Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, September 13, 2017
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast - (VIP / INVITE ONLY)
    • session level icon
    Topic: Avoiding the Bidding War: Finding and Developing New Employees
    speaker photo
    Former Special Counsel , Director of the Federal Bureau of Investigation
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: Lookout
    8:00 am
    SecureWorld PLUS Part 1 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 203A

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 106

    The University of Massachusetts has developed a 4.5 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor – Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    8:00 am
    SecureWorld PLUS Part 1 - Threat Hunting and Analysis
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Technology Editor and author of "Threat Hunter" blog, SC Magazine
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 203B

    Threat intelligence has become the coin of the realm in fighting cybercrime. However, simply knowing who the bad guys are and what they do is not enough. You must be able to dig for actionable intelligence and apply that explicitly to your environment. Broadly speaking, we call that threat hunting. Once you have determined the nature and details of threats to your enterprise, you must be able to disseminate them in a manner that is understandable by both humans and machines.

    This full-day, hands-on workshop will introduce you to threat hunting techniques and tools—both free and commercial—that you can use and how to translate your findings to Stix for dissemination to a variety of audiences, as well as consumption by an increasing number of security devices such as IPSs and firewalls. You will work in a virtual lab environment using tools and techniques to discover threats, research them in depth, and create Stix profiles. By the end of the workshop you will have compiled a list of tools that you can use, evaluated those tools in a lab environment, created a Stix profile of an actual cyber campaign, and presented your profile to the rest of the class.

    Visit the Center for Digital Forensic Studies’ Training Portal to read the syllabus and other course related materials.

    For this workshop you will need to bring your own Windows laptop and have the current version of the Chrome browser pre-installed. All other tools will be available on a virtual lab machine you will connect to remotely.

    8:30 am
    Trend Micro: Securing Business Cloud Transformation
    • session level icon
    Security shouldn’t stand in the way of business agility, continuity, and flexibility provided by the cloud.
    speaker photo
    Enterprise Account Engineer, Trend Micro
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Room 103

    Cloud projects today are as commonplace as backyard barbecues. Security should be part of a recipe to successfully meet cloud business adoption metrics, such as Time to Service, Time to Value, and Customer Attainment. This presentation will present a high-level understanding of current challenges, regulations, and business objectives, providing business unit owners the knowledge and tools to securely and effectively deliver products and services to their customers.

    8:30 am
    Panel: Michigan CyberPatriot Partners With MEDC to Support 80 Teams For Season 10!
    • session level icon
    Learn about the national Cyber Security competition that will increase the number of students pursuing STEM Degrees.
    speaker photo
    Director, Center for Cyber Security & Intelligence Studies, University of Detroit Mercy
    speaker photo
    ATAG-Installations, DMVA Deputy Director, Commander 46th Military Police Command, Michigan Army National Guard and DMVA
    speaker photo
    CIS - Cybersecurity Program Lead, CyberPatriot Mentor, Henry Ford College
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Suite 3

    A Panel presentation about the Michigan CyberPatriot Program and the partnership with MEDC to provide 80 teams with support. Joining the discussion will be Coaches from across Michigan to help us understand the ins and outs of this National Cyber Competition for Middle and High School students, going into it’s 10 season!

    8:30 am
    Off-Shoring Shakeup – How GDPR Impacts Your Outsourcing Strategy
    • session level icon
    speaker photo
    Senior Manager, Security Compliance and Audit, WorkForce Software
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 105

    38% of US firms outsource to off-shore firms. Per Forbes.com, 86% of these service providers are concerned they will not comply with the new regime. While innovative efforts continue to address the challenge, customers wait in the wings. This session discusses how customer can respond to GDPR’s impact on offshoring.

    8:30 am
    Medjacking: Not Just a Theory
    • session level icon
    speaker photo
    Cybersecurity Lab Engineer, Thomas Edison State University
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Theater

    Medical devices have become more prevalent as the population has aged. The hardware application has changed from being externally affixed to internal and connected via IoT. Although these are exceptionally useful, they are also problematic as InfoSec has not been applied to the application and hardware.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Prevent Medical Device Nightmares in The IoMT
    • session level icon
    speaker photo
    CEO, The Privacy Professor, President, SIMBUS, LLC
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Medical devices can dramatically improve patients’ lives. However, if the devices do not have security built in, they will become a security and privacy nightmare in the Internet of Medical Things. Rebecca will describe the risks of using medical devices in the IoMT, detail real-life incidents, provide five actions to secure the devices (applicable to other types of IoT devices as well), and describe her work with the IEEE Par 1912 Standards working group.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable: (VIP / Invite Only)
    • session level icon
    Topic: Third Party Management in a Post GDPR World
    speaker photo
    CEO, The Privacy Professor, President, SIMBUS, LLC
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Boardroom
    11:15 am
    Cyber Resilience: Rethinking Cybersecurity Strategy
    • session level icon
    speaker photo
    Professor and Academic Program Director, Center for Cybersecurity, UDM
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 101

    A decade of data indicates that conventional cybersecurity approaches don’t work. This presentation offers a completely new paradigm for corporate cyber-protection; one that is a potentially much more effective means of securing critical assets.

    11:15 am
    Check Point Software: Protecting Your Enterprise From the Next Security Breach: Mobile Devices
    • session level icon
    speaker photo
    Mobility Expert, Check Point Software Technologies, Inc.
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 103

    BYOD is a reality. Learn how SandBlast Mobile takes an innovative approach to detecting and stopping mobile threats before they start. Whether your data is at rest on a device or in flight through the cloud, SandBlast Mobile helps protect you from vulnerabilities and attacks that put data at risk.

    11:15 am
    Centrify: It’s Time To Rethink Security
    • session level icon
    speaker photo
    Senior Technical Marketing Manager, Centrify
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 105

    Last year, over $80 billion was spent on cybersecurity (Gartner), yet 2/3rds of organizations were still breached (Forrester). The reason? 81% of data breaches involved weak, default or stolen passwords (Verizon). Join us to learn why current threats and today’s hybrid IT environment require changes to old security models and how Identity Services defends your organization against the most common cyber attacks.
    We’ll examine:
    The current (broken) state of security and the role identity plays in cyber attacks
    The massive rethink underway that redefines security to follow identity
    How identity services reduce th erisk of breaches by over 50%

    11:15 am
    Radware: Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Security Evangelist, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Theater

    Throughout 2017 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    11:15 am
    Identity Theft Through OSINT/Social Engineering
    • session level icon
    speaker photo
    Advisory Manager / Security Researcher, Deloitte
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Suite 3

    This talk will demonstrate how easy identity theft has become because of OSINT and the ability to easily social engineer and grab meta data. It will cover how an attacker uses OSINT to build targeted attacks; how an attacker builds a profile using software to represent their data about you; and how an attacker uses data points to pivot from one source to another online. The target was a randomly selected target. Not only does it cover his current activity but his cached activity, which enables attackers to target him. The story will show how an initial search to a complete PWNAGE was done on the individual because of a random blog that was discovered. This talk also shows how easily I was able to find his company’s email format and private IP addresses, which could have completely allowed me to own his company’s network because his company allowed BYOD. It will cover how you can better prepare and protect yourself.

    To learn more about this topic, read SecureWorld’s interview of Zee here:
    https://www.secureworldexpo.com/industry-news/dangers-identity-theft-open-source-intelligence

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Topic: Threat and Vulnerability Management in a Real-time World
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Boardroom
    12:15 pm
    LUNCH KEYNOTE: Optiv - Cloud Security is Application Security – Securing the Cloud as a Team
    • session level icon
    speaker photo
    Senior Director, Cloud Security, Optiv
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    “Infrastructure” is software in the era of Cloud; you should consider the software design choices as they impact not only the application structure, but also security in the Cloud. The convergence of the AppDev team and the security team allows for securing the cloud throughout the process without impacting agility. Bringing security in at the eleventh hour after applications have been built is not likely to be ideal either for development or production based workloads in the Cloud. This session offers:
    • Factors to consider when making software design choices
    • Tips on weaving security best practices into the SDLC without impeding the velocity of AppDev
    • Benefits of architecting applications hand in hand between AppDev and Security teams.

    1:15 pm
    Panel: What Will They Think of Next? (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Suite 3

    It would seem the more we “build a better mousetrap” the better the threats become. Will machine learning and AI be used against us in the future? Will these and other innovations be hacked and used for gain? Will the Crime as a Business platform take off where business competitors are utilizing these attacks for the upper hand? Perhaps the cars that are being hacked will evolve into driverless vehicles that are hacking companies from inside there own parking lots. What about drones? So many questions, let’s see what our experts say on this panel.
    Panelists:
    Patrick Vowles, IBM
    Leigh Frederick, Darktrace
    Matt Rose, Checkmarx
    Ron Winward, Radware
    John Fahey, Comodo

    1:15 pm
    Panel: Extortion-as-a-Service? (Ransomware and Beyond)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Remember when ransomware just seized up your computer and wanted you to send Bitcoin to unlock it? With the advances in cybercrime, the thieves are not only locking and encrypting your files, but they are also finding your dirty little secrets. You may not pay for the run of the mill files you have backed up, but you might be more inclined to pay even more to make sure no one finds out about you and a certain someone in accounting you are messaging. Or, what about all the credit card numbers you aren’t storing correctly? It would be a shame if your boss knew you were sending out resumes… Will these attacks also be available for purchase on the dark web?Join the discussion with our experts and come up with a plan to mitigate this problem.
    Panelists:
    Chris Olive, Thales
    Wolfgang Goerlich, cbi Secure
    Kierk Sanderlin, Check Point Security
    Mike Drummond, Carbon Black
    Rob Walk, Tenable

    1:15 pm
    RSA: Business-Driven Security: A New Plan for Chaos
    • session level icon
    speaker photo
    Senior Solutions Principal, RSA
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 103

    We will discuss how and why key-business drivers shape your security operations. We go beyond the guidance provided by NIST, and take a look at Risk Management, Threat Intelligence, Incident Workflow & Classification, Staffing Models, Use Cases & Prioritization, Escalation Plans, Security Controls, and Key Performance Indicators.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    How to Perform a Data Privacy Impact Assessment
    • session level icon
    Now I know how to do a DPIA!
    speaker photo
    Chief Information Security & Privacy Officer, WorkForce Software
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 105

    A practical guide to performing a Data Privacy Impact Assessment, including a fully completed DPIA example and a template you can use.

    3:00 pm
    The Enterprise IT Security Portfolio
    • session level icon
    speaker photo
    Vice President and Chief Information Officer, Schoolcraft College
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 103

    This presentation seeks to offer a high-level customer perspective overview of the security tool landscape with an eye toward the virtualized environment. The idea is not to go in-depth into any one topic but to discuss how the pieces fit together and the risk versus reward proposition.

    3:00 pm
    Securing Cyber Physical Systems
    • session level icon
    speaker photo
    Chair, Undergraduate Information Technology, Capella University
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Theater

    We are facing new cybersecurity challenges as a result of the growth of cyber physical systems. These systems form the core of the Internet of Things (IoT) which is expected to grow to 50 billion interconnected devices within the next few years. Traditional cybersecurity defense measures and technologies do not apply to the real time interaction, sub-second, minimum memory world of cyber physical sensors and components. This session will discuss the challenge of securing cyber physical systems.

    3:00 pm
    And the Clouds Break: Continuity in the 21st Century
    • session level icon
    speaker photo
    Hacker Strategist, MiSec
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 101

    The promise of cloud computing was a utility; always up, always on. But we’ve seen many outages. Time to dust off the continuity handbook, and revisit recovery for the twenty-first century. This session covers business impact analysis, business continuity, disaster recovery in utility computing and Cloud services. After all, the clouds break.

    3:00 pm
    Internet of Things Security and You
    • session level icon
    speaker photo
    Vehicle & Mobility Security, Ford Motor Company
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Suite 3

    IoT is older than you may imagine and each new advance came with a set of security issues. Learn from history, incidents and controls. Modern IoT is complex; architectures have many common emergent issues but it is possible to make good decisions if you understand the trade-offs.

    3:00 pm
    SecureWorld PLUS Part 2 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 203A

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 106

    The University of Massachusetts has developed a 4.5 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor – Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    3:00 pm
    SecureWorld PLUS Part 2 - Threat Hunting and Analysis
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Technology Editor and author of "Threat Hunter" blog, SC Magazine
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 203B

    Threat intelligence has become the coin of the realm in fighting cybercrime. However, simply knowing who the bad guys are and what they do is not enough. You must be able to dig for actionable intelligence and apply that explicitly to your environment. Broadly speaking, we call that threat hunting. Once you have determined the nature and details of threats to your enterprise, you must be able to disseminate them in a manner that is understandable by both humans and machines.

    This full-day, hands-on workshop will introduce you to threat hunting techniques and tools—both free and commercial—that you can use and how to translate your findings to Stix for dissemination to a variety of audiences, as well as consumption by an increasing number of security devices such as IPSs and firewalls. You will work in a virtual lab environment using tools and techniques to discover threats, research them in depth, and create Stix profiles. By the end of the workshop you will have compiled a list of tools that you can use, evaluated those tools in a lab environment, created a Stix profile of an actual cyber campaign, and presented your profile to the rest of the class.

    Visit the Center for Digital Forensic Studies’ Training Portal to read the syllabus and other course related materials.

    For this workshop you will need to bring your own Windows laptop and have the current version of the Chrome browser pre-installed. All other tools will be available on a virtual lab machine you will connect to remotely.

    3:45 pm
    Optiv Reception
    • session level icon
    Join Optiv and Partners for Happy Hour!
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 6:00 pm
    Location / Room: The Look Out Room at Ford Motor Conference & Event Center

    Join your peers for complimentary hors d’oeuvres and cocktails following the first day of SecureWorld. This is a great opportunity to network with other security professionals from the Detroit area and to discuss the hot topics from the day. Register here: https://live.optiv.com/profile/form/index.cfm?PKformID=0x312562cd1

    The Look Out Room at Ford Motor Conference & Event Center
    1151 Village Road
    Dearborn, MI 41124

  • Thursday, September 14, 2017
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Chief Strategist and Chief Security Officer, Security Mentor
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 203A

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 106

    The University of Massachusetts has developed a 4.5 hour SecureWorld Plus training class that focuses on designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who are currently using the NIST Cybersecurity Framework or are planning to use the NIST Cybersecurity Framework for their cybersecurity program will benefit from this course. The course will show attendees how to use Cloud Platforms to implement and maintain security controls based on the NIST Cybersecurity Framework.

    This innovative education and training program includes the following key elements:
    • A Controls Factory that consists of three main areas; Engineering, Technology and Business
    • The Engineering Area includes a focus on threats, vulnerabilities, assets, identities, business environment and the NIST Cybersecurity Framework
    • The Technology Area includes a focus on technical controls (based on the CIS 20 Critical Controls), security technologies, Security Operations Center (SOC) and technology testing
    • The Business Area includes a focus on business controls (based on ISO 27002), cyber workforce (based on the NICE Workforce Framework) and cyber risk program (based on AICPA Description Criteria)

    The class will help individuals and organizations acquire knowledge, skills and abilities to:
    • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF)
    • Create a comprehensive Cybersecurity Program based on the NIST Cybersecurity Framework, technical controls and business controls
    • Engineer, implement, manage the 20 critical controls based on the cloud platform
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Establish an executive scorecard to measure and communicate risks, and develop an action plan / program roadmap to remediate controls gaps

    About the Instructor – Larry Wilson:
    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 4 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:
    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013

    8:00 am
    SecureWorld PLUS Part 3 - Threat Hunting and Analysis
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Technology Editor and author of "Threat Hunter" blog, SC Magazine
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 203B

    Threat intelligence has become the coin of the realm in fighting cybercrime. However, simply knowing who the bad guys are and what they do is not enough. You must be able to dig for actionable intelligence and apply that explicitly to your environment. Broadly speaking, we call that threat hunting. Once you have determined the nature and details of threats to your enterprise, you must be able to disseminate them in a manner that is understandable by both humans and machines.

    This full-day, hands-on workshop will introduce you to threat hunting techniques and tools—both free and commercial—that you can use and how to translate your findings to Stix for dissemination to a variety of audiences, as well as consumption by an increasing number of security devices such as IPSs and firewalls. You will work in a virtual lab environment using tools and techniques to discover threats, research them in depth, and create Stix profiles. By the end of the workshop you will have compiled a list of tools that you can use, evaluated those tools in a lab environment, created a Stix profile of an actual cyber campaign, and presented your profile to the rest of the class.

    Visit the Center for Digital Forensic Studies’ Training Portal to read the syllabus and other course related materials.

    For this workshop you will need to bring your own Windows laptop and have the current version of the Chrome browser pre-installed. All other tools will be available on a virtual lab machine you will connect to remotely.

    8:00 am
    InfraGard Michigan Chapter Meeting and Presentation: Connected Vehicles
    • session level icon
    InfraGard Members Only
    speaker photo
    Senior Manager, Mandiant Global Consulting Services
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 9:15 am
    Location / Room: Keynote Theater

    Join InfraGard for their chapter meeting and presentation. This session is for InfraGard members only.
    Introductory Comments from the FBI
    Speaker – Mike Westra, Cybersecurity Technical Manager, Ford Motor Co.
    Title: Connected Vehicles
    Presentation: Connected Vehicles

    8:30 am
    Emergence of the Chief Digital Risk Officer
    • session level icon
    speaker photo
    VP & CSO, Diebold Nixdorf
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 103

    Digital technologies will increase organizations competitiveness, agility and reaction time. While increasing the speed of business, these digital technologies and processes will introduce greater security threats and evolution of digital risk management. Join Martin Bally as he discusses the Emergence of the Chief Digital Risk Officer.

    8:30 am
    How to Phish in Your Own Pond
    • session level icon
    Learn how to conduct a phishing exercise as a part of a training and awareness program.
    speaker photo
    IT Manager - Awareness and Training, Blue Cross Blue Shield of Michigan
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 105

    Information Security is the focus of nearly every organization. However, most programs consist of disjointed activities that are based on a compliance checklist, instead of a strategically planned IS Awareness program. In this session, we will focus on phishing as a part of a repeatable evolving robust security awareness program.

    8:30 am
    Anatomy of a Cyber-Heist: Examples of Advanced Cyber Risks
    • session level icon
    speaker photo
    Managing Director, UHY Advisors
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Theater

    One click is all it takes. Bring your A-game! This presentation will take you through how cyber crooks are getting away with some big pay days. We will explore techniques in use demonstrating an increasingly high level of sophistication, patience, and planning, so you can better plan your defenses.

