Click here to view registration types and pricing (PDF)
2017 Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, September 13, 2017
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast: The Challenge of Security in an Age of Asymmetric Threats - (VIP / INVITE ONLY)
    • session level icon
    speaker photo
    Former Special Counsel , Director of the Federal Bureau of Investigation
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: Lookout

    Mr. Olsen will discuss both cyber threats and terrorism and link the two together and talk about some ways to think about solutions. Mr. Olsen also served at the Department of Justice in a number of leadership positions and was responsible for national security and criminal cases. He was a federal prosecutor for over a decade and served as Special Counsel to the Director of the Federal Bureau of Investigation.

    8:00 am
    SecureWorld PLUS Part 1 – How To Build And Maintain A Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 203A

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, University of Massachusetts, President’s Office
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 106

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    8:00 am
    SecureWorld PLUS Part 1 - Threat Hunting and Analysis
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Technology Editor and author of "Threat Hunter" blog, SC Magazine
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 203B

    Threat intelligence has become the coin of the realm in fighting cybercrime. However, simply knowing who the bad guys are and what they do is not enough. You must be able to dig for actionable intelligence and apply that explicitly to your environment. Broadly speaking, we call that threat hunting. Once you have determined the nature and details of threats to your enterprise, you must be able to disseminate them in a manner that is understandable by both humans and machines.

    This full-day, hands-on workshop will introduce you to threat hunting techniques and tools—both free and commercial—that you can use and how to translate your findings to Stix for dissemination to a variety of audiences, as well as consumption by an increasing number of security devices such as IPSs and firewalls. You will work in a virtual lab environment using tools and techniques to discover threats, research them in depth, and create Stix profiles. By the end of the workshop you will have compiled a list of tools that you can use, evaluated those tools in a lab environment, created a Stix profile of an actual cyber campaign, and presented your profile to the rest of the class.

    Visit the Center for Digital Forensic Studies' Training Portal to read the syllabus and other course related materials.

    For this workshop you will need to bring your own Windows laptop and have the current version of the Chrome browser pre-installed. All other tools will be available on a virtual lab machine you will connect to remotely.

    8:30 am
    Trend Micro: Securing Business Cloud Transformation
    • session level icon
    Security shouldn’t stand in the way of business agility, continuity, and flexibility provided by the cloud.
    speaker photo
    Enterprise Account Engineer, Trend Micro
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Room 103

    Cloud projects today are as commonplace as backyard barbecues. Security should be part of a recipe to successfully meet cloud business adoption metrics, such as Time to Service, Time to Value, and Customer Attainment. This presentation will present a high-level understanding of current challenges, regulations, and business objectives, providing business unit owners the knowledge and tools to securely and effectively deliver products and services to their customers.

    8:30 am
    Panel: Michigan CyberPatriot Partners With MEDC to Support 80 Teams For Season 10!
    • session level icon
    Learn about the national Cyber Security competition that will increase the number of students pursuing STEM Degrees.
    speaker photo
    Founder of the Michigan CyberPatriot Program, Director of the Cyber Center , University of Detroit Mercy
    speaker photo
    ATAG-Installations, DMVA Deputy Director, Commander 46th Military Police Command, Michigan Army National Guard and DMVA
    speaker photo
    Full-Time Faculty, Henry Ford College
    speaker photo
    Application Security and Compliance Leader, GE Power & Water
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Suite 3

    A Panel presentation about the Michigan CyberPatriot Program and the partnership with MEDC to provide 80 teams with support. Joining the discussion will be Coaches from across Michigan to help us understand the ins and outs of this National Cyber Competition for Middle and High School students, going into it’s 10 season!

    8:30 am
    Off-Shoring Shakeup – How GDPR Impacts Your Outsourcing Strategy
    • session level icon
    speaker photo
    Cybersecurity Leader , Federal Government
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 105

    38% of US firms outsource to off-shore firms. Per Forbes.com, 86% of these service providers are concerned they will not comply with the new regime. While innovative efforts continue to address the challenge, customers wait in the wings. This session discusses how customer can respond to GDPR’s impact on offshoring.

    8:30 am
    Medjacking: Not Just a Theory
    • session level icon
    speaker photo
    Information Security Architect, Lear Corporation
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Theater

    Medical devices have become more prevalent as the population has aged. The hardware application has changed from being externally affixed to internal and connected via IoT. Although these are exceptionally useful, they are also problematic as InfoSec has not been applied to the application and hardware.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Prevent Medical Device Nightmares in The IoMT
    • session level icon
    speaker photo
    CEO, The Privacy Professor, President, SIMBUS, LLC
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Medical devices can dramatically improve patients’ lives. However, if the devices do not have security built in, they will become a security and privacy nightmare in the Internet of Medical Things. Rebecca will describe the risks of using medical devices in the IoMT, detail real-life incidents, provide five actions to secure the devices (applicable to other types of IoT devices as well), and describe her work with the IEEE Par 1912 Standards working group.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable: The Roles of CIOs, CISOs & IT in Managing a Privacy Program (VIP / Invite Only)
    • session level icon
    speaker photo
    CEO, The Privacy Professor, President, SIMBUS, LLC
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Boardroom
    11:15 am
    Cyber Resilience: Rethinking Cybersecurity Strategy
    • session level icon
    speaker photo
    Professor and Program Director, UDM’s Center for Cyber Security and Intelligence Studies
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 101

    A decade of data indicates that conventional cybersecurity approaches don't work. This presentation offers a completely new paradigm for corporate cyber-protection; one that is a potentially much more effective means of securing critical assets.

    11:15 am
    Check Point Software: Protecting Your Enterprise From the Next Security Breach: Mobile Devices
    • session level icon
    speaker photo
    Mobility Expert, Check Point Software Technologies, Inc.
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 103

    BYOD is a reality. Learn how SandBlast Mobile takes an innovative approach to detecting and stopping mobile threats before they start. Whether your data is at rest on a device or in flight through the cloud, SandBlast Mobile helps protect you from vulnerabilities and attacks that put data at risk.

    11:15 am
    Centrify: It’s Time To Rethink Security
    • session level icon
    speaker photo
    Senior Technical Marketing Manager, Centrify
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 105

    Last year, over $80 billion was spent on cybersecurity (Gartner), yet 2/3rds of organizations were still breached (Forrester). The reason? 81% of data breaches involved weak, default or stolen passwords (Verizon). Join us to learn why current threats and today's hybrid IT environment require changes to old security models and how Identity Services defends your organization against the most common cyber attacks.
    We'll examine:
    The current (broken) state of security and the role identity plays in cyber attacks
    The massive rethink underway that redefines security to follow identity
    How identity services reduce th erisk of breaches by over 50%

    11:15 am
    Radware: Cyber War Chronicles – Stories from the Virtual Trenches
    • session level icon
    speaker photo
    Security Evangelist, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Theater

    2016 saw a continuation of some cybersecurity threats, as well as the emergence of some attack types and trends. Ransom attacks, political hacks, and new dynamics around the accessibility and capability of attack tools have added even more challenges to security. This session will explore some of the latest evolutions of the threat landscape, through a combination of market intelligence, real-world case studies, and direct insights from those on the front lines of cybersecurity.

    11:15 am
    Identity Theft Through OSINT/Social Engineering
    • session level icon
    speaker photo
    Advisory Manager / Security Researcher, Big 4
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Suite 3

    This talk will demonstrate how easy identity theft has become because of OSINT and the ability to easily social engineer and grab meta data. It will cover how an attacker uses OSINT to build targeted attacks; how an attacker builds a profile using software to represent their data about you; and how an attacker uses data points to pivot from one source to another online. The target was a randomly selected target. Not only does it cover his current activity but his cached activity, which enables attackers to target him. The story will show how an initial search to a complete PWNAGE was done on the individual because of a random blog that was discovered. This talk also shows how easily I was able to find his company's email format and private IP addresses, which could have completely allowed me to own his company's network because his company allowed BYOD. It will cover how you can better prepare and protect yourself.

    To learn more about this topic, read SecureWorld's interview of Zee here:
    https://www.secureworldexpo.com/industry-news/dangers-identity-theft-open-source-intelligence

    12:00 pm
    Advisory Council Lunch Roundtable: How Today’s Organizations are Adopting and Operationalizing the NIST Cybersecurity Framework – (VIP / Invite Only)
    • session level icon
    speaker photo
    CISO, University of Massachusetts, President’s Office
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Boardroom
    12:15 pm
    LUNCH KEYNOTE: Optiv - Cloud Security is Application Security – Securing the Cloud as a Team
    • session level icon
    speaker photo
    Senior Director, Cloud Security, Optiv
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    “Infrastructure” is software in the era of Cloud; you should consider the software design choices as they impact not only the application structure, but also security in the Cloud. The convergence of the AppDev team and the security team allows for securing the cloud throughout the process without impacting agility. Bringing security in at the eleventh hour after applications have been built is not likely to be ideal either for development or production based workloads in the Cloud. This session offers:
    • Factors to consider when making software design choices
    • Tips on weaving security best practices into the SDLC without impeding the velocity of AppDev
    • Benefits of architecting applications hand in hand between AppDev and Security teams.

