaker at leading industry events. He has held senior technology marketing leadership positions at NetScout, Check Point Software Technologies, Alcatel-Lucent, Cisco, and HP Networking.

  • speaker photo
    Peter Chestna
    Contributing Editor, DevOps.com

    Pete Chestna has more than 25 years of experience developing software and leading development teams, and has been granted three patents. Pete has been developing web applications since 1996, including one of the first applications to be delivered through a web interface. He led his company from Waterfall to Agile and finally to DevOps, in addition to taking the company from a monolithic architecture to one based on microservices.

    Since 2006, Pete has been a leader in the Application Security (AppSec) space and has consulted with some of the world’s largest companies on their AppSec programs. In addition to his role as a contributing editor at DevOps.com and SecurityBoulevard.com, he now shares his experience by speaking internationally at both security and developer conferences on the topics of AppSec, Agile, and DevSecOps. Buy him a whisk(e)y and he’ll tell you all about it.

  • speaker photo
    John Macintosh
    Sr. Systems Engineer, Comodo Cybersecurity

    John is a Senior Systems Engineer with over 10 years of experience in the security field. He’s previously worked with other cybersecurity firms such as Centrify, bringing trust to devices, users, and applications, and Barracuda Networks, where he worked on a wide range of perimeter defense technologies.

  • speaker photo
    Brent Chapman
    Chief Information Officer / Chief Information Security Officer , RoundPoint Mortgage Servicing Corporation

    Brent Chapman is a successful technology executive with 17 years’ experience and currently serves as Chief Information Officer and Chief Information Security Officer of RoundPoint Mortgage Servicing Corporation. Mr. Chapman is the senior leader responsible for technology and information security, developing short and long term corporate strategic and operational plans with emphasis on the role that technology, information, and communication services support the plans and growth of the business. Mr. Chapman is a Six Sigma Black Belt, Certified ScrumMaster (CSM), has an MBA from Oakland University and a BA from Carthage College.

  • speaker photo
    Tom Moore
    Consulting Sales Engineer, Cloud Security, Cisco

    Tom has more than 20 years of experience in the information security industry. He has extensive experience in corporate security policy review and design, auditing, vulnerability testing and analysis, network security and application administration. He has held positions as a chief security officer for a worldwide leader in broadcast television and media, director of global security at a Fortune 500 company, and as a senior security strategy and risk management consultant for a major technology consulting company. For eight years, he led an independent security firm performing in-depth analysis of network infrastructures, program management, regulatory compliance strategy (PCI, GLBA, SOX) and mentoring. Certifications – CISSP, CISA, CIPP, CCNA

  • speaker photo
    Rebecca Herold
    CEO, The Privacy Professor, President, SIMBUS, LLC

    Rebecca is CEO of The Privacy Professor® consultancy and President of SIMBUS, LLC, an infosec, privacy, technology, and compliance management cloud service. Rebecca has over 25 years of experience, has authored 19 books and hundreds of book chapters and published articles, and serves as an expert witness for information security, privacy, and compliance issues. Rebecca appears regularly on the KCWI23 morning television show and is based in Des Moines, Iowa.

  • speaker photo
    Teresa Merklin
    Principal Engineer, Cybersecurity Engineering, Lockheed Martin Aeronautics Company

    Teresa Merklin is a Principal Information Assurance Engineer for Cybersecurity Engineering at Lockheed Martin Aeronautics, where she is responsible for technology identification and evaluation for aeronautics platforms. Teresa holds a BS in Electrical Engineering from Oklahoma State University, a Masters of Software Engineering from Texas Christian University, an MBA in Information Assurance from the University of Dallas. She is a CISSP and CSSLP.

  • speaker photo
    Katherine Britton
    Attorney, Law Office of Katherine Britton

    Katherine Elvira Britton is an attorney with a broad range of experience in regulatory compliance, corporate training and presentation and focuses her law practice on privacy and data security law, complex civil litigation, employment and human resources counseling, and consumer protection. Katherine advises clients and trains management and employees on compliance with federal and state privacy and data security laws, best practices, and self-regulatory programs, specifically focusing on issues involving emerging technologies. She evaluates clients’ compliance with federal, state, and self-regulatory requirements relating to the storage, transfer, sharing, and disposal of customer personal information. Katherine reviews, drafts, and negotiates vendor/supplier contracts, technology transactions, services and consulting agreements, and licensing agreements. Additionally, she drafts privacy policies, social media policies, and terms of use agreements for websites and applications tailored to clients’ business practices and implements changes to existing policies to address current and future data collection and use. Katherine earned her J.D. in 2007 from The John Marshall Law School, where she was an editor for The John Marshall Review of Intellectual Property Law, and her B.A. in 2004 from Tulane University. Katherine is a Certified Information Privacy Professional, Certified Privacy Manager, and is admitted to the bars in Illinois, the District of Columbia, and Texas.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store