Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, October 31, 2018
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    7:30 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    7:30 am - 8:30 am
    8:00 am
    SecureWorld PLUS Part 1 - Security’s New Know: Strategic Skills for the Digital Age
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    Security’s Dark Age is coming to an end. A sub-set of organizations has moved beyond the misunderstandings, stigmatizations, dysfunctional economics and toxic mindsets regarding the practice of security. A new age is upon us – an age that requires new thinking, new skills and new practices. This session – part Harvard MBA-in-a-box, part Amish barn raising and part therapy session features Futurist Thornton May and a faculty of local experts detailing what the positive path to the future might look like.

    8:00 am
    SecureWorld PLUS Part 1 - Using the NIST Cybersecurity Framework to Build and Mature an Information Security Program
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO, Pulte Financial Services
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    Managing a successful Information Security Program requires a plan. In this hands-on workshop, participants will leverage the NIST Cybersecurity Framework as a guide to create or mature their security program. Regardless of industry, the framework provides an ideal platform for planning, communicating, and validating your security approach. This course is perfect for attendees that are just starting a security program, looking to mature their current program, or just looking to learn more about the Framework.

    8:00 am
    SecureWorld PLUS Part 1 - PC6. Cloud Security Training
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Enterprise Security Architecture, Colorado Governor Office of IT
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    This Cloud Security session will immerse students/attendees into the new frontier of IT and security services delivery in the Cloud. Using proven engaged learning techniques, students will leave the session with a solid Cloud Security knowledge and skills combined with applied hands-on on the most popular Cloud Services Provider.

    By the end of the session you will:

    • Have a solid understanding of the Cloud Computing and Security based on NIST and ISO/IEC.
    • Be able to evaluate security posture of any Cloud Service Providers (CSP) Using FedRAMP and CSA CCM.
    • Be able to select, design, and deploy a secure cloud services based on the business requirements
    • Use the knowledge and skill learned as a foundation to pursue popular Cloud Security Certifications such as CSA CCSK, ISC2 CCSP, and AWS Security.

    To maximize the benefit of the class, student needs to:

    • Have a Curious, and eager mind to learn.
    • Ask, Ask, and Ask questions
    • Bring their own laptops to participate in the labs and capture valuable information
    • Have an AWS free account.
    8:30 am
    IoT Defense: A Holistic Approach
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am

    Reviewing the current state of IoT devices, their cloud endpoints and the connection between them to understand the threat landscape and where our focus needs to be in the years ahead.

    8:30 am
    Crime in a Box – Revisited
    • session level icon
    How technology changed the landscape of cyber crime and predicting future attack vectors
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Twenty years ago I read an article titled “Crime in a Box.” It was a futuristic vision of how cyber crime could evolve to be the perfect crime. This session will compare and contrast the scenario described in that article to the data breach, spear-phishing, and ransomware attacks that have become our reality in the 21st century.

    8:30 am
    Leveraging GRC to Enhance the Value Proposition of Cybersecurity Programs
    • session level icon
    speaker photo
    Asia Region (Cybersecurity) Risk Lead, Compassion International
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Have you heard these questions? How secure am I? Will our processes and controls protect us against a breach? Will I know if we are breached? How will we respond if we are breached?

    Come, join me as I share a story of how our team was able to demonstrate value through risk management and regular black swan workshops. You will gain an understanding of the value of forging a relationship with other process areas and disciplines (e.g. crisis team, information assurance, business continuity, risk management) in order to gain the traction needed and demonstrate value.

    8:30 am
    AI and Blockchain: The Latest Development in the Debate of Innovation vs. Security
    • session level icon
    speaker photo
    Attorney, Baker Donelson
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    The unprecedented speed of innovation is a hallmark of the 21st century. How do we wrap our heads around its long term consequences. Artificial intelligence and block chain technology are the latest technological developments that will rapidly change our world. Are we carefully considering the long term consequences of these technologies on our security. What do we need to be considering so that we strike the right balance between innovation and security.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    Opening Keynote: Risk & Security’s Bright Future: Mapping the Road Ahead
    • session level icon
    speaker photo
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    There has never been a better time to be a risk/security professional. Disruptive technologies fundamentally expand the “Art of the Possible;” reshape the solution provider ecosystem [with a new hierarchy of winners & losers]; and discombobulate expectations of how and by whom risk and security should be managed/led.

    In an entertaining and highly interactive session, Thornton May will share with attendees how leading Risk/Security Cartographers chart the future. Like the movers and shakers of the Renaissance, we stand on the shores of a new world –a Mundus Novus as Americo Vespucci labeled it in 1502.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm

    Advisory Council – VIP / INVITE ONLY

    11:15 am
    Cybercrime and What Your Insurance Company Is Doing About It
    • session level icon
    speaker photo
    SVP, Marketing and Business Development, NAS Insurance
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Being insured isn’t the same as being prepared. As cyber criminals continue to attack businesses at an alarming rate across every possible point of vulnerability, business insurers are taking dramatic steps to provide a more comprehensive and preventative solution to combat the growing cyber threats. Tech forensic companies, network security specialists and white hat hackers have come together with insurance providers to offer a new generation of threat intelligence services. While an unusual pairing, tech and insurance professionals are now collaborating to create state-of-the-art cyber security solutions.
    11:15 am
    10 Application Security Myths
    • session level icon
    speaker photo
    Security Architect, Sungard Availability Services
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    “AppSec is hard”, “We need (insert blinky box)”, “I’m not a programmer”, “Our company isn’t a target”, “Security is emergent”, “Internal apps don’t need to be secured”, etc…
    I suspect none of these will come as a surprise for anyone in Application Security but I continue to encounter these same myths year after year, company after company. My hope is that by sharing my pain and some of the approaches I’ve taken to educate development teams, we can share your successes and together we can bring development out of the rut it’s currently in.
    11:15 am
    Spirion: Everything You Need to Know About the California Consumer Privacy Act of 2018
    • session level icon
    speaker photo
    VP, Data Protection, Spirion
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    The California Consumer Privacy Act of 2018 (CCPA) likely represents the most stringent privacy statute to be enacted at the U.S. state level and applies to all businesses in the U.S. and around the world. This presentation addresses the requirements of the Act, how personal information is defined, stated exemptions, and the potential for penalties and enforcement mechanisms by regulatory bodies and consumers. It also offers insight into possible actions to address compliance requirements before the enforcement commencement date of January 1, 2020.

