googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, October 31, 2018
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Topic: The Journey to the Cloud – Roadblocks, Pitfalls & Silver Linings
    Registration Level:
    • session level iconVIP / Exclusive
    7:30 am - 8:30 am
    Location / Room: Windstar A

    Denver Advisory Council Kickoff (Advisory Council members only)
    Join us for breakfast and coffee.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    SecureWorld PLUS Part 1 - Security’s New Know: Strategic Skills for the Digital Age
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company
    speaker photo
    Head of Delivery, Mirador, LLC
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Mesa Verde A

    Security’s Dark Age is coming to an end. A sub-set of organizations has moved beyond the misunderstandings, stigmatizations, dysfunctional economics and toxic mindsets regarding the practice of security. A new age is upon us – an age that requires new thinking, new skills and new practices. This session – part Harvard MBA-in-a-box, part Amish barn raising and part therapy session features Futurist Thornton May and a faculty of local experts detailing what the positive path to the future might look like.

    8:00 am
    SecureWorld PLUS Part 1 - Using the NIST Cybersecurity Framework to Build and Mature an Information Security Program
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO, Uplight; Co-Host, Colorado = Security podcast
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Wind Star B

    Managing a successful Information Security Program requires a plan. In this hands-on workshop, participants will leverage the NIST Cybersecurity Framework as a guide to create or mature their security program. Regardless of industry, the framework provides an ideal platform for planning, communicating, and validating your security approach. This course is perfect for attendees that are just starting a security program, looking to mature their current program, or just looking to learn more about the Framework.

    8:00 am
    SecureWorld PLUS Part 1 - Cloud Security Training
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Director, Enterprise Security Architecture, Colorado Governor's Office of IT
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Wind River B

    The  3-part Cloud Security course will immerse students/attendees into the new frontier of IT and security services delivery in the Cloud. Using proven engaged learning techniques, students will leave the session with a solid Cloud Security knowledge and skills combined with applied hands-on on the most popular Cloud Services Provider.

    Course Outline:

    • Cloud Computing Governance, Risk, and Compliance (GRC)
    • Cloud Identity and Access Management (IAM)
    • Cloud Network Security
    • Cloud Compute Security
    • Cloud Storage Security
    • Cloud Application Security (DevSecOps)
    • Cloud Operation Security

    By the end of the session you will:

    • Have a solid understanding of the Cloud Computing and Security based on NIST and ISO/IEC.
    • Be able to evaluate the security posture of any Cloud Service Providers (CSP) Using FedRAMP and CSA CCM.
    • Be able to select, design, and deploy secure cloud services based on the business requirements
    • Use the knowledge and skill learned as a foundation to pursue popular Cloud Security Certifications such as CSA CCSK, ISC2 CCSP, and AWS Security

    To maximize the benefit of the class, the student needs to:

    • Have a Curious, and eager to learn.
    • Ask, Ask, and Ask questions
    • Bring their own laptops to participate in the labs and capture valuable information
    • Have an AWS free account at https://aws.amazon.com/free

    Course Outline:

    • Cloud Computing Governance, Risk, and Compliance (GRC)
    • Cloud Identity and Access Management (IAM)
    • Cloud Network Security
    • Cloud Compute Security
    • Cloud Storage Security
    • Cloud Application Security (DevSecOps)
    • Cloud Operation Security
    8:30 am
    InfraGard Meeting: Light Breakfast and Guest Presentation - Open to all Attendees
    • session level icon
    Presentation: Enhancing DDoS Protection
    speaker photo
    Principal Network Security Engineer, Charter Communications
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Keynote Theater

    Interested in your local associations? Join InfraGard for a chapter meeting, light breakfast and guest presentation. This session is open to all attendees.
    Guest Presentation:
    What is a DDoS attack? What are the most common types of DDoS attacks? How are DDoS attacks executed? How can I minimize the impact of DDoS attacks to my network? What are some newer types of DDoS attacks? What are some new technologies that are being used in the fight against DDoS? If you have been the victim of a DDoS attack or are curious about these questions then this talk is for you.

    8:30 am
    Leveraging GRC to Enhance the Value Proposition of Cybersecurity Programs
    • session level icon
    speaker photo
    Director of Cybersecurity & Compliance, Focus on the Family
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Chasm Creek B

    Have you heard these questions? How secure am I? Will our processes and controls protect us against a breach? Will I know if we are breached? How will we respond if we are breached?

    Come, join me as I share a story of how our team was able to demonstrate value through risk management and regular black swan workshops. You will gain an understanding of the value of forging a relationship with other process areas and disciplines (e.g. crisis team, information assurance, business continuity, risk management) in order to gain the traction needed and demonstrate value.

    8:30 am
    AI and Blockchain: The Latest Development in the Debate of Innovation vs. Security
    • session level icon
    speaker photo
    Attorney, Baker Donelson
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Highlands Amphitheater

    The unprecedented speed of innovation is a hallmark of the 21st century. How do we wrap our heads around its long term consequences. Artificial intelligence and block chain technology are the latest technological developments that will rapidly change our world. Are we carefully considering the long term consequences of these technologies on our security. What do we need to be considering so that we strike the right balance between innovation and security.

    9:30 am
    Opening Keynote: Risk & Security’s Bright Future: Mapping the Road Ahead
    • session level icon
    speaker photo
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    There has never been a better time to be a risk/security professional. Disruptive technologies fundamentally expand the “Art of the Possible;” reshape the solution provider ecosystem [with a new hierarchy of winners & losers]; and discombobulate expectations of how and by whom risk and security should be managed/led.

    In an entertaining and highly interactive session, Thornton May will share with attendees how leading Risk/Security Cartographers chart the future. Like the movers and shakers of the Renaissance, we stand on the shores of a new world –a Mundus Novus as Americo Vespucci labeled it in 1502.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: 3rd Party Risk - Creating & Managing a Program that Works
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Windstar A

    This session is for Advisory Council members only.

    11:15 am
    Cybercrime and What Your Insurance Company Is Doing About It
    • session level icon
    speaker photo
    SVP, Marketing and Business Development, NAS Insurance
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Mesa Verde B
    Being insured isn’t the same as being prepared. As cyber criminals continue to attack businesses at an alarming rate across every possible point of vulnerability, business insurers are taking dramatic steps to provide a more comprehensive and preventative solution to combat the growing cyber threats. Tech forensic companies, network security specialists and white hat hackers have come together with insurance providers to offer a new generation of threat intelligence services. While an unusual pairing, tech and insurance professionals are now collaborating to create state-of-the-art cyber security solutions.
    11:15 am
    Comodo: Malware, Legitimate Code Doing Illegitimate Things
    • session level icon
    speaker photo
    Security Engineer, West, Comodo
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Chasm Creek A

    You will never prevent 100% of malware from entering your network.

    11:15 am
    10 Application Security Myths
    • session level icon
    speaker photo
    Security Architect, Sungard Availability Services
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Highlands Amphitheater
    “AppSec is hard”, “We need (insert blinky box)”, “I’m not a programmer”, “Our company isn’t a target”, “Security is emergent”, “Internal apps don’t need to be secured”, etc…
    I suspect none of these will come as a surprise for anyone in Application Security but I continue to encounter these same myths year after year, company after company. My hope is that by sharing my pain and some of the approaches I’ve taken to educate development teams, we can share your successes and together we can bring development out of the rut it’s currently in.
    11:15 am
    Spirion: Celebrity Regulation Smackdown: GDPR vs. CCPA
    • session level icon
    speaker photo
    VP, Corporate Privacy, and General Counsel, Spirion
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Chasm Creek B

    The General Data Protection Regulation (GDPR) represents the most sweeping data protection regulation to be brought into force in the last 20 years.  It addresses not only data traditionally considered “sensitive,” but so-called “online identifiers,” such as MAC/IP addresses, geolocation data, and browser fingerprints.  Barely a month after the Regulation’s May 25, 2018 commencement date, the California Consumer Privacy Act of 2018 (CCPA) was passed into law, the result of a frenetic 6-day drafting process.  Many consider the two laws to effectively be the same, but a close inspection reveals some striking differences.  In this presentation, a privacy industry veteran will offer some perspective on both laws.  Key takeaways include:

    • An understanding of the primary differences between the two laws;
    • Information security requirements under both laws; and
    • Leveraging GDPR compliance efforts to meet the requirements of the CCPA
    12:00 pm
    Advisory Council LUNCH Roundtable – (VIP / Invite Only)
    • session level icon
    Topic: Security Workforce - Staffing/Retention, Fair Wages, Outsourcing
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Windstar A

    This session is for Advisory Council members only.
    Lunch will be served during this roundtable discussion.

