Open Sessions
Conference Pass
SecureWorld Plus
VIP / Exclusive
- Wednesday, September 28, 20227:00 amRegistration openRegistration Level:
Open Sessions
7:00 am - 4:30 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] Developing a Comprehensive Ransomware Security ProgramPart 1Registration Level:SecureWorld Plus
7:30 am - 9:00 amRansomware is a specific and extremely harmful type of malware used by cybercriminals to extort money from individuals, organizations, and businesses. The infections block access to your data until you make a ransom payment, at which point you’re supposed to regain access. In reality, nearly 40% of the victims who pay the ransom never get their data back and 73% of those who pay the ransom are targeted again later – which is why everyone must protect against ransomware. In the past year, targeted ransomware attacks against government agencies, educational establishments, and healthcare providers have raised the stakes for those charged with protecting organizations. Ransomware attacks not only damage business, but also put health, safety, and lives at risk.
Active Directory has become a popular pathway for ransomware attacks. The main reason cybercriminals target Active Directory is because it serves as a gateway to the rest of the network as a service for managing, networking, grouping, authenticating, and securing users across corporate domain networks. Users and computers rely on Active Directory to access various network resources. As such, cybercriminals understand that ransomware attacks on Active Directory can wreak havoc on any organization, making it an excellent extortion mechanism.
In the fight against ransomware, organizations need to strategically prepare to protect against and respond to attacks. However, many IT organizations struggle to prioritize the appropriate initiatives to combat and mitigate the impact of ransomware. With more tools, technologies and processes than ever, a comprehensive ransomware security program is a must to help detect, prevent, respond and limit the overall exposure to ransomware and other destructive attacks. This comprehensive training course will help organizations to design, build, and manage a comprehensive Ransomware Security Program.
Part 1: Ransomware Overview (90 Minutes)
1.1 – Background & Introduction
- What is ransomware?
- How do ransomware attacks work?
- How ransomware attacks have evolved (2016) – WannaCry and Petya / NotPetya
- How ransomware attacks have evolved (2021) – REvil and Ryuk
- Top six Ransomware Attacks of 2021 / 2022
1.2 – Today’s Ransomware Problem
- Human Operated Ransomware Attacks (Double Extortion)
- Supply Chain Attacks
- Ransomware as a Service (RaaS)
- Attacking Unpatched Systems
- Phishing Emails
- Penetration Testing Tools (Cobalt Strike)
1.3 – Ransomware Attacks against Information Technology (IT) Networks and Systems
- Ransomware attack stages (initial access, lateral movement, privilege escalation, extortion, encryption)
- The Ireland Health Service Elective (HSE) ransomware attack
- How Conti Ransomware works
- Lessons learned from the HSE Ransomware Attack
1.4 – Ransomware Attacks against Operational Technology (OT) Networks and Systems
- Ransomware attack stages (initial access, lateral movement, privilege escalation, extortion, encryption)
- The Colonial Pipeline ransomware attack
- How DarkSide Ransomware works
- Lessons learned from the Colonial Pipeline Ransomware Attack
Part 2: Understanding Ransomware Attacks (90 Minutes)
2.1 – The MITRE ATT&CK Framework
- What are the current Attack Models and how do they work?
- What is the MITRE ATT&CK Framework?
- What are MITRE Tactics?
- What are MMITRE Techniques?
- What are MITRE Procedures?
- What is the MITRE D3FEND Matrix?
2.2 – Mapping Ransomware Tactics, Techniques, Procedures (TTPs) to MITRE ATT&CK
- Mapping REvil Ransomware to the MITRE ATT&CK Framework
- Mapping Conti Ransomware to the MITRE ATT&CK Framework
- Mapping Maze Ransomware to the MITRE ATT&CK Framework
- Mapping Ryuk Ransomware to the MITRE ATT&CK Framework
- Mapping DarkSide Ransomware to the MITRE ATT&CK Framework
2.3 – Pen Testing Tools and the MITRE ATT&CK Framework
- The Pen Testing Execution Standard (PTES)
- NIST SP 800-115 Technical Guide to Information Security Testing and Assessment
- The Cobalt Strike Penetration Testing Platform
- Mapping Cobalt Strike to the MITRE ATT&CK Framework
2.4 – Understanding Cyber Threat Intelligence (CTI)
- What is Cyber Threat Intelligence (CTI)?