     

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm

    Advisory Council – VIP / INVITE ONLY

    12:15 pm
    LUNCH KEYNOTE
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    1:15 pm
    Panel: Close the Front Gate - Identify all Travelers
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    One of the first lines of defense for a castle was the front gate or portcullis. When the need arose, they would simply close the gate and stop everyone from entering. Castle guards would stop each traveler and determine their identity and if they were a threat before letting them in. Sort of like today’s network access control and firewalls. Identity or the perception of one’s identity was all that mattered and a smart spy or thief would gain access to the castle with only minor delays. Our experts will discuss your options for defending your castle.

    1:15 pm
    Panel: Hazards on the Horizon - Emerging Threats
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    Just as in the days of yore, you must have watch guards in the tower scanning the horizon for enemy banners. If you follow cyber threats, then you know that the landscape is constantly changing. From the bring your own device (BYOD) workplace to mobile-malware, social engineering, and everything in between, information security has transformed. In order stay ahead of the ever-changing threats, it is imperative to constantly improve and change security policies. Join industry experts as they discuss the importance of rolling with the changes, and how your company can stop the threat before it gets to the castle gate.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Executive Leadership Panel: Building a Career in Cybersecurity
    • session level icon
    speaker photo
    CISO, Gates Corporation
    speaker photo
    CISSP, Executive Director, Cybersecurity Services
    speaker photo
    Privacy & Security Officer, Connect for Health Colorado
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Every security leader has a different and sometimes unique story about how they got to where they are. In many cases, they didn’t imagine that one day they will end up in security.
    Moreover, security is relatively new practice, it is done differently in every organization, and is a target that is moving constantly.

    In this panel we will hear from our panelists about:
    1. How do you develop your career in Security?
    2. What skills do you need to have?
    3. How do you keep yourself up to date?
    4. Stories from the front lines and a-ha moments

    3:00 pm
    The CISO Stop List
    • session level icon
    speaker photo
    CISO, Bluecore, Inc.
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Each year security teams are faced with new threats, new compliance requirements, new technologies, new environments, and new marching orders from management. Most respond by adding new processes, people, and tools to satisfy the emerging needs, but how often do we look at what we’re already doing and say “That is wrong. That is extraneous. That is of low value”? Or even, “That is hurting the security program. That is hurting my career”? This session will cast a baleful eye on some of the habits security professionals have developed and failed to shed as the landscape evolves.

    3:00 pm
    Re-thinking Our Talent Shortage: Planning for the Future Began Yesterday
    • session level icon
    speaker photo
    Partner, Jobplex
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    All too often, breaches or attacks on organizations are the result of an otherwise trustworthy employee’s negligence. Whether it’s using a company device on a public wifi or ignoring password updates to confidential data, it’s human nature to error. So…how do we mitigate that? Can we pre-screen for that? This expert presentation will discuss little-known tactics deployed to avoid potential hiring risks, while also integrating non-security professionals into a highly secure environment.
    3:00 pm
    Vetting Your Vendors
    • session level icon
    Understanding the “Chain of Control” of Data, Security Pitfalls in Third-Party Contracts and Service Agreements
    speaker photo
    Managing Partner & Co-Founder, XPAN Law Group, LLC
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    One of the most important considerations in cybersecurity does not involve your own direct network security; it involves your partners and vendors. In the world of cybersecurity, you are only as strong as the weakest link in your vendor chain. The ease, convenience and cost effectiveness of outsourcing certain business functions frequently overshadows the potential pitfalls lurking in using outside third-parties and vendors. This presentation will discuss the steps your organization needs to take to ensure that any partners or vendors with access to your network systems or company data are meeting (at least) a minimum level of security requirements.

    3:00 pm
    SecureWorld PLUS Part 2 - Security’s New Know: Strategic Skills for the Digital Age
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    Security’s Dark Age is coming to an end. A sub-set of organizations has moved beyond the misunderstandings, stigmatizations, dysfunctional economics and toxic mindsets regarding the practice of security. A new age is upon us – an age that requires new thinking, new skills and new practices. This session – part Harvard MBA-in-a-box, part Amish barn raising and part therapy session features Futurist Thornton May and a faculty of local experts detailing what the positive path to the future might look like.

    3:00 pm
    SecureWorld PLUS Part 2 - Using the NIST Cybersecurity Framework to Build and Mature an Information Security Program
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, Pulte Financial Services
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    Managing a successful Information Security Program requires a plan. In this hands-on workshop, participants will leverage the NIST Cybersecurity Framework as a guide to create or mature their security program. Regardless of industry, the framework provides an ideal platform for planning, communicating, and validating your security approach. This course is perfect for attendees that are just starting a security program, looking to mature their current program, or just looking to learn more about the Framework.

    3:00 pm
    SecureWorld PLUS Part 2- PC6. Cloud Security Training
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Enterprise Security Architecture, Colorado Governor Office of IT
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    This Cloud Security session will immerse students/attendees into the new frontier of IT and security services delivery in the Cloud. Using proven engaged learning techniques, students will leave the session with a solid Cloud Security knowledge and skills combined with applied hands-on on the most popular Cloud Services Provider.

    By the end of the session you will:

    • Have a solid understanding of the Cloud Computing and Security based on NIST and ISO/IEC.
    • Be able to evaluate security posture of any Cloud Service Providers (CSP) Using FedRAMP and CSA CCM.
    • Be able to select, design, and deploy a secure cloud services based on the business requirements
    • Use the knowledge and skill learned as a foundation to pursue popular Cloud Security Certifications such as CSA CCSK, ISC2 CCSP, and AWS Security.

    To maximize the benefit of the class, student needs to:

    • Have a Curious, and eager mind to learn.
    • Ask, Ask, and Ask questions
    • Bring their own laptops to participate in the labs and capture valuable information
    • Have an AWS free account.
  • Thursday, November 1, 2018
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 - Security’s New Know: Strategic Skills for the Digital Age
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    Security’s Dark Age is coming to an end. A sub-set of organizations has moved beyond the misunderstandings, stigmatizations, dysfunctional economics and toxic mindsets regarding the practice of security. A new age is upon us – an age that requires new thinking, new skills and new practices. This session – part Harvard MBA-in-a-box, part Amish barn raising and part therapy session features Futurist Thornton May and a faculty of local experts detailing what the positive path to the future might look like.

    8:00 am
    SecureWorld PLUS Part 3 - Using the NIST Cybersecurity Framework to Build and Mature an Information Security Program
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, Pulte Financial Services
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    Managing a successful Information Security Program requires a plan. In this hands-on workshop, participants will leverage the NIST Cybersecurity Framework as a guide to create or mature their security program. Regardless of industry, the framework provides an ideal platform for planning, communicating, and validating your security approach. This course is perfect for attendees that are just starting a security program, looking to mature their current program, or just looking to learn more about the Framework.

    8:00 am
    SecureWorld PLUS Part 3 - PC6. Cloud Security Training
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Enterprise Security Architecture, Colorado Governor Office of IT
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    This Cloud Security session will immerse students/attendees into the new frontier of IT and security services delivery in the Cloud. Using proven engaged learning techniques, students will leave the session with a solid Cloud Security knowledge and skills combined with applied hands-on on the most popular Cloud Services Provider.

    By the end of the session you will:

    • Have a solid understanding of the Cloud Computing and Security based on NIST and ISO/IEC.
    • Be able to evaluate security posture of any Cloud Service Providers (CSP) Using FedRAMP and CSA CCM.
    • Be able to select, design, and deploy a secure cloud services based on the business requirements
    • Use the knowledge and skill learned as a foundation to pursue popular Cloud Security Certifications such as CSA CCSK, ISC2 CCSP, and AWS Security.

    To maximize the benefit of the class, student needs to:

    • Have a Curious, and eager mind to learn.
    • Ask, Ask, and Ask questions
    • Bring their own laptops to participate in the labs and capture valuable information
    • Have an AWS free account.
    8:30 am
    Securing Your Vote: Did I Vote for Who I Thought I Voted For?
    • session level icon
    speaker photo
    Security Architect, Sungard Availability Services
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Thanks in part to DEF CON, we know that voting machines are poorly secured. However, the more ‘interesting’ piece here is the desire of the general public and many public officials to be able to vote over the Internet. (*blockchain*) And, regardless of whether you want Internet voting or not – it’s coming. In fact, for some states and countries and citizens, it’s already here.
    Join me as we look at how our votes are counted and audited, the current security state of voting in general and what the future may (or may not) entail.
    8:30 am
    New CISO: First 90 Days
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    This interactive presentation will walk through the stages we go through as the new head of information security in our company from the days preceding “Day One.” Checklists and ideas are shared to help you lift as many stones as possible while inspiring confidence in executive leadership.

    8:30 am
    Transform Your Business by Transforming Security
    • session level icon
    speaker photo
    Host, Colorado = Security podcast
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Cybersecurity began as a function within IT, and as a result it was necessarily focused internally, on back-office technologies. However, as the importance of security has become more understood, so has the need for a more strategic approach to security. In this presentation, Robb will discuss how security leaders can improve their security program by moving outside of internal IT siloes and help the company embrace new technologies.

    The highest value activities in most organizations revolve around customer interactions and product development. All too frequently security is not involved in these areas. Similarly, security is usually cited as the number one reason for reluctance to adopt new technologies such as cloud, consumerization and IoT. By getting security involved in the strategic planning for these areas, security can enable their company to move faster with more confidence, ultimately allowing their company to outperform their competitors.

    8:30 am
    Emerging Technology Disruptors Simplified
    • session level icon
    speaker photo
    CISO, Elevations Credit Union
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    This session will review and breakdown emerging technology disruptors (AI/ML/DL, Distributed Ledgers) and how they will change the current business models, and how automation and security will be seamlessly integrated and enhanced.
    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE:
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm

    Advisory Council – VIP / INVITE ONLY

    11:15 am
    The Impact of the GDPR on Cross-Border Data Management and Cybersecurity
    • session level icon
    Walking the Tightrope of Compliance and Business Efficiency
    speaker photo
    Managing Partner & Co-Founder, XPAN Law Group, LLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Principles of data privacy, technology, and cybersecurity converge when organizations exchange, transfer and process information. With the forthcoming European Union’s General Data Protection Regulation (GDPR), the intersection of data, technology, business and law is poised to become increasingly complex. And each of these complications will have a huge impact on a company’s operations, network infrastructure, and legal relationships with third-parties. This presentation will explore the impact of the GDPR on cross-border data management, its intersection with domestic data obligations and its effect on creating efficient and secure data management practices that meet the needs of the business.

    11:15 am
    Panel: Women in Security
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Diversity in teams has been proven to produce better results. In the Information Security field only 11% of these positions are filled with women. Women bring a unique skill set to the industry and we need to continue to increase the number in the Information Security field.

    During the “Women In Security” panel, you will hear from women who have been successful in navigating a career in Information Security. These executives will speak about how they got into the field, how they were able to break through the glass firewall and what they are doing to promote getting more women into security.

    11:15 am
    Memcache, the Largest DDoS Attack Ever Seen: How You Enabled It, and How You Can Prevent It
    • session level icon
    speaker photo
    Principle Security Architect, CenturyLink
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Impeding reflective surfaces by dropping well-known reflective amplifiable ports to protect your network and to prevent contributing to similar attacks in the future.

    11:15 am
    Application / System Security Development Life Cycle
    • session level icon
    Check List and Business Discussion Points
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    ADLC / SDLC should and needs to have security stage gates and requirements built in so that all processes have information protection in mind from the beginning. This will show the simple things and requirements that need to be built in the life cycle processes, which can apply to projects.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm

    Advisory Council – VIP / INVITE ONLY

    12:15 pm
    LUNCH KEYNOTE: Using Agile Methodologies in Security
    • session level icon
    speaker photo
    CISO, Cognizant Healthcare
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    Agile methodologies are just for development. This statement couldn’t be farther from the truth. Agile methodologies can be used to ensure your security team is always working on the most important of your never ending assignments. It can also be used to improve overall quality and efficiency in the delivery of value for your overworked security team. In this presentation we will examine how Agile methods can start benefiting your team right away as well as improving the maturity of your environment long term.

     

    1:15 pm
    Panel: The Court Jester Has the Crown Jewels (Ransomware)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    Way back in the day if you wanted to get someone to bend to your will you could just kidnap the princess or steal the Crown Jewels. Kingdoms would do just about anything to get these things back. It was probably a bit easier to grab the princess and leave a note with your demands. The exchange of coin for the princess was a risky maneuver but worth the reward if you escaped. Now it just takes one foolish click to become a victim of ransomware. Sadly, they are not easily caught when you make the trade with bitcoin. This panel will talk about the current schemes happening with ransomware and how you can try to keep the Crown Jewels safe.

    1:15 pm
    Rethinking Network Security With a Software-Defined Perimeter
    • session level icon
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:15 pm

    Traditional network security is failing us. This session introduces a new, open network security model, the Software-Defined Perimeter. This architecture, published by the Cloud Security Alliance, verifies and secures all user access to network resources, improving security and compliance for both on-premises and cloud environments.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Automating Firewall Certification with Robot Framework
    • session level icon
    speaker photo
    Security Engineer III, Charter Communications
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    With constant new version updates for Firewall devices combined with new vulnerabilities in the various versions, production devices need to be routinely upgraded to the newest version to ensure not just security compliance, but also availability to use new features. Any new versions need to undergo several tests before being deployed in production. Robot Framework allows to automate configuration, audits, verification and all test cases, using keyword driven approach with Python, as the underlying platform.
    3:00 pm
    Anti-Spoofing: Let’s Get Real
    • session level icon
    speaker photo
    Principal InfoSec Engineer, CenturyLink
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    IP Spoofing is a major cause of DDoS attacks. This presentation describes the problem and methods to remove spoofed traffic from your network.
Exhibitors
  • ACP
    Booth:

    ACP is the premier organization for business continuity professionals providing a powerful networking and learning environment for ACPits members. Known for its progressive programs, workshops and symposiums, the organization has become a unifying force in defining and leading the continuously evolving fields of business continuity, disaster recovery, and emergency response (the “profession”). The Organization is strategically aligned with business partners such as DRI International, and BC Management, as well as our corporate sponsors. With a strong presence in North America, ACP has 42 chapters and over 2,300 members. We welcome all individuals, regardless of experience or certification, with an interest in the Profession.

    Founded in 1983, we are an established community of industry experts, educators, practitioners, leaders, facilitators and advocates. Our members view us as connectors and as a vital networking source.

  • Alpine Cyber Solutions
    Booth: TBD

    Alpine Cyber Solutions is a leading cybersecurity and cloud infrastructure company that helps businesses reduce and respond to cyber threats, by delivering preemptive solutions and powerful IT intelligence. Headquartered in Pottstown, Pennsylvania, Alpine Cyber serves companies of all sizes and industries with services including managed security, incident response, vulnerability analysis, cybersecurity solutions, staff augmentation, security awareness training and, cutting-edge products and integration.

  • Binary Defense Systems
    Booth: TBD

    BDS is a company that works with you to understand your environment, what you have and building defenses to combat what we face today and for the attacks of tomorrow. Technology is continuously changing, businesses change every day – in order to keep up with the changes, BDS has created an extensively flexible yet highly accurate way of detecting attackers. We are attackers, and we know the best ways in detecting how attackers breach your network. An added bonus with BDS – continual penetration tests are performed regularly to enhance and develop additional safeguards. We are here to defend, protect and secure your company.

  • Bitdefender
    Booth: TBD

    Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.

    From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.

  • Cisco
    Booth: TBD

    Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.

  • Cloud Security Alliance (CSA)
    Booth: TBD

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Colorado ECTF
    Booth:

    As a result of the amalgamation of advanced technology and the Internet, both the quantity and sophistication of cybercrimes targeting U.S. financial institutions and critical infrastructure have increased. Today, criminal trends show an increased use of phishing emails, account takeovers, malicious software, hacking attacks and network intrusions resulting in significant data breaches. To protect the nation’s financial infrastructure from cyber and financial criminals, the Secret Service has adopted a multi-pronged approach.

  • Colorado Technology Association
    Booth:

    The Colorado Technology Association leads the network of companies and professionals fueling Colorado’s economy, through technology.

    At the Colorado Technology Association, we:

    – Lead an inclusive network that benefits our member community
    – Advocate for a pro-business and technology-friendly climate
    – Influence the development of a robust talent pipeline
    – Lead initiatives to help companies grow.

  • Comodo Cybersecurity
    Booth: TBD

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • Cyberbit
    Booth: TBD

    Cyberbit provides a consolidated detection and response platform that protects an organization’s entire attack surface across IT, OT and IoT networks. Cyberbit products have been forged in the toughest environments on the globe and include: behavioral threat detection, incident response automation and orchestration, ICS/SCADA security, and the world’s leading cyber range. Since founded in mid-2015 Cyberbit’s products were rapidly adopted by enterprises, governments, academic institutions and MSSPs around the world. Cyberbit is a subsidiary of Elbit Systems (NASDAQ: ESLT) and has offices in Israel, the US, Europe, and Asia.

  • Darktrace
    Booth: TBD

    Darktrace is the world’s leading machine learning company for cyber security. Created by mathematicians from the University of Cambridge, the Enterprise Immune System uses AI algorithms to automatically detect and take action against cyber-threats within all types of networks, including physical, cloud and virtualized networks, as well as IoT and industrial control systems. A self-configuring platform, Darktrace requires no prior set-up, identifying advanced threats in real time, including zero-days, insiders and stealthy, silent attackers. Headquartered in San Francisco and Cambridge, UK, Darktrace has 24 offices worldwide.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Fortinet
    Booth: TBD

    Fortinet secures the largest enterprise, service provider, and government organizations around the world. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 300,000 customers trust Fortinet to protect their businesses.

  • Illusive Networks
    Booth: TBD

    Illusive Networks is a pioneer of deception technology, empowering security teams to take informed action against advanced, targeted cyberattacks by detecting and disrupting lateral movement toward critical business assets early in the attack life cycle. Agentless and driven by intelligent automation, Illusive technology enables organizations to significantly increase proactive defense ability while adding almost no operational overhead. Illusive’s Deceptions Everywhere® approach was conceived by cybersecurity experts with over 50 years of combined experience in cyber warfare and cyber intelligence. With the ability to proactively intervene in the attack process, technology-dependent organizations can preempt significant operational disruption and business losses, and function with greater confidence in today’s complex, hyper-connected world.

  • InfraGard
    Booth:

    InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of individuals, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.

    The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.

  • ISACA Denver Chapter
    Booth:

    The Denver Chapter of ISACA® (formerly EDPAA) was founded in June 1976 with just a handful of members. Today, the Denver chapter with over 1,040 members, is one of the largest chapters within the Southwestern Region. The Denver Chapter contributes to the international organization with financial support and periodic hosting of the International Conference.

  • (ISC)2
    Booth:

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • ISSA Colorado Springs Chapter
    Booth:

    ISSA Colorado Springs Chapter: Developing and Connecting Cybersecurity Leaders Globally. ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.

  • Ixia, a Keysight Business
    Booth: TBD

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • NetScout Arbor
    Booth: TBD

    For fifteen years, the world’s leading network operators across ISP, cloud and enterprise markets have relied on NETSCOUT Arbor for traffic visibility, advanced threat detection and DDoS mitigation. Through a combination of market-leading technology, elite security research, intuitive workflows and powerful data visualizations, NETSCOUT Arbor allows you to efficiently connect the dots to understand attack activity and to take action with confidence. See the threat, understand the risk and protect your business with NETSCOUT Arbor.

  • Optiv
    Booth: TBD

    Optiv is the largest holistic pure-play cyber security solutions provider in North America. Our diverse and talented employees are committed to helping businesses, governments and educational institutions plan, build and run successful security programs through the right combination of products, services and solutions related to security program strategy, enterprise risk and consulting, threat and vulnerability management, enterprise incident management, security architecture and implementation, training, identity and access management, and managed security.

    Created in 2015 as a result of the Accuvant and FishNet Security merger, Optiv has served more than 12,000 clients of various sizes across multiple industries, offers an extensive geographic footprint, and has premium partnerships with more than 300 of the leading security product manufacturers.

  • OWASP Denver
    Booth:
  • Spirion
    Booth: TBD

    Spirion is a leading enterprise data management software solution that provides high-precision searches and automated classification of unstructured and structured data with unparalleled accuracy.  Spirion helps businesses reduce their sensitive data footprint and proactively minimize risks, costs and reputational damage of cyberattacks by discovering, classifying, monitoring and protecting sensitive data.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tevora
    Booth: TBD

    Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats. For more information visit https://www.tevora.com.com/.

  • Threat X, Inc
    Booth: TBD

    Threat X is the only SaaS-based web application firewall that enables enterprises to secure all their web applications against an evolving threat landscape. Purpose built for the hybrid-cloud, Threat X delivers complete visibility and precise threat detection and neutralization through progressive profiling, collective threat intelligence, and a managed service.

  • TrustedSec
    Booth: TBD

    TrustedSec is a leader in attack intelligence and security advisory services. Our team of highly talented, skilled, senior consultants sets us apart from other commodity-service security companies. We form partnerships with our number one goal to help you holistically improve your security program. You’ll find that working with us amounts to more than “just another engagement”—it’s establishing an understanding with your organization, and working to make you more secure, and better as a whole.

     

  • VirtualArmour
    Booth: TBD

    VirtualArmour is an international cybersecurity and Managed Services provider that delivers customized solutions to help businesses build, monitor, maintain and secure their networks.

    The Company maintains 24/7 client monitoring and service management with specialist teams located in its US and UK-based security operation centers (“SOC”). Through partnerships with best-in-class technology providers, VirtualArmour delivers only leading hardware and software solutions for customers that are both sophisticated and scalable, and backed by industry-leading customer service and experience. VirtualArmour’s proprietary CloudCastr client portal and prevention platform provides clients with unparalleled access to real-time reporting on threat levels, breach prevention and overall network security.

    VirtualArmour services a wide range of clients – which include those listed on the Fortune 500 – within several industry sectors, in over 30 countries, across five continents. Further information about the Company is available under its profile on the SEDAR website, www.sedar.com, on the CSE website, www.thecse.com, and on its website www.virtualarmour.com

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Thornton May
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company

    Thornton is one of America’s premier executive educators, designing and delivering high impact curricula at UCLA, UC-Berkeley, Arizona State University, The Ohio State University, Harvard University, the University of Kentucky, Babson, and the Olin College of Engineering. His programs mine the knowledge of the audience delivering practical insights in an engaging and interactive manner.

    As a futurist, Thornton writes columns on technology for three leading publications, researches at four think tanks, and advises major organizations and government agencies on how to think differently about technology—all the while conducting seminal anthropological field research into technology-use behaviors of the various tribes comprising modern society.

    No stranger to the risk and infosec tribe, Thornton has written for CSO Magazine and frequently advises, lectures, and always learns from professionals in the various agencies of the American intelligence community. In a previous life, Thornton served as the Chief Awareness Officer (CAO) for one of the world’s first managed security services firm.

    Thornton brings a scholar's patience for empirical research, a second-to-none gift for storytelling, and a stand-up comedian’s sense of humor to his audiences. His recent book, "The New Know: Innovation Powered by Analytics," examines the intersection of the analytic and IT tribes.

    The editors at eWeek honored Thornton, including him on their list of Top 100 Most Influential People in IT. The editors at Fast Company labeled him "one of the top 50 brains in technology today."

  • speaker photo
    Alex Wood
    CISO, Pulte Financial Services

    Alex Wood is currently the CISO for Pulte Financial Services and has over 18 years of experience in information security. Previously he has had managerial, program, and technical roles at several major companies in different verticals. Additionally, Alex has served on the Board of Directors for ISSA International and is a host of the Colorado = Security podcast. Alex is a CISSP and has a MAS in Information Security from the University of Denver.

  • speaker photo
    Mohamed Malki
    Enterprise Security Architecture, Colorado Governor Office of IT

    Mohamed Malki is an active member in Colorado cyber security community and global contributor to cyber security trainings and certifications. Mr.Malki is CISSP-ISSEP, CISA, CISM, CEH, Triple AWS Certifications, CSA CCSK, ISC2 CCSP, CompTIA Cloud+ and CSA+ Subject Matter Expert (SME). Mr. Malki is a community leader in preparing future cyber defenders and enable career change to fill the security professional workforce gap. Mr. Malki is the director of enterprise security architecture and HIPAA office with Colorado Governor Office of IT. Mr. Malki is the chairman of OIT Cloud Computing Governance Community with task to coordinate and collaborate cloud services consumption throughout the enterprise. Mr. Malki holds two masters in electrical and computer engineering.

  • speaker photo
    Rhett Saunders
    Asia Region (Cybersecurity) Risk Lead, Compassion International

    Rhett Saunders is a seasoned cybersecurity professional and risk leader for Compassion International's Asia Region. His work now focuses on identifying risks to achieving goals and objectives for Asia in order to move faster and reach more children living in poverty. Before coming to Compassion International, Rhett served the Federal Reserve, and while there, led regular Enterprise Risk Management discussions between the Federal Reserve and U.S. Treasury with a focus on cybersecurity. Rhett is also a U.S. Army military veteran who served as an intelligence non-commissioned officer. Rhett earned a Master of Business Administration from LeTourneau University and holds the CISSP credential.

  • speaker photo
    Justin Daniels
    Attorney, Baker Donelson

    Justin Daniels is a thought leader in cybersecurity who believes cybersecurity must be treated by the c-suite as a strategic enterprise business risk. He provides strategic advice to companies to help them understand cyber risk and create a comprehensive approach to address it. He specifically advises on cyber business and legal issues in mergers and acquisitions, investment capital transactions and related due diligence matters, information security plans, incident response plans, vendor and customer contracts and cyber insurance. Justin is an attorney with Baker Donelson, where he specializes in M&A and other business transactions.

    Justin is a leader in Georgia's cybersecurity industry. In 2017, he founded and led the inaugural Atlanta Cyber Week (www.atlcyberweek.com) where multiple organizations held 11 events that attracted more than 1,000 attendees from five countries. Atlanta Cyber Week created business opportunities between growth cyber companies and Atlanta's middle market and Fortune 1,000 customer base while also burnishing the reputation of Atlanta's regional cybersecurity ecosystem. At the end of Atlanta Cyber Week 2017, he gave a Ted Talk entitled "Why You Hold the Key to Cybersecurity." He launched the podcast CyberXchange in April 2018 where he exchanges views on cybersecurity with industry leaders and influencers. He speaks extensively about the topic of cybersecurity and has done so in the United States, the UK and Israel.

  • speaker photo
    Thornton May
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company

    Thornton is one of America’s premier executive educators, designing and delivering high impact curricula at UCLA, UC-Berkeley, Arizona State University, The Ohio State University, Harvard University, the University of Kentucky, Babson, and the Olin College of Engineering. His programs mine the knowledge of the audience delivering practical insights in an engaging and interactive manner.

    As a futurist, Thornton writes columns on technology for three leading publications, researches at four think tanks, and advises major organizations and government agencies on how to think differently about technology—all the while conducting seminal anthropological field research into technology-use behaviors of the various tribes comprising modern society.

    No stranger to the risk and infosec tribe, Thornton has written for CSO Magazine and frequently advises, lectures, and always learns from professionals in the various agencies of the American intelligence community. In a previous life, Thornton served as the Chief Awareness Officer (CAO) for one of the world’s first managed security services firm.

    Thornton brings a scholar's patience for empirical research, a second-to-none gift for storytelling, and a stand-up comedian’s sense of humor to his audiences. His recent book, "The New Know: Innovation Powered by Analytics," examines the intersection of the analytic and IT tribes.

    The editors at eWeek honored Thornton, including him on their list of Top 100 Most Influential People in IT. The editors at Fast Company labeled him "one of the top 50 brains in technology today."

  • speaker photo
    Jeremy Barnett
    SVP, Marketing and Business Development, NAS Insurance

    Jeremy Barnett is Senior Vice President of Marketing and Business Development for NAS Insurance, based in Los Angeles. Jeremy works across all NAS lines of business including Cyber, Specialty Products and Reinsurance solutions to provide brand strategy, product marketing, sales training, and producer support. Barnett is responsible for all corporate communications and strategic marketing programs including national advertising, PR and partnership programs. Barnett has a Master's degree in Educational Technology from San Diego State University and a Bachelor of Arts degree in Literature from Rutgers College.

  • speaker photo
    Greg Sternberg
    Security Architect, Sungard Availability Services

    Greg Sternberg is a Security Architect at Sungard Availability Services, CISO for ISSA, Denver and Affiliate Faculty at Regis University. He works at incorporating security into the SDLC and securing architectures. He has published and blogged on security and architecture topics and presented at SecureWorld, RMISC, ISC(2) and the Open Group Security Conferences. He holds CISSP, CISM and TOGAF certifications, has a Masters in Software Engineering and Management, is a member of ISACA, ISC(2), InfraGard and a board member of the Denver chapter of ISSA.

  • speaker photo
    Scott Giordano
    VP, Data Protection, Spirion

    Scott M. Giordano is an attorney with more than 20 years of legal, technology, and risk management consulting experience. An IAPP Fellow of Information Privacy and a Certified Information Security Systems Professional (CISSP), Scott serves as Spirion’s subject matter expert on multinational data protection and its intersection with technology, export compliance, internal investigations, information governance, and risk management. Prior to joining Spirion, he served as Director, Data Protection for Robert Half Legal and established the global privacy program for Esterline Technologies Corporation in Bellevue, WA.

  • speaker photo
    Sam Masiello
    CISO, Gates Corporation

    Sam Masiello has been working with email, messaging, and fighting internet pollution for over 25 years. Mr. Masiello currently serves as the CISO at Gates Corporation where he is responsible for the company's data security, risk, and global compliance compliance initiatives. Prior to Gates, he served as the CISO at TeleTech where he oversaw the protection of employee, consumer, and customer data for all of the organization's clients, which includes many Fortune 500 companies.
    Sam has also been the Chief Security Officer, head of Application Security, and head of Security research at companies such as Groupon, Return Path, and McAfee. He currently serves as Director-at-Large of The Coalition Against Unsolicited Commercial Email (CAUCE), National Advisory Board Member for SecureWorld, and is an Executive Board Member of Colorado Cyber. He has previously served as a member of the Board of Directors for the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG), the Steering Committee of the Online Trust Alliance (OTA) and a member of the Anti-Phishing Working Group (APWG).

  • speaker photo
    JT Gaietto
    CISSP, Executive Director, Cybersecurity Services

    JT has over eighteen years of experience providing enterprise information security and risk management services to a variety of organizations, with a particular emphasis on the financial services industry. He has been a Certified Information Systems Security Professional since 2003 and holds an undergraduate degree in Computer Information Systems from Northern Arizona University.

  • speaker photo
    Michael Stephen
    Privacy & Security Officer, Connect for Health Colorado

    Michael Stephen is currently responsible for the privacy and information security programs for the state of Colorado’s healthcare exchange. He has 20 years of technology and security experience covering a variety of industries including telecommunications, retail, government and healthcare. Michael has done information security consulting and advisory work for some of Accenture’s largest clients, he is an expert in developing compliance programs, has built privacy programs, and has direct experience in helping multiple organizations handle breaches and security incidents.

  • speaker photo
    Brent Lassi
    CISO, Bluecore, Inc.

    Brent Lassi is currently the CISO at Bluecore, Inc. He has nearly 20 years of experience in the information security field. Brent's previous roles include CISO at Carlson Wagonlit, Director of Information Security at UnitedHealth Group, CISO and VP of Information Security at Digital River, Inc. for a decade. He also co-founded one of the world’s first application security companies, specializing in secure design and review of software.

  • speaker photo
    Tighe Burke
    Partner, Jobplex

    Tighe Burke is a Partner and Cybersecurity Practice Lead with Jobplex, securing the next-generation of leaders on behalf of technology clients around the globe. As a search consultant in Silicon Valley, Tighe has developed powerful domain expertise executing searches for InfoSec positions as well as on behalf of security providers. He is regularly sought out by the brightest minds in technology to conduct hard-to-fill positions across the security landscape. Tighe has deep experience working with both early-stage and public companies to identify their security leaders.

  • speaker photo
    Jordan Fischer
    Managing Partner & Co-Founder, XPAN Law Group, LLC

    Jordan is a co-founder and managing partner of XPAN Law Group, LLC, a certified Women-Owned Enterprise law firm. She focuses her practice on international data privacy, cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations and the forthcoming GDPR. She has extensive experience in the intersection of law and technology. With a global perspective, Jordan works with clients to create cost-effective and business oriented approaches to cybersecurity and data privacy compliance. Jordan is also an adjunct law professor at the Thomas R. Kline School of Law, where she teaches a variety of legal courses.

  • speaker photo
    Thornton May
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company

    Thornton is one of America’s premier executive educators, designing and delivering high impact curricula at UCLA, UC-Berkeley, Arizona State University, The Ohio State University, Harvard University, the University of Kentucky, Babson, and the Olin College of Engineering. His programs mine the knowledge of the audience delivering practical insights in an engaging and interactive manner.

    As a futurist, Thornton writes columns on technology for three leading publications, researches at four think tanks, and advises major organizations and government agencies on how to think differently about technology—all the while conducting seminal anthropological field research into technology-use behaviors of the various tribes comprising modern society.

    No stranger to the risk and infosec tribe, Thornton has written for CSO Magazine and frequently advises, lectures, and always learns from professionals in the various agencies of the American intelligence community. In a previous life, Thornton served as the Chief Awareness Officer (CAO) for one of the world’s first managed security services firm.

    Thornton brings a scholar's patience for empirical research, a second-to-none gift for storytelling, and a stand-up comedian’s sense of humor to his audiences. His recent book, "The New Know: Innovation Powered by Analytics," examines the intersection of the analytic and IT tribes.

    The editors at eWeek honored Thornton, including him on their list of Top 100 Most Influential People in IT. The editors at Fast Company labeled him "one of the top 50 brains in technology today."

  • speaker photo
    Alex Wood
    CISO, Pulte Financial Services

    Alex Wood is currently the CISO for Pulte Financial Services and has over 18 years of experience in information security. Previously he has had managerial, program, and technical roles at several major companies in different verticals. Additionally, Alex has served on the Board of Directors for ISSA International and is a host of the Colorado = Security podcast. Alex is a CISSP and has a MAS in Information Security from the University of Denver.

  • speaker photo
    Mohamed Malki
    Enterprise Security Architecture, Colorado Governor Office of IT

    Mohamed Malki is an active member in Colorado cyber security community and global contributor to cyber security trainings and certifications. Mr.Malki is CISSP-ISSEP, CISA, CISM, CEH, Triple AWS Certifications, CSA CCSK, ISC2 CCSP, CompTIA Cloud+ and CSA+ Subject Matter Expert (SME). Mr. Malki is a community leader in preparing future cyber defenders and enable career change to fill the security professional workforce gap. Mr. Malki is the director of enterprise security architecture and HIPAA office with Colorado Governor Office of IT. Mr. Malki is the chairman of OIT Cloud Computing Governance Community with task to coordinate and collaborate cloud services consumption throughout the enterprise. Mr. Malki holds two masters in electrical and computer engineering.

  • speaker photo
    Thornton May
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company

    Thornton is one of America’s premier executive educators, designing and delivering high impact curricula at UCLA, UC-Berkeley, Arizona State University, The Ohio State University, Harvard University, the University of Kentucky, Babson, and the Olin College of Engineering. His programs mine the knowledge of the audience delivering practical insights in an engaging and interactive manner.

    As a futurist, Thornton writes columns on technology for three leading publications, researches at four think tanks, and advises major organizations and government agencies on how to think differently about technology—all the while conducting seminal anthropological field research into technology-use behaviors of the various tribes comprising modern society.

    No stranger to the risk and infosec tribe, Thornton has written for CSO Magazine and frequently advises, lectures, and always learns from professionals in the various agencies of the American intelligence community. In a previous life, Thornton served as the Chief Awareness Officer (CAO) for one of the world’s first managed security services firm.

    Thornton brings a scholar's patience for empirical research, a second-to-none gift for storytelling, and a stand-up comedian’s sense of humor to his audiences. His recent book, "The New Know: Innovation Powered by Analytics," examines the intersection of the analytic and IT tribes.

    The editors at eWeek honored Thornton, including him on their list of Top 100 Most Influential People in IT. The editors at Fast Company labeled him "one of the top 50 brains in technology today."

  • speaker photo
    Alex Wood
    CISO, Pulte Financial Services

    Alex Wood is currently the CISO for Pulte Financial Services and has over 18 years of experience in information security. Previously he has had managerial, program, and technical roles at several major companies in different verticals. Additionally, Alex has served on the Board of Directors for ISSA International and is a host of the Colorado = Security podcast. Alex is a CISSP and has a MAS in Information Security from the University of Denver.

  • speaker photo
    Mohamed Malki
    Enterprise Security Architecture, Colorado Governor Office of IT

    Mohamed Malki is an active member in Colorado cyber security community and global contributor to cyber security trainings and certifications. Mr.Malki is CISSP-ISSEP, CISA, CISM, CEH, Triple AWS Certifications, CSA CCSK, ISC2 CCSP, CompTIA Cloud+ and CSA+ Subject Matter Expert (SME). Mr. Malki is a community leader in preparing future cyber defenders and enable career change to fill the security professional workforce gap. Mr. Malki is the director of enterprise security architecture and HIPAA office with Colorado Governor Office of IT. Mr. Malki is the chairman of OIT Cloud Computing Governance Community with task to coordinate and collaborate cloud services consumption throughout the enterprise. Mr. Malki holds two masters in electrical and computer engineering.

  • speaker photo
    Greg Sternberg
    Security Architect, Sungard Availability Services

    Greg Sternberg is a Security Architect at Sungard Availability Services, CISO for ISSA, Denver and Affiliate Faculty at Regis University. He works at incorporating security into the SDLC and securing architectures. He has published and blogged on security and architecture topics and presented at SecureWorld, RMISC, ISC(2) and the Open Group Security Conferences. He holds CISSP, CISM and TOGAF certifications, has a Masters in Software Engineering and Management, is a member of ISACA, ISC(2), InfraGard and a board member of the Denver chapter of ISSA.

  • speaker photo
    Robb Reck
    Host, Colorado = Security podcast

    “Security only works when it’s in tune with the company it supports. Understanding what we are defending (and why) is more important than preventing, detecting or responding to threats. Understanding is dependent on high-quality relationships with stakeholders.”

    Robb has built successful risk-based security programs in the software and financial services industries. As Chief Information Security Officer at Ping Identity, he is responsible for ensuring the integrity of all Ping products, the confidentiality of sensitive data, and the availability of critical services.

    Previous to his role at Ping, Robb served as VP and CISO for Pulte Financial Services, and as Information Security Officer and Director of Risk Management for Harland Financial Solutions. Robb holds a Bachelor’s of Arts from George Fox University and an MBA from Colorado State University.

  • speaker photo
    Christopher Mandelaris
    CISO, Elevations Credit Union

    Chris Mandelaris is the Chief Information Security Officer of Elevations Credit Union. He has over 16 combined years’ experience in IT and Information Security. He received his Bachelor of Science from Central Michigan University and Master’s Degree Information Technology - Walsh College of Business Chris has earned CCISO, CISM, CISA, CRISC, PMP, ITILv3, Six Sigma, MCSA, MCP, CNA, Network+, A+ certifications and is an active member of PMI and ISACA organizations. Previously Chris has worked for Ford Motor Credit, Flagstar Bank, Electronic Arts, Dell, First Tennessee Bank and Bank of America taking on increased roles and responsibilities globally.

  • speaker photo
    Jordan Fischer
    Managing Partner & Co-Founder, XPAN Law Group, LLC

    Jordan is a co-founder and managing partner of XPAN Law Group, LLC, a certified Women-Owned Enterprise law firm. She focuses her practice on international data privacy, cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations and the forthcoming GDPR. She has extensive experience in the intersection of law and technology. With a global perspective, Jordan works with clients to create cost-effective and business oriented approaches to cybersecurity and data privacy compliance. Jordan is also an adjunct law professor at the Thomas R. Kline School of Law, where she teaches a variety of legal courses.

  • speaker photo
    Donald Smith
    Principle Security Architect, CenturyLink

    Donald Smith is responsible for technology leadership, proposals, and strategic direction. His contributions include DCID 6/16, NISPOM chapter 8, DNS changer working group (DCWG), Conficker WG, and numerous security BCPs and RFCs. He has been a SANS handler since 2002. He has spoken at many conferences; including NANOG 33,42,52,71; University of Denver, SecureWorld, Botnet and SANS conferences. Prior to joining CenturyLink, Donald he worked at CDC Inc. and for the US Army. He received his BS in Computer Science from the UW and GIAC from the SANS.

  • speaker photo
    Matt Shufeldt
    CISO, Cognizant Healthcare

    Winner of the CTA APEX 2017 (inaugural) CISO of Year award, Matt Shufeldt is a leader in the Cyber Security community with 25+ years working professionally in multiple areas of Information Technology. Matt has been a CISO in multiple industries and is the current CISO for Cognizant Healthcare. As a passionate technologist and an avid believer in strong process, Matt has applied his expertise across multiple industries at multiple levels. In addition to his technical and process knowledge, Matt has invested heavily in his own leadership development and the leadership development of his front line and strategic leaders.

  • speaker photo
    Pratik Lotia
    Security Engineer III, Charter Communications

    Pratik Lotia is a Security Engineer at Charter Communications, responsible for developing new architectures related to firewalls, IDS/IPS, and botnet detection.

  • speaker photo
    John Schiel
    Principal InfoSec Engineer, CenturyLink

    John has over 12 years of hands-on experience in network and information security and security architecture. John was the primary DDoS architect and provided direction and support to Network Operations on how to best protect CenturyLink’s network from DDoS attacks. He has decades of cross functional network and application experience and today uses his experience to help drive current security policies and direction for CenturyLink. John is passionate about improving network security and pushes CenturyLink and the industry to improve where it can.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Don't miss out!

Join us for high-quality, affordable cybersecurity training and networking. Sign up today!