Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Tuesday, October 29, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    7:30 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Topic: The Journey to the Cloud – Roadblocks, Pitfalls & Silver Linings
    speaker photo
    Asia Region (Cybersecurity) Risk Lead, Compassion International
    Registration Level:
    • session level iconVIP / Exclusive
    7:30 am - 8:30 am
    Location / Room: 3rd Floor Boardroom

    Denver Advisory Council Kickoff (Advisory Council members only)
    Join us for breakfast and coffee.

    8:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: ACA/Triax

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 1 - Cloud Security Training
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Director, Security Architecture, State of Colorado, Governor's Office of IT
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Barco Library

    The  3-part Cloud Security course will immerse students/attendees into the new frontier of IT and security services delivery in the Cloud. Using proven engaged learning techniques, students will leave the session with a solid Cloud Security knowledge and skills combined with applied hands-on on the most popular Cloud Services Provider.

    Course Outline:

    • Cloud Computing Governance, Risk, and Compliance (GRC)
    • Cloud Identity and Access Management (IAM)
    • Cloud Network Security
    • Cloud Compute Security
    • Cloud Storage Security
    • Cloud Application Security (DevSecOps)
    • Cloud Operation Security

    By the end of the session you will:

    • Have a solid understanding of the Cloud Computing and Security based on NIST and ISO/IEC.
    • Be able to evaluate the security posture of any Cloud Service Providers (CSP) Using FedRAMP and CSA CCM.
    • Be able to select, design, and deploy secure cloud services based on the business requirements
    • Use the knowledge and skill learned as a foundation to pursue popular Cloud Security Certifications such as CSA CCSK, ISC2 CCSP, and AWS Security

    To maximize the benefit of the class, the student needs to:

    • Have a Curious, and eager to learn.
    • Ask, Ask, and Ask questions
    • Bring their own laptops to participate in the labs and capture valuable information
    • Have an AWS free account at https://aws.amazon.com/free

    Course Outline:

    • Cloud Computing Governance, Risk, and Compliance (GRC)
    • Cloud Identity and Access Management (IAM)
    • Cloud Network Security
    • Cloud Compute Security
    • Cloud Storage Security
    • Cloud Application Security (DevSecOps)
    • Cloud Operation Security
    8:30 am
    (ISC)2 Chapter Meeting and Guest Presentation - Open to All Attendees
    • session level icon
    Topic: Who's Your Hacker? ... And Why It Matters
    speaker photo
    Lead Security Architect, Colorado Judicial Department
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Bresnan Boardroom

    Join (ISC)2 for a chapter meeting and guest presentation. This is for chapter members and anyone interested in learning more about the association.
    Presentation: Because no organization is 100% unhackable, organizations establish “acceptable” levels of risk. We then build our security strategy around the risk of our organization being hacked. In that case, how much of a role does the hacker play in that risk analysis? In this presentation, the speaker will share perspectives about security intelligence for your program. If there is time, he will give a short demo of a free tool and share ideas on how you can use this in your own organization’s security strategy.

    8:30 am
    Using Vault to Better Protect Your Secrets
    • session level icon
    speaker photo
    Sr. Software Engineer, GroupOn
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: CT+T
    All developers have seen it and few will admit to doing it. Putting unprotected authentication credentials like usernames and passwords or cloud service authentication keys into application code or scripts. This talk is for developers of all levels who are interested in a better way to manage their secrets and become the next hero with their security department. (Your results may vary.)
    8:30 am
    InfraGard Chapter Meeting and Guest Presentation - Open to all Attendees
    • session level icon
    Two-Part Guest Presentation: CISA and FBI's Private Sector Outreach Program
    speaker photo
    Cybersecurity Advisor, DHS / CISA
    speaker photo
    Special Agent / Private Sector Coordinator, FBI Denver
    speaker photo
    Consultant, Advisory Services, Ernst & Young
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Keynote Theater

    Two- Guest Presentation

    Part 1: CISA: What You Should Know and How to Access New Resources to Protect Your Organization
    Presented by:
    David Sonheim, Cybersecurity Advisor, DHS/CISA

    The threats and threat actors facing our nation are becoming more complex than any point in our history. In 2018, a new cybersecurity agency was developed under the oversight of the Department of Homeland Security: Cybersecurity and Infrastructure Security Agency (CISA). CISA is mobilizing a collective defense that seeks to understand and manage risk to our critical infrastructure.
    Learn about how CISA will impact your organization, and how to access the free tools and resources that are now available. We will explore:

    • An overview of CISA
    • Cybersecurity Assessment Offerings
    • Cybersecurity Service Catalog Offerings
    • Cyber Incident Reporting Guidelines
    • MS-ISAC Service Offerings

    Part 2: Overview of the FBI’s Private Sector Outreach Program
    Presented by: Christopher Calarco, Special Agent/Private Sector Coordinator, FBI Denver

    Learn about the FBI’s Private Sector Outreach Program, including the FBI’s Infragard program. We will discuss generational threats facing the country and why it is important to adopt a cross-sector approach to address these threats. Attendees will walk away with a better understanding of government resources that are available to address cyber threats, as well as a better understanding of the importance of public-private partnerships in protecting the nation’s economic and national security.

    9:30 am
    [OPENING KEYNOTE] Business Email Compromise: Real World Stories and Practical Defense
    • session level icon
    speaker photo
    Special Agent, United States Secret Service
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    The average loss from a bank robbery is about $3,000. The average loss from a successful Business Email Compromise (BEC) attack is nearly $130,000. That kind of math explains why BEC is rampant, and every type of organization is at risk. During this presentation, hear from the point person on BEC cases investigated by the U.S. Secret Service. He’ll share true crime examples of and practical steps for defense against BEC losses, which now stand at $13.5 billion in the last six years.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: 3rd Party Risk - Creating & Managing a Program that Works
    speaker photo
    CISO, Gates Corporation
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 3rd Floor Boardroom

    This session is for Advisory Council members only.

    11:15 am
    [Panel] Knowledge Is Power: Women in Cybersecurity
    • session level icon
    speaker photo
    Vice President, Chief Security Officer, MedeAnalytics
    speaker photo
    Chief Information & Digital Officer, City of Aurora
    speaker photo
    IT Security Manager, Department of Information Technology, Weld County
    speaker photo
    VP, Network Security Operations, Charter Communications
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Bresnan Boardroom

    It is often said that true knowledge must be gained through experience; either through one’s own life or through others. Join this opportunity to hear from women who bring perspectives from diverse industries (retail, financial, healthcare, utilities) as they share their different experiences as women living the information security career journey.

    11:15 am
    [Radware] Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Security Evangelist, North America, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Saemon

    Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    11:15 am
    ISACA Chapter Meeting & Guest Presentation - Open to all Attendees
    • session level icon
    Presenting: Threat Intelligence - The Humans, The SIEMs, and the Analytics
    speaker photo
    Sr. Security Engineer in SOC Operations, Forensics, and Threat Hunting, Pulte Financial Services
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: CT+T

    The landscape of SOC .vs. Threat has become a game of brinkmanship and 7/24 risk. In the past 8 years as the stakes continue to escalate, tactics are the pivotal point.  It’s no longer sufficient to have effective defenses, its essential to characterize threats as they view us: targets. This presentation analyzes the integration of tools, data resources, and human intuition to weigh and plan responses to secure resources.
    Objectives:
    • Base-lining & integrate SIEM, IPS, & defensive tools
    • Discussion, history, and review of Threat Intel as it applies to ‘us’ as targets
    • Integrating human logic to field and effective force

    12:00 pm
    Advisory Council LUNCH Roundtable – (VIP / Invite Only)
    • session level icon
    Topic: Security Workforce - Staffing/Retention, Fair Wages, Outsourcing
    speaker photo
    Asia Region (Cybersecurity) Risk Lead, Compassion International
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 3rd Floor Boardroom

    This session is for Advisory Council members only.
    Lunch will be served during this roundtable discussion.

    12:15 pm
    [LUNCH KEYNOTE] 7 Ways To Boost InfoSec’s Influence (and Yours) by Communicating Differently
    • session level icon
    speaker photo
    Emmy-Winning Journalist, SecureWorld
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Grow your personal influence, your leadership possibilities and move your InfoSec objectives forward (faster) by thinking differently about how you communicate. Whether your audience is the board, your team, or any part of the business, this session will help you and your communication stand out. Lead by a long-time TV reporter turned cybersecurity journalist who shares a framework for powerful communication you can implement immediately.

    1:15 pm
    [Panel] Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
    Panelists:
    Ron Winward, Radware
    Mark Lindgren, SpyCloud
    David Wolpoff, Randori
    Moderator: Greg Sternberg, Sungard Availability Services

    1:15 pm
    [Panel] Cloudy With a Chance of Breach
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Bresnan Boardroom

    Everything old is new again. Migrating to the cloud certainly is not a new thing. It is for some smaller companies that are just now able to afford making the move to the cloud. Cloud boasts a secure, disaster proof option for companies to store their data offsite with access to that data from practically anywhere. So, who’s fault is it when the data is compromised? What if your information is stolen from the cloud because another user’s data was at fault? At the end of the day, isn’t the cloud just someone else’s computer? Join this panel discussion as they guide you through the pros and cons in migrating to the cloud.
    Panelists
    Jeff Frier, Bitglass
    Jay Wilson, Healthgrades
    Rhett Saunders, Focus on the Family
    Bruce Potter, Expel
    Moderator: Sam Masiello, Gates Corporation

    1:15 pm
    [Darktrace] Cyber AI: Fighting Back with Autonomous Response
    • session level icon
    speaker photo
    Director, Darktrace
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: CT+T

    The digital enterprise is constantly expanding, with new IoT, cloud, and operational technologies all challenging traditional notions of cyber security. Safeguarding these evolving environments against machine-speed attacks has never been more difficult.
    Yet the digital battleground now features its most formidable defender in Cyber AI — a self-learning technology that distinguishes friend from foe in order to thwart threats autonomously. With the Cyber AI Platform protecting your entire infrastructure in real time, it doesn’t matter whether the attack originates on a connected device, an industrial system, or in the cloud. Wherever it strikes, the AI fights back in seconds.
    In this session, you’ll discover:

    • Why only Autonomous Response can counter today’s machine-speed attacks
    • Where advanced threat-actors exploit vulnerabilities in the cloud and IoT
    • What achieving 100% visibility can reveal about your organization’s risk profile
    • How the Cyber AI Analyst reduces the time spent triaging threats by 92%
    1:15 pm
    [OneTrust] Third-Party Risk Management: Overcoming Today’s Most Common Security & Privacy Challenges
    • session level icon
    speaker photo
    Offering Manager, Third-Party Risk, OneTrust
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Saemon

    Managing third-party vendor risk before, during and after onboarding is a continuous effort under global privacy laws and security regulations. While outsourcing operations to vendors can alleviate business challenges, managing the associated risk with manual tools like spreadsheets is complex and time consuming. To streamline this process, organizations must put procedures in place to secure sufficient vendor guarantees and effectively work together during an audit, incident – or much more. In this session, we’ll breakdown a six-step approach for automating third-party vendor risk management and explore helpful tips and real-world practical advice to automate third-party privacy and security risk programs.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    CISO Ventures Panel: Are Cybersecurity Startups Meeting Expectations of Buyers Taking a Risk on Them?
    • session level icon
    speaker photo
    Founder & Managing Director, Whiteboard Venture Partners
    speaker photo
    CISO, Elevations Credit Union
    speaker photo
    CISO, Gates Corporation
    speaker photo
    Director of Product Security, Collibra
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Bresnan Boardroom

    The number of cyber startups is growing exponentially, with 4300+ cybersecurity companies worldwide including several private “unicorns”. With so many startups engaged in helping organizations achieve cybersecurity outcomes, how do organizational decision makers think about the risks involved in working with them? A panel of CXOs will share their expectations of and experiences with cybersecurity startups, including how they use solutions from startups to meet existing and emerging cybersecurity challenges.

     

    3:00 pm
    Building a Cybersecurity Program: Lessons Learned from a New CISO
    • session level icon
    speaker photo
    CISO, Denver Health
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Saemon

    The first few years in a CISO role can offer unique challenges and opportunities. Gain insight into a new CISO’s experience building a security program and doing all the things necessary to be successful. We will discuss key learnings and takeaways about the importance of relationships, strategic vs. technical/tactical efforts, managing vendors, leading a team, and keeping up with emerging threats and new technology.
    Presentation Level: MANAGERIAL (security and business leaders)

    3:00 pm
    Incident Response Execution - Interactive Exercise
    • session level icon
    speaker photo
    Cyber Risk Advisory Board Member, Pepperdine University
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: CT+T

    Malicious activity is ever changing – therefore the approach of incident response must also change. It is essential for incident responders to expand beyond traditional incident response activities by digging deeper into alerts. In this interactive session, incident responders will have the opportunity to practice problem solving through real life scenarios by pivoting off data points, threat hunting, and proposing viable solutions that expand beyond conventional response activities.

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: ACA/Triax

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:00 pm
    SecureWorld PLUS Part 2- Cloud Security Training
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director, Security Architecture, State of Colorado, Governor's Office of IT
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Barco Library

    The  3-part Cloud Security course will immerse students/attendees into the new frontier of IT and security services delivery in the Cloud. Using proven engaged learning techniques, students will leave the session with a solid Cloud Security knowledge and skills combined with applied hands-on on the most popular Cloud Services Provider.

    Course Outline:

    • Cloud Computing Governance, Risk, and Compliance (GRC)
    • Cloud Identity and Access Management (IAM)
    • Cloud Network Security
    • Cloud Compute Security
    • Cloud Storage Security
    • Cloud Application Security (DevSecOps)
    • Cloud Operation Security

    By the end of the session you will:

    • Have a solid understanding of the Cloud Computing and Security based on NIST and ISO/IEC.
    • Be able to evaluate the security posture of any Cloud Service Providers (CSP) Using FedRAMP and CSA CCM.
    • Be able to select, design, and deploy secure cloud services based on the business requirements
    • Use the knowledge and skill learned as a foundation to pursue popular Cloud Security Certifications such as CSA CCSK, ISC2 CCSP, and AWS Security

    To maximize the benefit of the class, the student needs to:

    • Have a Curious, and eager to learn.
    • Ask, Ask, and Ask questions
    • Bring their own laptops to participate in the labs and capture valuable information
    • Have an AWS free account at https://aws.amazon.com/free

    Course Outline:

    • Cloud Computing Governance, Risk, and Compliance (GRC)
    • Cloud Identity and Access Management (IAM)
    • Cloud Network Security
    • Cloud Compute Security
    • Cloud Storage Security
    • Cloud Application Security (DevSecOps)
    • Cloud Operation Security
  • Wednesday, October 30, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: ACA/Triax

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 3 - Cloud Security Training
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director, Security Architecture, State of Colorado, Governor's Office of IT
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Barco Library

    The  3-part Cloud Security course will immerse students/attendees into the new frontier of IT and security services delivery in the Cloud. Using proven engaged learning techniques, students will leave the session with a solid Cloud Security knowledge and skills combined with applied hands-on on the most popular Cloud Services Provider.

    Course Outline:

    • Cloud Computing Governance, Risk, and Compliance (GRC)
    • Cloud Identity and Access Management (IAM)
    • Cloud Network Security
    • Cloud Compute Security
    • Cloud Storage Security
    • Cloud Application Security (DevSecOps)
    • Cloud Operation Security

    By the end of the session you will:

    • Have a solid understanding of the Cloud Computing and Security based on NIST and ISO/IEC.
    • Be able to evaluate the security posture of any Cloud Service Providers (CSP) Using FedRAMP and CSA CCM.
    • Be able to select, design, and deploy secure cloud services based on the business requirements
    • Use the knowledge and skill learned as a foundation to pursue popular Cloud Security Certifications such as CSA CCSK, ISC2 CCSP, and AWS Security

    To maximize the benefit of the class, the student needs to:

    • Have a Curious, and eager to learn.
    • Ask, Ask, and Ask questions
    • Bring their own laptops to participate in the labs and capture valuable information
    • Have an AWS free account at https://aws.amazon.com/free

    Course Outline:

    • Cloud Computing Governance, Risk, and Compliance (GRC)
    • Cloud Identity and Access Management (IAM)
    • Cloud Network Security
    • Cloud Compute Security
    • Cloud Storage Security
    • Cloud Application Security (DevSecOps)
    • Cloud Operation Security
    8:30 am
    Shared-VPCs, a Cloud Security Architecture
    • session level icon
    speaker photo
    Network Security Architect, CenturyLink
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Saemon
    The seminar will cover a cloud architecture related to creating Shared VPCs in major cloud vendors such as Azure, AWS & GCP. The architecture will address a hybrid-cloud environment that allows DevOps to do more of the development and use common tools vetted by IT and Security that streamlines operations. No GUI configs, and nothing too deep in the weeds…we are focused on the security concepts of Shared-VPCs. The audience will walk away with an innovative approach, providing applications standard methods to secure and transfer data between the cloud and traditional data center applications.Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    8:30 am
    How Privacy and Security Work Together
    • session level icon
    speaker photo
    Director of Privacy and Compliance, American Cyber Security Management
    speaker photo
    GRC Consultant / Privacy & Compliance Specialist, IT Governance USA Inc.
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Bresnan Boardroom

    Security and privacy professionals can build more trust within the organization when they work together rather than in silos.  Come learn how to align these two functions, to reduce duplication of effort while increasing both efficiency and speed to delivery.   Understanding a shared responsibility model and proactively defining the privacy and security roles and responsibilities will enable your organizations to better understand how to protect the data that it collects, processes, and stores.
    Presentation Level: MANAGERIAL (security and business leaders)

    8:30 am
    Industrial Security: Bridging the Gap Between OT and IT
    • session level icon
    speaker photo
    Information Security Officer, Johns Manville
    speaker photo
    Industrial Security Manager, Johns Manville
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: CT+T

    Industrial Control Systems (ICS) are becoming a bigger part of our manufacturing operations and yet few companies truly understand how vulnerable they really are. Much of the problem lies in the lack of communications between the Information Technology and Operational Technology departments. Chris McLaughlin (IT) and Scott Reynolds (Engineering) will share some of the common gaps in understanding that exist between IT and Engineering. This presentation will cover some common ICS vulnerabilities that most IT security teams are unaware of, and will provide tips on how to bridge the communication gap.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    [OPENING KEYNOTE] The Colorado = Security Podcast LIVE
    • session level icon
    Join podcast hosts Robb Reck and Alex Wood as they interview Dale Drew, CSO of Zayo Group.
    speaker photo
    Chief Security Officer, Zayo Group
    speaker photo
    Co-Host, Colorado = Security podcast
    speaker photo
    CISO, Pulte Financial Services, & Co-Host, Colorado = Security podcast
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:30 am
    Location / Room: Keynote Theater

    Come hear Colorado’s #1 security podcast live on the SecureWorld Denver keynote stage! Join podcast hosts Robb Reck (CISO of Ping Identity) and Alex Wood (CISO of Pulte Financial Services) as they update us on the news from the Colorado tech and security scene, and interview Dale Drew, CSO for Zayo Group.
    Dale has run security for Zayo Group over the past year and a half, responsible for securing more than 1400 global locations and over 100,000 production elements. Previous to serving at Zayo, Dale was the Chief Security Officer for Level3. He served for Level3 for over 19 years, through numerous mergers and acquisitions, including their acquisition by CenturyLink.
    Colorado = Security has one mission – to make Colorado the mecca for information security. Find more information at colorado-security.com

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    10:15 am
    Mark Gelhardt Book Signing in the CyberLounge on the Exhibitor Floor
    • session level icon
    Quantities are limited and will be distributed on a first-come, first-served basis.
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 12:00 pm
    Location / Room: CyberLounge on the Exhibitor Floor

    Mark Gelhardt will be signing copies of his book, “My Time at The Clinton White House.”
    Find him in the CyberLounge on the Exhibitor Floor at the following times:
    10:15 a.m. – 12:00 p.m.
    1:00-1:15 p.m.
    BOOK SYNOPSIS:
    Colonel Mark Gelhardt had an atypical military career that landed him in The White House next to the President of the United States, where he was responsible for the last link of communications between the President and the rest of the U.S. government. While a Lieutenant Colonel (LTC) in the Army, Mark was selected by top federal officials to be the Commander of the Data Systems Unit, as part of the White House Communications Agency. In this position, he supported the President as the Chief Information Officer (CIO) for all classified IT used by The White House. LTC Gelhardt served at the White House for over four years (1995-1999), working with President Clinton and his staff almost every day, both on the White House grounds and traveling worldwide. This gave him unfettered access to the inner workings of The White House and the Presidency. Since retiring from the Army in 2001, Mark has been asked by many people about his time at The White House. Mark has many stories about what happened behind closed doors, and proudly speaks about the outstanding support done by the fantastic military members that support the Commander-in-Chief. Mark has taken the time to chronicle his experiences about his day-to-day job at The White House, as well as some of the funny stories he picked up along the way. Please enjoy this non-political book with surprising behind-the-scenes stories. I hope they provide you with some insight to the wonderful military members that work so hard to keep you safe every day in support the of President and Commander-in-Chief.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: A Tactical Discussion – Dividing the Big Picture into Short-Term Wins
    speaker photo
    CISO, Healthgrades
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 3rd Floor Boardroom

    This session is for Advisory Council members only.

    11:15 am
    [Panel] Discussion with Huawei’s VP of Risk Management: A Supply Chain Security Case Study
    • session level icon
    speaker photo
    Founder & Managing Director, AgeLight Digital Trust Advisory Group
    speaker photo
    VP, Risk Management & Partner Relations, Huawei Technologies (USA)
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: CT+T

    Is Huawei a trade war target or a security risk? Regardless, the Huawei accusations by the U.S. Government have shed light on a crucial fact: increased reliance on new technologies introduces new threats into an ecosystem and supply chains. Join this discussion with Huawei’s VP of Risk Management on mitigating your organization’s supply chain risk by applying stringent criteria to all devices and services. The discussion will include the recent review of Huawei technologies and lessons learned can be applied to every enterprise including best practices advocated by NIST, NTIA, and others. Key tenets include embracing security by design, use of risk-based decision models and sharing threat intelligence data.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    11:15 am
    [Expel] Get a Grip on Cloud Security: How to Lasso and Protect Your Cloud-Based Data and Apps
    • session level icon
    speaker photo
    CISO, Expel
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Saemon

    The cloud is a new frontier, and—just like in those old westerns—it sometimes seems lawless. Decision makers and developers with credit cards are moving their data to Microsoft Azure and AWS, while IT rolls out Office 365. CISOs are getting left in the dust, trying to understand where all the data and apps went and—once they find them—figuring out how to reverse engineer security into the cloud.
    The good news is that a smart combination of controls, workflow, and some of the basic tools your cloud providers give you can help you find and reign in outlaw activity.
    Join Bruce Potter, CISO of Expel, for this session where he’ll share tips and tricks for thinking about and implementing cloud controls, along with workflow ideas that’ll help protect all your workloads.

    Presentation Level: MANAGERIAL (security and business leaders)

    11:15 am
    Consumer Rights and Business Responsibilities
    • session level icon
    speaker photo
    Partner, Husch Blackwell LLP
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Bresnan Boardroom
    When the California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020, privacy law in the United States will never be the same. During this presentation, we will discuss how the CCPA is changing privacy law in this country, including how its creation of new privacy rights for California residents will impact businesses in 2020 and beyond. We will also discuss Nevada’s amendments to its online privacy statutes (effective October 1, 2019), and what to expect from other state legislatures in 2020.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

     

    11:15 am
    Manage Vulnerabilities Like a Pro: How to Take Your Vulnerability Management Program to the Next Level
    • session level icon
    speaker photo
    Community Instructor, SANS Institute
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: ACA/Triax
    At an organizational level, we all have assets and these assets all have vulnerabilities. Most of us have a patching program. Some of us have exception policies. A few of us have automated the entire process, but almost none of us think there isn’t room for improvement in the program as a whole. Join this session to learn how to take your current program to that next level and what it takes to own the vulnerability management cycle in your own organization.

     

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Topic: Reporting to the Board – Using Meaningful Metrics in a Language we ALL Can Understand
    speaker photo
    Security Architect, Sungard Availability Services
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 3rd Floor Boardroom

    This session is for Advisory Council members only.
    Lunch will be served during this roundtable.

    12:15 pm
    [LUNCH KEYNOTE] How to Manage Your Own Career to Get to the Top
    • session level icon
    speaker photo
    Former CIO, The White House
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    Do you have a plan for your future? Why not? You are the leader of your own destiny! You need to look at where you are, where you want to go, and have a plan to get there. We will talk about how to develop a plan, what to think about, and how to put one foot in front of the other to get to your end goal. We will also talk about how to manage up to your boss to get what you need to help you in your own career. Col. Mark Gelhardt made it to The White House managing his own career, and stood next to the President of the United States. He will tell you how he did it; if he can do it, so can you!

     

    1:15 pm
    [Panel] You Got Burned! Now What? (Incident Response)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    We’ve all heard the adage that it’s not if it happens but when you are inevitably breached. Do you have a plan? Even a framework to go off of? What do you include? Who do you include? How often should you be practicing this plan? Join our experts as they discuss incident response plans, who should be involved, best practices, and pitfalls.
    Panelists:
    John Linzy, Bitdefender
    Jason Teplitz, Crowdstrike
    Stephen Swanson, Wow!
    Moderator: Mary Haynes, Charter Communications

    1:15 pm
    [Privacy Panel] A Solution Stack Ideation
    • session level icon
    speaker photo
    President, American Cyber Security Management
    speaker photo
    Co-Founder, ConsentGrid
    speaker photo
    Offering Manager, Third-Party Risk, OneTrust
    speaker photo
    Director, Privacy Program, IBM Security
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Bresnan Boardroom

    A solution stack focuses on the emerging technologies that businesses need to evaluate in order to implement end-to-end privacy solutions. These complimentary solution providers will discuss their unique privacy solution and where they fit in the enterprise privacy framework.
    The audience will have a much broader understanding of solutions immediately available today that can support their privacy programs, making them more sustainable and faster to respond to privacy law changes.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    [Panel] Cybersecurity Leaders on Privacy
    • session level icon
    speaker photo
    CISO, Pulte Financial Services, & Co-Host, Colorado = Security podcast
    speaker photo
    CISO, Ntirety (formerly HOSTING.com)
    speaker photo
    CISO, FirstBank
    speaker photo
    Cyber Risk Advisory Board Member, Pepperdine University
    speaker photo
    Privacy & Security Officer, Connect for Health Colorado
    speaker photo
    Data Protection Officer, Compassion International
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Bresnan Boardroom

    This session will enable attendees to learn about what privacy elements are important for local cybersecurity leaders, their approach to implementing privacy in their organizations, and how they have attested to their new privacy programs. Come hear about these local leaders’ opinions on privacy, new regulations, and ask their opinions about why and when privacy matters.

    3:00 pm
    IPv6 Security: The Latent Threat
    • session level icon
    speaker photo
    Chair Emeritus, Rocky Mountain IPv6 Task Force
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: CT+T
    Many organizations already have IPv6 networks, some organizations are working on their transitions to IPv6 and others are contemplating what IPv6 means to them. IPv6 is now used extensively on the Internet, but not intentionally implemented in enterprise networks. Most organizations already have IPv6 running on their networks and they don’t even realize it. All computer operating systems now default to running both IPv4 and IPv6 which could lead to security vulnerabilities if one is not prepared. IPv6 security vulnerabilities currently exist “in the wild” and as the popularity of the IPv6 protocol increases so will the number of threats. This session will cover the overview of IPv6 security threats and protection measures.Presentation Level: TECHNICAL (deeper dive including TTPs)
    3:00 pm
    Surviving and Thriving in the Internet Wild - Cybersecurity With a Shoestring!
    • session level icon
    speaker photo
    IS Manager, Town of Castle Rock
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Saemon

    In a survival situation, you have incredibly limited resources and manpower. This mirrors the case often faced by cybersecurity professionals; with many parallels between the wilderness trying to kill you and the Internet “wild”. How will you survive and overcome?
    In the wild, making a fire is a key difference between life and death. No matches/lighter? No problem. You just need a shoestring to make a roaring fire in mere minutes! As applied to cybersecurity, a strategically effective application of knowledge and skills with whatever limited resources you have will cause you to survive and even thrive!
    Presentation Level: MANAGERIAL (security and business leaders)

Exhibitors
  • ACP Colorado Rocky Mountain Chapter
    Booth:

    ACP is the premier organization for business continuity professionals providing a powerful networking and learning environment for ACPits members. Known for its progressive programs, workshops and symposiums, the organization has become a unifying force in defining and leading the continuously evolving fields of business continuity, disaster recovery, and emergency response (the “profession”). The Organization is strategically aligned with business partners such as DRI International, and BC Management, as well as our corporate sponsors. With a strong presence in North America, ACP has 42 chapters and over 2,300 members. We welcome all individuals, regardless of experience or certification, with an interest in the Profession.

    Founded in 1983, we are an established community of industry experts, educators, practitioners, leaders, facilitators and advocates. Our members view us as connectors and as a vital networking source.

  • Alert Logic
    Booth: 117

    Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.

  • Alliance Technology Group
    Booth: 427M

    Alliance Technology Group is a North American Systems Integrator & IT Solutions/Services company. Alliance specializes in IT Infrastructure; Physical & Cyber Security, Storage, Systems and Networking. Our Team deploys these solutions in Traditional IT Enterprises, Private, Public & Hybrid Clouds and IoT & Edge Environments. Alliance’s Consulting & Professional Services Group provides expert support for all of the solutions we offer including design, implementation and managed services. Alliance serves customers in the Private & Public sectors and has become a trusted partner to increase the effectiveness of how IT positively impacts business.

    Alliance’s team of highly trained and certified experts have been delivering complex IT Solutions since 1997. While the technology industry continues to rapidly change, Alliance’s goals have remained consistent; listen to our customers, understand their needs and deliver solutions that provide real business value.

    To solve some of the most demanding IT challenges Alliance has developed Purpose Built Solutions targeted around Big Data, Cyber Security, First Responder & Public Safety and Cloud markets. Alliance’s Purpose Built Solution Divisions include PliantCloudVigilant PlatformsSentryWire and CyberAlliance.

  • Bitdefender
    Booth: 210

    Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.

    From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.

  • Bitglass
    Booth: 138

    Your company’s move to the cloud delivers flexibility and cost savings, but that doesn’t mean you should lose control of your data. Bitglass’ Cloud Access Security Broker (CASB) solution enables your enterprise to adopt cloud apps while ensuring data security and regulatory compliance. Bitglass secures your data in the cloud, at access, on any device.

    Bitglass was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.

  • CISO Ventures
    Booth:

    Whiteboard Venture Partners is building this exclusive community to help cybersecurity startups engage/collaborate with security innovation stakeholders.

  • Cloud Privacy Labs
    Booth: 433M

    At Cloud Privacy Labs we provide privacy solutions for organizations that use or exchange personal data. Our product ConsentGrid™ is a privacy governed data flow platform that helps companies achieve compliance, enhance transparency, and empower their users. It combines user consent, preferences, and organizational policies to govern data in-flight.

  • Cloud Security Alliance Colorado Chapter
    Booth:

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Cobalt.io
    Booth: 424M

    Cobalt’s Pentest as a Service (PtaaS) Platform transforms traditional pentesting into a data-driven vulnerability management engine. Fueled by a global talent pool of certified freelancers, our modern pentest platform delivers actionable results that empowers agile teams to pinpoint, track, and remediate vulnerabilities.

  • Code42
    Booth: 413M

    Code42 is the leader in information security. We secure more than 50,000 organizations worldwide, including the most recognized brands in business and education. Because Code42 can secure every version of every file, we offer security, legal and IT teams total visibility and recovery of data–wherever it lives and moves.

  • Colorado ECTF
    Booth:

    As a result of the amalgamation of advanced technology and the Internet, both the quantity and sophistication of cybercrimes targeting U.S. financial institutions and critical infrastructure have increased. Today, criminal trends show an increased use of phishing emails, account takeovers, malicious software, hacking attacks and network intrusions resulting in significant data breaches. To protect the nation’s financial infrastructure from cyber and financial criminals, the Secret Service has adopted a multi-pronged approach.

  • Colorado Technology Association
    Booth:

    The Colorado Technology Association leads the network of companies and professionals fueling Colorado’s economy, through technology.

    At the Colorado Technology Association, we:

    – Lead an inclusive network that benefits our member community
    – Advocate for a pro-business and technology-friendly climate
    – Influence the development of a robust talent pipeline
    – Lead initiatives to help companies grow.

  • Comodo Cybersecurity
    Booth: 216

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • Corelight
    Booth: 220

    Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com 

  • CrowdStrike
    Booth: 309

    CrowdStrike Inc. (Nasdaq: CRWD), a global cybersecurity leader, is redefining security for the cloud era with an endpoint protection platform built from the ground up to stop breaches. The CrowdStrike Falcon® platform’s single lightweight-agent architecture leverages cloud-scale artificial intelligence (AI) and offers real-time protection and visibility across the enterprise, preventing attacks on endpoints on or off the network. Powered by the proprietary CrowdStrike Threat Graph®, CrowdStrike Falcon correlates over two trillion endpoint-related events per week in real time from across the globe, fueling one of the world’s most advanced data platforms for security.

    With CrowdStrike, customers benefit from better protection, better performance and immediate time-to-value delivered by the cloud-native Falcon platform. There’s only one thing to remember about CrowdStrike: We stop breaches. Qualifying organizations can gain full access to Falcon Prevent™ by starting a free trial. Learn more: https://www.crowdstrike.com/

  • Darktrace
    Booth: 103

    Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,000 organizations to protect against threats to the cloud, email, IoT, networks and industrial systems.

    The company has over 1000 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Egnyte
    Booth: 227

    Egnyte is the only secure content platform that is designed specifically for business. Egnyte provides teams with secure file sharing capability and access to content delivered at hyper-speed, regardless of file size, location, device or bandwidth.  More than 15,000 of the world’s most demanding and regulated businesses in more than 120 countries around the globe trust Egnyte to manage their content on the cloud.

  • Expel
    Booth: 316

    Expel provides transparent managed security, on-prem and in the cloud. It’s the antidote for companies trapped in failed relationships with their managed security service provider (MSSP) and those looking to avoid the frustration of working with one in the first place. To learn more, go to https://www.expel.io.

  • ForgeRock
    Booth: 230

    ForgeRock® is the digital identity management company transforming the way organizations interact securely with customers, employees, devices, and things. Organizations adopt the ForgeRock Identity Platform™ as their digital identity system of record to monetize customer relationships, address stringent regulations for privacy and consent (GDPR, HIPAA, FCC privacy, etc.), and leverage the internet of things. ForgeRock serves hundreds of brands, including Morningstar, Vodafone, GEICO, Toyota, TomTom, and Pearson, as well as governments like Norway, Canada, and Belgium, securing billions of identities worldwide. ForgeRock has offices across Europe, the USA, and Asia

  • IAPP
    Booth:

    Your Comprehensive global information privacy community and resource. Data powers the information economy. And the risks associated with it continue to skyrocket. Data breach, identity theft, loss of customer trust—these are the threats to organizations of all sizes, in all sectors, in today’s marketplace.

    The International Association of Privacy Professionals (IAPP) is a resource for professionals who want to develop and advance their careers by helping their organizations successfully manage these risks and protect their data. In fact, we’re the world’s largest and most comprehensive global information privacy community.

    The IAPP is the only place that brings together the people, tools and global information management practices you need to thrive in today’s rapidly evolving information economy.

  • IBM Resilient
    Booth: 418M

    In an industry focused on building walls, IBM Security is focused on creating an open, connected security ecosystem that leverages AI, cloud, orchestration and collaboration to help clients improve compliance, stop threats and grow their businesses securely. Our strategy reflects our belief that today’s defenses will not suffice tomorrow. It challenges us to approach our work, support our clients and lead the industry, allowing you to be fearless in the face of cyber uncertainty.

  • Identity Defined Security Alliance
    Booth:

    Identity Defined Security provides real time, intelligence-based access to data and applications by integrating IAM infrastructure with enterprise cyber security technologies.
    The Identity Defined Security Alliance provides the framework and practical guidance that helps organizations put identity at the center of their security strategy, optimizing cyber security investments while controlling risk as IT infrastructures converge.
    Community developed, practitioner approved.

  • InfraGard Colorado – Denver Members Alliance
    Booth:

    InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of individuals, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.

    The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.

  • ISACA Denver Chapter
    Booth:

    The Denver Chapter of ISACA® (formerly EDPAA) was founded in June 1976 with just a handful of members. Today, the Denver chapter with over 1,040 members, is one of the largest chapters within the Southwestern Region. The Denver Chapter contributes to the international organization with financial support and periodic hosting of the International Conference.

  • (ISC)2 Denver Chapter
    Booth:

    (ISC)²® is the largest not-for-profit membership body of certified information security professionals worldwide, with nearly 80,000 members in more than 135 countries. Globally recognized as the Gold Standard, (ISC)² issues the Certified Information Systems Security Professional (CISSP®) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP®), Certified Authorization Professional (CAP®), and Systems Security Certified Practitioner (SSCP®) credentials to qualifying candidates.

  • ISSA Colorado Springs Chapter
    Booth:

    ISSA Colorado Springs Chapter: Developing and Connecting Cybersecurity Leaders Globally. ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.

  • Ixia, a Keysight Business
    Booth: 136

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Meta Networks
    Booth: 125

    The way we work has changed dramatically in the last decade. We’re no longer sitting in an office every day, working with applications in the local data center. It’s not just that the perimeter is dissolving – security paradigms designed around the idea that users on the LAN can be trusted is dangerous.We believe it’s time to update the way we approach network access and security. It’s now possible to leverage the cloud and the internet to build a global, zero-trust private network that is agile and scalable enough for the way we do business today. With the Meta Network-as-a-Service (NaaS), you can rapidly connect user devices to applications in the data center and the cloud and secure them with a software-defined perimeter. Meta NaaS is user-centric rather than site-centric, making it the ideal solution for the network security challenges that businesses face today – from providing user-friendly remote access, to connecting cloud infrastructure, and reducing management costs.Meta Networks was founded in 2016 by a leading team of cloud, networking and security experts from companies including Stratoscale, Intel, Check Point, Oracle, Cisco, Harman, Incapsula, Ericsson, 3M and Elbit. The company is funded by the BRM Group and Vertex Ventures.

  • Mimecast
    Booth: 312

    Mimecast Is Making Email Safer For Business.

    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service. Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • NetQuest Corporation
    Booth: 222

    NetQuest provides telecommunications carriers and government agencies with cyber intelligence and network visibility solutions including unsampled NetFlow/IPFIX generation and advanced packet processing for securing high-capacity networks. Since its inception in 1987, NetQuest has provided SIGINT and network monitoring solutions to customers around the world.

  • NewCloud
    Booth: 422M

    NewCloud Networks is a global cloud services provider specializing in Backup, Disaster Recovery, Production Cloud, Hosted PBX and Security as a Service. NewCloud’s solutions are built using best in breed technology and hosted on our ultra-low latency network in the United States and in Europe. At NewCloud, we believe that great technology is powered by great people. While others are automating support and customer service, we’re proud of our personalized service

  • OneTrust
    Booth: 305

    OneTrust is the leading and fastest growing privacy management software platform used by hundreds of organizations globally to comply with data privacy regulations across sectors and jurisdictions, including the EU GDPR and Privacy Shield.

  • OWASP Denver
    Booth:
  • ProcessUnity
    Booth: 200

    ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources.

  • Radware
    Booth: 330

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • SecureAuth
    Booth: 213

    SecureAuth enables companies to determine identities with absolute confidence. Whether you’re seeking to continuously secure employee,
    customer or partner access, SecureAuth’s flexible and adaptive platform makes everything fast, frictionless and pain-free. Guaranteed.

  • Solutions II
    Booth: 219

    Solutions II, the Cybersecurity and Managed Services experts, specializes in secure IT solutions focused on Virtualization, Business Continuance, Data Lifecycle Management, Networking and Security.

  • Spirion
    Booth: 319

    Spirion is a leading enterprise data management software solution that provides high-precision searches and automated classification of unstructured and structured data with unparalleled accuracy.  Spirion helps businesses reduce their sensitive data footprint and proactively minimize risks, costs and reputational damage of cyberattacks by discovering, classifying, monitoring and protecting sensitive data.

  • SpyCloud
    Booth: 225

    SpyCloud is the leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts worldwide. Our award-winning solutions proactively defeat fraud attempts and disrupt the criminals’ ability to profit from stolen information. Learn more & check your exposure at spycloud.com.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tevora
    Booth: 223

    Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats. For more information visit https://www.tevora.com.com/.

  • Threat X, Inc
    Booth: 411M

    ThreatX protects web applications and APIs from cyber threats across cloud and on-prem environments. By combining behavior profiling and collective threat intelligence with deep analytics, ThreatX delivers precise protection and complete threat visibility. ThreatX Managed Service combines threat hunting with 24/7 access to security experts along with operational management, virtually eliminating costs associated with legacy WAFs.

  • Trustwave
    Booth: 300

    Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries.

  • Unitrends
    Booth: 427M

    Unitrends increases uptime, productivity and confidence in a world in which IT professionals must do more with less. Unitrends leverages high-availability hardware and software engineering, cloud economics, enterprise power with consumer-grade design, and customer-obsessed support to natively provide all-in-one enterprise backup and continuity. The result is a “one throat to choke” set of offerings that allow our customers to focus on their business rather than backup.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Rhett Saunders
    Asia Region (Cybersecurity) Risk Lead, Compassion International

    Rhett Saunders is a seasoned cybersecurity professional and risk leader for Compassion International's Asia Region. His work now focuses on identifying risks to achieving goals and objectives for Asia in order to move faster and reach more children living in poverty. Before coming to Compassion International, Rhett served the Federal Reserve, and while there, led regular Enterprise Risk Management discussions between the Federal Reserve and U.S. Treasury with a focus on cybersecurity. Rhett is also a U.S. Army military veteran who served as an intelligence non-commissioned officer. Rhett earned a Master of Business Administration from LeTourneau University and holds the CISSP credential.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Mohamed Malki
    Director, Security Architecture, State of Colorado, Governor's Office of IT

    Mohamed Malki, director of enterprise security architecture and HIPAA officer, has been key in transforming the State of Colorado’s security landscape. He’s been critical in building Colorado’s cybersecurity plan, designing Colorado's public cloud architecture and building the requirements for Colorado's Blockchain center of excellence. Mohamed holds multiple degrees, speaks four languages, and has more than 30 certifications, including AWS Cloud Architect, CISSP, Google GCP Architect, and Certified Ethical Hacker. A certified security trainer, Mohamed has helped hundreds of individuals achieve various certifications and proactively offers sessions for employees. Mohamed was recognized as “State Cybersecurity Leader of the Year 2019," the state leader who demonstrates a passion and focus on keeping systems secure and thinking about security in the big picture of state IT. More at:
    https://statescoop.com/2019-statescoop-50-awards-recognize-state-it-leaders-projects/

  • speaker photo
    Siam Luu
    Lead Security Architect, Colorado Judicial Department

    Siam Luu has worked information security for over 8 years beginning as an analyst, graduating to an engineer, and currently is employed as a security architect. He has worked in both the public and private sectors in a myriad of different careers and locations in both technical and non-technical roles. At present, he has his CISSP certification and graduated from the University of Colorado with a Bachelor of Science in Business Administration. His current goals are to help organizations improve their security program creating a more effective defensive strategy.

  • speaker photo
    Bryce Verdier
    Sr. Software Engineer, GroupOn

    Bryce Verdier (CISSP, CEH) is currently a Senior Software Developer at GroupOn. In previous roles, he’s also been a Systems Engineer with an automation and DevOps minded focus, and an Information Security Engineer, focusing on host-based security.

  • speaker photo
    David Sonheim
    Cybersecurity Advisor, DHS / CISA
  • speaker photo
    Christopher Calarco
    Special Agent / Private Sector Coordinator, FBI Denver

    Special Agent (SA) Christopher A. Calarco has been in law enforcement for 25 years. He was previously a local and federal prosecutor, and has been an Agent for the FBI for over 20 years. SA Calarco has investigated a number of matters to include reactive violent crimes, gangs, organized crime, fraud and major theft. SA Calarco was also a member of the FBI’s Art Crime Team. He has worked in the Los Angeles Field Office, Denver Field Office and at FBI Headquarters in Washington, D.C. in different capacities to include Field Agent, Associate Division Counsel, Squad Supervisory Special Agent and Unit Chief. SA Calarco currently works on national security matters and is the Private Sector Coordinator in Colorado and Wyoming.

  • speaker photo
    Susan Bond
    Consultant, Advisory Services, Ernst & Young

    As a technical project leader for over 20 years, Susan Bond has delivered solutions across several industries including Energy, Technology, Logistics Real Estate, and Higher Education. Susan was the Technical Lead for the implementation of network, cybersecurity, visualization, SCADA, and analytics infrastructure during construction and transition to operations of the Department of Energy's $100M+ premier energy systems research facility at NREL. Currently, Susan is an Operational Technology (OT) Lead on a large cybersecurity program and the President of InfraGard Denver Members Alliance.

  • speaker photo
    Christopher McMahon
    Special Agent, United States Secret Service

    Chris McMahon is a Special Agent for the United States Secret Service. Prior to joining the Secret Service, Chris was a Prince George’s County, MD Police Officer. Chris is a well-seasoned criminal investigator specializing in cyber-enabled financial fraud, money laundering, credit card/ID fraud among other crimes. Chris began his Secret Service career out of the New York Field Office spending time between the Fraud Squad and Electronic Crimes Task Force where he earned the designation NITRO Agent for specialized training in network intrusions. While in the New York Field Office, Chris ran point on several large-scale multi-national criminal investigations targeting transnational organized crime groups. Chris is currently assigned to the U.S. Secret Service, Global Investigative Operations Center (GIOC) where he specializes in Business Email Compromise schemes and account takeovers focusing on the international nexus of cyber-enabled financial crime.

  • speaker photo
    Sam Masiello
    CISO, Gates Corporation

    Sam Masiello has been working with email, messaging, and fighting internet pollution for over 25 years. Sam currently serves as the CISO at Gates Corporation, where he is responsible for the company's data security, risk, and global compliance initiatives. Prior to Gates, he served as the CISO at TeleTech, where he oversaw the protection of employee, consumer, and customer data for all of the organization's clients, which included many Fortune 500 companies.

    Sam has also been the Chief Security Officer, Head of Application Security, and Head of Security Research at companies such as Groupon, Return Path, and McAfee. He currently serves as Director-at-Large of The Coalition Against Unsolicited Commercial Email (CAUCE), National Advisory Board Member for SecureWorld, and is an Executive Board Member of Colorado Cyber. He has previously served as a member of the Board of Directors for the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG), the Steering Committee of the Online Trust Alliance (OTA), and a member of the Anti-Phishing Working Group (APWG).

  • speaker photo
    Cindi Carter
    Vice President, Chief Security Officer, MedeAnalytics

    As Vice President, Chief Security Officer (CSO) at MedeAnalytics, Cindi oversees global enterprise security. Her mission encompasses creating a culture that places high value on securing and protecting MedeAnalytics and the clients’ information entrusted to them. Cindi has built and matured both cyber and physical security practices at The University of Michigan Health System and Cerner Corporation. More recently, Cindi served as the Deputy Chief Information Security Officer at Blue Cross and Blue Shield of Kansas City. Cindi is the founding President of Women in Security-Kansas City, a non-profit organization with the mission to support women at all career levels in Information Security, and serves as an Advisory Board member within the security industry.

  • speaker photo
    Aleta Jeffress
    Chief Information & Digital Officer, City of Aurora

    Aleta Jeffress is the Chief Information and Digital Officer for the City of Aurora. She has over 20 years as a successful executive business leader and technologist building relationships between business and technology to enable digital transformation and market growth. She drives innovative strategies for business and IT leadership, and has developed teams for Cybersecurity and Project Management Offices from the ground up. Her career began in startup software companies where she started in a call center environment and moved through private and public sector organizations in the areas of software quality, development, product management, and ultimately leadership.

  • speaker photo
    Jessica Raymond
    IT Security Manager, Department of Information Technology, Weld County

    Jessica Raymond is the IT Security Manager for Weld County Government where she had the opportunity to build the security program from the ground up over the last 5 years. She is responsible for information security in a 360 degree fashion including designing, implementing, and maintaining security infrastructure, compliance and audits, governance, risk management, security awareness, incident response, vulnerability management, threat prevention, budgeting, forecasting, project management, and more.

    Prior to working for Weld County Government, Jessica was a Senior IT Security Analyst for the University of Northern Colorado for 5 years and was part of the IBM Managed Security Services division as a member of the Security Operations Center for 7 years. She worked professionally in the Information Technology field for the past 25 years.

    In addition, Jessica serves on the Product Advisory Board for the MS-ISAC. She holds the CISM, CISSP, and C|CISO certifications.

  • speaker photo
    Mary Haynes
    VP, Network Security Operations, Charter Communications

    Mary Haynes is the Vice President of Network Security Operations at Charter Communications. Mary currently leads the network security program for Charter’s core networks and Spectrum services, including High Speed Internet, Telephony, and Video products. Mary is also responsible for Charter’s Customer Security Operations, Law Enforcement Response Team, Abuse management and botnet remediation programs.
    Mary actively participates in a leadership role in numerous security organizations and associations, including the National Communications and Telecommunications Association (NCTA), Communications Information Sharing Analysis Center (ISAC), Communications Sector Reliability and Interoperability Council Working Groups and Infragard. Mary is currently serving as the Communications Deputy Sector Chief for Denver Infragard. As the founding member of Women In Security – Denver, the largest ISSA Special Interest Group.
    Mary has been in the information security field since 1996 and has served in security leadership positions for Evergy, CenturyLink, Sprint, Birch Telecom and AT&T. She graduated Summa Cum Laude from Baker University with a degree in Business Administration.

  • speaker photo
    Ron Winward
    Security Evangelist, North America, Radware

    As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America.
    Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
    Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
    Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
    Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation.

  • speaker photo
    John Callaghan
    Sr. Security Engineer in SOC Operations, Forensics, and Threat Hunting, Pulte Financial Services

    As a security practitioner of 30 years, Jack's experience began in the 80s with commercial and military venues, and expanding in early days of the Internet. It continued to be shaped by the growth of malware and data breaches as global threats against business, nations, and individuals. While developing some of the earliest proactive IPS systems ( proto-SIEM) on an extensive international network (DEC's Easynet) he was able to analyze and evolve response systems by observing the nature and techniques resulting in data exposure.

    His present focus is global information growth and the profitable criminal practices and State actors constantly assaulting data, inevitably with profound impact. Recent work in MSSP and financial sectors continues to expose him to the bleeding edge of data loss affecting every user of this global data repository. His current position, Senior Security Engineer at Pulte Financial, offers constant exposure to threats engineered to steal financial and PII content and continues to sharpen his sense of appropriate Incident Response, CSIRT defense activities, and the continual need to protect individuals funds and privacy.

    As a regular presenter for ISSA and ISACA, he's focused on sessions addressing information exposure, attack methodologies, and integrating threat content and TTPa to quick response defenses, but now is concerned with practical approaches to tailored tactical response, SOC operations, and personal data privacy.

  • speaker photo
    Rhett Saunders
    Asia Region (Cybersecurity) Risk Lead, Compassion International

    Rhett Saunders is a seasoned cybersecurity professional and risk leader for Compassion International's Asia Region. His work now focuses on identifying risks to achieving goals and objectives for Asia in order to move faster and reach more children living in poverty. Before coming to Compassion International, Rhett served the Federal Reserve, and while there, led regular Enterprise Risk Management discussions between the Federal Reserve and U.S. Treasury with a focus on cybersecurity. Rhett is also a U.S. Army military veteran who served as an intelligence non-commissioned officer. Rhett earned a Master of Business Administration from LeTourneau University and holds the CISSP credential.

  • speaker photo
    Bruce Sussman
    Emmy-Winning Journalist, SecureWorld

    Bruce Sussman is a life-long storyteller who spent 20 years on TV screens in Portland, Oregon, as a journalist and meteorologist, winning two regional Emmy awards for “Best Weather Anchor.” He still pops up on KATU News occasionally, but he’s more likely to be spotted now on a security podcast, moderating a panel discussion at a SecureWorld InfoSec conference, or leading a session on more powerful communication in a corporate environment. After a brief stint at Gartner working with CISOs, Sussman now leads cybersecurity writing and content for SecureWorld’s media division.

  • speaker photo
    Jesse Hood
    Director, Darktrace

    Jesse Hood is a Director at Darktrace, the world’s leading cyber AI company. Jesse has helped many enterprise organizations and SMB’s throughout Colorado and the neighboring states deploy cyber AI to detect and stop emerging threats. He works with businesses across a range of industries, including finance, healthcare, biopharma, local government, oil & gas, energy, critical infrastructure, legal firms, and more. During Jesse’s tenure at Darktrace, the company has grown to over 3,000 customers and has been the recipient of numerous achievements, including: Fast Company’s Most Innovative Companies 2018, Forbes Cloud 100 2018, and the CNBC Disruptor 50 2018.

  • speaker photo
    Jaymin Desai
    Offering Manager, Third-Party Risk, OneTrust

    Jaymin Desai is a Certified Information Privacy Professional (CIPP/E , CIPM) and the Third Party Risk Offering Manager at OneTrust—the #1 most widely used privacy, security, and third-party risk technology platform. In this role, Desai oversees a global professional services team of privacy certified consultants focused on formulating efficient and effective responses to data protection requirements. His team advises many of the world's leading organizations on General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and ePrivacy (Cookie Law) solution implementations with extensive experience building and scaling enterprise-level privacy programs. He holds a B.S. in Biomedical Engineering from the Georgia Institute of Technology.

  • speaker photo
    Moderator: Abhijit Solanki
    Founder & Managing Director, Whiteboard Venture Partners

    Abhijit Solanki is the founder of Whiteboard Venture Partners, an early stage venture capital firm helping entrepreneurs achieve their whiteboard dreams.

  • speaker photo
    Christopher Mandelaris
    CISO, Elevations Credit Union

    Chris Mandelaris is the Chief Information Security Officer of Elevations Credit Union. He has over 16 combined years’ experience in IT and Information Security. He received his Bachelor of Science from Central Michigan University and Master’s Degree Information Technology - Walsh College of Business Chris has earned CCISO, CISM, CISA, CRISC, PMP, ITILv3, Six Sigma, MCSA, MCP, CNA, Network+, A+ certifications and is an active member of PMI and ISACA organizations. Previously Chris has worked for Ford Motor Credit, Flagstar Bank, Electronic Arts, Dell, First Tennessee Bank and Bank of America taking on increased roles and responsibilities globally.

  • speaker photo
    Sam Masiello
    CISO, Gates Corporation

    Sam Masiello has been working with email, messaging, and fighting internet pollution for over 25 years. Sam currently serves as the CISO at Gates Corporation, where he is responsible for the company's data security, risk, and global compliance initiatives. Prior to Gates, he served as the CISO at TeleTech, where he oversaw the protection of employee, consumer, and customer data for all of the organization's clients, which included many Fortune 500 companies.

    Sam has also been the Chief Security Officer, Head of Application Security, and Head of Security Research at companies such as Groupon, Return Path, and McAfee. He currently serves as Director-at-Large of The Coalition Against Unsolicited Commercial Email (CAUCE), National Advisory Board Member for SecureWorld, and is an Executive Board Member of Colorado Cyber. He has previously served as a member of the Board of Directors for the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG), the Steering Committee of the Online Trust Alliance (OTA), and a member of the Anti-Phishing Working Group (APWG).

  • speaker photo
    Clint Sowada
    Director of Product Security, Collibra

    As the Director of Product Security at Collibra, Clint Sowada is responsible for delivering secure applications and protecting customer’s data. He has been in the security industry for nearly a decade and has proven track record in building secure SDLC programs at companies that range from endpoint protection to large scale cloud service providers. Prior to joining Collibra, Clint built and managed teams of security professionals at VMware, ServiceNow, Malwarebytes, and SecureAuth. He comes from a technical background specializing in penetration testing, and currently resides in Denver, Colorado.

  • speaker photo
    Randall Frietzsche
    CISO, Denver Health

    Randall’s career started as a Law Enforcement Officer. With the technical aptitude, he moved into technology, starting as an MCSE on Windows NT 4.0. Over the next 22 or so years, he evolved to become the Enterprise Chief Information Security Officer for Denver Health and Hospital Authority. He also teaches cybersecurity courses for Harvard and Regis Universities. As an ISSA Distinguished Fellow, Randall’s mission is to give back to our profession, to mentor, teach, speak, and write. Security is his vocation, avocation and passion. Randall has presented at many security conferences, including Rocky Mountain Information Security Conference, Denver Evanta CISO Summit, SecureWorld, and the Louisville Metro Information Security Conference.

  • speaker photo
    Merlin Namuth
    Cyber Risk Advisory Board Member, Pepperdine University

    Merlin Namuth has spent over 20 years focused in security. His experience includes building and running numerous security programs, program management, managing incident response teams, computer forensics, compliance, architecture, and engineering complex security solutions. Namuth serves on the cyber risk advisory board at Pepperdine University where he also guest lectures. Merlin serves on the Board of Directors at iEmpathize, a nonprofit focused on educating people about human trafficking. He has presented at several conferences, including RSA domestically and internationally, as well as RMISC, OWASP, and ISSA. He holds the PMP, CISSP, GCFA, and GCIH certifications.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Mohamed Malki
    Director, Security Architecture, State of Colorado, Governor's Office of IT

    Mohamed Malki, director of enterprise security architecture and HIPAA officer, has been key in transforming the State of Colorado’s security landscape. He’s been critical in building Colorado’s cybersecurity plan, designing Colorado's public cloud architecture and building the requirements for Colorado's Blockchain center of excellence. Mohamed holds multiple degrees, speaks four languages, and has more than 30 certifications, including AWS Cloud Architect, CISSP, Google GCP Architect, and Certified Ethical Hacker. A certified security trainer, Mohamed has helped hundreds of individuals achieve various certifications and proactively offers sessions for employees. Mohamed was recognized as “State Cybersecurity Leader of the Year 2019," the state leader who demonstrates a passion and focus on keeping systems secure and thinking about security in the big picture of state IT. More at:
    https://statescoop.com/2019-statescoop-50-awards-recognize-state-it-leaders-projects/

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Mohamed Malki
    Director, Security Architecture, State of Colorado, Governor's Office of IT

    Mohamed Malki, director of enterprise security architecture and HIPAA officer, has been key in transforming the State of Colorado’s security landscape. He’s been critical in building Colorado’s cybersecurity plan, designing Colorado's public cloud architecture and building the requirements for Colorado's Blockchain center of excellence. Mohamed holds multiple degrees, speaks four languages, and has more than 30 certifications, including AWS Cloud Architect, CISSP, Google GCP Architect, and Certified Ethical Hacker. A certified security trainer, Mohamed has helped hundreds of individuals achieve various certifications and proactively offers sessions for employees. Mohamed was recognized as “State Cybersecurity Leader of the Year 2019," the state leader who demonstrates a passion and focus on keeping systems secure and thinking about security in the big picture of state IT. More at:
    https://statescoop.com/2019-statescoop-50-awards-recognize-state-it-leaders-projects/

  • speaker photo
    Joe Dietz
    Network Security Architect, CenturyLink

    A technology focused senior level IT security professional with an excellent balance of business experience and knowledge of systems/network security. Always conducting oneself with integrity and ethical behavior following the motto of “Always do the right thing.”

  • speaker photo
    Janelle Hsia
    Director of Privacy and Compliance, American Cyber Security Management

    Janelle Hsia is a trusted advisor for strategic and tactical decision making within organizations of all sizes. She brings a diverse background with strong leadership, technical, and business skills spanning 20 years of experience in the areas of project management, IT, privacy, security, data governance, process improvement, and software development. Her passion is creating comprehensive data governance programs for SMEs which blends security, privacy, and risk disciplines together. Her experience includes Director of Privacy and Compliance, Deputy Information System Security Officer, and Board of Directors for the Colorado Chapter of Cloud Security Alliance (CSA). She holds the following certificates CIPM, CIPP/E, CISA, PMP, and GSLC.

  • speaker photo
    Preston Bukaty
    GRC Consultant / Privacy & Compliance Specialist, IT Governance USA Inc.

    Preston Bukaty is an attorney and consultant working for IT Governance USA. He specializes in data privacy GRC projects, from data inventory audits to gap analysis, contract management, and remediation planning. His compliance background, and experience with operationalizing compliance for a variety of industries, give him a strong understanding of the legal issues presented by international regulatory frameworks. Having conducted over 3,000 data mapping audits, he also understands the practical realities of project management in operationalizing compliance initiatives.

    Preston’s legal experience and passion for technology make him uniquely suited to understanding the business impact of privacy regulations like the GDPR and CCPA. He has advised more than 250 organizations engaged in businesses as varied as SaaS platforms, mobile geolocation applications, GNSS/telematics tools, financial institutions, fleet management software, architectural/engineering design systems, and web hosting. He also teaches certification courses on GDPR compliance and ISO 27001 implementation, and writes on topics related to data privacy law.

    Preston lives in Denver, Colorado, much to the envy of friends and family. Prior to working as a data privacy consultant, he worked for an international GPS software company, advising business areas on compliance issues across 140 countries. Preston holds a juris doctorate from the University of Kansas School of Law, along with a basketball signed by Hall-of-Fame coach Bill Self.

  • speaker photo
    Chris McLaughlin
    Information Security Officer, Johns Manville

    Chris McLaughlin is the Information Security Officer at Johns Manville, a Berkshire Hathaway company. JM is leading global manufacturer of insulation, roofing and glass fibers products. Chris has over 20 years of security and infrastructure experience leading the vision for a highly complex manufacturing environment. Chris has a passion for industrial security and has developed a center of excellence around industrial control systems that brings engineering and IT teams together to work towards common goals. Chris holds an MBA from the University of Colorado.

  • speaker photo
    Scott Reynolds
    Industrial Security Manager, Johns Manville

    Scott Reynolds is the Industrial Security Manager at Johns Manville. He has over 14 years of Industrial Engineering experience and is an active member of the OT / IT community. Scott has held leadership roles in the International Society of Automation (ISA) for the last four years and is currently an Executive Board Member. Scott has an electrical engineering degree from the University of Maine and an MBA from The University of South Dakota.

  • speaker photo
    Dale Drew
    Chief Security Officer, Zayo Group

    Dale is currently the Chief Security Officer of Zayo Group, Inc, a global telecommunications service provider based in Boulder, Colorado. Dale is an accomplished and experienced corporate security executive with 31 years of experience in developing critical global security programs, having worked in Federal/State Law Enforcement and with Internet Service Providers (ISP). Dale brings a practical capability to integrating security into the culture of the business, enabling the company to be more flexible, with demonstrable results. He is an experienced leader in creating high performance teams, designing innovative security solutions, handling global regulatory environments, and managing highly technical global personnel. Dale was recently awarded the 2019 top global CISOs by the CISO Platform.

  • speaker photo
    Robb Reck
    Co-Host, Colorado = Security podcast

    “Security only works when it’s in tune with the company it supports. Understanding what we are defending (and why) is more important than preventing, detecting or responding to threats. Understanding is dependent on high-quality relationships with stakeholders.”

    Robb has built successful risk-based security programs in the software and financial services industries. As Chief Information Security Officer at Ping Identity, he is responsible for ensuring the integrity of all Ping products, the confidentiality of sensitive data, and the availability of critical services.

    Previous to his role at Ping, Robb served as VP and CISO for Pulte Financial Services, and as Information Security Officer and Director of Risk Management for Harland Financial Solutions. Robb holds a Bachelor’s of Arts from George Fox University and an MBA from Colorado State University.

  • speaker photo
    Alex Wood
    CISO, Pulte Financial Services, & Co-Host, Colorado = Security podcast

    Alex Wood is currently the CISO for Pulte Financial Services and has over 18 years of experience in information security. Previously he has had managerial, program, and technical roles at several major companies in different verticals. Additionally, Alex has served on the Board of Directors for ISSA International and is a host of the Colorado = Security podcast. Alex is a CISSP and has a MAS in Information Security from the University of Denver.

  • speaker photo
    Book Signing
  • speaker photo
    Jay Wilson
    CISO, Healthgrades
  • speaker photo
    Craig Spiezle
    Founder & Managing Director, AgeLight Digital Trust Advisory Group

    Craig Spiezle is the founder and managing partner of AgeLight Advisory Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.

  • speaker photo
    Tim Danks
    VP, Risk Management & Partner Relations, Huawei Technologies (USA)

    As VP Risk Management & Partner Relations Mr. Danks is responsible for understanding and managing business risks in the context of cybersecurity and privacy across Huawei USA businesses and toward external stakeholders. Further, he is responsible for developing and enhancing partner relationships towards key external stakeholders across academia, channels partners, industry, and suppliers utilizing his broad understanding of Huawei’s local and global business operations.
    Mr. Danks joined Huawei’s USA operations in 2009 holding various senior level positions in Huawei’s carrier network and consumer products businesses covering operations, cybersecurity and risk management in Huawei’s customer facing solutions and services. Most recently Mr. Danks has driven a program to operationalize the NIST Cybersecurity Framework as an organizational assessment model for Huawei’s consumer facing cloud services operations and platforms globally.
    Mr. Danks career spans 30 years in the telecommunications industry in both the vendor and operator environments. Prior to joining Huawei, he spent 18+ years with Ericsson preceded by several years with Rogers Communications. At Ericsson, Mr. Danks held key international positions in Canada, United States, United Kingdom and Sweden. Mr. Danks focus during much of his career was in the telecom services arena expanding into the cybersecurity, privacy and risk management space. Mr. Danks has proven success building and developing highly effective organizations focused on process driven business results supporting customer and partner success. Throughout his career risk management of operations and networks has been a significant factor contributing to success of the organizations under his responsibility. His diversified mix of global experience provides him with a broad understanding of the challenges facing the Information and Communication Technology industry today.

  • speaker photo
    Bruce Potter
    CISO, Expel

    Bruce Potter is the CISO at Expel. Previously, Bruce co-founded Ponte Technologies, a cybersecurity research and engineering company. He also served as the senior technical advisor to the members of President Obama’s Commission on Enhancing National Cyber Security, and co-founded the Shmoo Group in 1996.

  • speaker photo
    David Stauss
    Partner, Husch Blackwell LLP

    David is the leader of Husch Blackwell’s national privacy and data security practice group. Accredited by the International Association of Privacy Professionals as a Fellow of Information Privacy, Certified Information Privacy Professional/United States, and Certified Information Privacy Technologist, David brings to the table a deep engagement with the subject matter and demonstrated excellence in handling privacy and cybersecurity matters for clients. David regularly counsels clients on complying with existing and emerging privacy and information security laws, including the European Union’s General Data Protection Regulation, the California Consumer Privacy Act, and other emerging state privacy and information security statutes.

  • speaker photo
    Serge Borso
    Community Instructor, SANS Institute

    Serge Borso is the founder and CEO of SpyderSec, an organization specializing in penetration testing, security awareness training, and OSINT. He also resides on the board of directors for the Denver OWASP chapter and teaches with the SANS Institute. He is an expert in a variety of information security fields, having served in many roles in the IT and security industries over the past 15 years. As an active member in the information security community, Serge has trained over 1,000 students, presents regularly at various speaking engagements, and his quotes can be read in various industry publications.

  • speaker photo
    Greg Sternberg
    Security Architect, Sungard Availability Services

    Greg Sternberg is a Security Architect at Sungard Availability Services, CISO for ISSA, Denver and Affiliate Faculty at Regis University. He works at incorporating security into the SDLC and securing architectures. He has published and blogged on security and architecture topics and presented at SecureWorld, RMISC, ISC(2) and the Open Group Security Conferences. He holds CISSP, CISM and TOGAF certifications, has a Masters in Software Engineering and Management, is a member of ISACA, ISC(2), InfraGard and a board member of the Denver chapter of ISSA.

  • speaker photo
    Mark Gelhardt
    Former CIO, The White House

    Colonel Mark Gelhardt is a retired Army combat veteran. While in the Army, Mark was selected to be the Chief Information Officer for The White House, supporting President Clinton with secure Automation and Telecommunication for over four and half years. Mark has over 40 years of experience in providing executive level management in Information Technology and Cybersecurity fields as a CTO, CSO, CIO, and CISO for several global companies. He is currently the VP of Global Technology Governance for US Bank. Mark is a published author and well-known keynote speaker.

  • speaker photo
    Moderator: Carlin Dornbusch
    President, American Cyber Security Management

    Carlin Dornbusch is an innovative leader in Cybersecurity and Data Privacy. His company, American Cyber Security Management, brings proven methods, best-in-class tools, and deep knowledge of data privacy and security standards to every client engagement. ACSM excels at creating custom privacy and security programs to meet the demands of modern threats and emerging compliance. Carlin’s background in technology, security, operations, and management give him a well-balanced approach to solving business problems and maximizing Return on Investment. Having worked for some of the most rapidly growing technology and solutions companies in the world, Carlin and his teams have developed hundreds of business leading solutions including; digital transformation, workforce productivity, IT simplification, business automation, customer service, and market expansion. A consultative approach has been the mainstay of Carlin’s methodology ever since leaving corporate employment in 2006. Carlin’s focus on people, process, and technology allows him to improve operational efficiency and help businesses modernize their workplace. His methods and techniques are industry leading and high leveraged by Focused Clouds’ clientele. You can find Carlin as an active member in the Cloud Security Alliance (CSA), Information Systems Security Association (ISSA), and International Association of Privacy Professionals (IAPP) organizations in Colorado. He founded and oversees the ever expanding GDPR/Privacy MeetUp. Carlin also holds an active Certified Information Systems Security Professional (CISSP) certificate from ISC2.

  • speaker photo
    Burak Serdar
    Co-Founder, ConsentGrid

    Burak is one of the co-founders and the technical lead at Cloud Privacy Labs. He has more than 25 years of experience as a software engineer and recently left his position at Red Hat as Principal Software Applications Engineer. His work includes large scale back-end applications for distributed environments and open-source tools for enterprise data management, identity management, configuration automation, and infrastructure-as-code.

  • speaker photo
    Jaymin Desai
    Offering Manager, Third-Party Risk, OneTrust

    Jaymin Desai is a Certified Information Privacy Professional (CIPP/E , CIPM) and the Third Party Risk Offering Manager at OneTrust—the #1 most widely used privacy, security, and third-party risk technology platform. In this role, Desai oversees a global professional services team of privacy certified consultants focused on formulating efficient and effective responses to data protection requirements. His team advises many of the world's leading organizations on General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and ePrivacy (Cookie Law) solution implementations with extensive experience building and scaling enterprise-level privacy programs. He holds a B.S. in Biomedical Engineering from the Georgia Institute of Technology.

  • speaker photo
    Monica Dubeau
    Director, Privacy Program, IBM Security
  • speaker photo
    Alex Wood
    CISO, Pulte Financial Services, & Co-Host, Colorado = Security podcast

    Alex Wood is currently the CISO for Pulte Financial Services and has over 18 years of experience in information security. Previously he has had managerial, program, and technical roles at several major companies in different verticals. Additionally, Alex has served on the Board of Directors for ISSA International and is a host of the Colorado = Security podcast. Alex is a CISSP and has a MAS in Information Security from the University of Denver.

  • speaker photo
    Christopher Riley
    CISO, Ntirety (formerly HOSTING.com)

    Chris is a seasoned IT Strategist with 20 years of leadership experience in Project & Program Management, Technology & Infrastructure, and Security & Governance. He creates and scales internal technology operations for sustained hyper-growth, builds security operations for Managed Security Provider and spearheads Compliance certification programs across industry verticals including PCI, HITRUST, SOC, SSAE 16 and ISO 27001. Chris and his teams have enabled global market access to business objectives in secure environments. As the CISO of Ntirety formerly Hostway | HOSTING, he’s responsible for compliance and security strategy and implementation while guarding the business. He’s dedicated to transforming complex problems into effective information security controls and driving revenue growth.

  • speaker photo
    Brenden Smith
    CISO, FirstBank

    Brenden Smith is the Chief Information Security Officer at FirstBank. Having spent the last 10 years at FirstBank he is passionate about their community involvement and “Banking for Good” philosophy. In his current role Brenden is focused on aligning security with the needs of the business to help drive better business outcomes through better partnership. His passions include dark web research and the ever evolving space of data privacy.

  • speaker photo
    Merlin Namuth
    Cyber Risk Advisory Board Member, Pepperdine University

    Merlin Namuth has spent over 20 years focused in security. His experience includes building and running numerous security programs, program management, managing incident response teams, computer forensics, compliance, architecture, and engineering complex security solutions. Namuth serves on the cyber risk advisory board at Pepperdine University where he also guest lectures. Merlin serves on the Board of Directors at iEmpathize, a nonprofit focused on educating people about human trafficking. He has presented at several conferences, including RSA domestically and internationally, as well as RMISC, OWASP, and ISSA. He holds the PMP, CISSP, GCFA, and GCIH certifications.

  • speaker photo
    Michael Stephen
    Privacy & Security Officer, Connect for Health Colorado

    Michael Stephen is the Privacy & Security Officer for Connect for Health Colorado. His 20 years of IT experience includes designing and building information security solutions and programs to support and further business goals. Michael has significant incident response experience, has developed federally compliant privacy programs, and has a broad range of consulting experience with some of the largest Financial, Telecommunications, State government and Healthcare organizations.

  • speaker photo
    Justin Schluessler
    Data Protection Officer, Compassion International

    Justin Schluessler has served with Compassion International, a global child development non-profit, for 21 years. Starting in IT and then transitioning to Risk Management, Justin was the organization’s very first information security employee—building a comprehensive security and compliance program from the ground up. In his current role as Data Protection Officer, Justin is responsible for leading a global data protection program addressing information security and privacy risk in thirty-eight countries.

    Proving the value of protecting data for employees, beneficiaries, and donors motivates Justin every day. Proving that technologists can tell stories without inflicting fatal boredom is just an added plus.

  • speaker photo
    Scott Hogg
    Chair Emeritus, Rocky Mountain IPv6 Task Force

    Scott Hogg is CTO and a co-founder of HexaBuild.io, an IPv6 consulting and training firm. He is a CCIE #5133 and CISSP #4610 with over 25 years of network and security experience. He is the author of the a Cloud Guru course, “Rapidly Deploying IPv6 on AWS.” Scott is Chair Emeritus of the Rocky Mountain IPv6 Task Force (RMv6TF), and a member of the Infoblox IPv6 Center of Excellence (COE). He has authored the Cisco Press book on IPv6 Security, and also writes for NetworkWorld.com.

  • speaker photo
    Craig Swinteck
    IS Manager, Town of Castle Rock

    Craig Swinteck has a comprehensive background in IT operations and cybersecurity, with a career spanning across entrepreneurship, small businesses to global corporations, serving the public in local and federal government, and providing cybersecurity guidance in challenging industries such as Finance, Healthcare, and Manufacturing. Craig’s passion is to coach people to choose to be the best version of themselves. He is a devoted mentor in both professional and personal life, avid athlete in numerous sports, and sees the challenging realm of cybersecurity as a great complement to the footsteps of his family of aviators, doctors, entrepreneurs, teachers, and world travelers.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store