googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Tuesday, October 1, 2019
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    Advisory Council Breakfast - (VIP / INVITE ONLY)
    • session level icon
    Topic: How to Build Your Personal Brand
    speaker photo
    CIO, Georgia State Defense Force, Former CIO, The White House
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: 353

    This session is for Advisory Council members only.

    8:00 am
    [SecureWorld PLUS] Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 251C

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 1 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 252A

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    8:30 am
    Social Media and Filter Bubbles: How People and Businesses Are Targeting Users
    • session level icon
    speaker photo
    Business Leader, Information Security, NSF International
    speaker photo
    Technical Manager, Information Security, NSF International
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 250B
    Social media sites are tracking user data and creating filtered user content, also known as “filter bubbles.” Despite research, many users and small businesses are not familiar with the data these sites collect on them, nor are they aware that they are being targeted.

    With people relying heavily on social media, including over 65% of users making it their number one news source, there is an obligation to educate social media users on their privacy risks. A developed API allows for micro-targeting of users as part of a digital strategy. How is this being done and are there examples?

    Just as businesses target consumers, public officials are doing the same. It may not be done via leaked/hacked data; it can be done through a well-crafted API. Social media platforms give public officials the ability to gain user-supplied data for tracking and targeting.

    Could social media APIs continue to be exploited, creating user-specific filter bubbles? How can we prevent this from happening? Is this something that could be regulated, and should public officials or elections be allowed to run social media campaigns?

    8:30 am
    Addressing the Talent Gap in Secure Systems Engineering
    • session level icon
    speaker photo
    Director of Cybersecurity, GE Healthcare
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 251B

    To get out of perpetual reaction mode, we need more professionals with systems engineering experience to provide proactive, preventative security expertise. Those are rarest of the rare in a field of talent often described as having negative unemployment. Matt show the skills needed, how to find the talent that’s already there, and ways to develop more from within existing teams.
    Presentation Level: MANAGERIAL (security and business leaders)

    8:30 am
    IoT, a Legal Look: Identifying and Addressing Risks of Connected Devices
    • session level icon
    speaker photo
    Founder & CEO, Ossian Law P.C.
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 250C

    The convenience of an increasing number of smart devices in our professional and personal lives cannot be denied. But along with that convenience come security and privacy risks. Information Technology lawyer Kathy Ossian will identify risks, provide many examples, and offer tips for both providers and users toward managing the risks.
    Presentation Level: MANAGERIAL (security and business leaders)

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    [OPENING KEYNOTE] Business Email Compromise: Real World Stories and Practical Defense
    • session level icon
    speaker photo
    Special Agent, Global Investigative Operations Center, United States Secret Service
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    The average loss from a bank robbery is about $3,000. The average loss from a successful Business Email Compromise (BEC) attack is nearly $130,000. That kind of math explains why BEC is rampant, and every type of organization is at risk. During this presentation, hear from the point person on BEC cases investigated by the U.S. Secret Service. He’ll share true crime examples of and practical steps for defense against BEC losses, which now stand at $13.5 billion in the last six years.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    10:15 am
    Mark Gelhardt Book Signing in the CyberLounge on the Exhibitor Floor
    • session level icon
    Quantities are limited and will be distributed on a first-come, first-served basis.
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 12:00 pm
    Location / Room: Exhibitor Floor

    Mark Gelhardt will be signing copies of his book, “My Time at The Clinton White House.”
    Find him in the CyberLounge on the Exhibitor Floor at the following times:
    10:15 a.m. – 12:00 p.m.
    1:00-1:15 p.m.
    BOOK SYNOPSIS:
    Colonel Mark Gelhardt had an atypical military career that landed him in The White House next to the President of the United States, where he was responsible for the last link of communications between the President and the rest of the U.S. government. While a Lieutenant Colonel (LTC) in the Army, Mark was selected by top federal officials to be the Commander of the Data Systems Unit, as part of the White House Communications Agency. In this position, he supported the President as the Chief Information Officer (CIO) for all classified IT used by The White House. LTC Gelhardt served at the White House for over four years (1995-1999), working with President Clinton and his staff almost every day, both on the White House grounds and traveling worldwide. This gave him unfettered access to the inner workings of The White House and the Presidency. Since retiring from the Army in 2001, Mark has been asked by many people about his time at The White House. Mark has many stories about what happened behind closed doors, and proudly speaks about the outstanding support done by the fantastic military members that support the Commander-in-Chief. Mark has taken the time to chronicle his experiences about his day-to-day job at The White House, as well as some of the funny stories he picked up along the way. Please enjoy this non-political book with surprising behind-the-scenes stories. I hope they provide you with some insight to the wonderful military members that work so hard to keep you safe every day in support the of President and Commander-in-Chief.

    11:00 am
    Advisory Council Roundtable: (VIP / Invite Only)
    • session level icon
    Topic: Vendor Risk Management
    speaker photo
    AVP, Information Security, Amerisure Insurance
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 353

    This session is for Advisory Council members only.

    11:15 am
    Tribal Security: Leading and Empowering International Teams
    • session level icon
    speaker photo
    Deputy CISO, State of Washington
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 251B
    Managers tend to focus on the language, communication, and time zone challenges when working with overseas teams. Cultural dimensions—those impacting a consistent vision of security—get lip service. This ignores the impact of tribal mores at the core of all cultures. We will discuss the practical use of Hofstede’s characteristics of national culture to both nurture a unified strategy for delivering successful outcomes and maintaining strong teams.
    11:15 am
    [Radware] Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Security Evangelist, North America, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 251A

    Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    11:15 am
    [Trend Micro] What You Should Know About Container Security
    • session level icon
    speaker photo
    Solutions Architect, Trend Micro
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 250B

    Container adoption is growing. With new technologies come new threats and new things to think about in terms of security. Trend Micro, a leader in cybersecurity for over 30 years can help demystify some of these threats and show you how to protect your container workloads.

    11:15 am
    Communicating Technology Risk to Non-Tech People: Helping Organizations Understand Bad Outcomes
    • session level icon
    speaker photo
    Director, Risk Science, FAIR Institute
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 250A

    Communicating risk to nontechnical people is difficult. As security professionals, we can recite the threats and vulnerabilities that are impacting our organizations and we often call those risks. This can influence executives sometimes, but often fails to resonate and connect with the decision makers in the way we want . This session will discuss how to translate threats and vulnerabilities into business risks that executives care about. A review of the weaknesses of traditional technology risk assessment methodologies is offered and an introduction to Cyber Risk Quantification (CRQ) is covered. Example risk reporting to the board is also included.

    11:15 am
    [Tenable] Seeing the Forest Through the Trees: A Risked-Based Approach to Maturing Your VMP
    • session level icon
    speaker photo
    Sr. Security Engineer, Tenable
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 250C
    Tenable products help you accurately identify, investigate and prioritize vulnerabilities. Secure your cloud, containers, OT devices and traditional IT assets. Translate technical data into business insights. Brought to you by the creators of Nessus. Effectively prioritizing vulnerabilities is fundamental to cybersecurity. Predictive Prioritization enables you to zero in on remediating the vulnerabilities that pose the greatest risk to your business. In this session, we’ll discuss cyber exposures and how predictive prioritization can improve your vulnerability management efforts—and allow you to focus on what matters first to reduce risk and close your cyber exposure gap.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Topic: Vulnerability and Patch Management
    speaker photo
    Technical Leader, Cyber Threat Intelligence, Ford Motor Company; President, Michigan InfraGard Members Alliance
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 353

    This session is for Advisory Council members only.

    12:15 pm
    [LUNCH KEYNOTE] How to Manage Your Own Career to Get to the Top
    • session level icon
    speaker photo
    CIO, Georgia State Defense Force, Former CIO, The White House
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    Do you have a plan for your future? Why not? You are the leader of your own destiny! You need to look at where you are, where you want to go, and have a plan to get there. We will talk about how to develop a plan, what to think about, and how to put one foot in front of the other to get to your end goal. We will also talk about how to manage up to your boss to get what you need to help you in your own career. Col. Mark Gelhardt made it to The White House managing his own career, and stood next to the President of the United States. He will tell you how he did it; if he can do it, so can you!