    8:30 am
    Cybercrime & You...What Can You Do?
    • session level icon
    Resources for Cybercrime in MI
    speaker photo
    Privacy Engineer, Steelcase
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Suite 3

    Have you been a victim of Cybercrime? In 2016 MI reported over $24M in losses. Most Victims do not
    know where to go for help. Many communities lack the resources to support the volume of crimes.
    Come learn how the Cybercrime Support Network is working towards a solution.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Defending the Nation in Cyber Space
    • session level icon
    Former Director of Operations at U.S. Cyber Command
    speaker photo
    Major General, U.S. Air Force (Retired)
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    The Russians hacked the election, the Chinese are stealing our trade secrets, the Iranians and North Koreans see cyber as the ultimate asymmetric attack vector against the United States. Every day, the country’s critical infrastructure is under attack—financial services, the electric grid, oil and gas, telecommunications, transportation. As the former Director of Operations at U.S. Cyber Command, Maj Gen (Ret) Brett Williams is one of the few speakers available who can talk with the credibility that comes from being on the front lines of defending the Nation in cyberspace. General Williams unique combination of both military and private sector experience, provides a clear understanding of the nation-state cyber threat and how it could impact business interests in every sector.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: Building a Security Awareness Program: What Works and What Doesn’t
    speaker photo
    Director, IT Security & Compliance, Martinrea Inc.
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Boardroom
    11:15 am
    Cloud Provider Security – The Evolution Continues
    • session level icon
    speaker photo
    GRC Consultant, Comp-West, LLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Room 105

    Cloud providers have always stated that they secure the data residing in their cloud. As I have presented at a few Cloud Security Alliance conferences in the past, the security that is provided is dependent on the Service Level Agreement (SLA) verbiage. The same is still true, but some of the providers actually have essentially a menu of security tools. This presentation will explore these tools.

    11:15 am
    GDPR: Tick Tock, Time Is Running Out to Be in Compliance
    • session level icon
    speaker photo
    Information Security Architect - Governance, Perrigo Company plc
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Suite 3

    Practitioner’s view of the process to evaluate your global company’s European Union GDPR (General Data Protection Regulation) compliance approach. Insight into the process of working through the GDPR requirements, how to prepare for complying with these requirements by May 25, 2018, and the role of IT, information security, and compliance.

    11:15 am
    IBM: CyberSecurity Innovations
    • session level icon
    speaker photo
    Program Director, Security Client Initiatives, IBM
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 103

    IBM Security helps organizations outthink threats and outpace their competition with innovation strengthened by COGNITIVE systems that understand, reason, and learn to help analysts resolve incidents quickly. CLOUD security to help organizations plan, deploy, and manage security as workloads and data are moved across hybrid cloud environments. And COLLABORATE in real-time with threat intelligence crowdsourced from X-Force and a community of 14K+ users, as well as a security app marketplace to help analysts stay ahead of the threats.

    11:15 am
    Cybersecurity Regulatory Environment: The shift Towards More Stringent Requirements and the Need for Companies to Develop Risk-Based Cybersecurity Programs
    • session level icon
    speaker photo
    IT Audit Specialist, Meadowbrook Insurance Group
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 101

    We will discuss the current and the foreseeable future of cybersecurity regulations. We will also discuss why companies should take a risk-driven approach vs a compliance-driven approach to security.

    11:15 am
    From Boots to Suits - How Vets Are Taking Over Tech
    • session level icon
    speaker photo
    President & CEO of SAP National Security Services (NS2), President of NS2 Serves
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Theater

    Join Mark Testoni, President of NS2 Serves, to learn about an innovative program that focuses on training and employing veterans in high-tech careers. The three-month residential course offers training and certifications in world-class software solutions that support U.S. national security needs and commercial enterprises. The program has graduated over 130 veterans to date and placed them in high-tech careers at major corporations.

    12:00 pm
    ISSA Detroit (Motor City) Chapter Meeting: Advancing Without a Traditional Security Perimeter
    • session level icon
    ISSA Members ONLY - Lunch Served
    speaker photo
    Director of Security and Network Transformation, Zscaler
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Lookout

    Join us for an ISSA chapter meeting and presentation. This is intended for members only.

    Presentation:
    IT has struggled mightily the past couple of decades to ensure trusted access to business assets on the enterprise network. It’s been a mostly futile battle as criminals and insiders have learned how to leverage that trust to gain virtually unfettered access inside the network.
    Many IT organizations have relied on virtual private networks (VPN) and network access control (NAC) to give “trusted users” virtually unfettered access to enterprise network resources. As we’ve seen with innumerable network breaches, outside interlopers can exploit that trust factor to gain access, while insiders find cracks in defenses that allow them to tap into enterprise assets they have no rights to.
    The security model of the cloud era must focus on verified identity of users, their devices, and their roles. In adopting this model, we can focus on the techniques to verify users, whether they are inside or outside the network.

    12:00 pm
    Advisory Council Lunch Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: Vulnerability and Patch Management Program Best Practices
    speaker photo
    AVP, Information Security Services, Amerisure Mutual Insurance
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Boardroom
    12:15 pm
    LUNCH KEYNOTE: Radware - Game of Threats
    • session level icon
    speaker photo
    Security Evangelist, Radware
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Do you really know who are the real cyberattackers in today’s landscape?    Every day we hear about names, techniques, hacktivists, and new tools which are ransacking businesses and organizations world-wide. However, do you understand how these relate to each other and which of these vectors are the most heinous?   This presentation reveals a fascinating topic of how everything from hacking tools, patriotic hackers, to cyber cartels to DDoS vectors relate to one another, placing everything into context.   In fact, this presentation will allow for a detailed understanding of 52 different attack types and categories to be aware of and comprehend.  You will take away the notion of how varied each attack vector is and how many categories exist in the world of cyberattacks.

     

    1:15 pm
    Panel: Stopping the Attacks (Incident Response)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Security teams are struggling to keep up with the myriad of attack vectors that exist. Future InfoSec professionals will take a more adversarial approach to incident response. Will we have artificial intelligence helping threat hunters squash attacks before they can do any significant damage on the network while alerting the authorities in real time? Can a true partnership form between organizations and law enforcement to share information? Join our experts as they discuss challenges modern security teams face and how we can build a better plan for tomorrow.
    Panelists:
    Phillip Maddux, Signal Sciences
    Steve Shalita, Pluribus Networks
    Jim Labiszak, FireEye
    David Sterns, baramundi
    Grant Moerschel, SentinelOne
    Matthew Aubert, Cisco

     

    1:15 pm
    Check Point: Pass Known Good and Succeed in IT Security. Why Detection is Dead and Prevention is the Key.
    • session level icon
    speaker photo
    Director of Engineering, Check Point Software
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    We have tried for years to operationalize detection methodologies into our organizations. We have failed. Kierk will discuss the benefits of passing known good traffic and how that helps us to limit our attack surface and scale as an IT organization.

    1:15 pm
    Panel: Phishing and Social Engineering Scams 2.0
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Suite 3

    Phishing continues to be the #1 attack vector for the bad guys. Why? Simply put: it works. These attacks keep getting more realistic and sophisticated. In the future we should expect nothing less. Criminals will do more homework on their potential victims and possible pose as business leads or clients to gain our trust. What sales person doesn’t want email from a potential client who wants a new solution? Or they may just lay in wait until they’ve collected enough information to strike. Will they actually come to your business and drop thumb drives like pen testers do? Use drones to do their dirty work? Our experts will discuss the current state of affairs and brainstorm possible new scenarios.
    Panelists:
    Jon Clay, Trend Micro
    Jeremy Briglia, Qualys
    Kurt Wescoe, Wombat
    Brandon Reid, Mimecast
    Jeff Ostermiller, Zscaler

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Security KPIs for the Enterprise
    • session level icon
    speaker photo
    Sr. Technical Architect, AHEAD
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Theater

    Security programs are product driven and lack measures that articulate value to the business. If you’re a security leader who’s been struggling for mindshare within your organizatoin, KPIs are metrics that can help you achieve your goal.

    3:00 pm
    The Expanded Scope of the Computer Fraud & Abuse Act (It's Not Just For Hackers Anymore)
    • session level icon
    speaker photo
    Founder & CEO, Ossian Law P.C.
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Suite 3

    As the federal Computer Fraud and Abuse Act (CFAA) turns 33 years old, it is increasingly being applied not just to external hackers, but also to current and former employees, competitors, vendors and even customers. Information Technology attorney Kathy Ossian will discuss recent civil and criminal actions under the CFAA and the impact of its expanded scope on businesses.

Exhibitors
  • A10 Networks
    Booth: 224

    A10 Networks (NYSE: ATEN) is a Secure Application Services™ company, providing a range of high-performance application networking solutions that help organizations ensure that their data center applications and networks remain highly available, accelerated and secure.

  • ACP Michigan
    Booth: TBD

    The Association of Continuity Professionals (ACP) is a non-profit trade association dedicated to fostering continued professional growth and development in effective Contingency & Business Resumption Planning. ACP is the recognized premier international networking and information exchange organization in the business continuity industry.

  • Alert Logic
    Booth: 240

    Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.

  • Avecto
    Booth: 444

    Avecto is a leader in Privilege Elevation and Delegation Management. Since 2008, the company has enabled over 8 million users to successfully work without admin rights, enabling many of the world’s biggest brands to achieve the balance between overlocked and underlocked environments.

    Avecto’s Defendpoint software has been deployed in the most highly regulated industries, enabling organizations to achieve compliance, gain operational efficiency and stop internal and external attacks.

    Defendpoint combines privilege management and application control technology in a single lightweight agent. This scalable solution allows global organizations to eliminate admin rights across the entire business – across Windows and Mac desktops and even in the data center.

    Actionable intelligence is provided by Defendpoint Insights, an enterprise class reporting solution with endpoint analysis, dashboards and trend data for auditing and compliance.