- How does Cyber Threat Intelligence Work?
- Who are the main providers of Cyber Threat Intelligence?
- What are the main themes of Cyber Threat Intelligence in 2021?
Part 3: Building a Ransomware Security Program (90 Minutes)
3.1 – Ransomware Security Controls / Guides
- CISA_MS-ISAC Ransomware Guide
- Higher Education Ransomware Playbook
- CSBS Ransomware Self-Assessment Tool
- NIST IR 8374 – NIST Cybersecurity Framework (CSF) Guidance on Ransomware
- US Government Interagency Technical Guidance – How to Protect your Networks from Ransomware
- Canadian Centre for Cyber Security Ransomware Playbook
3.2 – NIST SP 1800 Practice Guides on Ransomware
- NIST SP1800-25 – Identifying and Protecting Assets Against Ransomware and Other Destructive Events
- NIST SP 1800-26 – Detecting and Responding to Ransomware and Other Destructive Events.
- NIST SP 1800-11 – Recovering from Ransomware and Other Destructive Events
3.3 – Free Cybersecurity Tools and Services > https://www.cisa.gov/free-cybersecurity-services-and-tools
- Tools that focus on reducing the likelihood of a damaging cyber incident
- Tools that focus on detecting malicious activity quickly
- Tools that focus on responding effectively to confirmed incidents
- Tools that focus on maximizing resilience to a destructive cyber event
3.4 – Building a Ransomware Security Program
- Cybersecurity Program Assessment: based on CIS Security Controls Scorecard
- Ransomware Program Assessment: based on CISA MS-ISAC Ransomware Controls Scorecard
- Develop a Plan of Action and Milestones (POA&M)
- Document an Executive Summary
- Conduct Read Team, Blue Team, Purple Team and Table-Top Exercises
8:00 amExhibitor Hall openRegistration Level:Open Sessions
8:00 am - 4:30 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amAdvisory Council Roundtable Breakfast – (VIP / Invite only)Registration Level:VIP / Exclusive
8:00 am - 8:50 amThis roundtable discussion is for our Advisory Council members only.
8:00 amAssociation Chapter MeetingsRegistration Level:Open Sessions
8:00 am - 8:50 amParticipating professional associations and details to be announced.
9:00 am[Breakfast Fireside Chat] BEC Attacks, Crypto, and the Investigative Powers of the Secret ServiceFinancial Fraud Investigator, Global Investigative Operations Center, U.S. Secret ServiceRegistration Level:Open Sessions
9:00 am - 9:45 am9:45 amNetworking BreakRegistration Level:Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
10:15 amBuilding and Maturing a Security Awareness ProgramInformation Security Team Leader, Rocket CentralRegistration Level:Conference Pass
10:15 am - 11:00 am10:15 amConquering Cloud ComplexityRegistration Level:Open Sessions
10:15 am - 11:00 amCloud security is hard, not least because cloud platforms change so quickly. This talk presents several lessons learned from security teams struggling to get their arms around the sprawl of modern infrastructure, using practical analogies from pandemics and earthquakes.
10:15 amPaving the Way to AppSec Program SuccessHow to build a scaleable enterprise-wide application security program.Registration Level:Open Sessions
10:15 am - 11:00 amThis presentation offers a fundamental approach to creating a foundation for an application security program that holistically addresses findings by creating a conduit between the information security teams—who often discover the issues—and the development teams, who know the application better than anyone and can re-mediate issues in the best possible fashion.
11:10 am[Panel] Automotive Cybersecurity—It Isn't OptionalProfessor and Director, Graduate Program, University of Detroit MercyCybersecurity Training Leader, The Automotive Information Sharing and Analysis Center (Auto-ISAC)Registration Level:Conference Pass
11:10 am - 11:55 am11:10 amCyber Incidents, Forensics, and Insurance: Are All Three up to Snuff?Registration Level:Open Sessions
11:10 am - 11:55 am2020 was the year of ransomware and the pandemic, and many organizations realized their IR wasn’t up to snuff, and others did not listen to external professionals helping and were re-compromised. Have you really tested your Incident Response processes? How about having a detailed post-mortem after an event? Have you looked at your cyber insurance policy to see who you are supposed to be using for assistance? This session will review going through an actual incident and what was good and what was missing in the recovery, alerting (oops, the customers are involved), and finding the root cause, and whether cyber insurance was worth it.
11:10 amRansomware Incident Command and Lessons Learned for ManagersRegistration Level:Conference Pass
11:10 am - 11:55 amThis presentation presents a practical approach to incident command for managers at all levels, irrelevant of cyber expertise. Managers of all types are asked to take charge in critical situations and can benefit from leveraging proven crisis management processes during ransomware response.
12:00 pmLUNCH KEYNOTERegistration Level:Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote Theater12:45 pmNetworking BreakRegistration Level:Open Sessions
12:45 pm - 1:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
1:15 pm[Panel] Tales from the Cloud: Doing More with LessRegistration Level:Open Sessions
1:15 pm - 2:15 pmThe cloud saved many businesses when the pandemic hit. Some were already there and found new ways to thrive. For others, it was their first jump. It’s been almost two years now. Our panel will share what we’ve learned in this journey to the cloud—from doing more with less, to the ever-present insider threat risk, to supporting our DevOps teams like never before.
1:15 pm[Panel] Incident Response!Manager-Threat IR & Forensic, Trend MicroRegistration Level:Open Sessions
1:15 pm - 2:15 pmSecurity teams are struggling to keep up with the myriad of attack vectors looming. As we emerge from the pandemic, now is the time to focus and adjust your Incident Response plan. There is a new set of tools and technologies helping squash attacks, but what happens when they fail? What’s in your IR plan that addresses the unknown, and how are your preparing? What has worked and what has not? Join our panel of experts in a valuable discussion focusing on current threats and how your company can be better equipped during these unprecedented times.
2:30 pmThe Road to IT Governance Using KRIsDirector of Cybersecurity, Little Caesars EnterprisesRegistration Level:Conference Pass
2:30 pm - 3:15 pmHaving an effective governance program is no easy task. It is partially due to a lack of visibility concerning organizational strategic and operational risks. In this presentation, we will review some examples to measure and track risk. These key risk indicators (KRIs) will provide early warning signals when risks move in a direction that may impact or prevent the achievement of organizational goals.2:30 pmHow to Build an Effective Security Awareness ProgramRegistration Level:Open Sessions
2:30 pm - 3:15 pm3:15 pmNetworking Break and Dash for PrizesRegistration Level:Open Sessions
3:15 pm - 3:45 pmLocation / Room: Exhibitor HallVisit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.
Participating sponsors will announce their Dash for Prizes winners. Must be present to win.
3:45 pm[Closing Panel] Demystifying Cybersecurity in the BoardroomSVP & Deputy CISO, KeyBankRegistration Level:Open Sessions
3:45 pm - 4:30 pmHave you ever walked into your company’s board room to give an update and feel like you’re speaking a different language? You probably are–to them. Unfortunately, this is a common occurrence many cybersecurity professionals face along with their day-to-day InfoSec tasks and challenges.Join us for a panel discussion where local InfoSec executives share their experiences reporting to the board and different tactics they’ve used that have been successful when communicating risk, along with tips for making your security team stand out amongst other business units. Open to all levels of professionals.3:45 pm[PLUS Course] Developing a Comprehensive Ransomware Security ProgramPart 2Registration Level:SecureWorld Plus
3:45 pm - 5:15 pm - Thursday, September 29, 20227:00 amRegistration openRegistration Level:7:00 am - 4:30 pm
Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] Developing a Comprehensive Ransomware Security ProgramPart 3Registration Level:SecureWorld Plus
7:30 am - 9:00 am8:00 amExhibitor Hall openRegistration Level:8:00 am - 4:30 pmYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amInfraGard Chapter MeetingOpen to all attendeesRegistration Level:Open Sessions
8:00 am - 8:50 pmDiscussion topic and agenda TBD.
9:00 amOPENING KEYNOTERegistration Level:Open Sessions
9:00 am - 9:45 am9:45 amNetworking BreakRegistration Level:9:45 am - 10:15 amVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
10:15 amTalent Development in a 'Drought' of Cybersecurity TalentSecurity & Compliance Practice Director, AHEADRegistration Level:Conference Pass
10:15 am - 11:00 am10:15 amAn Enlightened Path to AppSec Nirvana from Code to CloudRegistration Level:Open Sessions
10:15 am - 11:00 amKey Takeaway:
You’ll leave with an executable roadmap to improving the security of your applications.This session will be high-level and cover the various elements of a comprehensive application security program and how the pieces fit together. We’ll also review the various secure development models to equip you with a choice of standards you can adopt. Finally, we’ll cover sequencing and speed so you can follow a path to achieving your own AppSec nirvana.
Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)
10:15 amThreat Detection: Beyond PreventionRegistration Level:Open Sessions
10:15 am - 11:00 am11:10 amTransforming Risk into OpportunityDeputy CISO, State of WashingtonRegistration Level:Conference Pass
11:10 am - 11:55 amThis session uses the story of traversing a gorge wall leading to the base of a Central American waterfall to convey the principles of risk management. The story illustrates a practical way to structure risk management to prepare practitioners and managers to identify and create opportunities.
Attendees will learn three risk management principles that enable organizations to recognize business and enterprise opportunities.
11:10 am5 Steps to Zero TrustRegistration Level:Open Sessions
11:10 am - 11:55 amProtecting the edge of your network isn’t enough in a world where anyone can access data from anywhere. The principles of Zero Trust turn the traditional perimeter-centric model on its head and focus on securing what matters most: the data.
See how a data-centric approach to security can help you defend against ransomware, APTs, and insider threats.
We’ll break down how to get to Zero Trust, covering how to:
- Identify sensitive data with scalable classification
- Create an audit trail around sensitive data
- Architect microperimeters by limiting who has access to data
- Monitor for potential threats
- Use automation for remediation and response
Learn about what Zero Trust means and concrete steps you can take to implement it in practice.
11:10 amThird-Party Risk: Creating and Managing a Program that Works!Registration Level:Open Sessions
11:10 am - 11:55 amEvery organization is concerned with third-party risk. No one wants to be the next Target breach. This session will examine the components of third-party risk management and give you some leading practices on how to develop a workable and sustainable process.
12:00 pmLUNCH KEYNOTERegistration Level:Open Sessions
12:00 pm - 12:45 pm12:00 pmAdvisory Council Lunch Roundtable – (VIP / Invite Only)Registration Level:VIP / Exclusive
12:00 pm - 12:45 pmAdvisory Council – VIP / INVITE ONLY
12:45 pmNetworking BreakRegistration Level:12:45 pm - 1:15 pmVisit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.
1:15 pm[Panel] Securing the Code: AppSec and DevOps 101Registration Level:Open Sessions
1:15 pm - 2:15 pmEveryone says you’ve got to bake security into the development process, but it doesn’t always get done. Speed to market and “other considerations” can get in the way of good, clean secure code. Some developers share code or borrow from open-source platforms on the internet. Is that safe? How do you work with your DevOps teams to create a collaborative, proactive environment where they have the time and resources to build that security in from the beginning? How do you deal with burnout and fatigue? Our panel will address these concerns and more to help you get a handle on securing the code.
1:15 pm[Panel] The Current Threat LandscapeSecurity Research, Principal Lead, AkamaiRegistration Level:Open Sessions
1:15 pm - 2:15 pmIf we’ve learned one thing from the pandemic it’s that cybercriminals do not take breaks. They are constantly retooling and trying new approaches. They collaborate—often better than we do. It is time for us to join forces, identify the most likely of risks to our organizations, and strengthen our networks. We’ve got to get our developers on board, as well, as it’s got to be secure before it goes to market. And what about all the careless clicking from employees?
It’s a huge task, but we don’t have to do it alone. Join our panel of experts as they unpack the current threat landscape and offer ideas on how to start making effective changes within your organization.
2:30 pmThe Last 2%: The Defense in Depth Layers No One Wants to Talk AboutPerception Management, Value, and TrustRegistration Level:Conference Pass
2:30 pm - 3:15 pmHaving an effective security program is more than just having great technology. It’s about turning data into information and information into action. True success comes in the form of the business “wanting” you involved because they trust you and value the services your team provides. It doesn’t happen overnight and like any other part of your program, it needs to be deliberately designed in.
2:30 pmReducing Implicit Trust in Your Cloud Service ProviderRegistration Level:Open Sessions
2:30 pm - 3:15 pmAs organizations embark on a cloud-first strategy, they often find they’re placing excessive trust in their cloud service provider to protect the sensitivity of their organization’s assets, especially sensitive data. During this presentation, we provide an overview of how the cloud service provider requires you to participate in a shared security model and how your organization can retain control of your sensitive data encryption. In other words: your data, their cloud! We’ll discuss and show how using newer tools and techniques—that include split trust, ubiquitous data encryption, and contextual access—reduce and mitigate implicit trust in your cloud provider along with allowing you to manage your own encryption and manage access to your data in the cloud.
3:15 pmNetworking Break and Dash for PrizesRegistration Level:Open Sessions
3:15 pm - 3:45 pmVisit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.
Participating sponsors will announce their Dash for Prizes winners. Must be present to win.
3:45 pmCLOSING KEYNOTERegistration Level:Conference Pass
3:45 pm - 4:30 pm3:45 pm[PLUS Course] Developing a Comprehensive Ransomware Security ProgramPart 4Registration Level:SecureWorld Plus
3:45 pm - 5:15 pm
- Akamai TechnologiesBooth:
Akamai is the leading content delivery network (CDN) services provider for media and software delivery, and cloud security solutions.
- Armis, IncBooth:
Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust Armis’ unique out-of-band sensing technology to discover and analyze all managed and unmanaged devices, analyze endpoint behavior to identify risks and attacks, and protect information and systems.
- Checkmarx Inc.Booth:
Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.
- CybereasonBooth:
Cybereason was founded in 2012 by a team of ex-military cybersecurity experts with the mission of detecting and responding to complex cyber-attacks in real time. Cybereason is the only Endpoint Detection and Response platform deployed in user space that detects both known and unknown attacks and connects isolated indicators of compromise to form a complete, contextual attack story. Cybereason’s behavioral analytics engine continuously hunts for adversaries and reveals the timeline, root cause, adversarial activity, related communication and affected endpoints and users of every attack. Cybereason provides security teams with actionable data, enabling fast decision making and proper response.
- ExpelBooth:
Expel provides transparent managed security, on-prem and in the cloud. It’s the antidote for companies trapped in failed relationships with their managed security service provider (MSSP) and those looking to avoid the frustration of working with one in the first place. To learn more, go to https://www.expel.io.
- Nozomi NetworksBooth:
Nozomi Networks is the leader in OT & IoT security. We accelerate digital transformation by protecting the world’s critical infrastructure, industrial and government organizations from cyber threats. Our solution delivers exceptional network and asset visibility, threat detection, and insights for OT and IoT environments. Customers rely on us to minimize risk and complexity while maximizing operational resilience. Its Threat Intelligence is now available for use with third-party cybersecurity platforms.
- OktaBooth:
Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.
- Recorded FutureBooth:
Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.
- RiskReconBooth:
RiskRecon, a Mastercard company, provides cybersecurity ratings and insights that make it
easy for enterprises to understand and act on their risks. RiskRecon is the only security rating
solution that delivers risk-prioritized action plans custom-tuned to match customer risk priorities,
enabling organizations to efficiently operate scalable, third-party risk management programs for
dramatically better risk outcomes. Request a demo to learn more about our solution. - TechTargetBooth: N/A
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- Trend MicroBooth:
Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.
- Team CymruBooth:
Give your security analysts visibility they can’t get anywhere else. With Pure Signal RECON, analysts can extend threat hunting far beyond the enterprise perimeter to trace, map and monitor malicious infrastructures. Block cyber attacks, close threat detection gaps, improve incident response and enforce supply chain security.
- VenafiBooth:
Venafi is the cybersecurity market leader in machine identity management, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, SSH, code signing, mobile and IoT. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise—on premises, mobile, virtual, cloud and IoT—at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.
With more than 30 patents, Venafi delivers innovative solutions for the world’s most demanding, security-conscious Global 5000 organizations and government agencies, including the top five U.S. health insurers; the top five U.S. airlines; the top four credit card issuers; three out of the top four accounting and consulting firms; four of the top five U.S. retailers; and the top four banks in each of the following countries: the U.S., the U.K., Australia and South Africa. Venafi is backed by top-tier investors, including TCV, Foundation Capital, Intel Capital, QuestMark Partners, Mercato Partners and NextEquity.
For more information, visit: www.venafi.com.
- Women in CyberSecurity (WiCyS)Booth:
Women in CyberSecurity (WiCyS) is the premier nonprofit organization with international reach dedicated to bringing together women in cybersecurity. Founded by Dr. Ambareen Siraj from Tennessee Tech University through a National Science Foundation grant in 2013, WiCyS offers opportunities and resources for its members and collaboration benefits for its sponsors and partners. The organization’s founding partners are Cisco, Facebook and Palo Alto Networks. WiCyS’ strategic partners include Amazon Web Services, Bloomberg, Cisco, Equifax, Facebook, Google, HERE Technologies, IBM, Lockheed Martin, Nike, Optum, Palo Alto Networks, PayPal, SANS Institute, Target, and University of California San Diego. To learn more about WiCyS, visit https://www.wicys.org.
- Stephen DoughertyFinancial Fraud Investigator, Global Investigative Operations Center, U.S. Secret Service
Stephen Dougherty has over a decade of investigative experience. His career as a Financial Fraud Investigator in support of the federal government has played a pivotal role in criminal investigations, surrounding cyber-enabled financial crime, money laundering, human trafficking, identity theft, healthcare fraud, embezzlement, tax/government program fraud, dark web crimes, among others. Stephen’s main area of expertise is combatting money laundering in all its forms. Aside from this, Stephen has been proactive in identifying new and future trends in the world of financial crime. Such trends include the cyber security nexus of financial crimes and its ever-growing relationship in major financial crimes such as Business Email Compromise and the rise of the dark web and the use of virtual currency as a vehicle for facilitation of financial crimes. Stephen has been a leader and a mentor to other investigators teaching them how to uncover fraud internally and externally. Stephen is currently an investigator contracted to the U.S. Secret Service’s Global Investigative Operations Center (GIOC) in Washington D.C.
- Mark MajewskiInformation Security Team Leader, Rocket Central
- Daniel ShoemakerProfessor and Director, Graduate Program, University of Detroit Mercy
Daniel P. Shoemaker, PhD, is a Full Professor and Director of the Graduate Program in Cybersecurity at the University of Detroit Mercy, where he has worked for over 35 years. He has retired from his administrative position as Department Chair, PI for the NSA Center and Subject Matter Expert for DHS and NIST. He is enjoying more time with his students and writing. He has published over 200 cybersecurity papers and articles as well as this list of books:
• Cybersecurity “The Essential Body of Knowledge”
• “The CSSLP Certification All-in-One Exam Guide”
• Cybersecurity “Engineering a More Secure Software Organization”
• “A Guide to the National Initiative for Cybersecurity Education (NICE) Framework: The Complete Guide to Cybersecurity Risk & Controls in Cyber Security”
• ”Implementing Cybersecurity: A Guide to the NIST Risk Management Framework”,
• “Supply Chain Risk Management: Applying Secure Acquisition Principles to Ensure a Trusted Product”
• “How to Build A Cyber Resilient Organization”
• “The Complete Guide to Cybersecurity Risks and Controls”
• Information Assurance for the Enterprise: A Roadmap to Information Security”
• “The Cybersecurity Body of Knowledge”
• “The ACM/IEEE/AIS/IFIP Recommendations for a Complete Curriculum in Cybersecurity” - Tamara ShoemakerCybersecurity Training Leader, The Automotive Information Sharing and Analysis Center (Auto-ISAC)
Tamara Shoemaker is a diligent and self-motivated Cyber Security Specialist offering 25 years of combined experience in Cyber Security and Administrative Management for large and small corporations aiming to amplify the use and knowledge of security. Relentless dedication to leading teams to balance meticulous attention to quality with a sense of urgency to "get the job done" in alignment with preset deadlines.
She is a dynamic, hardworking, intelligent, passionate, resourceful, resilient, jovial, insightful, team player. Working with her, an organizational team will experience a kind hearted, courageous, spirited yet direct leadership style. She has a strong ability to communicate and work effectively with people from all levels and sectors of the business, education, government and technological communities.
Dedication to address the all encompassing cybersecurity challenge of getting enough properly trained and education people into the workforce. Recognized as a leader with outstanding skills in cybersecurity awareness training, education and outreach. Seeking to deliver her skills/experiences as a liaison for your company to increase the number of students in the field of cybersecurity and build your brand.
- Panel Discussion
- Chris LaFleurManager-Threat IR & Forensic, Trend Micro
Chris LaFleur has spent the last three years working to prevent and eradicate threat actors such as Ryuk, Conti, and Lockbit. Chris began his career at Trend Micro in Threat Support, and is now running the Incident Response team. He was a key part of the making a method on how to predict customer attacks with the Smart Protection Early warning Service from Trend Micro. Chris has built a team of dedicated personal that can go into any environment and hunt out threats without needing to rely on just vendor only EDR/XDR tooling to kill the threat actors ability to cause damage.
Chris has an AS degree in IT solutions from Keiser University, along with AWS and VMWare certifications, coupled with his hands-on experience over the last decade. Chris has always led with the belief that the customer comes first no matter who or what may have caused it. Keeping an attitude that IR work is much like working in a trauma center as a doctor. We don't get to choose what comes next or how long it will take, but we do not stop until the job is complete.
- Panel Discussion
- Juman Doleh-AlomaryDirector of Cybersecurity, Little Caesars Enterprises
Juman Doleh-Alomary is the Director of Cybersecurity GRC at Little Caesar's Enterprises and an active volunteer board member of the ISACA Detroit and the CSA-Detroit Boards. With over 15 years of experience in audit, security, investigation, compliance, and privacy policy/standards, Juman most recently held the position of Director of IT Audit, Wayne State University, and the IT Audit and Risk Management at Ford Motor Company. She has served on the ISACA Detroit Chapter Board for several years and most recently as the past President of the chapter and chaired the IIA/ISACA Spring Conference with its record-setting attendance. In addition, she was appointed to the ISACA International Audit & Risk Committee. She is recognized as an expert in the subject of IT audits, risk, governance, security, and compliance. Juman holds a Bachelors's and a Master's from the University of Michigan, and certifications in CISA, CISM, CRISC, CDPSE, and ISO 27001.
- Nick SchappacherSVP & Deputy CISO, KeyBank
Head of Information Security Governance
- Panel Discussion
- Steven AielloSecurity & Compliance Practice Director, AHEAD
Mr. Aiello holds a BA in Technology Management and a Master's of Science with a concentration in Information Assurance. Currently, he is a Security & Compliance Practice Director with AHEAD, a consulting firm based in Chicago. Steven works closely with clients working across storage, virtualization and security silos.
- Steven FoxDeputy CISO, State of Washington
- Panel Discussion
- Panel Discussion

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Join your cybersecurity community for high-quality, affordable training and networking. Register today!