     

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
    Panelists:
    Ron Winward, Radware
    Matthew Gardiner, Mimecast
    Chris Burrows, CBI Secure
    John Fatten, Cisco
    Jams Honey, SailPoint
    Moderator: Larry Wilson

    1:15 pm
    Panel: You Got Burned, Now What? (Incident Response)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 250A

    We’ve all heard the adage that it’s not if it happens but when you are inevitably breached. Do you have a plan? Even a framework to go off of? What do you include? Who do you include? How often should you be practicing this plan? Join our experts as they discuss incident response plans, who should be involved, best practices, and pitfalls.
    Panelists:
    Adam Gates, Malwarebytes
    Gaurav Kulkarni, Reliaquest
    Gene Kingsley, UMass and InfraGard
    Moderator: Clark Crain

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    CISO Ventures Panel: Are Cybersecurity Startups Meeting Expectations of Buyers Taking a Risk on Them?
    • session level icon
    speaker photo
    Founder & Managing Director, Whiteboard Venture Partners
    speaker photo
    Director of Cybersecurity, GE Healthcare
    speaker photo
    CIO, Inteva Products
    speaker photo
    SVP and Chief Information Security & Privacy Officer, Flagstar Bank
    speaker photo
    VP, Applications, Lear Corporation
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 250A

    The number of cyber startups is growing exponentially, with 4300+ cybersecurity companies worldwide including several private “unicorns”. With so many startups engaged in helping organizations achieve cybersecurity outcomes, how do organizational decision makers think about the risks involved in working with them? A panel of CXOs will share their expectations of and experiences with cybersecurity startups, including how they use solutions from startups to meet existing and emerging cybersecurity challenges.

     

    3:00 pm
    It’s Not Easy Being Blue: When Do Cyber Defenders Become Rock Stars?
    • session level icon
    speaker photo
    Sr. Manager, IT Security, BorgWarner
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 250C

    Cyber Defenders, or members of the Blue Team, don’t often get chances to look like cool Top Gun pilots like members of the Red Team. This presentation is focused on changing that, with real stories, examples, and best practices to help elevate the Blue Team to rock star status within all aspects of the business.
    Takeaways and Benefits for attendees: 
    – Learn why Blue Teams historically have had difficulty in displaying their value add
    – Examples of real world projects and initiatives put on by Blue Teams an how they were presented to all aspects of the business
    – Opportunities on how to enable the business to flourish securely
    – Discussion opportunities for industry peers to assist with idea sharing
    – Useful reports that provide value, not just numbers
    – Quick wins to take home and put into place tomorrow

    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    3:00 pm
    Building a Daily Security Investigation Playbook
    • session level icon
    speaker photo
    Information Security Professional, Harwinet LLC
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 250B
    As Defenders of Corporate Networks, we are presented with a myriad of potential security data points. This session will help mature your organizations’ information security by building a consistent daily process to identify key security indicators. We will review how to construct a daily security operations process which will allow you to:
    -Reduce Time to Detection
    -Prioritize Investigations
    -Increase Threat Hunting Effectiveness
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    3:00 pm
    [Mimecast] Phishing Isn't Phun: 10 Techniques to Address this Widely-Used Attack Vector
    • session level icon
    speaker photo
    Principal Security Strategist, Mimecast
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 251A
    It is no secret that phishing in all its forms remains the #1 entry vector for both skilled and less skilled cybercriminals. while there is no single way to defend against them, there are at least 10 techniques and strategies that can be applied by organizations and their email security vendors to dramatically reduce their impact. Like all things in security these techniques must constantly evolve right along with those of the attackers. In this session I provide the latest perspectives gleaned from both industry and Mimecast’s years of experience dealing with defending against phishing.Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    3:00 pm
    WTH Is a Privacy Engineer?
    • session level icon
    speaker photo
    Privacy Engineer, IT Security and Compliance , Steelcase Inc.
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 251B

    Until recently, this role didn’t exist (or was done by others under a different name). Thanks to the EU’s General Data Protection Regulation (GDPR) and huge privacy breaches, it is becoming more popular. Ensuring privacy requirements across business technology solutions is hard to define. much less do. without a plan. Using International Associations Privacy Professionals’ (IAPP) Certified Privacy Technologist curriculum and some of their member resources, come learn what privacy tips and tricks you can add to your security tool set to up your team or personal privacy game.

    3:00 pm
    [SecureWorld PLUS] Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 251C

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:00 pm
    SecureWorld PLUS Part 2 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 252A

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    4:00 pm
    After Party: Enjoy Bites and Beverages with Fellow Security Professionals Compliments of GuidePoint Security
    • session level icon
    Stop by booth #500 to RSVP
    Registration Level:
    • session level iconOpen Sessions
    4:00 pm - 6:00 pm
    Location / Room: Apparatus Room (in the Detroit Foundation Hotel)

    Need to relax after a great day at SecureWorld? Join us to mingle with cybersecurity professionals and enjoy delicious bites, and beverages.
    4-6 p.m.
    The Apparatus Room (in the Detroit Foundation Hotel)
    250 W Larned St.
    Detroit, MI 48226

  • Wednesday, October 2, 2019
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    [SecureWorld PLUS] Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 251C

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 3 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 252A

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    8:30 am
    InfraGard Michigan Chapter Meeting
    • session level icon
    InfraGard Members Only
    speaker photo
    Sr. Security Architect, SecureWorks
    Registration Level:
    • session level iconVIP / Exclusive
    8:30 am - 9:15 am
    Location / Room: Keynote Theater

    Join InfraGard for their chapter meeting.
    This session is for InfraGard members only.

    8:30 am
    Third-Party Risk: Creating and Managing a Program that Works!
    • session level icon
    speaker photo
    Managing Director, UHY Consulting
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 250C

    Every organization is concerned with third-party risk. No one wants to be the next Target breach. This session will examine the components of third-party risk management and give you some leading practices on how to develop a workable and sustainable process.

     

    8:30 am
    Culture and Collaboration: How Working Together Builds the Bridge Between People, Process, and Technology
    • session level icon
    speaker photo
    Americas Lead for Human Cyber Risk and Education, EY
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 250B

    Having worked in many different industries, company sizes, and employee populations as both a consultant and practitioner, I’ve seen the good, bad, and ugly ways companies approach security awareness. The one thing that I have seen consistently in “good” awareness programs is the willingness to collaborate with groups outside of the security team. Attendees will learn how to leverage marketing, physical security, corporate communications, HR, legal, and yes, even employee health into a holistic approach to securing the human.

    8:30 am
    [Panel] The Future of Transportation: Navigating the Automotive Cybersecurity Ecosystem
    • session level icon
    speaker photo
    Associate Principal, GRIMM, a Cyber Research, Consulting & Education firm
    speaker photo
    Sr. Director, Automotive Product Security, Harman
    speaker photo
    Sr. Manager, Automotive Cybersecurity, Mitsubishi Electric Automotive America
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 250A
    This dynamic discussion features three of the leading voices in the automotive supply chain. This session will balance between technical, policy and business strategies to integrate cybersecurity to prepare the auto industry for evolvement into of connected mobility. The session will blend presentation-style information with interactive conversation. Speakers represent Tier 1 automotive suppliers and the car-hacking community to showcase a holistic approach for vehicle security. Jen, Kristie and Amy are champions for cyber education, STEAM program supporters and advocates for increasing the number of women in STEM fields.
    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    [OPENING KEYNOTE] A Fireside Chat with Dr. Larry Ponemon
    • session level icon
    speaker photo
    Chairman and Founder, Ponemon Institute
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Google the words “Ponemon Institute Research” and you’ll find more than a quarter-million results. Dr. Larry Ponemon is the Chairman and Founder of the Institute, which does critical studies that are shaping the thoughts of IT and cybersecurity leaders around the globe. This exclusive session features an Emmy winning journalist interviewing Dr. Ponemon to uncover his insights. Hear what he thinks are the most crucial trends, happening now, that security leaders and teams should consider. Plus, expect to learn some surprising things about Ponemon himself, including his involvement in cryptography and a codebreaking group that tracked enemies of the United States.

     

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: Converging all Aspects of the Cybersecurity Operation (Electronic, Physical and Personnel) Under One Roof
    speaker photo
    Professor and Director, Graduate Program, University of Detroit Mercy
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 353

    This session is for Advisory Council members only.

    11:15 am
    Building the 'Cyber 9-1-1' Hotline for US Victims of Online Crime
    • session level icon
    speaker photo
    CEO & President, Cybercrime Support Network
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 251B

    The Cybercrime Support Network (CSN) is working with federal, state, and local law enforcement and the United Way World Wide to build one national number to provide information and referral to consumers and small businesses impacted by cybercrime and online fraud. Where do victims go currently? Many call friends who work in InfoSec or even call 9-1-1 for romance scams—or even when their Facebook is not working. By 2021, CSN and partners plan to utilize the existing 2-1-1 national infrastructure to triage victims and get them to the resources they need.

    11:15 am
    [baramundi] Innovative Endpoint Management: A Security Baseline That Is Too Often Not Met
    • session level icon
    speaker photo
    Executive Account Manager, baramundi software USA, Inc.
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 250A

    This session outlines some security and patch management basic issues that are often overlooked or simply not met by many companies, leaving them exposed to attacks. Utilizing an innovative and easy to use endpoint management tool like Baramundi can quickly overcome these hurdles and dramatically improve a companies security posture.
    Presentation Level: MANAGERIAL (security and business leaders)

    11:15 am
    [Cisco] Malicious Cryptomining is Exploding - Are You at Risk?
    • session level icon
    speaker photo
    Technical Solutions Architect, Cisco Umbrella
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 250B

    With a 200x increase in crypto-related traffic in 2019, there’s never been a better time to find out if computing resources in your organization are being used without your knowledge. You may be surprised to find out which organizations, regions and company sizes are most at risk. Attackers are leveraging malicious cryptomining in your network as a starting point to execute future attacks. Join us to find out how to stop it in its tracks.
    Presentation Level: TECHNICAL (deeper dive including TTPs)

    11:15 am
    Automotive Cyber Attack: A Perspective from the Driver's Seat
    • session level icon
    speaker photo
    Sr. Manager, Automotive Cybersecurity, Mitsubishi Electric Automotive America
    speaker photo
    UX Researcher, Automotive Cybersecurity, Mitsubishi Electric Automotive America
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 250C

    Kristie Pfosi, Senior Manager, Automotive Cyber Security, Mitsubishi Electric Automotive America (MEAA), will discuss the results from an in-depth market survey on customer perception of automotive cybersecurity. While its currently not an overwhelming concern among automotive consumers, the poll indicates there is an awareness that vehicles could be susceptible to outside interference from hackers. As vehicles become increasingly connected, it’s likely consumer concerns about the issue will grow. Pfosi, an industry leader in automotive cybersecurity, will discuss the survey results and steps MEAA is taking to mitigate the problem with security systems that fulfill consumer expectations.

    11:15 am
    Putting Cybersecurity in the C-Suite - How to Create and Run a Joint Cybersecurity Operations Center
    • session level icon
    speaker photo
    Professor and Director, Graduate Program, University of Detroit Mercy
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 251A

    Cybercrime is a $6 trillion a year industry. That is why organizations need a cyber defense that incorporates a complete and provably effective set of real-world controls. Still, it is unrealistic to expect executive decision makers to understand every potential avenue of attack. And it is equally unrealistic to expect IT managers to be plugged into the overall business strategy. That’s the reason why a commonly accepted model for real-world enterprise defense is the holy grail for cybersecurity planners. This presentation will amalgamate the recommendations of a collection of internationally accepted strategic models into a single, practical cyber defense solution.
    Presentation Level: MANAGERIAL (security and business leaders)

    12:00 pm
    Advisory Council Lunch Roundtable - (VIP / Invite Only)
    • session level icon
    Topic: Protecting Your Company Data While Traveling Abroad-China?
    speaker photo
    Privacy Engineer, IT Security and Compliance , Steelcase Inc.
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 353

    This session is for Advisory Council members only.

    12:15 pm
    Joint ISSA Motor City and (ISC)2 Greater Detroit Chapter Luncheon
    Members ONLY - Lunch Served
    Registration Level:
    12:15 pm - 1:00 pm
    Location / Room: 251C

    This is intended for members only.
    Luncheon sponsored by CBI and Varonis
    Speaker provided by CBI and Varonis

     

    12:15 pm
    [LUNCH KEYNOTE] Radware: The 10 Immutable Security Facts for 2020
    • session level icon
    speaker photo
    Security Evangelist, North America, Radware
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    A presentation of top 10 security facts that will disrupt established application and infrastructure security practices. A discussion centered around questions everyone is or should be asking in 2020:

    • What is the attack surface of the public cloud?
    • Why are NIDs, HIDs, and flow collectors not adapted for cloud based infrastructure and applications?
    • How to protect APIs and cloud native applications running in dynamic, end-to-end encrypted service meshes?
    • What is Next Gen WAF and when should I consider it?
    • What are automated threats and how to protect against the 4th generation bots?
    • Is deep learning an inexorable technology as attackers get automated and attacks more sophisticated?
    • What will be the impact of 5G on application security and availability?

    Presentation outline
    A top 10 is subjective in nature, but it wasn’t just pulled out of thin air. The 10 facts are based on trends in recent threats, my own security research, and discussions with CISOs and security leaders.

    The Top 10 security facts for 2019/2020:

    1. The Attack Surface of the Public Cloud is defined by Permissions
    2. The Insider thread of the Public Cloud is the Outsider
    3. HIDs, NIDs, and Flow Collectors are pointless for Securing Cloud-based Applications
    4. WAF does not keep up with Cloud Native Applications
    5. East-West Traffic is getting Encrypted
    6. Attackers are getting Automated
    7. Attacks are getting more Sophisticated
    8. APIs are the new Front-end
    9. Machine and Deep Learning become essential for Threat Detection
    10. 5G will fuel the next IoT Explosion

    Starting the discussion with an overview of the current threat landscape, illustrating with real-world incidents in following categories:

    1. Cloud infrastructure abuse
    2. Data breaches through publicly exposed S3 buckets
    3. Ransom of poorly secured cloud data services
    4. Cloud Infrastructure owning and wiping
    5. Cloudification of DDoS attacks
    6. Automated threats

    A quick run through of the top 10 security facts.

    The rest of the discussion will lead to the 10 facts and is organized in 4 chapters, each centering around a top of mind topic:

    1. Migrating to the cloud
    2. Cloud Native Applications
    3. Automated Threats
    4. 5G/IoT Intersection

    Each chapter is summarized with the top security facts that were demonstrated throughout the discussion

     

    1:15 pm
    Panel: Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
    Panelists:
    Kirk Soluk, ProofPoint
    Joshua Borges, Bitdefender
    Rob Maynard, Trend Micro
    Brian Canaday, Qualys
    Dan Hoban, Nuspire
    Kyle Rohan, GuidePoint Security
    Moderator: Bob Bacigal

    1:15 pm
    Panel: The Battle for the Endpoint Continues (Endpoint Security)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 250A

    What are you doing to keep the network safe for your employees? You’ve got your fancy next-gen firewall and some A/V. Maybe even some biometrics or 2FA thrown in for safekeeping. We also keep hearing the IAM acronym thrown around. And what is Zero Trust? What are you missing? Oh, yeah… remote workers and IoT. Wouldn’t it be cool if you had someone to ask? Now you do. This panel will go through these questions and more. Join the group discussion as we address the challenges in endpoint and network security.
    Panelists:
    Rob Walk, Tenable
    Chris Pittman, BlackBerry/Cylance
    Dave Carter, Fortinet
    James Honey, SailPoint
    Moderator: Ryan Mostiller

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Penetrating Software Development
    • session level icon
    speaker photo
    Chief Information Security & Privacy Officer, WorkForce Software
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 250B
    Security is often second to features when it comes to software development priorities. Here’s some tips for raising the visibility of security and for building security into the agile timeline.

     

    3:00 pm
    Bring the Championship to the Midwest: Become a CyberPatriot Mentor!
    • session level icon
    speaker photo
    Sr. Cybersecurity Researcher, GE Digital
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 250C

    This session will explain a way for hackers and cybersecurity professionals to pay-it-forward and volunteer to be a coach or mentor in the fastest middle school and high school competition in the nation: CyberPatriot.
    The attendees will learn about CyberPatriot, the premier national youth cyber education program created to inspire high school and middle school students toward careers in cybersecurity or other science, technology, engineering, and mathematics (STEM) disciplines critical to our nation’s future. Do you have what it takes to inspire students to join a CyberPatriot team and compete virtually with over 6,000 teams across the US for bragging rights, scholarships, internships, and jobs? Help us bring the championship to the Midwest by joining this session, and be a part of the solution this skills shortage has caused.
    Presentation Level:
    MANAGERIAL (security and business leaders)

    3:00 pm
    Zero Trust: The Elements of Strategy
    • session level icon
    speaker photo
    Advisory CISO, Duo Security, Cisco
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 251A

    Philosophies for securing technology has crashed over our industry in waves. Capability-based security locked down IT (except when it didn’t.) Risk-based security prioritized efforts and focused us on securing the business (when people listen.) Threat-centric security cleared everything up by explaining what the bad guys were doing (with file hashes and IP addresses.) Following these less than successful philosophies, trust-centric security has entered the scene. This session will cover zero-trust strategies and highlight case studies of organizations leveraging zero-trust to align and coordinate tactics. Trust is neither binary nor permanent, and neither is real-world security.

Exhibitors
  • ACP Michigan
    Booth:

    The Association of Continuity Professionals (ACP) is a non-profit trade association dedicated to fostering continued professional growth and development in effective Contingency & Business Resumption Planning. ACP is the recognized premier international networking and information exchange organization in the business continuity industry.

  • AmeriNet
    Booth: 512

    AmeriNet is a total solutions provider of networking, business collaboration, storage and security products. Our strength is derived from a combination of technical and engineering experience and product excellence. We partner with industry-leading manufacturers of technology. These partnerships allow us to provide comprehensive solutions in Security, Cloud, LAN/WAN Switching and Routing, Network Management and Diagnostics, Unified Communications, Wireless, and Storage solutions. Together we will deploy the right solutions and technology to ensure the continued success of day-to-day operations and objectives of our customers.  For more information, visit https://www.amerinet.com/about-us.

