Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Tuesday, October 1, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast - (VIP / INVITE ONLY)
    • session level icon
    Topic: How to Build Your Personal Brand
    speaker photo
    Former CIO, The White House
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: 353

    This session is for Advisory Council members only.

    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 251C

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 1 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Director of Security Operations, Massachusetts Advanced Secure Technologies
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 252A

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    8:00 am
    SecureWorld PLUS Part 1 - (Re)Mastering the Security Essentials
    • session level icon
    Earn 16 CPEs with this in-depth 3-part course
    speaker photo
    Independent Information Security Consultant, Principle Logic, LLC
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 252B

    Long-time information security expert, Kevin Beaver, has created a course that can help IT and security professionals enhance their security programs regardless of the level of security maturity and sophistication. It seems that all the big breaches and even the smaller incidents have, at their core, some trivial security basics that were either overlooked or disregarded as unimportant. This course is a real-world exercise on what to do—and not do—in order to keep the simple security stuff from creating complicated business problems.

    Re-evaluating security risks and priorities: How to sort through the trivial many so you can focus on the vital few.

    Having a resilient network is not about having the most advanced environment with the latest and greatest technologies. Instead, it’s about mastering the security basics to rid your network of the flaws that keep getting exploited. In this program, Kevin will share with you the good, the bad, and the ugly of security that he has seen and advised clients on over the past 19 years of consulting in information security. This course will include:

    • Discussing what risk actually means – it’s different for every organization!
    • Understanding common security operations, oversights and gotchas that tend to be missed
    • Getting real about security policies and their reality of “necessary but insufficient”
    • Training and awareness that works for you rather than against you
    • Finding and fixing the flaws – vulnerability and penetration testing essentials you need to know but may not have thought about
    • Deciding which security management tools work best – getting past the marketing hype and on to clearly see what might work for your unique situation
    • Leveraging you, the security professional, including how you position and communicate with others about security – who else is going to look out for these things?
    • Exercises for minimizing your maximum regret (performed in class!)

    In this course, you’ll learn from the experiences of others on what works with security and what doesn’t. None of the boring technical stuff – instead, common-sense things that you’ve known about and need to be reminded of along with best practices that you may not have realized were practices at all. He’ll share how you can fine-tune your security by (re)learning the basics to not only help meet audit requirements and take the pain out of compliance but to have a truly functional security program.

    Information security is not a set it and forget it business function. Instead, it’s a disciplined practice of a few essentials that, when fine-tuned, work amazingly well to fight threats, uncover vulnerabilities, and reduce business risks. And, it’s not all that expensive to do so despite common approaches. That’s what this course is about: minimal investments that can pay huge dividends.

    Who should attend?
    This course is not for IT and security professionals in a perpetual search for quick and easy security solutions they can continue layering on top in order to check the boxes. Instead, it’s tailored to those professionals looking to rethink their approach to the security basics they already know about and have established, yet know they need to refine. It’s for people who know they need to take their security program to the next level. It’s sort of like Security 101 but much more practical.

    About the Instructor – Kevin Beaver:

    • Kevin Beaver, CISSP is an information security consultant, writer, and professional speaker with Atlanta, GA-based Principle Logic, LLC.
    • With over 30 years in IT and 24 years in security, Kevin specializes in independent security assessments and virtual CISO consulting work to help businesses uncheck the boxes that keep creating a false sense of security.
    • He has written 12 books on security including Hacking For Dummies and The Practical Guide to HIPAA Privacy and Security Compliance. Kevin has written over 1,000 articles on security and regularly contributes to TechTarget’s SearchSecurity.com, Ziff Davis’ Toolbox.com, and Iron Mountain’s InfoGoTo.com.
    • Kevin has a B.S. in Computer Engineering Technology from Southern College of Technology and a M.S. in Management of Technology from Georgia Tech.
    • In his free time, Kevin races cars in the SCCA Spec Miata class and also enjoys riding dirt bikes and snow skiing. Odds are, you’ll hear some entertaining stories about each of these throughout the course!
      Presentation Level:
      GENERAL (InfoSec best practices, trends, solutions, etc.)
    8:30 am
    Social Media and Filter Bubbles: How People and Businesses Are Targeting Users
    • session level icon
    speaker photo
    Information Security Lead Auditor, NSF International
    speaker photo
    Information Security Lead Auditor, NSF International
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 250B
    Social media sites are tracking user data and creating filtered user content, also known as “filter bubbles.” Despite research, many users and small businesses are not familiar with the data these sites collect on them, nor are they aware that they are being targeted.

    With people relying heavily on social media, including over 65% of users making it their number one news source, there is an obligation to educate social media users on their privacy risks. A developed API allows for micro-targeting of users as part of a digital strategy. How is this being done and are there examples?

    Just as businesses target consumers, public officials are doing the same. It may not be done via leaked/hacked data; it can be done through a well-crafted API. Social media platforms give public officials the ability to gain user-supplied data for tracking and targeting.

    Could social media APIs continue to be exploited, creating user-specific filter bubbles? How can we prevent this from happening? Is this something that could be regulated, and should public officials or elections be allowed to run social media campaigns?

    8:30 am
    Addressing the Talent Gap in Secure Systems Engineering
    • session level icon
    speaker photo
    Director of Cybersecurity, GE Healthcare
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 251B

    To get out of perpetual reaction mode, we need more professionals with systems engineering experience to provide proactive, preventative security expertise. Those are rarest of the rare in a field of talent often described as having negative unemployment. Matt show the skills needed, how to find the talent that’s already there, and ways to develop more from within existing teams.
    Presentation Level: MANAGERIAL (security and business leaders)

    8:30 am
    IoT, a Legal Look: Identifying and Addressing Risks of Connected Devices
    • session level icon
    speaker photo
    Founder & CEO, Ossian Law P.C.
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 250C

    The convenience of an increasing number of smart devices in our professional and personal lives cannot be denied. But along with that convenience come security and privacy risks. Information Technology lawyer Kathy Ossian will identify risks, provide many examples, and offer tips for both providers and users toward managing the risks.
    Presentation Level: MANAGERIAL (security and business leaders)

    8:30 am
    Inside Construction or Destruction? The Human Opportunities and Threats in the Information Security Program
    • session level icon
    speaker photo
    Undergraduate IT Program Adjunct Faculty, Capella University - School of Business and Technology
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 250A

    There is more to managing security risk than technical controls. It is a multiple disciplinary field that expands sociology, psychology, information technology and security, criminology, human resource management, corporate governance, organizational culture. Gaps exist in the information security education and traditional security program model. The purpose of this presentation is to discuss the human element of the information security management program and strategies to mitigate this threat.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    [OPENING KEYNOTE] Business Email Compromise: Real World Stories and Practical Defense
    • session level icon
    speaker photo
    Special Agent, United States Secret Service
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    The average loss from a bank robbery is about $3,000. The average loss from a successful Business Email Compromise (BEC) attack is nearly $130,000. That kind of math explains why BEC is rampant, and every type of organization is at risk. During this presentation, hear from the point person on BEC cases investigated by the U.S. Secret Service. He’ll share true crime examples of and practical steps for defense against BEC losses, which now stand at $13.5 billion in the last six years.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    10:15 am
    Mark Gelhardt Book Signing in the CyberLounge on the Exhibitor Floor
    • session level icon
    Quantities are limited and will be distributed on a first-come, first-served basis.
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 12:00 pm
    Location / Room: Exhibitor Floor

    Mark Gelhardt will be signing copies of his book, “My Time at The Clinton White House.”
    Find him in the CyberLounge on the Exhibitor Floor at the following times:
    10:15 a.m. – 12:00 p.m.
    1:00-1:15 p.m.
    BOOK SYNOPSIS:
    Colonel Mark Gelhardt had an atypical military career that landed him in The White House next to the President of the United States, where he was responsible for the last link of communications between the President and the rest of the U.S. government. While a Lieutenant Colonel (LTC) in the Army, Mark was selected by top federal officials to be the Commander of the Data Systems Unit, as part of the White House Communications Agency. In this position, he supported the President as the Chief Information Officer (CIO) for all classified IT used by The White House. LTC Gelhardt served at the White House for over four years (1995-1999), working with President Clinton and his staff almost every day, both on the White House grounds and traveling worldwide. This gave him unfettered access to the inner workings of The White House and the Presidency. Since retiring from the Army in 2001, Mark has been asked by many people about his time at The White House. Mark has many stories about what happened behind closed doors, and proudly speaks about the outstanding support done by the fantastic military members that support the Commander-in-Chief. Mark has taken the time to chronicle his experiences about his day-to-day job at The White House, as well as some of the funny stories he picked up along the way. Please enjoy this non-political book with surprising behind-the-scenes stories. I hope they provide you with some insight to the wonderful military members that work so hard to keep you safe every day in support the of President and Commander-in-Chief.

    11:00 am
    Advisory Council Roundtable: (VIP / Invite Only)
    • session level icon
    Topic: Vendor Risk Management
    speaker photo
    AVP, Information Security Services, Amerisure Mutual Insurance
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 353

    This session is for Advisory Council members only.

    11:15 am
    Tribal Security: Leading and Empowering International Teams
    • session level icon
    speaker photo
    Senior Manager, Security Compliance and IT Audit, WorkForce Software
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 251B
    Managers tend to focus on the language, communication, and time zone challenges when working with overseas teams. Cultural dimensions—those impacting a consistent vision of security—get lip service. This ignores the impact of tribal mores at the core of all cultures. We will discuss the practical use of Hofstede’s characteristics of national culture to both nurture a unified strategy for delivering successful outcomes and maintaining strong teams.
    11:15 am
    [Radware] Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Security Evangelist, North America, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 251A

    Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    11:15 am
    [Trend Micro] What You Should Know About Container Security
    • session level icon
    speaker photo
    Solutions Architect, Trend Micro
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 250B

    Container adoption is growing. With new technologies come new threats and new things to think about in terms of security. Trend Micro, a leader in cybersecurity for over 30 years can help demystify some of these threats and show you how to protect your container workloads.