    12:15 pm
    LUNCH KEYNOTE: Trends in Cybercrime
    • session level icon
    speaker photo
    Assistant to the Special Agent in Charge, U.S. Secret Service
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    The Secret Service’s Electronic Crimes Task Forces combine the resources of academia; the private sector; and local, state, and federal law enforcement agencies to combat computer-based threats to our Nation’s financial payment systems and critical infrastructures, as authorized by the Patriot Act to “prevent, detect and investigate various forms of electronic crimes, including potential terrorist attacks against critical infrastructure and financial payment systems.” The goal of the Electronic Crimes Task Forces is to establish, promote and continue a robust public/private partnership based on the U.S. Secret Service’s historic strategic alliances with federal, state and local law enforcement agencies, private industry and academic institutions in order to respond, confront and suppress cybercrime, malicious uses of cyberspace and threats to cyber security that endanger the integrity of our Nation’s financial payments systems and threats against our Nation’s critical infrastructure.

    1:15 pm
    Re-thinking Our Talent Shortage: Planning for the Future Began Yesterday
    • session level icon
    speaker photo
    Partner, Jobplex
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:15 pm
    Location / Room: Chasm Creek A
    All too often, breaches or attacks on organizations are the result of an otherwise trustworthy employee’s negligence. Whether it’s using a company device on a public wifi or ignoring password updates to confidential data, it’s human nature to error. So…how do we mitigate that? Can we pre-screen for that? This expert presentation will discuss little-known tactics deployed to avoid potential hiring risks, while also integrating non-security professionals into a highly secure environment.
    1:15 pm
    Panel: What Will They Think of Next? (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    It would seem the more we “build a better mousetrap” the better the threats become. Will machine learning and AI be used against us in the future? Will these and other innovations be hacked and used for gain? Will the Crime as a Business platform take off where business competitors are utilizing these attacks for the upper hand? Perhaps the cars that are being hacked will evolve into driverless vehicles that are hacking companies from inside there own parking lots. What about drones? So many questions, let’s see what our experts say on this panel.
    Panelists:
    Gary Sockrider, NETSCOUT
    Jeremiah Cruit, ThreatX
    Bill Parmetee, Optiv
    Jeff Bird, Virtual Armor
    Moderator: Christopher Riley

    1:15 pm
    Panel: Phishing and Social Engineering Scams 2.0
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Highlands Amphitheater

    Phishing continues to be the #1 attack vector for the bad guys. Why? Simply put: it works. These attacks keep getting more realistic and sophisticated. In the future we should expect nothing less. Criminals will do more homework on their potential victims and possible pose as business leads or clients to gain our trust. What sales person doesn’t want email from a potential client who wants a new solution? Or they may just lay in wait until they’ve collected enough information to strike. Will they actually come to your business and drop thumb drives like pen testers do? Use drones to do their dirty work? Our experts will discuss the current state of affairs and brainstorm possible new scenarios.
    Panelists:
    Arnel Manalo, Richey May
    Joseph Tarbill, Principle Promontory, Financial Group
    Brenden Smith, FirstBank
    Moderator: Tim Dennis

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Executive Leadership Panel: Building a Career in Cybersecurity
    • session level icon
    speaker photo
    Sr. Cybersecurity Scientist, L3 Harris
    speaker photo
    CISO, The Anschutz Corporation
    speaker photo
    Executive Director, Cybersecurity Services, Richey May & Co., LLP
    speaker photo
    Security GRC Manager, Rightway Healthcare
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: Highlands Amphitheater

    Every security leader has a different and sometimes unique story about how they got to where they are. In many cases, they didn’t imagine that one day they will end up in security.
    Moreover, security is relatively new practice, it is done differently in every organization, and is a target that is moving constantly.

    In this panel we will hear from our panelists about:
    1. How do you develop your career in Security?
    2. What skills do you need to have?
    3. How do you keep yourself up to date?
    4. Stories from the front lines and a-ha moments

    3:00 pm
    The CISO Stop List
    • session level icon
    speaker photo
    CISO, Bluecore, Inc.
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Chasm Creek B

    Each year security teams are faced with new threats, new compliance requirements, new technologies, new environments, and new marching orders from management. Most respond by adding new processes, people, and tools to satisfy the emerging needs, but how often do we look at what we’re already doing and say “That is wrong. That is extraneous. That is of low value”? Or even, “That is hurting the security program. That is hurting my career”? This session will cast a baleful eye on some of the habits security professionals have developed and failed to shed as the landscape evolves.

    3:00 pm
    Vetting Your Vendors
    • session level icon
    Understanding the “Chain of Control” of Data, Security Pitfalls in Third-Party Contracts and Service Agreements
    speaker photo
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Chasm Creek A

    One of the most important considerations in cybersecurity does not involve your own direct network security; it involves your partners and vendors. In the world of cybersecurity, you are only as strong as the weakest link in your vendor chain. The ease, convenience and cost effectiveness of outsourcing certain business functions frequently overshadows the potential pitfalls lurking in using outside third-parties and vendors. This presentation will discuss the steps your organization needs to take to ensure that any partners or vendors with access to your network systems or company data are meeting (at least) a minimum level of security requirements.

    3:00 pm
    SecureWorld PLUS Part 2 - Security’s New Know: Strategic Skills for the Digital Age
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company
    speaker photo
    Head of Delivery, Mirador, LLC
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Mesa Verde A

    Security’s Dark Age is coming to an end. A sub-set of organizations has moved beyond the misunderstandings, stigmatizations, dysfunctional economics and toxic mindsets regarding the practice of security. A new age is upon us – an age that requires new thinking, new skills and new practices. This session – part Harvard MBA-in-a-box, part Amish barn raising and part therapy session features Futurist Thornton May and a faculty of local experts detailing what the positive path to the future might look like.

    3:00 pm
    SecureWorld PLUS Part 2 - Using the NIST Cybersecurity Framework to Build and Mature an Information Security Program
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, Uplight; Co-Host, Colorado = Security podcast
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Wind Star B

    Managing a successful Information Security Program requires a plan. In this hands-on workshop, participants will leverage the NIST Cybersecurity Framework as a guide to create or mature their security program. Regardless of industry, the framework provides an ideal platform for planning, communicating, and validating your security approach. This course is perfect for attendees that are just starting a security program, looking to mature their current program, or just looking to learn more about the Framework.

    3:00 pm
    SecureWorld PLUS Part 2- Cloud Security Training
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director, Enterprise Security Architecture, Colorado Governor's Office of IT
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Wind River B

    The  3-part Cloud Security course will immerse students/attendees into the new frontier of IT and security services delivery in the Cloud. Using proven engaged learning techniques, students will leave the session with a solid Cloud Security knowledge and skills combined with applied hands-on on the most popular Cloud Services Provider.

    Course Outline:

    • Cloud Computing Governance, Risk, and Compliance (GRC)
    • Cloud Identity and Access Management (IAM)
    • Cloud Network Security
    • Cloud Compute Security
    • Cloud Storage Security
    • Cloud Application Security (DevSecOps)
    • Cloud Operation Security

    By the end of the session you will:

    • Have a solid understanding of the Cloud Computing and Security based on NIST and ISO/IEC.
    • Be able to evaluate the security posture of any Cloud Service Providers (CSP) Using FedRAMP and CSA CCM.
    • Be able to select, design, and deploy secure cloud services based on the business requirements
    • Use the knowledge and skill learned as a foundation to pursue popular Cloud Security Certifications such as CSA CCSK, ISC2 CCSP, and AWS Security

    To maximize the benefit of the class, the student needs to:

    • Have a Curious, and eager to learn.
    • Ask, Ask, and Ask questions
    • Bring their own laptops to participate in the labs and capture valuable information
    • Have an AWS free account at https://aws.amazon.com/free

    Course Outline:

    • Cloud Computing Governance, Risk, and Compliance (GRC)
    • Cloud Identity and Access Management (IAM)
    • Cloud Network Security
    • Cloud Compute Security
    • Cloud Storage Security
    • Cloud Application Security (DevSecOps)
    • Cloud Operation Security
  • Thursday, November 1, 2018
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    SecureWorld PLUS Part 3 - Security’s New Know: Strategic Skills for the Digital Age
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company
    speaker photo
    Head of Delivery, Mirador, LLC
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Mesa Verde A

    Security’s Dark Age is coming to an end. A sub-set of organizations has moved beyond the misunderstandings, stigmatizations, dysfunctional economics and toxic mindsets regarding the practice of security. A new age is upon us – an age that requires new thinking, new skills and new practices. This session – part Harvard MBA-in-a-box, part Amish barn raising and part therapy session features Futurist Thornton May and a faculty of local experts detailing what the positive path to the future might look like.

