Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, October 10, 2018
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    The University of Massachusetts has developed a 4.5 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor – Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    8:00 am
    SecureWorld PLUS Part 1 - GDPR Workshop: A Deep Dive into the Legal, Administrative, and Technological Requirements
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Managing Partner & Co-Founder, XPAN Law Group, LLC
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    These three SecureWorld Plus courses will provide an administrative, legal and technical overview of the European Union’s General Data Protection Regulation (“GDPR”). The GDPR, which took effect in May 2018, significantly changes the way in which entities collect, process,
    store, maintain, and alter personal information related to any natural person within the EuropeanUnion. These changes create increased liabilities on the part of any entity that is involved in the chain of custody of data and requires granular alterations to existing technological and network infrastructures.

    The goal of these SecureWorld Plus courses is to provide stakeholders with the opportunity to learn about the legal, technological, and business requirements of the GDPR.

    SecureWorld Part 1: 8:00 – 9:30 am (Day 1)
    The first course will provide an overview of the historical background on data privacy in Europe and the origins and evolution of the GDPR. This will include an examination of the the fundamental rights associated with data privacy and the extra-territorial application of the GDPR.
    Discussion will also include the role of Information Governance and Administration to create a holistic approach to GDPR compliance including understanding the role of all parties involved in any “data transaction.” Additionally, this first course will address the first steps any organization
    should undertake to achieve GDPR compliance: data discovery and assessment of current network infrastructure, including data classification, categorization, and inventory.

    SecureWorld Part 2: 3:00 – 4:30 pm (Day 1)
    The second course in the series will focus on the requirements of the GDPR as they relate to privacy-by-design. We will discuss how to architect a network infrastructure to comply with the legal requirements of the GDPR. This session will include discussion on data automation, data protection impact assessments, and the administrative and technological requirements related to data subject rights. The second course will also cover how to transfer data internationally (i.e. data transfer mechanisms) and key documentation required to demonstrate GDPR compliance.

    SecureWorld Part 3: 8:00 – 9:30 am (Day 2)
    The third course will integrate the concepts of security-by-design into the legal obligations of the GDPR, detailing the technological requirements that can be used to create an integrated approach to privacy and security. Discussion will include security incident event management
    under the GDPR, proactive security measures, and notification requirements. It will also coverkey tools and documentation that can be used to address security obligations, including data encryption, security and access controls, and data redundancy.

    8:30 am
    The Resource Dilemma: How Security Professionals Can Win The Funding Battle to Get The Resources They Need to Prepare An Adequate Cyber Defense
    • session level icon
    speaker photo
    Principal Consultant, Aberfoyle Associates
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    I believe most security professionals find themselves in the awkward position of having to create and implement the best cyber security defenses they possibly can despite insufficient funding and resources and the constant threat of attacks that will harm their business and possibly threaten their employment.
    This presentation is focused on helping these security professionals to prove in the business case for additional funding (for tools, consulting, training, 3rd party testing, and assessments) and resources (for staffing, floorspace, collaboration from other departments).

    8:30 am
    IoT Defense: A Holistic Approach
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Reviewing the current state of IoT devices, their cloud endpoints and the connection between them to understand the threat landscape and where our focus needs to be in the years ahead.

    8:30 am
    Machine Learning-Based Software Defined Networking Security - Current and Future Challenges
    • session level icon
    speaker photo
    Cyber Threat Researcher, Federal Reserve Bank
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Machine learning (ML) is gaining popularity in the network security domain as many more network-enabled devices get connected, as malicious activities become stealthier, and as new technologies like Software Defined Networking (SDN) emerge. From the application layer, ML-based security models can automatically defend a SDN network with speed and flexibility. However, nothing is perfect. Through the examination of ML/SDN specific vulnerabilities accompanied by a successful sample attack, there are several recommendations can be made for both solution designers and potential buyers on how to build or choose a future-proof ML-based SDN security solution.
    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE:
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm

    Advisory Council – VIP / INVITE ONLY

    11:15 am
    Securing the IoT Battleground
    • session level icon
    speaker photo
    CTO, Welsh Harris Capital
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    The Internet of Things (IoT) is morphing at an exceptional rate and adoption of IoT products is being slowed by the question: What about Security? Are we looking at a David facing Goliath scenario for our IoT future? Although we are still morphing, what are the possible viable security options being adopted for IoT?

    11:15 am
    Cyber Threats – Are You Mitigating Your Most Vulnerable Risk?
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    The human factor – what are you doing to mitigate your most vulnerable cyber security risk?

    11:15 am
    Radware: Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Security Evangelist, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Throughout 2017 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    11:15 am
    Crime in a Box – Revisited
    • session level icon
    How technology changed the landscape of cyber crime and predicting future attack vectors
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Twenty years ago I read an article titled “Crime in a Box.” It was a futuristic vision of how cyber crime could evolve to be the perfect crime. This session will compare and contrast the scenario described in that article to the data breach, spear-phishing, and ransomware attacks that have become our reality in the 21st century.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm

    Advisory Council – VIP / INVITE ONLY

    12:15 pm
    LUNCH KEYNOTE: Future of Cybersecurity: A Hydra of Risks and Opportunities
    • session level icon
    speaker photo
    Founder & CEO, Binary Sun Cyber Risk Advisors
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    This keynote will explore the present and emerging risks of cybersecurity to your organization. We will discuss the intersections of cyber with privacy, law, and business, and how to prepare for the future. Specifically, we will tackle the threat landscape, control methodologies, internal and external risks, and how to turn many of these into business opportunities.

     

    1:15 pm
    Panel: Hazards on the Horizon - Emerging Threats
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    Just as in the days of yore, you must have watch guards in the tower scanning the horizon for enemy banners. If you follow cyber threats, then you know that the landscape is constantly changing. From the bring your own device (BYOD) workplace to mobile-malware, social engineering, and everything in between, information security has transformed. In order stay ahead of the ever-changing threats, it is imperative to constantly improve and change security policies. Join industry experts as they discuss the importance of rolling with the changes, and how your company can stop the threat before it gets to the castle gate.

    1:15 pm
    Panel: Manage the Damage
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    Every week we learn about some business, government entity, bank, or healthcare entity in the news that has been hacked. Often times the intruders had been sitting collecting information for months before being discovered. Now more than ever it is crucial for organizations to develop, practice, and fine tune their incident response plans. When do you get law enforcement involved? What about the legal team or PR? Will your business recover? This panel discussion will tackle these issues as well as your questions on what you need to know after the hack.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Quantum Computing & Quantum Cryptography: The Current State of the Art
    • session level icon
    speaker photo
    Computer Scientist Consultant
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    This presentation will provide an overview of quantum computing and what that implies for cryptography. The current state of both quantum computing and post-quantum cryptography will be presented.

    3:00 pm
    Bio-Metric Cyber Exposure
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Imagine someone using your stolen fingerprints to access your bank accounts – or worse, your organization’s treasure trove of data? After all, recovering a stolen fingerprint is substantially tougher than a password. Through a series of live demonstrations, Mike will share how to calculate your personal and business Bio-metric risk and, more importantly, how to reduce it. Question to be asked is “What are my Bio-metric Cyber Exposures @home and @work?”

    3:00 pm
    Cyber Risk: It’s All About People
    • session level icon
    speaker photo
    Director, Global Data Risk, Duff & Phelps
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    In organizations, employees, customers and vendors expect to be able to interact dynamically with core systems. Therefore, the enterprise needs to be concerned about its entire ecosystem of partners and their associated cyber risks. In that regard, the cyber security supply chain and vendor risk is critical. One important aspect is not to overlook the human element in cybersecurity risk. Much cybersecurity vulnerability lies in a disconnect between studying only the technical issues, and ignoring human dimensions of the problem. In this talk, the speaker discusses a holistic approach to cybersecurity, examining both the technical and human elements of risk.
    3:00 pm
    Data Mapping
    • session level icon
    Understanding How Your Data Moves Within and Without Your Organization
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    One essential component of health IT interoperability and improved care is the exchange of information. Data mapping plays a key role in not only moving data but also in understanding where and how the data moves.

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    The University of Massachusetts has developed a 4.5 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor – Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    3:00 pm
    SeccureWorld PLUS Part 2 - GDPR Workshop: A Deep Dive into the Legal, Administrative, and Technological Requirements
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Managing Partner & Co-Founder, XPAN Law Group, LLC
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    These three SecureWorld Plus courses will provide an administrative, legal and technical overview of the European Union’s General Data Protection Regulation (“GDPR”). The GDPR, which took effect in May 2018, significantly changes the way in which entities collect, process,
    store, maintain, and alter personal information related to any natural person within the EuropeanUnion. These changes create increased liabilities on the part of any entity that is involved in the chain of custody of data and requires granular alterations to existing technological and network infrastructures.

    The goal of these SecureWorld Plus courses is to provide stakeholders with the opportunity to learn about the legal, technological, and business requirements of the GDPR.

    SecureWorld Part 2: 3:00 – 4:30 pm (Day 1)
    The second course in the series will focus on the requirements of the GDPR as they relate to privacy-by-design. We will discuss how to architect a network infrastructure to comply with the legal requirements of the GDPR. This session will include discussion on data automation, data
    protection impact assessments, and the administrative and technological requirements related to data subject rights. The second course will also cover how to transfer data internationally (i.e. data transfer mechanisms) and key documentation required to demonstrate GDPR compliance.

    3:45 pm
    Casino Happy Hour
    • session level icon
    Join us For the Casino After-Party: Networking, Games, Prizes, Drinks and Snacks
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 5:30 pm
    Location / Room: Exhibitor Floor

    Join your peers at 3:45 p.m. in the Exhibit Hall for beverages and snacks. Test your luck at Blackjack, Roulette and Craps. Hand the voucher you receive at registration to one of the participating exhibitors to get started with $1,000 and win big for your chance at some cool prizes!
    Casino tables sponsored by: Critical Start

  • Thursday, October 11, 2018
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    The University of Massachusetts has developed a 4.5 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor – Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    8:00 am
    SecureWorld PLUS Part 3 - GDPR Workshop: A Deep Dive into the Legal, Administrative, and Technological Requirements
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Managing Partner & Co-Founder, XPAN Law Group, LLC
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    These three SecureWorld Plus courses will provide an administrative, legal and technical overview of the European Union’s General Data Protection Regulation (“GDPR”). The GDPR, which took effect in May 2018, significantly changes the way in which entities collect, process,
    store, maintain, and alter personal information related to any natural person within the EuropeanUnion. These changes create increased liabilities on the part of any entity that is involved in the chain of custody of data and requires granular alterations to existing technological and network infrastructures.

    The third course will integrate the concepts of security-by-design into the legal obligations of the GDPR, detailing the technological requirements that can be used to create an integrated approach to privacy and security. Discussion will include security incident event management
    under the GDPR, proactive security measures, and notification requirements. It will also cover key tools and documentation that can be used to address security obligations, including data encryption, security and access controls, and data redundancy.

    8:30 am
    When the “IT” Hits the Fan, Stick to the Plan: Incident Response Plan Management
    • session level icon
    speaker photo
    Cyber Team Lead / Incident Coordinator, Aramco Services
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 pm

    Incident Response is a critical process for any organization. The effectiveness of the incident response plan can determine whether or not an organization can sustain and recover from a cyber attack. As with any process within the organization, the incident response plan needs continuous testing and review to ensure it remains effective for the organization.