    11:15 am
    Communicating Technology Risk to Non-Tech People: Helping Organizations Understand Bad Outcomes
    • session level icon
    speaker photo
    Director, Risk Science, FAIR Institute
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 250A

    Communicating risk to nontechnical people is difficult. As security professionals, we can recite the threats and vulnerabilities that are impacting our organizations and we often call those risks. This can influence executives sometimes, but often fails to resonate and connect with the decision makers in the way we want . This session will discuss how to translate threats and vulnerabilities into business risks that executives care about. A review of the weaknesses of traditional technology risk assessment methodologies is offered and an introduction to Cyber Risk Quantification (CRQ) is covered. Example risk reporting to the board is also included.

    11:15 am
    [Tenable] The World's First Cyber Exposure Platform With Predictive Prioritization
    • session level icon
    speaker photo
    Sr. Security Engineer, Tenable
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 250C
    Tenable products help you accurately identify, investigate and prioritize vulnerabilities. Secure your cloud, containers, OT devices and traditional IT assets. Translate technical data into business insights. Brought to you by the creators of Nessus. Effectively prioritizing vulnerabilities is fundamental to cybersecurity. Predictive Prioritization enables you to zero in on remediating the vulnerabilities that pose the greatest risk to your business. In this session, we’ll discuss cyber exposures and how predictive prioritization can improve your vulnerability management efforts – and allow you to focus on what matters first to reduce risk and close your cyber exposure gap.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 353

    This session is for Advisory Council members only.

    12:15 pm
    [LUNCH KEYNOTE] How to Manage Your Own Career to Get to the Top
    • session level icon
    speaker photo
    Former CIO, The White House
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Do you have a plan for your future? Why not? You are the leader of your own destiny! You need to look at where you are, where you want to go, and have a plan to get there. We will talk about how to develop a plan, what to think about, and how to put one foot in front of the other to get to your end goal. We will also talk about how to manage up to your boss to get what you need to help you in your own career. Col. Mark Gelhardt made it to The White House managing his own career, and stood next to the President of the United States. He will tell you how he did it; if he can do it, so can you!

     

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.

    1:15 pm
    Panel: Knowledge is Power (Encryption)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 250A

    Encryption: the translation of data into a secret code. Very much like the codes that Elisebeth Friedman had cracked against the rum runners and bootleggers during the Prohibition days. Our heroine was able to smash their codes and determine when the next shipments were scheduled to arrive stateside. Knowledge truly was power as Friedman was able to effectively predict the future through her diligent code breaking. The level of sophistication may have changed but the point of encryption was and still is to safeguard the data from those that are not part of the group. Our experts will discuss the importance of using encryption to keep our information secure as well as address some of the best practices and pitfalls to watch out for.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    CISO Ventures Panel: Are Cybersecurity Startups Meeting Expectations of Buyers Taking a Risk on Them?
    • session level icon
    speaker photo
    Founder & Managing Director, Whiteboard Venture Partners
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 250A

    The number of cyber startups is growing exponentially, with 4300+ cybersecurity companies worldwide including several private “unicorns”. With so many startups engaged in helping organizations achieve cybersecurity outcomes, how do organizational decisionmakers think about the risks involved in working with them? A panel of CISOs will share their expectations of and experiences with cybersecurity startups, including how they use solutions from startups to meet existing and emerging cybersecurity challenges.

     

    3:00 pm
    It’s Not Easy Being Blue: When do Cyber Defenders Become Rock Stars?
    • session level icon
    speaker photo
    Sr. Security Engineer, Penske Automotive Group
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 250C

    Cyber Defenders, or members of the Blue Team, don’t often get chances to look like cool Top Gun pilots like members of the Red Team. This presentation is focused on changing that, with real stories, examples, and best practices to help elevate the Blue Team to rock star status within all aspects of the business.
    Takeaways and Benefits for attendees: 
    – Learn why Blue Teams historically have had difficulty in displaying their value add
    – Examples of real world projects and initiatives put on by Blue Teams an how they were presented to all aspects of the business
    – Opportunities on how to enable the business to flourish securely
    – Discussion opportunities for industry peers to assist with idea sharing
    – Useful reports that provide value, not just numbers
    – Quick wins to take home and put into place tomorrow

    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    3:00 pm
    Building a Daily Security Investigation Playbook
    • session level icon
    speaker photo
    Information Security Professional, Harwinet LLC
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 250B
    As Defenders of Corporate Networks, we are presented with a myriad of potential security data points. This session will help mature your organizations’ information security by building a consistent daily process to identify key security indicators. We will review how to construct a daily security operations process which will allow you to:
    -Reduce Time to Detection
    -Prioritize Investigations
    -Increase Threat Hunting Effectiveness
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    3:00 pm
    [Mimecast] Phishing Isn't Phun: 10 Techniques to Address this Widely Used Attack Vector
    • session level icon
    speaker photo
    Director of Security, Mimecast
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 250A
    It is no secret that phishing in all its forms remains the #1 entry vector for both skilled and less skilled cybercriminals. while there is no single way to defend against them, there are at least 10 techniques and strategies that can be applied by organizations and their email security vendors to dramatically reduce their impact. Like all things in security these techniques must constantly evolve right along with those of the attackers. In this session I provide the latest perspectives gleaned from both industry and Mimecast’s years of experience dealing with defending against phishing.Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    3:00 pm
    WTH Is a Privacy Engineer?
    • session level icon
    speaker photo
    Privacy Engineer, Steelcase Inc.
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 251B

    Until recently, this role didn’t exist (or was done by others under a different name). Thanks to the EU’s General Data Protection Regulation (GDPR) and huge privacy breaches, it is becoming more popular. Ensuring privacy requirements across business technology solutions is hard to define. much less do. without a plan. Using International Associations Privacy Professionals’ (IAPP) Certified Privacy Technologist curriculum and some of their member resources, come learn what privacy tips and tricks you can add to your security tool set to up your team or personal privacy game.

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 251C

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:00 pm
    SecureWorld PLUS Part 2 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director of Security Operations, Massachusetts Advanced Secure Technologies
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 252A

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    3:00 pm
    SecureWorld PLUS Part 2 - (Re)Mastering the Security Essentials
    • session level icon
    SecureWorld PLUS registrants ONLY
    speaker photo
    Independent Information Security Consultant, Principle Logic, LLC
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 252B

    Long-time information security expert, Kevin Beaver, has created a course that can help IT and security professionals enhance their security programs regardless of the level of security maturity and sophistication. It seems that all the big breaches and even the smaller incidents have, at their core, some trivial security basics that were either overlooked or disregarded as unimportant. This course is a real-world exercise on what to do – and not do – in order to keep the simple security stuff from creating complicated business problems.

    Re-evaluating security risks and priorities: How to sort through the trivial many so you can focus on the vital few.

    Having a resilient network is not about having the most advanced environment with the latest and greatest technologies. Instead, it’s about mastering the security basics to rid your network of the flaws that keep getting exploited. In this program, Kevin will share with you the good, the bad, and the ugly of security that he has seen and advised clients on over the past 19 years of consulting in information security. This course will include:

    • Discussing what risk actually means – it’s different for every organization!
    • Understanding common security operations, oversights and gotchas that tend to be missed
    • Getting real about security policies and their reality of “necessary but insufficient”
    • Training and awareness that works for you rather than against you
    • Finding and fixing the flaws – vulnerability and penetration testing essentials you need to know but may not have thought about
    • Deciding which security management tools work best – getting past the marketing hype and on to clearly see what might work for your unique situation
    • Leveraging you, the security professional, including how you position and communicate with others about security – who else is going to look out for these things?
    • Exercises for minimizing your maximum regret (performed in class!)

    In this course, you’ll learn from the experiences of others on what works with security and what doesn’t. None of the boring technical stuff – instead, common-sense things that you’ve known about and need to be reminded of along with best practices that you may not have realized were practices at all. He’ll share how you can fine-tune your security by (re)learning the basics to not only help meet audit requirements and take the pain out of compliance but to have a truly functional security program.

    Information security is not a set it and forget it business function. Instead, it’s a disciplined practice of a few essentials that, when fine-tuned, work amazingly well to fight threats, uncover vulnerabilities, and reduce business risks. And, it’s not all that expensive to do so despite common approaches. That’s what this course is about: minimal investments that can pay huge dividends.

    Who should attend?
    This course is not for IT and security professionals in a perpetual search for quick and easy security solutions they can continue layering on top in order to check the boxes. Instead, it’s tailored to those professionals looking to rethink their approach to the security basics they already know about and have established, yet know they need to refine. It’s for people who know they need to take their security program to the next level. It’s sort of like Security 101 but much more practical.

    About the Instructor – Kevin Beaver:

    • Kevin Beaver, CISSP is an information security consultant, writer, and professional speaker with Atlanta, GA-based Principle Logic, LLC.
    • With over 30 years in IT and 24 years in security, Kevin specializes in independent security assessments and virtual CISO consulting work to help businesses uncheck the boxes that keep creating a false sense of security.
    • He has written 12 books on security including Hacking For Dummies and The Practical Guide to HIPAA Privacy and Security Compliance. Kevin has written over 1,000 articles on security and regularly contributes to TechTarget’s SearchSecurity.com, Ziff Davis’ Toolbox.com, and Iron Mountain’s InfoGoTo.com.
    • Kevin has a B.S. in Computer Engineering Technology from Southern College of Technology and a M.S. in Management of Technology from Georgia Tech.
    • In his free time, Kevin races cars in the SCCA Spec Miata class and also enjoys riding dirt bikes and snow skiing. Odds are, you’ll hear some entertaining stories about each of these throughout the course!
      Presentation Level:
      GENERAL (InfoSec best practices, trends, solutions, etc.)
  • Wednesday, October 2, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 251C

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 3 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director of Security Operations, Massachusetts Advanced Secure Technologies
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 252A

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    8:00 am
    SecureWorld PLUS Part 3 - (Re)Mastering the Security Essentials
    • session level icon
    SecureWorld PLUS registrants ONLY
    speaker photo
    Independent Information Security Consultant, Principle Logic, LLC
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 252B

    Long-time information security expert, Kevin Beaver, has created a course that can help IT and security professionals enhance their security programs regardless of the level of security maturity and sophistication. It seems that all the big breaches and even the smaller incidents have, at their core, some trivial security basics that were either overlooked or disregarded as unimportant. This course is a real-world exercise on what to do—and not do—in order to keep the simple security stuff from creating complicated business problems.