    1:15 pm
    Panel: Beware the Highwaymen: Rise of the Cyber Criminal
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Suite 3

    Modern civilization has always been plagued by various classes of criminals. Travelers would hire guards to protect their caravans from hijackers. Thieves came up with various ploys to trick travelers on the road. In today’s day and age the advent of interconnected devices, allowing for portability of corporate secrets, has given rise to a completely different class of nefarious actors. Cyber criminals range from those bent on stealing your personal information to “cyber terrorists” who have the capability to inflict harm on a much wider scale. Uninhibited by current laws, they are very effective given the speeds of networks, lack of appropriate security controls, and the anonymous nature of the attacker. Making matters worse, the crime may be perpetrated by entities outside of the legal jurisdiction where the unlawful act took place. This panel will explore the tools these criminals use, what can be done to prevent them, and how to safeguard your data.
    Panelists:
    Ron Winward, Radware
    Paul Giorgi, Exabeam
    Garrett Weber, Guardicore
    Dave Trader, GalaxE Solutions
    Chris Sullivan, Core
    Louise Popyk, Centrify
    Moderator: Stephanie Scheuermann

    1:15 pm
    Panel: Hazards on the Horizon - Emerging Threats
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Just as in the days of yore, you must have watch guards in the tower scanning the horizon for enemy banners. If you follow cyber threats, then you know that the landscape is constantly changing. From the bring your own device (BYOD) workplace to mobile-malware, social engineering, and everything in between, information security has transformed. In order stay ahead of the ever-changing threats, it is imperative to constantly improve and change security policies. Join industry experts as they discuss the importance of rolling with the changes, and how your company can stop the threat before it gets to the castle gate.
    Panelists:
    Christopher Russell, Trend Micro
    Kevin Peterson, Zscaler
    John Muirhead, Venafi
    Robert Slocum, Forcepoint
    Tim White, Qualys
    Michael Dalgleish, LogRhythm
    Moderator: Dan Lohrmann

    1:15 pm
    RSA: Business-Driven Security: A New Plan for Chaos
    • session level icon
    speaker photo
    Senior Solutions Principal, RSA
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 103

    We will discuss how and why key-business drivers shape your security operations. We go beyond the guidance provided by NIST, and take a look at Risk Management, Threat Intelligence, Incident Workflow & Classification, Staffing Models, Use Cases & Prioritization, Escalation Plans, Security Controls, and Key Performance Indicators.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    How to Perform a Data Privacy Impact Assessment
    • session level icon
    Now I know how to do a DPIA!
    speaker photo
    Chief Information Security Officer / Chief Privacy Officer, WorkForce Software
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 105

    A practical guide to performing a Data Privacy Impact Assessment, including a fully completed DPIA example and a template you can use.

    3:00 pm
    The Enterprise IT Security Portfolio
    • session level icon
    speaker photo
    Vice President and Chief Information Officer, Schoolcraft College
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 103

    This presentation seeks to offer a high-level customer perspective overview of the security tool landscape with an eye toward the virtualized environment. The idea is not to go in-depth into any one topic but to discuss how the pieces fit together and the risk versus reward proposition.

    3:00 pm
    Securing Cyber Physical Systems
    • session level icon
    speaker photo
    Chair, Decision Science Department; Professor, Information Technology and cybersecurity; Director, Center for Cybersecurity Leadership, Walsh College
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Theater

    We are facing new cybersecurity challenges as a result of the growth of cyber physical systems. These systems form the core of the Internet of Things (IoT) which is expected to grow to 50 billion interconnected devices within the next few years. Traditional cybersecurity defense measures and technologies do not apply to the real time interaction, sub-second, minimum memory world of cyber physical sensors and components. This session will discuss the challenge of securing cyber physical systems.

    3:00 pm
    And the Clouds Break: Continuity in the 21st Century
    • session level icon
    speaker photo
    VP, Strategic Security Programs, CBI
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 101

    The promise of cloud computing was a utility; always up, always on. But we've seen many outages. Time to dust off the continuity handbook, and revisit recovery for the twenty-first century. This session covers business impact analysis, business continuity, disaster recovery in utility computing and Cloud services. After all, the clouds break.

    3:00 pm
    Internet of Things Security and You
    • session level icon
    speaker photo
    Connected Vehicle Security, Ford Motor Company
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Suite 3

    IoT is older than you may imagine and each new advance came with a set of security issues. Learn from history, incidents and controls. Modern IoT is complex; architectures have many common emergent issues but it is possible to make good decisions if you understand the trade-offs.

    3:00 pm
    SecureWorld PLUS Part 2 – How To Build And Maintain A Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 203A

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, University of Massachusetts, President’s Office
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 106

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    3:00 pm
    SecureWorld PLUS Part 2 - Threat Hunting and Analysis
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Technology Editor and author of "Threat Hunter" blog, SC Magazine
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 203B

    Threat intelligence has become the coin of the realm in fighting cybercrime. However, simply knowing who the bad guys are and what they do is not enough. You must be able to dig for actionable intelligence and apply that explicitly to your environment. Broadly speaking, we call that threat hunting. Once you have determined the nature and details of threats to your enterprise, you must be able to disseminate them in a manner that is understandable by both humans and machines.

    This full-day, hands-on workshop will introduce you to threat hunting techniques and tools—both free and commercial—that you can use and how to translate your findings to Stix for dissemination to a variety of audiences, as well as consumption by an increasing number of security devices such as IPSs and firewalls. You will work in a virtual lab environment using tools and techniques to discover threats, research them in depth, and create Stix profiles. By the end of the workshop you will have compiled a list of tools that you can use, evaluated those tools in a lab environment, created a Stix profile of an actual cyber campaign, and presented your profile to the rest of the class.

    Visit the Center for Digital Forensic Studies' Training Portal to read the syllabus and other course related materials.

    For this workshop you will need to bring your own Windows laptop and have the current version of the Chrome browser pre-installed. All other tools will be available on a virtual lab machine you will connect to remotely.

    3:45 pm
    Optiv Reception
    • session level icon
    Join Optiv and Partners for Happy Hour!
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 6:00 pm
    Location / Room: The Look Out Room at Ford Motor Conference & Event Center

    Join your peers for complimentary hors d'oeuvres and cocktails following the first day of SecureWorld. This is a great opportunity to network with other security professionals from the Detroit area and to discuss the hot topics from the day. Register here: https://live.optiv.com/profile/form/index.cfm?PKformID=0x312562cd1

    The Look Out Room at Ford Motor Conference & Event Center
    1151 Village Road
    Dearborn, MI 41124

  • Thursday, September 14, 2017
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 – How To Build And Maintain A Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 203A

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO, University of Massachusetts, President’s Office
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 106

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    8:00 am
    SecureWorld PLUS Part 3 - Threat Hunting and Analysis
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Technology Editor and author of "Threat Hunter" blog, SC Magazine
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 203B

    Threat intelligence has become the coin of the realm in fighting cybercrime. However, simply knowing who the bad guys are and what they do is not enough. You must be able to dig for actionable intelligence and apply that explicitly to your environment. Broadly speaking, we call that threat hunting. Once you have determined the nature and details of threats to your enterprise, you must be able to disseminate them in a manner that is understandable by both humans and machines.

    This full-day, hands-on workshop will introduce you to threat hunting techniques and tools—both free and commercial—that you can use and how to translate your findings to Stix for dissemination to a variety of audiences, as well as consumption by an increasing number of security devices such as IPSs and firewalls. You will work in a virtual lab environment using tools and techniques to discover threats, research them in depth, and create Stix profiles. By the end of the workshop you will have compiled a list of tools that you can use, evaluated those tools in a lab environment, created a Stix profile of an actual cyber campaign, and presented your profile to the rest of the class.

    Visit the Center for Digital Forensic Studies' Training Portal to read the syllabus and other course related materials.

    For this workshop you will need to bring your own Windows laptop and have the current version of the Chrome browser pre-installed. All other tools will be available on a virtual lab machine you will connect to remotely.

    8:00 am
    InfraGard Michigan Chapter Meeting: What Isn’t Working in Cyber Defense: Epic Failures in 2017
    • session level icon
    InfraGard Members Only
    speaker photo
    Senior Manager, Mandiant Global Consulting Services
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 9:15 am
    Location / Room: Keynote Theater

    Join InfraGard for their chapter meeting and presentation. This session is for InfraGard members only.
    8:00 AM - 8:05 - Opening Remarks ASAC Timothy T. Waters, FBI
    8:05 AM – 8:35 AM – SA John Cecil, MI InfraGard FBI Coordinator - Preview “American Made”
    8:35 AM - 9:15 AM – Presentation and Q&A
    Presentation:
    What can we learn from cyber breaches ranging from Ransomware victims to state-sponsored attacks in order to increase cyber response maturity? Lessons to help us all be more effective and efficient at detection and response.

    http://michiganinfragard.org/

    8:30 am
    Emergence of the Chief Digital Risk Officer
    • session level icon
    speaker photo
    VP & CSO, Diebold Nixdorf
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 103

    Digital technologies will increase organizations competitiveness, agility and reaction time. While increasing the speed of business, these digital technologies and processes will introduce greater security threats and evolution of digital risk management. Join Martin Bally as he discusses the Emergence of the Chief Digital Risk Officer.

    8:30 am
    How to Phish in Your Own Pond
    • session level icon
    Learn how to conduct a phishing exercise as a part of a training and awareness program.
    speaker photo
    IT Manager - Awareness and Training, Blue Cross Blue Shield of Michigan
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 105

    Information Security is the focus of nearly every organization. However, most programs consist of disjointed activities that are based on a compliance checklist, instead of a strategically planned IS Awareness program. In this session, we will focus on phishing as a part of a repeatable evolving robust security awareness program.

    8:30 am
    Anatomy of a Cyber-Heist: Examples of Advanced Cyber Risks
    • session level icon
    speaker photo
    Managing Director, UHY Advisors
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Theater

    One click is all it takes. Bring your A-game! This presentation will take you through how cyber crooks are getting away with some big pay days. We will explore techniques in use demonstrating an increasingly high level of sophistication, patience, and planning, so you can better plan your defenses.

    8:30 am
    Cybercrime & You...What Can You Do?
    • session level icon
    Resources for Cybercrime in MI
    speaker photo
    Board VP, WMCSC Co-Chair, Western Michigan Cyber Security Consortium
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Suite 3

    Have you been a victim of Cybercrime? In 2016 MI reported over $24M in losses. Most Victims do not
    know where to go for help. Many communities lack the resources to support the volume of crimes.
    Come learn how the Cybercrime Support Network is working towards a solution.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Defending the Nation in Cyber Space
    • session level icon
    Former Director of Operations at U.S. Cyber Command
    speaker photo
    Major General, U.S. Air Force (Retired)
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    The Russians hacked the election, the Chinese are stealing our trade secrets, the Iranians and North Koreans see cyber as the ultimate asymmetric attack vector against the United States. Every day, the country’s critical infrastructure is under attack—financial services, the electric grid, oil and gas, telecommunications, transportation. As the former Director of Operations at U.S. Cyber Command, Maj Gen (Ret) Brett Williams is one of the few speakers available who can talk with the credibility that comes from being on the front lines of defending the Nation in cyberspace. General Williams unique combination of both military and private sector experience, provides a clear understanding of the nation-state cyber threat and how it could impact business interests in every sector.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable: Employee Cybersecurity Awareness Campaigns – (VIP / Invite Only)
    • session level icon
    speaker photo
    Director, IT Security & Compliance, Martinrea Inc.
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Boardroom
    11:15 am
    Cloud Provider Security – The Evolution Continues
    • session level icon
    speaker photo
    CTO, Comp-West, LLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Room 105

    Cloud providers have always stated that they secure the data residing in their cloud. As I have presented at a few Cloud Security Alliance conferences in the past, the security that is provided is dependent on the Service Level Agreement (SLA) verbiage. The same is still true, but some of the providers actually have essentially a menu of security tools. This presentation will explore these tools.

    11:15 am
    GDPR: Tick Tock, Time Is Running Out to Be in Compliance
    • session level icon
    speaker photo
    Information Security Architect - Governance, Perrigo Company plc
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Suite 3

    Practitioner’s view of the process to evaluate your global company’s European Union GDPR (General Data Protection Regulation) compliance approach. Insight into the process of working through the GDPR requirements, how to prepare for complying with these requirements by May 25, 2018, and the role of IT, information security, and compliance.

    11:15 am
    IBM: CyberSecurity Innovations
    • session level icon
    speaker photo
    Program Director, Security Client Initiatives, IBM
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 103

    IBM Security helps organizations outthink threats and outpace their competition with innovation strengthened by COGNITIVE systems that understand, reason, and learn to help analysts resolve incidents quickly. CLOUD security to help organizations plan, deploy, and manage security as workloads and data are moved across hybrid cloud environments. And COLLABORATE in real-time with threat intelligence crowdsourced from X-Force and a community of 14K+ users, as well as a security app marketplace to help analysts stay ahead of the threats.

    11:15 am
    Cybersecurity Regulatory Environment: The shift Towards More Stringent Requirements and the Need for Companies to Develop Risk-Based Cybersecurity Programs
    • session level icon
    speaker photo
    IT Audit Specialist, Meadowbrook Insurance Group
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 101

    We will discuss the current and the foreseeable future of cybersecurity regulations. We will also discuss why companies should take a risk-driven approach vs a compliance-driven approach to security.

    11:15 am
    From Boots to Suits - How Vets Are Taking Over Tech
    • session level icon
    speaker photo
    President & CEO of SAP National Security Services (NS2), President of NS2 Serves
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Theater

    Join Mark Testoni, President of NS2 Serves, to learn about an innovative program that focuses on training and employing veterans in high-tech careers. The three-month residential course offers training and certifications in world-class software solutions that support U.S. national security needs and commercial enterprises. The program has graduated over 130 veterans to date and placed them in high-tech careers at major corporations.

    12:00 pm
    ISSA Detroit (Motor City) Chapter Meeting: Advancing Without a Traditional Security Perimeter
    • session level icon
    ISSA Members ONLY - Lunch Served
    speaker photo
    Director of Security and Network Transformation, Zscaler
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Lookout

    Join us for an ISSA chapter meeting and presentation. This is intended for members only.

    Presentation:
    IT has struggled mightily the past couple of decades to ensure trusted access to business assets on the enterprise network. It’s been a mostly futile battle as criminals and insiders have learned how to leverage that trust to gain virtually unfettered access inside the network.
    Many IT organizations have relied on virtual private networks (VPN) and network access control (NAC) to give “trusted users” virtually unfettered access to enterprise network resources. As we’ve seen with innumerable network breaches, outside interlopers can exploit that trust factor to gain access, while insiders find cracks in defenses that allow them to tap into enterprise assets they have no rights to.
    The security model of the cloud era must focus on verified identity of users, their devices, and their roles. In adopting this model, we can focus on the techniques to verify users, whether they are inside or outside the network.

    12:00 pm
    Advisory Council Lunch Roundtable: Cybersecurity Capability Maturity Models (CCMM) – (VIP / Invite Only)
    • session level icon
    speaker photo
    AVP, Information Security Services, Amerisure
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Boardroom
    12:15 pm
    LUNCH KEYNOTE: Radware – Targeting the Hidden Attack Surface of Automation
    • session level icon
    speaker photo
    Security Evangelist, Radware
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Every day, we hear about Artificial Intelligence (AI) invading more and more of everything around us. Within Information Security, we cannot get around new algorithms, new machine learning techniques, and a rush to automate everything. However, have these new technologies paradoxically ushered in a completely new world of vulnerabilities?

    Radware explores a fascinating topic of how everything from APIs to people are being attacked in a new hidden attack surface which has uniqueness to cloak and anonymize its designers and has incredible speed and efficiency in its attack types. In fact, this presentation will highlight how each step towards deeper and total connectivity comes with consequences of protecting the very automation which is designed to make our world easy. In this session, you will take away the notion of how everything from humans to bots have weak undersides to automation, and even AI interfaces can be duped into attacks.

    1:15 pm
    Panel: Close the Front Gate: Identify all Travelers
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    One of the first lines of defense for a castle was the front gate or portcullis. When the need arose, they would simply close the gate and stop everyone from entering. Castle guards would stop each traveler and determine their identity and if they were a threat before letting them in. Sort of like today’s network access control and firewalls. Identity or the perception of one’s identity was all that mattered and a smart spy or thief would gain access to the castle with only minor delays. Our experts will discuss your options for defending your castle.
    Panelists:
    Ian Gritter, SailPoint
    Peter Stone, Mimecast
    Kevin Ross, CyberArk
    David Culbertson, CA
    Jay Hankins, IronNet
    Jack Varney, Cadre
    Moderator: Hans Erickson

    1:15 pm
    Check Point: Pass Known Good and Succeed in IT Security. Why Detection is Dead and Prevention is the Key.
    • session level icon
    speaker photo
    Director of Engineering, Check Point Software
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    We have tried for years to operationalize detection methodologies into our organizations. We have failed. Kierk will discuss the benefits of passing known good traffic and how that helps us to limit our attack surface and scale as an IT organization.

    1:15 pm
    Panel: The Court Jester Has the Crown Jewels (Ransomware)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Suite 3

    Way back in the day if you wanted to get someone to bend to your will you could just kidnap the princess or steal the Crown Jewels. Kingdoms would do just about anything to get these things back. It was probably a bit easier to grab the princess and leave a note with your demands. The exchange of coin for the princess was a risky maneuver but worth the reward if you escaped. Now it just takes one foolish click to become a victim of ransomware. Sadly, they are not easily caught when you make the trade with bitcoin. This panel will talk about the current schemes happening with ransomware and how you can try to keep the Crown Jewels safe.
    Panelists:
    Jen Fox, Viopoint
    Rick Blanch, McAfee
    Steven Fox, IRS
    Matthew Curie, Alert Logic
    Peter Cretiu, Bitdefender
    Moderator: Frank Klimczak

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Security KPIs for the Enterprise
    • session level icon
    speaker photo
    Sr. Technical Architect, AHEAD
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Theater

    Security programs are product driven and lack measures that articulate value to the business. If you're a security leader who's been struggling for mindshare within your organizatoin, KPIs are metrics that can help you achieve your goal.

    3:00 pm
    The Expanded Scope of the Computer Fraud & Abuse Act (It's Not Just For Hackers Anymore)
    • session level icon
    speaker photo
    Founder & CEO, Ossian Law P.C.
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Suite 3

    As the federal Computer Fraud and Abuse Act (CFAA) turns 33 years old, it is increasingly being applied not just to external hackers, but also to current and former employees, competitors, vendors and even customers. Information Technology attorney Kathy Ossian will discuss recent civil and criminal actions under the CFAA and the impact of its expanded scope on businesses.

Exhibitors
  • A10 Networks
    Booth: 224

    A10 Networks (NYSE: ATEN) is a Secure Application Services™ company, providing a range of high-performance application networking solutions that help organizations ensure that their data center applications and networks remain highly available, accelerated and secure.

  • ACP Michigan
    Booth: TBD

    The Association of Continuity Professionals (ACP) is a non-profit trade association dedicated to fostering continued professional growth and development in effective Contingency & Business Resumption Planning. ACP is the recognized premier international networking and information exchange organization in the business continuity industry.

  • Alert Logic
    Booth: 240

    Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.

  • Avecto
    Booth: 444

    Avecto is a leader in Privilege Elevation and Delegation Management. Since 2008, the company has enabled over 8 million users to successfully work without admin rights, enabling many of the world’s biggest brands to achieve the balance between overlocked and underlocked environments.

    Avecto’s Defendpoint software has been deployed in the most highly regulated industries, enabling organizations to achieve compliance, gain operational efficiency and stop internal and external attacks.

    Defendpoint combines privilege management and application control technology in a single lightweight agent. This scalable solution allows global organizations to eliminate admin rights across the entire business – across Windows and Mac desktops and even in the data center.

    Actionable intelligence is provided by Defendpoint Insights, an enterprise class reporting solution with endpoint analysis, dashboards and trend data for auditing and compliance.

  • Binary Defense Systems
    Booth: 235

    BDS is a company that works with you to understand your environment, what you have and building defenses to combat what we face today and for the attacks of tomorrow. Technology is continuously changing, businesses change every day – in order to keep up with the changes, BDS has created an extensively flexible yet highly accurate way of detecting attackers. We are attackers, and we know the best ways in detecting how attackers breach your network. An added bonus with BDS – continual penetration tests are performed regularly to enhance and develop additional safeguards. We are here to defend, protect and secure your company.