    8:30 am
    10 Steps to Mastering Cybersecurity for Parents
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Kids do what their parents do. So, parents need to practice good cyber hygiene and then teach those habits to their kids. They also need to enforce healthy boundaries on Internet usage. We’ll explore specific risks to kids using the Internet along with specific things parents should be doing to minimize those risks. These lessons are drawn from my experience both at work and at home and are based on what we do with our family.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Leveraging SDN Technology to Improve Enterprise Security
    • session level icon
    speaker photo
    Vice President, Marketing and Business Development, Pluribus Networks
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    With increasing numbers of high profile breaches, focusing on securing the perimeter is no longer sufficient. New traffic types and the proliferation of diverse end-points along with increased mobility and wireless access fuels a dramatic increase in untrusted traffic entering the network. In addition, the growth of multi-cloud environments and cloud services requiring access to Enterprise resources pose additional challenges. As mixed-use networks continue to grow and Internet of Things (IoT) traffic is introduced to the network, security organizations need a more dynamic approach to secure the increases of unsecure and untrusted traffic.

    Imagine being able to build a simple, automated and secure network overlay that empowers the enterprise with cloud-scale, elasticity and adaptability and enables independence from network operations. This session will discuss the evolution of SDN technologies and explore how to leverage a dynamic SDN architecture to enable dynamic traffic segmentation, distributed policy enforcement, shared security services and increased operational intelligence to reduce risk, contain infiltrations and prevent attack proliferation.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm

    Advisory Council – VIP / INVITE ONLY

    11:15 am
    DevOps – Security’s Big Opportunity
    • session level icon
    speaker photo
    Contributing Editor, DevOps.com
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:15 pm
    DevOps culture creates an opportunity for us to improve application security. Since developers are the ones producing code, integrating components and creating the innovations that fuel our digital economy, they are also the ones who will determine whether or not security is part of development or not. Security professionals must therefore learn to how to talk to developers about how to create a security program that will accelerate development and not slow it down.
    11:15 am
    Forensic Analysis of a Ransomware Attack
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Given the number of institutions hit and the amount of media generated, ransomware is a huge threat. But what does ransomware actually do to a system? For this presentation, we’ll disable any anti-ransomware, anti-malware, and threat emulation so that we can see what an attack does when encrypting a system.

    11:15 am
    It's Time for IoT to Grow Up!
    • session level icon
    How to balance the scales between convenience and security with IoT devices.
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    IoT devices are hacked and added to malicious botnets every day. Since much of the IoT industry began with disconnected devices, IoT developers and owners were not aware of the care needed to prevent attacks. This presentation will address the challenges and architectures that balance the convenience and security of IoT.

    11:15 am
    All Risks Are Business Risks
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Defining accurate cybersecurity measurements has always been difficult. We need to alter the perception of cybersecurity from a primarily IT concern, to an everyday function of the business. This presentation will provide some ammunition to allow us to make that argument and move us beyond our current limitations.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm

    Advisory Council – VIP / INVITE ONLY

    12:15 pm
    LUNCH KEYNOTE: Prevent Nightmares in the IoT
    • session level icon
    speaker photo
    CEO, The Privacy Professor, President, SIMBUS, LLC
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    1:15 pm
    Security Vs Compliance
    • session level icon
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:15 pm
    1:15 pm
    Panel: Close the Front Gate: Identify all Travelers - Locking Down the Endpoints
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    One of the first lines of defense for a castle was the front gate or portcullis. When the need arose, they would simply close the gate and stop everyone from entering. Castle guards would stop each traveler and determine their identity and if they were a threat before letting them in. Sort of like today’s network access control and firewalls. Identity or the perception of one’s identity was all that mattered and a smart spy or thief would gain access to the castle with only minor delays. Our experts will discuss your options for defending your castle.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    GDPR: A Check-In on Readiness, Rollout, and Watch-outs
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    The EU General Data Protection Regulation (GDPR) becomes enforceable on May 25, 2018. While well-executed GDPR compliance can empower trust and transparency between individuals and organizations, the depth and complexity of implementation can place significant pressures on IT security. This presentation discusses GDPR readiness, rollout, and watch-outs.

    3:00 pm
    Lessons Learned From a Real Security Incident That You Need to Take Public
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    This presentation will cover lessons learned from an actual public security incident. We will discuss what worked and what didn’t, and what you need to be prepared if you have an incident.

    3:00 pm
    Rethinking Network Security With a Software-Defined Perimeter
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Traditional network security is failing us. This session introduces a new, open network security model, the Software-Defined Perimeter. This architecture, published by the Cloud Security Alliance, verifies and secures all user access to network resources, improving security and compliance for both on-premises and cloud environments.

Exhibitors
  • Bay Pay Forum
    Booth:

    The BayPay Forum, a Silicon Valley-based international network composed of over 14,000 payment and commerce executives, entrepreneurs and investors from thousands of different companies, serves as a forum to connect members in identifying and understanding the emerging trends and innovations in the industry.

  • CIOReview
    Booth:

    CIOReview is a technology magazine that talks about the enterprise solutions that can redefine the business goals of enterprises tomorrow. It is the leading source that shares innovative enterprise solutions developed by established solutions providers, upcoming hot enterprises and is a neutral source for technology decision makers. Published from Fremont, California, CIOReview is an excellent platform for the enterprise to showcase their innovative solutions.

  • Cloud Security Alliance (CSA)
    Booth:

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Critical Start
    Booth: TBD

    Critical Start is a cybersecurity company with a holistic, customer-focused approach. We work with our customers to understand the impact of IT on their business and determine the associated risks. Using this risk profile, we can offer big-picture guidance on the strategies and controls that will enable them to effectively manage risk and improve security. Critical Start is 100% employee owned by a team of experts who are passionate about security, quality and service. For more information on what sets us apart, visit criticalstart.com.

  • Cyberbit
    Booth: TBD

    Cyberbit provides a consolidated detection and response platform that protects an organization’s entire attack surface across IT, OT and IoT networks. Cyberbit products have been forged in the toughest environments on the globe and include: behavioral threat detection, incident response automation and orchestration, ICS/SCADA security, and the world’s leading cyber range. Since founded in mid-2015 Cyberbit’s products were rapidly adopted by enterprises, governments, academic institutions and MSSPs around the world. Cyberbit is a subsidiary of Elbit Systems (NASDAQ: ESLT) and has offices in Israel, the US, Europe, and Asia.

  • Cylance
    Booth: TBD

    Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Infoblox, Inc
    Booth: TBD

    For 17 years, we’ve been the market leader for core network services, including DNS, DHCP, and IP address management, a category known as DDI.

  • InfraGard
    Booth:

    InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of individuals, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.

    The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.

  • (ISC)2
    Booth:

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • ISSA: North Texas
    Booth:

    The Dallas/Fort Worth area has many large corporations, government organizations, and educational institutions. Our membership comes from the network and information systems professionals of these organizations and institutions, as well as vendors of security products. We seek to provide our members with access to information and resources to assist their employers in securing critical information resources. Our monthly luncheon meetings, conferences, and other resources are available to members and non-members alike to assist in educating security practitioners of all types.

  • Ixia, a Keysight Business
    Booth: TBD

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Pluribus Networks
    Booth: TBD

    Pluribus Networks delivers a programmable software-defined security fabric with a distributed architecture to integrate and orchestrate multiple security functionalities for internal security protections. The Fabric enables establishing a transparent and secure control layer to segment and control all traffic across the enterprise independent of the underlying physical network infrastructure. The Fabric enables network virtualization and segmentation with adaptive security policies, enables security service insertion and provides real-time visibility to identify emerging threats and speed cyber incident response.

  • Radware
    Booth: TBD

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • Rapid7
    Booth: TBD

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • RedSeal
    Booth: TBD

    At RedSeal, our vision is to become the essential analytics and decision-making platform for building digitally resilient organizations people can trust. We do this by becoming the measure by which every organization can quantify its digital resilience. As thought leaders on resilience, we envision every organization starting the security discussion with the question “What’s our Digital Resilience Score?” Founded in 2004, RedSeal is headquartered in Sunnyvale, California.

  • SailPoint
    Booth: TBD

    In 2005, Mark and Kevin set out to create a new type of company – one that promised to provide innovative solutions to business problems and an exciting, collaborative work environment for identity rock stars. Together, we’re redefining identity’s place in the security ecosystem.

    We love taking on new challenges that seem daunting to others. We hold ourselves to the highest standards, and deliver upon our promises to our customers. We bring out the best in each other, and we’re having a lot of fun along the way.

  • SecPod
    Booth: TBD

    SecPod is an endpoint security and systems management technology company. SecPod (Security Podium, incarnated as SecPod) was founded in the year 2008 with the goal to create a technology company that creates a platform for managing and securing every connected endpoint system.’

  • SentinelOne
    Booth: TBD

    SentinelOne is the future of Endpoint Protection. It unifies prevention, detection and response in a single platform driven by sophisticated machine learning and intelligent automation. With SentinelOne, organizations can detect malicious behavior across multiple vectors, rapidly eliminate threats with fully-automated, integrated response capabilities, and adapt their defenses against the most advanced cyber attacks.

  • SparkCognition
    Booth: TBD

    SparkCognition is a global leader in cognitive computing analytics. A highly awarded company recognized for cutting-edge technology, SparkCognition is successfully deploying a cognitive, data-driven analytics platform for clouds, devices, and the Internet of Things industrial and security markets by applying patented algorithms that deliver out-of-band, symptom-sensitive analytics, insights, and security. For more information on the company, its technology and team, please visit http://www.sparkcognition.com.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Thales e-Security
    Booth: TBD

    Thales e-Security is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales e-Security is part of Thales Group.

  • Tools4ever
    Booth: TBD

    Tools4ever is one of the largest vendors in Identity Governance & Administration (also known as Identity & Access Management) with more than 5 million managed user accounts.

    Since 1999 Tools4ever has developed and delivered several software solutions and consultancy services such as User Provisioning, Downstream Provisioning, Workflow Management, Employee Self-Service and Access Governance (RBAC). In the area of Password Management, Tools4ever offers Single Sign-On and Self-Service Password Reset among others.

    Tools4ever’s Identity Governance & Administration (IGA) solutions are installed in organizations from various sectors ranging in size from 300 to over 200,000 user accounts.

  • WhiteHat Security
    Booth: TBD

    Digital life consists of digital experiences, and applications drive these digital experiences. The only way enterprises can truly provide safe digital experiences to their customers, partners, employees and entire ecosystem, is by securing the applications at the heart of their business.

    WhiteHat exists to make this possible. The WhiteHat Application Security Platform enables enterprises to secure their digital businesses. From application creation through production, and from the desktop to mobile devices, we secure the apps that people rely on in their personal and professional lives.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    Jordan Fischer
    Managing Partner & Co-Founder, XPAN Law Group, LLC

    Jordan is a co-founder and managing partner of XPAN Law Group, LLC, a certified Women-Owned Enterprise law firm. She focuses her practice on international data privacy, cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations and the forthcoming GDPR. She has extensive experience in the intersection of law and technology. With a global perspective, Jordan works with clients to create cost-effective and business oriented approaches to cybersecurity and data privacy compliance. Jordan is also an adjunct law professor at the Thomas R. Kline School of Law, where she teaches a variety of legal courses.

  • speaker photo
    Mark Langford
    Principal Consultant, Aberfoyle Associates

    Mark Langford is the Principal Consultant of Aberfoyle Associates and advises companies on how to develop their cyber defense strategies. Mark has lived and worked in 4 countries, obtained his Bachelor's degree from Clemson University and his Master's degree in Telecommunications Management from Oklahoma State University.

  • speaker photo
    Tam Nguyen
    Cyber Threat Researcher, Federal Reserve Bank

    Tam Nguyen is an IEEE peer-reviewed cybersecurity researcher whose recent works include a long-term cyber threat evaluation/prediction strategy for the Federal Reserve Bank of Cleveland, and an accepted research paper on Software Defined Network's security to be presented in Paris, France. Mr. Nguyen will graduate with a Master of Computer Science in Security from the North Carolina State University this December.

  • speaker photo
    Robin Austin
    CTO, Welsh Harris Capital

    CSO Colliers Group former CTO of Welsh Harris Capital / President of Cyber Defense Resources
    Through consolidating operational services for efficiency and providing game changing solutions, Robin Austin has reduced Operational and Capital Expenses for many. Robin’s 30+ years in technology and extensive knowledge of cyber security, infrastructure, mobility, and emerging technological advancements has made her the “go to” knowledgeable person for the best solutions for cyber security.

  • speaker photo
    Ron Winward
    Security Evangelist, Radware

    Ron Winward is a Security Evangelist for Radware, where he helps execute the company’s thought leadership on today’s security threat landscape. Ron brings nearly 20 years of experience in the Internet service provider space, most recently as Director of Network Engineering for a global infrastructure and colocation provider. With an expertise in network architectures and DDoS mitigation, Ron has helped design solutions for carriers, enterprises, and cybersecurity service providers around the world.

  • speaker photo
    Christopher Pierson
    Founder & CEO, Binary Sun Cyber Risk Advisors

    Dr. Chris Pierson is the Founder & CEO of Binary Sun Cyber Risk Advisors - providing strategic & operational advice on the intersection of cybersecurity, business, risk and law for companies and boards. He is a globally recognized cybersecurity expert and entrepreneur who holds several cybersecurity, anti-fraud, and technology patents. Dr. Pierson serves on the Department of Homeland Security’s Data Privacy & Integrity Advisory Committee and Cybersecurity Subcommittee and is a Distinguished Fellow of the Ponemon Institute. Previously, Chris was a founding executive of Viewpost, a FinTech payments company, serving as their CSO and General Counsel and was also the first Chief Privacy Officer, SVP for the Royal Bank of Scotland’s (RBS) U.S. banking operations leading its privacy and data protection program. Chris was also a corporate attorney for Lewis and Roca where he established its Cyber Security Practice representing companies on cybersecurity and data breaches. Chris is a graduate of Boston College (B.A., M.A.) and The University of Iowa (Ph.D., J.D.), is a sought after keynote speaker on cybersecurity and privacy, board advisor for startups, and is frequently quoted by the media on these topics.

  • speaker photo
    Chuck Easttom
    Computer Scientist Consultant

    Mr. Easttom is the author of 25 books (10 with chapters on cryptography and 1 book on cryptography) and over 40 research papers (including several on cryptography), and an inventor with 13 patents. He is also a frequent speaker on computer security topics including cryptography.

  • speaker photo
    John Bass
    Director, Global Data Risk, Duff & Phelps

    John W. Bass is a director in the Global Data Risk Practice at Duff & Phelps. John is an acknowledged thought leader on risk management, the human dimensions of cyber risk, and insider threats. John was a Central Intelligence Agency (CIA) National Clandestine Service (NCS) operational executive with 27 years in national security and international affairs in Africa, the Middle East, Central Asia, Europe and Latin America. An alumnus of Mercer Benefits Consulting, John has an MBA from Johns Hopkins, focused on enterprise risk management. John earned an undergraduate degree in physics and mathematics from Bradley University. Full bio: https://www.duffandphelps.com/about-us/our-team/john-bass

  • speaker photo
    Larry Wilson
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    Jordan Fischer
    Managing Partner & Co-Founder, XPAN Law Group, LLC

    Jordan is a co-founder and managing partner of XPAN Law Group, LLC, a certified Women-Owned Enterprise law firm. She focuses her practice on international data privacy, cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations and the forthcoming GDPR. She has extensive experience in the intersection of law and technology. With a global perspective, Jordan works with clients to create cost-effective and business oriented approaches to cybersecurity and data privacy compliance. Jordan is also an adjunct law professor at the Thomas R. Kline School of Law, where she teaches a variety of legal courses.

  • speaker photo
    Larry Wilson
    CISO, UMass President’s Office, Security Magazine's "Most Influential People in Security" 2016

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    Jordan Fischer
    Managing Partner & Co-Founder, XPAN Law Group, LLC

    Jordan is a co-founder and managing partner of XPAN Law Group, LLC, a certified Women-Owned Enterprise law firm. She focuses her practice on international data privacy, cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations and the forthcoming GDPR. She has extensive experience in the intersection of law and technology. With a global perspective, Jordan works with clients to create cost-effective and business oriented approaches to cybersecurity and data privacy compliance. Jordan is also an adjunct law professor at the Thomas R. Kline School of Law, where she teaches a variety of legal courses.

  • speaker photo
    Levone Campbell
    Cyber Team Lead / Incident Coordinator, Aramco Services

    Levone Campbell is the Cyber Security Lead / Incident Coordinator for his organization. Levone holds two Bachelor degrees in Management and Marketing from North Carolina A&T State University, a Masters in Business Administration from Walden University, and a Masters in Technology Management from Georgetown University. He also holds numerous certifications.

  • speaker photo
    Steven Shalita
    Vice President, Marketing and Business Development, Pluribus Networks

    Steven Shalita has 20+ years of technology experience across the Enterprise, Cloud and Service Provider technology segments. He has market and technology expertise spanning across Cybersecurity, network security, forensics, SDN/NFV, and IT infrastructure. He has spent a considerable amount of time in the performance monitoring marker and was a key evangelist for adapting network monitoring technology for security use cases to identify zero-attacks. Steven is currently Vice President at Pluribus Networks and is a frequent featured speaker at leading industry events. He has held senior technology marketing leadership positions at NetScout, Check Point Software Technologies, Alcatel-Lucent, Cisco, and HP Networking.

  • speaker photo
    Peter Chestna
    Contributing Editor, DevOps.com

    Pete Chestna has more than 25 years of experience developing software and leading development teams, and has been granted three patents. Pete has been developing web applications since 1996, including one of the first applications to be delivered through a web interface. He led his company from Waterfall to Agile and finally to DevOps, in addition to taking the company from a monolithic architecture to one based on microservices.

    Since 2006, Pete has been a leader in the Application Security (AppSec) space and has consulted with some of the world’s largest companies on their AppSec programs. In addition to his role as a contributing editor at DevOps.com and SecurityBoulevard.com, he now shares his experience by speaking internationally at both security and developer conferences on the topics of AppSec, Agile, and DevSecOps. Buy him a whisk(e)y and he’ll tell you all about it.

  • speaker photo
    Rebecca Herold
    CEO, The Privacy Professor, President, SIMBUS, LLC

    Rebecca is CEO of The Privacy Professor® consultancy and President of SIMBUS, LLC, an infosec, privacy, technology, and compliance management cloud service. Rebecca has over 25 years of experience, has authored 19 books and hundreds of book chapters and published articles, and serves as an expert witness for information security, privacy, and compliance issues. Rebecca appears regularly on the KCWI23 morning television show and is based in Des Moines, Iowa.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Don't miss out!

Join us for high-quality, affordable cybersecurity training and networking. Sign up today!