Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, October 9, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Topic: How Mature is Your Cybersecurity Incident Response Plan?
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am

    This session is for Advisory Council members only.

    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 1 - Building an Incident Response Plan from Scratch: If It's Not Written Down, You Don't Have a Plan!
    • session level icon
    Earn 16 CPEs with this in-depth 3-part course
    speaker photo
    Attorney, The Cyber Security Law Firm of Texas
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    In today’s world not knowing how your company will respond when it has a breach is negligent. The last thing you want to do is be caught unprepared when the highly likely, but always untimely, event occurs. Businesses of all sizes need to have an incident response plan! Do you? Do you know where to start? If not, this session is for you. In Part 1 of our session will focus on building basic prevention and monitoring capabilities in order to detect incidents. In Part 2 we will focus on building the appropriate incident response plan for your company. Part 3 we will focus on putting the plan in action and building resiliency.
    8:30 am
    Let's Stop Admiring the Human Factor Problem in Cybersecurity
    • session level icon
    speaker photo
    Cybersecurity Policy Fellow, New America Think Tank, New America
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Ninety-five percent of all cyber-attacks are human enabled. Organizations continue to fail at addressing human factors in cybersecurity due to a lack of education and appreciation for human factors as a science. With the increasing spending on technology to safeguard organizations’ critical networks, systems, and data, cybercriminals are circumventing defense-in-depth architectures to target humans, the weakest link. An existing fallacy is that technology will prevent data breaches, ransomware attacks, or cyber-attacks. In fact, integrating new technology creates unintended consequences that increase vulnerabilities. These technologically-induced vulnerabilities are human-enabled highlighting a lack of appreciation for human factors in cybersecurity–let’s reduce human-enable errors
    8:30 am
    Fortifying Your Enterprise in a Changing Security and Privacy Landscape
    • session level icon
    speaker photo
    Technical Director, Online Trust Alliance, Internet Society
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Recent multi-million dollar sanctions for data breaches show that businesses cannot afford to be lax on privacy and security. However, the latest Internet Society studies have found that for many companies, these safeguards are severely lacking. What may start as a simple oversight can soon manifest into a potential security and financial nightmare for businesses. Embracing best practices when safeguarding user data is critical for companies to not only retain customers, but to protect themselves from the growing legal liability they could face.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    8:30 am
    Who is Responsible for Security in the Cloud?
    • session level icon
    speaker photo
    Cloud Security Engineer, Charles Schwab
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Examine some of the data exposure incidents over the past two years as a result of the misconfiguration of cloud resources, including recent data exposures. Will look at the specific nature of cloud misconfiguration issues, examine the areas of responsibility between cloud providers and their customers, and will offer a number of high-level suggestions on how to prevent or avoid such issues as organizations adopt cloud computing in their businesses.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    8:30 am
    Piloting Through Cybersecurity
    • session level icon
    speaker photo
    VP & Board Member, North Texas InfraGard
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Piloting through Security – Using pilot skills and techniques to secure your world against cyber threats.

    • Use Checklists – Develop both Emergency and Normal operations checklists and then use those to develop standard operating procedures.
    o Runbook development
    o Incident Management guide and artifact
    o Change Management guide and artifact
    • Fly the Plane! Secure the Environment! – During an incident don’t get distracted by finding the cause. Secure the environment first. Then when its safe do the research.
    • PAVE: A Personal Minimums Checklist for Risk Management
    o Personal – I ‘M SAFE (Illness, Medication, Stress, Alcohol, Fatigue, Emotion)
    o Aircraft (Infrastructure, apps, and tools)
    o Environment (Situational Awareness)
    o External Pressures (Customers, Executive Leadership, Board, regulators)
    • “Flying is hours and hours of boredom sprinkled with a few seconds of sheer terror” – Pappy Boyington
    o Don’t let repetition lull you into a sense of complacency with your security program.
    • Spatial Disorientation and trusting your instruments
    o Cross-check your tools to confirm what they are saying
    o Trust what your tools are telling you
    • Big Sky Theory – Two randomly flying bodies (little airplanes) are very unlikely to collide, as the three-dimensional space is so large relative to the bodies.
    • Situational Awareness “See and Be Seen”, “See and Avoid”
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibit Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    [OPENING KEYNOTE] Business Email Compromise: Real World Stories and Practical Defense
    • session level icon
    speaker photo
    Special Agent, United States Secret Service
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am

    The average loss from a bank robbery is about $3,000. The average loss from a successful Business Email Compromise (BEC) attack is nearly $130,000. That kind of math explains why BEC is rampant, and every type of organization is at risk. During this presentation, hear from the point person on BEC cases investigated by the U.S. Secret Service. He’ll share true crime examples of and practical steps for defense against BEC losses, which now stand at $13.5 billion in the last six years.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    10:15 am
    Mark Gelhardt Book Signing in the CyberLounge on the Exhibitor Floor
    • session level icon
    Quantities are limited and will be distributed on a first-come, first-served basis.
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 12:00 pm
    Location / Room: CyberLounge

    Mark Gelhardt will be signing copies of his book, “My Time at The Clinton White House.”
    Find him in the CyberLounge on the Exhibitor Floor at the following times:
    10:15 a.m. – 12:00 p.m.
    1:00-1:15 p.m.
    BOOK SYNOPSIS:
    Colonel Mark Gelhardt had an atypical military career that landed him in The White House next to the President of the United States, where he was responsible for the last link of communications between the President and the rest of the U.S. government. While a Lieutenant Colonel (LTC) in the Army, Mark was selected by top federal officials to be the Commander of the Data Systems Unit, as part of the White House Communications Agency. In this position, he supported the President as the Chief Information Officer (CIO) for all classified IT used by The White House. LTC Gelhardt served at the White House for over four years (1995-1999), working with President Clinton and his staff almost every day, both on the White House grounds and traveling worldwide. This gave him unfettered access to the inner workings of The White House and the Presidency. Since retiring from the Army in 2001, Mark has been asked by many people about his time at The White House. Mark has many stories about what happened behind closed doors, and proudly speaks about the outstanding support done by the fantastic military members that support the Commander-in-Chief. Mark has taken the time to chronicle his experiences about his day-to-day job at The White House, as well as some of the funny stories he picked up along the way. Please enjoy this non-political book with surprising behind-the-scenes stories. I hope they provide you with some insight to the wonderful military members that work so hard to keep you safe every day in support the of President and Commander-in-Chief.

    11:00 am
    Advisory Council LUNCH Roundtable (VIP / Invite Only)
    • session level icon
    Topic: Prioritization of the Top 20 Critical Security Controls
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 1:00 pm

    This session is for Advisory Council members only.

    11:15 am
    The Fluid Ecosystem of Risk Management
    • session level icon
    speaker photo
    VP, Enterprise Risk Management, American Heart Association
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Join us to continue to hone in the skill of reducing the fragmented efforts of digital, strategic, and operational risk management. Frameworks, methodologies, and controls are essential, but they are just not enough in a digital-native, disruptive-intensive society.
    Presentation Level:
    MANAGERIAL (security and business leaders)

    11:15 am
    Privacy Impact Assessments and Emerging Technologies
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Privacy laws and regulations continue to evolve rapidly in the U.S. at the federal and state levels. Combined with the European Union GDPR, these emerging standards underline the need for businesses to manage data as a regulated asset. The risks are heightened when developing or implementing emerging technologies, such as artificial intelligence, blockchain and biometric technologies. A key part of governance, both to reduce risk and to enable new innovations, is to perform impact assessments when implementing new technologies into the business, and as part of any new product development or innovation operations. This presentation will focus on privacy regulatory issues associated with emerging technologies, trends in structuring impact assessments, approaches to and objectives of PIAs, and ways in which to integrate PIA processes into the business.
    11:15 am
    Word on the Street Is: A Lil' Bit of Awareness Will Make It Secure
    • session level icon
    speaker photo
    Security Awareness & Communications Manager, Tenet Health
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Security awareness is often viewed as this intangible part of information security that is always “too” something—too costly, too much effort, too difficult to qualify. But word on the street is that a little bit of awareness is worth its weight in salt, so why are there so many varying perspectives on precisely “how” to implement a security awareness program? The answer is simple: If the streets are talking, shouldn’t someone be listening?
    12:15 pm
    [LUNCH KEYNOTE] How to Manage Your Own Career to Get to the Top
    • session level icon
    speaker photo
    Former CIO, The White House
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    Do you have a plan for your future? Why not? You are the leader of your own destiny! You need to look at where you are, where you want to go, and have a plan to get there. We will talk about how to develop a plan, what to think about, and how to put one foot in front of the other to get to your end goal. We will also talk about how to manage up to your boss to get what you need to help you in your own career. Col. Mark Gelhardt made it to The White House managing his own career, and stood next to the President of the United States. He will tell you how he did it; if he can do it, so can you!

     

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.

    1:15 pm
    Panel: You’ve Got Burned! Now What? (Incident Response)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    We’ve all heard the adage that it’s not if it happens but when you are inevitably breached… Do you have a plan? Even a framework to go off of? What do you include? Who do you include? How often should you be practicing this plan? Join our experts as they discuss incident response plans, who should be involved, best practices, and pitfalls.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    CISO Ventures Panel: Are Cybersecurity Startups Meeting Expectations of Buyers Taking a Risk on Them?
    • session level icon
    speaker photo
    Founder & Managing Director, Whiteboard Venture Partners
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    The number of cyber startups is growing exponentially, with 4300+ cybersecurity companies worldwide including several private “unicorns”. With so many startups engaged in helping organizations achieve cybersecurity outcomes, how do organizational decisionmakers think about the risks involved in working with them? A panel of CISOs will share their expectations of and experiences with cybersecurity startups, including how they use solutions from startups to meet existing and emerging cybersecurity challenges.

     

    3:00 pm
    [Panel] Knowledge Is Power: Women in Cybersecurity
    • session level icon
    speaker photo
    Vice President, Chief Security Officer, MedeAnalytics
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    It is often said that true knowledge must be gained through experience; either through one’s own life or through others. Join this opportunity to hear from women who bring perspectives from diverse industries (retail, financial, healthcare, utilities) as they share their different experiences as women living the information security career journey.

    3:00 pm
    InfraGard Chapter Meeting and Presentation - Open to all Attendees
    • session level icon
    Topic: When Does a Data Theft Incident Qualify as a Reportable Data Breach?
    speaker photo
    General Counsel, InfraGard North Texas
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Join InfraGard for their chapter meeting and guest presentation. This opportunity is open to all attendees.
    Presentation:
    Upon discovering that a data theft incident has occurred, a significant question arises: Is there an obligation to report the data theft incident, to victims and authorities, as a data breach? The “encryption exception” that is within the GDPR and many US laws indicates that if the data was encrypted when stolen, there has not been a breach and so reporting is not required. This presentation will provide an alternative view: for example, seven different ways that encrypted data may be compromised will be presented. Only by eliminating all seven as possibilities, should you rely on the “encryption exception.”
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    3:00 pm
    Securing the Public Cloud: Automation
    • session level icon
    speaker photo
    Architect, Information Security, State Farm
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    The largest cause of publicly disclosed security breaches in cloud environments continues to be poor security hygiene. Public cloud adoption is expanding at a mammoth pace. The absence of a physical network boundary to the internet, combined with the risk of accidental exposure by users with limited security expertise, increases the attack surface in the public cloud. Security governance is challenging in public cloud environments due to the lack of visibility and control over agile changes.

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:00 pm
    SecureWorld PLUS Part 2 - Building an Incident Response Plan from Scratch: If It's Not Written Down, You Don't Have a Plan!
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Attorney, The Cyber Security Law Firm of Texas
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    In today’s world not knowing how your company will respond when it has a breach is negligent. The last thing you want to do is be caught unprepared when the highly likely, but always untimely, event occurs. Businesses of all sizes need to have an incident response plan! Do you? Do you know where to start? If not, this session is for you. In Part 1 of our session will focus on building basic prevention and monitoring capabilities in order to detect incidents. In Part 2 we will focus on building the appropriate incident response plan for your company. Part 3 we will focus on putting the plan in action and building resiliency.
    3:45 pm
    Casino Happy Hour
    • session level icon
    Join us for the Casino After Party: Networking, Games, Prizes, Drinks, and Snacks
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 5:30 pm
    Location / Room: SecureWorld Exhibitor Floor

    Join your peers at 3:45 p.m. in the Exhibit Hall for beverages and snacks. Test your luck at Blackjack, Roulette, and Craps. Hand the voucher you receive at registration to one of the participating exhibitors to get started with $1,000 and win big for your chance at some cool prizes!

  • Thursday, October 10, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 3 - Building an Incident Response Plan from Scratch: If It's Not Written Down, You Don't Have a Plan!
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Attorney, The Cyber Security Law Firm of Texas
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    In today’s world not knowing how your company will respond when it has a breach is negligent. The last thing you want to do is be caught unprepared when the highly likely, but always untimely, event occurs. Businesses of all sizes need to have an incident response plan! Do you? Do you know where to start? If not, this session is for you. In Part 1 of our session will focus on building basic prevention and monitoring capabilities in order to detect incidents. In Part 2 we will focus on building the appropriate incident response plan for your company. Part 3 we will focus on putting the plan in action and building resiliency.
    8:30 am
    Banking Data Breach and Lessons Learned
    • session level icon
    speaker photo
    Former CIO & COO, Los Alamos National Bank
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Your financial institution has been hacked and is now on the evening news. Customers, board members, the press, and regulators are hounding you by the minute. How do you recover step-by-step as CIO/COO/CISO? This session covers data breach nightmares during pre-attack, attack-in-motion, and post-attack scenarios. What are the key steps in starting the recovery of business operations with everyone demanding quick action? Next in line is the enforcement actions from the regulator: what are the necessary turnaround actions and road-maps? Gain real-world insider views on turning around a horrible situation.
    Presentation Level: MANAGERIAL (security and business leaders)

    8:30 am
    Considering a Continuity Plan?
    • session level icon
    speaker photo
    Sr. Information Systems Auditor, Parkland Health & Hospital System
    speaker photo
    CISO, Texas Scottish Rite Hospital for Children
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Your organization is required to implement a continuity plan but they can be complex and time consuming. Perhaps you are wondering where to start, and your organization is pressing you to innovate and leverage efficiencies. Cyber attacks are inevitable and can cause serious harm to your organization’s availability. Join Michael Smith and James Carpenter as we walk through important planning steps for building and implementing your continuity plan.
    8:30 am
    Developing and Implementing an Effective Security Awareness Program
    • session level icon
    Lessons Learned from an Oil and Gas Exploration Company
    speaker photo
    CISO, Grand River Dam Authority
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Pedro will discuss his lessons learned in security awareness. He works in a very traditional Oil And Gas Exploration company, and from the production point of view, security awareness was the last thing anyone wanted to talk about. Pedro was able to change the culture, and ultimately behavior, by relating security awareness to their home use. He made it personal and relevant to the employee, that got attention. Once you have their attention, then you can start changing their behavior.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    [OPENING KEYNOTE] Everything You Wanted to Know About a Ransomware Attack, but Were Afraid to Ask
    • session level icon
    speaker photo
    CISO, Supreme Lending
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    This presentation will focus on lessons learned from a real ransomware attack and what to consider before, during, and after the attack. The audience take-away will include a thought-provoking list of resources and protection measures that will better prepare any organization.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: Privacy Versus Security (CCPA, GDPR, DevOpsSec)
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm

    This session is for Advisory Council members only.

    11:15 am
    The Legal Component of Incident Response
    • session level icon
    speaker photo
    Attorney, Spencer Fane LLP
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:15 pm
    Legal obligations attach when a data privacy or security incident occurs. An important component to responding to any data incident requires analysis of various international, state, and sectoral laws and regulations applicable to a given incident. This discussion will highlight the current and future legal climate of incident response.

     

    11:15 am
    Cyber Insurance: Safety Net or Scam?
    • session level icon
    speaker photo
    Principal Consultant, Aberfoyle Associates
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Cyber liability insurance was conceived to help organizations recover from the devastating effects of a cyber attack, but are they actually fulfilling that purpose? While cyber insurance underwriters are requiring policy seekers to fill out risk assessment surveys and have offered resources to clients to help mitigate cyber risk, the daunting burden of proof is still placed on the insured to prove lack of negligence. What has to happen for insurers and their clients to agree upon third party risk assessment tools to create a more equitable cost vs. coverage framework? How can businesses regain control of their risk valuations?
    11:15 am
    Strategically Reporting to the Board of Directors
    • session level icon
    speaker photo
    Cybersecurity Regulatory Testing Lead, USAA
    speaker photo
    Attorney, Technology and Transactions Counsel, USAA
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    This presentation will cover three major areas of concerns when developing reporting for the board of directions. The first is assurance testing and reporting of the results so that the board is confident that the program is operating as promised. The second is an overview of current laws in the financial sector and other industries, including some that require board-level reporting. Finally, we will discuss what goes into the board package and how it should be presented.
    Presentation Level: MANAGERIAL (security and business leaders)

     

    11:15 am
    Third-Party Cyber Risk: Creating and Managing a Program that Works
    • session level icon
    speaker photo
    CISO, G6 Hospitality, LLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Two-thirds of all major data breaches can be traced to an external third party of some kind. In addition, more and more regulations are focusing on third parties, as well. Business partners, suppliers, service providers, auditors, consultants, outside counsel firms, and more all add to a company’s cyber and compliance risk. Effectively assessing and managing these third-party risks is now more important than ever.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

     

    12:00 pm
    Advisory Council LUNCH Round Table - (VIP / Invite Only)
    • session level icon
    Topic: Zero Trust, What’s the Big Deal?
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm

    This session is for Advisory Council members only.

    12:15 pm
    [LUNCH KEYNOTE] Why Teams, Strategies, and Processes Are Essential for Managing Cyber Risk
    • session level icon
    speaker photo
    Co-Chair, Cybersecurity & Data Privacy Practice Group, Spencer Fane LLP
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    In twenty years of practicing cyber law, Shawn Tuma has seen a multitude of real-world cybersecurity and data breach cases. He will share his experience on:
    · Why cybersecurity is an overall business risk that must be properly managed to comply with laws and regulations
    · Why strategic leadership is critical in cybersecurity
    · Why teams are critical for cybersecurity and are affected by personalities and psychology
    · How to prioritize limited resources to effectively manage the most likely real-world risks
    · How to achieve reasonable cybersecurity
    · Why cyber insurance is a critical component of the cyber risk management process
    1:15 pm
    Panel: Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.

    1:15 pm
    Panel: The Battle for the Endpoint Continues (Endpoint Security)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    What are you doing to keep the network safe for your employees? You’ve got your fancy next-gen firewall and some A/V. Maybe even some biometrics or 2FA thrown in for safekeeping. We also keep hearing the IAM acronym thrown around. And what is Zero Trust? What are you missing? Oh, yeah… remote workers and IoT. Wouldn’t it be cool if you had someone to ask? Now you do. This panel will go through these questions and more. Join the group discussion as we address the challenges in endpoint and network security.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Third-Party Risk: Creating and Managing a Program that Works!
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Every organization is concerned with third-party risk. No one wants to be the next Target breach. This session will examine the components of third-party risk management and give you some leading practices on how to develop a workable and sustainable process.

     

    3:00 pm
    Truth Will Out: The True Threat Landscape
    • session level icon
    speaker photo
    CTO / CISO, Colliers Group
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    The technology IoT (Smart) revolution is moving at lightning speed in positive helpful ways freeing humans from burdensome everyday tasks. On the other hand, the threat landscape for these technological advances is far more sinister then most realize. It extends from Satellites in space into every personal and corporate network. It extends from any device manufactured, because although we may buy devices at places like AT&T and Verizon, the sensors, parts and semiconductors along with the firmware and Apps or software could be manufactured and/or assembled anywhere in the world. A well-known example of this occurred in August 2018 when cybersecurity researchers from Chinese firm Tencent’s Blade exploited various vulnerabilities they found in the Echo smart speaker, briefly turning it into an eavesdropping device.
    3:00 pm
    Time to Get Re-Married: Turns Out, Privacy and Cybersecurity Are Still in Love!
    • session level icon
    speaker photo
    Attorney, The Cyber Security Law Firm of Texas
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Cybersecurity and privacy have been divorced for some time now, with organizations splitting responsibilities: cyber/information security responsibilities lie with the technical teams, and privacy generally resides with the legal teams. Unfortunately, this split has been disastrous, mostly for the general public! In this session, we will discuss how forward thinking companies are re-marrying their cybersecurity and privacy programs to create a more holistic plan for data security and privacy—hopefully, to live happily ever after.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
Exhibitors
  • ACP
    Booth: 180

    ACP is the premier organization for business continuity professionals providing a powerful networking and learning environment for ACPits members. Known for its progressive programs, workshops and symposiums, the organization has become a unifying force in defining and leading the continuously evolving fields of business continuity, disaster recovery, and emergency response (the “profession”). The Organization is strategically aligned with business partners such as DRI International, and BC Management, as well as our corporate sponsors. With a strong presence in North America, ACP has 42 chapters and over 2,300 members. We welcome all individuals, regardless of experience or certification, with an interest in the Profession.

    Founded in 1983, we are an established community of industry experts, educators, practitioners, leaders, facilitators and advocates. Our members view us as connectors and as a vital networking source.

  • Agari
    Booth: 500

    Agari is transforming the legacy Secure Email Gateway with its next-generation Secure Email Cloud powered by predictive AI. Leveraging data science and real-time intelligence from trillions of emails, the Agari Identity Graph™ detects, defends and deters costly advanced email attacks including business email compromise, spear phishing and account takeover.

  • CISO Ventures
    Booth:

    Whiteboard Venture Partners is building this exclusive community to help cybersecurity startups engage/collaborate with security innovation stakeholders.

  • Cloud Security Alliance (CSA)
    Booth: 410

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Cobalt.io
    Booth: 800

    Cobalt’s Pentest as a Service (PtaaS) Platform transforms traditional pentesting into a data-driven vulnerability management engine. Fueled by a global talent pool of certified freelancers, our modern pentest platform delivers actionable results that empowers agile teams to pinpoint, track, and remediate vulnerabilities.

  • Comodo Cybersecurity
    Booth: 810

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • EC-Council
    Booth: 700

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • InfraGard North Texas
    Booth:

    The primary purpose of the InfraGard North Texas Members Alliance is to assist in increasing the security of the United States national infrastructures through ongoing exchanges of information relevant to infrastructure protection and through education, outreach, and similar efforts. In addition to the benefits offered by the national InfraGard organization, there are several ways our local chapter accomplishes these objectives, including:

    • Local quarterly membership meetings focused on infrastructure protection
    • Sector-specific meetings and information exchanges
    • Partnerships and discounts to training offerings with other organizations such as ISSA and SecureWorld
    • Networking opportunities with peers within and across all sectors
  • (ISC)2 Dallas-Fort Worth
    Booth: 140

    The Dallas-Fort Worth Chapter of (ISC)2 is based in the DFW area and serves the counties of the Dallas-Fort Worth Metroplex. Members include those with security certifications from (ISC)2 as well as other professionals practicing or interested in information, software and communications security. Our mission is to advance information security in the DFW area by providing our members and other security professionals with the opportunity to share knowledge, grow professionally, educate others, and collaborate on projects. Our chapter programs provide members a forum to facilitate the exchange of knowledge and ideas, development of leadership and professional skills, and advancement of information systems security. We also provide our members with access to a variety of industry resources and educational programs to keep them up to date with the latest advances in technology as well as information assurance.

  • ISSA: North Texas
    Booth: 600

    The Dallas/Fort Worth area has many large corporations, government organizations, and educational institutions. Our membership comes from the network and information systems professionals of these organizations and institutions, as well as vendors of security products. We seek to provide our members with access to information and resources to assist their employers in securing critical information resources. Our monthly luncheon meetings, conferences, and other resources are available to members and non-members alike to assist in educating security practitioners of all types.

  • ISSA Fort Worth
    Booth: 340

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. Learn more at the ISSA, International website. The Fort Worth Chapter of ISSA brings all of the benefits of International membership, along with opportunities for experiencing great speakers, local networking, earning CPEs, job prospecting and more.

  • Ixia, a Keysight Business
    Booth: 630

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Looking Glass
    Booth: 530

    LookingGlass Cyber Solutions delivers unified threat protection against sophisticated cyber attacks to global enterprises and government agencies. Our comprehensive portfolio prioritizes relevant and timely insights enabling customers to operationalize threat intelligence across the entire cyber attack lifecycle.

  • Mimecast
    Booth: 510

    Mimecast Is Making Email Safer For Business.

    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service. Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • RIMS
    Booth: 160

    The Dallas Fort Worth RIMS Chapter is among the largest most active chapters in the world, making a global and local difference regarding the importance of Risk Management.

  • Security Innovation
    Booth: 100

    For almost two decades, global clients have trusted Security Innovation to help them learn how to defend software applications and sensitive data from cyber-threats and attacks. We understand the challenges facing today’s enterprise, where reputation and customer trust is on the front lines. That’s why we continually work to discover and overcome the latest security threats with our Centers of Excellence, and integrate this knowledge into every training and assessment solution we deliver.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Mary Chaney
    Attorney, The Cyber Security Law Firm of Texas

    Mary N. Chaney, Esq., CISSP, has over 20 years of progressive experience within the fields of Law, Information Security, Privacy and Risk Management. She graduated from Xavier University in Cincinnati, Ohio with her B.S.B.A in Information Systems and received her J.D. degree from Thurgood Marshall School of Law.
    Ms. Chaney spent several years practicing law in Washington, DC focusing primarily on anti-trust and intellectual property rights infringement cases. She then transitioned to serve her country by becoming a Special Agent for the Federal Bureau of Investigation (FBI) where she investigated cybercrime and served as their Information Systems Security Officer.
    Ms. Chaney obtained her Certified Information Systems Security Professional (CISSP) certification in 2008. In her corporate career, she has held senior level information security roles with Comcast, Johnson & Johnson and GE Capital.
    Voluntarily, Ms. Chaney is the Chairman and CEO of Minorities in Cybersecurity, Inc. which focuses on leadership and career development for minorities and women. Ms. Chaney also holds advisory board roles for the Cyber Law Consortium, Post University and ChickTECH. In each of her volunteer endeavors Ms. Chaney strives to improve the cyber security and privacy community by ensuring both students and professionals have the resources they need to excel in their careers.
    Academically, Ms. Chaney is an adjunct professor with the University of Cincinnati where she teaches courses to assist with the development of the next generation of cybersecurity professionals.
    Professionally, Ms. Chaney owns her own cyber security law practice, The Law Offices of Mary N. Chaney, P.L.L.C., The Cyber Security Law Firm of Texas, where she specializes in helping, the Board of Directors, CIO, CISO and General Counsel of any company, understand each other and to legally protect the enterprise from cyber security risk.

  • speaker photo
    Calvin Nobles
    Cybersecurity Policy Fellow, New America Think Tank, New America

    Dr. Nobles is a Cybersecurity Scientist and practitioner with more than 25 years of experience. He teaches cybersecurity at several universities. He recently retired from the Navy and is currently employed in the Financial and Services Industry. Dr. Nobles is a Cybersecurity Policy Fellow with the New America Think Tank. He authored a book on the integration of technologically advanced aircraft in general aviation. His personal story is featured in the book, Black Men Changing the Narrative Through Education. Dr. Nobles serves as Chairman, of a Cybersecurity Technology Advisory Board and on the Intelligence and National Security Alliance Cyber Council. He has fulfilled various executive-level positions as a cybersecurity professional.

  • speaker photo
    Jeff Wilbur
    Technical Director, Online Trust Alliance, Internet Society

    Jeff Wilbur is the Technical Director of the Internet Society’s Online Trust Alliance. He is responsible for integrating, developing, and extending the OTA initiative within the Internet Society’s overall mission and objectives. He has over 25 years of experience in high technology, all focused on bringing new, industry-transforming communications technologies to market. He has been involved at the founding stages of Ethernet, routing, switching, VOIP, unified messaging, and email authentication and services in both startups and Fortune 500 companies. Jeff has a technical and business background with a Master’s Degree in Engineering from Stanford.

  • speaker photo
    Bill Meredith
    Cloud Security Engineer, Charles Schwab

    Bill Meredith has over 25 years of experience designing, implementing, and supporting IT solutions for large enterprises, of which 10 years have been in the cybersecurity area. He is a cybersecurity professional with experience across a diverse set of cyber domains and industries such as Cloud Security, Financial, Forensics Investigation, Technology, Industrial, Commercial Web, Consumer Retail, Product Distribution, Shipping Logistics, and Manufacturing. Bill has a Bachelor's degree in Accounting, a Bachelor's degree in Computer Information Systems, and a MBA from the University of Louisville. He currently holds the CISSP, CCSP, CCSK, and AWS Cloud Practitioner certifications.

  • speaker photo
    Patrick Benoit
    VP & Board Member, North Texas InfraGard

    Patrick is an Advisory CISO and formerly the Deputy CISO for Cheetah Digital. He is a security and privacy executive, writer, speaker, knowledge provider and seeker. He has been an Executive Business Partner at Experian; a Customer Delivery Executive and Service Delivery Leader at Dell; and owned a technology consulting company. He is certified as C/CISO, CISM, CISSP, CRISC, PMP, ITIL Expert, and Lean Six Sigma Black Belt. He is a pilot and flight instructor. He studies and teaches Aikido, rides motorcycles, and his favorite teaching is “From Chaos Comes Greatness,” a loose translation from the “I Ching."

  • speaker photo
    Christopher McMahon
    Special Agent, United States Secret Service

    Chris McMahon is a Special Agent for the United States Secret Service. Prior to joining the Secret Service, Chris was a Prince George’s County, MD Police Officer. Chris is a well-seasoned criminal investigator specializing in cyber-enabled financial fraud, money laundering, credit card/ID fraud among other crimes. Chris began his Secret Service career out of the New York Field Office spending time between the Fraud Squad and Electronic Crimes Task Force where he earned the designation NITRO Agent for specialized training in network intrusions. While in the New York Field Office, Chris ran point on several large-scale multi-national criminal investigations targeting transnational organized crime groups. Chris is currently assigned to the U.S. Secret Service, Global Investigative Operations Center (GIOC) where he specializes in Business Email Compromise schemes and account takeovers focusing on the international nexus of cyber-enabled financial crime.

  • speaker photo
    Book Signing
  • speaker photo
    Paola Saibene
    VP, Enterprise Risk Management, American Heart Association

    Paola Saibene is the VP of Enterprise Risk Management at American Heart Association. She has been a CIO, CTO, and CSO of large organizations, and has worked in private, non-profit, and government sectors.

  • speaker photo
    Dominick Frazier
    Security Awareness & Communications Manager, Tenet Health

    Dominick Frazier is a security professional with over 13 years of security experience with his current role being in Information Technology/Cyber-Security. In his current role he serves as the Security Awareness & Communication Manager responsible for the conversation around security between technical and non-technical teams, which extends to both employees and clients. Given his tenure in security, he has robust knowledge of the information technology and physical security sector including applicable regulations and frameworks.

  • speaker photo
    Mark Gelhardt
    Former CIO, The White House

    Colonel Mark Gelhardt is a retired Army combat veteran. While in the Army, Mark was selected to be the Chief Information Officer for The White House, supporting President Clinton with secure Automation and Telecommunication for over four and half years. Mark has over 40 years of experience in providing executive level management in Information Technology and Cybersecurity fields as a CTO, CSO, CIO, and CISO for several global companies. He is currently the VP of Global Technology Governance for US Bank. Mark is a published author and well-known keynote speaker.

  • speaker photo
    Moderator: Abhijit Solanki
    Founder & Managing Director, Whiteboard Venture Partners

    Abhijit Solanki is the founder of Whiteboard Venture Partners, an early stage venture capital firm helping entrepreneurs achieve their whiteboard dreams.

  • speaker photo
    Cindi Carter
    Vice President, Chief Security Officer, MedeAnalytics

    As Vice President, Chief Security Officer (CSO) at MedeAnalytics, Cindi oversees global enterprise security. Her mission encompasses creating a culture that places high value on securing and protecting MedeAnalytics and the clients’ information entrusted to them. Cindi has built and matured both cyber and physical security practices at The University of Michigan Health System and Cerner Corporation. More recently, Cindi served as the Deputy Chief Information Security Officer at Blue Cross and Blue Shield of Kansas City. Cindi is the founding President of Women in Security-Kansas City, a non-profit organization with the mission to support women at all career levels in Information Security, and serves as an Advisory Board member within the security industry.

  • speaker photo
    Kelce Wilson
    General Counsel, InfraGard North Texas

    Kelce S. Wilson was in the U.S. Air Force, both active duty and reserves, retiring as a Lieutenant Colonel. He has a B.S., M.S. and PhD in electrical engineering, an M.B.A., a J.D., US PTO patent practitioner registration, and is a certified privacy professional with CIPP-US, CIPP-E, and CIPM. During his military and engineering career he worked in cryptography, radar and jamming, low observable (stealth) aircraft, and cybersecurity testing (white hat hacking). As an attorney, he has worked in patent litigation, licensing, and prosecution, and also privacy & security matters, including both breach prevention and response.

  • speaker photo
    Bill White
    Architect, Information Security, State Farm

    Bill is an Information Technology professional with 30 years' experience in IT Security, Fraud investigation, Information Security, and Risk Assessment processes. He is a member of the team responsible for Information Security architectural work around Public Cloud Adoption. He has worked in the Information Technology space for 30 years, starting as a bench technician and working and learning his way up to Information Security Management. Bill is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Controls (CRISC).

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Mary Chaney
    Attorney, The Cyber Security Law Firm of Texas

    Mary N. Chaney, Esq., CISSP, has over 20 years of progressive experience within the fields of Law, Information Security, Privacy and Risk Management. She graduated from Xavier University in Cincinnati, Ohio with her B.S.B.A in Information Systems and received her J.D. degree from Thurgood Marshall School of Law.
    Ms. Chaney spent several years practicing law in Washington, DC focusing primarily on anti-trust and intellectual property rights infringement cases. She then transitioned to serve her country by becoming a Special Agent for the Federal Bureau of Investigation (FBI) where she investigated cybercrime and served as their Information Systems Security Officer.
    Ms. Chaney obtained her Certified Information Systems Security Professional (CISSP) certification in 2008. In her corporate career, she has held senior level information security roles with Comcast, Johnson & Johnson and GE Capital.
    Voluntarily, Ms. Chaney is the Chairman and CEO of Minorities in Cybersecurity, Inc. which focuses on leadership and career development for minorities and women. Ms. Chaney also holds advisory board roles for the Cyber Law Consortium, Post University and ChickTECH. In each of her volunteer endeavors Ms. Chaney strives to improve the cyber security and privacy community by ensuring both students and professionals have the resources they need to excel in their careers.
    Academically, Ms. Chaney is an adjunct professor with the University of Cincinnati where she teaches courses to assist with the development of the next generation of cybersecurity professionals.
    Professionally, Ms. Chaney owns her own cyber security law practice, The Law Offices of Mary N. Chaney, P.L.L.C., The Cyber Security Law Firm of Texas, where she specializes in helping, the Board of Directors, CIO, CISO and General Counsel of any company, understand each other and to legally protect the enterprise from cyber security risk.

  • speaker photo
    Happy Hour
  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Mary Chaney
    Attorney, The Cyber Security Law Firm of Texas

    Mary N. Chaney, Esq., CISSP, has over 20 years of progressive experience within the fields of Law, Information Security, Privacy and Risk Management. She graduated from Xavier University in Cincinnati, Ohio with her B.S.B.A in Information Systems and received her J.D. degree from Thurgood Marshall School of Law.
    Ms. Chaney spent several years practicing law in Washington, DC focusing primarily on anti-trust and intellectual property rights infringement cases. She then transitioned to serve her country by becoming a Special Agent for the Federal Bureau of Investigation (FBI) where she investigated cybercrime and served as their Information Systems Security Officer.
    Ms. Chaney obtained her Certified Information Systems Security Professional (CISSP) certification in 2008. In her corporate career, she has held senior level information security roles with Comcast, Johnson & Johnson and GE Capital.
    Voluntarily, Ms. Chaney is the Chairman and CEO of Minorities in Cybersecurity, Inc. which focuses on leadership and career development for minorities and women. Ms. Chaney also holds advisory board roles for the Cyber Law Consortium, Post University and ChickTECH. In each of her volunteer endeavors Ms. Chaney strives to improve the cyber security and privacy community by ensuring both students and professionals have the resources they need to excel in their careers.
    Academically, Ms. Chaney is an adjunct professor with the University of Cincinnati where she teaches courses to assist with the development of the next generation of cybersecurity professionals.
    Professionally, Ms. Chaney owns her own cyber security law practice, The Law Offices of Mary N. Chaney, P.L.L.C., The Cyber Security Law Firm of Texas, where she specializes in helping, the Board of Directors, CIO, CISO and General Counsel of any company, understand each other and to legally protect the enterprise from cyber security risk.

  • speaker photo
    Eddie Ho
    Former CIO & COO, Los Alamos National Bank

    Eddie Ho is the former COO and CIO for Los Alamos National Bank in New Mexico and CIO and CISO at OmniAmerican Bank in Texas. Prior to banking leadership roles, Eddie was in Technology Risk Management, cyber security, and Enterprise Architecture for IBM, Dell, Grant Thornton, and Blockbuster. Eddie is a board member for ePayAdvisors and is a frequent speaker for banking and finance industries. Eddie is the author of a network technology book and frequent contributor to industry publications. Eddie holds a BS from the University of Wisconsin, an MS in Computer Science from North Dakota State University, and holds CIPP, CISA, CISM, CGEIT, and CISSP certifications.

  • speaker photo
    Michael Smith
    Sr. Information Systems Auditor, Parkland Health & Hospital System

    Michael R. Smith, MBA, CISSP, CFE, CISA, CIA, PMP, ITIL, is a Healthcare Information Technology Professional with over thirty years of IT experience. Michael is a Sr. I.S. Auditor at Parkland in Dallas Texas specializing in performing information security assessments and audits focused around IT governance and regulatory compliance.

    Industry Certifications, Licensure, & Training
    Certified Information Security Specialist (CISSP)
    Certified Internal Auditor (CIA)
    Project Management Professional (PMP)
    Certified Fraud Examiner (CFE)
    Certified Information Systems Auditor (CISA)
    Information Library Information Technology (ITIL)

  • speaker photo
    James Carpenter
    CISO, Texas Scottish Rite Hospital for Children

    James Carpenter is a Healthcare Information Technology & Security Professional with 20 years of IT leadership experience. James is currently the Director of Information Technology & Security for Texas Scottish Rite Hospital for Children in Dallas, Texas. Over the course of his career James has created and led healthcare information security teams and helped organizations successfully navigate the complex and ever-changing landscape of security and technology. James has been responsible for strategic design of information security programs, implementation of key enterprise information security technologies such as DLP, IDM/IAM, eDiscovery, MDM, and the teams and processes that support successful integration. James is a CISSP, CISM, and CISA and holds a Master’s degree in Strategic Leadership from Amberton University.

  • speaker photo
    Pedro Serrano
    CISO, Grand River Dam Authority

    Pedro Serrano has over 35 years of experience managing and installing technical controls in networks around the world, 20 of those in military systems. He is the CISO for Grand River Dam Authority and Professor at his local University teaching infrastructure systems, security controls, and networking. Pedro has two postgraduates degrees one in Telecommunications Management from Oklahoma State University and the other in Computer Science from Tulsa University. Pedro serves as the President of the Information System Security Association (ISSA) chapter in Tulsa, Oklahoma and holds the CISSP certification from ISC2.

  • speaker photo
    Mark Nagiel
    CISO, Supreme Lending

    Mark is currently serving as the Chief Information Security Officer at Supreme Lending. Prior to Supreme Lending, Mark Served as the CISO at Prime Lending, Head of Information Security at MetroPCS (a T-Mobile division), VP of Information Technology and VP of Information Security at InCharge Institute, Head of NEC Information Security Consulting practice covering the US and the Caribbean. Prior to NEC, Mark co-founded Network Audit Systems, which was acquired by Armor Holdings, a NYSE global threat mitigation leader, where he served as a CTO. Prior experience included serving as the first Head of Information Security at Niagara Mohawk Power Corporation with responsibility for program development covering Corporate, Fossil, Hydro and Nuclear division protections. Mark is a graduate of State University of New York with a BS in Business Management and attanded the Harvard Business School Executive Education Program.

  • speaker photo
    Jeremy Rucker
    Attorney, Spencer Fane LLP

    As a cybersecurity and data privacy attorney in the Dallas office of Spencer Fane LLP, Jeremy Rucker has assisted companies of all sizes in responding to data security and privacy incidents. The expertise of Jeremy and his Spencer Fane colleagues cover several industries including healthcare, banking and finance, insurance, energy, transportation, and manufacturing.

  • speaker photo
    Mark Langford
    Principal Consultant, Aberfoyle Associates

    Mark is the Founder and Principal Consultant at Aberfoyle Associates, a Plano based cybersecurity consulting firm. Mark is a Board Member of the North Texas ISSA, was recently inducted into Infragard, and is called upon periodically to speak at cybersecurity industry events. He holds a Bachelor’s Degree in Management from Clemson University and a Master's Degree in Telecommunications Management from Oklahoma State University.

  • speaker photo
    Dr. Jason Edwards
    Cybersecurity Regulatory Testing Lead, USAA

    Jason Edwards has over 20 years of IT/Cybersecurity experience and currently works for USAA researching, developing and executing enterprise cybersecurity assurance testing. Jason is a 22-year veteran of the US Army and has served multiple tours of duty in Iraq, Afghanistan, and elsewhere. Jason is currently awaiting final approval for his doctoral dissertation in cybersecurity with a focus on ‘Regulatory Cybersecurity Testing of Large Financial Institutions.’ Jason and his family enjoy living in San Antonio and spending time outdoors. Jason is married to Selda, and they have 4 children, Michelle (21), Chris (19), Ceylin (9) and Mayra (7).

  • speaker photo
    Griffin Weaver
    Attorney, Technology and Transactions Counsel, USAA
  • speaker photo
    KC Condit
    CISO, G6 Hospitality, LLC

    KC Condit has been an information security practitioner and IT leader for 30 years with a diverse resume including hospitality, financial services, retail, and private, post-secondary education. He is currently the CISO for G6 Hospitality, LLC, and is responsible for information security, data privacy, IT risk management, and IT compliance for the Motel 6 and Studio 6 brands in the U.S. and Canada along with the Hotel 6 brand in India. Since 2011, KC has made 3rd party risk management an area of particular focus, developing low-cost approaches and creative, risk-based solutions.

  • speaker photo
    Shawn E. Tuma
    Co-Chair, Cybersecurity & Data Privacy Practice Group, Spencer Fane LLP

    Shawn Tuma is an internationally recognized cybersecurity, computer fraud and data privacy law attorney, areas in which he has practiced for two decades. He is Co-Chair of Spencer Fane’s Data Privacy & Cybersecurity Practice where he regularly serves as cybersecurity and privacy counsel advising a wide variety of businesses ranging from small and mid-sized companies to Fortune 100 enterprises. Shawn has been named a Cybersecurity Law Trailblazer by the National Law Journal, SuperLawyers Top 100 Lawyers in DFW, and Best Lawyers in Dallas. He serves as the Practitioner Editor for Bloomberg Law’s Texas Privacy & Data Security Law, among many other activities.

  • speaker photo
    Robin Austin
    CTO / CISO, Colliers Group

    As a CTO/CISO, Robin is responsible for overseeing all technical aspects of the company including Cyber Security, Risk and Compliance. Using an active and practical approach, Robin oversees all employees in IT, IO and OT departments to attain the company's strategic goals established in the company's digital strategic plan. Robin has also built several successful technology companies like Cyber Defense Resources providing additional lines of revenue for the company. As a critical thinker and Technology Evangelist, Robin publishes articles and books on disruptive technology in AI/ML and cryptography and acts as Fortune 1000 C-Suite Executives Trusted Advisor.

  • speaker photo
    Mary Chaney
    Attorney, The Cyber Security Law Firm of Texas

    Mary N. Chaney, Esq., CISSP, has over 20 years of progressive experience within the fields of Law, Information Security, Privacy and Risk Management. She graduated from Xavier University in Cincinnati, Ohio with her B.S.B.A in Information Systems and received her J.D. degree from Thurgood Marshall School of Law.
    Ms. Chaney spent several years practicing law in Washington, DC focusing primarily on anti-trust and intellectual property rights infringement cases. She then transitioned to serve her country by becoming a Special Agent for the Federal Bureau of Investigation (FBI) where she investigated cybercrime and served as their Information Systems Security Officer.
    Ms. Chaney obtained her Certified Information Systems Security Professional (CISSP) certification in 2008. In her corporate career, she has held senior level information security roles with Comcast, Johnson & Johnson and GE Capital.
    Voluntarily, Ms. Chaney is the Chairman and CEO of Minorities in Cybersecurity, Inc. which focuses on leadership and career development for minorities and women. Ms. Chaney also holds advisory board roles for the Cyber Law Consortium, Post University and ChickTECH. In each of her volunteer endeavors Ms. Chaney strives to improve the cyber security and privacy community by ensuring both students and professionals have the resources they need to excel in their careers.
    Academically, Ms. Chaney is an adjunct professor with the University of Cincinnati where she teaches courses to assist with the development of the next generation of cybersecurity professionals.
    Professionally, Ms. Chaney owns her own cyber security law practice, The Law Offices of Mary N. Chaney, P.L.L.C., The Cyber Security Law Firm of Texas, where she specializes in helping, the Board of Directors, CIO, CISO and General Counsel of any company, understand each other and to legally protect the enterprise from cyber security risk.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Don't miss out!

Join us for high-quality, affordable cybersecurity training and networking. Sign up today!