  • Bitdefender
    Booth: 231

    Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.

    From IoT to Data Centers, from endpoints to hybrid infrastructures - Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.

  • BOMGAR
    Booth: 244

    Bomgar offers the most secure remote access and support technology on the planet. Each encrypted connection is outbound, so you can connect without VPN or firewall changes. You can leverage Active Directory and LDAPS to manage authentication, require multi-factor authentication, define more than 50 permissions for technicians and privileged users, and capture a detailed audit log of every remote connection.

  • CA Technologies
    Booth: 414

    CA Technologies helps customers succeed in a future where every business— from apparel to energy— is being rewritten by software. With CA software at the center of their IT strategy, organizations can leverage the technology that changes the way we live— from the data center to the mobile device.

    Our business management software and solutions help our customers thrive in the new application economy by delivering the means to deploy, monitor and secure their applications and infrastructure. Our goal is to help organizations develop applications and experiences that excite and engage and, in turn, open up money-making opportunities for their businesses.

  • Cadre Information Security
    Booth: 224

    At Cadre, our entire business is based on making sure your information is secure. Every person in the company is committed to doing whatever it takes to understand your information security needs and develop the best systems and solutions for you. We invest the right amount of time, energy and money in training, education, certification and technologies to make sure your needs are met before, during and after your Cadre Solution is implemented. Around the corner or around the globe, our service extends beyond our technical capabilities.

  • Carbon Black
    Booth: 251

    Carbon Black is the market leader in next-generation endpoint security. The company expects that by the end of 2015 it will achieve $70M+ in annual revenue, 70 percent growth, 7 million+ software licenses sold, almost 2,000 customers worldwide, partnerships with 60+ leading managed security service providers and incident response companies, and integrations with 30+ leading security technology providers. Carbon Black was voted Best Endpoint Protection by security professionals in the SANS Institute’s Best of 2014 Awards, and a 2015 SANS survey found that Carbon Black is being used or evaluated by 68 percent of IR professionals. Companies of all sizes and industries—including more than 25 of the Fortune 100—use Carbon Black to increase security and compliance.

  • Centrify
    Booth: 208

    Centrify provides unified identity management across data center, cloud and mobile environments. Centrify software and cloud-based Identity-as-a-Service (IDaaS) solutions leverage an organization’s existing identity infrastructure to enable single sign-on, multi-factor authentication, privileged identity management, auditing for compliance and mobile device management.
    Centrify customers can typically reduce their total cost of identity management and compliance by more than 50 percent.

  • Check Point Security
    Booth: 442

    Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. We are committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.

  • Cisco
    Booth: 206

    Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.

  • Core Security
    Booth: 233

    Enterprises are responsible for securing and managing access to corporate data and ensuring availability of enterprise applications and services at all times. Core Security offers threat-aware identity, access, authentication and vulnerability management solutions to help identity, security, and risk teams control access, reduce risk, and maintain continuous compliance.

    Our solutions provide actionable intelligence and context needed to manage identity access and security risk across the enterprise. By combining real-time insight into identity analytics with prioritized infrastructure vulnerabilities, organizations receive a more comprehensive view of their security posture. Organizations gain context and intelligence through analytics to make more informed, prioritized, and better security remediation decisions. This allows them to more rapidly and accurately identify, validate and proactively stop unauthorized access and defend against security threats.

  • Crossmatch/DigitalPersona
    Booth: 300

    Crossmatch is a world leader in biometric identity management solutions. Our technologies and expertise are helping organizations of all sizes achieve new levels of efficiency, expand in new markets and find powerful new ways to protect people, property and profits. Heavy reliance on digital transactions, growing mobile workforces, global demand for e-gov services and the need for enhanced security at borders, in law enforcement and on battlefields all point to a clear need for the confidence and certainty of biometrics. Security-minded organizations in both the public and private realms understand the power and necessity of biometrics — and they are increasingly looking for an established partner to help solve this identity management challenge.

  • Cyber-Ark; Software
    Booth: 436

    Cyber-Ark® Software is a global information security company that specializes in protecting and managing privileged users, sessions, applications and sensitive information to improve compliance, productivity and protect organizations against insider threats and advanced external threats. With its award-winning Privileged Identity Management, Privileged Session Management and Sensitive Information Management Suites, organizations can more effectively manage and govern data center access and activities, whether on-premise, off-premise or in the cloud, while demonstrating returns on security investments.

  • Cylance
    Booth: 446

    Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.

  • Darktrace
    Booth: 308

    Darktrace is the world’s leading machine learning company for cyber security. Created by mathematicians from the University of Cambridge, the Enterprise Immune System uses AI algorithms to automatically detect and take action against cyber-threats within all types of networks, including physical, cloud and virtualized networks, as well as IoT and industrial control systems. A self-configuring platform, Darktrace requires no prior set-up, identifying advanced threats in real time, including zero-days, insiders and stealthy, silent attackers. Headquartered in San Francisco and Cambridge, UK, Darktrace has 24 offices worldwide.

  • Data Partners
    Booth: 234

    At Data Partner Inc. we understand the intimacy of being an extension of your IT organization. We build trusting and long-lasting relationships with the world’s leading organizations both large and small. Our goal is to help companies maximize the ROI on their IT spend while solving those business challenges. We specialize in: Block, Unified & Object Storage, Data Aware Storage, Hybrid Storage, Cybersecurity, Servers & Compute ,Cloud Consulting, Disaster Recovery, Wireless, Network Architecture & Data Center Networking, Virtualization & Hyper-Converged Infrastructure, Telecom & Mobility, Management and Professional Staffing Services.

  • Duo
    Booth: TBD

    Duo was founded with the belief that security can only be effective if it is easy to use. Through that vision, Duo has built a world-class security platform that is actually enjoyable to use. Duo supports thousands of customers and millions of users in organizations like Accenture, Boston Medical, Emblem Health, Facebook, Toyota, Twitter, Virginia Tech, Yelp and others, and enjoys the highest NPS score in the industry.

  • EC-Council
    Booth: TBD

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • ECTF
    Booth: TBD

    As a result of the amalgamation of advanced technology and the Internet, both the quantity and sophistication of cybercrimes targeting U.S. financial institutions and critical infrastructure have increased. Today, criminal trends show an increased use of phishing emails, account takeovers, malicious software, hacking attacks and network intrusions resulting in significant data breaches. To protect the nation’s financial infrastructure from cyber and financial criminals, the Secret Service has adopted a multipronged approach.

  • Endace
    Booth: 307
  • International Information Systems Security Certification Consortium, Inc., (ISC)²®
    Booth: 307

    Headquartered in the United States and with offices in London, Hong Kong and Tokyo, the International Information Systems Security Certification Consortium, Inc., (ISC)²®, is the global, not-for-profit leader in educating and certifying information security professionals throughout their careers. We are recognized for Gold Standard certifications and world class education programs.

    We provide vendor-neutral education products, career services, and Gold Standard credentials to professionals in more than 135 countries. We take pride in our reputation built on trust, integrity, and professionalism. And we’re proud of our membership – an elite network of nearly 90,000 certified industry professionals worldwide.

  • Exabeam
    Booth: 450

    The Exabeam Security Intelligence Platform provides organizations of all sizes with end-to-end detection, analytics, and response capabilities from a single security management and operations platform. Exabeam SIP includes Exabeam Log Manager, a modern log management system, built on top of ElasticSearch to provide unlimited data ingestion at a predictable, cost effective price. Exabeam SIP detects complex, multi-stage threats using the analytics capabilities of Exabeam Advanced Analytics; the world's most deployed User and Entity Behavior Analytics (UEBA) solution. Finally, Exabeam SIP improves incident response efficiency with Exabeam Incident Responder, an API based security orchestration and automation solution.

  • FireEye
    Booth: 402

    FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 5,000 customers across 67 countries, including more than 940 of the Forbes Global 2000.

  • Forcepoint
    Booth: 406

    Forcepoint safeguards users, data and networks against the most determined adversaries, from insider threats to outside attackers, across the threat lifecycle – in the cloud, on the road, in the office. It simplifies compliance and enables better decision-making for more efficient remediation, empowering organizations to focus on what’s most important to them.

  • Gemalto
    Booth: 401

    SafeNet and Gemalto have joined forces to create the worldwide leader in enterprise and banking security from core data protection to secure access at the edge of the network. Together, we protect more data, transactions, and identities than any other company, delivering security services that are used by more than 30,000 businesses and two billion people in more than 190 countries around the world. We support 3,000 financial institutions and secure more than 80% of the world’s intra-bank fund transfers, and protect the world’s leading software applications.

  • Gigamon
    Booth: 424

    Gigamon (NYSE: GIMO) provides active visibility into physical and virtual network traffic, enabling stronger security and superior performance. Gigamon’s Visibility Fabric™ and GigaSECURE®, the industry’s first Security Delivery Platform, deliver advanced intelligence so that security, network, and application performance management solutions in enterprise, government, and service provider networks operate more efficiently. As data volumes and network speeds grow and threats become more sophisticated, tools are increasingly overburdened. One hundred percent visibility is imperative. Gigamon is installed in more than three-quarters of the Fortune 100, more than half of the Fortune 500, and seven of the 10 largest service providers.

  • GuardiCore
    Booth: 448

    GuardiCore is specially designed for today’s software-defined and virtualized data centers and clouds, providing unparalleled visibility, active breach detection and real-time response. Its lightweight architecture scales easily to support the performance requirements of high traffic data center environments. A unique combination of threat deception, process-level visibility, semantics-based analysis and automated response engages, investigates and then thwarts confirmed attacks with pin-point accuracy.

  • GuidePoint Security LLC
    Booth: 232

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com.

  • HTCIA Michigan
    Booth: 308

    We are the Michigan chapter of the world wide High Technology Crime Investigation Association. Our membership consists of people from the private and public sectors. We have members from the U.S. Attorney’s Office, The State of Michigan, FBI, Treasury, and Customs. We also have members who represent, city, county and townships, as well as university law enforcement.

  • IBM
    Booth: 416

    Digital is the wires, but digital intelligence, or artificial intelligence as some people call it, is about much more than that. This next decade is about how you combine those and become a cognitive business. It’s the dawn of a new era.

  • Infoblox, Inc
    Booth: 438

    For 17 years, we’ve been the market leader for core network services, including DNS, DHCP, and IP address management, a category known as DDI.

  • InfraGard – Michigan Members Alliance
    Booth: TBD

    InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. With thousands of vetted members nationally, InfraGard's membership includes business executives, entrepreneurs, military and government officials, computer professionals, academia and state and local law enforcement; each dedicated to contributing industry specific insight and advancing national security.

  • IronNet
    Booth: 214

    IronNet is a Cybersecurity / Behavior Analytics Product and Cyber Services company started by former NSA Director Keith Alexander (retired 4-star General). IronDefense, our behavior analytics system, brings real-time visibility and cutting edge analytics to customer networks to discover the most elusive threats, then ranks them by risk through an expert system to amplify analyst capabilities.

  • ISC2
    Booth: TBD

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation - The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • ISACA Detroit
    Booth: TBD

    Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the metro Detroit area.

  • ISSA Motor City
    Booth: TBD

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals. The Motor City chapter is located in the automotive capital of the United States, Detroit, MI. Our chapter is committed to educating, consulting, advising, and overall improving information security for our technology infrastructures.

  • Ixia
    Booth: 248

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks.
    Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • LogRhythm
    Booth: 440

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • McAfee
    Booth: 256

    Founded in 1989 and headquartered in Somerset, NJ, SHI International Corp. is a $7.5 billion global provider of information technology products and services. Driven by the industry's most experienced and stable sales force and backed by software volume licensing experts, hardware procurement specialists, and certified IT services professionals, SHI delivers custom IT solutions to Corporate, Enterprise, Public Sector and Academic customers. With 3,500 employees worldwide, SHI is the largest Minority/Woman Owned Business Enterprise (MWBE) in the United States and is ranked 12th among CRN's Solution Provider 500 list of North American IT solution providers. For more information, please

  • Merit
    Booth: 312

    Merit Network is a non-profit, member-owned organization governed by Michigan’s public universities. Founded in 1966, Merit owns and operates America’s longest-running regional research and education network. After 50 years of innovation, Merit continues to provide high-performance services to the educational communities in Michigan and beyond.

    Merit continues to leverage its experience managing NSFNET, the precursor to the modern Internet, to catapult Michigan into the forefront of networking technologies. Through Merit, organizations have access to leading-edge network research, state and national collaborative initiatives and international peering.

  • Mimecast
    Booth: 226

    Mimecast Is Making Email Safer For Business.
    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service.
    Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • Mobile Technology Association of Michigan
    Booth: TBD

    The Mobile Technology Association of Michigan (MTAM) is a non-profit trade association for Michigan's mobile/wireless (connected) technologies industry, businesses that provide these technologies, and the businesses - in all industries - that use these technologies. We are the first state-based mobile/wireless (connected) technologies trade association in the U.S. and we are focused on increasing demand for Michigan-based mobile/wireless technology products and services within the state, nationally and globally, thereby generating increased entrepreneurial and enterprise-level opportunities and creating sustainable jobs in Michigan.

  • Okta
    Booth: 412

    Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

  • Optiv
    Booth: 420

    Optiv is the largest holistic pure-play cyber security solutions provider in North America. Our diverse and talented employees are committed to helping businesses, governments and educational institutions plan, build and run successful security programs through the right combination of products, services and solutions related to security program strategy, enterprise risk and consulting, threat and vulnerability management, enterprise incident management, security architecture and implementation, training, identity and access management, and managed security.

    Created in 2015 as a result of the Accuvant and FishNet Security merger, Optiv has served more than 12,000 clients of various sizes across multiple industries, offers an extensive geographic footprint, and has premium partnerships with more than 300 of the leading security product manufacturers.

  • Palo Alto Networks
    Booth: 400

    Palo Alto Networks™ is the network security company. Its next-generation firewalls enable unprecedented visibility and granular policy control of applications and content – by user, not just IP address – at up to 20Gbps with no performance degradation. Based on patent-pending App-ID™ technology, Palo Alto Networks firewalls accurately identify and control applications – regardless of port, protocol, evasive tactic or SSL encryption – and scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. Most recently, Palo Alto Networks has enabled enterprises to extend this same network security to remote users with the release of GlobalProtect™ and to combat targeted malware with its WildFire™ service. For more information, visit www.paloaltonetworks.com.

  • Proofpoint
    Booth: 246

    Proofpoint secures and improves enterprise email infrastructure with solutions for email security, archiving, encryption and data loss prevention. Proofpoint solutions defend against spam and viruses, prevent leaks of confidential and private information, encrypt sensitive emails and archive messages for retention, e-discovery and easier mailbox management. Proofpoint solutions can be deployed on-demand (SaaS), on-premises (appliance) or in a hybrid architecture for maximum flexibility and scalability. For more information, please visit http://www.proofpoint.com.

  • Qualys, Inc.
    Booth: 236

    Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 120 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

  • Radware
    Booth: 230

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware's solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • Rapid7
    Booth: 202

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • RSA Security
    Booth: 422

    RSA’s business-driven security solutions help customers comprehensively and rapidly link security incidents with business context to respond effectively and protect what matters most. With award-winning solutions for rapid detection and response, identity and access assurance, consumer fraud protection, and business risk management, RSA customers can thrive in an uncertain, high-risk world. It’s time for Business-Driven Security.

  • SailPoint
    Booth: 222

    In 2005, Mark and Kevin set out to create a new type of company – one that promised to provide innovative solutions to business problems and an exciting, collaborative work environment for identity rock stars. Together, we’re redefining identity’s place in the security ecosystem.

    We love taking on new challenges that seem daunting to others. We hold ourselves to the highest standards, and deliver upon our promises to our customers. We bring out the best in each other, and we’re having a lot of fun along the way.

  • Splunk
    Booth: TBD

    You see servers and devices, apps and logs, traffic and clouds. We see data—everywhere. Splunk® offers the leading platform for Operational Intelligence. It enables the curious to look closely at what others ignore—machine data—and find what others never see: insights that can help make your company more productive, profitable, competitive and secure. What can you do with Splunk?
    Just ask.

  • Synopsys
    Booth: 250

    Synopsys offers the most comprehensive solution for integrating security and quality into your SDLC and supply chain. Whether you’re well-versed in software security or just starting out, we provide the tools you need to ensure the integrity of the applications that power your business. We don’t stop when the test is over. Our experts also provide remediation guidance, program design services, and training that empower you to build and maintain secure software. For more information go to www.synopsys.com/software.

  • TechTarget
    Booth: TBD

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tenable
    Booth: 309

    Tenable Network Security transforms security technology for the business needs of tomorrow through comprehensive solutions that provide continuous visibility and critical context, enabling decisive actions to protect your organization. Tenable eliminates blind spots, prioritizes threats, and reduces exposure and loss. With more than one million users and more than 20,000 enterprise customers worldwide, organizations trust Tenable for proven security innovation. Tenable's customers range from Fortune Global 500 companies, to the U.S. Department of Defense, to mid-sized and small businesses in all sectors, including finance, government, healthcare, higher education, retail and energy. Transform security with Tenable, the creators of Nessus and leaders in continuous monitoring.

  • Thales e-Security
    Booth: TBD

    Thales e-Security is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales e-Security is part of Thales Group.

  • Trend Micro
    Booth: 210

    As a global leader in cloud security, Trend Micro develops Internet content security and threat management solutions that make the world safe for businesses and consumers to exchange digital information. With more than 20 years of experience, we're recognized as the market leader in server security for delivering top-ranked client, server, and cloud-based security solutions that stop threats faster and protect data in physical, virtualized, and cloud environments.

  • Tripwire
    Booth: 426

    Tripwire Enterprise is a security configuration management suite whose Policy Management, Integrity Management, and Remediation Management capabilities stand alone or work together as a comprehensive, tightly integrated SCM solution. Along with Tripwire Configuration Compliance Manager, Tripwire can address the range of enterprise systems that can be monitored with an agent or agentlessly.

  • TrustedSec
    Booth: 235

    Our #1 priority is you, our customer. We believe in our services and our quality of them. We truly care about each and every organization as much as you do. Our team is highly talented, skilled, senior, and not a commodity service like other INFOSEC consulting companies. TrustedSec’s model is to staff with only senior level resources and the highest quality of information security consulting. Our brand, reputation, and quality is how we have established ourselves in this industry and with the mindset of “always doing the right thing”. When we work with our customers, it’s more than “just another engagement” – it’s establishing an understanding with an organization, and working to make them better.

  • Venafi
    Booth: 220

    Venafi secures and protects keys and certificates so they can’t be used by bad guys in cyber attacks. Criminals want to gain trusted status and go undetected. This makes keys and certificates a prime target. Criminals steal and compromise keys and certificates that are not properly protected, and use them to circumvent security controls. This has become the attack of choice. As a Gartner-recognized Cool Vendor, Venafi delivered the first trust protection platform to secure cryptographic keys and digital certificates that businesses and governments depend on for secure communications, commerce, computing, and mobility. Venafi finds all keys and certificates and puts them under surveillance to detect anomalies. Vulnerable keys and certificates are fixed to prevent attack. Ongoing remediation is performed automatically. Venafi strengthens defenses of today’s critical security controls.

  • VioPoint
    Booth: 218

    VioPoint, an information security consulting firm located in Auburn Hills, Michigan, offers a variety of security solutions that help customers address information security challenges with fewer resources. Knowing the complexity of managing risk and compliance in today’s business climate, VioPoint provides trusted and experienced advisors to help address strategic and tactical issues within customer security programs. With experience across a broad spectrum of industries including insurance, healthcare, banking, education, and energy, VioPoint provides a blend of consulting and best-in-class technology solutions that helps their clients effectively manage risk.

  • Walsh College
    Booth: 306

    At Walsh College, we blend business theory and real-world experience to deliver educational programs that boost career success. Our faculty are not only dedicated teachers, but also business professionals who integrate their experience into what you learn in class. Administrative staff deliver personal service in a professional learning environment.

    Founded in 1922 and celebrating more than 90 years of business education, we offer 16 business and related technology degree programs at the bachelor's and master's levels that are responsive to student, employer, and community needs. Walsh is a private, not-for-profit institution offering courses and services at locations in Troy, Novi, Clinton Township, Port Huron, and online.

  • Wombat Security Technologies
    Booth: 212

    Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS cyber security education solution includes a platform of integrated broad assessments, and a library of simulated attacks and brief interactive training modules, to reduce employee susceptibility to attack, even phishing attacks, over 80%.

  • Zscaler
    Booth: 216

    Zscaler's Cloud-delivered security solution provides policy-based secure internet access for any employee, on any device, anywhere. Our proxy and scanning scalability ensures ultra-low latency in a 100% SaaS security solution requiring no hardware, software or desktop all while providing complete control over security, policy and DLP.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Matt Olsen
    Former Special Counsel , Director of the Federal Bureau of Investigation

    Mr. Olsen also served at the Department of Justice in a number of leadership positions and was responsible for national security and criminal cases. He was a federal prosecutor for over a decade and served as Special Counsel to the Director of the Federal Bureau of Investigation.

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Larry Wilson
    CISO, University of Massachusetts, President’s Office

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    Dr. Peter Stephenson
    Technology Editor and author of "Threat Hunter" blog, SC Magazine

    Dr. Peter Stephenson is the Technology Editor and author of the “Threat Hunter” blog in SC Magazine, a leading industry publication for which he has written for over 20 years. He is a cyber criminologist, digital investigator and digital forensic research scientist, as well as being a writer, researcher and lecturer on cyber threat analysis, cyber criminology, cyber jurisprudence and cyber criminalistics on large-scale computer networks.

    He has lectured extensively on digital investigation and security, and has written, edited or contributed to 20 books and several hundred articles and peer-reviewed papers in major national and international trade, technical and scientific publications. He is the series editor of the new Peter Stephenson Series on Cyber Crime Investigation (Auerbach). He spends his time in retirement as a writer and researcher specializing in cyber threat analysis, cyber criminology, and cyber jurisprudence.

    Dr. Stephenson was an Associate Professor and the Chief Information Security Officer for Norwich University and, prior to his retirement in July of 2015, was Director of the Norwich University Global Cyber Threat Observatory and Center for Advanced Computing and Digital Forensics, both of which he founded. He received the Distinguished Faculty Award in the Norwich College of Graduate and Continuing Studies. He retired from the university in July, 2015.

    Dr. Stephenson has lectured or delivered consulting engagements for the past 45 years in eleven countries plus the United States and has been a technologist for fifty-three years.

    Dr. Stephenson obtained his PhD by research in computing at Oxford Brookes University, Oxford, England where his research was in the structured investigation of digital incidents in complex computing environments. He holds a Master of Arts degree (cum laude) in diplomacy with a concentration in terrorism from Norwich University. He currently is pursuing a second PhD in law focusing on cyber jurisprudence research.

    Dr. Stephenson is a full member of the Vidocq Society, for which he acts as Chief Information Security Officer, and has retired as a Fellow of the American Academy of Forensic Sciences. He is a member of the Albany chapter of InfraGard. He held—but has retired from—the CCFP, CISSP, CISM, FICAF and FAAFS designations, and currently is a licensed professional investigator in Michigan.

  • speaker photo
    Christopher Russell
    Enterprise Account Engineer, Trend Micro

    As an enterprise account engineer at Trend Micro Inc., Christopher Russell focuses on Hybrid Cloud and Data Security, xGEN Endpoint Security, and Network Security. Chris acts as a liaison between enterprise customers, the Trend Micro sales team, and the Trend Micro product teams, providing a hands-on, real-world perspective. Prior to joining Trend Micro in 2014, Chris, a self-described “IT generalist,” held various leadership positions within a variety of technology organizations—categories ranging from corporate business to higher education institutions.

  • speaker photo
    Tamara Shoemaker
    Founder of the Michigan CyberPatriot Program, Director of the Cyber Center , University of Detroit Mercy

    As the Director of the Center for Cyber Security at the University of Detroit Mercy, Tamara's mission is to address the critical shortage of specifically educated and trained Cyber Security professionals. She has become an evangelist for the CyberPatriot Program, founding the Michigan program to grow the number participating across Michigan.

  • speaker photo
    Michael A. Stone
    ATAG-Installations, DMVA Deputy Director, Commander 46th Military Police Command, Michigan Army National Guard and DMVA

    Major General Michael A. Stone is the Commander, 46th Military Police Command, Michigan Army National Guard. In this capacity he provides leadership, mission command and strategic priorities in order to ensure effective and efficient accomplishment of the Command’s missions. General Stone is also an Assistant Adjutant General and responsible for Army armories and installations in the State of Michigan and a Deputy Director of the Michigan Department of Military & Veterans Affairs.

  • speaker photo
    Marrci Conner
    Full-Time Faculty, Henry Ford College

    Marrci has been a CyberPatriot Mentor for two years and has worked as a full-time faculty member of Henry Ford College for the past 9 years. She has over 15 years’ experience as an IT Professional specializing in computer Security. She currently teaches computer programming, digital forensics and cybersecurity courses. Her educational background includes a Bachelor's degree in Business Information Systems from the University of Detroit-Mercy and a Master's in Business Administration/Information Assurance from Walsh College. Marrci holds a Computer Information Systems Security Profession (CISSP) and CompTia Network+ certifications. Her favorite quote is: "I don’t know if students will remember everything I taught them but I hope they remember how I made them feel about computer & cybersecurity!"

  • speaker photo
    Chris Sorensen
    Application Security and Compliance Leader, GE Power & Water

    Chris Sorensen has spent over 30 years in the IT industry enjoying a wide range of experiences and industries. Chris started in the Defense industry as a system administrator and developer before progressing to the education sector where he taught system administration and security. From there he moved into the automotive world where he started to focus on security full time performing forensics and eDiscovery. He moved to his current company 8 years ago to continue leading investigations, incident response, and eDiscovery. He also ran a very successful Security Awareness program for 5 years. Recently he transitioned into application development security and now enjoys advising application teams around creating “defensible applications” by incorporating the essential elements of a secure SDLC. In his spare time, he enjoys coaching and mentoring a CyberPatriot team at a downriver high school.

  • speaker photo
    Steven F. Fox
    Cybersecurity Leader , Federal Government

    Steven F. Fox makes sense of security through business outcomes as a cybersecurity leader at a Federal agency. Fox also contributes to multiple working groups, including the IPv6 transition team and the Security and Privacy working group. He brings a cross-disciplinary, international perspective to the practice of information security.

  • speaker photo
    Charles Parker II
    Information Security Architect, Lear Corporation

    Charles Parker, II has been working in the InfoSec field performing various functions in the banking, medical, and automotive industries. He has matriculated and attained the MBA, MSA, JD, LLM, and is completing the PhD dissertation on ICS/SCADA through Capella University.

  • speaker photo
    Rebecca Herold
    CEO, The Privacy Professor, President, SIMBUS, LLC

    Rebecca is CEO of The Privacy Professor® consultancy and President of SIMBUS, LLC, an infosec, privacy, technology, and compliance management cloud service. Rebecca has over 25 years of experience, has authored 19 books and hundreds of book chapters and published articles, and serves as an expert witness for information security, privacy, and compliance issues. Rebecca appears regularly on the KCWI23 morning television show and is based in Des Moines, Iowa.

  • speaker photo
    Rebecca Herold
    CEO, The Privacy Professor, President, SIMBUS, LLC

    Rebecca is CEO of The Privacy Professor® consultancy and President of SIMBUS, LLC, an infosec, privacy, technology, and compliance management cloud service. Rebecca has over 25 years of experience, has authored 19 books and hundreds of book chapters and published articles, and serves as an expert witness for information security, privacy, and compliance issues. Rebecca appears regularly on the KCWI23 morning television show and is based in Des Moines, Iowa.

  • speaker photo
    Dan Shoemaker
    Professor and Program Director, UDM’s Center for Cyber Security and Intelligence Studies

    Dan Shoemaker is a full Professor and Program Director at UDM. Dan has authored seven book and over two hundred articles; and speaks internationally on cybersecurity topics. He was the Chair of Workforce Training and Education for the DHS Software Assurance Initiative and as SME for NIST-NICE.

  • speaker photo
    Bobby Buggs
    Mobility Expert, Check Point Software Technologies, Inc.

    Bobby Buggs is a Telecommunications professional that hails from Flint, MI. Bobby has worked in the mobile/wireless industry for over 19 years. Over the course of his career, Bobby has held numerous roles in both sales and technical disciplines. Bobby is also a MSU alumni.

  • speaker photo
    Louise Popyk
    Senior Technical Marketing Manager, Centrify
  • speaker photo
    Ron Winward
    Security Evangelist, Radware

    Ron Winward is a Security Evangelist for Radware, where he helps execute the company’s thought leadership on today’s security threat landscape. Ron brings nearly 20 years of experience in the Internet service provider space, most recently as Director of Network Engineering for a global infrastructure and colocation provider. With an expertise in network architectures and DDoS mitigation, Ron has helped design solutions for carriers, enterprises, and cybersecurity service providers around the world.

  • speaker photo
    Zee Abdelnabi
    Advisory Manager / Security Researcher, Big 4

    Zee is experienced in connected car security, SIEM, vulnerability management, threat modeling, security testing, and mobile security, and is an active security community member.

  • speaker photo
    Larry Wilson
    CISO, University of Massachusetts, President’s Office

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    John Turner
    Senior Director, Cloud Security, Optiv

    John Turner is an accomplished IT executive with more than 20 years of leadership and operational IT experience. As the director of cloud security enablement at Optiv, Turner’s team of cloud architects are responsible for helping to ensure the successful integrated delivery of cloud security solutions. Turner plays a key part in bringing different areas of Optiv’s team together to deliver seamless cross practice wins. Turner also works as part of the cloud leadership team to define Optiv’s strategy and product portfolio.

    Turner’s extensive operational background brings a unique client first perspective to the execution of Optiv’s cloud security practice. An early cloud veteran, Turner has first-hand experience moving his previous organizations to the cloud, as well as experience managing app-dev and dev-ops teams. His background also includes extensive experience with infrastructure, WLAN, performance management, analytics, data center builds, enterprise resource planning implementations, identity and access
    management development, firewall and identity-based networking.

    Prior to joining Optiv in 2016, Turner was the vice president of product strategy at Adaptive Communications. He previously served as general manager of unified communications solutions at Aruba Networks. Turner got his start at Brandeis University building identity solutions and eventually leading the network and systems group as its director. Turner’s passion as a technologist has always fueled his interest and desire to make transformative changes with technology.

    Turner has authored articles and papers on the use of technology as a change agent, and as a subject matter expert on wireless LAN and unified communications. Turner has appeared in many technology magazines, been a featured presenter and delivered keynote addresses at several national conferences. Turner holds a Bachelor of Arts degree from the College of Wooster in Wooster, Ohio.

  • speaker photo
    Shane Harsch
    Senior Solutions Principal, RSA

    Shane is an Information Security professional with over 25 years of experience ranging from military to manufacturing to security consulting and professional services. He has managed and architected SOCs for the military and managed service providers and is a commissioned officer in the US Army, Military Intelligence.
    Shane holds degrees in business (MBA) and computational linguistics (BS), and maintains the following certifications: Intrusion Analyst (GCIA), Incident Handling (GCIH), Enterprise Defense (GCED), and Information Security (CISSP).
    In addition to his responsibilities as a Senior Solutions Principal at RSA, Shane fosters new professionals to information security as a SANS Mentor. Shane is a Senior Solutions Principal at RSA and SANS Mentor with over 25 years of experience in military, manufacturing, consulting, and professional services. He is a commissioned officer in the US Army (MI), holds degrees in business (MBA), computational linguistics (BS), and maintains the following certs: GCIA, GCIH, GCED, CISSP.

  • speaker photo
    Mike Muha, Ph.D, CISSP, CISM, CIPM, Certified GDPR Practitioner
    Chief Information Security Officer / Chief Privacy Officer, WorkForce Software

    Mike Muha has driven WorkForce Software's SOC 1, SOC 2, ISO 27001, and Privacy Shield compliance and is now braving the EU's General Data Protection Regulation.

  • speaker photo
    Patrick Turner
    Vice President and Chief Information Officer, Schoolcraft College

    Patrick Turner, VP & CIO at Schoolcraft College, oversees all areas of IT. Patrick has designed and implemented tier 3+ data centers. Patrick has presented on various topics at MMC, Cisco Academy and Data Center World conferences. Patrick holds MS (MIT) and BS (MTU) degrees in Mechanical Engineering.

  • speaker photo
    Barbara L. Ciaramitaro
    Chair, Decision Science Department; Professor, Information Technology and cybersecurity; Director, Center for Cybersecurity Leadership, Walsh College

    Dr. Ciaramitaro is a frequent speaker and author on cybersecurity, information technology, business intelligence, data and decision-making, cybersecurity, project management, and mobile technologies. She was recently named as one of the “50 Names to Know in Information Technology” by Crain’s Detroit Business. Dr. Ciaramitaro has 30 years of professional technology and project management experience, including the last 10 years as an executive with General Motors acting as a liaison with the Legal and Public Affairs Department and various technology providers internal and external. Dr. Ciaramitaro earned her Ph.D. from Nova Southeastern University in Information Systems with a post-doctoral certificate in Information Security. She earned her Master of Science in Software Engineering Administration from Central Michigan University.

  • speaker photo
    Wolfgang Goerlich
    VP, Strategic Security Programs, CBI

    J Wolfgang Goerlich is an active part of the Michigan security community. He hosts a YouTube video series and the Encode/Decode Security Podcast. Wolfgang regularly advises on and presents on the topics of risk management, incident response, business continuity, secure development life cycles, and more.

  • speaker photo
    Chad Childers
    Connected Vehicle Security, Ford Motor Company

    Chad Childers is known as a threat modeling evangelist, speaking at RSA, InfoSec World, and more. He works to protect customer safety and privacy at Ford Motor Company, building security into the most advanced connected mobility solutions in the world. He owned Risk Assessment, JV security, PKI, Web Single Login, Intranet web technology, USENET, and FMEAplus in his previous roles at Ford. Intracom Montreal said "Reconnu pour sa vision et son caractere audacieux, M. Childers partagera avec vous son experience unique.”

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Larry Wilson
    CISO, University of Massachusetts, President’s Office

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    Dr. Peter Stephenson
    Technology Editor and author of "Threat Hunter" blog, SC Magazine

    Dr. Peter Stephenson is the Technology Editor and author of the “Threat Hunter” blog in SC Magazine, a leading industry publication for which he has written for over 20 years. He is a cyber criminologist, digital investigator and digital forensic research scientist, as well as being a writer, researcher and lecturer on cyber threat analysis, cyber criminology, cyber jurisprudence and cyber criminalistics on large-scale computer networks.

    He has lectured extensively on digital investigation and security, and has written, edited or contributed to 20 books and several hundred articles and peer-reviewed papers in major national and international trade, technical and scientific publications. He is the series editor of the new Peter Stephenson Series on Cyber Crime Investigation (Auerbach). He spends his time in retirement as a writer and researcher specializing in cyber threat analysis, cyber criminology, and cyber jurisprudence.

    Dr. Stephenson was an Associate Professor and the Chief Information Security Officer for Norwich University and, prior to his retirement in July of 2015, was Director of the Norwich University Global Cyber Threat Observatory and Center for Advanced Computing and Digital Forensics, both of which he founded. He received the Distinguished Faculty Award in the Norwich College of Graduate and Continuing Studies. He retired from the university in July, 2015.

    Dr. Stephenson has lectured or delivered consulting engagements for the past 45 years in eleven countries plus the United States and has been a technologist for fifty-three years.

    Dr. Stephenson obtained his PhD by research in computing at Oxford Brookes University, Oxford, England where his research was in the structured investigation of digital incidents in complex computing environments. He holds a Master of Arts degree (cum laude) in diplomacy with a concentration in terrorism from Norwich University. He currently is pursuing a second PhD in law focusing on cyber jurisprudence research.

    Dr. Stephenson is a full member of the Vidocq Society, for which he acts as Chief Information Security Officer, and has retired as a Fellow of the American Academy of Forensic Sciences. He is a member of the Albany chapter of InfraGard. He held—but has retired from—the CCFP, CISSP, CISM, FICAF and FAAFS designations, and currently is a licensed professional investigator in Michigan.

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Larry Wilson
    CISO, University of Massachusetts, President’s Office

    Larry is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on industry best practices ISO 27001 / SANS 20 Critical Controls, and is implemented consistently across all University campuses (Amherst, Boston, Dartmouth, Lowell, Medical School and the President’s Office).

    Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for researching, selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewall policy management, intrusion detection, remote access, DNS security, global and local load balancing, etc.

    Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services implemented and managed from the MasterCard data center in St. Louis.

    Mr. Wilson holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. His major 2013 accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; and a SANS People who made a difference in Cybersecurity in 2013 award recipient.

    Larry has been teaching CISA certification training for ISACA for 5 years.

  • speaker photo
    Dr. Peter Stephenson
    Technology Editor and author of "Threat Hunter" blog, SC Magazine

    Dr. Peter Stephenson is the Technology Editor and author of the “Threat Hunter” blog in SC Magazine, a leading industry publication for which he has written for over 20 years. He is a cyber criminologist, digital investigator and digital forensic research scientist, as well as being a writer, researcher and lecturer on cyber threat analysis, cyber criminology, cyber jurisprudence and cyber criminalistics on large-scale computer networks.

    He has lectured extensively on digital investigation and security, and has written, edited or contributed to 20 books and several hundred articles and peer-reviewed papers in major national and international trade, technical and scientific publications. He is the series editor of the new Peter Stephenson Series on Cyber Crime Investigation (Auerbach). He spends his time in retirement as a writer and researcher specializing in cyber threat analysis, cyber criminology, and cyber jurisprudence.

    Dr. Stephenson was an Associate Professor and the Chief Information Security Officer for Norwich University and, prior to his retirement in July of 2015, was Director of the Norwich University Global Cyber Threat Observatory and Center for Advanced Computing and Digital Forensics, both of which he founded. He received the Distinguished Faculty Award in the Norwich College of Graduate and Continuing Studies. He retired from the university in July, 2015.

    Dr. Stephenson has lectured or delivered consulting engagements for the past 45 years in eleven countries plus the United States and has been a technologist for fifty-three years.

    Dr. Stephenson obtained his PhD by research in computing at Oxford Brookes University, Oxford, England where his research was in the structured investigation of digital incidents in complex computing environments. He holds a Master of Arts degree (cum laude) in diplomacy with a concentration in terrorism from Norwich University. He currently is pursuing a second PhD in law focusing on cyber jurisprudence research.

    Dr. Stephenson is a full member of the Vidocq Society, for which he acts as Chief Information Security Officer, and has retired as a Fellow of the American Academy of Forensic Sciences. He is a member of the Albany chapter of InfraGard. He held—but has retired from—the CCFP, CISSP, CISM, FICAF and FAAFS designations, and currently is a licensed professional investigator in Michigan.

  • speaker photo
    Jeffrey Groman
    Senior Manager, Mandiant Global Consulting Services

    Mr. Groman is a Senior Manager in the Mandiant Global Consulting Services organization and a senior member
    of the Mandiant Central Region leadership team. He is an Information Security veteran with over 18 years of
    experience as a practitioner, mentor, and trusted advisor. His primary focus is helping clients prepare for a
    security breach. He also works with clients scoping and delivering technical and strategic assessments and
    forensic investigations.
    Mr. Groman has assisted customers in the Fortune 10-500 building security programs ranging from Vulnerability
    Management, Application Security, Incident Response and SOC implementations. He also has extensive
    experience running assessments and investigations across industries such as healthcare, manufacturing, retail,
    finance, and hospitality.
    Regional Manager
    Mr. Groman served as a regional services manager for a Security Product and Services Company, helping their
    largest customers build and mature their security programs. Elements of these security programs included
    developer training, prioritizing fixes, and metrics reporting and analytics. Mr. Groman played a pivotal role in
    identifying the right set of tools and augmenting customer staff with rightly skilled resources and building out
    repeatable processes.
    Program Manager
    Mr. Groman worked for a large Health Insurer building out their Application Security Program and internal
    Forensics capability. The capabilities did not previously exist in-house, and Mr. Groman was responsible for
    building these capabilities through a combination of in-house staff and trusted partners.
    EDUCATION
    » BS Electrical & Computer Engineering, University of Colorado at Boulder, 1995
    PROFESSIONAL TRAINING AND CERTIFICATIONS
    » Certified Information Security Systems Professional (CISSP) #58218
    » GIAC Certified Web Application Defender (GWEB) 2011
    » GIAC Certified Forensic Analyst (GCFA) 2008

  • speaker photo
    Martin Bally
    VP & CSO, Diebold Nixdorf

    Martin Bally is currently the Vice President and Chief Security Officer for Diebold Nixdorf with more than 20 years of experience. Prior he spent four years in the legal and financial industry and 12 years at Chrysler. He holds a Master’s of Science in Information Assurance and the CISSP, CISM, CISO, and CRISC security certification.

  • speaker photo
    Marcia Mangold
    IT Manager - Awareness and Training, Blue Cross Blue Shield of Michigan

    Marcia Mangold (CISSP) is the manager of IS Awareness and Training for BCBSM. She has spent 18+ years in IT/IS, as a business enabler for several multinational businesses. Marcia is a founding board member of the local ISC2 chapter and an active member of ISSA and the Michigan InfraGard Chapters.

  • speaker photo
    David Barton
    Managing Director, UHY Advisors

    David Barton is a Managing Director with UHY Advisors and practice leader of the Internal Audit, Risk, and Compliance practice, which provides consulting and audit services around information technology controls, cybersecurity, and compliance. He has over 25 years of practical experience in information systems and technology risk and controls.
    David is frequently asked to speak at national and regional events, such as SecureWorld and the Cloud Security Alliance Congress. He is the primary author of the CSA position paper on AICPA Service Organization Control Reports. He regularly provides his input and opinions for national publications such as Compliance Week, Accounting Today, and the Atlanta Journal Constitution.
    David holds an MBA and BS in Business Administration from Appalachian State University. He is Certified in Risk and Information Systems Control (CRISC), received the Certified Information Systems Auditor (CISA) designation in 1987, and is a member of the Atlanta chapter of the Cloud Security Alliance. David has active civic memberships with the Atlanta chapter of the Porsche Club of America and the Tire Rack Street Survival® program for teen driver education. He is also a certified high-performance driving instructor and former Porsche Club racer.

  • speaker photo
    Barbara Hiemstra
    Board VP, WMCSC Co-Chair, Western Michigan Cyber Security Consortium

    Barbara Hiemstra, Informaiton Security Governance Manager for Perrigo, has over 25 years of public/private technology experience. As Vice-President of the Cybercrime Support Network Board of Directors, CSN is working with local agencies to improve resources for cybercrime victims across the U.S.

  • speaker photo
    Brett Williams
    Major General, U.S. Air Force (Retired)

    Major General (Ret) Brett Williams co-founded IronNet Cybersecurity and is the President of the Operations, Training and Security Division. Providing strategic vision and the foundational security platform solutions for IronNet, General Williams also serves as the Chief Security Officer responsible for product, enterprise and physical security. His division provides security analytics, hunt operations, and threat analysis and intelligence support for the IronNet Cyber Operations Center, as well as product training and support for client operations centers.

    A highly experienced combat fighter pilot, General Williams held several significant command positions during his 33-year career with the U.S. Air Force. As Director of Operations for U.S. Cyber Command, General Williams was the architect of DoD's operational approach to cyberspace operations. He was responsible for the operations and defense of DoD networks, and offensive cyberspace operations in support of U.S. strategic objectives. General Williams also served as Director of Operations (A30) at the Pentagon, leading more than 1,300 Airmen and civilians stationed worldwide; and as Director of Communications, Command and Control for U.S Pacific Command.

    As an authority on cybersecurity, General Williams has appeared on NBC's Meet the Press with Chuck Todd, ABC's This Week with George Stephanopoulos and MSNBC's The Last Word with Lawrence O'Donnell. In addition, he conducts cyber-risk training seminars for corporate boards as a faculty member of the National Association of Corporate Directors. He earned a BS in Computer Science from Duke University and three additional graduate degrees in management and national security studies.

  • speaker photo
    Mike Donofrio
    Director, IT Security & Compliance, Martinrea Inc.
  • speaker photo
    Clark R. Crain
    CTO, Comp-West, LLC

    Clark has been a CISSP for more than 17 years, a CISM for 12 years, and a CRISN for more than six years. He has worked as a Security Architect for many large companies in retail, financial, healthcare, utilities, and manufacturing. He has been involved in cloud security since the formation of the Cloud Security Alliance.

  • speaker photo
    Dr. Faith Heikkila
    Information Security Architect - Governance, Perrigo Company plc

    Faith Heikkila, Ph.D., CISM, FIP, CIPM, CIPP-US is an Information Security Architect - Governance at Perrigo Company plc. Dr. Heikkila has prior CISO practitioner experience in overall information security governance, compliance, vendor management, protection of personal and financial information, along with GDPR expertise in a global pharmaceutical company.

  • speaker photo
    Joe Carusillo
    Program Director, Security Client Initiatives, IBM

    Joe Carusillo currently serves as Program Director of Client Initiatives for IBM’s Security Business Unit. His responsibilities include leading the team responsible for developing and driving the implementation of the strategy for vertical industry sales, consulting, solution development and thought leadership for IBM Security. They also include managing the Security Tiger Sales team and the IBM Security Strategic Accounts program.

  • speaker photo
    Shanee Yelder
    IT Audit Specialist, Meadowbrook Insurance Group

    Shanee has Big 4 accounting firm and private sector (financial services) experience working as an IT Auditor. She holds a BS in Business Administration with a concentration in Information Systems Management and is currently pursuing a MBA.

  • speaker photo
    Mark Testoni
    President & CEO of SAP National Security Services (NS2), President of NS2 Serves

    Testoni is among the nation’s leading experts in the application of technology to solve problems in government and industry, in the U.S. national security space. With more than 15 years of tech industry experience, 20 years in the U.S. Air Force and 30 years of public-sector management experience, Testoni is a sought-after business strategist and thought leader.

  • speaker photo
    Kevin Peterson
    Director of Security and Network Transformation, Zscaler

    Kevin Peterson is the director or security and network transformation at Zscaler, where he primarily works with the largest cloud security deployments to ensure that the desired business objectives are achieved. He brings with him the advantage of having lead the security efforts for one of McKesson's (Fortune 10) major business units (75 software products, managed services...), as well as the company-wide cloud security strategy, ranging from A to Z (Azure to Zscaler!). As a top practitioner and trusted advisor on both enterprise and cloud security topics, his goal is helping everyone achieve the most effective security with the lowest cost to the business. He is also a featured speaker on the Security Influencers Podcast (available on iTunes), co-author of one information security book, and patent holder on security technologies. And, of course, maintains a presence in the metro Atlanta information security community.

  • speaker photo
    Bob Bacigal
    AVP, Information Security Services, Amerisure
  • speaker photo
    Ron Winward
    Security Evangelist, Radware

    Ron Winward is a Security Evangelist for Radware, where he helps execute the company’s thought leadership on today’s security threat landscape. Ron brings nearly 20 years of experience in the Internet service provider space, most recently as Director of Network Engineering for a global infrastructure and colocation provider. With an expertise in network architectures and DDoS mitigation, Ron has helped design solutions for carriers, enterprises, and cybersecurity service providers around the world.

  • speaker photo
    Kierk Sanderlin
    Director of Engineering, Check Point Software

    Kierk Sanderlin is the Director of Engineering at Check Point Software Technologies. He has been in the cyber security space for almost 20 years and has been a regular speaker at various cyber security events across the region.

  • speaker photo
    Steven Aiello
    Sr. Technical Architect, AHEAD

    Mr. Aiello holds a BA in Technology Management and a Master's of Science with a concentration in
    Information Assurance. Currently, he is a Sr. Technical Architect with AHEAD, a consulting firm based
    in Chicago. Steven works closely with clients working across storage, virtualization and security silos.

  • speaker photo
    Kathy Ossian
    Founder & CEO, Ossian Law P.C.

    Kathy has practiced for over 30 years, 20 in Information Technology law. A frequent author and speaker on IT law topics, she is the Managing Editor of “Social Media and the Law” published by PLI. Kathy is an Advanced Certified Faculty Member at University of Phoenix and has been named as a Best Lawyer in America and a Michigan Super Lawyer in information technology law.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store