  • Armis, Inc
    Booth: Pavilion: 538

    Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust Armis’ unique out-of-band sensing technology to discover and analyze all managed and unmanaged devices, analyze endpoint behavior to identify risks and attacks, and protect information and systems.

  • Automation Alley
    Booth:

    Automation Alley is a nonprofit technology and manufacturing business association and Michigan’s Industry 4.0 knowledge center, with a global outlook and a regional focus. We connect industry, academia and government to fuel Michigan’s economy and accelerate innovation. We offer programs and services in business growth, entrepreneurship, talent development, defense and international business, providing resources and knowledge to help our members grow and prosper in the digital age.
    Our Mission
    The mission of Automation Alley is to position Michigan as a global leader in Industry 4.0 by helping our members increase revenue, reduce costs and think strategically during a time of rapid technological change.
    Our Vision
    Michigan is the leading applied technology and innovation state in the world.

  • baramundi software USA, Inc.
    Booth: 304

    baramundi Software provides companies and organizations with efficient, secure, and cross-platform management of workstation environments.

    The baramundi Management Suite (bMS) combines all important features for Endpoint Management: Patch Management, Software Deployment, OS-Installation, Enterprise Mobility Management, Vulnerability Assessment, and more. bMS optimizes IT management processes by automating routine tasks and providing an extensive overview of the status of the network and endpoints. In doing so, it relieves pressure on IT administrators and ensures that users always have the necessary rights and applications on all platforms and form factors; whether on PCs, servers, notebooks, mobile devices or Macs.

    Over 3,000 customers around the world benefit from nearly two decades of experience and the easy-to-use software solution.

  • Bitdefender
    Booth: 334

    Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.

    From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.

  • BitSight
    Booth: Pavilion: 540

    BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog, or follow @BitSight on X.

  • Booth: 330
  • Bugcrowd Inc.
    Booth: 534

    By combining the world’s most experienced team of bounty experts and the market’s only enterprise-grade bug bounty platform, Bugcrowd connects organizations to a global crowd of trusted security researchers to identify vulnerabilities—before the  adversaries do.

  • CBI Varonis
    Booth: 326

    CBI is a leading cybersecurity advisor to many of the world’s top tier organizations. Founded in 1991, CBI provides innovate, flexible and customizable solutions that help ensure data is secure, compliant and available. We engage in an advisory-led approach to safeguard our clients against the ever-changing threat landscape—giving them comprehensive visibility into their entire security program and helping them avoid cyber challenges before they can impact their data, business and brand. We are dedicated to the relentless pursuit of mitigating risks and elevating corporate security for a multitude of industries and companies of all sizes.

    Varonis is a pioneer in data security and analytics, specializing in software for data protection, threat detection and response, and compliance. Varonis protects enterprise data by analyzing data activity, perimeter telemetry, and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • Checkmarx Inc.
    Booth: 200

    Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.

  • Check Point Software Technologies
    Booth: Pavilion: 524

    Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • Cisco
    Booth: 318

    Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.

  • Cobalt
    Booth: 340

    Cobalt’s Pentest as a Service (PtaaS) platform is modernizing traditional pentesting. By combining a SaaS platform with an exclusive community of testers, we deliver the real-time insights you need to remediate risk quickly and innovate securely.

  • Contrast Security
    Booth: Pavilion: 526

    Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast’s patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.

  • CrowdStrike
    Booth: 344

    CrowdStrike sets the standard for cybersecurity in the cloud era. The CrowdStrike Falcon® platform protects and enables the people, processes, and technologies that drive modern enterprise, delivering superior protection, better performance, reduced complexity, and immediate time-to-value. CrowdStrike secures the most critical areas of enterprise risk—endpoints and cloud workloads, identity, and data—to keep organizations ahead of today’s adversaries and stop breaches.

  • deepwatch
    Booth: Pavilion: 500

    deepwatch’s cloud SecOps platform and relentless customer focus are redefining the managed security services industry. Designed to be different, deepwatch provides customers with world-class managed security services and unrivaled value by extending their cybersecurity teams, curating leading technologies into deepwatch’s cloud SecOps platform, and proactively driving their SecOps maturity.

  • DRI International
    Booth: 214

    Disaster Recovery Institute International (DRI) is the nonprofit that helps organizations around the world prepare for and recover from disasters by providing education, accreditation, and thought leadership in business continuity and related fields. Founded in 1988, DRI International has 15,000+ certified professionals in more than 100 countries and conducts native-language training in more than 50 countries, offering in-depth courses ranging from introductory to master’s level, as well as specialty certifications. The organization’s annual DRI Conference brings together leading business continuity professionals from both the public and private sector to share best practices and participate in continuing education and volunteerism.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • ECTF
    Booth:

    As a result of the amalgamation of advanced technology and the Internet, both the quantity and sophistication of cybercrimes targeting U.S. financial institutions and critical infrastructure have increased. Today, criminal trends show an increased use of phishing emails, account takeovers, malicious software, hacking attacks and network intrusions resulting in significant data breaches. To protect the nation’s financial infrastructure from cyber and financial criminals, the Secret Service has adopted a multipronged approach.

  • Egnyte
    Booth: 204

    Egnyte is the only secure content platform that is designed specifically for business. Egnyte provides teams with secure file sharing capability and access to content delivered at hyper-speed, regardless of file size, location, device or bandwidth.  More than 15,000 of the world’s most demanding and regulated businesses in more than 120 countries around the globe trust Egnyte to manage their content on the cloud.

  • ForgeRock / Ping Identity
    Booth: 338

    ForgeRock is a global leader in digital identity that delivers modern and comprehensive identity and access management solutions for consumers, employees, and things to simply and safely access the connected world. Using ForgeRock, more than 1,300 global customer organizations orchestrate, manage, and secure the complete lifecycle of identities from dynamic access controls, governance, APIs, and storing authoritative data—consumable in any cloud or hybrid environment. The company is headquartered in San Francisco, California, with offices around the world.

    For more information and free downloads, visit www.forgerock.com or follow ForgeRock on social media.

  • Fortinet
    Booth: 532

    Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.

  • Gigamon
    Booth: 512

    Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com. 

  • GuidePoint Security LLC
    Booth: 500

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

  • HTCIA Michigan
    Booth: 208

    We are the Michigan chapter of the worldwide High Technology Crime Investigation Association. Our membership consists of people from the private and public sectors. We have members from the U.S. Attorney’s Office, The State of Michigan, FBI, Treasury, and Customs. We also have members who represent cities, counties and townships, as well as universities and law enforcement.

  • InfraGard Michigan
    Booth:

    InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. With thousands of vetted members nationally, InfraGard’s membership includes business executives, entrepreneurs, military and government officials, computer professionals, academia and state and local law enforcement; each dedicated to contributing industry specific insight and advancing national security.

  • ISC2 Greater Detroit
    Booth: 210

    ISC2 is consists of over 80,000 members worldwide. Our chapter program provides members a forum to facilitate the exchange of knowledge and ideas, development of leadership and professional skills, and advancement of information systems security. We also provide our members with access to a variety of industry resource and educational programs to keep our members informed of the latest advances in technology and techniques. The Greater Detroit chapter was been established in 2012 to help bring together local professionals. Our members consist of ISC2 credentialed professionals who hold either a SSCP, CAP, CSSLP, and/or a CISSP or advanced concentration certification.

  • ISACA Detroit
    Booth:

    Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the metro Detroit area.

  • ISSA Motor City
    Booth:

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals. The Motor City chapter is located in the automotive capital of the United States, Detroit, MI. Our chapter is committed to educating, consulting, advising, and overall improving information security for our technology infrastructures.

  • IT in the D
    Booth: 216

    Networking for Information Technology professionals in metro Detroit. Podcast live on Monday nights from 9-11 p.m. EST, with hosts Bob Waltenspiel and David Phillips.

  • ITS
    Booth: 530

    Hello. We’re ITS. We believe that the best IT advisors to work with are practitioners who have lived in your customer’s shoes. People who know their stuff. People who will get their hands dirty. People who care about outcomes. That’s the team we’ve built at ITS. We are seasoned Security professionals working with platform consultants and developers. More at www.itsdelivers.com

  • Ixia, a Keysight Business
    Booth: 346

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Kenna
    Booth: Pavilion: 504

    Kenna was built on the premise that cyber risk must be managed as an enterprise-wide effort. We believe cyber risk can only be effectively mitigated when the whole organization works as one, focused in the same direction and on the right target.

  • Malwarebytes
    Booth: 226

    Malwarebytes secures endpoints, making workplaces resilient. Our adaptive attack protection predicts and detects attacks with multi-layer detection across the kill chain. We enable active threat response with machine learning that is actionable and automated, allowing for full recovery when a compromise occurs. We empower enterprise endpoint orchestration across siloed IT and Security organizations, simplifying security management and making responses effective. Malwarebytes makes endpoints resilient so workplaces can protect and remediate, and employees can regain control of their digital lives. Visit us at www.malwarebytes.com/business.

  • McAfee
    Booth: 328

    Founded in 1989 and headquartered in Somerset, NJ, SHI International Corp. is a $7.5 billion global provider of information technology products and services. Driven by the industry’s most experienced and stable sales force and backed by software volume licensing experts, hardware procurement specialists, and certified IT services professionals, SHI delivers custom IT solutions to Corporate, Enterprise, Public Sector and Academic customers. With 3,500 employees worldwide, SHI is the largest Minority/Woman Owned Business Enterprise (MWBE) in the United States and is ranked 12th among CRN’s Solution Provider 500 list of North American IT solution providers. For more information, please

  • MC3 (Michigan State Police)
    Booth: 300

    The Michigan Cyber-Command Center is directed by the Michigan State Police from within the stateÕs Emergency Operations Center. The cyber-command is staffed by a select group of skilled public and private professionals who are highly trained in emergency response to cyber-events. When activated after a security threat, the command is tasked with restoring computer systems and minimizing damage, as well as deploying rapid-response teams that help secure networks in addition to their aid in the development of training standards. In short, the MC3 is responsible for the coordination of combined efforts of cyber emergency response during critical cyber incidents in Michigan. Emphasis is placed upon prevention, response, and recovery from cyber incidents.

  • Mimecast
    Booth: Pavilion: 222

    Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.

  • Mobile Technology Association of Michigan
    Booth:

    The Mobile Technology Association of Michigan (MTAM) is a non-profit trade association for Michigan’s mobile/wireless (connected) technologies industry, businesses that provide these technologies, and the businesses – in all industries – that use these technologies. We are the first state-based mobile/wireless (connected) technologies trade association in the U.S. and we are focused on increasing demand for Michigan-based mobile/wireless technology products and services within the state, nationally and globally, thereby generating increased entrepreneurial and enterprise-level opportunities and creating sustainable jobs in Michigan.

  • Netskope
    Booth: 332

    The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.

  • Nexum
    Booth: 518

    Nexum, Inc. is a cybersecurity and networking company that builds and secures global networks for organizations across multiple verticals around the world. In addition to its Chicago headquarters, Nexum has sales, training and support presence in Kentucky, Michigan, New Hampshire, Ohio, and Wisconsin, as well as the Security and Network Operations Command Centers (SNOCC) in New Mexico and Illinois.

  • Nuspire
    Booth: 221

    Nuspire is the Managed Security Services (MSS) provider of choice, delivering the greatest risk reduction per cyber-dollar spent. The company’s 24×7 Security Operations Centers (SOCs) and managed detection and response (MDR) service combines award-winning threat detection and response technology with human intervention and analysis, providing end-to-end protection across the gateway, network and endpoint ecosystem. Nuspire pioneered distributed, managed security services within the enterprise and franchise market and today protects thousands of locations globally. For more information, visit www.nuspire.com

  • Okta
    Booth: Pavilion: 510

    Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.

  • Optiv
    Booth: 520

    Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.

  • ProcessUnity
    Booth: 220

    ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources.

  • Proofpoint
    Booth: 228

    Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.

    Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.

  • PwC
    Booth: 202

    Innovative solutions, breakthrough thinking, new perspectives—they all start with you. At PwC, we connect people with diverse backgrounds and skill sets to solve important problems together—for our clients and for the world at large.

    Join our global network of over 250,000 talented professionals who provide industry-focused assurance, tax, and advisory services to build public trust and enhance value for our clients and our stakeholders.

  • Qualys, Inc.
    Booth: 324

    Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 120 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

  • Radware
    Booth: 316

    Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.

  • Rapid7
    Booth: 322

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • ReliaQuest
    Booth: 310

    ReliaQuest, the force multiplier of security operations, increases visibility, reduces complexity, and manages risk with its cloud native security operations platform, GreyMatter. ReliaQuest’s GreyMatter is built on an open XDR architecture and delivered as a service anywhere in the world, anytime of the day, by bringing together telemetry from tools and applications across cloud, on-premises and hybrid cloud architectures. Hundreds of Fortune 1000 organizations trust ReliaQuest to operationalize security investments, ensuring teams focus on the right problems while closing visibility and capability gaps to proactively manage risk and accelerate initiatives for the business. ReliaQuest is a private company headquartered in Tampa, Fla., with multiple global locations. For more information, visit www.reliaquest.com.

  • SailPoint
    Booth: 336

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • Securonix
    Booth: Pavilion: 511

    Securonix is redefining threat detection and response for today’s hybrid cloud, data-driven enterprise. Securonix Next-Gen SIEM and XDR are powered by the most advanced analytics and built on a scalable, flexible cloud native architecture. Securonix leverages behavioral analytics technology that pioneered the UEBA category to reduce noise, prioritize high fidelity alerts, and enable fast and precise response to insider and cyber threats.

  • SentinelOne
    Booth: Pavilion: 506

    SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tenable
    Booth: 302

    Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

  • Thales
    Booth: Pavilion: 508

    As the global leader in cloud and data protection, we help the most trusted brands and largest organizations in the world protect their most sensitive data and software, secure the cloud and achieve compliance through our industry-leading data encryption, access management, and software licensing solutions.

  • Titus
    Booth: 520

    Titus is a leader in providing solutions that help businesses accelerate their adoption of data protection. The company’s products enable organizations to discover, classify, protect, analyze, and share information, and the open, intelligent policy manager lets customers address regulatory compliance initiatives and get more out of their existing security investments.

  • Total Compliance Tracking
    Booth: 342

    Total Compliance Tracking is dedicated to improving the operational efficiency of managing complex compliance environments to facilitate collaboration between all stakeholders to achieve completion so clients can focus precious resources back on the core value of their business.

    We connect the dots between internal IT resources, external auditing firms, and vendors to make sure each and every engagement requirement is completed in a cohesive, coordinated manner.

  • Trend Micro
    Booth: 224

    Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.

  • Trustwave
    Booth: 312

    Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries.

  • Walsh College
    Booth:

    At Walsh College, we blend business theory and real-world experience to deliver educational programs that boost career success. Our faculty are not only dedicated teachers, but also business professionals who integrate their experience into what you learn in class. Administrative staff deliver personal service in a professional learning environment.

    Founded in 1922 and celebrating more than 90 years of business education, we offer 16 business and related technology degree programs at the bachelor’s and master’s levels that are responsive to student, employer, and community needs. Walsh is a private, not-for-profit institution offering courses and services at locations in Troy, Novi, Clinton Township, Port Huron, and online.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Mark Gelhardt
    CIO, Georgia State Defense Force, Former CIO, The White House

    Colonel Gelhardt, at the pinnacle of his military career was selection to work at The White House as the CIO, supporting President Clinton, the VP, the White House Staff, and the U.S. Secret Service managing all the classified automation and telecommunications. Colonel Gelhardt is a combat veteran. Colonel Gelhardt is a well-known speaker and the author of “My time at the Clinton White House”. Since retiring from active service, Colonel Gelhardt has volunteer with many different service organizations. Currently he is the Chief Information Officer for the Georgia State Defense Force and all volunteer force keeping your state safe.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

  • speaker photo
    Tony Giles
    Business Leader, Information Security, NSF International

    Tony is an ISO 27001, ISO 20000 and ISO 9001 Lead Auditor and OSINT PenTester for NSF. Currently, Tony is a Business Leader of Information Security, also having served as Director of Operations, Director of Business Development, and Service Delivery Manager. Tony has conducted audits globally for over 10 years and worked on large-scale security implementation projects, including NIST 800-171, NIST 800-88, ISO 27001, ISO 28000, OSINT PenTesting Assessments, and other custom security standards. Tony has conducted audits for DoD suppliers and private sector organizations, implementing security assessment programs focused on multiple security controls, cryptographic erasure, and other custom security programs. Tony has worked throughout the US advancing and building information security awareness.

  • speaker photo
    Rhia Dancel
    Technical Manager, Information Security, NSF International

    Rhia is an ISO 27001 and 9001 Lead Auditor and OSINT PenTester for NSF and has previously held several auditing and technical positions in the information security and Pharma quality sectors. Rhia has completed technical writing work and audits for NSF throughout North America, working directly with customers onsite and remotely developing security control matrices. Rhia conducts risk-based security assessments using impact and probability calculations to develop and establish risk matrices to drive an organization's security plan-of-action and milestones. Rhia has developed and built a risk-based platform that supports industry best practices for treating and mitigating risk. Rhia has worked with multiple academic leaders on information security and awareness.

  • speaker photo
    Matthew Clapham
    Director of Cybersecurity, GE Healthcare

    Matt Clapham is a Directory of Cybersecurity at GE Healthcare. He and his team make products more secure.

  • speaker photo
    Kathy Ossian
    Founder & CEO, Ossian Law P.C.