  • Binary Defense Systems
    Booth: 235

    BDS is a company that works with you to understand your environment, what you have and building defenses to combat what we face today and for the attacks of tomorrow. Technology is continuously changing, businesses change every day – in order to keep up with the changes, BDS has created an extensively flexible yet highly accurate way of detecting attackers. We are attackers, and we know the best ways in detecting how attackers breach your network. An added bonus with BDS – continual penetration tests are performed regularly to enhance and develop additional safeguards. We are here to defend, protect and secure your company.

  • Bitdefender
    Booth: 231

    Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.

    From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.

  • BOMGAR
    Booth: 244

    Bomgar offers the most secure remote access and support technology on the planet. Each encrypted connection is outbound, so you can connect without VPN or firewall changes. You can leverage Active Directory and LDAPS to manage authentication, require multi-factor authentication, define more than 50 permissions for technicians and privileged users, and capture a detailed audit log of every remote connection.

  • CA Technologies
    Booth: 414

    CA Technologies helps customers succeed in a future where every business— from apparel to energy— is being rewritten by software. With CA software at the center of their IT strategy, organizations can leverage the technology that changes the way we live— from the data center to the mobile device.

    Our business management software and solutions help our customers thrive in the new application economy by delivering the means to deploy, monitor and secure their applications and infrastructure. Our goal is to help organizations develop applications and experiences that excite and engage and, in turn, open up money-making opportunities for their businesses.

  • Cadre Information Security
    Booth: 224

    Cadre is a network and information security solutions provider that serves large and medium sized firms. Widely recognized as a pioneer in the security industry, Cadre delivers value through superior customer service, advanced engineering and a resolute focus on design, assessment, installation, training and support of information security systems. All over the world, clients rely on Cadre to provide guidance and technical expertise on compliance, controlling technical risks, and achieving security goals.

  • Carbon Black
    Booth: 251

    Carbon Black is Transforming Security Through Big Data and Analytics in the Cloud Growing trends in mobility and cloud have made the endpoint the new perimeter. New and emerging attacks are beating traditional defenses, and security teams are too reactive and held back by their technologies. Carbon Black is leveraging the power of big data and analytics to solve the challenges surrounding endpoint security. With the Cb Predictive Security Cloud platform, we are transforming cybersecurity to deliver a new generation of cloud-delivered security solutions designed to protect against the most advanced threats.

     

  • Centrify
    Booth: 208

    Centrify provides unified identity management across data center, cloud and mobile environments. Centrify software and cloud-based Identity-as-a-Service (IDaaS) solutions leverage an organization’s existing identity infrastructure to enable single sign-on, multi-factor authentication, privileged identity management, auditing for compliance and mobile device management.
    Centrify customers can typically reduce their total cost of identity management and compliance by more than 50 percent.

  • Check Point Security
    Booth: 442

    Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. We are committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.

  • Cisco
    Booth: 206

    Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.

  • Core Security
    Booth: 233

    Enterprises are responsible for securing and managing access to corporate data and ensuring availability of enterprise applications and services at all times. Core Security offers threat-aware identity, access, authentication and vulnerability management solutions to help identity, security, and risk teams control access, reduce risk, and maintain continuous compliance.

    Our solutions provide actionable intelligence and context needed to manage identity access and security risk across the enterprise. By combining real-time insight into identity analytics with prioritized infrastructure vulnerabilities, organizations receive a more comprehensive view of their security posture. Organizations gain context and intelligence through analytics to make more informed, prioritized, and better security remediation decisions. This allows them to more rapidly and accurately identify, validate and proactively stop unauthorized access and defend against security threats.

  • Crossmatch/DigitalPersona
    Booth: 300

    Crossmatch is a world leader in biometric identity management solutions. Our technologies and expertise are helping organizations of all sizes achieve new levels of efficiency, expand in new markets and find powerful new ways to protect people, property and profits. Heavy reliance on digital transactions, growing mobile workforces, global demand for e-gov services and the need for enhanced security at borders, in law enforcement and on battlefields all point to a clear need for the confidence and certainty of biometrics. Security-minded organizations in both the public and private realms understand the power and necessity of biometrics — and they are increasingly looking for an established partner to help solve this identity management challenge.

  • CyberArk Software
    Booth: 436

    CyberArk® Software is a global information security company that specializes in protecting and managing privileged users, sessions, applications and sensitive information to improve compliance, productivity and protect organizations against insider threats and advanced external threats. With its award-winning Privileged Identity Management, Privileged Session Management and Sensitive Information Management Suites, organizations can more effectively manage and govern data center access and activities, whether on-premise, off-premise or in the cloud, while demonstrating returns on security investments.

  • Cylance
    Booth: 446

    Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.

  • Darktrace
    Booth: 308

    Darktrace is the world’s leading machine learning company for cyber security. Created by mathematicians from the University of Cambridge, the Enterprise Immune System uses AI algorithms to automatically detect and take action against cyber-threats within all types of networks, including physical, cloud and virtualized networks, as well as IoT and industrial control systems. A self-configuring platform, Darktrace requires no prior set-up, identifying advanced threats in real time, including zero-days, insiders and stealthy, silent attackers. Headquartered in San Francisco and Cambridge, UK, Darktrace has 24 offices worldwide.

  • Data Partners
    Booth: 234

    At Data Partner Inc. we understand the intimacy of being an extension of your IT organization. We build trusting and long-lasting relationships with the world’s leading organizations both large and small. Our goal is to help companies maximize the ROI on their IT spend while solving those business challenges. We specialize in: Block, Unified & Object Storage, Data Aware Storage, Hybrid Storage, Cybersecurity, Servers & Compute ,Cloud Consulting, Disaster Recovery, Wireless, Network Architecture & Data Center Networking, Virtualization & Hyper-Converged Infrastructure, Telecom & Mobility, Management and Professional Staffing Services.

  • Duo
    Booth: TBD

    Duo was founded with the belief that security can only be effective if it is easy to use. Through that vision, Duo has built a world-class security platform that is actually enjoyable to use. Duo supports thousands of customers and millions of users in organizations like Accenture, Boston Medical, Emblem Health, Facebook, Toyota, Twitter, Virginia Tech, Yelp and others, and enjoys the highest NPS score in the industry.

  • EC-Council
    Booth: TBD

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • ECTF
    Booth: TBD

    As a result of the amalgamation of advanced technology and the Internet, both the quantity and sophistication of cybercrimes targeting U.S. financial institutions and critical infrastructure have increased. Today, criminal trends show an increased use of phishing emails, account takeovers, malicious software, hacking attacks and network intrusions resulting in significant data breaches. To protect the nation’s financial infrastructure from cyber and financial criminals, the Secret Service has adopted a multipronged approach.

  • Endace
    Booth: 307

    Customers choose Endace products for one primary reason: they deliver, where competitor products fail. Whether it is capture accuracy, fidelity of time stamps, write-to-disk performance or speed of traffic retrieval, Endace is famous for delivering the very best performing products. Telcos, broadcasters, governments, defence departments, investment banks and many other large enterprises trust our products to help them manage their critical data networks.

  • International Information Systems Security Certification Consortium, Inc., (ISC)²®
    Booth: 307

    Headquartered in the United States and with offices in London, Hong Kong and Tokyo, the International Information Systems Security Certification Consortium, Inc., (ISC)²®, is the global, not-for-profit leader in educating and certifying information security professionals throughout their careers. We are recognized for Gold Standard certifications and world class education programs.

    We provide vendor-neutral education products, career services, and Gold Standard credentials to professionals in more than 135 countries. We take pride in our reputation built on trust, integrity, and professionalism. And we’re proud of our membership – an elite network of nearly 90,000 certified industry professionals worldwide.

  • Exabeam
    Booth: 450

    The Exabeam Security Intelligence Platform provides organizations of all sizes with end-to-end detection, analytics, and response capabilities from a single security management and operations platform. Exabeam SIP includes Exabeam Log Manager, a modern log management system, built on top of ElasticSearch to provide unlimited data ingestion at a predictable, cost effective price. Exabeam SIP detects complex, multi-stage threats using the analytics capabilities of Exabeam Advanced Analytics; the world’s most deployed User and Entity Behavior Analytics (UEBA) solution. Finally, Exabeam SIP improves incident response efficiency with Exabeam Incident Responder, an API based security orchestration and automation solution.

  • FireEye
    Booth: 402

    FireEye (https://www.fireeye.com/) is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 7,100 customers across 67 countries, including more than 45 percent of the Forbes Global 2000.

  • Forcepoint
    Booth: 406

    Forcepoint safeguards users, data and networks against the most determined adversaries, from insider threats to outside attackers, across the threat lifecycle – in the cloud, on the road, in the office. It simplifies compliance and enables better decision-making for more efficient remediation, empowering organizations to focus on what’s most important to them.

  • Gemalto
    Booth: 401

    SafeNet and Gemalto have joined forces to create the worldwide leader in enterprise and banking security from core data protection to secure access at the edge of the network. Together, we protect more data, transactions, and identities than any other company, delivering security services that are used by more than 30,000 businesses and two billion people in more than 190 countries around the world. We support 3,000 financial institutions and secure more than 80% of the world’s intra-bank fund transfers, and protect the world’s leading software applications.

  • Gigamon
    Booth: 424

    Gigamon is leading the convergence of network and security operations to reduce complexity and increase efficiency of security stacks. Our GigaSECURE® Security Delivery Platform is a next generation network packet broker that makes threats more visible – across cloud, hybrid and on-premises environments, deploy resources faster and maximize the performance of security tools.

  • GuardiCore
    Booth: 448

    GuardiCore is specially designed for today’s software-defined and virtualized data centers and clouds, providing unparalleled visibility, active breach detection and real-time response. Its lightweight architecture scales easily to support the performance requirements of high traffic data center environments. A unique combination of threat deception, process-level visibility, semantics-based analysis and automated response engages, investigates and then thwarts confirmed attacks with pin-point accuracy.

  • GuidePoint Security LLC
    Booth: 232

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

  • HTCIA Michigan
    Booth: 308

    We are the Michigan chapter of the worldwide High Technology Crime Investigation Association. Our membership consists of people from the private and public sectors. We have members from the U.S. Attorney’s Office, The State of Michigan, FBI, Treasury, and Customs. We also have members who represent cities, counties and townships, as well as universities and law enforcement.

  • IBM
    Booth: 416

    Digital is the wires, but digital intelligence, or artificial intelligence as some people call it, is about much more than that. This next decade is about how you combine those and become a cognitive business. It’s the dawn of a new era.

  • Infoblox, Inc
    Booth: 438

    For 17 years, we’ve been the market leader for core network services, including DNS, DHCP, and IP address management, a category known as DDI.

  • InfraGard Michigan
    Booth: TBD

    InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. With thousands of vetted members nationally, InfraGard’s membership includes business executives, entrepreneurs, military and government officials, computer professionals, academia and state and local law enforcement; each dedicated to contributing industry specific insight and advancing national security.

  • IronNet
    Booth: 214

    IronNet is a Cybersecurity / Behavior Analytics Product and Cyber Services company started by former NSA Director Keith Alexander (retired 4-star General). IronDefense, our behavior analytics system, brings real-time visibility and cutting edge analytics to customer networks to discover the most elusive threats, then ranks them by risk through an expert system to amplify analyst capabilities.

  • (ISC)2
    Booth: TBD

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • ISACA Detroit
    Booth: TBD

    Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the metro Detroit area.

  • ISSA Motor City
    Booth: TBD

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals. The Motor City chapter is located in the automotive capital of the United States, Detroit, MI. Our chapter is committed to educating, consulting, advising, and overall improving information security for our technology infrastructures.

  • Ixia, a Keysight Business
    Booth: 248

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • LogRhythm
    Booth: 440

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • McAfee
    Booth: 256

    Founded in 1989 and headquartered in Somerset, NJ, SHI International Corp. is a $7.5 billion global provider of information technology products and services. Driven by the industry’s most experienced and stable sales force and backed by software volume licensing experts, hardware procurement specialists, and certified IT services professionals, SHI delivers custom IT solutions to Corporate, Enterprise, Public Sector and Academic customers. With 3,500 employees worldwide, SHI is the largest Minority/Woman Owned Business Enterprise (MWBE) in the United States and is ranked 12th among CRN’s Solution Provider 500 list of North American IT solution providers. For more information, please

  • Merit
    Booth: 312

    Merit Network is a non-profit, member-owned organization governed by Michigan’s public universities. Founded in 1966, Merit owns and operates America’s longest-running regional research and education network. After 50 years of innovation, Merit continues to provide high-performance services to the educational communities in Michigan and beyond.

    Merit continues to leverage its experience managing NSFNET, the precursor to the modern Internet, to catapult Michigan into the forefront of networking technologies. Through Merit, organizations have access to leading-edge network research, state and national collaborative initiatives and international peering.

  • Mimecast
    Booth: 226

    Mimecast Is Making Email Safer For Business.
    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service.
    Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • Mobile Technology Association of Michigan
    Booth: TBD

    The Mobile Technology Association of Michigan (MTAM) is a non-profit trade association for Michigan’s mobile/wireless (connected) technologies industry, businesses that provide these technologies, and the businesses – in all industries – that use these technologies. We are the first state-based mobile/wireless (connected) technologies trade association in the U.S. and we are focused on increasing demand for Michigan-based mobile/wireless technology products and services within the state, nationally and globally, thereby generating increased entrepreneurial and enterprise-level opportunities and creating sustainable jobs in Michigan.

  • Okta
    Booth: 412

    Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

  • Optiv
    Booth: 420

    Optiv is the largest holistic pure-play cyber security solutions provider in North America. Our diverse and talented employees are committed to helping businesses, governments and educational institutions plan, build and run successful security programs through the right combination of products, services and solutions related to security program strategy, enterprise risk and consulting, threat and vulnerability management, enterprise incident management, security architecture and implementation, training, identity and access management, and managed security.

    Created in 2015 as a result of the Accuvant and FishNet Security merger, Optiv has served more than 12,000 clients of various sizes across multiple industries, offers an extensive geographic footprint, and has premium partnerships with more than 300 of the leading security product manufacturers.

  • Palo Alto Networks
    Booth: 400

    Palo Alto Networks™ is the network security company. Its next-generation firewalls enable unprecedented visibility and granular policy control of applications and content – by user, not just IP address – at up to 20Gbps with no performance degradation. Based on patent-pending App-ID™ technology, Palo Alto Networks firewalls accurately identify and control applications – regardless of port, protocol, evasive tactic or SSL encryption – and scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. Most recently, Palo Alto Networks has enabled enterprises to extend this same network security to remote users with the release of GlobalProtect™ and to combat targeted malware with its WildFire™ service. For more information, visit www.paloaltonetworks.com.

  • Proofpoint
    Booth: 246

    Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.

    Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.

  • Qualys, Inc.
    Booth: 236

    Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 120 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

  • Radware
    Booth: 230

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • Rapid7
    Booth: 202

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • RSA Security
    Booth: 422

    RSA, The Division of EMC, is the premier provider of security solutions for business acceleration, helping the world’s leading organizations succeed by solving their most complex and sensitive security challenges. RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection.

  • SailPoint
    Booth: 222

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • Splunk
    Booth: TBD

    You see servers and devices, apps and logs, traffic and clouds. We see data—everywhere. Splunk® offers the leading platform for Operational Intelligence. It enables the curious to look closely at what others ignore—machine data—and find what others never see: insights that can help make your company more productive, profitable, competitive and secure. What can you do with Splunk?
    Just ask.

  • Synopsys
    Booth: 250

    Synopsys offers the most comprehensive solution for integrating security and quality into your SDLC and supply chain. Whether you’re well-versed in software security or just starting out, we provide the tools you need to ensure the integrity of the applications that power your business. We don’t stop when the test is over. Our experts also provide remediation guidance, program design services, and training that empower you to build and maintain secure software. For more information go to www.synopsys.com/software.

  • TechTarget
    Booth: TBD

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tenable
    Booth: 309

    Tenable™, Inc. is the Cyber Exposure company. Over 24,000 organizations of all sizes around the globe rely on Tenable to manage and measure their modern attack surface to accurately understand and reduce cyber risk. As the creator of Nessus®, Tenable built its platform from the ground up to deeply understand assets, networks and vulnerabilities, extending this knowledge and expertise into Tenable.io™ to deliver the world’s first platform to provide live visibility into any asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, large government agencies and mid-sized organizations across the private and public sectors. Learn more at tenable.com.

  • Thales e-Security
    Booth: TBD

    Thales e-Security is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales e-Security is part of Thales Group.

  • Trend Micro
    Booth: 210

    As a global leader in cloud security, Trend Micro develops Internet content security and threat management solutions that make the world safe for businesses and consumers to exchange digital information. With more than 20 years of experience, we’re recognized as the market leader in server security for delivering top-ranked client, server, and cloud-based security solutions that stop threats faster and protect data in physical, virtualized, and cloud environments.

  • Tripwire
    Booth: 426

    Tripwire Enterprise is a security configuration management suite whose Policy Management, Integrity Management, and Remediation Management capabilities stand alone or work together as a comprehensive, tightly integrated SCM solution. Along with Tripwire Configuration Compliance Manager, Tripwire can address the range of enterprise systems that can be monitored with an agent or agentlessly.

  • TrustedSec
    Booth: 235

    TrustedSec is a leader in attack intelligence and security advisory services. Our team of highly talented, skilled, senior consultants sets us apart from other commodity-service security companies. We form partnerships with our number one goal to help you holistically improve your security program. You’ll find that working with us amounts to more than “just another engagement”—it’s establishing an understanding with your organization, and working to make you more secure, and better as a whole.

     

  • Venafi
    Booth: 220

    Venafi secures and protects keys and certificates so they can’t be used by bad guys in cyber attacks. Criminals want to gain trusted status and go undetected. This makes keys and certificates a prime target. Criminals steal and compromise keys and certificates that are not properly protected, and use them to circumvent security controls. This has become the attack of choice. As a Gartner-recognized Cool Vendor, Venafi delivered the first trust protection platform to secure cryptographic keys and digital certificates that businesses and governments depend on for secure communications, commerce, computing, and mobility. Venafi finds all keys and certificates and puts them under surveillance to detect anomalies. Vulnerable keys and certificates are fixed to prevent attack. Ongoing remediation is performed automatically. Venafi strengthens defenses of today’s critical security controls.

  • VioPoint
    Booth: 218

    VioPoint, an information security consulting firm located in Auburn Hills, Michigan, offers a variety of security solutions that help customers address information security challenges with fewer resources. Knowing the complexity of managing risk and compliance in today’s business climate, VioPoint provides trusted and experienced advisors to help address strategic and tactical issues within customer security programs. With experience across a broad spectrum of industries including insurance, healthcare, banking, education, and energy, VioPoint provides a blend of consulting and best-in-class technology solutions that helps their clients effectively manage risk.

  • Walsh College
    Booth: 306

    At Walsh College, we blend business theory and real-world experience to deliver educational programs that boost career success. Our faculty are not only dedicated teachers, but also business professionals who integrate their experience into what you learn in class. Administrative staff deliver personal service in a professional learning environment.

    Founded in 1922 and celebrating more than 90 years of business education, we offer 16 business and related technology degree programs at the bachelor’s and master’s levels that are responsive to student, employer, and community needs. Walsh is a private, not-for-profit institution offering courses and services at locations in Troy, Novi, Clinton Township, Port Huron, and online.

  • Wombat Security Technologies
    Booth: 212

    Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS cyber security education solution includes a platform of integrated broad assessments, and a library of simulated attacks and brief interactive training modules, to reduce employee susceptibility to attack, even phishing attacks, over 80%.

  • Zscaler
    Booth: 216

    Zscaler’s Cloud-delivered security solution provides policy-based secure internet access for any employee, on any device, anywhere. Our proxy and scanning scalability ensures ultra-low latency in a 100% SaaS security solution requiring no hardware, software or desktop all while providing complete control over security, policy and DLP.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Matt Olsen
    Former Special Counsel , Director of the Federal Bureau of Investigation

    Mr. Olsen also served at the Department of Justice in a number of leadership positions and was responsible for national security and criminal cases. He was a federal prosecutor for over a decade and served as Special Counsel to the Director of the Federal Bureau of Investigation.

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Dr. Peter Stephenson
    Technology Editor and author of "Threat Hunter" blog, SC Magazine

    Dr. Peter Stephenson is the Technology Editor and author of the “Threat Hunter” blog in SC Magazine, a leading industry publication for which he has written for over 20 years. He is a cyber criminologist, digital investigator and digital forensic research scientist, as well as being a writer, researcher and lecturer on cyber threat analysis, cyber criminology, cyber jurisprudence and cyber criminalistics on large-scale computer networks.

    He has lectured extensively on digital investigation and security, and has written, edited or contributed to 20 books and several hundred articles and peer-reviewed papers in major national and international trade, technical and scientific publications. He is the series editor of the new Peter Stephenson Series on Cyber Crime Investigation (Auerbach). He spends his time in retirement as a writer and researcher specializing in cyber threat analysis, cyber criminology, and cyber jurisprudence.

    Dr. Stephenson was an Associate Professor and the Chief Information Security Officer for Norwich University and, prior to his retirement in July of 2015, was Director of the Norwich University Global Cyber Threat Observatory and Center for Advanced Computing and Digital Forensics, both of which he founded. He received the Distinguished Faculty Award in the Norwich College of Graduate and Continuing Studies. He retired from the university in July, 2015.

    Dr. Stephenson has lectured or delivered consulting engagements for the past 45 years in eleven countries plus the United States and has been a technologist for fifty-three years.

    Dr. Stephenson obtained his PhD by research in computing at Oxford Brookes University, Oxford, England where his research was in the structured investigation of digital incidents in complex computing environments. He holds a Master of Arts degree (cum laude) in diplomacy with a concentration in terrorism from Norwich University. He currently is pursuing a second PhD in law focusing on cyber jurisprudence research.

    Dr. Stephenson is a full member of the Vidocq Society, for which he acts as Chief Information Security Officer, and has retired as a Fellow of the American Academy of Forensic Sciences. He is a member of the Albany chapter of InfraGard. He held—but has retired from—the CCFP, CISSP, CISM, FICAF and FAAFS designations, and currently is a licensed professional investigator in Michigan.

  • speaker photo
    Christopher Russell
    Enterprise Account Engineer, Trend Micro

    As an enterprise account engineer at Trend Micro Inc., Christopher Russell focuses on Hybrid Cloud and Data Security, xGEN Endpoint Security, and Network Security. Chris acts as a liaison between enterprise customers, the Trend Micro sales team, and the Trend Micro product teams, providing a hands-on, real-world perspective. Prior to joining Trend Micro in 2014, Chris, a self-described “IT generalist,” held various leadership positions within a variety of technology organizations—categories ranging from corporate business to higher education institutions.

  • speaker photo
    Tamara Shoemaker
    Director, Center for Cyber Security & Intelligence Studies, University of Detroit Mercy

    Tamara Shoemaker began her professional career as Lead Investigator and owner of Quest Private Investigations. After twelve years in the Criminal Justice world she brought those talents to the Center for Cyber Security and Intelligence Studies at the University of Detroit Mercy. As the Director for the center, she has become an evangelist for the CyberPatriot Program. She founded the Michigan CyberPatriot program to grow the number of teams participating across Michigan. In October MCISSE was honored to become the 12th Center of Academic Excellence with the AFA’s National CyberPatriot program for the work Tamara spearheaded.

  • speaker photo
    Michael A. Stone
    ATAG-Installations, DMVA Deputy Director, Commander 46th Military Police Command, Michigan Army National Guard and DMVA

    Major General Michael A. Stone is the Commander, 46th Military Police Command, Michigan Army National Guard. In this capacity he provides leadership, mission command and strategic priorities in order to ensure effective and efficient accomplishment of the Command’s missions. General Stone is also an Assistant Adjutant General and responsible for Army armories and installations in the State of Michigan and a Deputy Director of the Michigan Department of Military & Veterans Affairs.

  • speaker photo
    Marrci Conner
    CIS - Cybersecurity Program Lead, CyberPatriot Mentor, Henry Ford College

    Marrci has been a Full-time Faculty member of Henry Ford College for the past 10 years. She has over 15 years’ experience as an IT Professional specializing in computer Security. She currently teaches computer programming, digital forensics and cybersecurity courses. Her educational background includes a Bachelor's degree in Business Information Systems from the University of Detroit-Mercy and a Master's in Business Administration/Information Assurance from Walsh College. She holds a Computer Information Systems Security Profession (CISSP) and CompTia Network+ certifications. Her favorite quote is: I don’t know if students will remember everything I taught them but I hope they remember how I made them feel about computer & cybersecurity!

  • speaker photo
    Steven F. Fox
    Senior Manager, Security Compliance and Audit, WorkForce Software

    Steven F. Fox makes sense of security through business outcomes as Sr. Manager of Security Compliance and IT Audit at Workforce Software. He brings a cross-disciplinary, international perspective to the practice of information security; combining his extensive public and private-sector IT background with principles from industrial and behavioral psychology to address security challenges.

  • speaker photo
    Charles Parker II
    Cybersecurity Lab Engineer, Thomas Edison State University

    Charles Parker, II has been in the computer science/InfoSec industry for over a decade in working with medical, sales, labor, OEM and Tier 1 manufacturers, and other industries. Presently, he is a Cybersecurity Lab Engineer at a Tier 1 manufacturer and professor. To further the knowledge base for others in various roles in other industries, he published in blogs and peer reviewed journals. He has completed several graduate degrees (MBA, MSA, JD, LLM, and PhD (ABD)), completed certificate programs in AI from MIT and other institutions, and researches AI’s application to InfoSec, FinTech, and other areas, and is highly caffeinated.

  • speaker photo
    Rebecca Herold
    CEO, The Privacy Professor, President, SIMBUS, LLC

    Rebecca is CEO of The Privacy Professor® consultancy and President of SIMBUS, LLC, an infosec, privacy, technology, and compliance management cloud service. Rebecca has over 25 years of experience, has authored 19 books and hundreds of book chapters and published articles, and serves as an expert witness for information security, privacy, and compliance issues. Rebecca appears regularly on the KCWI23 morning television show and is based in Des Moines, Iowa.

  • speaker photo
    Rebecca Herold
    CEO, The Privacy Professor, President, SIMBUS, LLC

    Rebecca is CEO of The Privacy Professor® consultancy and President of SIMBUS, LLC, an infosec, privacy, technology, and compliance management cloud service. Rebecca has over 25 years of experience, has authored 19 books and hundreds of book chapters and published articles, and serves as an expert witness for information security, privacy, and compliance issues. Rebecca appears regularly on the KCWI23 morning television show and is based in Des Moines, Iowa.

  • speaker photo
    Dan Shoemaker
    Professor and Academic Program Director, Center for Cybersecurity, UDM

    Dan Shoemaker has written ten books and countless articles in the field of cybersecurity. Over the past fifteen years, he has made numerous presentations around the US and in Europe on that topic. He was a subject matter expert in the creation of CSEC2017. and also, for NICE. He is a Full Professor and the Academic Program Director for the Masters in Cybersecurity at the University of Detroit Mercy. That degree has been a National Security Agency sanctioned Center of Academic Excellence in Cyber Defense since 2004.

  • speaker photo
    Bobby Buggs
    Mobility Expert, Check Point Software Technologies, Inc.

    Bobby Buggs is a Telecommunications professional that hails from Flint, MI. Bobby has worked in the mobile/wireless industry for over 19 years. Over the course of his career, Bobby has held numerous roles in both sales and technical disciplines. Bobby is also a MSU alumni.

  • speaker photo
    Louise Popyk
    Senior Technical Marketing Manager, Centrify
  • speaker photo
    Ron Winward
    Security Evangelist, Radware

    Ron Winward is a Security Evangelist for Radware, where he helps execute the company’s thought leadership on today’s security threat landscape. Ron brings nearly 20 years of experience in the Internet service provider space, most recently as Director of Network Engineering for a global infrastructure and colocation provider. With an expertise in network architectures and DDoS mitigation, Ron has helped design solutions for carriers, enterprises, and cybersecurity service providers around the world.

  • speaker photo
    Zee Abdelnabi
    Advisory Manager / Security Researcher, Deloitte

    Zee is a security researcher and a manager experienced in managing large, complex global teams that focus on: advanced penetration testing, connected car security, SIEM, vulnerability management, threat modeling, and mobile security. Zee is an active security community member.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    John Turner
    Senior Director, Cloud Security, Optiv

    John Turner is an accomplished IT executive with more than 20 years of leadership and operational IT experience. As the director of cloud security enablement at Optiv, Turner’s team of cloud architects are responsible for helping to ensure the successful integrated delivery of cloud security solutions. Turner plays a key part in bringing different areas of Optiv’s team together to deliver seamless cross practice wins. Turner also works as part of the cloud leadership team to define Optiv’s strategy and product portfolio.

    Turner’s extensive operational background brings a unique client first perspective to the execution of Optiv’s cloud security practice. An early cloud veteran, Turner has first-hand experience moving his previous organizations to the cloud, as well as experience managing app-dev and dev-ops teams. His background also includes extensive experience with infrastructure, WLAN, performance management, analytics, data center builds, enterprise resource planning implementations, identity and access
    management development, firewall and identity-based networking.

    Prior to joining Optiv in 2016, Turner was the vice president of product strategy at Adaptive Communications. He previously served as general manager of unified communications solutions at Aruba Networks. Turner got his start at Brandeis University building identity solutions and eventually leading the network and systems group as its director. Turner’s passion as a technologist has always fueled his interest and desire to make transformative changes with technology.

    Turner has authored articles and papers on the use of technology as a change agent, and as a subject matter expert on wireless LAN and unified communications. Turner has appeared in many technology magazines, been a featured presenter and delivered keynote addresses at several national conferences. Turner holds a Bachelor of Arts degree from the College of Wooster in Wooster, Ohio.

  • speaker photo
    Shane Harsch
    Senior Solutions Principal, RSA

    Shane is an Information Security professional with over 25 years of experience ranging from military to manufacturing to security consulting and professional services. He has managed and architected SOCs for the military and managed service providers and is a commissioned officer in the US Army, Military Intelligence.
    Shane holds degrees in business (MBA) and computational linguistics (BS), and maintains the following certifications: Intrusion Analyst (GCIA), Incident Handling (GCIH), Enterprise Defense (GCED), and Information Security (CISSP).
    In addition to his responsibilities as a Senior Solutions Principal at RSA, Shane fosters new professionals to information security as a SANS Mentor. Shane is a Senior Solutions Principal at RSA and SANS Mentor with over 25 years of experience in military, manufacturing, consulting, and professional services. He is a commissioned officer in the US Army (MI), holds degrees in business (MBA), computational linguistics (BS), and maintains the following certs: GCIA, GCIH, GCED, CISSP.

  • speaker photo
    Michael Muha, PhD, CISSP, CISM, CIPM, Certified GDPR Practitioner
    Chief Information Security & Privacy Officer, WorkForce Software

    Mike drove the global expansion of WorkForce Software’s cloud-based workforce management products from one data center to eight across the US, Europe, Canada, and Australia, and directed all compliance efforts (starting with SAS 70 and moving onto SOC 1, ISAE 3402, SOC 2, ISO 27001 certification, and EU-US Privacy Shield certification). Having led the company’s GDPR journey, he’s currently implementing a “Personal Information Management System” and additional global security controls to protect company and customer data.

  • speaker photo
    Patrick Turner
    Vice President and Chief Information Officer, Schoolcraft College

    Patrick Turner, VP & CIO at Schoolcraft College, oversees all areas of IT. Patrick has designed and implemented tier 3+ data centers. Patrick has presented on various topics at MMC, Cisco Academy and Data Center World conferences. Patrick holds MS (MIT) and BS (MTU) degrees in Mechanical Engineering.

  • speaker photo
    Barbara L. Ciaramitaro
    Chair, Undergraduate Information Technology, Capella University

    Dr. Barbara L. Ciaramitaro is the Chair of the Undergraduate Information Technology program at Capella University. She has taught graduate and undergraduate courses on a variety of topics including cybersecurity, emerging technology, complex systems dynamics, software engineering and project management. Dr. Ciaramitaro is a frequent speaker and author on cybersecurity, current technology issues, business intelligence, data and decision-making, and cyber physical systems. She has authored and edited books on quality assurance, virtual world technologies, mobile technology, privacy, security, social engineering and forensics.

  • speaker photo
    Wolfgang Goerlich
    Hacker Strategist, MiSec

    J Wolfgang Goerlich is an active part of the Michigan security community. He hosts a YouTube video series and the Encode/Decode Security Podcast. Wolfgang regularly advises on and presents on the topics of risk management, incident response, business continuity, secure development life cycles, and more.

  • speaker photo
    Chad Childers
    Vehicle & Mobility Security, Ford Motor Company

    Chad Childers is an internationally recognized security evangelist who has spoken at RSA, The European Information Security Summit, InfoSec World, SecureWorld, and BSides. He works to protect customer safety and privacy at Ford Motor Company, building security into the most advanced connected mobility solutions in the world. He has run threat modeling, global annual risk assessment, JV security, PKI, Web Single Login, Intranet web technology, USENET, and FMEAplus at Ford. Intracom Montreal said “Reconnu pour sa vision et son caractere audacieux, M. Childers partagera avec vous son experience unique.”

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Dr. Peter Stephenson
    Technology Editor and author of "Threat Hunter" blog, SC Magazine

    Dr. Peter Stephenson is the Technology Editor and author of the “Threat Hunter” blog in SC Magazine, a leading industry publication for which he has written for over 20 years. He is a cyber criminologist, digital investigator and digital forensic research scientist, as well as being a writer, researcher and lecturer on cyber threat analysis, cyber criminology, cyber jurisprudence and cyber criminalistics on large-scale computer networks.

    He has lectured extensively on digital investigation and security, and has written, edited or contributed to 20 books and several hundred articles and peer-reviewed papers in major national and international trade, technical and scientific publications. He is the series editor of the new Peter Stephenson Series on Cyber Crime Investigation (Auerbach). He spends his time in retirement as a writer and researcher specializing in cyber threat analysis, cyber criminology, and cyber jurisprudence.

    Dr. Stephenson was an Associate Professor and the Chief Information Security Officer for Norwich University and, prior to his retirement in July of 2015, was Director of the Norwich University Global Cyber Threat Observatory and Center for Advanced Computing and Digital Forensics, both of which he founded. He received the Distinguished Faculty Award in the Norwich College of Graduate and Continuing Studies. He retired from the university in July, 2015.

    Dr. Stephenson has lectured or delivered consulting engagements for the past 45 years in eleven countries plus the United States and has been a technologist for fifty-three years.

    Dr. Stephenson obtained his PhD by research in computing at Oxford Brookes University, Oxford, England where his research was in the structured investigation of digital incidents in complex computing environments. He holds a Master of Arts degree (cum laude) in diplomacy with a concentration in terrorism from Norwich University. He currently is pursuing a second PhD in law focusing on cyber jurisprudence research.

    Dr. Stephenson is a full member of the Vidocq Society, for which he acts as Chief Information Security Officer, and has retired as a Fellow of the American Academy of Forensic Sciences. He is a member of the Albany chapter of InfraGard. He held—but has retired from—the CCFP, CISSP, CISM, FICAF and FAAFS designations, and currently is a licensed professional investigator in Michigan.

  • speaker photo
    Dan Lohrmann
    Chief Strategist and Chief Security Officer, Security Mentor

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Dr. Peter Stephenson
    Technology Editor and author of "Threat Hunter" blog, SC Magazine

    Dr. Peter Stephenson is the Technology Editor and author of the “Threat Hunter” blog in SC Magazine, a leading industry publication for which he has written for over 20 years. He is a cyber criminologist, digital investigator and digital forensic research scientist, as well as being a writer, researcher and lecturer on cyber threat analysis, cyber criminology, cyber jurisprudence and cyber criminalistics on large-scale computer networks.

    He has lectured extensively on digital investigation and security, and has written, edited or contributed to 20 books and several hundred articles and peer-reviewed papers in major national and international trade, technical and scientific publications. He is the series editor of the new Peter Stephenson Series on Cyber Crime Investigation (Auerbach). He spends his time in retirement as a writer and researcher specializing in cyber threat analysis, cyber criminology, and cyber jurisprudence.

    Dr. Stephenson was an Associate Professor and the Chief Information Security Officer for Norwich University and, prior to his retirement in July of 2015, was Director of the Norwich University Global Cyber Threat Observatory and Center for Advanced Computing and Digital Forensics, both of which he founded. He received the Distinguished Faculty Award in the Norwich College of Graduate and Continuing Studies. He retired from the university in July, 2015.

    Dr. Stephenson has lectured or delivered consulting engagements for the past 45 years in eleven countries plus the United States and has been a technologist for fifty-three years.

    Dr. Stephenson obtained his PhD by research in computing at Oxford Brookes University, Oxford, England where his research was in the structured investigation of digital incidents in complex computing environments. He holds a Master of Arts degree (cum laude) in diplomacy with a concentration in terrorism from Norwich University. He currently is pursuing a second PhD in law focusing on cyber jurisprudence research.

    Dr. Stephenson is a full member of the Vidocq Society, for which he acts as Chief Information Security Officer, and has retired as a Fellow of the American Academy of Forensic Sciences. He is a member of the Albany chapter of InfraGard. He held—but has retired from—the CCFP, CISSP, CISM, FICAF and FAAFS designations, and currently is a licensed professional investigator in Michigan.

  • speaker photo
    Jeffrey Groman
    Senior Manager, Mandiant Global Consulting Services

    Mr. Groman is a Senior Manager in the Mandiant Global Consulting Services organization and a senior member
    of the Mandiant Central Region leadership team. He is an Information Security veteran with over 18 years of
    experience as a practitioner, mentor, and trusted advisor. His primary focus is helping clients prepare for a
    security breach. He also works with clients scoping and delivering technical and strategic assessments and
    forensic investigations.
    Mr. Groman has assisted customers in the Fortune 10-500 building security programs ranging from Vulnerability
    Management, Application Security, Incident Response and SOC implementations. He also has extensive
    experience running assessments and investigations across industries such as healthcare, manufacturing, retail,
    finance, and hospitality.
    Regional Manager
    Mr. Groman served as a regional services manager for a Security Product and Services Company, helping their
    largest customers build and mature their security programs. Elements of these security programs included
    developer training, prioritizing fixes, and metrics reporting and analytics. Mr. Groman played a pivotal role in
    identifying the right set of tools and augmenting customer staff with rightly skilled resources and building out
    repeatable processes.
    Program Manager
    Mr. Groman worked for a large Health Insurer building out their Application Security Program and internal
    Forensics capability. The capabilities did not previously exist in-house, and Mr. Groman was responsible for
    building these capabilities through a combination of in-house staff and trusted partners.
    EDUCATION
    » BS Electrical & Computer Engineering, University of Colorado at Boulder, 1995
    PROFESSIONAL TRAINING AND CERTIFICATIONS
    » Certified Information Security Systems Professional (CISSP) #58218
    » GIAC Certified Web Application Defender (GWEB) 2011
    » GIAC Certified Forensic Analyst (GCFA) 2008

  • speaker photo
    Martin Bally
    VP & CSO, Diebold Nixdorf

    Martin Bally is currently the Vice President and Chief Security Officer for Diebold Nixdorf with more than 20 years of experience. Prior he spent four years in the legal and financial industry and 12 years at Chrysler. He holds a Master’s of Science in Information Assurance and the CISSP, CISM, CISO, and CRISC security certification.

  • speaker photo
    Marcia Mangold
    IT Manager - Awareness and Training, Blue Cross Blue Shield of Michigan

    Marcia Mangold (CISSP) is the manager of IS Awareness and Training for BCBSM. She has spent 18+ years in IT/IS, as a business enabler for several multinational businesses. Marcia is a founding board member of the local ISC2 chapter and an active member of ISSA and the Michigan InfraGard Chapters.

  • speaker photo
    David Barton
    Managing Director, UHY Advisors

    David Barton is a Managing Director with UHY Advisors and practice leader of the Internal Audit, Risk, and Compliance practice, which provides consulting and attestation services around information technology controls, cybersecurity, and compliance. He has over 25 years of practical experience in information systems and technology risk and controls. David is frequently asked to speak at national and regional events, such as SecureWorld and the Cloud Security Alliance Congress. He is the primary author of the CSA position paper on AICPA Service Organization Control Reports. He regularly provides his input and opinions for national publications such as Compliance Week, Accounting Today, and the Atlanta Journal Constitution. David holds an MBA and BS in Business Administration from Appalachian State University. He is Certified in Risk and Information Systems Control (CRISC), received the Certified Information Systems Auditor (CISA) designation in 1988, and is a member of the Atlanta chapter of the Cloud Security Alliance. David has active civic memberships with the Atlanta chapter of the Porsche Club of America and the Tire Rack Street Survival® program for teen driver education. He is also a certified high-performance driving instructor and former Porsche Club racer.

  • speaker photo
    Barbara Hiemstra
    Privacy Engineer, Steelcase

    Member of the Steelcase IT Security team-responsible for ensuring privacy guidelines and policies are implemented across S+C products. Also working on SOC2 compliance and Security Awareness.

  • speaker photo
    Brett Williams
    Major General, U.S. Air Force (Retired)

    Major General (Ret) Brett Williams co-founded IronNet Cybersecurity and is the President of the Operations, Training and Security Division. Providing strategic vision and the foundational security platform solutions for IronNet, General Williams also serves as the Chief Security Officer responsible for product, enterprise and physical security. His division provides security analytics, hunt operations, and threat analysis and intelligence support for the IronNet Cyber Operations Center, as well as product training and support for client operations centers.

    A highly experienced combat fighter pilot, General Williams held several significant command positions during his 33-year career with the U.S. Air Force. As Director of Operations for U.S. Cyber Command, General Williams was the architect of DoD's operational approach to cyberspace operations. He was responsible for the operations and defense of DoD networks, and offensive cyberspace operations in support of U.S. strategic objectives. General Williams also served as Director of Operations (A30) at the Pentagon, leading more than 1,300 Airmen and civilians stationed worldwide; and as Director of Communications, Command and Control for U.S Pacific Command.

    As an authority on cybersecurity, General Williams has appeared on NBC's Meet the Press with Chuck Todd, ABC's This Week with George Stephanopoulos and MSNBC's The Last Word with Lawrence O'Donnell. In addition, he conducts cyber-risk training seminars for corporate boards as a faculty member of the National Association of Corporate Directors. He earned a BS in Computer Science from Duke University and three additional graduate degrees in management and national security studies.

  • speaker photo
    Mike Donofrio
    Director, IT Security & Compliance, Martinrea Inc.
  • speaker photo
    Clark R. Crain
    GRC Consultant, Comp-West, LLC

    I have been a CISSP for more that 19 years, CISM for more that 14, and a CRISC for more that 7. I have worked as a compliance consultant for PCI, HIPAA-HITECH, NERC, NRC and others.

  • speaker photo
    Dr. Faith Heikkila
    Information Security Architect - Governance, Perrigo Company plc

    Faith Heikkila, Ph.D., CISM, FIP, CIPM, CIPP-US is an Information Security Architect - Governance at Perrigo Company plc. Dr. Heikkila has prior CISO practitioner experience in overall information security governance, compliance, vendor management, protection of personal and financial information, along with GDPR expertise in a global pharmaceutical company.

  • speaker photo
    Joe Carusillo
    Program Director, Security Client Initiatives, IBM

    Joe Carusillo currently serves as Program Director of Client Initiatives for IBM’s Security Business Unit. His responsibilities include leading the team responsible for developing and driving the implementation of the strategy for vertical industry sales, consulting, solution development and thought leadership for IBM Security. They also include managing the Security Tiger Sales team and the IBM Security Strategic Accounts program.

  • speaker photo
    Shanee Yelder
    IT Audit Specialist, Meadowbrook Insurance Group

    Shanee has Big 4 accounting firm and private sector (financial services) experience working as an IT Auditor. She holds a BS in Business Administration with a concentration in Information Systems Management and is currently pursuing a MBA.

  • speaker photo
    Mark Testoni
    President & CEO of SAP National Security Services (NS2), President of NS2 Serves

    Testoni is among the nation’s leading experts in the application of technology to solve problems in government and industry, in the U.S. national security space. With more than 15 years of tech industry experience, 20 years in the U.S. Air Force and 30 years of public-sector management experience, Testoni is a sought-after business strategist and thought leader.

  • speaker photo
    Kevin Peterson
    Director of Security and Network Transformation, Zscaler

    Kevin Peterson is the director or security and network transformation at Zscaler, where he primarily works with the largest cloud security deployments to ensure that the desired business objectives are achieved. He brings with him the advantage of having lead the security efforts for one of McKesson's (Fortune 10) major business units (75 software products, managed services...), as well as the company-wide cloud security strategy, ranging from A to Z (Azure to Zscaler!). As a top practitioner and trusted advisor on both enterprise and cloud security topics, his goal is helping everyone achieve the most effective security with the lowest cost to the business. He is also a featured speaker on the Security Influencers Podcast (available on iTunes), co-author of one information security book, and patent holder on security technologies. And, of course, maintains a presence in the metro Atlanta information security community.

  • speaker photo
    Bob Bacigal
    AVP, Information Security Services, Amerisure Mutual Insurance
  • speaker photo
    Ron Winward
    Security Evangelist, Radware

    Ron Winward is a Security Evangelist for Radware, where he helps execute the company’s thought leadership on today’s security threat landscape. Ron brings nearly 20 years of experience in the Internet service provider space, most recently as Director of Network Engineering for a global infrastructure and colocation provider. With an expertise in network architectures and DDoS mitigation, Ron has helped design solutions for carriers, enterprises, and cybersecurity service providers around the world.

  • speaker photo
    Kierk Sanderlin
    Director of Engineering, Check Point Software

    Kierk Sanderlin is the Director of Engineering at Check Point Software Technologies. He has been in the cyber security space for almost 20 years and has been a regular speaker at various cyber security events across the region.

  • speaker photo
    Steven Aiello
    Sr. Technical Architect, AHEAD

    Mr. Aiello holds a BA in Technology Management and a Master's of Science with a concentration in
    Information Assurance. Currently, he is a Sr. Technical Architect with AHEAD, a consulting firm based
    in Chicago. Steven works closely with clients working across storage, virtualization and security silos.

  • speaker photo
    Kathy Ossian
    Founder & CEO, Ossian Law P.C.

    Kathy has practiced for over 30 years, 20 in Information Technology law. A frequent author and speaker on IT law topics, she is the Managing Editor of “Social Media and the Law” published by PLI. Kathy is an Advanced Certified Faculty Member at University of Phoenix and has been named as a Best Lawyer in America and a Michigan Super Lawyer in information technology law.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store