    Re-evaluating security risks and priorities: How to sort through the trivial many so you can focus on the vital few.

    Having a resilient network is not about having the most advanced environment with the latest and greatest technologies. Instead, it’s about mastering the security basics to rid your network of the flaws that keep getting exploited. In this program, Kevin will share with you the good, the bad, and the ugly of security that he has seen and advised clients on over the past 19 years of consulting in information security. This course will include:

    • Discussing what risk actually means – it’s different for every organization!
    • Understanding common security operations, oversights and gotchas that tend to be missed
    • Getting real about security policies and their reality of “necessary but insufficient”
    • Training and awareness that works for you rather than against you
    • Finding and fixing the flaws – vulnerability and penetration testing essentials you need to know but may not have thought about
    • Deciding which security management tools work best – getting past the marketing hype and on to clearly see what might work for your unique situation
    • Leveraging you, the security professional, including how you position and communicate with others about security – who else is going to look out for these things?
    • Exercises for minimizing your maximum regret (performed in class!)

    In this course, you’ll learn from the experiences of others on what works with security and what doesn’t. None of the boring technical stuff – instead, common-sense things that you’ve known about and need to be reminded of along with best practices that you may not have realized were practices at all. He’ll share how you can fine-tune your security by (re)learning the basics to not only help meet audit requirements and take the pain out of compliance but to have a truly functional security program.

    Information security is not a set it and forget it business function. Instead, it’s a disciplined practice of a few essentials that, when fine-tuned, work amazingly well to fight threats, uncover vulnerabilities, and reduce business risks. And, it’s not all that expensive to do so despite common approaches. That’s what this course is about: minimal investments that can pay huge dividends.

    Who should attend?
    This course is not for IT and security professionals in a perpetual search for quick and easy security solutions they can continue layering on top in order to check the boxes. Instead, it’s tailored to those professionals looking to rethink their approach to the security basics they already know about and have established, yet know they need to refine. It’s for people who know they need to take their security program to the next level. It’s sort of like Security 101 but much more practical.

    About the Instructor – Kevin Beaver:

    • Kevin Beaver, CISSP is an information security consultant, writer, and professional speaker with Atlanta, GA-based Principle Logic, LLC.
    • With over 30 years in IT and 24 years in security, Kevin specializes in independent security assessments and virtual CISO consulting work to help businesses uncheck the boxes that keep creating a false sense of security.
    • He has written 12 books on security including Hacking For Dummies and The Practical Guide to HIPAA Privacy and Security Compliance. Kevin has written over 1,000 articles on security and regularly contributes to TechTarget’s SearchSecurity.com, Ziff Davis’ Toolbox.com, and Iron Mountain’s InfoGoTo.com.
    • Kevin has a B.S. in Computer Engineering Technology from Southern College of Technology and a M.S. in Management of Technology from Georgia Tech.
    • In his free time, Kevin races cars in the SCCA Spec Miata class and also enjoys riding dirt bikes and snow skiing. Odds are, you’ll hear some entertaining stories about each of these throughout the course!
      Presentation Level:
      GENERAL (InfoSec best practices, trends, solutions, etc.)
    8:30 am
    InfraGard Michigan Chapter Meeting
    InfraGard Members Only
    Registration Level:
    8:30 am - 9:15 am
    Location / Room: Keynote Theater

    Join InfraGard for their chapter meeting.
    This session is for InfraGard members only.

    8:30 am
    Third-Party Risk: Creating and Managing a Program that Works!
    • session level icon
    speaker photo
    Managing Director, UHY Advisors
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 250C

    Every organization is concerned with third-party risk. No one wants to be the next Target breach. This session will examine the components of third-party risk management and give you some leading practices on how to develop a workable and sustainable process.

     

    8:30 am
    Culture and Collaboration: How Working Together Builds the Bridge Between People, Process, and Technology
    • session level icon
    speaker photo
    Security Awareness and Training leader, Ernst & Young LLP
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 250B

    Having worked in many different industries, company sizes, and employee populations as both a consultant and practitioner, I’ve seen the good, bad, and ugly ways companies approach security awareness. The one thing that I have seen consistently in “good” awareness programs is the willingness to collaborate with groups outside of the security team. Attendees will learn how to leverage marketing, physical security, corporate communications, HR, legal, and yes, even employee health into a holistic approach to securing the human.

    8:30 am
    [Panel] The Future of Transportation: Navigating the Automotive Cybersecurity Ecosystem
    • session level icon
    speaker photo
    Associate Principal, GRIMM, a Cyber Research, Consulting & Education firm
    speaker photo
    Sr. Director, Automotive Product Security, Harman
    speaker photo
    Sr. Manager, Automotive Cybersecurity, Mitsubishi
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 250A
    This dynamic discussion features three of the leading voices in the automotive supply chain. This session will balance between technical, policy and business strategies to integrate cybersecurity to prepare the auto industry for evolvement into of connected mobility. The session will blend presentation-style information with interactive conversation. Speakers represent Tier 1 automotive suppliers and the car-hacking community to showcase a holistic approach for vehicle security. Jen, Kristie and Amy are champions for cyber education, STEAM program supporters and advocates for increasing the number of women in STEM fields.
    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    [OPENING KEYNOTE] A Fireside Chat with Dr. Larry Ponemon
    • session level icon
    speaker photo
    Chairman and Founder, Ponemon Institute
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Google the words “Ponemon Institute Research” and you’ll find more than a quarter-million results. Dr. Larry Ponemon is the Chairman and Founder of the Institute, which does critical studies that are shaping the thoughts of IT and cybersecurity leaders around the globe. This exclusive session features an Emmy winning journalist interviewing Dr. Ponemon to uncover his insights. Hear what he thinks are the most crucial trends, happening now, that security leaders and teams should consider. Plus, expect to learn some surprising things about Ponemon himself, including his involvement in cryptography and a codebreaking group that tracked enemies of the United States.

     

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: Converging all Aspects of the Cybersecurity Operation (Electronic, Physical and Personnel) Under One Roof
    speaker photo
    Professor and Graduate Program Director, Center for Cybersecurity, UDM
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 353

    This session is for Advisory Council members only.

    11:15 am
    Building the 'Cyber 9-1-1' Hotline for US Victims of Online Crime
    • session level icon
    speaker photo
    CEO & President, Cybercrime Support Network
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 251B

    The Cybercrime Support Network (CSN) is working with federal, state, and local law enforcement and the United Way World Wide to build one national number to provide information and referral to consumers and small businesses impacted by cybercrime and online fraud. Where do victims go currently? Many call friends who work in InfoSec or even call 9-1-1 for romance scams—or even when their Facebook is not working. By 2021, CSN and partners plan to utilize the existing 2-1-1 national infrastructure to triage victims and get them to the resources they need.

    11:15 am
    [baramundi] Innovative Endpoint Management: A Security Baseline That Is Too Often Not Met
    • session level icon
    speaker photo
    Executive Account Manager, baramundi software USA, Inc.
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 250A

    This session outlines some security and patch management basic issues that are often overlooked or simply not met by many companies, leaving them exposed to attacks. Utilizing an innovative and easy to use endpoint management tool like Baramundi can quickly overcome these hurdles and dramatically improve a companies security posture.
    Presentation Level: MANAGERIAL (security and business leaders)

    11:15 am
    Cybercrime and What Your Insurance Company Is Doing About It
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Being insured isn’t the same as being prepared. As cyber criminals continue to attack businesses at an alarming rate across every possible point of vulnerability, business insurers are taking dramatic steps to provide a more comprehensive and preventative solution to combat the growing cyber threats. Tech forensic companies, network security specialists and white hat hackers have come together with insurance providers to offer a new generation of threat intelligence services. While an unusual pairing, tech and insurance professionals are now collaborating to create state-of-the-art cyber security solutions.
    11:15 am
    Putting Cybersecurity in the C-Suite - How to Create and Run a Joint Cybersecurity Operations Center
    • session level icon
    speaker photo
    Professor and Graduate Program Director, Center for Cybersecurity, UDM
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 251A

    Cybercrime is a $6 trillion a year industry. That is why organizations need a cyber defense that incorporates a complete and provably effective set of real-world controls. Still, it is unrealistic to expect executive decision makers to understand every potential avenue of attack. And it is equally unrealistic to expect IT managers to be plugged into the overall business strategy. That’s the reason why a commonly accepted model for real-world enterprise defense is the holy grail for cybersecurity planners. This presentation will amalgamate the recommendations of a collection of internationally accepted strategic models into a single, practical cyber defense solution.
    Presentation Level: MANAGERIAL (security and business leaders)

    11:15 am
    10 Steps to Mastering Cybersecurity for Parents
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Kids do what their parents do. So, parents need to practice good cyber hygiene and then teach those habits to their kids. They also need to enforce healthy boundaries on Internet usage. We’ll explore specific risks to kids using the Internet along with specific things parents should be doing to minimize those risks. These lessons are drawn from my experience both at work and at home and are based on what we do with our family.

    12:00 pm
    Advisory Council Lunch Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: Protecting Your Company Data While Traveling Abroad-China?
    speaker photo
    Privacy Engineer, Steelcase Inc.
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 353

    This session is for Advisory Council members only.

    12:15 pm
    Joint ISSA Motor City and (ISC)2 Greater Detroit Chapter Luncheon
    Members ONLY - Lunch Served
    Registration Level:
    12:15 pm - 1:00 pm
    Location / Room: 251C

    This is intended for members only.
    Luncheon sponsored by CBI and Varonis
    Speaker provided by CBI and Varonis

     

    12:15 pm
    [LUNCH KEYNOTE] Radware: The 10 Immutable Security Facts for 2019
    • session level icon
    speaker photo
    Security Evangelist, North America, Radware
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm

    A presentation of top 10 security facts that will disrupt established application and infrastructure security practices. A discussion centered around questions everyone is or should be asking in 2019:

    • What is the attack surface of the public cloud?
    • Why are NIDs, HIDs, and flow collectors not adapted for cloud based infrastructure and applications?
    • How to protect APIs and cloud native applications running in dynamic, end-to-end encrypted service meshes?
    • What is Next Gen WAF and when should I consider it?
    • What are automated threats and how to protect against the 4th generation bots?
    • Is deep learning an inexorable technology as attackers get automated and attacks more sophisticated?
    • What will be the impact of 5G on application security and availability?

    Presentation outline
    A top 10 is subjective in nature, but it wasn’t just pulled out of thin air. The 10 facts are based on trends in recent threats, my own security research, and discussions with CISOs and security leaders.

    The Top 10 security facts for 2019:

    1. The Attack Surface of the Public Cloud is defined by Permissions
    2. The Insider thread of the Public Cloud is the Outsider
    3. HIDs, NIDs, and Flow Collectors are pointless for Securing Cloud-based Applications
    4. WAF does not keep up with Cloud Native Applications
    5. East-West Traffic is getting Encrypted
    6. Attackers are getting Automated
    7. Attacks are getting more Sophisticated
    8. APIs are the new Front-end
    9. Machine and Deep Learning become essential for Threat Detection
    10. 5G will fuel the next IoT Explosion

    Starting the discussion with an overview of the current threat landscape, illustrating with real-world incidents in following categories:

    1. Cloud infrastructure abuse
    2. Data breaches through publicly exposed S3 buckets
    3. Ransom of poorly secured cloud data services
    4. Cloud Infrastructure owning and wiping
    5. Cloudification of DDoS attacks
    6. Automated threats

    A quick run through of the top 10 security facts.

    The rest of the discussion will lead to the 10 facts and is organized in 4 chapters, each centering around a top of mind topic:

    1. Migrating to the cloud
    2. Cloud Native Applications
    3. Automated Threats
    4. 5G/IoT Intersection

    Each chapter is summarized with the top security facts that were demonstrated throughout the discussion

     

    1:15 pm
    Panel: Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keytnote Theater

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.

    1:15 pm
    Panel: The Battle for the Endpoint Continues (Endpoint Security)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 250A

    What are you doing to keep the network safe for your employees? You’ve got your fancy next-gen firewall and some A/V. Maybe even some biometrics or 2FA thrown in for safekeeping. We also keep hearing the IAM acronym thrown around. And what is Zero Trust? What are you missing? Oh, yeah… remote workers and IoT. Wouldn’t it be cool if you had someone to ask? Now you do. This panel will go through these questions and more. Join the group discussion as we address the challenges in endpoint and network security.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Penetrating Software Development
    • session level icon
    speaker photo
    Chief Information Security & Privacy Officer, WorkForce Software
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 250B
    Security is often second to features when it comes to software development priorities. Here’s some tips for raising the visibility of security and for building security into the agile timeline.

     

    3:00 pm
    Bring the Championship to the Midwest: Become a CyberPatriot Mentor!
    • session level icon
    speaker photo
    Director, Center for Cyber Security & Intelligence Studies, University of Detroit Mercy
    speaker photo
    Sr. Cybersecurity Researcher, GE Digital
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 250C

    This session will explain a way for hackers and cybersecurity professionals to pay-it-forward and volunteer to be a coach or mentor in the fastest middle school and high school competition in the nation: CyberPatriot.
    The attendees will learn about CyberPatriot, the premier national youth cyber education program created to inspire high school and middle school students toward careers in cybersecurity or other science, technology, engineering, and mathematics (STEM) disciplines critical to our nation’s future. Do you have what it takes to inspire students to join a CyberPatriot team and compete virtually with over 6,000 teams across the US for bragging rights, scholarships, internships, and jobs? Help us bring the championship to the Midwest by joining this session, and be a part of the solution this skills shortage has caused.
    Presentation Level:
    MANAGERIAL (security and business leaders)

    3:00 pm
    Automotive Cyber Attack: A Perspective from the Driver's Seat
    • session level icon
    speaker photo
    Sr. Manager, Automotive Cybersecurity, Mitsubishi
    speaker photo
    UX Researcher, Automotive Cybersecurity, Mitsubishi Electric Automotive America
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 250A

    Kristie Pfosi, Senior Manager, Automotive Cyber Security, Mitsubishi Electric Automotive America (MEAA), will discuss the results from an in-depth market survey on customer perception of automotive cybersecurity. While its currently not an overwhelming concern among automotive consumers, the poll indicates there is an awareness that vehicles could be susceptible to outside interference from hackers. As vehicles become increasingly connected, it’s likely consumer concerns about the issue will grow. Pfosi, an industry leader in automotive cybersecurity, will discuss the survey results and steps MEAA is taking to mitigate the problem with security systems that fulfill consumer expectations.

    3:00 pm
    Zero Trust: The Elements of Strategy
    • session level icon
    speaker photo
    Strategist, MiSec Community
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 251A

    Philosophies for securing technology has crashed over our industry in waves. Capability-based security locked down IT (except when it didn’t.) Risk-based security prioritized efforts and focused us on securing the business (when people listen.) Threat-centric security cleared everything up by explaining what the bad guys were doing (with file hashes and IP addresses.) Following these less than successful philosophies, trust-centric security has entered the scene. This session will cover zero-trust strategies and highlight case studies of organizations leveraging zero-trust to align and coordinate tactics. Trust is neither binary nor permanent, and neither is real-world security.

Exhibitors
  • ACP Michigan
    Booth:

    The Association of Continuity Professionals (ACP) is a non-profit trade association dedicated to fostering continued professional growth and development in effective Contingency & Business Resumption Planning. ACP is the recognized premier international networking and information exchange organization in the business continuity industry.

  • Armis, Inc
    Booth: TBD

    Armis eliminates the IoT security blind spot, letting enterprises discover unmanaged devices and networks, analyze behavior in order to identify risks and attacks, and protect their critical information and systems. Fortune 1000 customers trust Armis’ agentless IoT security platform to discover, analyze, and sanction any device or network. Armis is a privately held company and headquartered in Palo Alto, California.

  • Automation Alley
    Booth:

    Automation Alley is a nonprofit technology and manufacturing business association and Michigan’s Industry 4.0 knowledge center, with a global outlook and a regional focus. We connect industry, academia and government to fuel Michigan’s economy and accelerate innovation. We offer programs and services in business growth, entrepreneurship, talent development, defense and international business, providing resources and knowledge to help our members grow and prosper in the digital age.
    Our Mission
    The mission of Automation Alley is to position Michigan as a global leader in Industry 4.0 by helping our members increase revenue, reduce costs and think strategically during a time of rapid technological change.
    Our Vision
    Michigan is the leading applied technology and innovation state in the world.

  • baramundi software USA, Inc.
    Booth: 304

    baramundi Software provides companies and organizations with efficient, secure, and cross-platform management of workstation environments.

    The baramundi Management Suite (bMS) combines all important features for Endpoint Management: Patch Management, Software Deployment, OS-Installation, Enterprise Mobility Management, Vulnerability Assessment, and more. bMS optimizes IT management processes by automating routine tasks and providing an extensive overview of the status of the network and endpoints. In doing so, it relieves pressure on IT administrators and ensures that users always have the necessary rights and applications on all platforms and form factors; whether on PCs, servers, notebooks, mobile devices or Macs.

    Over 3,000 customers around the world benefit from nearly two decades of experience and the easy-to-use software solution.

  • Bitdefender
    Booth: 334

    Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.

    From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.

  • BitSight Technologies
    Booth: TBD

    BitSight Technologies is transforming how companies manage information security risk with objective, evidence-based security ratings. The company’s Security Rating Platform continuously analyzes vast amounts of external data on security behaviors in order to help organizations manage third party risk, benchmark performance, and assess and negotiate cyber insurance premiums.For more information, please visit www.bitsighttech.com or follow us on Twitter (@BitSight)

  • BlackBerry Cylance
    Booth: 330

    BlackBerry Cylance develops artificial intelligence to deliver prevention-first, predictive security products and smart, simple, secure solutions that change how organizations approach endpoint security. BlackBerry Cylance provides full spectrum predictive threat prevention and visibility across the enterprise to combat the most notorious and advanced cybersecurity attacks. With AI-based malware prevention, threat hunting, automated detection and response, and expert security services, BlackBerry Cylance protects the endpoint without increasing staff workload or costs. We call it the Science of Safe. Learn more at www.cylance.com.

  • Bugcrowd Inc.
    Booth: 534

    By combining the world’s most experienced team of bounty experts and the market’s only enterprise-grade bug bounty platform, Bugcrowd connects organizations to a global crowd of trusted security researchers to identify vulnerabilities—before the  adversaries do.

  • CBI
    Booth: 326

     

    CBI manages IT risk and ensures your data is secure, compliant, and available. No matter your industry our Subject Matter Experts, tailored assessments and custom solutions help safeguard your organization’s information. Our proven process helps you manage and navigate issues that can damage your business and reputation.

    For more than 20 years, our customers have come to rely on CBI as their trusted advisor to meet their unique needs with solutions from the best professionals in the industry. Our broad Subject Matter Expertise ensures we deliver on our promise to help defend and secure your network and endpoints; test and monitor areas of operational risk; and protect your data.

    We invite you to talk to usengage with us, and let us help generate the needed dialogue to plot the unique, tailored path to help ensure your data is secure, compliant and available.

  • Checkmarx
    Booth: 200

    Checkmarx is the global leader in software security solutions for modern enterprise software development. Checkmarx delivers the industry’s most comprehensive software security platform that unifies with DevOps and provides static and interactive application security testing, SCA and developer AppSec training to reduce and remediate risk from software vulnerabilities. www.checkmarx.com.

  • Check Point Security
    Booth: TBD

    Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. We are committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.

  • Cisco
    Booth: 318

    Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.

  • CISO Ventures
    Booth:

    Whiteboard Venture Partners is building this exclusive community to help cybersecurity startups engage/collaborate with security innovation stakeholders.

  • Cobalt.io
    Booth: 340

    Cobalt’s Pentest as a Service (PtaaS) Platform transforms traditional pentesting into a data-driven vulnerability management engine. Fueled by a global talent pool of certified freelancers, our modern pentest platform delivers actionable results that empowers agile teams to pinpoint, track, and remediate vulnerabilities.

  • Contrast Security
    Booth: 204

    Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast’s patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.

  • CrowdStrike
    Booth: 344

    CrowdStrike Inc. (Nasdaq: CRWD), a global cybersecurity leader, is redefining security for the cloud era with an endpoint protection platform built from the ground up to stop breaches. The CrowdStrike Falcon® platform’s single lightweight-agent architecture leverages cloud-scale artificial intelligence (AI) and offers real-time protection and visibility across the enterprise, preventing attacks on endpoints on or off the network. Powered by the proprietary CrowdStrike Threat Graph®, CrowdStrike Falcon correlates over two trillion endpoint-related events per week in real time from across the globe, fueling one of the world’s most advanced data platforms for security.

    With CrowdStrike, customers benefit from better protection, better performance and immediate time-to-value delivered by the cloud-native Falcon platform.

    There’s only one thing to remember about CrowdStrike: We stop breaches.

    Qualifying organizations can gain full access to Falcon Prevent™ by starting a free trial. Learn more: https://www.crowdstrike.com/

  • DeepWatch
    Booth: TBD
  • DRI International
    Booth:

    Disaster Recovery Institute International (DRI) is the nonprofit that helps organizations around the world prepare for and recover from disasters by providing education, accreditation, and thought leadership in business continuity and related fields. Founded in 1988, DRI International has 15,000+ certified professionals in more than 100 countries and conducts native-language training in more than 50 countries, offering in-depth courses ranging from introductory to master’s level, as well as specialty certifications. The organization’s annual DRI Conference brings together leading business continuity professionals from both the public and private sector to share best practices and participate in continuing education and volunteerism.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • ECTF
    Booth:

    As a result of the amalgamation of advanced technology and the Internet, both the quantity and sophistication of cybercrimes targeting U.S. financial institutions and critical infrastructure have increased. Today, criminal trends show an increased use of phishing emails, account takeovers, malicious software, hacking attacks and network intrusions resulting in significant data breaches. To protect the nation’s financial infrastructure from cyber and financial criminals, the Secret Service has adopted a multipronged approach.

  • Fortinet
    Booth: 532

    Fortinet secures the largest enterprise, service provider, and government organizations around the world. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 300,000 customers trust Fortinet to protect their businesses.

  • Gemalto
    Booth: TBD

    Today’s enterprises depend on the cloud, data and software to make decisive decisions. That’s why the most respected brands and largest organizations in the world rely on Thales to help them protect their most sensitive information and software wherever it is created, accessed or stored – from the cloud and data centers to devices and across networks. As the global leader in cloud and data protection, our solutions enable organizations to move to the cloud securely, achieve compliance with confidence, and create more value from their software in the devices and services used by millions of consumers every day.

  • HTCIA Michigan
    Booth:

    We are the Michigan chapter of the worldwide High Technology Crime Investigation Association. Our membership consists of people from the private and public sectors. We have members from the U.S. Attorney’s Office, The State of Michigan, FBI, Treasury, and Customs. We also have members who represent cities, counties and townships, as well as universities and law enforcement.

  • InfraGard Michigan
    Booth:

    InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. With thousands of vetted members nationally, InfraGard’s membership includes business executives, entrepreneurs, military and government officials, computer professionals, academia and state and local law enforcement; each dedicated to contributing industry specific insight and advancing national security.

  • (ISC)2 Greater Detroit
    Booth:

    (ISC)² is consists of over 80,000 members worldwide. Our chapter program provides members a forum to facilitate the exchange of knowledge and ideas, development of leadership and professional skills, and advancement of information systems security. We also provide our members with access to a variety of industry resource and educational programs to keep our members informed of the latest advances in technology and techniques. The Greater Detroit chapter was been established in 2012 to help bring together local professionals. Our members consist of (ISC)² credentialed professionals who hold either a SSCP, CAP, CSSLP, and/or a CISSP or advanced concentration certification.

  • ISACA Detroit
    Booth:

    Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the metro Detroit area.

  • ISSA Motor City
    Booth:

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals. The Motor City chapter is located in the automotive capital of the United States, Detroit, MI. Our chapter is committed to educating, consulting, advising, and overall improving information security for our technology infrastructures.

  • ITS
    Booth: 530

    Hello. We’re ITS. We believe that the best IT advisors to work with are practitioners who have lived in your customer’s shoes. People who know their stuff. People who will get their hands dirty. People who care about outcomes. That’s the team we’ve built at ITS. We are seasoned Security professionals working with platform consultants and developers. More at www.itsdelivers.com

  • Ixia, a Keysight Business
    Booth: 346

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Kenna
    Booth: TBD

    Kenna was built on the premise that cyber risk must be managed as an enterprise-wide effort. We believe cyber risk can only be effectively mitigated when the whole organization works as one, focused in the same direction and on the right target.

  • Malwarebytes
    Booth: 226

    Malwarebytes secures endpoints, making workplaces resilient. Our adaptive attack protection predicts and detects attacks with multi-layer detection across the kill chain. We enable active threat response with machine learning that is actionable and automated, allowing for full recovery when a compromise occurs. We empower enterprise endpoint orchestration across siloed IT and Security organizations, simplifying security management and making responses effective.

    Malwarebytes makes endpoints resilient so workplaces can protect and remediate, and employees can regain control of their digital lives. Visit us at www.malwarebytes.com.

  • McAfee
    Booth: 328

    Founded in 1989 and headquartered in Somerset, NJ, SHI International Corp. is a $7.5 billion global provider of information technology products and services. Driven by the industry’s most experienced and stable sales force and backed by software volume licensing experts, hardware procurement specialists, and certified IT services professionals, SHI delivers custom IT solutions to Corporate, Enterprise, Public Sector and Academic customers. With 3,500 employees worldwide, SHI is the largest Minority/Woman Owned Business Enterprise (MWBE) in the United States and is ranked 12th among CRN’s Solution Provider 500 list of North American IT solution providers. For more information, please

  • Mimecast
    Booth: 222

    Mimecast Is Making Email Safer For Business.

    Mimecast’s security, archiving and continuity cloud services protect business email and deliver comprehensive email risk management in one fully-integrated subscription service. Mimecast reduces the risk, complexity and cost traditionally associated with protecting email. You no longer have to manage an array of disjointed point solutions from multiple vendors. And you mitigate single vendor exposure if you have moved your primary email server to the cloud with services like Microsoft Office 365.
    Our best-of-breed services protect the email of over 24,900 customers and millions of users worldwide against targeted attacks, data leaks, malware and spam. We give employees fast and secure access to sensitive business information, and ensure email keeps running in the event of a primary service outage.

  • Mobile Technology Association of Michigan
    Booth:

    The Mobile Technology Association of Michigan (MTAM) is a non-profit trade association for Michigan’s mobile/wireless (connected) technologies industry, businesses that provide these technologies, and the businesses – in all industries – that use these technologies. We are the first state-based mobile/wireless (connected) technologies trade association in the U.S. and we are focused on increasing demand for Michigan-based mobile/wireless technology products and services within the state, nationally and globally, thereby generating increased entrepreneurial and enterprise-level opportunities and creating sustainable jobs in Michigan.

  • NetSkope
    Booth: 332

    Netskope offers the industry’s only all-mode architecture that supports any use case. This starts with the option of being deployed 100 percent in the cloud, as an on-premises appliance, or via a hybrid configuration that includes both. When it comes to traffic steering, Netskope supports every possible out-of-band and inline mode, including forward and reverse proxy, secure TAP, API, and log-based discovery. These modes are often used in parallel to cover customers’ multiple use cases.

  • Nexum
    Booth: 518

    Nexum, Inc. is a cybersecurity and networking company that builds and secures global networks for organizations across multiple verticals around the world. In addition to its Chicago headquarters, Nexum has sales, training and support presence in Kentucky, Michigan, New Hampshire, Ohio and Wisconsin as well as the Security and Network Operations Command Centers (SNOCC) in New Mexico and Illinois.

  • Okta
    Booth: TBD

    Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

  • Optiv
    Booth: 520

    The world’s most trusted and reputable security solutions integrator, Optiv enables its clients to realize stronger, simpler and less costly cyber security programs. The company combines decades of real-world business, security strategy and technical experiences with in-depth security products knowledge to bring order to the cyber security chaos.

  • ProcessUnity
    Booth: 220

    ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources.

  • Proofpoint
    Booth: 228

    Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.

    Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.

  • PwC
    Booth: 202

    Innovative solutions, breakthrough thinking, new perspectives—they all start with you. At PwC, we connect people with diverse backgrounds and skill sets to solve important problems together—for our clients and for the world at large.

    Join our global network of over 250,000 talented professionals who provide industry-focused assurance, tax, and advisory services to build public trust and enhance value for our clients and our stakeholders.

  • Qualys, Inc.
    Booth: 324

    Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 120 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

  • Radware
    Booth: 316

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • Rapid7
    Booth: 322

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • ReliaQuest
    Booth: 310

    ReliaQuest fortifies the world’s most trusted brands against cyber threats with its platform for proactive security model management. Acting as a force multiplier on an organization’s existing cybersecurity investments, only ReliaQuest’s GreyMatter integrates disparate technologies to provide a unified, actionable view that fills the gaps in enterprise security programs.

  • SailPoint
    Booth: 336

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tenable
    Booth: 302

    Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

  • Titus
    Booth: 520

    Titus is a leader in providing solutions that help businesses accelerate their adoption of data protection. The company’s products enable organizations to discover, classify, protect, analyze, and share information, and the open, intelligent policy manager lets customers address regulatory compliance initiatives and get more out of their existing security investments.

  • Total Compliance Tracking
    Booth: 342

    Total Compliance Tracking is dedicated to improving the operational efficiency of managing complex compliance environments to facilitate collaboration between all stakeholders to achieve completion so clients can focus precious resources back on the core value of their business.

    We connect the dots between internal IT resources, external auditing firms, and vendors to make sure each and every engagement requirement is completed in a cohesive, coordinated manner.

  • Trend Micro
    Booth: 224

    Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.

  • Trustwave
    Booth: 312

    Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries.

  • Walsh College
    Booth:

    At Walsh College, we blend business theory and real-world experience to deliver educational programs that boost career success. Our faculty are not only dedicated teachers, but also business professionals who integrate their experience into what you learn in class. Administrative staff deliver personal service in a professional learning environment.

    Founded in 1922 and celebrating more than 90 years of business education, we offer 16 business and related technology degree programs at the bachelor’s and master’s levels that are responsive to student, employer, and community needs. Walsh is a private, not-for-profit institution offering courses and services at locations in Troy, Novi, Clinton Township, Port Huron, and online.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Mark Gelhardt
    Former CIO, The White House

    Colonel Mark Gelhardt is a retired Army combat veteran. While in the Army, Mark was selected to be the Chief Information Officer for The White House, supporting President Clinton with secure Automation and Telecommunication for over four and half years. Mark has over 40 years of experience in providing executive level management in Information Technology and Cybersecurity fields as a CTO, CSO, CIO, and CISO for several global companies. He is currently the VP of Global Technology Governance for US Bank. Mark is a published author and well-known keynote speaker.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Gene Kingsley
    Director of Security Operations, Massachusetts Advanced Secure Technologies

    Gene Kingsley, Director of Security Operations Center where he leads his team to help protect the clients of Massachusetts Advanced Security Technologies.

  • speaker photo
    Kevin Beaver
    Independent Information Security Consultant, Principle Logic, LLC

    Kevin Beaver, CISSP is an information security consultant, writer, and professional speaker with Atlanta, GA-based Principle Logic, LLC. With over 30 years in IT and 24 years in security, Kevin specializes in independent security assessments and virtual CISO consulting work to help businesses uncheck the boxes that keep creating a false sense of security. He has written 12 books on security including Hacking For Dummies and The Practical Guide to HIPAA Privacy and Security Compliance. Kevin has written over 1,000 articles on security and regularly contributes to TechTarget's SearchSecurity.com, Ziff Davis' Toolbox.com, and Iron Mountain’s InfoGoTo.com. He has a B.S. in Computer Engineering Technology from Southern College of Technology and a M.S. in Management of Technology from Georgia Tech. In his free time, Kevin races cars in the SCCA Spec Miata class and also enjoys riding dirt bikes and snow skiing.

  • speaker photo
    Tony Giles
    Information Security Lead Auditor, NSF International

    Tony is an ISO 27001, ISO 20000 and ISO 9001 Lead Auditor and OSINT PenTester for NSF. Currently, Tony is the Director of Custom Audit Programs, also having served as Director of Operations, Director of Business Development, and Service Delivery Manager. Tony has conducted audits globally for over 10 years and worked on large-scale security implementation projects, including NIST 800-171, NIST 800-88, ISO 27001, ISO 28000, OSINT PenTesting Assessments, and other custom security standards. Tony has conducted audits for DoD suppliers and private sector organizations, implementing security assessment programs focused on multiple security controls, cryptographic erasure, and other custom security programs. Tony has worked throughout the US advancing and building information security awareness.

  • speaker photo
    Rhia Dancel
    Information Security Lead Auditor, NSF International

    Rhia is an ISO 27001 and 9001 Lead Auditor and OSINT PenTester for NSF and has previously held several auditing and technical positions in the information security and Pharma quality sectors. Rhia has completed technical writing work and audits for NSF throughout North America, working directly with customers onsite and remotely developing security control matrices. Rhia conducts risk-based security assessments using impact and probability calculations to develop and establish risk matrices to drive an organization's security plan-of-action and milestones. Rhia has developed and built a risk-based platform that supports industry best practices for treating and mitigating risk. Rhia has worked with multiple academic leaders on information security and awareness.

  • speaker photo
    Matthew Clapham
    Director of Cybersecurity, GE Healthcare

    Matt Clapham is a Directory of Cybersecurity at GE Healthcare. He and his team make products more secure.

  • speaker photo
    Kathy Ossian
    Founder & CEO, Ossian Law P.C.

    Kathy Ossian is Founder and CEO of Ossian Law, P.C., a firm focused exclusively on Information Technology Law. Kathy has practiced for 35 years; over 22 in Information Technology law. She is a frequent author and speaker on timely IT law topics and the Managing Editor of “Social Media and the Law” published by PLI. Kathy is also an Adjunct Faculty Member at Oakland University and the University of Detroit Mercy Law School. She has been named for many years as a Best Lawyer in America and a Michigan Super Lawyer in information technology law.

  • speaker photo
    Tamika Albert-Williams
    Undergraduate IT Program Adjunct Faculty, Capella University - School of Business and Technology

    With a passion for addressing the human element of cybersecurity, Tamika Albert-Williams has 10+ years’ experience in information technology and security. She began her career in IT project management. She is currently a Management Consultant and adjunct IT program faculty at Capella University. She specializes in GRC; and IS program strategy. She has implemented privacy and security compliance programs; and worked in IT governance in multiple industries. She holds the CISSP, CAP, SSCP, and HCISPP certifications from ISC2; and CISM from ISACA. She has a Master of Science in IT with a specialization in Cybersecurity from Walsh College.

  • speaker photo
    Christopher McMahon
    Special Agent, United States Secret Service

    Chris McMahon is a Special Agent for the United States Secret Service. Prior to joining the Secret Service, Chris was a Prince George’s County, MD Police Officer. Chris is a well-seasoned criminal investigator specializing in cyber-enabled financial fraud, money laundering, credit card/ID fraud among other crimes. Chris began his Secret Service career out of the New York Field Office spending time between the Fraud Squad and Electronic Crimes Task Force where he earned the designation NITRO Agent for specialized training in network intrusions. While in the New York Field Office, Chris ran point on several large-scale multi-national criminal investigations targeting transnational organized crime groups. Chris is currently assigned to the U.S. Secret Service, Global Investigative Operations Center (GIOC) where he specializes in Business Email Compromise schemes and account takeovers focusing on the international nexus of cyber-enabled financial crime.

  • speaker photo
    Book Signing
  • speaker photo
    Bob Bacigal
    AVP, Information Security Services, Amerisure Mutual Insurance
  • speaker photo
    Steven Fox
    Senior Manager, Security Compliance and IT Audit, WorkForce Software

    Steven F. Fox makes sense of security through business outcomes as Sr. Manager of Security Compliance and IT Audit at Workforce Software. He brings a cross-disciplinary, international perspective to the practice of information security; combining his extensive public and private-sector IT background with principles from industrial and behavioral psychology to address security challenges.

  • speaker photo
    Ron Winward
    Security Evangelist, North America, Radware

    As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America. Before joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP.
    Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
    Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
    Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
    Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation.

  • speaker photo
    Rob Maynard
    Solutions Architect, Trend Micro

    Rob Maynard is an SE and DevOps SME for Trend Micro. He lives in Michigan with his wife and two children, and has been in the IT field for over 11 years working with various cloud, automation and virtualization technologies.

  • speaker photo
    Jack Freund, PhD
    Director, Risk Science, FAIR Institute

    Dr. Jack Freund is a leading voice in cyber risk measurement and management. He is an expert at building relationships to collaborate, persuade, and sell information risk and security programs. Jack is currently serving as Director, Risk Science at RiskLens and previously worked for TIAA as Director, Cyber Risk. Jack holds a PhD in Information Systems and has been named an IAPP Fellow of Information Privacy. Jack’s book on quantifying risk (Measuring and Managing Information Risk: A FAIR Approach) was inducted into the Cybersecurity Canon in 2016. Jack’s writings have appeared in the ISSA Journal and he currently writes a column for the @ISACA newsletter.

  • speaker photo
    Rob Walk
    Sr. Security Engineer, Tenable

    Rob is a passionate technologist focusing on solutions at the intersection of business and technology. He has over 20 years of industry experience architecting, deploying and consulting on enterprise solutions. In his current role as a Sr. Security Engineer for Tenable he helps organizations reduce risk due to Cyber Exposure.

  • speaker photo
    Mark Gelhardt
    Former CIO, The White House

    Colonel Mark Gelhardt is a retired Army combat veteran. While in the Army, Mark was selected to be the Chief Information Officer for The White House, supporting President Clinton with secure Automation and Telecommunication for over four and half years. Mark has over 40 years of experience in providing executive level management in Information Technology and Cybersecurity fields as a CTO, CSO, CIO, and CISO for several global companies. He is currently the VP of Global Technology Governance for US Bank. Mark is a published author and well-known keynote speaker.

  • speaker photo
    Moderator: Abhijit Solanki
    Founder & Managing Director, Whiteboard Venture Partners

    Abhijit Solanki is the founder of Whiteboard Venture Partners, an early stage venture capital firm helping entrepreneurs achieve their whiteboard dreams.

  • speaker photo
    Ryan Mostiller
    Sr. Security Engineer, Penske Automotive Group

    Ryan has nearly 10 years of experience in defending large enterprise environments, specializing in Windows and Active Directory environments. Ryan has responsibility for Incident Response, Vulnerability Management, and the Management of all Security Tools and Controls. Ryan is a proud double alumnus from Oakland University as well as Husband and Father.

  • speaker photo
    Marc Harwin
    Information Security Professional, Harwinet LLC

    Marc Harwin is an Information Security Professional with more than 20 years of experience. He has worked to improve Information Security at multiple Fortune 500 organizations with a focus on:
    - Security Operations
    - Vulnerability Management
    - Incident Response

    Marc has a Master of Science in Information Systems from Walsh College (4.0 GPA), and holds multiple certifications including CISSP since 2006, SANS GIAC GCIH, Certified Ethical Hacker, Microsoft (MCSE), Citrix (CCA), Checkpoint Firewall, Nessus and Qualys Vulnerability Scanning, Security+ and many more.
    .

  • speaker photo
    Matthew Gardiner
    Director of Security, Mimecast

    Matthew Gardiner is a Director of Security at Mimecast and is currently focused on email & web security, phishing, awareness training, malware, and cloud security. With more than 15 years focused in security, Matthew’s expertise in various roles includes threat detection & response, network monitoring, SIEM, endpoint threat detection, threat intelligence, identity & access management, Web access management, identity federation, cloud security, and IT compliance at RSA, Netegrity, and CA Technologies. Previously he was President and a member of the board of trustees of the security industry non-profit, the Kantara Initiative. Matthew has a BS in Electrical Engineering from the University of Pennsylvania and an SM in Management from MIT's Sloan School of Management.

  • speaker photo
    Barbara Hiemstra
    Privacy Engineer, Steelcase Inc.

    Barb works with Steelcase’s Security and Legal teams as well as the Software and Product Developers to operationalize the privacy requirements needed in the company’s Industrial Internet of Things (IIoT) and their Smart+Connected global product offerings. Prior to joining Steelcase, Barb was the Information Security-Governance Manager at Perrigo, the Information Security Director and the Deputy Director for IT at Kent County, MI. She is serves on the Board for Cybercrime Support Network (CSN), whose goal is to bring a voice to and serve the victims of cybercrime. She co-founded and co-chairs West Michigan Cyber Security Consortium (WMCSC). Barb holds a BA degree in Telecommunications from Michigan State University, Certified Information Privacy Technologist (CIPT), GIAC Security Leadership Certification (GLSC) and the GIAC Critical Controls Certificate (GCCC), GIAC Law of Data Security & Investigations (GLEG), and ITIL2 Foundations and Change Management certifications.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Gene Kingsley
    Director of Security Operations, Massachusetts Advanced Secure Technologies

    Gene Kingsley, Director of Security Operations Center where he leads his team to help protect the clients of Massachusetts Advanced Security Technologies.

  • speaker photo
    Kevin Beaver
    Independent Information Security Consultant, Principle Logic, LLC

    Kevin Beaver, CISSP is an information security consultant, writer, and professional speaker with Atlanta, GA-based Principle Logic, LLC. With over 30 years in IT and 24 years in security, Kevin specializes in independent security assessments and virtual CISO consulting work to help businesses uncheck the boxes that keep creating a false sense of security. He has written 12 books on security including Hacking For Dummies and The Practical Guide to HIPAA Privacy and Security Compliance. Kevin has written over 1,000 articles on security and regularly contributes to TechTarget's SearchSecurity.com, Ziff Davis' Toolbox.com, and Iron Mountain’s InfoGoTo.com. He has a B.S. in Computer Engineering Technology from Southern College of Technology and a M.S. in Management of Technology from Georgia Tech. In his free time, Kevin races cars in the SCCA Spec Miata class and also enjoys riding dirt bikes and snow skiing.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Gene Kingsley
    Director of Security Operations, Massachusetts Advanced Secure Technologies

    Gene Kingsley, Director of Security Operations Center where he leads his team to help protect the clients of Massachusetts Advanced Security Technologies.

  • speaker photo
    Kevin Beaver
    Independent Information Security Consultant, Principle Logic, LLC

    Kevin Beaver, CISSP is an information security consultant, writer, and professional speaker with Atlanta, GA-based Principle Logic, LLC. With over 30 years in IT and 24 years in security, Kevin specializes in independent security assessments and virtual CISO consulting work to help businesses uncheck the boxes that keep creating a false sense of security. He has written 12 books on security including Hacking For Dummies and The Practical Guide to HIPAA Privacy and Security Compliance. Kevin has written over 1,000 articles on security and regularly contributes to TechTarget's SearchSecurity.com, Ziff Davis' Toolbox.com, and Iron Mountain’s InfoGoTo.com. He has a B.S. in Computer Engineering Technology from Southern College of Technology and a M.S. in Management of Technology from Georgia Tech. In his free time, Kevin races cars in the SCCA Spec Miata class and also enjoys riding dirt bikes and snow skiing.

  • speaker photo
    David Barton
    Managing Director, UHY Advisors

    David Barton is a Managing Director with UHY Advisors and practice leader of the Internal Audit, Risk, and Compliance practice, which provides consulting and attestation services around information technology controls, cybersecurity, and compliance. He has over 25 years of practical experience in information systems and technology risk and controls. David is frequently asked to speak at national and regional events, such as SecureWorld and the Cloud Security Alliance Congress. He is the primary author of the CSA position paper on AICPA Service Organization Control Reports. He regularly provides his input and opinions for national publications such as Compliance Week, Accounting Today, and the Atlanta Journal Constitution. David holds an MBA and BS in Business Administration from Appalachian State University. He is Certified in Risk and Information Systems Control (CRISC), received the Certified Information Systems Auditor (CISA) designation in 1988, and is a member of the Atlanta chapter of the Cloud Security Alliance.

  • speaker photo
    Alexandra Panaretos
    Security Awareness and Training leader, Ernst & Young LLP

    Alexandra Panaretos, CSAP is the Americas Cyber Practice Lead for Security Awareness and Training for Ernst & Young LLP. She specializes in information security awareness and education, personal and physical security, and the psychology of social engineering. Alex has experience developing and implementing security awareness and education strategies in government, military family services, and global companies. She is Operations Security Program Manager certified by the Joint Information Operations Warfare Center and the U.S. Army. Her primary focus in awareness program design is the individual, which she showcases in materials that are relevant for multiple generational, cultural, and learning styles in an enterprise.

  • speaker photo
    Moderator: Jennifer Tisdale
    Associate Principal, GRIMM, a Cyber Research, Consulting & Education firm

    Jennifer Tisdale is the Associate Principal for Embedded Systems and Advanced Transportation Security Programs at GRIMM, a cybersecurity research and engineering firm. Previously, Jennifer served as R&D Program Manager of Vehicle Product Cybersecurity at Mazda North America. While at Mazda, Jennifer bridged the gap between R&D and Government Affairs, focused on cybersecurity for connected and automated vehicles. Prior Mazda North America, Jennifer developed the Cyber-Mobility program for the State of Michigan through the Michigan Economic Development Corporation’s (MEDC). In this role, Jennifer created Michigan’s economic strategy focused on cybersecurity in support of the future of transportation mobility for automotive, aerospace and defense industries. Additionally, Jennifer serves on several non-profit boards and advisory committees, and is the current Cyber Director for the National Defense Industrial Association (MI). Jennifer is charged with developing industry programming in support of the U.S. Military’s cyber-physical security initiatives including leading the Cyber Military Vehicle Industry Collaborative (MVIC). The MVIC was established to provide the U.S. Army Futures Command with industry recommendations for product security validation, prior to systems integration. Recently voted one of SC Magazine’s “Women to Watch” in Cybersecurity, Jennifer challenges the negative narrative often associated with hackers, and volunteers with several non-profit, STEM programs encouraging students and teachers to embrace cybersecurity education for Cyber-Physical Systems.

  • speaker photo
    Amy Chu
    Sr. Director, Automotive Product Security, Harman

    Amy Chu is Senior Director, Automotive Cybersecurity at HARMAN, a wholly-owned subsidiary of Samsung Electronics Co., Ltd. HARMAN designs and engineers connected products and solutions for automakers, consumers, and enterprises worldwide, including connected car systems, cyber security solutions, audio and visual products, enterprise automation solutions and services supporting the Internet of Things.

    Amy carries extensive experience in automotive product delivery and execution, leading cross-functional teams from ideation to launch. Over the past 16 years, she has led various HARMAN Program Teams in Premium Audio, Connected Car and Corporate Divisions. For the past two years, she has been heading up Harman’s Automotive Product Security Center of Excellence, and leading the global execution of HARMAN’s Security Development Lifecycle (SDL) and Incident Response. The team’s overall mission is to strengthen HARMAN’s security posture, and align product development with cyber security best practices and global standards.

    Prior to joining the Automotive Cyber Security Team, Amy served as Director of Program Management for Harman’s CTO office, managing global innovation projects for the Automotive Division. Her experience also includes leadership and engineering roles while working for Magna Electronics and Tellabs, Inc. Amy holds a Bachelor’s of Science in Electrical Engineering from Michigan State University.

  • speaker photo
    Kristie Pfosi
    Sr. Manager, Automotive Cybersecurity, Mitsubishi

    Kristie Pfosi stands at the forefront of one of automotive’s greatest challenges: cybersecurity. A well-respected policy maker and program manager with deep technology expertise, Kristie has been a champion for best practices in cybersecurity for over a decade as a technical intelligence officer at the CIA and as an OEM employee, most notably helping FCA shore up their cybersecurity practice after one of their vehicles was infamously hacked. Her wide-ranging background in automotive also includes designing minivan seats, developing advanced service diagnostic tools, and working on internal combustion engine technology at companies like Magna and MAHLE Powertrain.

    Today she is responsible for creating and implementing processes and methodologies for global incident responses, vulnerability management, and risk assessments at Mitsubishi Electric Automotive America. Her work also involves developing and integrating cybersecurity protection into advanced vehicle electronics with a focus on defense-in-depth and next-generation security.

    Kristie holds two bachelor degrees in Mechanical Engineering and Electrical Engineering from the General Motors Institute (Kettering University), and has experience in all phases of the product development lifecycle—from advanced R&D, through product development and launch, to post-production operations and aftermarket service.

  • speaker photo
    Larry Ponemon
    Chairman and Founder, Ponemon Institute

    Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research “think tank” dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management or RIM framework.

    Ponemon Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University’s CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Corporation.

    Dr. Ponemon consults with leading multinational organizations on global privacy management programs. He has extensive knowledge of regulatory frameworks for managing privacy and data security including financial services, health care, pharmaceutical, telecom and Internet. Dr. Ponemon was appointed to the Advisory Committee for Online Access & Security for the United States Federal Trade Commission. He was appointed by the White House to the Data Privacy and Integrity Advisory Committee for the Department of Homeland Security. Dr. Ponemon was also an appointed to two California State task forces on privacy and data security laws.

    Dr. Ponemon earned his Ph.D. at Union College in Schenectady, New York. He has a Master’s degree from Harvard University, Cambridge, Massachusetts, and attended the doctoral program in system sciences at Carnegie Mellon University, Pittsburgh, Pennsylvania. Dr. Ponemon earned his Bachelors with Highest Distinction from the University of Arizona, Tucson, Arizona. He is a Certified Public Accountant and a Certified Information Privacy Professional.

  • speaker photo
    Dan Shoemaker
    Professor and Graduate Program Director, Center for Cybersecurity, UDM

    Dan Shoemaker is Professor and Director of the Graduate Program in Cybersecurity at the University of Detroit Mercy. He has written eleven books and hundreds of articles in the field. He has been the Principal Investigator for the National Security Agency Center of Excellence at UDM over the past fifteen years, as well as the Chair of Workforce Training and Education for the Software Assurance Initiative at the Department of Homeland Security. He was a subject matter expert (SME) for the NIST National Initiative for Cybersecurity Education (NICE) Workforce Framework (NICE v1.0 and v2.0) and also the ACM/IEEE CSEC2017 Standard.

  • speaker photo
    Kristin Judge
    CEO & President, Cybercrime Support Network

    Kristin founded nonprofit Cybercrime Support Network to be a voice for cybercrime victims. She’s been seen on the C-SPAN Network, local news outlets and called on by technology publications like SC Magazine and Government Technology, to share best practices for online safety. Kristin was an SC Media "Women in IT Security Influencer" in 2017. At MS-ISAC and National Cyber Security Alliance she worked as a “technology interpreter” helping nontechnical people become more secure. She’s a national speaker, sharing cybersecurity best practices with elected officials, businesses and consumers, and authored the LinkedIn course, “Cybersecurity for Small and Medium Businesses: Essential Training.”

  • speaker photo
    Holger Weeres
    Executive Account Manager, baramundi software USA, Inc.

    Holger is a seasoned UEM expert with over 20 years of experience in endpoint Automation for company of all sizes. He has designed and implemented UEM solutions for many large enterprises as well as SMB customers. As a former Product Manager in the UEM space he is also familiar with most company's general challenges and common obstacles in achieving a secure, easy to manage and support, consistent user workspace.

  • speaker photo
    Dan Shoemaker
    Professor and Graduate Program Director, Center for Cybersecurity, UDM

    Dan Shoemaker is Professor and Director of the Graduate Program in Cybersecurity at the University of Detroit Mercy. He has written eleven books and hundreds of articles in the field. He has been the Principal Investigator for the National Security Agency Center of Excellence at UDM over the past fifteen years, as well as the Chair of Workforce Training and Education for the Software Assurance Initiative at the Department of Homeland Security. He was a subject matter expert (SME) for the NIST National Initiative for Cybersecurity Education (NICE) Workforce Framework (NICE v1.0 and v2.0) and also the ACM/IEEE CSEC2017 Standard.

  • speaker photo
    Barbara Hiemstra
    Privacy Engineer, Steelcase Inc.

    Barb works with Steelcase’s Security and Legal teams as well as the Software and Product Developers to operationalize the privacy requirements needed in the company’s Industrial Internet of Things (IIoT) and their Smart+Connected global product offerings. Prior to joining Steelcase, Barb was the Information Security-Governance Manager at Perrigo, the Information Security Director and the Deputy Director for IT at Kent County, MI. She is serves on the Board for Cybercrime Support Network (CSN), whose goal is to bring a voice to and serve the victims of cybercrime. She co-founded and co-chairs West Michigan Cyber Security Consortium (WMCSC). Barb holds a BA degree in Telecommunications from Michigan State University, Certified Information Privacy Technologist (CIPT), GIAC Security Leadership Certification (GLSC) and the GIAC Critical Controls Certificate (GCCC), GIAC Law of Data Security & Investigations (GLEG), and ITIL2 Foundations and Change Management certifications.

  • speaker photo
    Ron Winward
    Security Evangelist, North America, Radware

    As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America. Before joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP.
    Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
    Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
    Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
    Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation.

  • speaker photo
    Michael Muha, PhD, CISSP, CISM, CIPM, Certified GDPR Practitioner
    Chief Information Security & Privacy Officer, WorkForce Software

    Mike drove the global expansion of WorkForce Software’s cloud-based workforce management products from one data center to eight across the US, Europe, Canada, and Australia, and directed all compliance efforts (starting with SAS 70 and moving onto SOC 1, ISAE 3402, SOC 2, ISO 27001 certification, and EU-US Privacy Shield certification). Having led the company’s GDPR journey, he’s currently implementing a “Personal Information Management System” and additional global security controls to protect company and customer data.

  • speaker photo
    Tamara Shoemaker
    Director, Center for Cyber Security & Intelligence Studies, University of Detroit Mercy

    An accomplished investigator and entrepreneur, Tamara handles all aspects of running the Center, coordinating all interactions with state and federal agencies, as well as international, educational and business contacts for the Center. She is also the President of the Michigan Midwest Regional Chapter of CISSE (MCISSE). Tamara Shoemaker has become an evangelist for the CyberPatriot Program, founding the Michigan CyberPatriot program to grow the number of teams participating across Michigan. In October of 2017 MCISSE was honored to become the 12th Center of Academic Excellence with the National CyberPatriot program for the work Tamara spearheaded. In 2017 MEDC partnered with UDM on this project and funded two summer camps and 80 team registrations across Michigan. In 2018 the Michigan Department of Education funded Michigan schools to participate in CyberPatriot. MCISSE also receive MDE funding to provide the guidance and leadership for the Michigan CyberPatriot Program.

  • speaker photo
    Chris Sorensen
    Sr. Cybersecurity Researcher, GE Digital

    Chris Sorensen has been in the IT industry for over 30 years practicing a wide range of specialties in multiple industries. He started in the Defense industry as a system administrator and developer before progressing to the Education sector where he taught system administration and security. From there he moved into the Automotive world where he started to focus on security full time performing forensics and eDiscovery. He moved to his current company 10 years ago to continue leading investigations, incident response, and eDiscovery in the Global Corporate and Financial sectors. He also ran a very successful Security Awareness program for 5 years, before transitioning into the Power business to mentor application developers who were implementing a secure SDLC. He is currently a global manager for Security Awareness, Training, and Education at GE Digital. In his spare time, he teaches High School AP Computer Science and is an Adjunct Instructor at the University of Detroit Mercy teaching the Cybersecurity Masters Program.

  • speaker photo
    Kristie Pfosi
    Sr. Manager, Automotive Cybersecurity, Mitsubishi

    Kristie Pfosi stands at the forefront of one of automotive’s greatest challenges: cybersecurity. A well-respected policy maker and program manager with deep technology expertise, Kristie has been a champion for best practices in cybersecurity for over a decade as a technical intelligence officer at the CIA and as an OEM employee, most notably helping FCA shore up their cybersecurity practice after one of their vehicles was infamously hacked. Her wide-ranging background in automotive also includes designing minivan seats, developing advanced service diagnostic tools, and working on internal combustion engine technology at companies like Magna and MAHLE Powertrain.

    Today she is responsible for creating and implementing processes and methodologies for global incident responses, vulnerability management, and risk assessments at Mitsubishi Electric Automotive America. Her work also involves developing and integrating cybersecurity protection into advanced vehicle electronics with a focus on defense-in-depth and next-generation security.

    Kristie holds two bachelor degrees in Mechanical Engineering and Electrical Engineering from the General Motors Institute (Kettering University), and has experience in all phases of the product development lifecycle—from advanced R&D, through product development and launch, to post-production operations and aftermarket service.

  • speaker photo
    Quin DeVries
    UX Researcher, Automotive Cybersecurity, Mitsubishi Electric Automotive America

    Quin DeVries is exploring the realm where technology and human behavior meet to create engaging user experiences. As a curious researcher, he is eager to tackle the challenges of today and the future.

    His research background includes topics in design thinking and ideation in engineering, managerial accounting and neuropsychology, and social and cognitive behavioral science. Quin has also designed and moderated usability studies to examine existing systems to make recommendations for clients such as SAP and The University of Michigan.

    Currently Quin is interning at Mitsubishi Electric Automotive America, using market research, survey data, and usability tests with prototypes to understand user’s perceptions of cyber security in the automotive space, modalities of alerts for a cyber-attack on the vehicle, and disconnecting solutions.

    Quin is in his second year of his Master of Information Science with an emphasis in UX Research. His background also includes and a Bachelor of Science in Psychology from Iowa State University, and he has experience in stakeholder interviews, qualitative data analysis, and human-centered design.

  • speaker photo
    Wolfgang Goerlich
    Strategist, MiSec Community

    J Wolfgang Goerlich is an active part of the Michigan security community. He hosts a YouTube video series and the Encode/Decode Security Podcast. Wolfgang regularly advises on and presents on the topics of risk management, incident response, business continuity, secure development life cycles, and more.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Don't miss out!

Join us for high-quality, affordable cybersecurity training and networking. Sign up today!