    Kathy Ossian is Founder and CEO of Ossian Law, P.C., a firm focused exclusively on Information Technology Law. Kathy has practiced for 35 years; over 22 in Information Technology law. She is a frequent author and speaker on timely IT law topics and the Managing Editor of “Social Media and the Law” published by PLI. Kathy is also an Adjunct Faculty Member at Oakland University and the University of Detroit Mercy Law School. She has been named for many years as a Best Lawyer in America and a Michigan Super Lawyer in information technology law.

  • speaker photo
    Christopher McMahon
    Special Agent, Global Investigative Operations Center, United States Secret Service

    Chris McMahon is a Special Agent for the United States Secret Service. Prior to joining the Secret Service, Chris was a Prince George’s County, MD Police Officer. Chris is a well-seasoned criminal investigator specializing in cyber-enabled financial fraud, money laundering, credit card/ID fraud among other crimes. Chris began his Secret Service career out of the New York Field Office spending time between the Fraud Squad and Electronic Crimes Task Force where he earned the designation NITRO Agent for specialized training in network intrusions. While in the New York Field Office, Chris ran point on several large-scale multi-national criminal investigations targeting transnational organized crime groups. Chris is currently assigned to the U.S. Secret Service, Global Investigative Operations Center (GIOC) where he specializes in Business Email Compromise schemes and account takeovers focusing on the international nexus of cyber-enabled financial crime.

  • speaker photo
    Book Signing
  • speaker photo
    Bob Bacigal
    AVP, Information Security, Amerisure Insurance

    Bob Bacigal is the Assistant Vice President of Information Security at Amerisure Insurance. He has over 30 years of experience in information security management, risk management, incident response, disaster recovery, and business continuity planning. Prior to joining Amerisure, he held security management positions with Great Lakes BanCorp, the Federal Reserve Bank of Chicago, and Delphi Corporation. Bob is an active member of the InfoSec community and has served as President and Chairman of the InfraGard Michigan Members Alliance (IMMA) and is currently serving on its Board of Directors. He is an active member of the State of Michigan CSO Kitchen Cabinet, Detroit CISO Executive Council Governing Body, and the SecureWorld Detroit Advisory Council. Bacigal earned his bachelor’s degree in Criminology form Eastern Michigan University and is both a Certified Information Systems Security Professional (CISSP) and a Certified Information Security Manager (CISM).

  • speaker photo
    Steven F. Fox
    Deputy CISO, State of Washington

    Steven F. Fox provides security guidance to ensure risk-informed compliance with federal standards and requirements as a Deputy CISO for the State of Washington. He brings a cross-disciplinary, international perspective to the practice of information security, combining his experience as a security consultant, an IT Audit leader, and a systems engineer with principles from behavioral/organizational psychology to address security challenges.

  • speaker photo
    Ron Winward
    Security Evangelist, North America, Radware

    As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America.
    Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
    Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
    Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
    Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation.

  • speaker photo
    Rob Maynard
    Solutions Architect, Trend Micro

    Rob Maynard is a sales engineer and DevOps SME for Trend Micro. He has been in the IT field for over 11 years working with various cloud, automation, and virtualization technologies. He lives in Michigan with his wife and two children.

  • speaker photo
    Jack Freund, PhD
    Director, Risk Science, FAIR Institute

    Dr. Jack Freund is a leading voice in cyber risk measurement and management. He is an expert at building relationships to collaborate, persuade, and sell information risk and security programs. Jack is currently serving as Director, Risk Science at RiskLens and previously worked for TIAA as Director, Cyber Risk. Jack holds a PhD in Information Systems and has been named an IAPP Fellow of Information Privacy. Jack’s book on quantifying risk (Measuring and Managing Information Risk: A FAIR Approach) was inducted into the Cybersecurity Canon in 2016. Jack’s writings have appeared in the ISSA Journal and he currently writes a column for the @ISACA newsletter.

  • speaker photo
    Rob Walk
    Sr. Security Engineer, Tenable

    Rob is a passionate technologist focusing on solutions at the intersection of business and technology. He has over 20 years of industry experience architecting, deploying, and consulting on enterprise solutions. In his current role as a Sr. Security Engineer for Tenable, he helps organizations reduce risk due to Cyber Exposure.

  • speaker photo
    Stephanie Scheuermann
    Technical Leader, Cyber Threat Intelligence, Ford Motor Company; President, Michigan InfraGard Members Alliance
  • speaker photo
    Mark Gelhardt
    CIO, Georgia State Defense Force, Former CIO, The White House

    Colonel Gelhardt, at the pinnacle of his military career was selection to work at The White House as the CIO, supporting President Clinton, the VP, the White House Staff, and the U.S. Secret Service managing all the classified automation and telecommunications. Colonel Gelhardt is a combat veteran. Colonel Gelhardt is a well-known speaker and the author of “My time at the Clinton White House”. Since retiring from active service, Colonel Gelhardt has volunteer with many different service organizations. Currently he is the Chief Information Officer for the Georgia State Defense Force and all volunteer force keeping your state safe.

  • speaker photo
    Abhijit Solanki
    Founder & Managing Director, Whiteboard Venture Partners

    Abhijit Solanki is the founder of Whiteboard Venture Partners, an early stage venture capital firm helping entrepreneurs achieve their whiteboard dreams.

  • speaker photo
    Matthew Clapham
    Director of Cybersecurity, GE Healthcare

    Matt Clapham is a Directory of Cybersecurity at GE Healthcare. He and his team make products more secure.

  • speaker photo
    Dennis Hodges
    CIO, Inteva Products

    Dennis Hodges is the Chief Information Officer for Inteva Products, LLC, a position he has held since March 1, 2008. Prior to this assignment Dennis was Chief Information Officer for Delphi Interiors and Closures. Prior to joining Inteva, Dennis served as the Global Business Systems Director at Huntsman Corporation. He began his career at Shell Oil in 1985, and held various IT and Finance positions at several companies, including international assignments for Phillips Petroleum and Chevron Phillips Chemical Company. Hodges earned a Master’s of Science in Computer Science and an MBA.

  • speaker photo
    Zahira (Zah) Gonzalvo
    SVP and Chief Information Security & Privacy Officer, Flagstar Bank

    Zah joined Flagstar Bank Information Security & Privacy team in 2018 as a Senior Vice President and Chief Information Security & Privacy Officer. Prior to her CISO role, Zah was the head of ERM and the Operational Risk teams since 2013 when she joined Flagstar Bank. Zah was the Strategy Leader for Diversity and Inclusion (D&I) for the Bank since it’s inception in 2016 until December 2018. She remains a member of the D&I Executive Advisory Council.

    Prior to Flagstar, Zah was Operational Risk Director for Ally Financial. Over the course of her 25 years career, she’s worked in different supervisory roles in audit, risk, compliance and technology for Ally, GMAC, GM, Kmart Corp, Arthur Andersen, and Banco Popular de Puerto Rico.

    Zah graduated from the University of Puerto Rico with a Bachelors degree in Business, Accounting, and Management Information Systems. She also graduated from Carnegie Mellon University with a Masters of Science in IT Management and Information Security. Currently Zah is serving as board member of the Detroit CISO Community Evanta group, Mortgage Bankers Association D&I Committee and the American Lung Association of Detroit.

  • speaker photo
    Scott Bennett
    VP, Applications, Lear Corporation

    Scott Bennett leads Lear Corporation’s global applications as the Vice President of Applications, Deployment and Development. Prior to joining Lear Corporation, he served as the Global Chief Information Officer to International Automotive Components Group, a $6 billion Tier 1 automotive supplier. Before that, Scott was the North America CIO for Constellium, a Tier 1 automotive and aerospace manufacturer. With over 20 years of IT and management experience, Scott has also had senior IT leadership positions at Kaydon (a division of SKF), BorgWarner Automotive (a Tier 1 Automotive Supplier), Edcor Data Services, and Handleman Company. He earned a BBA and MBA from University of Michigan’s Ross School of Business, as well as a Master of Science in project management from Boston University.

  • speaker photo
    Ryan Mostiller
    Sr. Manager, IT Security, BorgWarner

    Ryan has nearly 10 years of experience in defending large enterprise environments, specializing in Windows and Active Directory environments. Ryan has responsibility for Incident Response, Vulnerability Management, and the Management of all Security Tools and Controls. Ryan is a proud double alumnus from Oakland University as well as husband and father.

  • speaker photo
    Marc Harwin
    Information Security Professional, Harwinet LLC

    Marc Harwin is an Information Security Professional with more than 20 years of experience. He has worked to improve Information Security at multiple Fortune 500 organizations with a focus on:
    - Security Operations
    - Vulnerability Management
    - Incident Response

    Marc has a Master of Science in Information Systems from Walsh College (4.0 GPA), and holds multiple certifications including CISSP since 2006, SANS GIAC GCIH, Certified Ethical Hacker, Microsoft (MCSE), Citrix (CCA), Checkpoint Firewall, Nessus and Qualys Vulnerability Scanning, Security+ and many more.
    .

  • speaker photo
    Matthew Gardiner
    Principal Security Strategist, Mimecast

    Matthew Gardiner is a Director of Security at Mimecast and is currently focused on email & web security, phishing, awareness training, malware, and cloud security. With more than 15 years focused in security, Matthew’s expertise in various roles includes threat detection & response, network monitoring, SIEM, endpoint threat detection, threat intelligence, identity & access management, Web access management, identity federation, cloud security, and IT compliance at RSA, Netegrity, and CA Technologies. Previously he was President and a member of the board of trustees of the security industry non-profit, the Kantara Initiative. Matthew has a BS in Electrical Engineering from the University of Pennsylvania and an SM in Management from MIT's Sloan School of Management.

  • speaker photo
    Barbara Hiemstra
    Privacy Engineer, IT Security and Compliance , Steelcase Inc.

    Barbara leads the Global Security Awareness/Phishing program to reduce risk and improve the cybersecurity culture at Steelcase. This includes creating content for employee awareness articles, training classes, and conducting multi-language phishing simulation and reporting.

    Prior to joining Steelcase, Barb was the Information Security-Governance Manager at Perrigo; the Information Security Director and the Deputy Director for IT at Kent County, Michigan; and Tech Director for Grandville Public Schools. She co-founded the West Michigan Cyber Security Consortium (WMCSC). She served on the Board and worked part-time for Cybercrime Support Network (CSN), whose goal is to bring a voice to and serve the victims of cybercrime.

    Barb holds a BA degree in Telecommunications from Michigan State University, Certified Information Privacy Technologist (CIPT), GIAC Security Leadership Certification (GLSC) and the GIAC Critical Controls Certificate (GCCC), GIAC Law of Data Security & Investigations (GLEG), and ITIL2 Foundations and Change Management certifications.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

  • speaker photo
    Happy Hour
  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

  • speaker photo
    John Berisford
    Sr. Security Architect, SecureWorks
  • speaker photo
    David Barton
    Managing Director, UHY Consulting

    David Barton is a Managing Director with UHY Consulting and practice leader of the Technology, Risk, and Compliance practice, which provides cybersecurity consulting and compliance services focused around information technology. He has over 30 years of practical experience in information systems and technology risk and controls.
    David is frequently asked to speak at national and regional events, such as SecureWorld and the Cloud Security Alliance Congress. He is the primary author of the CSA position paper on AICPA Service Organization Control Reports. He regularly provides his input and opinions for national publications such as Compliance Week, Accounting Today, and the Atlanta Journal Constitution.
    David holds an MBA and BS in Business Administration from Appalachian State University. He is Certified in Risk and Information Systems Control (CRISC), received the Certified Information Systems Auditor (CISA) designation in 1988, and is a member of the Atlanta chapter of the Cloud Security Alliance. David has active civic memberships with the Atlanta chapter of the Porsche Club of America and the Tire Rack Street Survival® program for teen driver education. He is also a certified high-performance driving instructor and former Porsche Club racer.

  • speaker photo
    Alexandra Panaretos
    Americas Lead for Human Cyber Risk and Education, EY

    With a background in broadcasting and operational security, Alex specializes in secure communications and education, awareness program development, the psychology of social engineering, human-based risk mitigation, and behavior analytics. She has over 12 years of experience developing and implementing security awareness, communication, and education strategies in Fortune 50/100 companies and other global enterprises. Alex is OPSEC Manager II Certified by the U.S. Army and the Joint Information Operations Warfare Center (JIOWC). She volunteers with local law enforcement agencies educating parents, community groups, and youth organizations on information security and social media safety in her free time.

  • speaker photo
    Jennifer Tisdale
    Associate Principal, GRIMM, a Cyber Research, Consulting & Education firm

    Jennifer Tisdale is the Associate Principal for Embedded Systems and Advanced Transportation Security Programs at GRIMM, a cybersecurity research and engineering firm. Previously, Jennifer served as R&D Program Manager of Vehicle Product Cybersecurity at Mazda North America. While at Mazda, Jennifer bridged the gap between R&D and Government Affairs, focused on cybersecurity for connected and automated vehicles. Prior Mazda North America, Jennifer developed the Cyber-Mobility program for the State of Michigan through the Michigan Economic Development Corporation’s (MEDC). In this role, Jennifer created Michigan’s economic strategy focused on cybersecurity in support of the future of transportation mobility for automotive, aerospace and defense industries. Additionally, Jennifer serves on several non-profit boards and advisory committees, and is the current Cyber Director for the National Defense Industrial Association (MI). Jennifer is charged with developing industry programming in support of the U.S. Military’s cyber-physical security initiatives including leading the Cyber Military Vehicle Industry Collaborative (MVIC). The MVIC was established to provide the U.S. Army Futures Command with industry recommendations for product security validation, prior to systems integration. Recently voted one of SC Magazine’s “Women to Watch” in Cybersecurity, Jennifer challenges the negative narrative often associated with hackers, and volunteers with several non-profit, STEM programs encouraging students and teachers to embrace cybersecurity education for Cyber-Physical Systems.

  • speaker photo
    Amy Chu
    Sr. Director, Automotive Product Security, Harman

    Amy Chu is Senior Director, Automotive Cybersecurity at HARMAN, a wholly-owned subsidiary of Samsung Electronics Co., Ltd. HARMAN designs and engineers connected products and solutions for automakers, consumers, and enterprises worldwide, including connected car systems, cyber security solutions, audio and visual products, enterprise automation solutions and services supporting the Internet of Things.

    Amy carries extensive experience in automotive product delivery and execution, leading cross-functional teams from ideation to launch. Over the past 16 years, she has led various HARMAN Program Teams in Premium Audio, Connected Car and Corporate Divisions. For the past two years, she has been heading up Harman’s Automotive Product Security Center of Excellence, and leading the global execution of HARMAN’s Security Development Lifecycle (SDL) and Incident Response. The team’s overall mission is to strengthen HARMAN’s security posture, and align product development with cyber security best practices and global standards.

    Prior to joining the Automotive Cyber Security Team, Amy served as Director of Program Management for Harman’s CTO office, managing global innovation projects for the Automotive Division. Her experience also includes leadership and engineering roles while working for Magna Electronics and Tellabs, Inc. Amy holds a Bachelor’s of Science in Electrical Engineering from Michigan State University.

  • speaker photo
    Kristie Pfosi
    Sr. Manager, Automotive Cybersecurity, Mitsubishi Electric Automotive America

    Kristie Pfosi stands at the forefront of one of automotive’s greatest challenges: cybersecurity. A well-respected policy maker and program manager with deep technology expertise, Kristie has been a champion for best practices in cybersecurity for over a decade as a technical intelligence officer at the CIA and as an OEM employee, most notably helping FCA shore up their cybersecurity practice after one of their vehicles was infamously hacked. Her wide-ranging background in automotive also includes designing minivan seats, developing advanced service diagnostic tools, and working on internal combustion engine technology at companies like Magna and MAHLE Powertrain.

    Today she is responsible for creating and implementing processes and methodologies for global incident responses, vulnerability management, and risk assessments at Mitsubishi Electric Automotive America. Her work also involves developing and integrating cybersecurity protection into advanced vehicle electronics with a focus on defense-in-depth and next-generation security.

    Kristie holds two bachelor degrees in Mechanical Engineering and Electrical Engineering from the General Motors Institute (Kettering University), and has experience in all phases of the product development lifecycle—from advanced R&D, through product development and launch, to post-production operations and aftermarket service.

  • speaker photo
    Dr. Larry Ponemon
    Chairman and Founder, Ponemon Institute

    Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management (RIM) framework.

    Ponemon Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University’s CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Corporation.

    Dr. Ponemon consults with leading multinational organizations on global privacy management programs. He has extensive knowledge of regulatory frameworks for managing privacy and data security, including financial services, healthcare, pharmaceutical, telecom, and internet. Dr. Ponemon was appointed to the Advisory Committee for Online Access & Security for the United States Federal Trade Commission. He was appointed by the White House to the Data Privacy and Integrity Advisory Committee for the Department of Homeland Security. He was also an appointed to two California State task forces on privacy and data security laws.

    Dr. Ponemon earned his Ph.D. at Union College in Schenectady, New York. He has a Master’s degree from Harvard University, and attended the doctoral program in system sciences at Carnegie Mellon University. He earned his Bachelor's with Highest Distinction from the University of Arizona. He is a Certified Public Accountant and a Certified Information Privacy Professional.

  • speaker photo
    Daniel Shoemaker
    Professor and Director, Graduate Program, University of Detroit Mercy

    Daniel P. Shoemaker, PhD, is a Full Professor and Director of the Graduate Program in Cybersecurity at the University of Detroit Mercy, where he has worked for over 35 years. He has retired from his administrative position as Department Chair, PI for the NSA Center and Subject Matter Expert for DHS and NIST. He is enjoying more time with his students and writing. He has published over 200 cybersecurity papers and articles as well as this list of books:
    • Cybersecurity “The Essential Body of Knowledge”
    • “The CSSLP Certification All-in-One Exam Guide”
    • Cybersecurity “Engineering a More Secure Software Organization”
    • “A Guide to the National Initiative for Cybersecurity Education (NICE) Framework: The Complete Guide to Cybersecurity Risk & Controls in Cyber Security”
    • ”Implementing Cybersecurity: A Guide to the NIST Risk Management Framework”,
    • “Supply Chain Risk Management: Applying Secure Acquisition Principles to Ensure a Trusted Product”
    • “How to Build A Cyber Resilient Organization”
    • “The Complete Guide to Cybersecurity Risks and Controls”
    • Information Assurance for the Enterprise: A Roadmap to Information Security”
    • “The Cybersecurity Body of Knowledge”
    • “The ACM/IEEE/AIS/IFIP Recommendations for a Complete Curriculum in Cybersecurity”

  • speaker photo
    Moderator: Kristin Judge
    CEO & President, Cybercrime Support Network

    Kristin Judge founded the nonprofit Cybercrime Support Network in 2017 to be a voice for cybercrime victims. She's a national speaker, sharing cybersecurity best practices with elected officials, businesses, and consumers. She's appeared on the C-SPAN Network and local news outlets, and been called on by numerous technology publications, to share advice for online safety. Previously at MS-ISAC and National Cyber Security Alliance, she worked as a "technology interpreter" helping nontechnical people become more secure. Kristin was an SC Media "Women in IT Security Influencer" in 2017, and authored the LinkedIn course, "Cybersecurity for Small and Medium Businesses: Essential Training."

  • speaker photo
    Holger Weeres
    Executive Account Manager, baramundi software USA, Inc.

    Holger is a seasoned UEM expert with over 20 years of experience in endpoint Automation for company of all sizes. He has designed and implemented UEM solutions for many large enterprises as well as SMB customers. As a former Product Manager in the UEM space he is also familiar with most company's general challenges and common obstacles in achieving a secure, easy to manage and support, consistent user workspace.

  • speaker photo
    John Fatten
    Technical Solutions Architect, Cisco Umbrella
  • speaker photo
    Kristie Pfosi
    Sr. Manager, Automotive Cybersecurity, Mitsubishi Electric Automotive America

    Kristie Pfosi stands at the forefront of one of automotive’s greatest challenges: cybersecurity. A well-respected policy maker and program manager with deep technology expertise, Kristie has been a champion for best practices in cybersecurity for over a decade as a technical intelligence officer at the CIA and as an OEM employee, most notably helping FCA shore up their cybersecurity practice after one of their vehicles was infamously hacked. Her wide-ranging background in automotive also includes designing minivan seats, developing advanced service diagnostic tools, and working on internal combustion engine technology at companies like Magna and MAHLE Powertrain.

    Today she is responsible for creating and implementing processes and methodologies for global incident responses, vulnerability management, and risk assessments at Mitsubishi Electric Automotive America. Her work also involves developing and integrating cybersecurity protection into advanced vehicle electronics with a focus on defense-in-depth and next-generation security.

    Kristie holds two bachelor degrees in Mechanical Engineering and Electrical Engineering from the General Motors Institute (Kettering University), and has experience in all phases of the product development lifecycle—from advanced R&D, through product development and launch, to post-production operations and aftermarket service.

  • speaker photo
    Quin DeVries
    UX Researcher, Automotive Cybersecurity, Mitsubishi Electric Automotive America

    Quin DeVries is exploring the realm where technology and human behavior meet to create engaging user experiences. As a curious researcher, he is eager to tackle the challenges of today and the future.

    His research background includes topics in design thinking and ideation in engineering, managerial accounting and neuropsychology, and social and cognitive behavioral science. Quin has also designed and moderated usability studies to examine existing systems to make recommendations for clients such as SAP and The University of Michigan.

    Currently Quin is interning at Mitsubishi Electric Automotive America, using market research, survey data, and usability tests with prototypes to understand user’s perceptions of cyber security in the automotive space, modalities of alerts for a cyber-attack on the vehicle, and disconnecting solutions.

    Quin is in his second year of his Master of Information Science with an emphasis in UX Research. His background also includes and a Bachelor of Science in Psychology from Iowa State University, and he has experience in stakeholder interviews, qualitative data analysis, and human-centered design.

  • speaker photo
    Daniel Shoemaker
    Professor and Director, Graduate Program, University of Detroit Mercy

    Daniel P. Shoemaker, PhD, is a Full Professor and Director of the Graduate Program in Cybersecurity at the University of Detroit Mercy, where he has worked for over 35 years. He has retired from his administrative position as Department Chair, PI for the NSA Center and Subject Matter Expert for DHS and NIST. He is enjoying more time with his students and writing. He has published over 200 cybersecurity papers and articles as well as this list of books:
    • Cybersecurity “The Essential Body of Knowledge”
    • “The CSSLP Certification All-in-One Exam Guide”
    • Cybersecurity “Engineering a More Secure Software Organization”
    • “A Guide to the National Initiative for Cybersecurity Education (NICE) Framework: The Complete Guide to Cybersecurity Risk & Controls in Cyber Security”
    • ”Implementing Cybersecurity: A Guide to the NIST Risk Management Framework”,
    • “Supply Chain Risk Management: Applying Secure Acquisition Principles to Ensure a Trusted Product”
    • “How to Build A Cyber Resilient Organization”
    • “The Complete Guide to Cybersecurity Risks and Controls”
    • Information Assurance for the Enterprise: A Roadmap to Information Security”
    • “The Cybersecurity Body of Knowledge”
    • “The ACM/IEEE/AIS/IFIP Recommendations for a Complete Curriculum in Cybersecurity”

  • speaker photo
    Barbara Hiemstra
    Privacy Engineer, IT Security and Compliance , Steelcase Inc.

    Barbara leads the Global Security Awareness/Phishing program to reduce risk and improve the cybersecurity culture at Steelcase. This includes creating content for employee awareness articles, training classes, and conducting multi-language phishing simulation and reporting.

    Prior to joining Steelcase, Barb was the Information Security-Governance Manager at Perrigo; the Information Security Director and the Deputy Director for IT at Kent County, Michigan; and Tech Director for Grandville Public Schools. She co-founded the West Michigan Cyber Security Consortium (WMCSC). She served on the Board and worked part-time for Cybercrime Support Network (CSN), whose goal is to bring a voice to and serve the victims of cybercrime.

    Barb holds a BA degree in Telecommunications from Michigan State University, Certified Information Privacy Technologist (CIPT), GIAC Security Leadership Certification (GLSC) and the GIAC Critical Controls Certificate (GCCC), GIAC Law of Data Security & Investigations (GLEG), and ITIL2 Foundations and Change Management certifications.

  • speaker photo
    Ron Winward
    Security Evangelist, North America, Radware

    As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America.
    Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
    Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
    Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
    Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation.

  • speaker photo
    Michael Muha, PhD, CISSP, CISM, CIPM, Certified GDPR Practitioner
    Chief Information Security & Privacy Officer, WorkForce Software

    Mike drove the global expansion of WorkForce Software’s cloud-based workforce management products from one data center to eight across the US, Europe, Canada, and Australia, and directed all compliance efforts (starting with SAS 70 and moving onto SOC 1, ISAE 3402, SOC 2, ISO 27001 certification, and EU-US Privacy Shield certification). Having led the company’s GDPR journey, he’s currently implementing a “Personal Information Management System” and additional global security controls to protect company and customer data.

  • speaker photo
    Chris Sorensen
    Sr. Cybersecurity Researcher, GE Digital

    Chris Sorensen has been in the IT industry for over 30 years practicing a wide range of specialties in multiple industries. He started in the Defense industry as a system administrator and developer before progressing to the Education sector where he taught system administration and security. From there he moved into the Automotive world where he started to focus on security full time performing forensics and eDiscovery. He moved to his current company 10 years ago to continue leading investigations, incident response, and eDiscovery in the Global Corporate and Financial sectors. He also ran a very successful Security Awareness program for 5 years, before transitioning into the Power business to mentor application developers who were implementing a secure SDLC. He is currently a global manager for Security Awareness, Training, and Education at GE Digital. In his spare time, he teaches High School AP Computer Science and is an Adjunct Instructor at the University of Detroit Mercy teaching the Cybersecurity Masters Program.

  • speaker photo
    J. Wolfgang Goerlich
    Advisory CISO, Duo Security, Cisco

    J. Wolfgang Goerlich is an active part of the Michigan security community. He hosts a YouTube video series and the Encode/Decode Security podcast. Wolfgang regularly advises on and presents on the topics of risk management, incident response, business continuity, secure development life cycles, and more.

    Prior to his current role, Wolfgang led IT and IT security in the healthcare and financial services verticals. He has held VP positions at several consulting firms, leading advisory and assessment practices. He is an active part of the security community, and regularly advises on and presents on the topics of security architecture and design.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes