Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Tuesday, October 29, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    7:30 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    7:30 am - 8:30 am

    Denver Advisory Council Kickoff (Advisory Council members only)
    Join us for breakfast and coffee – topic to be determined.

    8:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 1 - Cloud Security Training
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Director, Security Architecture, State of Colorado, Governor's Office of IT
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    The  3-part Cloud Security course will immerse students/attendees into the new frontier of IT and security services delivery in the Cloud. Using proven engaged learning techniques, students will leave the session with a solid Cloud Security knowledge and skills combined with applied hands-on on the most popular Cloud Services Provider.

    Course Outline:

    • Cloud Computing Governance, Risk, and Compliance (GRC)
    • Cloud Identity and Access Management (IAM)
    • Cloud Network Security
    • Cloud Compute Security
    • Cloud Storage Security
    • Cloud Application Security (DevSecOps)
    • Cloud Operation Security

    By the end of the session you will:

    • Have a solid understanding of the Cloud Computing and Security based on NIST and ISO/IEC.
    • Be able to evaluate the security posture of any Cloud Service Providers (CSP) Using FedRAMP and CSA CCM.
    • Be able to select, design, and deploy secure cloud services based on the business requirements
    • Use the knowledge and skill learned as a foundation to pursue popular Cloud Security Certifications such as CSA CCSK, ISC2 CCSP, and AWS Security

    To maximize the benefit of the class, the student needs to:

    • Have a Curious, and eager to learn.
    • Ask, Ask, and Ask questions
    • Bring their own laptops to participate in the labs and capture valuable information
    • Have an AWS free account at https://aws.amazon.com/free

    Course Outline:

    • Cloud Computing Governance, Risk, and Compliance (GRC)
    • Cloud Identity and Access Management (IAM)
    • Cloud Network Security
    • Cloud Compute Security
    • Cloud Storage Security
    • Cloud Application Security (DevSecOps)
    • Cloud Operation Security
    8:00 am
    SecureWorld PLUS Part I
    • session level icon
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    8:30 am
    (ISC)2 Chapter Meeting and Guest Presentation - Open to All Attendees
    • session level icon
    Topic: Who's Your Hacker? ... And Why It Matters
    speaker photo
    Lead Security Architect, Colorado Judicial Department
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am

    Join (ISC)2 for a chapter meeting and guest presentation. This is for chapter members and anyone interested in learning more about the association.
    Presentation: Because no organization is 100% unhackable, organizations establish “acceptable” levels of risk. We then build our security strategy around the risk of our organization being hacked. In that case, how much of a role does the hacker play in that risk analysis? In this presentation, the speaker will share perspectives about security intelligence for your program. If there is time, he will give a short demo of a free tool and share ideas on how you can use this in your own organization’s security strategy.

    8:30 am
    Using Vault to Better Protect Your Secrets
    • session level icon
    speaker photo
    Sr. Software Engineer, GroupOn
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    All developers have seen it and few will admit to doing it. Putting unprotected authentication credentials like usernames and passwords or cloud service authentication keys into application code or scripts. This talk is for developers of all levels who are interested in a better way to manage their secrets and become the next hero with their security department. (Your results may vary.)
    8:30 am
    InfraGard Chapter Meeting and Guest Presentation - Open to all Attendees
    • session level icon
    Topic: CISA - What You Should Know and How to Access New Resources to Protect Your Organization
    speaker photo
    Cybersecurity Advisor, DHS / CISA
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am

    The threats and threat actors facing our nation are becoming more complex than any point in our history. In 2018, a new cybersecurity agency was developed under the oversight of the Department of Homeland Security: Cybersecurity and Infrastructure Security Agency (CISA). CISA is mobilizing a collective defense that seeks to understand and manage risk to our critical infrastructure.

    Learn about how CISA will impact your organization, and how to access the free tools and resources that are now available.
    We will explore:

    • An overview of CISA
    • Cybersecurity Assessment Offerings
    • Cybersecurity Service Catalog Offerings
    • Cyber Incident Reporting Guidelines
    • MS-ISAC Service Offerings
    9:30 am
    [OPENING KEYNOTE] Business Email Compromise: Real World Stories and Practical Defense
    • session level icon
    speaker photo
    Special Agent, United States Secret Service
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am

    The average loss from a bank robbery is about $3,000. The average loss from a successful Business Email Compromise (BEC) attack is nearly $130,000. That kind of math explains why BEC is rampant, and every type of organization is at risk. During this presentation, hear from the point person on BEC cases investigated by the U.S. Secret Service. He’ll share true crime examples of and practical steps for defense against BEC losses, which now stand at $13.5 billion in the last six years.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm

    This session is for Advisory Council members only.

    11:15 am
    [Panel] Knowledge Is Power: Women in Cybersecurity
    • session level icon
    speaker photo
    Vice President, Chief Security Officer, MedeAnalytics
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    It is often said that true knowledge must be gained through experience; either through one’s own life or through others. Join this opportunity to hear from women who bring perspectives from diverse industries (retail, financial, healthcare, utilities) as they share their different experiences as women living the information security career journey.

    11:15 am
    [Radware] Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Security Evangelist, North America, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    11:15 am
    ISACA Chapter Meeting & Guest Presentation - Open to all Attendees
    • session level icon
    Presenting: Threat Intelligence - The Humans, The SIEMs, and the Analytics
    speaker photo
    Sr. Security Engineer in SOC Operations, Forensics, and Threat Hunting, Pulte Financial Services
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    The landscape of SOC .vs. Threat has become a game of brinkmanship and 7/24 risk. In the past 8 years as the stakes continue to escalate, tactics are the pivotal point.  It’s no longer sufficient to have effective defenses, its essential to characterize threats as they view us: targets. This presentation analyzes the integration of tools, data resources, and human intuition to weigh and plan responses to secure resources.
    Objectives:
    • Base-lining & integrate SIEM, IPS, & defensive tools
    • Discussion, history, and review of Threat Intel as it applies to ‘us’ as targets
    • Integrating human logic to field and effective force

    11:15 am
    Culture and Collaboration: How Working Together Builds the Bridge Between People, Process, and Technology
    • session level icon
    speaker photo
    Security Awareness and Training leader, Ernst & Young LLP
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Having worked in many different industries, company sizes, and employee populations as both a consultant and practitioner, I’ve seen the good, bad, and ugly ways companies approach security awareness. The one thing that I have seen consistently in “good” awareness programs is the willingness to collaborate with groups outside of the security team. Attendees will learn how to leverage marketing, physical security, corporate communications, HR, legal, and yes, even employee health into a holistic approach to securing the human.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm

    This session is for Advisory Council members only.