    8:00 am
    SecureWorld PLUS Part 3 - Using the NIST Cybersecurity Framework to Build and Mature an Information Security Program
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, Uplight; Co-Host, Colorado = Security podcast
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Wind Star B

    Managing a successful Information Security Program requires a plan. In this hands-on workshop, participants will leverage the NIST Cybersecurity Framework as a guide to create or mature their security program. Regardless of industry, the framework provides an ideal platform for planning, communicating, and validating your security approach. This course is perfect for attendees that are just starting a security program, looking to mature their current program, or just looking to learn more about the Framework.

    8:00 am
    SecureWorld PLUS Part 3 - Cloud Security Training
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director, Enterprise Security Architecture, Colorado Governor's Office of IT
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Wind River B

    The  3-part Cloud Security course will immerse students/attendees into the new frontier of IT and security services delivery in the Cloud. Using proven engaged learning techniques, students will leave the session with a solid Cloud Security knowledge and skills combined with applied hands-on on the most popular Cloud Services Provider.

    Course Outline:

    • Cloud Computing Governance, Risk, and Compliance (GRC)
    • Cloud Identity and Access Management (IAM)
    • Cloud Network Security
    • Cloud Compute Security
    • Cloud Storage Security
    • Cloud Application Security (DevSecOps)
    • Cloud Operation Security

    By the end of the session you will:

    • Have a solid understanding of the Cloud Computing and Security based on NIST and ISO/IEC.
    • Be able to evaluate the security posture of any Cloud Service Providers (CSP) Using FedRAMP and CSA CCM.
    • Be able to select, design, and deploy secure cloud services based on the business requirements
    • Use the knowledge and skill learned as a foundation to pursue popular Cloud Security Certifications such as CSA CCSK, ISC2 CCSP, and AWS Security

    To maximize the benefit of the class, the student needs to:

    • Have a Curious, and eager to learn.
    • Ask, Ask, and Ask questions
    • Bring their own laptops to participate in the labs and capture valuable information
    • Have an AWS free account at https://aws.amazon.com/free

    Course Outline:

    • Cloud Computing Governance, Risk, and Compliance (GRC)
    • Cloud Identity and Access Management (IAM)
    • Cloud Network Security
    • Cloud Compute Security
    • Cloud Storage Security
    • Cloud Application Security (DevSecOps)
    • Cloud Operation Security
    8:30 am
    Securing Your Vote: Did I Vote for Who I Thought I Voted For?
    • session level icon
    speaker photo
    Security Architect, Sungard Availability Services
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Chasm Creek B
    Thanks in part to DEF CON, we know that voting machines are poorly secured. However, the more ‘interesting’ piece here is the desire of the general public and many public officials to be able to vote over the Internet. (*blockchain*) And, regardless of whether you want Internet voting or not – it’s coming. In fact, for some states and countries and citizens, it’s already here.
    Join me as we look at how our votes are counted and audited, the current security state of voting in general and what the future may (or may not) entail.
    8:30 am
    No Adversary Needed: Dysfunctional Security Programs and Self-Inflicted Malaise
    • session level icon
    speaker photo
    Director, Promontory
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Mesa Verde B

    Does your company lack or adhere to a set of best practice standardized enterprise security program framework? Do you know if your the program is effective? Is it maturing or about the same year after year?

    Come learn from a veteran CISO on how to recognize familiar tendencies and characteristics of stagnant misaligned security programs. Then, understand how to positively influence, change, or alter your program’s course and subsequent maturity.

    8:30 am
    The Impact of the GDPR on Cross-Border Data Management and Cybersecurity
    • session level icon
    Walking the Tightrope of Compliance and Business Efficiency
    speaker photo
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Chasm Creek A

    Principles of data privacy, technology, and cybersecurity converge when organizations exchange, transfer and process information. With the forthcoming European Union’s General Data Protection Regulation (GDPR), the intersection of data, technology, business and law is poised to become increasingly complex. And each of these complications will have a huge impact on a company’s operations, network infrastructure, and legal relationships with third-parties. This presentation will explore the impact of the GDPR on cross-border data management, its intersection with domestic data obligations and its effect on creating efficient and secure data management practices that meet the needs of the business.

    8:30 am
    Transform Your Business by Transforming Security
    • session level icon
    speaker photo
    Co-Host, Colorado = Security Podcast
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Highlands Amphitheater

    Cybersecurity began as a function within IT, and as a result it was necessarily focused internally, on back-office technologies. However, as the importance of security has become more understood, so has the need for a more strategic approach to security. In this presentation, Robb will discuss how security leaders can improve their security program by moving outside of internal IT siloes and help the company embrace new technologies.

    The highest value activities in most organizations revolve around customer interactions and product development. All too frequently security is not involved in these areas. Similarly, security is usually cited as the number one reason for reluctance to adopt new technologies such as cloud, consumerization and IoT. By getting security involved in the strategic planning for these areas, security can enable their company to move faster with more confidence, ultimately allowing their company to outperform their competitors.

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    OPENING KEYNOTE: Paradigm Paradox for National Defense
    • session level icon
    speaker photo
    Program Manager, Air Force CyberWorx, Center for Technology, Research and Commercialization
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    Since opening Air Force CyberWorx in 2016, the projected need for continuous, quick responses to new cyber attacks, drone swarms, hypersonic missiles, lasers, and electronic attacks means warfighters will have to team and innovate on-the-fly. Not only is the foreseen operational environment busy, speedy, and multi-domain, but the information environment is rife with adversaries operating under looser, more fragmented operating models for intelligence services. When faced with such onslaughts, both AI and good education for defenders (in industry and government) and the ability to partner quickly toward innovative answers and disruptions will win the day.
    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: A Tactical Discussion – Dividing the Big Picture into Short-Term Wins
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Windstar A

    This session is for Advisory Council members only.

    11:15 am
    Memcache, the Largest DDoS Attack Ever Seen: How You Enabled It, and How You Can Prevent It
    • session level icon
    speaker photo
    Principle Security Architect, CenturyLink
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Highlands Amphitheater

    Impeding reflective surfaces by dropping well-known reflective amplifiable ports to protect your network and to prevent contributing to similar attacks in the future.

    11:15 am
    Cisco: An Anatomy of Attack
    • session level icon
    speaker photo
    Consulting Systems Engineer, Cloud Security, Cisco
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Chasm Creek B

    Cybercriminals are increasingly exploiting the internet services to build agile and resilient infrastructures, and consequently to protect themselves from being exposed and taken over. This session will explain how the correlation of internet data on multiple levels (DNS, BGP, ASN, Prefixes/IPs) can be used to build and deliver a new model of security that is pervasive and predictive, and that allows us to expose the attackers’ infrastructure. Learn how detection models can be built and applied (such as co-occurrences, NLPRank, and Spike Detectors), and how the different detectors can be integrated to expose malicious infrastructures and advanced persistent threats.

    11:15 am
    Darktrace: Autonomous Cyber Defense: AI and the Immune System Approach
    • session level icon
    speaker photo
    Director, Darktrace
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Chasm Creek A

    Legacy approaches to cyber security, which rely on knowledge of past attacks, are simply not sufficient to combat new, evolving attacks. A fundamentally new approach to cyber defense is needed to detect and respond to the threats that are already inside the network – before they turn into a full-blown crisis.

    Self-learning systems represent a fundamental step-change in automated cyber defense. Based on machine learning and probabilistic mathematics, these new approaches to security can establish a highly accurate understanding of normal behavior by learning an organization’s ‘pattern of life,’. They can spot abnormal activity as it emerges and even take precise, measured actions to automatically curb the threat.

    12:15 pm
    LUNCH KEYNOTE: Using Agile Methodologies in Security
    • session level icon
    speaker photo
    CISO, Cognizant Healthcare
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    Agile methodologies are just for development. This statement couldn’t be farther from the truth. Agile methodologies can be used to ensure your security team is always working on the most important of your never ending assignments. It can also be used to improve overall quality and efficiency in the delivery of value for your overworked security team. In this presentation we will examine how Agile methods can start benefiting your team right away as well as improving the maturity of your environment long term.

     

    1:15 pm
    Panel: Extortion as-a-Service? - Ransomware and Beyond
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Highlands Amphitheater

    Remember when ransomware just seized up your computer and wanted you to send Bitcoin to unlock it? With the advances in cybercrime, the thieves are not only locking and encrypting your files, but they are also finding your dirty little secrets. You may not pay for the run of the mill files you have backed up, but you might be more inclined to pay even more to make sure no one finds out about you and a certain someone in accounting you are messaging. Or, what about all the credit card numbers you aren’t storing correctly? It would be a shame if your boss knew you were sending out resumes… Will these attacks also be available for purchase on the dark web?Join the discussion with our experts and come up with a plan to mitigate this problem.
    Panelists:
    Scott Giordano, Spirion
    Eric Wong, Comodo
    Christian Espinosa, Alpine Security
    Clint Harris, Cisco
    Moderator: Sam Masiello

    1:15 pm
    Panel: Stopping the Attacks (Incident Response)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Security teams are struggling to keep up with the myriad of attack vectors that exist. Future InfoSec professionals will take a more adversarial approach to incident response. Will we have artificial intelligence helping threat hunters squash attacks before they can do any significant damage on the network while alerting the authorities in real time? Can a true partnership form between organizations and law enforcement to share information? Join our experts as they discuss challenges modern security teams face and how we can build a better plan for tomorrow.
    Panelists:
    Steve Jordan, Fortinet
    Michael Stephen, Connect For Health Colorado
    Nelson Cottier, Ixia
    Brenden Smith, First Bank
    Moderator: Randall Frietzsche

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Automating Firewall Certification with Robot Framework
    • session level icon
    speaker photo
    Security Engineer III, Charter Communications
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Chasm Creek A
    With constant new version updates for Firewall devices combined with new vulnerabilities in the various versions, production devices need to be routinely upgraded to the newest version to ensure not just security compliance, but also availability to use new features. Any new versions need to undergo several tests before being deployed in production. Robot Framework allows to automate configuration, audits, verification and all test cases, using keyword driven approach with Python, as the underlying platform.
    3:00 pm
    Anti-Spoofing: Let’s Get Real
    • session level icon
    speaker photo
    Principal InfoSec Engineer, CenturyLink
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Highlands Amphitheater
    IP Spoofing is a major cause of DDoS attacks. This presentation describes the problem and methods to remove spoofed traffic from your network.
    3:00 pm
    Helping the Business Cope with Security and Privacy
    • session level icon
    speaker photo
    Chief Information & Digital Officer, City of Aurora
    speaker photo
    CISO, City of Aurora
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Chasm Creek B

    The adoption of information security and privacy by the business can be one of the greatest frustrations you may encounter. The principles may not be adequately understood and regulations unreasonably feared. This often results in inconsistent governance, poor funding, avoidance, and occasionally employees undermining your efforts.

    The security and privacy practitioner must understand the motivations behind this behavior if they want to be successful. The presenters will discuss how to proactively address employee resistance and engage leadership using the grief and change models. The concepts discussed can scale to a wide range of industries and various sizes of companies.

Exhibitors
  • ACP Colorado Rocky Mountain Chapter
    Booth:

    ACP is the premier organization for business continuity professionals providing a powerful networking and learning environment for ACPits members. Known for its progressive programs, workshops and symposiums, the organization has become a unifying force in defining and leading the continuously evolving fields of business continuity, disaster recovery, and emergency response (the “profession”). The Organization is strategically aligned with business partners such as DRI International, and BC Management, as well as our corporate sponsors. With a strong presence in North America, ACP has 42 chapters and over 2,300 members. We welcome all individuals, regardless of experience or certification, with an interest in the Profession.

    Founded in 1983, we are an established community of industry experts, educators, practitioners, leaders, facilitators and advocates. Our members view us as connectors and as a vital networking source.

  • Alpin
    Booth: 438

    Alpin is the single dashboard to monitor and manage your SaaS ecosystem.

    No more running around with spreadsheets, trying to figure out which applications exist, who is using them and how, what they cost, when they will be renewing, which ones are insecure, etc.

    Alpin lets you see what’s happening among your cloud software applications, reduce costs up to 30% while managing license renewals and compliance, and monitor activity so you can take action on important security risks.

  • Alpine Security
    Booth: 121

    Alpine Security is a Service Disabled Veteran owned Small Business. We have extensive experience with security audits, regulatory compliance audits, vulnerability assessments, penetration testing (network, application, web application, and physical), social engineering, incident response, digital forensics, and user awareness & technical training.  Our team members are Industry Certified, bring vast project experience, highly educated, trusted, and experienced.  We have been on United States government red teams and have experience with military cyber operations – offensive and defensive.  Our team is also well-versed and experienced with commercial security assessments, audits, penetration testing, risk assessments, and incident response.  We have performed penetration tests and assessments for numerous industries, including aerospace & defense, education, healthcare, financial, energy, and oil & gas.  Our extensive experience in high-risk and complex environments ensures we are prepared to test your environment, regardless of the risk-level or complexity.  We’ve been tested under fire.

  • NETSCOUT Arbor
    Booth: 416

    For 15 years, the world’s leading network operators across ISP, cloud and enterprise markets have relied on NETSCOUT Arbor for traffic visibility, advanced threat detection and DDoS mitigation. Through a combination of market-leading technology, elite security research, intuitive workflows and powerful data visualizations, NETSCOUT Arbor allows you to efficiently connect the dots to understand attack activity and to take action with confidence. See the threat, understand the risk and protect your business with NETSCOUT Arbor.

  • Big Switch Networks
    Booth: 329

    Big Switch Networks is the next-gen networking company. Big Monitoring Fabric is an NPB that enables pervasive visibility and security across all workloads: physical, VM , container or cloud. Big Mon Inline enables pervasive security in the DMZ while offering lower-cost and SDN-centric operational simplicity. Tech partnerships include: A10, Palo Alto Networks, Symantec, FireEye, ExtraHop, Riverbed.

  • Binary Defense
    Booth: 102

    Binary Defense is a managed security services provider and software developer with leading cybersecurity solutions that include SOC-as-a-Service, Managed Detection & Response, Security Information & Event Management, Threat Hunting and Counterintelligence. Binary Defense believes its unique approach resolves infosec’s biggest challenges such as limited in-house security expertise, lack of innovative resources and the significant budgetary and time investment required to ensure protection from today’s threats.

  • Bitdefender
    Booth: 222

    Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.

    From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.

  • Cisco
    Booth: 321

    Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.

  • Cloud Security Alliance Colorado Chapter
    Booth: TBD

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Colorado ECTF
    Booth:

    As a result of the amalgamation of advanced technology and the Internet, both the quantity and sophistication of cybercrimes targeting U.S. financial institutions and critical infrastructure have increased. Today, criminal trends show an increased use of phishing emails, account takeovers, malicious software, hacking attacks and network intrusions resulting in significant data breaches. To protect the nation’s financial infrastructure from cyber and financial criminals, the Secret Service has adopted a multi-pronged approach.

  • Colorado Technology Association
    Booth:

    The Colorado Technology Association leads the network of companies and professionals fueling Colorado’s economy, through technology.

    At the Colorado Technology Association, we:

    – Lead an inclusive network that benefits our member community
    – Advocate for a pro-business and technology-friendly climate
    – Influence the development of a robust talent pipeline
    – Lead initiatives to help companies grow.

  • Comodo Cybersecurity
    Booth: 105

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • CSU Global Campus
    Booth: 435

    CSU-Global was created by the Colorado State University System Board of Governors in 2007 as the first independent, 100% online university in the U.S.

  • Cyberbit
    Booth: 109

    Cyberbit provides a consolidated detection and response platform that protects an organization’s entire attack surface across IT, OT and IoT networks. Cyberbit products have been forged in the toughest environments on the globe and include: behavioral threat detection, incident response automation and orchestration, ICS/SCADA security, and the world’s leading cyber range. Since founded in mid-2015 Cyberbit’s products were rapidly adopted by enterprises, governments, academic institutions and MSSPs around the world. Cyberbit is a subsidiary of Elbit Systems (NASDAQ: ESLT) and has offices in Israel, the US, Europe, and Asia.

  • Darktrace
    Booth: 300

    Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.

    The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.

  • Digital Shadows
    Booth: 327

    Digital Shadows monitors and manages an organization’s digital risk, providing relevant threat intelligence across the widest range of data sources within the open, deep, and dark web to protect their brand, and reputation.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Fortinet
    Booth: 200

    Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.

  • Gigamon
    Booth: 450

    Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com. 

  • HelpSystems
    Booth: 115

    GoAnywhere MFT automates and encrypts file transfers using industry standard protocols (e.g. OpenPGP, AES, FTPS, SFTP, SCP, AS2, and HTTPS). With full audit trails and reporting functionality, GoAnywhere can help organizations comply with strict compliance regulations like PCI DSS, HIPAA, and the GDPR.

  • Illusive Networks
    Booth: 400

    Illusive Networks is a pioneer of deception technology, empowering security teams to take informed action against advanced, targeted cyberattacks by detecting and disrupting lateral movement toward critical business assets early in the attack life cycle. Agentless and driven by intelligent automation, Illusive technology enables organizations to significantly increase proactive defense ability while adding almost no operational overhead. Illusive’s Deceptions Everywhere® approach was conceived by cybersecurity experts with over 50 years of combined experience in cyber warfare and cyber intelligence. With the ability to proactively intervene in the attack process, technology-dependent organizations can preempt significant operational disruption and business losses, and function with greater confidence in today’s complex, hyper-connected world.

  • InfraGard
    Booth:

    InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of individuals, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.

    The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.

  • ISACA Denver Chapter
    Booth:

    The Denver Chapter of ISACA® (formerly EDPAA) was founded in June 1976 with just a handful of members. Today, the Denver chapter with over 1,040 members, is one of the largest chapters within the Southwestern Region. The Denver Chapter contributes to the international organization with financial support and periodic hosting of the International Conference.

    The Denver Chapter of ISACA® is a non-profit organization dedicated to the continued development and enhancement of the information systems audit and control profession by providing benefits to its members and to the professional community-at-large.

  • ISC2 Denver Chapter
    Booth:

    ISC2 is the largest not-for-profit membership body of certified information security professionals worldwide, with nearly 80,000 members in more than 135 countries. Globally recognized as the Gold Standard, ISC2 issues the Certified Information Systems Security Professional (CISSP®) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP®), Certified Authorization Professional (CAP®), and Systems Security Certified Practitioner (SSCP®) credentials to qualifying candidates.

  • ISSA Colorado Springs Chapter
    Booth:

    ISSA Colorado Springs Chapter: Developing and Connecting Cybersecurity Leaders Globally. ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.

  • Ixia, a Keysight Business
    Booth: 100

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Lastline
    Booth: 405

    Lastline delivers innovative AI-powered network security that detects and defeats advanced threats entering or operating within a network. We protect network, email, cloud, and web infrastructures, minimizing the risk of damaging and costly data breaches with fewer resources and at lower cost.

  • Optiv
    Booth: 205

    Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.

  • OWASP Denver
    Booth:
  • SecurityScorecard
    Booth: 425

    SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their third-parties through continuous, non-intrusive monitoring. SecurityScorecard’s proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Application Security, Malware, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Information.

  • Skybox Security
    Booth: 421

    Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.

  • SOFTwarfare
    Booth: 221

    Organizations today must account for, secure, and evaluate their protections for system-to-system communications often crossing the different boundaries they establish for their technical infrastructure. SOFTwarfare is a comprehensive product platform partner who solves the integration headaches that most Our customers face, one integration at a time. The KillerAppz™ Platform delivers to customers one common methodology for architecture-driven, cloud hybrid-integrated environments and will help the broader cybersecurity industry to make changes to the way they integrate cyber systems.

  • Spirion
    Booth: 305

    Spirion is a leading enterprise data management software solution that provides high-precision searches and automated classification of unstructured and structured data with unparalleled accuracy.  Spirion helps businesses reduce their sensitive data footprint and proactively minimize risks, costs and reputational damage of cyberattacks by discovering, classifying, monitoring and protecting sensitive data.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tevora – Trend Micro
    Booth: 333

    Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats. For more information visit https://www.tevora.com.com/.

  • Threat X, Inc
    Booth: 221

    ThreatX protects web applications and APIs from cyber threats across cloud and on-prem environments. By combining behavior profiling and collective threat intelligence with deep analytics, ThreatX delivers precise protection and complete threat visibility. ThreatX Managed Service combines threat hunting with 24/7 access to security experts along with operational management, virtually eliminating costs associated with legacy WAFs.

  • TrustedSec
    Booth: 102

    TrustedSec is a leader in attack intelligence and security advisory services. Our team of highly talented, skilled, senior consultants sets us apart from other commodity-service security companies. We form partnerships with our number one goal to help you holistically improve your security program. You’ll find that working with us amounts to more than “just another engagement”—it’s establishing an understanding with your organization, and working to make you more secure, and better as a whole.

     

  • VirtualArmour
    Booth: 302

    VirtualArmour is an international cybersecurity and Managed Services provider that delivers customized solutions to help businesses build, monitor, maintain and secure their networks.

    The Company maintains 24/7 client monitoring and service management with specialist teams located in its US and UK-based security operation centers (“SOC”). Through partnerships with best-in-class technology providers, VirtualArmour delivers only leading hardware and software solutions for customers that are both sophisticated and scalable, and backed by industry-leading customer service and experience. VirtualArmour’s proprietary CloudCastr client portal and prevention platform provides clients with unparalleled access to real-time reporting on threat levels, breach prevention and overall network security.

    VirtualArmour services a wide range of clients – which include those listed on the Fortune 500 – within several industry sectors, in over 30 countries, across five continents. Further information about the Company is available under its profile on the SEDAR website, www.sedar.com, on the CSE website, www.thecse.com, and on its website www.virtualarmour.com

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Thornton May
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company

    Thornton is one of America’s premier executive educators, designing and delivering high impact curricula at UCLA, UC-Berkeley, Arizona State University, The Ohio State University, Harvard University, the University of Kentucky, Babson, and the Olin College of Engineering. His programs mine the knowledge of the audience delivering practical insights in an engaging and interactive manner.

    As a futurist, Thornton writes columns on technology for three leading publications, researches at four think tanks, and advises major organizations and government agencies on how to think differently about technology—all the while conducting seminal anthropological field research into technology-use behaviors of the various tribes comprising modern society.

    No stranger to the risk and infosec tribe, Thornton has written for CSO Magazine and frequently advises, lectures, and always learns from professionals in the various agencies of the American intelligence community. In a previous life, Thornton served as the Chief Awareness Officer (CAO) for one of the world’s first managed security services firm.

    Thornton brings a scholar's patience for empirical research, a second-to-none gift for storytelling, and a stand-up comedian’s sense of humor to his audiences. His recent book, "The New Know: Innovation Powered by Analytics," examines the intersection of the analytic and IT tribes.

    The editors at eWeek honored Thornton, including him on their list of Top 100 Most Influential People in IT. The editors at Fast Company labeled him "one of the top 50 brains in technology today."

  • speaker photo
    Co-Presenter: Rich Moss
    Head of Delivery, Mirador, LLC

    Rich Moss is a nationally known technology executive with 17 years of IT leadership experience. Rich started his career designing security and remote connectivity solutions. He has a proven track record of translating business requirements into technical objectives and ensuring execution of complex whole-corporate initiatives. Rich has developed enterprise-class technical strategies for non-profit organizations, financial service companies, retail chains, and start-ups. His ability to leverage cloud technologies and virtualization as levelers of the playing field in the favor of small businesses has driven the demand for his expertise as a thought leader and a public speaker. Rich is engaged in developing analytical insight to all sizes of businesses and regularly contributes to organizations that celebrate such. Rich is currently working with Mirador, LLC to revolutionize financial reporting.

  • speaker photo
    Alex Wood
    CISO, Uplight; Co-Host, Colorado = Security podcast

    Alex Wood is currently the CISO for Uplight and has more than 18 years of experience in information security. Previously, he has had managerial, program, and technical roles at several major companies in different verticals. Additionally, Alex has served on the Board of Directors for ISSA International and is a host of the Colorado = Security podcast. Alex is a CISSP and has an MAS in Information Security from the University of Denver.

  • speaker photo
    Mohamed Malki
    Director, Enterprise Security Architecture, Colorado Governor's Office of IT

    Mohamed Malki, director of enterprise security architecture and HIPAA officer, has been key in transforming the State of Colorado’s security landscape. He’s been critical in building Colorado’s cybersecurity plan, designing Colorado's public cloud architecture and building the requirements for Colorado's Blockchain center of excellence. Mohamed holds multiple degrees, speaks four languages, and has more than 50 certifications, including CSA CCSAK, ISACA CCAK, ISO/IEC 27001 lead Implementer and Auditor Instructor, AWS Cloud Architect, CISSP, CISM, PMP,Google GCP Architect, and Certified Ethical Hacker. A certified security trainer, Mohamed has helped hundreds of individuals achieve various certifications and proactively offers sessions for employees. Mohamed was recognized as “State Cybersecurity Leader of the Year 2019," the state leader who demonstrates a passion and focus on keeping systems secure and thinking about security in the big picture of state IT. More at: https://statescoop.com/2019-statescoop-50-awards-recognize-state-it-leaders-projects

  • speaker photo
    Rich Compton
    Principal Network Security Engineer, Charter Communications

    Rich Compton has been working at ISPs for the last 20 years. He was the very first Network Security Engineer at Charter Communications and has been working in the cable industry for the past 16 years. In his tenure at Charter, he has dealt with all facets of network security. He now focuses on DDoS detection and mitigation, stopping botnets, and keeping Charter's network infrastructure secure.

  • speaker photo
    Rhett Saunders
    Director of Cybersecurity & Compliance, Focus on the Family

    Before coming to Focus on the Family, Rhett served the Federal Reserve, and while there, led regular Enterprise Risk Management discussions between the Federal Reserve and U.S. Treasury with a focus on cybersecurity. He is a former NSA cryptoanalyst and a U.S. Army veteran, having served multiple joint intelligence communities, both foreign and domestic government agencies in international locations.

    Rhett is a public speaker on the topic of privacy and identity theft prevention. He lectures on cybersecurity and cryptography topics at University of Colorado Colorado Springs (UCCS) and Flatiron School. He also serves on the SecureWorld Advisory Council. Rhett earned a Master of Business Administration from LeTourneau University and holds the CISSP credential.

  • speaker photo
    Justin Daniels
    Attorney, Baker Donelson

    Justin Daniels is a thought leader in cybersecurity who believes cybersecurity must be treated by the c-suite as a strategic enterprise business risk. He provides strategic advice to companies to help them understand cyber risk and create a comprehensive approach to address it. Justin is general counsel to one of the largest enterprise data centers in the country dedicated to the development of blockchain technologies that is headquartered in College Park, Georgia. He also speaks regularly on topics that include blockchain, cryptomining and AI as well as conducting realistic cyber breach incident response tabletop exercises. He completed the MIT Sloan School of Management course entitled "Blockchain Technologies: Business Innovation and Application" in December 2018. He brings a cyber lens to business and legal issues in mergers and acquisitions, investment capital transactions and related due diligence matters, information security plans, incident response plans, vendor and customer contracts and cyber insurance. Justin is an attorney with Baker Donelson, where he is a corporate attorney who specializes in M&A and other business transactions.

  • speaker photo
    Thornton May
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company

    Thornton is one of America’s premier executive educators, designing and delivering high impact curricula at UCLA, UC-Berkeley, Arizona State University, The Ohio State University, Harvard University, the University of Kentucky, Babson, and the Olin College of Engineering. His programs mine the knowledge of the audience delivering practical insights in an engaging and interactive manner.

    As a futurist, Thornton writes columns on technology for three leading publications, researches at four think tanks, and advises major organizations and government agencies on how to think differently about technology—all the while conducting seminal anthropological field research into technology-use behaviors of the various tribes comprising modern society.

    No stranger to the risk and infosec tribe, Thornton has written for CSO Magazine and frequently advises, lectures, and always learns from professionals in the various agencies of the American intelligence community. In a previous life, Thornton served as the Chief Awareness Officer (CAO) for one of the world’s first managed security services firm.

    Thornton brings a scholar's patience for empirical research, a second-to-none gift for storytelling, and a stand-up comedian’s sense of humor to his audiences. His recent book, "The New Know: Innovation Powered by Analytics," examines the intersection of the analytic and IT tribes.

    The editors at eWeek honored Thornton, including him on their list of Top 100 Most Influential People in IT. The editors at Fast Company labeled him "one of the top 50 brains in technology today."

  • speaker photo
    Jeremy Barnett
    SVP, Marketing and Business Development, NAS Insurance

    Jeremy Barnett is Senior Vice President of Marketing and Business Development for NAS Insurance, based in Los Angeles. Jeremy works across all NAS lines of business including Cyber, Specialty Products and Reinsurance solutions to provide brand strategy, product marketing, sales training, and producer support. Barnett is responsible for all corporate communications and strategic marketing programs including national advertising, PR and partnership programs. Barnett has a Master's degree in Educational Technology from San Diego State University and a Bachelor of Arts degree in Literature from Rutgers College.

  • speaker photo
    Eric Wong
    Security Engineer, West, Comodo

    Eric Wong is an experienced security engineer with 15 years in the security industry. He has worked with many different security technologies and F-500 clients over the years, focusing on architecting and deploying secure environments. Eric brings the unique expertise of working on both sides of the isle, from the client-side practitioner role to representing and implementing security technologies. He has a deep understanding and focus on endpoint security and last but not lease, a love for all things with a motor!

  • speaker photo
    Greg Sternberg
    Security Architect, Sungard Availability Services

    Greg Sternberg is a Security Architect at Sungard Availability Services, CISO for ISSA, Denver and Affiliate Faculty at Regis University. He works at incorporating security into the SDLC and securing architectures. He has published and blogged on security and architecture topics and presented at SecureWorld, RMISC, ISC(2) and the Open Group Security Conferences. He holds CISSP, CISM and TOGAF certifications, has a Masters in Software Engineering and Management, is a member of ISACA, ISC(2), InfraGard and a board member of the Denver chapter of ISSA.

  • speaker photo
    Scott M. Giordano
    VP, Corporate Privacy, and General Counsel, Spirion

    Scott M. Giordano is an attorney with more than 25 years of legal, technology, and risk management consulting experience. IAPP Fellow, CISSP, CCSP, Scott is also former General Counsel at Spirion LLC, where he specialized in global data protection, tech, compliance, investigations, governance, and risk. Scott is a member of the bar in Washington state, California, and the District of Columbia.

  • speaker photo
    Ike Barnes
    Assistant to the Special Agent in Charge, U.S. Secret Service

    Assistant to the Special Agent in Charge (ATSAIC) Ike Barnes is a graduate of the United States Military Academy at West Point. After serving in the US Army, ATSAIC Barnes became a Special Agent with the Secret Service in 2000 and was assigned to the New York Field Office. While there, ATSAIC Barnes was a member of the New York Electronic Crimes Task Force and other criminal investigative squads. After his assignment to the New York Field Office, ATSAIC Barnes was assigned to the Presidential Protective Division. After the Presidential Protective Division, ATSAIC Barnes was assigned to Secret Service Headquarters. ATSAIC Barnes is currently assigned to the Denver Field Office and is in charge of the Colorado Electronic Crimes Task Force.

  • speaker photo
    Tighe Burke
    Partner, Jobplex

    Tighe Burke is a Partner and Cybersecurity Practice Lead with Jobplex Inc. in Denver, securing the next-generation of leaders on behalf of technology clients around the globe. Tighe has developed powerful domain expertise executing searches for InfoSec functional roles as well as on behalf of security providers.

    He previously spent 5 years as a search consultant in Silicon Valley, and is regularly sought out by the brightest minds in technology to conduct hard-to-fill positions across the security landscape. Tighe has deep experience working with both early-stage and public companies to identify their current and future security leaders.

  • speaker photo
    Moderator: Derek Isaacs
    Sr. Cybersecurity Scientist, L3 Harris

    Author, speaker, and SME. Specialties and certifications include: CISSP, CRISC, CGEIT, Security+, C|EH, C|NDA, ITILv.3, C|CISO

  • speaker photo
    Sam Masiello
    CISO, The Anschutz Corporation

    Sam Masiello has been working with email, messaging, and fighting internet pollution for over 25 years. Prior to Beckage, he served as the CISO at Gates Corporation, where he was responsible for the company's data security, risk, and global compliance initiatives. Before that, he was CISO at TeleTech, where he oversaw the protection of employee, consumer, and customer data for all of the organization's clients, which included many Fortune 500 companies.

    Sam has also been the Chief Security Officer, Head of Application Security, and Head of Security Research at companies such as Groupon, Return Path, and McAfee. He currently serves as Director-at-Large of The Coalition Against Unsolicited Commercial Email (CAUCE), National Advisory Board Member for SecureWorld, and is an Executive Board Member of Colorado Cyber. He has previously served as a member of the Board of Directors for the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG), the Steering Committee of the Online Trust Alliance (OTA), and a member of the Anti-Phishing Working Group (APWG).

  • speaker photo
    JT Gaietto
    Executive Director, Cybersecurity Services, Richey May & Co., LLP

    JT has over 18 years of experience providing enterprise information security and risk management services to a variety of organizations, with a particular emphasis on the financial services industry. He has been a Certified Information Systems Security Professional (CISSP) since 2003, and holds an undergraduate degree in Computer Information Systems from Northern Arizona University.

  • speaker photo
    Michael Stephen
    Security GRC Manager, Rightway Healthcare

    Michael Stephen is a 20+ year Cybersecurity and Privacy professional who has worked in multiple industries including telecommunications, healthcare, state and local government, finance and restaurant. His experience includes designing, building and supporting security solutions, and successfully implementing compliance and privacy programs to support business goals. He holds active certifications CISSP, SABSA, prior multiple Cisco network and security, and his last position was Privacy & Security Officer at Connect for Health Colorado.

  • speaker photo
    Brent Lassi
    CISO, Bluecore, Inc.

    Brent Lassi is currently the CISO at Bluecore, Inc. He has nearly 20 years of experience in the information security field. Brent's previous roles include CISO at Carlson Wagonlit, Director of Information Security at UnitedHealth Group, CISO and VP of Information Security at Digital River, Inc. for a decade. He also co-founded one of the world’s first application security companies, specializing in secure design and review of software.

  • speaker photo
    Jordan Fischer, Instructor
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP

    Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Thornton May
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company

    Thornton is one of America’s premier executive educators, designing and delivering high impact curricula at UCLA, UC-Berkeley, Arizona State University, The Ohio State University, Harvard University, the University of Kentucky, Babson, and the Olin College of Engineering. His programs mine the knowledge of the audience delivering practical insights in an engaging and interactive manner.

    As a futurist, Thornton writes columns on technology for three leading publications, researches at four think tanks, and advises major organizations and government agencies on how to think differently about technology—all the while conducting seminal anthropological field research into technology-use behaviors of the various tribes comprising modern society.

    No stranger to the risk and infosec tribe, Thornton has written for CSO Magazine and frequently advises, lectures, and always learns from professionals in the various agencies of the American intelligence community. In a previous life, Thornton served as the Chief Awareness Officer (CAO) for one of the world’s first managed security services firm.

    Thornton brings a scholar's patience for empirical research, a second-to-none gift for storytelling, and a stand-up comedian’s sense of humor to his audiences. His recent book, "The New Know: Innovation Powered by Analytics," examines the intersection of the analytic and IT tribes.

    The editors at eWeek honored Thornton, including him on their list of Top 100 Most Influential People in IT. The editors at Fast Company labeled him "one of the top 50 brains in technology today."

  • speaker photo
    Co-Presenter: Rich Moss
    Head of Delivery, Mirador, LLC

    Rich Moss is a nationally known technology executive with 17 years of IT leadership experience. Rich started his career designing security and remote connectivity solutions. He has a proven track record of translating business requirements into technical objectives and ensuring execution of complex whole-corporate initiatives. Rich has developed enterprise-class technical strategies for non-profit organizations, financial service companies, retail chains, and start-ups. His ability to leverage cloud technologies and virtualization as levelers of the playing field in the favor of small businesses has driven the demand for his expertise as a thought leader and a public speaker. Rich is engaged in developing analytical insight to all sizes of businesses and regularly contributes to organizations that celebrate such. Rich is currently working with Mirador, LLC to revolutionize financial reporting.

  • speaker photo
    Alex Wood
    CISO, Uplight; Co-Host, Colorado = Security podcast

    Alex Wood is currently the CISO for Uplight and has more than 18 years of experience in information security. Previously, he has had managerial, program, and technical roles at several major companies in different verticals. Additionally, Alex has served on the Board of Directors for ISSA International and is a host of the Colorado = Security podcast. Alex is a CISSP and has an MAS in Information Security from the University of Denver.

  • speaker photo
    Mohamed Malki
    Director, Enterprise Security Architecture, Colorado Governor's Office of IT

    Mohamed Malki, director of enterprise security architecture and HIPAA officer, has been key in transforming the State of Colorado’s security landscape. He’s been critical in building Colorado’s cybersecurity plan, designing Colorado's public cloud architecture and building the requirements for Colorado's Blockchain center of excellence. Mohamed holds multiple degrees, speaks four languages, and has more than 50 certifications, including CSA CCSAK, ISACA CCAK, ISO/IEC 27001 lead Implementer and Auditor Instructor, AWS Cloud Architect, CISSP, CISM, PMP,Google GCP Architect, and Certified Ethical Hacker. A certified security trainer, Mohamed has helped hundreds of individuals achieve various certifications and proactively offers sessions for employees. Mohamed was recognized as “State Cybersecurity Leader of the Year 2019," the state leader who demonstrates a passion and focus on keeping systems secure and thinking about security in the big picture of state IT. More at: https://statescoop.com/2019-statescoop-50-awards-recognize-state-it-leaders-projects

  • speaker photo
    Thornton May
    Futurist, Author & Professor, Named "One of the top 50 brains in technology today" by Fast Company

    Thornton is one of America’s premier executive educators, designing and delivering high impact curricula at UCLA, UC-Berkeley, Arizona State University, The Ohio State University, Harvard University, the University of Kentucky, Babson, and the Olin College of Engineering. His programs mine the knowledge of the audience delivering practical insights in an engaging and interactive manner.

    As a futurist, Thornton writes columns on technology for three leading publications, researches at four think tanks, and advises major organizations and government agencies on how to think differently about technology—all the while conducting seminal anthropological field research into technology-use behaviors of the various tribes comprising modern society.

    No stranger to the risk and infosec tribe, Thornton has written for CSO Magazine and frequently advises, lectures, and always learns from professionals in the various agencies of the American intelligence community. In a previous life, Thornton served as the Chief Awareness Officer (CAO) for one of the world’s first managed security services firm.

    Thornton brings a scholar's patience for empirical research, a second-to-none gift for storytelling, and a stand-up comedian’s sense of humor to his audiences. His recent book, "The New Know: Innovation Powered by Analytics," examines the intersection of the analytic and IT tribes.

    The editors at eWeek honored Thornton, including him on their list of Top 100 Most Influential People in IT. The editors at Fast Company labeled him "one of the top 50 brains in technology today."

  • speaker photo
    Co-Presenter: Rich Moss
    Head of Delivery, Mirador, LLC

    Rich Moss is a nationally known technology executive with 17 years of IT leadership experience. Rich started his career designing security and remote connectivity solutions. He has a proven track record of translating business requirements into technical objectives and ensuring execution of complex whole-corporate initiatives. Rich has developed enterprise-class technical strategies for non-profit organizations, financial service companies, retail chains, and start-ups. His ability to leverage cloud technologies and virtualization as levelers of the playing field in the favor of small businesses has driven the demand for his expertise as a thought leader and a public speaker. Rich is engaged in developing analytical insight to all sizes of businesses and regularly contributes to organizations that celebrate such. Rich is currently working with Mirador, LLC to revolutionize financial reporting.

  • speaker photo
    Alex Wood
    CISO, Uplight; Co-Host, Colorado = Security podcast

    Alex Wood is currently the CISO for Uplight and has more than 18 years of experience in information security. Previously, he has had managerial, program, and technical roles at several major companies in different verticals. Additionally, Alex has served on the Board of Directors for ISSA International and is a host of the Colorado = Security podcast. Alex is a CISSP and has an MAS in Information Security from the University of Denver.

  • speaker photo
    Mohamed Malki
    Director, Enterprise Security Architecture, Colorado Governor's Office of IT

    Mohamed Malki, director of enterprise security architecture and HIPAA officer, has been key in transforming the State of Colorado’s security landscape. He’s been critical in building Colorado’s cybersecurity plan, designing Colorado's public cloud architecture and building the requirements for Colorado's Blockchain center of excellence. Mohamed holds multiple degrees, speaks four languages, and has more than 50 certifications, including CSA CCSAK, ISACA CCAK, ISO/IEC 27001 lead Implementer and Auditor Instructor, AWS Cloud Architect, CISSP, CISM, PMP,Google GCP Architect, and Certified Ethical Hacker. A certified security trainer, Mohamed has helped hundreds of individuals achieve various certifications and proactively offers sessions for employees. Mohamed was recognized as “State Cybersecurity Leader of the Year 2019," the state leader who demonstrates a passion and focus on keeping systems secure and thinking about security in the big picture of state IT. More at: https://statescoop.com/2019-statescoop-50-awards-recognize-state-it-leaders-projects

  • speaker photo
    Greg Sternberg
    Security Architect, Sungard Availability Services

    Greg Sternberg is a Security Architect at Sungard Availability Services, CISO for ISSA, Denver and Affiliate Faculty at Regis University. He works at incorporating security into the SDLC and securing architectures. He has published and blogged on security and architecture topics and presented at SecureWorld, RMISC, ISC(2) and the Open Group Security Conferences. He holds CISSP, CISM and TOGAF certifications, has a Masters in Software Engineering and Management, is a member of ISACA, ISC(2), InfraGard and a board member of the Denver chapter of ISSA.

  • speaker photo
    Seth Kulakow
    Director, Promontory

    Seth is a director in Promontory’s cyber practice, where he advises clients on all aspects of tactical and strategic cybersecurity. He has more than 20 years of experience providing dynamic, secure, and cost-effective security solutions and programs. He has served in senior information security positions at companies ranging from startups to large multinational firms. He was appointed by the governor of Colorado to serve as the state’s Chief Information Security Officer and as CISO of Denver International Airport. Seth has an M.S from CSU and was bestowed an honorary doctorate from the University of Advancing Technology.

  • speaker photo
    Jordan Fischer, Instructor
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP

    Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Robb Reck, Moderator
    Co-Host, Colorado = Security Podcast
  • speaker photo
    Greg Bennett
    Program Manager, Air Force CyberWorx, Center for Technology, Research and Commercialization

    Air Force Officer for 22 years culminating as the Director of Research for a Department of Defense and Dept. of Homeland Security interagency research center delivering capability to the Homeland Security Enterprise and the Air Force. He was the CEO for a small business in Colorado Springs for 14 years and is currently the program manager and strategic transfer manager for Air Force CyberWorx and Dept. of Homeland Security Center of Innovation located at the Air Force Academy. He is charged with accelerating technologies, capabilities and policies from concept to implementation.

  • speaker photo
    Donald Smith
    Principle Security Architect, CenturyLink

    Donald Smith is responsible for technology leadership, proposals, and strategic direction. His contributions include DCID 6/16, NISPOM chapter 8, DNS changer working group (DCWG), Conficker WG, and numerous security BCPs and RFCs. He has been a SANS handler since 2002. He has spoken at many conferences; including NANOG 33,42,52,71; University of Denver, SecureWorld, Botnet and SANS conferences. Prior to joining CenturyLink, Donald he worked at CDC Inc. and for the US Army. He received his BS in Computer Science from the UW and GIAC from the SANS.

  • speaker photo
    Clint Harris
    Consulting Systems Engineer, Cloud Security, Cisco

    Clint is a Consulting Security Engineer with Cisco. He has over 19 years of experience in information security. Originally from New Zealand, he was an Avionics Engineer in the Royal New Zealand Airforce for five years before entering civilian life as a System Administrator with Peace Software. Experiencing a company breach and response first-hand in 1999, he quickly embraced IT Security and hasn't looked back.

    After moving to the United States, he joined Internet Security Systems (ISS) in Atlanta, GA, and remained there for about a decade. He held a variety of roles at ISS and remained through the IBM acquisition for the foundation of the IBM Security group. After a stint as a Security Analyst with American Cancer Society—helping to create more birthdays in the world—he moved to Seattle and started working at Lancope as a Systems Engineer.

    Cisco acquired Lancope in 2016, and Clint has since transitioned to the Cloud Security group.

  • speaker photo
    Jesse Hood
    Director, Darktrace

    Jesse Hood is a Director at Darktrace, the world’s leading cyber AI company. Jesse has helped many enterprise organizations and SMB’s throughout Colorado and the neighboring states deploy cyber AI to detect and stop emerging threats. He works with businesses across a range of industries, including finance, healthcare, biopharma, local government, oil & gas, energy, critical infrastructure, legal firms, and more. During Jesse’s tenure at Darktrace, the company has grown to over 3,000 customers and has been the recipient of numerous achievements, including: Fast Company’s Most Innovative Companies 2018, Forbes Cloud 100 2018, and the CNBC Disruptor 50 2018.

  • speaker photo
    Matt Shufeldt
    CISO, Cognizant Healthcare

    Winner of the CTA APEX 2017 (inaugural) CISO of Year award, Matt Shufeldt is a leader in the Cyber Security community with 25+ years working professionally in multiple areas of Information Technology. Matt has been a CISO in multiple industries and is the current CISO for Cognizant Healthcare. As a passionate technologist and an avid believer in strong process, Matt has applied his expertise across multiple industries at multiple levels. In addition to his technical and process knowledge, Matt has invested heavily in his own leadership development and the leadership development of his front line and strategic leaders.

  • speaker photo
    Pratik Lotia
    Security Engineer III, Charter Communications

    Pratik Lotia is a Security Engineer at Charter Communications, responsible for developing new architectures related to firewalls, IDS/IPS, and botnet detection.

  • speaker photo
    John Schiel
    Principal InfoSec Engineer, CenturyLink

    John has over 12 years of hands-on experience in network and information security and security architecture. John was the primary DDoS architect and provided direction and support to Network Operations on how to best protect CenturyLink’s network from DDoS attacks. He has decades of cross functional network and application experience and today uses his experience to help drive current security policies and direction for CenturyLink. John is passionate about improving network security and pushes CenturyLink and the industry to improve where it can.

  • speaker photo
    Aleta Jeffress
    Chief Information & Digital Officer, City of Aurora

    Aleta Jeffress is the Chief Information and Digital Officer for the City of Aurora. She has over 20 years as a successful executive business leader and technologist building relationships between business and technology to enable digital transformation and market growth. She drives innovative strategies for business and IT leadership, and has developed teams for Cybersecurity and Project Management Offices from the ground up. Her career began in startup software companies where she started in a call center environment and moved through private and public sector organizations in the areas of software quality, development, product management, and ultimately leadership.

  • speaker photo
    Tim McCain
    CISO, City of Aurora

    Tim McCain is the Chief Information Security Officer for the City of Aurora, Colorado. He has been in the governance, risk, and compliance industry for 18 years at the manager, director, and CISO level of start-ups to multi-national corporations, including public and private sector. He sees his role as a business enabler, driving meaningful business security and privacy culture change.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes