Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, October 9, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Topic: How Mature is Your Cybersecurity Incident Response Plan?
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: Spring Glade

    This session is for Advisory Council members only.

    8:00 am
    [SecureWorld PLUS] Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Northbrook 3

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 1 - Building an Incident Response Plan from Scratch: If It's Not Written Down, You Don't Have a Plan!
    • session level icon
    Earn 16 CPEs with this in-depth 3-part course
    speaker photo
    Attorney, The Cyber Security Law Firm of Texas
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Northbrook 2
    In today’s world not knowing how your company will respond when it has a breach is negligent. The last thing you want to do is be caught unprepared when the highly likely, but always untimely, event occurs. Businesses of all sizes need to have an incident response plan! Do you? Do you know where to start? If not, this session is for you. In Part 1 of our session will focus on building basic prevention and monitoring capabilities in order to detect incidents. In Part 2 we will focus on building the appropriate incident response plan for your company. Part 3 we will focus on putting the plan in action and building resiliency.
    8:30 am
    Let's Stop Admiring the Human Factor Problem in Cybersecurity
    • session level icon
    speaker photo
    Cybersecurity Policy Fellow, New America Think Tank, New America
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Windhaven
    Ninety-five percent of all cyber-attacks are human enabled. Organizations continue to fail at addressing human factors in cybersecurity due to a lack of education and appreciation for human factors as a science. With the increasing spending on technology to safeguard organizations’ critical networks, systems, and data, cybercriminals are circumventing defense-in-depth architectures to target humans, the weakest link. An existing fallacy is that technology will prevent data breaches, ransomware attacks, or cyber-attacks. In fact, integrating new technology creates unintended consequences that increase vulnerabilities. These technologically-induced vulnerabilities are human-enabled highlighting a lack of appreciation for human factors in cybersecurity–let’s reduce human-enable errors
    8:30 am
    Fortifying Your Enterprise in a Changing Security and Privacy Landscape
    • session level icon
    speaker photo
    Technical Director, Online Trust Alliance, Internet Society
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Sunnyslopoe

    Recent multi-million dollar sanctions for data breaches show that businesses cannot afford to be lax on privacy and security. However, the latest Internet Society studies have found that for many companies, these safeguards are severely lacking. What may start as a simple oversight can soon manifest into a potential security and financial nightmare for businesses. Embracing best practices when safeguarding user data is critical for companies to not only retain customers, but to protect themselves from the growing legal liability they could face.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    8:30 am
    Who Is Responsible for Security in the Cloud?
    • session level icon
    speaker photo
    Cloud Security Engineer, Charles Schwab
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Northbrook 1

    Examine some of the data exposure incidents over the past two years as a result of the misconfiguration of cloud resources, including recent data exposures. Will look at the specific nature of cloud misconfiguration issues, examine the areas of responsibility between cloud providers and their customers, and will offer a number of high-level suggestions on how to prevent or avoid such issues as organizations adopt cloud computing in their businesses.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    8:30 am
    Piloting Through Cybersecurity
    • session level icon
    speaker photo
    Global Business Information Security Officer , CBRE
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Fairview

    Piloting through Security – Using pilot skills and techniques to secure your world against cyber threats.

    • Use Checklists – Develop both Emergency and Normal operations checklists and then use those to develop standard operating procedures.
    o Runbook development
    o Incident Management guide and artifact
    o Change Management guide and artifact
    • Fly the Plane! Secure the Environment! – During an incident don’t get distracted by finding the cause. Secure the environment first. Then when its safe do the research.
    • PAVE: A Personal Minimums Checklist for Risk Management
    o Personal – I ‘M SAFE (Illness, Medication, Stress, Alcohol, Fatigue, Emotion)
    o Aircraft (Infrastructure, apps, and tools)
    o Environment (Situational Awareness)
    o External Pressures (Customers, Executive Leadership, Board, regulators)
    • “Flying is hours and hours of boredom sprinkled with a few seconds of sheer terror” – Pappy Boyington
    o Don’t let repetition lull you into a sense of complacency with your security program.
    • Spatial Disorientation and trusting your instruments
    o Cross-check your tools to confirm what they are saying
    o Trust what your tools are telling you
    • Big Sky Theory – Two randomly flying bodies (little airplanes) are very unlikely to collide, as the three-dimensional space is so large relative to the bodies.
    • Situational Awareness “See and Be Seen”, “See and Avoid”
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibit Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    [OPENING KEYNOTE] Business Email Compromise: Real World Stories and Practical Defense
    • session level icon
    speaker photo
    Special Agent, United States Secret Service
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    The average loss from a bank robbery is about $3,000. The average loss from a successful Business Email Compromise (BEC) attack is nearly $130,000. That kind of math explains why BEC is rampant, and every type of organization is at risk. During this presentation, hear from the point person on BEC cases investigated by the U.S. Secret Service. He’ll share true crime examples of and practical steps for defense against BEC losses, which now stand at $13.5 billion in the last six years.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    10:15 am
    Meet-the-Presenter & “Birds of a Feather” Discussion Group
    • session level icon
    Topic: Securing the Cloud
    speaker photo
    Cloud Security Engineer, Charles Schwab
    speaker photo
    Architect, Information Security, State Farm
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 10:45 am
    Location / Room: Exhibitor Floor: Green Zone

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

    10:15 am
    Meet-the-Presenter & “Birds of a Feather” Discussion Group
    • session level icon
    Topic: The Human Threat
    speaker photo
    Cybersecurity Policy Fellow, New America Think Tank, New America
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 10:45 am
    Location / Room: Exhibitor Floor: Red Zone

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

    10:15 am
    Meet-the-Presenter & “Birds of a Feather” Discussion Group
    • session level icon
    Topic: Communicating Between Technical and Non-Technical Teams
    speaker photo
    Security Awareness & Communications Manager, Tenet Health
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 10:45 am
    Location / Room: Exhibitor Floor: Blue Zone

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

    10:15 am
    Mark Gelhardt Book Signing in the CyberLounge on the Exhibitor Floor
    • session level icon
    Quantities are limited and will be distributed on a first-come, first-served basis.
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 12:00 pm
    Location / Room: CyberLounge

    Mark Gelhardt will be signing copies of his book, “My Time at The Clinton White House.”
    Find him in the CyberLounge on the Exhibitor Floor at the following times:
    10:15 a.m. – 12:00 p.m.
    1:00-1:15 p.m.
    BOOK SYNOPSIS:
    Colonel Mark Gelhardt had an atypical military career that landed him in The White House next to the President of the United States, where he was responsible for the last link of communications between the President and the rest of the U.S. government. While a Lieutenant Colonel (LTC) in the Army, Mark was selected by top federal officials to be the Commander of the Data Systems Unit, as part of the White House Communications Agency. In this position, he supported the President as the Chief Information Officer (CIO) for all classified IT used by The White House. LTC Gelhardt served at the White House for over four years (1995-1999), working with President Clinton and his staff almost every day, both on the White House grounds and traveling worldwide. This gave him unfettered access to the inner workings of The White House and the Presidency. Since retiring from the Army in 2001, Mark has been asked by many people about his time at The White House. Mark has many stories about what happened behind closed doors, and proudly speaks about the outstanding support done by the fantastic military members that support the Commander-in-Chief. Mark has taken the time to chronicle his experiences about his day-to-day job at The White House, as well as some of the funny stories he picked up along the way. Please enjoy this non-political book with surprising behind-the-scenes stories. I hope they provide you with some insight to the wonderful military members that work so hard to keep you safe every day in support the of President and Commander-in-Chief.

    11:00 am
    Advisory Council LUNCH Roundtable (VIP / Invite Only)
    • session level icon
    Topic: Prioritization of the Top 20 Critical Security Controls
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 1:00 pm
    Location / Room: Spring Glade

    This session is for Advisory Council members only.

    11:15 am
    (ISC)2 Chapter Meeting: Open to All Attendees
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Windhaven
    11:15 am
    The Fluid Ecosystem of Risk Management
    • session level icon
    speaker photo
    VP, Enterprise Risk Management, American Heart Association
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Fairview

    Join us to continue to hone in the skill of reducing the fragmented efforts of digital, strategic, and operational risk management. Frameworks, methodologies, and controls are essential, but they are just not enough in a digital-native, disruptive-intensive society.
    Presentation Level:
    MANAGERIAL (security and business leaders)

    11:15 am
    Non-Traditional InfoSec Challenges: Risks and Protection Strategies
    • session level icon
    speaker photo
    SVP Global Information Security, Financial Institution
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Northbrook 1
    In this presentation, we will first explore a set of commonly used technologies that may not be closely examined as part of traditional information security programs. However, they likely introduce critical risks via open apertures allowing for unauthenticated inputs by anonymous users. In this presentation, I will show you examples of how to identify assets and uncover vulnerabilities using new perspectives in this increasingly-connected world. Heavily based upon lessons learned from a 20+ year cyber career in the public sector, this presentation will provide new strategies through exciting examples that will shape how you interpret additional technologies around you and design security controls to uplift your defenses.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    11:15 am
    Word on the Street Is: A Lil' Bit of Awareness Will Make It Secure
    • session level icon
    speaker photo
    Security Awareness & Communications Manager, Tenet Health
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Sunnyslope
    Security awareness is often viewed as this intangible part of information security that is always “too” something—too costly, too much effort, too difficult to qualify. But word on the street is that a little bit of awareness is worth its weight in salt, so why are there so many varying perspectives on precisely “how” to implement a security awareness program? The answer is simple: If the streets are talking, shouldn’t someone be listening?
    12:15 pm
    [LUNCH KEYNOTE] How to Manage Your Own Career to Get to the Top
    • session level icon
    speaker photo
    CIO, Georgia State Defense Force, Former CIO, The White House
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    Do you have a plan for your future? Why not? You are the leader of your own destiny! You need to look at where you are, where you want to go, and have a plan to get there. We will talk about how to develop a plan, what to think about, and how to put one foot in front of the other to get to your end goal. We will also talk about how to manage up to your boss to get what you need to help you in your own career. Col. Mark Gelhardt made it to The White House managing his own career, and stood next to the President of the United States. He will tell you how he did it; if he can do it, so can you!

     

    1:15 pm
    [Panel] Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
    Panelists:
    James Carnall, Looking Glass
    Kristi Thiele, Ixia
    Charity Wright, Intsights
    Christopher Marcinko, Avanade
    Michael Schindler, Ensilo
    Moderator: Brent Chapman

    1:15 pm
    [Panel] You’ve Got Burned! Now What? (Incident Response)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Windhaven

    We’ve all heard the adage that it’s not if it happens but when you are inevitably breached… Do you have a plan? Even a framework to go off of? What do you include? Who do you include? How often should you be practicing this plan? Join our experts as they discuss incident response plans, who should be involved, best practices, and pitfalls.
    Panelists:
    Pat Benoit, CBRE
    Jon Allen, Catalyst Corporate Federal Credit Union
    Jonathan Tock, Speartip
    Thomas Moore, Corelight
    Moderator: Shawn Tuma, Spencer Fane LLP

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:15 pm
    Meet-the-Presenter & “Birds of a Feather” Discussion Group
    • session level icon
    Topic: Establishing a Value Mandate for Risk Professionals
    speaker photo
    VP, Enterprise Risk Management, American Heart Association
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 2:45 pm
    Location / Room: Exhibitor Floor: Green Zone

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

    2:15 pm
    Meet-the-Presenter & “Birds of a Feather” Discussion Group
    • session level icon
    Topic: Third Party Cyber Risk Management
    speaker photo
    CISO, G6 Hospitality, LLC
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 2:45 pm
    Location / Room: Exhibitor Floor: Red Zone

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

     

    2:15 pm
    Meet-the-Presenter & “Birds of a Feather” Discussion Group
    • session level icon
    Topic: Communicating to the Board
    speaker photo
    SVP Global Information Security, Financial Institution
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 2:45 pm
    Location / Room: Exhibitor Floor: Blue Zone

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

    3:00 pm
    CISO Ventures Panel: Are Cybersecurity Startups Meeting Expectations of Buyers Taking a Risk on Them?
    • session level icon
    speaker photo
    Founder & Managing Director, Whiteboard Venture Partners
    speaker photo
    Chief Information Officer, Epsilon
    speaker photo
    VP & Deputy CISO, Hewlett Packard Enterprise
    speaker photo
    CISO, Alkami Technology
    speaker photo
    Sr. Director, Information Security, Blue Cross and Blue Shield
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Windhaven

    The number of cyber startups is growing exponentially, with 4300+ cybersecurity companies worldwide including several private “unicorns”. With so many startups engaged in helping organizations achieve cybersecurity outcomes, how do organizational decision makers think about the risks involved in working with them? A panel of CXOs will share their expectations of and experiences with cybersecurity startups, including how they use solutions from startups to meet existing and emerging cybersecurity challenges.

     

    3:00 pm
    [Panel] Knowledge Is Power: Women in Cybersecurity
    • session level icon
    speaker photo
    Vice President, Chief Security Officer, MedeAnalytics
    speaker photo
    CTO, Catalyst Corporation Federal Credit Union
    speaker photo
    Director, Security Management, Financial Investment Management Company
    speaker photo
    Sr. Principal, Security Risk Management, Verizon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Sunnyslope

    It is often said that true knowledge must be gained through experience; either through one’s own life or through others. Join this opportunity to hear from women who bring perspectives from diverse industries (retail, financial, healthcare, utilities) as they share their different experiences as women living the information security career journey.

    3:00 pm
    InfraGard Chapter Meeting and Presentation - Open to all Attendees
    • session level icon
    Topic: When Does a Data Theft Incident Qualify as a Reportable Data Breach?
    speaker photo
    General Counsel, InfraGard North Texas
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: Keynote Theater

    Join InfraGard for their chapter meeting and guest presentation. This opportunity is open to all attendees.
    Presentation:
    Upon discovering that a data theft incident has occurred, a significant question arises: Is there an obligation to report the data theft incident, to victims and authorities, as a data breach? The “encryption exception” that is within the GDPR and many US laws indicates that if the data was encrypted when stolen, there has not been a breach and so reporting is not required. This presentation will provide an alternative view: for example, seven different ways that encrypted data may be compromised will be presented. Only by eliminating all seven as possibilities, should you rely on the “encryption exception.”
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    3:00 pm
    Securing the Public Cloud: Automation
    • session level icon
    speaker photo
    Architect, Information Security, State Farm
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Fairview

    The largest cause of publicly disclosed security breaches in cloud environments continues to be poor security hygiene. Public cloud adoption is expanding at a mammoth pace. The absence of a physical network boundary to the internet, combined with the risk of accidental exposure by users with limited security expertise, increases the attack surface in the public cloud. Security governance is challenging in public cloud environments due to the lack of visibility and control over agile changes.

    3:00 pm
    [SecureWorld PLUS] Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Northbrook 3

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:00 pm
    SecureWorld PLUS Part 2 - Building an Incident Response Plan from Scratch: If It's Not Written Down, You Don't Have a Plan!
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Attorney, The Cyber Security Law Firm of Texas
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Northbrook 2
    In today’s world not knowing how your company will respond when it has a breach is negligent. The last thing you want to do is be caught unprepared when the highly likely, but always untimely, event occurs. Businesses of all sizes need to have an incident response plan! Do you? Do you know where to start? If not, this session is for you. In Part 1 of our session will focus on building basic prevention and monitoring capabilities in order to detect incidents. In Part 2 we will focus on building the appropriate incident response plan for your company. Part 3 we will focus on putting the plan in action and building resiliency.
    3:45 pm
    Casino Happy Hour
    • session level icon
    Networking, Games, Prizes, Drinks, and Snacks
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 5:30 pm
    Location / Room: SecureWorld Exhibitor Floor

    Join your peers at 3:45 p.m. in the Exhibit Hall for beverages and snacks. Test your luck at Blackjack, Roulette, and Craps. Hand the voucher you receive at registration to one of the participating exhibitors to get started with $1,000 and win big for your chance at some cool prizes!
    Thank You Sponsors:
    Mimecast: Happy Hour Sponsor
    Cobalt: Black Jack Table
    ISSA North Texas: Poker Table
    SpearTip: Craps Table
    Corelight: Roulette Table

  • Thursday, October 10, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    [SecureWorld PLUS] Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Northbrook 3

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 3 - Building an Incident Response Plan from Scratch: If It's Not Written Down, You Don't Have a Plan!
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Attorney, The Cyber Security Law Firm of Texas
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Northbrook 2
    In today’s world not knowing how your company will respond when it has a breach is negligent. The last thing you want to do is be caught unprepared when the highly likely, but always untimely, event occurs. Businesses of all sizes need to have an incident response plan! Do you? Do you know where to start? If not, this session is for you. In Part 1 of our session will focus on building basic prevention and monitoring capabilities in order to detect incidents. In Part 2 we will focus on building the appropriate incident response plan for your company. Part 3 we will focus on putting the plan in action and building resiliency.
    8:30 am
    Banking Data Breach and Lessons Learned
    • session level icon
    speaker photo
    Former CIO & COO, Los Alamos National Bank
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Windhaven

    Your financial institution has been hacked and is now on the evening news. Customers, board members, the press, and regulators are hounding you by the minute. How do you recover step-by-step as CIO/COO/CISO? This session covers data breach nightmares during pre-attack, attack-in-motion, and post-attack scenarios. What are the key steps in starting the recovery of business operations with everyone demanding quick action? Next in line is the enforcement actions from the regulator: what are the necessary turnaround actions and road-maps? Gain real-world insider views on turning around a horrible situation.
    Presentation Level: MANAGERIAL (security and business leaders)

    8:30 am
    Considering a Continuity Plan?
    • session level icon
    speaker photo
    Sr. Information Systems Auditor, Parkland Health & Hospital System
    speaker photo
    CISO, Texas Scottish Rite Hospital for Children
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Fairview
    Your organization is required to implement a continuity plan but they can be complex and time consuming. Perhaps you are wondering where to start, and your organization is pressing you to innovate and leverage efficiencies. Cyber attacks are inevitable and can cause serious harm to your organization’s availability. Join Michael Smith and James Carpenter as we walk through important planning steps for building and implementing your continuity plan.
    8:30 am
    Developing and Implementing an Effective Security Awareness Program
    • session level icon
    Lessons Learned from an Oil and Gas Exploration Company
    speaker photo
    CISO, Grand River Dam Authority
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Sunnyslope

    Pedro will discuss his lessons learned in security awareness. He works in a very traditional Oil And Gas Exploration company, and from the production point of view, security awareness was the last thing anyone wanted to talk about. Pedro was able to change the culture, and ultimately behavior, by relating security awareness to their home use. He made it personal and relevant to the employee, that got attention. Once you have their attention, then you can start changing their behavior.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    [OPENING KEYNOTE] Everything You Wanted to Know About a Ransomware Attack, but Were Afraid to Ask
    • session level icon
    speaker photo
    CISO, Supreme Lending
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    This presentation will focus on lessons learned from a real ransomware attack and what to consider before, during, and after the attack. The audience take-away will include a thought-provoking list of resources and protection measures that will better prepare any organization.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    10:15 am
    Meet-the-Presenter & “Birds of a Feather” Discussion Group
    • session level icon
    Topic: Responding to the Evolving Privacy Landscape
    speaker photo
    Co-Chair, Cybersecurity & Data Privacy Practice Group, Spencer Fane LLP
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 10:45 am
    Location / Room: Exhibitor Floor: Green Zone

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

    10:15 am
    Meet-the-Presenter & “Birds of a Feather” Discussion Group
    • session level icon
    Topic: Career Development: Becoming a CISO
    speaker photo
    CISO, Grand River Dam Authority
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 10:45 am
    Location / Room: Exhibitor Floor: Red Zone

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

    10:15 am
    Meet-the-Presenter & “Birds of a Feather” Discussion Group
    • session level icon
    Topic: Breach Management
    speaker photo
    Former CIO & COO, Los Alamos National Bank
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 10:45 am
    Location / Room: Exhibitor Floor: Blue Zone

    What are the security issues that keep you up at night? Connect with peers who are experiencing similar pain points and experts who can offer best practices in a casual, collaborative environment.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: Privacy Versus Security (CCPA, GDPR, DevOpsSec)
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Spring Glade

    This session is for Advisory Council members only.

    11:15 am
    The Legal Component of Incident Response
    • session level icon
    speaker photo
    Attorney, Spencer Fane LLP
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:15 pm
    Location / Room: Sunnyslope
    Legal obligations attach when a data privacy or security incident occurs. An important component to responding to any data incident requires analysis of various international, state, and sectoral laws and regulations applicable to a given incident. This discussion will highlight the current and future legal climate of incident response.

     

    11:15 am
    Cyber Insurance: Safety Net or Scam?
    • session level icon
    speaker photo
    Principal Consultant, Aberfoyle Associates
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Fairview
    Cyber liability insurance was conceived to help organizations recover from the devastating effects of a cyber attack, but are they actually fulfilling that purpose? While cyber insurance underwriters are requiring policy seekers to fill out risk assessment surveys and have offered resources to clients to help mitigate cyber risk, the daunting burden of proof is still placed on the insured to prove lack of negligence. What has to happen for insurers and their clients to agree upon third party risk assessment tools to create a more equitable cost vs. coverage framework? How can businesses regain control of their risk valuations?
    11:15 am
    Strategically Reporting to the Board of Directors
    • session level icon
    speaker photo
    Cybersecurity Regulatory Testing Lead, USAA
    speaker photo
    Attorney, Technology and Transactions Counsel, USAA
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Northbrook 1
    This presentation will cover three major areas of concerns when developing reporting for the board of directions. The first is assurance testing and reporting of the results so that the board is confident that the program is operating as promised. The second is an overview of current laws in the financial sector and other industries, including some that require board-level reporting. Finally, we will discuss what goes into the board package and how it should be presented.
    Presentation Level: MANAGERIAL (security and business leaders)

     

    11:15 am
    Third-Party Cyber Risk: Creating and Managing a Program that Works
    • session level icon
    speaker photo
    CISO, G6 Hospitality, LLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Windhaven

    Two-thirds of all major data breaches can be traced to an external third party of some kind. In addition, more and more regulations are focusing on third parties, as well. Business partners, suppliers, service providers, auditors, consultants, outside counsel firms, and more all add to a company’s cyber and compliance risk. Effectively assessing and managing these third-party risks is now more important than ever.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

     

    12:00 pm
    Advisory Council LUNCH Round Table - (VIP / Invite Only)
    • session level icon
    Topic: Zero Trust, What’s the Big Deal?
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Spring Glade

    This session is for Advisory Council members only.

    12:15 pm
    [LUNCH KEYNOTE] Why Teams, Strategies, and Processes Are Essential for Managing Cyber Risk
    • session level icon
    speaker photo
    Co-Chair, Cybersecurity & Data Privacy Practice Group, Spencer Fane LLP
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    In twenty years of practicing cyber law, Shawn Tuma has seen a multitude of real-world cybersecurity and data breach cases. He will share his experience on:
    · Why cybersecurity is an overall business risk that must be properly managed to comply with laws and regulations
    · Why strategic leadership is critical in cybersecurity
    · Why teams are critical for cybersecurity and are affected by personalities and psychology
    · How to prioritize limited resources to effectively manage the most likely real-world risks
    · How to achieve reasonable cybersecurity
    · Why cyber insurance is a critical component of the cyber risk management process
    1:15 pm
    [Panel] Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
    Panelists:
    Luis Rodriguez, Mimecast
    Peter Tomaszewski, PSG Consults
    Matt Rose, Checkmarx
    Chris Mears, InTouch Health
    Moderator: Tad Dickie

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Compliance Strikes Again
    • session level icon
    speaker photo
    President , (ISC)2 Dallas/Fort Worth Chapter
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Fairview

    Many organizations are struggling to implement cyber security. There are several factors causing these shortcomings. Where is your company maturity level?

    3:00 pm
    Time to Get Re-Married: Turns Out, Privacy and Cybersecurity Are Still in Love!
    • session level icon
    speaker photo
    Attorney, The Cyber Security Law Firm of Texas
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Northbrook 1
    Cybersecurity and privacy have been divorced for some time now, with organizations splitting responsibilities: cyber/information security responsibilities lie with the technical teams, and privacy generally resides with the legal teams. Unfortunately, this split has been disastrous, mostly for the general public! In this session, we will discuss how forward thinking companies are re-marrying their cybersecurity and privacy programs to create a more holistic plan for data security and privacy—hopefully, to live happily ever after.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
Exhibitors
  • ACP
    Booth: 180

    ACP is the premier organization for business continuity professionals providing a powerful networking and learning environment for ACPits members. Known for its progressive programs, workshops and symposiums, the organization has become a unifying force in defining and leading the continuously evolving fields of business continuity, disaster recovery, and emergency response (the “profession”). The Organization is strategically aligned with business partners such as DRI International, and BC Management, as well as our corporate sponsors. With a strong presence in North America, ACP has 42 chapters and over 2,300 members. We welcome all individuals, regardless of experience or certification, with an interest in the Profession.

    Founded in 1983, we are an established community of industry experts, educators, practitioners, leaders, facilitators and advocates. Our members view us as connectors and as a vital networking source.

  • Agari
    Booth: 500

    Agari is transforming the legacy Secure Email Gateway with its next-generation Secure Email Cloud powered by predictive AI. Leveraging data science and real-time intelligence from trillions of emails, the Agari Identity Graph™ detects, defends and deters costly advanced email attacks including business email compromise, spear phishing and account takeover.

  • BlackBerry Cylance
    Booth: 545

    BlackBerry Cylance develops artificial intelligence to deliver prevention-first, predictive security products and smart, simple, secure solutions that change how organizations approach endpoint security. BlackBerry Cylance provides full spectrum predictive threat prevention and visibility across the enterprise to combat the most notorious and advanced cybersecurity attacks. With AI-based malware prevention, threat hunting, automated detection and response, and expert security services, BlackBerry Cylance protects the endpoint without increasing staff workload or costs. We call it the Science of Safe. Learn more at www.cylance.com.

  • Checkmarx
    Booth: 130

    Checkmarx is the global leader in software security solutions for modern enterprise software development. Checkmarx delivers the industry’s most comprehensive software security platform that unifies with DevOps and provides static and interactive application security testing, SCA and developer AppSec training to reduce and remediate risk from software vulnerabilities. www.checkmarx.com

  • Cloud Security Alliance (CSA)
    Booth: 710

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Cobalt.io
    Booth: 800

    Cobalt’s Pentest as a Service (PtaaS) Platform transforms traditional pentesting into a data-driven vulnerability management engine. Fueled by a global talent pool of certified freelancers, our modern pentest platform delivers actionable results that empowers agile teams to pinpoint, track, and remediate vulnerabilities.

  • Comodo Cybersecurity
    Booth: 810

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • Corelight
    Booth: 830

    Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com

  • EC-Council
    Booth: 700

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Egnyte
    Booth: 850

    Egnyte is the only secure content platform that is designed specifically for business. Egnyte provides teams with secure file sharing capability and access to content delivered at hyper-speed, regardless of file size, location, device or bandwidth.  More than 15,000 of the world’s most demanding and regulated businesses in more than 120 countries around the globe trust Egnyte to manage their content on the cloud.

  • enSilo
    Booth: 645

    enSilo protects businesses around the world from data breaches and disruption caused by cyber attacks. The enSilo Endpoint Security Platform comprehensively secures endpoints in real-time pre- and post-infection without alert fatigue, excessive dwell time or breach anxiety while also containing incident response costs by orchestrating automated detection, prevention and incident response actions against advanced malware. enSilo’s patented approach stops advanced malware with a high degree of precision, provides full system visibility and an intuitive user interface and combines next-generation antivirus (NGAV), application communication control, automated endpoint detection and response (EDR) with real-time blocking, threat hunting, incident response, and virtual patching capabilities in a single agent. The platform can be deployed either in the cloud or on-premises and supports multi-tenancy.

  • ForgeRock
    Booth: 540

    ForgeRock® is the digital identity management company transforming the way organizations interact securely with customers, employees, devices, and things. Organizations adopt the ForgeRock Identity Platform™ as their digital identity system of record to monetize customer relationships, address stringent regulations for privacy and consent (GDPR, HIPAA, FCC privacy, etc.), and leverage the internet of things. ForgeRock serves hundreds of brands, including Morningstar, Vodafone, GEICO, Toyota, TomTom, and Pearson, as well as governments like Norway, Canada, and Belgium, securing billions of identities worldwide. ForgeRock has offices across Europe, the USA, and Asia

  • Future Com
    Booth: 545

    Future Com provides consulting services and products with a focus on cloud and cybersecurity solutions. We partner with our customers, working with them on everything from preventing the loss of electronic data to ground-up network design and implementation.

    We deliver top technologies and provide customizable consulting services for the products we carry. We maintain the highest-level technical certifications and years of field experience in all aspects of networking and security.

  • InfraGard North Texas
    Booth:

    The primary purpose of the InfraGard North Texas Members Alliance is to assist in increasing the security of the United States national infrastructures through ongoing exchanges of information relevant to infrastructure protection and through education, outreach, and similar efforts. In addition to the benefits offered by the national InfraGard organization, there are several ways our local chapter accomplishes these objectives, including:

    • Local quarterly membership meetings focused on infrastructure protection
    • Sector-specific meetings and information exchanges
    • Partnerships and discounts to training offerings with other organizations such as ISSA and SecureWorld
    • Networking opportunities with peers within and across all sectors
  • Intsights
    Booth: 640

    IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the open, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world.

  • (ISC)2 Dallas-Fort Worth
    Booth: 140

    The Dallas-Fort Worth Chapter of (ISC)2 is based in the DFW area and serves the counties of the Dallas-Fort Worth Metroplex. Members include those with security certifications from (ISC)2 as well as other professionals practicing or interested in information, software and communications security. Our mission is to advance information security in the DFW area by providing our members and other security professionals with the opportunity to share knowledge, grow professionally, educate others, and collaborate on projects. Our chapter programs provide members a forum to facilitate the exchange of knowledge and ideas, development of leadership and professional skills, and advancement of information systems security. We also provide our members with access to a variety of industry resources and educational programs to keep them up to date with the latest advances in technology as well as information assurance.

  • ISSA: North Texas
    Booth: 340

    The Dallas/Fort Worth area has many large corporations, government organizations, and educational institutions. Our membership comes from the network and information systems professionals of these organizations and institutions, as well as vendors of security products. We seek to provide our members with access to information and resources to assist their employers in securing critical information resources. Our monthly luncheon meetings, conferences, and other resources are available to members and non-members alike to assist in educating security practitioners of all types.

  • ISSA Fort Worth
    Booth: 600

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. Learn more at the ISSA, International website. The Fort Worth Chapter of ISSA brings all of the benefits of International membership, along with opportunities for experiencing great speakers, local networking, earning CPEs, job prospecting and more.

  • Ixia, a Keysight Business
    Booth: 630

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Looking Glass
    Booth: 530

    LookingGlass Cyber Solutions delivers unified threat protection against sophisticated cyber attacks to global enterprises and government agencies. Our comprehensive portfolio prioritizes relevant and timely insights enabling customers to operationalize threat intelligence across the entire cyber attack lifecycle.

  • Mimecast
    Booth: 510

    Mimecast (NASDAQ: MIME) was born in 2003 with a focus on delivering relentless protection. Each day, we take on cyber disruption for our tens of thousands of customers around the globe; always putting them first, and never giving up on tackling their biggest security challenges together. We are the company that built an intentional and scalable design ideology that solves the number one cyberattack vector—email. We continuously invest to thoughtfully integrate brand protection, security awareness training, web security, compliance and other essential capabilities. Mimecast is here to help protect large and small organizations from malicious activity, human error and technology failure; and to lead the movement toward building a more resilient world.

  • RIMS
    Booth: 160

    The Dallas Fort Worth RIMS Chapter is among the largest most active chapters in the world, making a global and local difference regarding the importance of Risk Management.

  • Security Innovation
    Booth: 100

    For almost two decades, global clients have trusted Security Innovation to help them learn how to defend software applications and sensitive data from cyber-threats and attacks. We understand the challenges facing today’s enterprise, where reputation and customer trust is on the front lines. That’s why we continually work to discover and overcome the latest security threats with our Centers of Excellence, and integrate this knowledge into every training and assessment solution we deliver.

  • SpearTip
    Booth: 840

    SpearTip is an advisory firm consisting of industry leading professionals providing their expertise and offering of a full range of security services, to include unconflicted advisory services to Corporate Counsels and Chief Executives.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Thales e-Security
    Booth: 860

    As the global leader in cloud and data protection, we help the most trusted brands and largest organizations in the world protect their most sensitive data and software, secure the cloud and achieve compliance through our industry-leading data encryption, access management, and software licensing solutions.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Mary Chaney
    Attorney, The Cyber Security Law Firm of Texas

    Mary N. Chaney, Esq., CISSP, has over 20 years of progressive experience within the fields of Law, Information Security, Privacy and Risk Management. She graduated from Xavier University in Cincinnati, Ohio with her B.S.B.A in Information Systems and received her J.D. degree from Thurgood Marshall School of Law.
    Ms. Chaney spent several years practicing law in Washington, DC focusing primarily on anti-trust and intellectual property rights infringement cases. She then transitioned to serve her country by becoming a Special Agent for the Federal Bureau of Investigation (FBI) where she investigated cybercrime and served as their Information Systems Security Officer.
    Ms. Chaney obtained her Certified Information Systems Security Professional (CISSP) certification in 2008. In her corporate career, she has held senior level information security roles with Comcast, Johnson & Johnson and GE Capital.
    Voluntarily, Ms. Chaney is the Chairman and CEO of Minorities in Cybersecurity, Inc. which focuses on leadership and career development for minorities and women. Ms. Chaney also holds advisory board roles for the Cyber Law Consortium, Post University and ChickTECH. In each of her volunteer endeavors Ms. Chaney strives to improve the cyber security and privacy community by ensuring both students and professionals have the resources they need to excel in their careers.
    Academically, Ms. Chaney is an adjunct professor with the University of Cincinnati where she teaches courses to assist with the development of the next generation of cybersecurity professionals.
    Professionally, Ms. Chaney owns her own cyber security law practice, The Law Offices of Mary N. Chaney, P.L.L.C., The Cyber Security Law Firm of Texas, where she specializes in helping, the Board of Directors, CIO, CISO and General Counsel of any company, understand each other and to legally protect the enterprise from cyber security risk.

  • speaker photo
    Calvin Nobles
    Cybersecurity Policy Fellow, New America Think Tank, New America

    Dr. Nobles is a Cybersecurity Scientist and practitioner with more than 25 years of experience. He teaches cybersecurity at several universities. He recently retired from the Navy and is currently employed in the Financial and Services Industry. Dr. Nobles is a Cybersecurity Policy Fellow with the New America Think Tank. He authored a book on the integration of technologically advanced aircraft in general aviation. His personal story is featured in the book, Black Men Changing the Narrative Through Education. Dr. Nobles serves as Chairman, of a Cybersecurity Technology Advisory Board and on the Intelligence and National Security Alliance Cyber Council. He has fulfilled various executive-level positions as a cybersecurity professional.

  • speaker photo
    Jeff Wilbur
    Technical Director, Online Trust Alliance, Internet Society

    Jeff Wilbur is the Technical Director of the Internet Society’s Online Trust Alliance. He is responsible for integrating, developing, and extending the OTA initiative within the Internet Society’s overall mission and objectives. He has over 25 years of experience in high technology, all focused on bringing new, industry-transforming communications technologies to market. He has been involved at the founding stages of Ethernet, routing, switching, VOIP, unified messaging, and email authentication and services in both startups and Fortune 500 companies. Jeff has a technical and business background with a Master’s Degree in Engineering from Stanford.

  • speaker photo
    Bill Meredith
    Cloud Security Engineer, Charles Schwab

    Bill Meredith has over 25 years of experience designing, implementing, and supporting IT solutions for large enterprises, of which 10 years have been in the cybersecurity area. He is a cybersecurity professional with experience across a diverse set of cyber domains and industries such as Cloud Security, Financial, Forensics Investigation, Technology, Industrial, Commercial Web, Consumer Retail, Product Distribution, Shipping Logistics, and Manufacturing. Bill has a Bachelor's degree in Accounting, a Bachelor's degree in Computer Information Systems, and a MBA from the University of Louisville. He currently holds the CISSP, CCSP, CCSK, and AWS Cloud Practitioner certifications.

  • speaker photo
    Patrick Benoit
    Global Business Information Security Officer , CBRE

    Patrick is an Advisory CISO and formerly the Deputy CISO for Cheetah Digital. He is a security and privacy executive, writer, speaker, knowledge provider and seeker. He has been an Executive Business Partner at Experian; a Customer Delivery Executive and Service Delivery Leader at Dell; and owned a technology consulting company. He is certified as C/CISO, CISM, CISSP, CRISC, PMP, ITIL Expert, and Lean Six Sigma Black Belt. He is a pilot and flight instructor. He studies and teaches Aikido, rides motorcycles, and his favorite teaching is “From Chaos Comes Greatness,” a loose translation from the “I Ching."

  • speaker photo
    Christopher McMahon
    Special Agent, United States Secret Service

    Chris McMahon is a Special Agent for the United States Secret Service. Prior to joining the Secret Service, Chris was a Prince George’s County, MD Police Officer. Chris is a well-seasoned criminal investigator specializing in cyber-enabled financial fraud, money laundering, credit card/ID fraud among other crimes. Chris began his Secret Service career out of the New York Field Office spending time between the Fraud Squad and Electronic Crimes Task Force where he earned the designation NITRO Agent for specialized training in network intrusions. While in the New York Field Office, Chris ran point on several large-scale multi-national criminal investigations targeting transnational organized crime groups. Chris is currently assigned to the U.S. Secret Service, Global Investigative Operations Center (GIOC) where he specializes in Business Email Compromise schemes and account takeovers focusing on the international nexus of cyber-enabled financial crime.

  • speaker photo
    Bill Meredith
    Cloud Security Engineer, Charles Schwab

    Bill Meredith has over 25 years of experience designing, implementing, and supporting IT solutions for large enterprises, of which 10 years have been in the cybersecurity area. He is a cybersecurity professional with experience across a diverse set of cyber domains and industries such as Cloud Security, Financial, Forensics Investigation, Technology, Industrial, Commercial Web, Consumer Retail, Product Distribution, Shipping Logistics, and Manufacturing. Bill has a Bachelor's degree in Accounting, a Bachelor's degree in Computer Information Systems, and a MBA from the University of Louisville. He currently holds the CISSP, CCSP, CCSK, and AWS Cloud Practitioner certifications.

  • speaker photo
    Bill White
    Architect, Information Security, State Farm

    Bill is an Information Technology professional with 30 years' experience in IT Security, Fraud investigation, Information Security, and Risk Assessment processes. He is a member of the team responsible for Information Security architectural work around Public Cloud Adoption. He has worked in the Information Technology space for 30 years, starting as a bench technician and working and learning his way up to Information Security Management. Bill is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Controls (CRISC).

  • speaker photo
    Calvin Nobles
    Cybersecurity Policy Fellow, New America Think Tank, New America

    Dr. Nobles is a Cybersecurity Scientist and practitioner with more than 25 years of experience. He teaches cybersecurity at several universities. He recently retired from the Navy and is currently employed in the Financial and Services Industry. Dr. Nobles is a Cybersecurity Policy Fellow with the New America Think Tank. He authored a book on the integration of technologically advanced aircraft in general aviation. His personal story is featured in the book, Black Men Changing the Narrative Through Education. Dr. Nobles serves as Chairman, of a Cybersecurity Technology Advisory Board and on the Intelligence and National Security Alliance Cyber Council. He has fulfilled various executive-level positions as a cybersecurity professional.

  • speaker photo
    Dominick Frazier
    Security Awareness & Communications Manager, Tenet Health

    Dominick Frazier is a security professional with over 13 years of security experience with his current role being in Information Technology/Cyber-Security. In his current role he serves as the Security Awareness & Communication Manager responsible for the conversation around security between technical and non-technical teams, which extends to both employees and clients. Given his tenure in security, he has robust knowledge of the information technology and physical security sector including applicable regulations and frameworks.

  • speaker photo
    Book Signing
  • speaker photo
    Paola Saibene
    VP, Enterprise Risk Management, American Heart Association

    Paola Saibene is the VP of Enterprise Risk Management at American Heart Association. She has been a CIO, CTO, and CSO of large organizations, and has worked in private, non-profit, and government sectors.

  • speaker photo
    Ian Schneller
    SVP Global Information Security, Financial Institution

    A 20+ year information security veteran, Ian has served in many leadership positions to include CIO/CISO. Ian also led a multi-billion dollar mission charged with developing and operating advanced cyber capabilities for the Undersecretary of Defense (Intelligence), the DoD Chief Information Officer, and the Secretary of the Air Force. In this role he led high impact global teams and advised the US Congress and Executive Branch, resulting in a coordinated, funded national approach to resolve the highest cyber concerns of Government leadership. In the financial sector, Ian has led strategic capabilities to protect critical infrastructure from cyber-attack.

  • speaker photo
    Dominick Frazier
    Security Awareness & Communications Manager, Tenet Health

    Dominick Frazier is a security professional with over 13 years of security experience with his current role being in Information Technology/Cyber-Security. In his current role he serves as the Security Awareness & Communication Manager responsible for the conversation around security between technical and non-technical teams, which extends to both employees and clients. Given his tenure in security, he has robust knowledge of the information technology and physical security sector including applicable regulations and frameworks.

  • speaker photo
    Mark Gelhardt
    CIO, Georgia State Defense Force, Former CIO, The White House

    Colonel Gelhardt, at the pinnacle of his military career was selection to work at The White House as the CIO, supporting President Clinton, the VP, the White House Staff, and the U.S. Secret Service managing all the classified automation and telecommunications. Colonel Gelhardt is a combat veteran. Colonel Gelhardt is a well-known speaker and the author of “My time at the Clinton White House”. Since retiring from active service, Colonel Gelhardt has volunteer with many different service organizations. Currently he is the Chief Information Officer for the Georgia State Defense Force and all volunteer force keeping your state safe.

  • speaker photo
    Paola Saibene
    VP, Enterprise Risk Management, American Heart Association

    Paola Saibene is the VP of Enterprise Risk Management at American Heart Association. She has been a CIO, CTO, and CSO of large organizations, and has worked in private, non-profit, and government sectors.

  • speaker photo
    KC Condit
    CISO, G6 Hospitality, LLC

    KC Condit has been an information security practitioner and IT leader for 30 years with a diverse resume including hospitality, financial services, retail, and private, post-secondary education. He is currently the CISO for G6 Hospitality, LLC, and is responsible for information security, data privacy, IT risk management, and IT compliance for the Motel 6 and Studio 6 brands in the U.S. and Canada along with the Hotel 6 brand in India. Since 2011, KC has made 3rd party risk management an area of particular focus, developing low-cost approaches and creative, risk-based solutions.

  • speaker photo
    Ian Schneller
    SVP Global Information Security, Financial Institution

    A 20+ year information security veteran, Ian has served in many leadership positions to include CIO/CISO. Ian also led a multi-billion dollar mission charged with developing and operating advanced cyber capabilities for the Undersecretary of Defense (Intelligence), the DoD Chief Information Officer, and the Secretary of the Air Force. In this role he led high impact global teams and advised the US Congress and Executive Branch, resulting in a coordinated, funded national approach to resolve the highest cyber concerns of Government leadership. In the financial sector, Ian has led strategic capabilities to protect critical infrastructure from cyber-attack.

  • speaker photo
    Moderator: Abhijit Solanki
    Founder & Managing Director, Whiteboard Venture Partners

    Abhijit Solanki is the founder of Whiteboard Venture Partners, an early stage venture capital firm helping entrepreneurs achieve their whiteboard dreams.

  • speaker photo
    Robert Walden
    Chief Information Officer, Epsilon

    Robert Walden is the Chief Information Officer at Epsilon where he is responsible for cybersecurity, data center and public cloud infrastructure services, and network services. Additionally, Robert is responsible for providing all IT workplace services for a global user base. Robert has been delivering business value through technology for over 15 years, with a broad background in Information Technology that covers financial services, manufacturing, retail, consulting, and marketing services with an emphasis on IT strategy and digital transformation. Prior to joining Epsilon he served as a Managing Partner of K. Morrow Associates and was CIO of iPhotonix and TXP Corp. Previous to that he held roles at 7-Eleven, Inc. and Citigroup.
    Throughout his career, Robert has focused on ensuring technology investments are maximized and drive better business outcomes by influencing organizations to be customer-centric, data-driven, and results-oriented. While he is passionate about data and technology, ultimately, he believes success is entirely dependent upon working with great people.
    Robert lives in the Dallas area with his wife, two children, and their ever-present Pug.

  • speaker photo
    Drew Simonis
    VP & Deputy CISO, Hewlett Packard Enterprise

    Drew Simonis is a Vice President and serves as the Deputy CISO at Hewlett Packard Enterprise (HPE). He has worked in some of the largest and most complex environments in the public sector and the private sector with firms such as IBM, AT&T, EDS and Symantec. Prior to joining HPE, Drew spent 8 years as the CISO for Willis Group Holdings (now Willis Towers Watson). Insurance exposed Drew to formal risk management and analysis methodologies and is also where he began to develop an affinity for quantitative measurement of cyber risk as a better means to justify a security program and engage with business leadership. Drew has co-authored several books on security technology and architecture and articles on cyber organizational paradigms. Drew lives in North Texas and holds a Master of Science Degree in Computer Science from James Madison University.

  • speaker photo
    Anand Singh
    CISO, Alkami Technology

    Dr. Anand Singh is an information security executive with a history of bridging the gap between IT and business. He has led significant enterprise transformations on behalf of Fortune 20 companies. He has also driven success of several early stage companies and has shaped Information Security industry in his illustrious career. He is currently Chief Information Security Officer (CISO) at Alkami Technology. Prior to this role, he was the CISO at Caliber Home Loans. He has also served in leadership functions at UnitedHealth Group and Target.

    Dr. Singh is an adjunct faculty at Mitchell Hamline School of Law. He has a PhD in Computer Science from University of Minnesota and M.S. in Computer Science from Purdue University. Dr. Singh also holds CISM and CISSP professional certifications. He is an accomplished speaker and author with several notable keynotes and publications under his belt.

  • speaker photo
    Gaurav Kapil
    Sr. Director, Information Security, Blue Cross and Blue Shield
  • speaker photo
    Cindi Carter
    Vice President, Chief Security Officer, MedeAnalytics

    As Vice President, Chief Security Officer (CSO) at MedeAnalytics, Cindi oversees global enterprise security. Her mission encompasses creating a culture that places high value on securing and protecting MedeAnalytics and the clients’ information entrusted to them. Cindi has built and matured both cyber and physical security practices at The University of Michigan Health System and Cerner Corporation. More recently, Cindi served as the Deputy Chief Information Security Officer at Blue Cross and Blue Shield of Kansas City. Cindi is the founding President of Women in Security-Kansas City, a non-profit organization with the mission to support women at all career levels in Information Security, and serves as an Advisory Board member within the security industry.

  • speaker photo
    Diana Hennel
    CTO, Catalyst Corporation Federal Credit Union

    Diana Hennel is currently the Chief Technology Officer for Catalyst Corporate Federal Credit Union. In her role, Diana is responsible for the long-term strategic direction and implementation of technology strategy, security, and processes. She oversees the corporate’s network operations, technology development and information systems security. Diana attributes her success in the technology industry to her skills in building highly productive teams.

    Diana joined Catalyst Corporate in 2017. She has 25 years of technology, security, and operations experience, including over eleven years in IT executive management. Prior to joining Catalyst, she served as VP of Delivery at Targetbase, a customer relationship management and analytics agency, and as the CIO/CTO of TMX Finance, a consumer specialty finance company with over 1150 stores. She has Fortune 50 and software development experience, as well as experience in monitoring organizations for security compliance.

    Diana has a Bachelor of Science degree in math and computer science from Mount Union University and a Master of Science degree in computer science from the University of Illinois.

  • speaker photo
    Amna Siddiqui
    Director, Security Management, Financial Investment Management Company

    Amna Siddiqui is Director, Security Management, with a broad-based technology background and current experience in Cybersecurity and Technology Risk Management in the financial sector. She is knowledgeable in industry and regulatory frameworks and holds multiple certifications with most recent related to AWS.

  • speaker photo
    Tianne Strombeck
    Sr. Principal, Security Risk Management, Verizon

    Tia Strombeck, MBA, CISSP, currently manages a risk management team focused on governance and cross-organizational programs. Tia has 20+ years experience in information security. She has focused on building cross-organizational relationships to help other business teams understand the importance and value of security initiatives. She has worked with the network teams to imbed security requirements into their new development and operating processes.

  • speaker photo
    Kelce Wilson
    General Counsel, InfraGard North Texas

    Kelce S. Wilson was in the U.S. Air Force, both active duty and reserves, retiring as a Lieutenant Colonel. He has a B.S., M.S. and PhD in electrical engineering, an M.B.A., a J.D., US PTO patent practitioner registration, and is a certified privacy professional with CIPP-US, CIPP-E, and CIPM. During his military and engineering career he worked in cryptography, radar and jamming, low observable (stealth) aircraft, and cybersecurity testing (white hat hacking). As an attorney, he has worked in patent litigation, licensing, and prosecution, and also privacy & security matters, including both breach prevention and response.

  • speaker photo
    Bill White
    Architect, Information Security, State Farm

    Bill is an Information Technology professional with 30 years' experience in IT Security, Fraud investigation, Information Security, and Risk Assessment processes. He is a member of the team responsible for Information Security architectural work around Public Cloud Adoption. He has worked in the Information Technology space for 30 years, starting as a bench technician and working and learning his way up to Information Security Management. Bill is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Controls (CRISC).

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Mary Chaney
    Attorney, The Cyber Security Law Firm of Texas

    Mary N. Chaney, Esq., CISSP, has over 20 years of progressive experience within the fields of Law, Information Security, Privacy and Risk Management. She graduated from Xavier University in Cincinnati, Ohio with her B.S.B.A in Information Systems and received her J.D. degree from Thurgood Marshall School of Law.
    Ms. Chaney spent several years practicing law in Washington, DC focusing primarily on anti-trust and intellectual property rights infringement cases. She then transitioned to serve her country by becoming a Special Agent for the Federal Bureau of Investigation (FBI) where she investigated cybercrime and served as their Information Systems Security Officer.
    Ms. Chaney obtained her Certified Information Systems Security Professional (CISSP) certification in 2008. In her corporate career, she has held senior level information security roles with Comcast, Johnson & Johnson and GE Capital.
    Voluntarily, Ms. Chaney is the Chairman and CEO of Minorities in Cybersecurity, Inc. which focuses on leadership and career development for minorities and women. Ms. Chaney also holds advisory board roles for the Cyber Law Consortium, Post University and ChickTECH. In each of her volunteer endeavors Ms. Chaney strives to improve the cyber security and privacy community by ensuring both students and professionals have the resources they need to excel in their careers.
    Academically, Ms. Chaney is an adjunct professor with the University of Cincinnati where she teaches courses to assist with the development of the next generation of cybersecurity professionals.
    Professionally, Ms. Chaney owns her own cyber security law practice, The Law Offices of Mary N. Chaney, P.L.L.C., The Cyber Security Law Firm of Texas, where she specializes in helping, the Board of Directors, CIO, CISO and General Counsel of any company, understand each other and to legally protect the enterprise from cyber security risk.

  • speaker photo
    Happy Hour
  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Mary Chaney
    Attorney, The Cyber Security Law Firm of Texas

    Mary N. Chaney, Esq., CISSP, has over 20 years of progressive experience within the fields of Law, Information Security, Privacy and Risk Management. She graduated from Xavier University in Cincinnati, Ohio with her B.S.B.A in Information Systems and received her J.D. degree from Thurgood Marshall School of Law.
    Ms. Chaney spent several years practicing law in Washington, DC focusing primarily on anti-trust and intellectual property rights infringement cases. She then transitioned to serve her country by becoming a Special Agent for the Federal Bureau of Investigation (FBI) where she investigated cybercrime and served as their Information Systems Security Officer.
    Ms. Chaney obtained her Certified Information Systems Security Professional (CISSP) certification in 2008. In her corporate career, she has held senior level information security roles with Comcast, Johnson & Johnson and GE Capital.
    Voluntarily, Ms. Chaney is the Chairman and CEO of Minorities in Cybersecurity, Inc. which focuses on leadership and career development for minorities and women. Ms. Chaney also holds advisory board roles for the Cyber Law Consortium, Post University and ChickTECH. In each of her volunteer endeavors Ms. Chaney strives to improve the cyber security and privacy community by ensuring both students and professionals have the resources they need to excel in their careers.
    Academically, Ms. Chaney is an adjunct professor with the University of Cincinnati where she teaches courses to assist with the development of the next generation of cybersecurity professionals.
    Professionally, Ms. Chaney owns her own cyber security law practice, The Law Offices of Mary N. Chaney, P.L.L.C., The Cyber Security Law Firm of Texas, where she specializes in helping, the Board of Directors, CIO, CISO and General Counsel of any company, understand each other and to legally protect the enterprise from cyber security risk.

  • speaker photo
    Eddie Ho
    Former CIO & COO, Los Alamos National Bank

    Eddie Ho is the former COO and CIO for Los Alamos National Bank in New Mexico and CIO and CISO at OmniAmerican Bank in Texas. Prior to banking leadership roles, Eddie was in Technology Risk Management, cyber security, and Enterprise Architecture for IBM, Dell, Grant Thornton, and Blockbuster. Eddie is a board member for ePayAdvisors and is a frequent speaker for banking and finance industries. Eddie is the author of a network technology book and frequent contributor to industry publications. Eddie holds a BS from the University of Wisconsin, an MS in Computer Science from North Dakota State University, and holds CIPP, CISA, CISM, CGEIT, and CISSP certifications.

  • speaker photo
    Michael Smith
    Sr. Information Systems Auditor, Parkland Health & Hospital System

    Michael R. Smith, MBA, CISSP, CFE, CISA, CIA, PMP, ITIL, is a Healthcare Information Technology Professional with over thirty years of IT experience. Michael is a Sr. I.S. Auditor at Parkland in Dallas Texas specializing in performing information security assessments and audits focused around IT governance and regulatory compliance.

    Industry Certifications, Licensure, & Training
    Certified Information Security Specialist (CISSP)
    Certified Internal Auditor (CIA)
    Project Management Professional (PMP)
    Certified Fraud Examiner (CFE)
    Certified Information Systems Auditor (CISA)
    Information Library Information Technology (ITIL)

  • speaker photo
    James Carpenter
    CISO, Texas Scottish Rite Hospital for Children

    James Carpenter is a Healthcare Information Technology & Security Professional with 20 years of IT leadership experience. James is currently the Director of Information Technology & Security for Texas Scottish Rite Hospital for Children in Dallas, Texas. Over the course of his career James has created and led healthcare information security teams and helped organizations successfully navigate the complex and ever-changing landscape of security and technology. James has been responsible for strategic design of information security programs, implementation of key enterprise information security technologies such as DLP, IDM/IAM, eDiscovery, MDM, and the teams and processes that support successful integration. James is a CISSP, CISM, and CISA and holds a Master’s degree in Strategic Leadership from Amberton University.

  • speaker photo
    Pedro Serrano
    CISO, Grand River Dam Authority

    Pedro Serrano has over 35 years of experience managing and installing technical controls in networks around the world, 20 of those in military systems. He is the CISO for Grand River Dam Authority and Professor at his local University teaching infrastructure systems, security controls, and networking. Pedro has two postgraduates degrees one in Telecommunications Management from Oklahoma State University and the other in Computer Science from Tulsa University. Pedro serves as the President of the Information System Security Association (ISSA) chapter in Tulsa, Oklahoma and holds the CISSP certification from ISC2.

  • speaker photo
    Mark Nagiel
    CISO, Supreme Lending

    Mark is currently serving as the Chief Information Security Officer at Supreme Lending. Prior to Supreme Lending, Mark Served as the CISO at Prime Lending, Head of Information Security at MetroPCS (a T-Mobile division), VP of Information Technology and VP of Information Security at InCharge Institute, Head of NEC Information Security Consulting practice covering the US and the Caribbean. Prior to NEC, Mark co-founded Network Audit Systems, which was acquired by Armor Holdings, a NYSE global threat mitigation leader, where he served as a CTO. Prior experience included serving as the first Head of Information Security at Niagara Mohawk Power Corporation with responsibility for program development covering Corporate, Fossil, Hydro and Nuclear division protections. Mark is a graduate of State University of New York with a BS in Business Management and attanded the Harvard Business School Executive Education Program.

  • speaker photo
    Shawn E. Tuma
    Co-Chair, Cybersecurity & Data Privacy Practice Group, Spencer Fane LLP

    Shawn Tuma is an internationally recognized cybersecurity, computer fraud and data privacy law attorney, areas in which he has practiced for two decades. He is Co-Chair of Spencer Fane’s Data Privacy & Cybersecurity Practice where he regularly serves as cybersecurity and privacy counsel advising a wide variety of businesses ranging from small and mid-sized companies to Fortune 100 enterprises. Shawn has been named a Cybersecurity Law Trailblazer by the National Law Journal, SuperLawyers Top 100 Lawyers in DFW, and Best Lawyers in Dallas. He serves as the Practitioner Editor for Bloomberg Law’s Texas Privacy & Data Security Law, among many other activities.

  • speaker photo
    Pedro Serrano
    CISO, Grand River Dam Authority

    Pedro Serrano has over 35 years of experience managing and installing technical controls in networks around the world, 20 of those in military systems. He is the CISO for Grand River Dam Authority and Professor at his local University teaching infrastructure systems, security controls, and networking. Pedro has two postgraduates degrees one in Telecommunications Management from Oklahoma State University and the other in Computer Science from Tulsa University. Pedro serves as the President of the Information System Security Association (ISSA) chapter in Tulsa, Oklahoma and holds the CISSP certification from ISC2.

  • speaker photo
    Eddie Ho
    Former CIO & COO, Los Alamos National Bank

    Eddie Ho is the former COO and CIO for Los Alamos National Bank in New Mexico and CIO and CISO at OmniAmerican Bank in Texas. Prior to banking leadership roles, Eddie was in Technology Risk Management, cyber security, and Enterprise Architecture for IBM, Dell, Grant Thornton, and Blockbuster. Eddie is a board member for ePayAdvisors and is a frequent speaker for banking and finance industries. Eddie is the author of a network technology book and frequent contributor to industry publications. Eddie holds a BS from the University of Wisconsin, an MS in Computer Science from North Dakota State University, and holds CIPP, CISA, CISM, CGEIT, and CISSP certifications.

  • speaker photo
    Jeremy Rucker
    Attorney, Spencer Fane LLP

    As a cybersecurity and data privacy attorney in the Dallas office of Spencer Fane LLP, Jeremy Rucker has assisted companies of all sizes in responding to data security and privacy incidents. The expertise of Jeremy and his Spencer Fane colleagues cover several industries including healthcare, banking and finance, insurance, energy, transportation, and manufacturing.

  • speaker photo
    Mark Langford
    Principal Consultant, Aberfoyle Associates

    Mark is the Founder and Principal Consultant at Aberfoyle Associates, a Plano based cybersecurity consulting firm. Mark is a Board Member of the North Texas ISSA, was recently inducted into Infragard, and is called upon periodically to speak at cybersecurity industry events. He holds a Bachelor’s Degree in Management from Clemson University and a Master's Degree in Telecommunications Management from Oklahoma State University.

  • speaker photo
    Dr. Jason Edwards
    Cybersecurity Regulatory Testing Lead, USAA

    Jason Edwards has over 20 years of IT/Cybersecurity experience and currently works for USAA researching, developing and executing enterprise cybersecurity assurance testing. Jason is a 22-year veteran of the US Army and has served multiple tours of duty in Iraq, Afghanistan, and elsewhere. Jason is currently awaiting final approval for his doctoral dissertation in cybersecurity with a focus on ‘Regulatory Cybersecurity Testing of Large Financial Institutions.’ Jason and his family enjoy living in San Antonio and spending time outdoors. Jason is married to Selda, and they have 4 children, Michelle (21), Chris (19), Ceylin (9) and Mayra (7).

  • speaker photo
    Griffin Weaver
    Attorney, Technology and Transactions Counsel, USAA
  • speaker photo
    KC Condit
    CISO, G6 Hospitality, LLC

    KC Condit has been an information security practitioner and IT leader for 30 years with a diverse resume including hospitality, financial services, retail, and private, post-secondary education. He is currently the CISO for G6 Hospitality, LLC, and is responsible for information security, data privacy, IT risk management, and IT compliance for the Motel 6 and Studio 6 brands in the U.S. and Canada along with the Hotel 6 brand in India. Since 2011, KC has made 3rd party risk management an area of particular focus, developing low-cost approaches and creative, risk-based solutions.

  • speaker photo
    Shawn E. Tuma
    Co-Chair, Cybersecurity & Data Privacy Practice Group, Spencer Fane LLP

    Shawn Tuma is an internationally recognized cybersecurity, computer fraud and data privacy law attorney, areas in which he has practiced for two decades. He is Co-Chair of Spencer Fane’s Data Privacy & Cybersecurity Practice where he regularly serves as cybersecurity and privacy counsel advising a wide variety of businesses ranging from small and mid-sized companies to Fortune 100 enterprises. Shawn has been named a Cybersecurity Law Trailblazer by the National Law Journal, SuperLawyers Top 100 Lawyers in DFW, and Best Lawyers in Dallas. He serves as the Practitioner Editor for Bloomberg Law’s Texas Privacy & Data Security Law, among many other activities.

  • speaker photo
    JP Hill
    President , (ISC)2 Dallas/Fort Worth Chapter

    JP Hill works for Secutor Consulting and is the Chief Information Security Officer responsible for executive advisory services in auditing, enterprise architecture, metrics generation and analysis, security control assessments, penetration testing, certification and authorization cloud solutions, threat and vulnerability management, policy development, business continuity and disaster recovery planning, risk governance compliance (GRC). JP is also the President of (ISC)² Dallas-Fort Worth and he is a member of several advisory boards in the Dallas area.JP holds a Bachelor of Science degree in Cyber Security (Information Technology) from Potomac College and a Master of Science Degree in Information Assurance from Capitol College.

  • speaker photo
    Mary Chaney
    Attorney, The Cyber Security Law Firm of Texas

    Mary N. Chaney, Esq., CISSP, has over 20 years of progressive experience within the fields of Law, Information Security, Privacy and Risk Management. She graduated from Xavier University in Cincinnati, Ohio with her B.S.B.A in Information Systems and received her J.D. degree from Thurgood Marshall School of Law.
    Ms. Chaney spent several years practicing law in Washington, DC focusing primarily on anti-trust and intellectual property rights infringement cases. She then transitioned to serve her country by becoming a Special Agent for the Federal Bureau of Investigation (FBI) where she investigated cybercrime and served as their Information Systems Security Officer.
    Ms. Chaney obtained her Certified Information Systems Security Professional (CISSP) certification in 2008. In her corporate career, she has held senior level information security roles with Comcast, Johnson & Johnson and GE Capital.
    Voluntarily, Ms. Chaney is the Chairman and CEO of Minorities in Cybersecurity, Inc. which focuses on leadership and career development for minorities and women. Ms. Chaney also holds advisory board roles for the Cyber Law Consortium, Post University and ChickTECH. In each of her volunteer endeavors Ms. Chaney strives to improve the cyber security and privacy community by ensuring both students and professionals have the resources they need to excel in their careers.
    Academically, Ms. Chaney is an adjunct professor with the University of Cincinnati where she teaches courses to assist with the development of the next generation of cybersecurity professionals.
    Professionally, Ms. Chaney owns her own cyber security law practice, The Law Offices of Mary N. Chaney, P.L.L.C., The Cyber Security Law Firm of Texas, where she specializes in helping, the Board of Directors, CIO, CISO and General Counsel of any company, understand each other and to legally protect the enterprise from cyber security risk.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store