    12:15 pm
    [LUNCH KEYNOTE] 7 Ways To Boost InfoSec’s Influence (and Yours) by Communicating Differently
    • session level icon
    speaker photo
    Emmy-Winning Journalist, SecureWorld
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm

    Grow your personal influence, your leadership possibilities and move your InfoSec objectives forward (faster) by thinking differently about how you communicate. Whether your audience is the board, your team, or any part of the business, this session will help you and your communication stand out. Lead by a long-time TV reporter turned cybersecurity journalist who shares a framework for powerful communication you can implement immediately.

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.

    1:15 pm
    Panel: Knowledge Is Power (Encryption)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    Encryption: the translation of data into a secret code. Very much like the codes that Elisebeth Friedman had cracked against the rum runners and bootleggers during the Prohibition days. Our heroine was able to smash their codes and determine when the next shipments were scheduled to arrive stateside. Knowledge truly was power as Friedman was able to effectively predict the future through her diligent code breaking. The level of sophistication may have changed but the point of encryption was and still is to safeguard the data from those that are not part of the group. Our experts will discuss the importance of using encryption to keep our information secure as well as address some of the best practices and pitfalls to watch out for.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    CISO Ventures Panel: Are Cybersecurity Startups Meeting Expectations of Buyers Taking a Risk on Them?
    • session level icon
    speaker photo
    Founder & Managing Director, Whiteboard Venture Partners
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    The number of cyber startups is growing exponentially, with 4300+ cybersecurity companies worldwide including several private “unicorns”. With so many startups engaged in helping organizations achieve cybersecurity outcomes, how do organizational decisionmakers think about the risks involved in working with them? A panel of CISOs will share their expectations of and experiences with cybersecurity startups, including how they use solutions from startups to meet existing and emerging cybersecurity challenges.

     

    3:00 pm
    Building a Cybersecurity Program: Lessons Learned from a New CISO
    • session level icon
    speaker photo
    CISO, Denver Health
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    The first few years in a CISO role can offer unique challenges and opportunities. Gain insight into a new CISO’s experience building a security program and doing all the things necessary to be successful. We will discuss key learnings and takeaways about the importance of relationships, strategic vs. technical/tactical efforts, managing vendors, leading a team, and keeping up with emerging threats and new technology.
    Presentation Level: MANAGERIAL (security and business leaders)

    3:00 pm
    Incident Response Execution - Interactive Exercise
    • session level icon
    speaker photo
    Cyber Risk Advisory Board Member , Pepperdine University
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Malicious activity is ever changing – therefore the approach of incident response must also change. It is essential for incident responders to expand beyond traditional incident response activities by digging deeper into alerts. In this interactive session, incident responders will have the opportunity to practice problem solving through real life scenarios by pivoting off data points, threat hunting, and proposing viable solutions that expand beyond conventional response activities.

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:00 pm
    SecureWorld PLUS Part 2- Cloud Security Training
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director, Security Architecture, State of Colorado, Governor's Office of IT
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    The  3-part Cloud Security course will immerse students/attendees into the new frontier of IT and security services delivery in the Cloud. Using proven engaged learning techniques, students will leave the session with a solid Cloud Security knowledge and skills combined with applied hands-on on the most popular Cloud Services Provider.

    Course Outline:

    • Cloud Computing Governance, Risk, and Compliance (GRC)
    • Cloud Identity and Access Management (IAM)
    • Cloud Network Security
    • Cloud Compute Security
    • Cloud Storage Security
    • Cloud Application Security (DevSecOps)
    • Cloud Operation Security

    By the end of the session you will:

    • Have a solid understanding of the Cloud Computing and Security based on NIST and ISO/IEC.
    • Be able to evaluate the security posture of any Cloud Service Providers (CSP) Using FedRAMP and CSA CCM.
    • Be able to select, design, and deploy secure cloud services based on the business requirements
    • Use the knowledge and skill learned as a foundation to pursue popular Cloud Security Certifications such as CSA CCSK, ISC2 CCSP, and AWS Security

    To maximize the benefit of the class, the student needs to:

    • Have a Curious, and eager to learn.
    • Ask, Ask, and Ask questions
    • Bring their own laptops to participate in the labs and capture valuable information
    • Have an AWS free account at https://aws.amazon.com/free

    Course Outline:

    • Cloud Computing Governance, Risk, and Compliance (GRC)
    • Cloud Identity and Access Management (IAM)
    • Cloud Network Security
    • Cloud Compute Security
    • Cloud Storage Security
    • Cloud Application Security (DevSecOps)
    • Cloud Operation Security
    3:00 pm
    SecureWorld Plus Part II
    • session level icon
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
  • Wednesday, October 30, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 3 - Cloud Security Training
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director, Security Architecture, State of Colorado, Governor's Office of IT
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    The  3-part Cloud Security course will immerse students/attendees into the new frontier of IT and security services delivery in the Cloud. Using proven engaged learning techniques, students will leave the session with a solid Cloud Security knowledge and skills combined with applied hands-on on the most popular Cloud Services Provider.

    Course Outline:

    • Cloud Computing Governance, Risk, and Compliance (GRC)
    • Cloud Identity and Access Management (IAM)
    • Cloud Network Security
    • Cloud Compute Security
    • Cloud Storage Security
    • Cloud Application Security (DevSecOps)
    • Cloud Operation Security

    By the end of the session you will:

    • Have a solid understanding of the Cloud Computing and Security based on NIST and ISO/IEC.
    • Be able to evaluate the security posture of any Cloud Service Providers (CSP) Using FedRAMP and CSA CCM.
    • Be able to select, design, and deploy secure cloud services based on the business requirements
    • Use the knowledge and skill learned as a foundation to pursue popular Cloud Security Certifications such as CSA CCSK, ISC2 CCSP, and AWS Security

    To maximize the benefit of the class, the student needs to:

    • Have a Curious, and eager to learn.
    • Ask, Ask, and Ask questions
    • Bring their own laptops to participate in the labs and capture valuable information
    • Have an AWS free account at https://aws.amazon.com/free

    Course Outline:

    • Cloud Computing Governance, Risk, and Compliance (GRC)
    • Cloud Identity and Access Management (IAM)
    • Cloud Network Security
    • Cloud Compute Security
    • Cloud Storage Security
    • Cloud Application Security (DevSecOps)
    • Cloud Operation Security
    8:00 am
    SecureWorld PLUS Part III
    • session level icon
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    8:30 am
    Navigating the Uncharted Cybersecurity Career Path
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    With a growing shortage of qualified workforce, it’s a pivotal time for the cybersecurity profession to define its value and claim its space within the corporate landscape. From entry-level to C-suite, do you know what you’re worth and how to maximize your earning potential? What are the KPIs, accomplishments, and degrees or accreditations needed to advance your career?
    8:30 am
    How Privacy and Security Work Together
    • session level icon
    speaker photo
    Director of Privacy and Compliance, American Cyber Security Management
    speaker photo
    GRC Consultant / Privacy & Compliance Specialist, IT Governance USA Inc.
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Security and privacy professionals can build more trust within the organization when they work together rather than in silos.  Come learn how to align these two functions, to reduce duplication of effort while increasing both efficiency and speed to delivery.   Understanding a shared responsibility model and proactively defining the privacy and security roles and responsibilities will enable your organizations to better understand how to protect the data that it collects, processes, and stores.
    Presentation Level: MANAGERIAL (security and business leaders)

    8:30 am
    Industrial Security: Bridging the Gap Between OT and IT
    • session level icon
    speaker photo
    Information Security Officer, Johns Manville
    speaker photo
    Industrial Security Manager , Johns Manville
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Industrial Control Systems (ICS) are becoming a bigger part of our manufacturing operations and yet few companies truly understand how vulnerable they really are. Much of the problem lies in the lack of communications between the Information Technology and Operational Technology departments. Chris McLaughlin (IT) and Scott Reynolds (Engineering) will share some of the common gaps in understanding that exist between IT and Engineering. This presentation will cover some common ICS vulnerabilities that most IT security teams are unaware of, and will provide tips on how to bridge the communication gap.

    8:30 am
    Developing and Implementing an Effective Security Awareness Program
    • session level icon
    Lessons Learned from an Oil and Gas Exploration Company
    speaker photo
    CISO, Grand River Dam Authority
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Pedro will discuss his lessons learned in security awareness. He works in a very traditional Oil And Gas Exploration company, and from the production point of view, security awareness was the last thing anyone wanted to talk about. Pedro was able to change the culture, and ultimately behavior, by relating security awareness to their home use. He made it personal and relevant to the employee, that got attention. Once you have their attention, then you can start changing their behavior.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    [OPENING KEYNOTE] The Colorado = Security Podcast LIVE
    • session level icon
    Join podcast hosts Robb Reck and Alex Wood as they interview Dale Drew, CSO of Zayo Group.
    speaker photo
    Chief Security Officer, Zayo Group
    speaker photo
    Host, Colorado = Security podcast
    speaker photo
    CISO, Pulte Financial Services
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Join podcast hosts Robb Reck and Alex Wood as they update us on the news from the Colorado tech and security scene, and interview Dale Drew, Chief Security Officer for Zayo Group.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    10:15 am
    Mark Gelhardt Book Signing in the CyberLounge on the Exhibitor Floor
    • session level icon
    Quantities are limited and will be distributed on a first-come, first-served basis.
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 12:00 pm
    Location / Room: CyberLounge on the Exhibitor Floor

    Mark Gelhardt will be signing copies of his book, “My Time at The Clinton White House.”
    Find him in the CyberLounge on the Exhibitor Floor at the following times:
    10:15 a.m. – 12:00 p.m.
    1:00-1:15 p.m.
    BOOK SYNOPSIS:
    Colonel Mark Gelhardt had an atypical military career that landed him in The White House next to the President of the United States, where he was responsible for the last link of communications between the President and the rest of the U.S. government. While a Lieutenant Colonel (LTC) in the Army, Mark was selected by top federal officials to be the Commander of the Data Systems Unit, as part of the White House Communications Agency. In this position, he supported the President as the Chief Information Officer (CIO) for all classified IT used by The White House. LTC Gelhardt served at the White House for over four years (1995-1999), working with President Clinton and his staff almost every day, both on the White House grounds and traveling worldwide. This gave him unfettered access to the inner workings of The White House and the Presidency. Since retiring from the Army in 2001, Mark has been asked by many people about his time at The White House. Mark has many stories about what happened behind closed doors, and proudly speaks about the outstanding support done by the fantastic military members that support the Commander-in-Chief. Mark has taken the time to chronicle his experiences about his day-to-day job at The White House, as well as some of the funny stories he picked up along the way. Please enjoy this non-political book with surprising behind-the-scenes stories. I hope they provide you with some insight to the wonderful military members that work so hard to keep you safe every day in support the of President and Commander-in-Chief.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm

    This session is for Advisory Council members only.

    11:15 am
    [Panel] Discussion With Huawei’s CSO: A Supply Chain Security Case Study
    • session level icon
    speaker photo
    Founder & Managing Director, AgeLight Digital Trust Advisory Group
    speaker photo
    Chief Security Officer, Huawei Technologies
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Is Huawei a trade war target or a security risk? Regardless, the Huawei accusations by the U.S. Government have shed light on a crucial fact: increased reliance on new technologies introduces new threats into an ecosystem and supply chains. Join this discussion with Huawei’s Chief Security Officer on mitigating your organization’s supply chain risk by applying stringent criteria to all devices and services. The discussion will include the recent review of Huawei technologies and lessons learned can be applied to every enterprise including best practices advocated by NIST, NTIA, and others. Key tenets include embracing security by design, use of risk-based decision models and sharing threat intelligence data.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    11:15 am
    Consumer Rights and Business Responsibilities
    • session level icon
    speaker photo
    Partner, Husch Blackwell LLP
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    When the California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020, privacy law in the United States will never be the same. During this presentation, we will discuss how the CCPA is changing privacy law in this country, including how its creation of new privacy rights for California residents will impact businesses in 2020 and beyond. We will also discuss Nevada’s amendments to its online privacy statutes (effective October 1, 2019), and what to expect from other state legislatures in 2020.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

     

    11:15 am
    Manage Vulnerabilities Like a Pro: How to Take Your Vulnerability Management Program to the Next Level
    • session level icon
    speaker photo
    Community Instructor , SANS Institute
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    At an organizational level, we all have assets and these assets all have vulnerabilities. Most of us have a patching program. Some of us have exception policies. A few of us have automated the entire process, but almost none of us think there isn’t room for improvement in the program as a whole. Join this session to learn how to take your current program to that next level and what it takes to own the vulnerability management cycle in your own organization.

     

    12:15 pm
    [LUNCH KEYNOTE] How to Manage Your Own Career to Get to the Top
    • session level icon
    speaker photo
    Former CIO, The White House
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    Do you have a plan for your future? Why not? You are the leader of your own destiny! You need to look at where you are, where you want to go, and have a plan to get there. We will talk about how to develop a plan, what to think about, and how to put one foot in front of the other to get to your end goal. We will also talk about how to manage up to your boss to get what you need to help you in your own career. Col. Mark Gelhardt made it to The White House managing his own career, and stood next to the President of the United States. He will tell you how he did it; if he can do it, so can you!

     

    1:15 pm
    Panel: Cloudy With a Chance of Breach
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    Everything old is new again. Migrating to the cloud certainly is not a new thing. It is for some smaller companies that are just now able to afford making the move to the cloud. Cloud boasts a secure, disaster proof option for companies to store their data offsite with access to that data from practically anywhere. So, who’s fault is it when the data is compromised? What if your information is stolen from the cloud because another user’s data was at fault? At the end of the day, isn’t the cloud just someone else’s computer? Join this panel discussion as they guide you through the pros and cons in migrating to the cloud.

    1:15 pm
    Panel: You’ve Got Burned! Now What? (Incident Response)
    • session level icon
    speaker photo
    VP of Network Security Operations, Charter Communications
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    We’ve all heard the adage that it’s not if it happens but when you are inevitably breached… Do you have a plan? Even a framework to go off of? What do you include? Who do you include? How often should you be practicing this plan? Join our experts as they discuss incident response plans, who should be involved, best practices, and pitfalls.

    1:15 pm
    [Privacy Panel] A Solution Stack Ideation
    • session level icon
    speaker photo
    President, American Cyber Security Management
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    A solution stack focuses on the emerging technologies that businesses need to evaluate in order to implement end-to-end privacy solutions. These complimentary solution providers will discuss their unique privacy solution and where they fit in the enterprise privacy framework.
    The audience will have a much broader understanding of solutions immediately available today that can support their privacy programs, making them more sustainable and faster to respond to privacy law changes.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    [Panel] CISO Leadership on Privacy
    • session level icon
    speaker photo
    President, American Cyber Security Management
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    This session will enable attendees to learn about what privacy elements are important for local CISO’s, their approach to implementing privacy in their organizations, and how they have attested to their new privacy programs. Come hear about a CISO’s opinion on privacy, new regulations, and ask their opinions about why and when privacy matters.

    3:00 pm
    IPv6 Security: The Latent Threat
    • session level icon
    speaker photo
    Chair Emeritus, Rocky Mountain IPv6 Task Force
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Many organizations already have IPv6 networks, some organizations are working on their transitions to IPv6 and others are contemplating what IPv6 means to them. IPv6 is now used extensively on the Internet, but not intentionally implemented in enterprise networks. Most organizations already have IPv6 running on their networks and they don’t even realize it. All computer operating systems now default to running both IPv4 and IPv6 which could lead to security vulnerabilities if one is not prepared. IPv6 security vulnerabilities currently exist “in the wild” and as the popularity of the IPv6 protocol increases so will the number of threats. This session will cover the overview of IPv6 security threats and protection measures.Presentation Level: TECHNICAL (deeper dive including TTPs)
    3:00 pm
    How to Up-Level Your Skills to Enhance Your Career
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Up-Level Your Hard and Soft Skills to Turbo-Charge Your Career

Exhibitors
  • ACP Colorado Rocky Mountain Chapter
    Booth:

    ACP is the premier organization for business continuity professionals providing a powerful networking and learning environment for ACPits members. Known for its progressive programs, workshops and symposiums, the organization has become a unifying force in defining and leading the continuously evolving fields of business continuity, disaster recovery, and emergency response (the “profession”). The Organization is strategically aligned with business partners such as DRI International, and BC Management, as well as our corporate sponsors. With a strong presence in North America, ACP has 42 chapters and over 2,300 members. We welcome all individuals, regardless of experience or certification, with an interest in the Profession.

    Founded in 1983, we are an established community of industry experts, educators, practitioners, leaders, facilitators and advocates. Our members view us as connectors and as a vital networking source.

  • Alert Logic
    Booth:

    Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.

  • Bitdefender
    Booth: 210

    Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.

    From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.

  • CISO Ventures
    Booth:

    Whiteboard Venture Partners is building this exclusive community to help cybersecurity startups engage/collaborate with security innovation stakeholders.

  • Cloud Privacy Labs
    Booth: 433M

    At Cloud Privacy Labs we provide privacy solutions for organizations that use or exchange personal data. Our product ConsentGrid™ is a privacy governed data flow platform that helps companies achieve compliance, enhance transparency, and empower their users. It combines user consent, preferences, and organizational policies to govern data in-flight.

  • Cloud Security Alliance Colorado Chapter
    Booth:

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Cobalt.io
    Booth: 422M

    Cobalt’s Pentest as a Service (PtaaS) Platform transforms traditional pentesting into a data-driven vulnerability management engine. Fueled by a global talent pool of certified freelancers, our modern pentest platform delivers actionable results that empowers agile teams to pinpoint, track, and remediate vulnerabilities.

  • Colorado ECTF
    Booth:

    As a result of the amalgamation of advanced technology and the Internet, both the quantity and sophistication of cybercrimes targeting U.S. financial institutions and critical infrastructure have increased. Today, criminal trends show an increased use of phishing emails, account takeovers, malicious software, hacking attacks and network intrusions resulting in significant data breaches. To protect the nation’s financial infrastructure from cyber and financial criminals, the Secret Service has adopted a multi-pronged approach.

  • Colorado Technology Association
    Booth:

    The Colorado Technology Association leads the network of companies and professionals fueling Colorado’s economy, through technology.

    At the Colorado Technology Association, we:

    – Lead an inclusive network that benefits our member community
    – Advocate for a pro-business and technology-friendly climate
    – Influence the development of a robust talent pipeline
    – Lead initiatives to help companies grow.

  • Comodo Cybersecurity
    Booth: 216

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • Corelight
    Booth: 220

    Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com 

  • CrowdStrike
    Booth: 309

    CrowdStrike Inc. (Nasdaq: CRWD), a global cybersecurity leader, is redefining security for the cloud era with an endpoint protection platform built from the ground up to stop breaches. The CrowdStrike Falcon® platform’s single lightweight-agent architecture leverages cloud-scale artificial intelligence (AI) and offers real-time protection and visibility across the enterprise, preventing attacks on endpoints on or off the network. Powered by the proprietary CrowdStrike Threat Graph®, CrowdStrike Falcon correlates over two trillion endpoint-related events per week in real time from across the globe, fueling one of the world’s most advanced data platforms for security.

    With CrowdStrike, customers benefit from better protection, better performance and immediate time-to-value delivered by the cloud-native Falcon platform.

    There’s only one thing to remember about CrowdStrike: We stop breaches.

    Qualifying organizations can gain full access to Falcon Prevent™ by starting a free trial. Learn more: https://www.crowdstrike.com/

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Expel
    Booth: 316

    Expel provides transparent managed security, on-prem and in the cloud. It’s the antidote for companies trapped in failed relationships with their managed security service provider (MSSP) and those looking to avoid the frustration of working with one in the first place. To learn more, go to https://www.expel.io.

  • IAPP
    Booth:

    Your Comprehensive global information privacy community and resource. Data powers the information economy. And the risks associated with it continue to skyrocket. Data breach, identity theft, loss of customer trust—these are the threats to organizations of all sizes, in all sectors, in today’s marketplace.

    The International Association of Privacy Professionals (IAPP) is a resource for professionals who want to develop and advance their careers by helping their organizations successfully manage these risks and protect their data. In fact, we’re the world’s largest and most comprehensive global information privacy community.

    The IAPP is the only place that brings together the people, tools and global information management practices you need to thrive in today’s rapidly evolving information economy.

  • InfraGard
    Booth:

    InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of individuals, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.

    The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.

  • ISACA Denver Chapter
    Booth:

    The Denver Chapter of ISACA® (formerly EDPAA) was founded in June 1976 with just a handful of members. Today, the Denver chapter with over 1,040 members, is one of the largest chapters within the Southwestern Region. The Denver Chapter contributes to the international organization with financial support and periodic hosting of the International Conference.

  • (ISC)2 Denver Chapter
    Booth:

    (ISC)²® is the largest not-for-profit membership body of certified information security professionals worldwide, with nearly 80,000 members in more than 135 countries. Globally recognized as the Gold Standard, (ISC)² issues the Certified Information Systems Security Professional (CISSP®) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP®), Certified Authorization Professional (CAP®), and Systems Security Certified Practitioner (SSCP®) credentials to qualifying candidates.

  • ISSA Colorado Springs Chapter
    Booth:

    ISSA Colorado Springs Chapter: Developing and Connecting Cybersecurity Leaders Globally. ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.

  • Ixia, a Keysight Business
    Booth: 136

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Meta Networks
    Booth: 125

    The way we work has changed dramatically in the last decade. We’re no longer sitting in an office every day, working with applications in the local data center. It’s not just that the perimeter is dissolving – security paradigms designed around the idea that users on the LAN can be trusted is dangerous.We believe it’s time to update the way we approach network access and security. It’s now possible to leverage the cloud and the internet to build a global, zero-trust private network that is agile and scalable enough for the way we do business today. With the Meta Network-as-a-Service (NaaS), you can rapidly connect user devices to applications in the data center and the cloud and secure them with a software-defined perimeter. Meta NaaS is user-centric rather than site-centric, making it the ideal solution for the network security challenges that businesses face today – from providing user-friendly remote access, to connecting cloud infrastructure, and reducing management costs.Meta Networks was founded in 2016 by a leading team of cloud, networking and security experts from companies including Stratoscale, Intel, Check Point, Oracle, Cisco, Harman, Incapsula, Ericsson, 3M and Elbit. The company is funded by the BRM Group and Vertex Ventures.

  • Mimecast
    Booth: 312

    Mimecast Is Making Email Safer For Business.

    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service. Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • OWASP Denver
    Booth:
  • ProcessUnity
    Booth: 200

    ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources.

  • Radware
    Booth: 330

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • SecureAuth
    Booth: 213

    SecureAuth enables companies to determine identities with absolute confidence. Whether you’re seeking to continuously secure employee,
    customer or partner access, SecureAuth’s flexible and adaptive platform makes everything fast, frictionless and pain-free. Guaranteed.

  • Spirion
    Booth: 319

    Spirion is a leading enterprise data management software solution that provides high-precision searches and automated classification of unstructured and structured data with unparalleled accuracy.  Spirion helps businesses reduce their sensitive data footprint and proactively minimize risks, costs and reputational damage of cyberattacks by discovering, classifying, monitoring and protecting sensitive data.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tevora
    Booth: 223

    Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats. For more information visit https://www.tevora.com.com/.

  • Trustwave
    Booth: 300

    Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Mohamed Malki
    Director, Security Architecture, State of Colorado, Governor's Office of IT

    Mohamed Malki, director of enterprise security architecture and HIPAA officer, has been key in transforming the State of Colorado’s security landscape. He’s been critical in building Colorado’s cybersecurity plan, designing Colorado's public cloud architecture and building the requirements for Colorado's Blockchain center of excellence. Mohamed holds multiple degrees, speaks four languages, and has more than 30 certifications, including AWS Cloud Architect, CISSP, Google GCP Architect, and Certified Ethical Hacker. A certified security trainer, Mohamed has helped hundreds of individuals achieve various certifications and proactively offers sessions for employees. Mohamed was recognized as “State Cybersecurity Leader of the Year 2019," the state leader who demonstrates a passion and focus on keeping systems secure and thinking about security in the big picture of state IT. More at:
    https://statescoop.com/2019-statescoop-50-awards-recognize-state-it-leaders-projects/

  • speaker photo
    Siam Luu
    Lead Security Architect, Colorado Judicial Department

    Siam Luu has worked information security for over 8 years beginning as an analyst, graduating to an engineer, and currently is employed as a security architect. He has worked in both the public and private sectors in a myriad of different careers and locations in both technical and non-technical roles. At present, he has his CISSP certification and graduated from the University of Colorado with a Bachelor of Science in Business Administration. His current goals are to help organizations improve their security program creating a more effective defensive strategy.

  • speaker photo
    Bryce Verdier
    Sr. Software Engineer, GroupOn

    Bryce Verdier (CISSP, CEH) is currently a Senior Software Developer at GroupOn. In previous roles, he’s also been a Systems Engineer with an automation and DevOps minded focus, and an Information Security Engineer, focusing on host-based security.

  • speaker photo
    David Sonheim
    Cybersecurity Advisor, DHS / CISA
  • speaker photo
    Christopher McMahon
    Special Agent, United States Secret Service

    Chris McMahon is a Special Agent for the United States Secret Service. Prior to joining the Secret Service, Chris was a Prince George’s County, MD Police Officer. Chris is a well-seasoned criminal investigator specializing in cyber-enabled financial fraud, money laundering, credit card/ID fraud among other crimes. Chris began his Secret Service career out of the New York Field Office spending time between the Fraud Squad and Electronic Crimes Task Force where he earned the designation NITRO Agent for specialized training in network intrusions. While in the New York Field Office, Chris ran point on several large-scale multi-national criminal investigations targeting transnational organized crime groups. Chris is currently assigned to the U.S. Secret Service, Global Investigative Operations Center (GIOC) where he specializes in Business Email Compromise schemes and account takeovers focusing on the international nexus of cyber-enabled financial crime.

  • speaker photo
    Cindi Carter
    Vice President, Chief Security Officer, MedeAnalytics

    As Vice President, Chief Security Officer (CSO) at MedeAnalytics, Cindi oversees global enterprise security. Her mission encompasses creating a culture that places high value on securing and protecting MedeAnalytics and the clients’ information entrusted to them. Cindi has built and matured both cyber and physical security practices at The University of Michigan Health System and Cerner Corporation. More recently, Cindi served as the Deputy Chief Information Security Officer at Blue Cross and Blue Shield of Kansas City. Cindi is the founding President of Women in Security-Kansas City, a non-profit organization with the mission to support women at all career levels in Information Security, and serves as an Advisory Board member within the security industry.

  • speaker photo
    Ron Winward
    Security Evangelist, North America, Radware

    As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America. Before joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP.
    Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
    Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
    Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
    Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation.

  • speaker photo
    John Callaghan
    Sr. Security Engineer in SOC Operations, Forensics, and Threat Hunting, Pulte Financial Services

    As a security practitioner of 30 years, Jack's experience began in the 80s with commercial and military venues, and expanding in early days of the Internet. It continued to be shaped by the growth of malware and data breaches as global threats against business, nations, and individuals. While developing some of the earliest proactive IPS systems ( proto-SIEM) on an extensive international network (DEC's Easynet) he was able to analyze and evolve response systems by observing the nature and techniques resulting in data exposure.

    His present focus is global information growth and the profitable criminal practices and State actors constantly assaulting data, inevitably with profound impact. Recent work in MSSP and financial sectors continues to expose him to the bleeding edge of data loss affecting every user of this global data repository. His current position, Senior Security Engineer at Pulte Financial, offers constant exposure to threats engineered to steal financial and PII content and continues to sharpen his sense of appropriate Incident Response, CSIRT defense activities, and the continual need to protect individuals funds and privacy.

    As a regular presenter for ISSA and ISACA, he's focused on sessions addressing information exposure, attack methodologies, and integrating threat content and TTPa to quick response defenses, but now is concerned with practical approaches to tailored tactical response, SOC operations, and personal data privacy.

  • speaker photo
    Alexandra Panaretos
    Security Awareness and Training leader, Ernst & Young LLP

    Alexandra Panaretos, CSAP is the Americas Cyber Practice Lead for Security Awareness and Training for Ernst & Young LLP. She specializes in information security awareness and education, personal and physical security, and the psychology of social engineering. Alex has experience developing and implementing security awareness and education strategies in government, military family services, and global companies. She is Operations Security Program Manager certified by the Joint Information Operations Warfare Center and the U.S. Army. Her primary focus in awareness program design is the individual, which she showcases in materials that are relevant for multiple generational, cultural, and learning styles in an enterprise.

  • speaker photo
    Bruce Sussman
    Emmy-Winning Journalist, SecureWorld

    Bruce Sussman is a life-long storyteller who spent 20 years on TV screens in Portland, Oregon, as a journalist and meteorologist, winning two regional Emmy awards for “Best Weather Anchor.” He still pops up on KATU News occasionally, but he’s more likely to be spotted now on a security podcast, moderating a panel discussion at a SecureWorld InfoSec conference, or leading a session on more powerful communication in a corporate environment. After a brief stint at Gartner working with CISOs, Sussman now leads cybersecurity writing and content for SecureWorld’s media division.

  • speaker photo
    Moderator: Abhijit Solanki
    Founder & Managing Director, Whiteboard Venture Partners

    Abhijit Solanki is the founder of Whiteboard Venture Partners, an early stage venture capital firm helping entrepreneurs achieve their whiteboard dreams.

  • speaker photo
    Randall Frietzsche
    CISO, Denver Health

    Randall’s career started as a Law Enforcement Officer. With the technical aptitude, he moved into technology, starting as an MCSE on Windows NT 4.0. Over the next 22 or so years, he evolved to become the Enterprise Chief Information Security Officer for Denver Health and Hospital Authority. He also teaches cybersecurity courses for Harvard and Regis Universities. As an ISSA Distinguished Fellow, Randall’s mission is to give back to our profession, to mentor, teach, speak, and write. Security is his vocation, avocation and passion. Randall has presented at many security conferences, including Rocky Mountain Information Security Conference, Denver Evanta CISO Summit, SecureWorld, and the Louisville Metro Information Security Conference.

  • speaker photo
    Merlin Namuth
    Cyber Risk Advisory Board Member , Pepperdine University

    Merlin Namuth has spent over 20 years focused in security. His experience includes building and running numerous security programs, program management, managing incident response teams, computer forensics, compliance, architecture, and engineering complex security solutions. Namuth serves on the cyber risk advisory board at Pepperdine University where he also guest lectures. Merlin serves on the Board of Directors at iEmpathize, a nonprofit focused on educating people about human trafficking. He has presented at several conferences, including RSA domestically and internationally, as well as RMISC, OWASP, and ISSA. He holds the PMP, CISSP, GCFA, and GCIH certifications.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Mohamed Malki
    Director, Security Architecture, State of Colorado, Governor's Office of IT

    Mohamed Malki, director of enterprise security architecture and HIPAA officer, has been key in transforming the State of Colorado’s security landscape. He’s been critical in building Colorado’s cybersecurity plan, designing Colorado's public cloud architecture and building the requirements for Colorado's Blockchain center of excellence. Mohamed holds multiple degrees, speaks four languages, and has more than 30 certifications, including AWS Cloud Architect, CISSP, Google GCP Architect, and Certified Ethical Hacker. A certified security trainer, Mohamed has helped hundreds of individuals achieve various certifications and proactively offers sessions for employees. Mohamed was recognized as “State Cybersecurity Leader of the Year 2019," the state leader who demonstrates a passion and focus on keeping systems secure and thinking about security in the big picture of state IT. More at:
    https://statescoop.com/2019-statescoop-50-awards-recognize-state-it-leaders-projects/

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Mohamed Malki
    Director, Security Architecture, State of Colorado, Governor's Office of IT

    Mohamed Malki, director of enterprise security architecture and HIPAA officer, has been key in transforming the State of Colorado’s security landscape. He’s been critical in building Colorado’s cybersecurity plan, designing Colorado's public cloud architecture and building the requirements for Colorado's Blockchain center of excellence. Mohamed holds multiple degrees, speaks four languages, and has more than 30 certifications, including AWS Cloud Architect, CISSP, Google GCP Architect, and Certified Ethical Hacker. A certified security trainer, Mohamed has helped hundreds of individuals achieve various certifications and proactively offers sessions for employees. Mohamed was recognized as “State Cybersecurity Leader of the Year 2019," the state leader who demonstrates a passion and focus on keeping systems secure and thinking about security in the big picture of state IT. More at:
    https://statescoop.com/2019-statescoop-50-awards-recognize-state-it-leaders-projects/

  • speaker photo
    Janelle Hsia
    Director of Privacy and Compliance, American Cyber Security Management

    Janelle Hsia is a trusted advisor for strategic and tactical decision making within organizations of all sizes. She brings a diverse background with strong leadership, technical, and business skills spanning 20 years of experience in the areas of project management, IT, privacy, security, data governance, process improvement, and software development. Her passion is creating comprehensive data governance programs for SMEs which blends security, privacy, and risk disciplines together. Her experience includes Director of Privacy and Compliance, Deputy Information System Security Officer, and Board of Directors for the Colorado Chapter of Cloud Security Alliance (CSA). She holds the following certificates CIPM, CIPP/E, CISA, PMP, and GSLC.

  • speaker photo
    Preston Bukaty
    GRC Consultant / Privacy & Compliance Specialist, IT Governance USA Inc.

    Preston Bukaty is an attorney and consultant working for IT Governance USA. He specializes in data privacy GRC projects, from data inventory audits to gap analysis, contract management, and remediation planning. His compliance background, and experience with operationalizing compliance for a variety of industries, give him a strong understanding of the legal issues presented by international regulatory frameworks. Having conducted over 3,000 data mapping audits, he also understands the practical realities of project management in operationalizing compliance initiatives.

    Preston’s legal experience and passion for technology make him uniquely suited to understanding the business impact of privacy regulations like the GDPR and CCPA. He has advised more than 250 organizations engaged in businesses as varied as SaaS platforms, mobile geolocation applications, GNSS/telematics tools, financial institutions, fleet management software, architectural/engineering design systems, and web hosting. He also teaches certification courses on GDPR compliance and ISO 27001 implementation, and writes on topics related to data privacy law.

    Preston lives in Denver, Colorado, much to the envy of friends and family. Prior to working as a data privacy consultant, he worked for an international GPS software company, advising business areas on compliance issues across 140 countries. Preston holds a juris doctorate from the University of Kansas School of Law, along with a basketball signed by Hall-of-Fame coach Bill Self.

  • speaker photo
    Chris McLaughlin
    Information Security Officer, Johns Manville

    Chris McLaughlin is the Information Security Officer at Johns Manville, a Berkshire Hathaway company. JM is leading global manufacturer of insulation, roofing and glass fibers products. Chris has over 20 years of security and infrastructure experience leading the vision for a highly complex manufacturing environment. Chris has a passion for industrial security and has developed a center of excellence around industrial control systems that brings engineering and IT teams together to work towards common goals. Chris holds an MBA from the University of Colorado.

  • speaker photo
    Scott Reynolds
    Industrial Security Manager , Johns Manville

    Scott Reynolds is the Industrial Security Manager at Johns Manville. He has over 14 years of Industrial Engineering experience and is an active member of the OT / IT community. Scott has held leadership roles in the International Society of Automation (ISA) for the last four years and is currently an Executive Board Member. Scott has an electrical engineering degree from the University of Maine and an MBA from The University of South Dakota.

  • speaker photo
    Pedro Serrano
    CISO, Grand River Dam Authority

    Pedro Serrano has over 35 years of experience managing and installing technical controls in networks around the world, 20 of those in military systems. He is the CISO for Grand River Dam Authority and Professor at his local University teaching infrastructure systems, security controls, and networking. Pedro has two postgraduates degrees one in Telecommunications Management from Oklahoma State University and the other in Computer Science from Tulsa University. Pedro serves as the President of the Information System Security Association (ISSA) chapter in Tulsa, Oklahoma and holds the CISSP certification from ISC2.

  • speaker photo
    Dale Drew
    Chief Security Officer, Zayo Group

    Dale has run security for Zayo Group over the past year and a half, responsible for securing more than 1,400 global locations and over 100,000 production elements. Previous to serving at Zayo, Dale was the Chief Security Officer for Level3. He served for Level3 for over 19 years, through numerous mergers and acquisitions, including its acquisition by CenturyLink.

  • speaker photo
    Robb Reck
    Host, Colorado = Security podcast

    “Security only works when it’s in tune with the company it supports. Understanding what we are defending (and why) is more important than preventing, detecting or responding to threats. Understanding is dependent on high-quality relationships with stakeholders.”

    Robb has built successful risk-based security programs in the software and financial services industries. As Chief Information Security Officer at Ping Identity, he is responsible for ensuring the integrity of all Ping products, the confidentiality of sensitive data, and the availability of critical services.

    Previous to his role at Ping, Robb served as VP and CISO for Pulte Financial Services, and as Information Security Officer and Director of Risk Management for Harland Financial Solutions. Robb holds a Bachelor’s of Arts from George Fox University and an MBA from Colorado State University.

  • speaker photo
    Alex Wood
    CISO, Pulte Financial Services

    Alex Wood is currently the CISO for Pulte Financial Services and has over 18 years of experience in information security. Previously he has had managerial, program, and technical roles at several major companies in different verticals. Additionally, Alex has served on the Board of Directors for ISSA International and is a host of the Colorado = Security podcast. Alex is a CISSP and has a MAS in Information Security from the University of Denver.

  • speaker photo
    Book Signing
  • speaker photo
    Craig Spiezle
    Founder & Managing Director, AgeLight Digital Trust Advisory Group

    Craig Spiezle is the founder and managing partner of AgeLight Advisory Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.

  • speaker photo
    Andy Purdy
    Chief Security Officer, Huawei Technologies

    Andy is Chief Security Officer for Huawei Technologies USA, overseeing Huawei USA's cybersecurity assurance program and supporting Huawei’s global assurance program. Andy is the Huawei global lead for the East-West Institute Global Cooperation in Cyberspace Initiative and serves on the Steering Committee of The Open Group Trusted Technology Forum, which developed the Open Trusted Technology Provider Standard (O-TTPS), recognized as ISO/IEC 20243.

    Andy was the senior cybersecurity official of the U.S. Government from 2004-2006. Prior to joining the Department of Homeland Security, Andy was a member of the White House staff where he helped to draft the U.S. National Strategy to Secure Cyberspace (2003), after which he went to the Department of Homeland Security (DHS) where he helped to form and then led the National Cyber Security Division (NCSD) and the U.S. Computer Emergency Readiness Team (US-CERT).

  • speaker photo
    David Stauss
    Partner, Husch Blackwell LLP

    David is the leader of Husch Blackwell’s national privacy and data security practice group. Accredited by the International Association of Privacy Professionals as a Fellow of Information Privacy, Certified Information Privacy Professional/United States, and Certified Information Privacy Technologist, David brings to the table a deep engagement with the subject matter and demonstrated excellence in handling privacy and cybersecurity matters for clients. David regularly counsels clients on complying with existing and emerging privacy and information security laws, including the European Union’s General Data Protection Regulation, the California Consumer Privacy Act, and other emerging state privacy and information security statutes.

  • speaker photo
    Serge Borso
    Community Instructor , SANS Institute

    Serge Borso is the founder and CEO of SpyderSec, an organization specializing in penetration testing, security awareness training, and OSINT. He also resides on the board of directors for the Denver OWASP chapter and teaches with the SANS Institute. He is an expert in a variety of information security fields, having served in many roles in the IT and security industries over the past 15 years. As an active member in the information security community, Serge has trained over 1,000 students, presents regularly at various speaking engagements, and his quotes can be read in various industry publications.

  • speaker photo
    Mark Gelhardt
    Former CIO, The White House

    Colonel Mark Gelhardt is a retired Army combat veteran. While in the Army, Mark was selected to be the Chief Information Officer for The White House, supporting President Clinton with secure Automation and Telecommunication for over four and half years. Mark has over 40 years of experience in providing executive level management in Information Technology and Cybersecurity fields as a CTO, CSO, CIO, and CISO for several global companies. He is currently the VP of Global Technology Governance for US Bank. Mark is a published author and well-known keynote speaker.

  • speaker photo
    Moderator: Mary Haynes
    VP of Network Security Operations, Charter Communications
  • speaker photo
    Moderator: Carlin Dornbusch
    President, American Cyber Security Management

    Carlin Dornbusch is an innovative leader in Cybersecurity and Data Privacy. His company, American Cyber Security Management, brings proven methods, best-in-class tools, and deep knowledge of data privacy and security standards to every client engagement. ACSM excels at creating custom privacy and security programs to meet the demands of modern threats and emerging compliance. Carlin’s background in technology, security, operations, and management give him a well-balanced approach to solving business problems and maximizing Return on Investment. Having worked for some of the most rapidly growing technology and solutions companies in the world, Carlin and his teams have developed hundreds of business leading solutions including; digital transformation, workforce productivity, IT simplification, business automation, customer service, and market expansion. A consultative approach has been the mainstay of Carlin’s methodology ever since leaving corporate employment in 2006. Carlin’s focus on people, process, and technology allows him to improve operational efficiency and help businesses modernize their workplace. His methods and techniques are industry leading and high leveraged by Focused Clouds’ clientele. You can find Carlin as an active member in the Cloud Security Alliance (CSA), Information Systems Security Association (ISSA), and International Association of Privacy Professionals (IAPP) organizations in Colorado. He founded and oversees the ever expanding GDPR/Privacy MeetUp. Carlin also holds an active Certified Information Systems Security Professional (CISSP) certificate from ISC2.

  • speaker photo
    Moderator: Carlin Dornbusch
    President, American Cyber Security Management

    Carlin Dornbusch is an innovative leader in Cybersecurity and Data Privacy. His company, American Cyber Security Management, brings proven methods, best-in-class tools, and deep knowledge of data privacy and security standards to every client engagement. ACSM excels at creating custom privacy and security programs to meet the demands of modern threats and emerging compliance. Carlin’s background in technology, security, operations, and management give him a well-balanced approach to solving business problems and maximizing Return on Investment. Having worked for some of the most rapidly growing technology and solutions companies in the world, Carlin and his teams have developed hundreds of business leading solutions including; digital transformation, workforce productivity, IT simplification, business automation, customer service, and market expansion. A consultative approach has been the mainstay of Carlin’s methodology ever since leaving corporate employment in 2006. Carlin’s focus on people, process, and technology allows him to improve operational efficiency and help businesses modernize their workplace. His methods and techniques are industry leading and high leveraged by Focused Clouds’ clientele. You can find Carlin as an active member in the Cloud Security Alliance (CSA), Information Systems Security Association (ISSA), and International Association of Privacy Professionals (IAPP) organizations in Colorado. He founded and oversees the ever expanding GDPR/Privacy MeetUp. Carlin also holds an active Certified Information Systems Security Professional (CISSP) certificate from ISC2.

  • speaker photo
    Scott Hogg
    Chair Emeritus, Rocky Mountain IPv6 Task Force

    Scott Hogg is CTO and a co-founder of HexaBuild.io, an IPv6 consulting and training firm. He is a CCIE #5133 and CISSP #4610 with over 25 years of network and security experience. He is the author of the a Cloud Guru course, “Rapidly Deploying IPv6 on AWS.” Scott is Chair Emeritus of the Rocky Mountain IPv6 Task Force (RMv6TF), and a member of the Infoblox IPv6 Center of Excellence (COE). He has authored the Cisco Press book on IPv6 Security, and also writes for NetworkWorld.com.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Don't miss out!

Join us for high-quality, affordable cybersecurity training and networking. Sign up today!