- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, September 27, 20239:00 am[PLUS Course] Implementing the NIST Cybersecurity FrameworkRegistration Level:
9:00 am - 3:00 pmLocation / Room: Renaissance Baronette Hotel (27790 Novi Road, Novi, MI 48377) - Room: Grand Oak 3
- SecureWorld Plus
Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
- Thursday, September 28, 20237:30 amRegistration openRegistration Level:
7:30 am - 4:30 pmLocation / Room: Registration Desk
- Open Sessions
Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.8:00 amExhibitor Hall openRegistration Level:
8:00 am - 4:30 pmLocation / Room: Exhibitor Hall
- Open Sessions
Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.8:00 amAdvisory Council Roundtable Breakfast – (VIP / Invite only)Implications of ChatGPT and Other Similar AI ToolsAVP, Information Security Services, Amerisure Mutual InsuranceRegistration Level:
8:00 am - 8:50 amLocation / Room: PearlChatGPT (Generative Pre-trained Transformer) is a language model developed by OpenAI. It is based on the Transformer architecture and is one of the largest and most powerful language models available today. ChatGPT has been pre-trained on massive amounts of text data and can generate human-like text in response to prompts given to it. ChatGPT, and other AI programs, have the potential to revolutionize the way we interact with technology and each other. With any new technology there are negatives and positives. Come ready to add to the discussion with your peers at this invitation-only breakfast meeting of the SecureWorld Detroit Advisory Council.8:00 amA Whole Lotta BS (Behavioral Science) About CybersecurityRegistration Level:
- VIP / Exclusive
8:00 am - 8:45 amLocation / Room: Emerald
- Open Sessions
Let’s be honest: people can frustrate us. They don’t always do the things we’d like, and they often do some things we’d rather they didn’t. New research from the National Cybersecurity Alliance reveals insights about the public’s attitudes and beliefs about security. We’ll explore the 2022 “Oh Behave! Cybersecurity Attitudes and Behaviors Report,” and some of the findings may surprise you! We’ll also give you practical, actionable advice on how you can better communicate to influence the behavior change you want to see.9:00 am[Opening Keynote] The Evolving Role of the CISORegistration Level:
9:00 am - 9:45 amLocation / Room: Keynote Theater
- Open Sessions
Digital transformation in business are all around us. At the same time, disruptive technologies and privacy regulations increase enterprise risk exponentially! A CISO needs to balance value creation vs. value protection for the business amidst winds of change.
The role of the CISO has progressed from a technical focus to leading transformation and enabling the business securely. The U.S. Securities and Exchange Commission (SEC) has recently emphasized that cybersecurity is mission critical and that CISO is key change agent to deliver business value.
This keynote takes a deep dive into the evolution of the CISO role and organizational progression. Detroit’s own Arun DeSouza shares his perspectives and valuable skills needed to be successful as a modern day CISO and advice on how to advance your career along the way.9:45 amNetworking BreakRegistration Level:
9:45 am - 10:15 amLocation / Room: Exhibitor Hall
- Open Sessions
Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.10:15 amThe Greatest Mistakes in Security HistoryRegistration Level:
10:15 am - 11:00 amLocation / Room: Amethyst
- Conference Pass
Looking back on some of the biggest, baddest, and most hilarious failures in the history of security, this presentation is an opportunity to learn from the mistakes of others throughout history and today. With dozens of examples from this year to the days before the computer, there are “oops” moments everywhere that we can all take enjoyment and learn from.
Ryan walks through some serious mistakes and some hilarious gotchas all in a fun presentation which is full of immediate takeaways for both the red team and blue team. Will you learn something? Yes! Will you have fun? Ryan hopes so!10:15 amDeriving Insight from Threat Actor InfrastructureRegistration Level:
10:15 am - 11:00 amLocation / Room: Jade
- Open Sessions
From proactively hunting for unknown attacker infrastructure, to placing the exploitation of vulnerabilities on a timeline often obscured by large spikes in activity. This talk will explore ways in which we can enrich our understanding of the threat landscape beyond that which is shared in threat feeds and reports.10:15 amThe Future of AI in SecurityRegistration Level:
10:15 am - 11:00 amLocation / Room: Emerald
- Open Sessions
There seems to be a new article every day covering the intersection of artificial intelligence (AI), machine learning (ML), and the security industry. Vendors are suggesting that AI has the potential to act as a team member, replace missing expertise, and reduce headcount for detecting, investigating, responding to, and predicting new cyberthreats. The concept of a fully computerized SOC may be a dream in a world lacking cybersecurity professionals, but can it be realized?
Increasing the autonomy of the SOC is a noble goal, especially for smaller organizations struggling to hire and retain the necessary cybersecurity skills. However, the need for self-learning and self-repairing capabilities in an autonomous SOC raises an important concern: If your IT and security system becomes self-referential and self-healing, how can you investigate to ensure it’s getting it right? Who watches the watchers?
This discussion will explore:
11:00 amNetworking BreakRegistration Level:
- The history of AI, ML, and automation already in your security stack
- The dangers and challenges of unrestricted GPT and other chat bots as information sources
- Ways humans and AI can work together
11:00 am - 11:10 amLocation / Room: Exhibitor Hall
- Open Sessions
Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.11:10 am[Panel] The Future of Cybersecurity: Preparing the Next Generation and Tips for Filling the PipelineHead of Cybersecurity, Penske Automotive GroupVice President of Information Technology, Detroit PistonsCEO, CISO & Founder, Strategic Security Advisors, LLCSecurity & Compliance Practice Director, AHEADRegistration Level:
11:10 am - 11:55 amLocation / Room: AmethystOur panel of experts shares ideas for helping young professionals get their start in the cybersecurity profession, as well as tips for those looking to move out of middle management and up the ranks—even if the goal is not necessarily to be a CISO. Employers: Hear tips for filling the talent pipeline, including how and where to find eager and willing individuals. This session is a win-win for those looking to hire and those looking to fill roles or move up the career ladder.11:10 am[Panel] Symphony of Cyber Defense: Confronting the Crescendo of Threats in the Digital OrchestraIdentifying the Current Threat LandscapeDirector of Customer Success, Horizon3.aiDirector of Cybersecurity, Little Caesars EnterprisesSr. Security Engineer, Trend MicroSOC Analyst and Red Team Operative, Universal Logistics HoldingsSr. Manager, Third-Party Risk, Raytheon TechnologiesRegistration Level:
- Conference Pass
11:10 am - 11:55 amLocation / Room: Emerald
- Open Sessions
In the ever-changing symphony of the cyber realm, a cacophony of threats echoes throughout. Ranging from ransomware to data breaches, phishing, and intricate APTs, the orchestra of cyber threats grows in complexity. Emerging risks like IoT, cloud computing’s unpredictability, AI’s deceptiveness, and cryptocurrency add new layers to our musical security tapestry.
Threat actors—wielding exploit kits and Zero-Day vulnerabilities—orchestrate their attacks, preying on human vulnerabilities in perfect synchronization with state-sponsored cyber operations. To counter this threat, collaboration is essential. Proactive security practices, training cadences, and threat intelligence sharing must happen. The interplay of public and private sectors is key to a resilient digital effort.
Let us march to the beat of constant vigilance, adaptability, and investment in a fortified infrastructure. Together, we will compose a symphony of cybersecurity, safeguarding the digital soundscape and ensuring a melodious future.11:10 amWhy Automation and AI Are Crucial to Modernizing Your SOCRegistration Level:
11:10 am - 11:55 amLocation / Room: Jade
- Open Sessions
Session description to come.12:00 pm[Lunch Keynote] Cyber World on Fire: A Look at Internet Security in Today’s Age of ConflictRegistration Level:
12:00 pm - 12:45 pmLocation / Room: Keynote Theater
- Open Sessions
This informative session analyses the growing threat of cyberattacks and risks to internet security in today’s world. Col. Leighton explores the various types of attacks and vectors, including how bad actors can impact businesses and individuals. The session also examines the role of governments and international organizations—partnering with public and private businesses—in protecting against cyber threats.
Col. Leighton describes how nefarious actions are becoming increasingly more sophisticated and widespread, with hackers targeting not just large corporations but also smaller businesses and even individuals. He emphasizes the need for organizations to take proactive measures to protect their networks and data, including investing in advanced security technologies and providing regular training to employees.
He shares examples of cyber activity—good and bad; offensive and defensive—from Ukraine, China, and around the globe.12:00 pmAdvisory Council Lunch Roundtable – (VIP / Invite Only)How Can Cybersecurity Leaders Fill the Talent Pipeline Faster?Director of IT Security, CISO, Hygieia, Inc.Registration Level:
12:00 pm - 12:45 pmLocation / Room: PearlCome join this invite-only gathering of SecureWorld Detroit Advisory Council members to share tips for filling the talent pipeline, including how and where to find eager and willing individuals. What can cybersecurity leaders do to feed more quality candidates faster into the security environment? How are you integrating new hires and coaching them to fill management roles and work their way up to higher leadership roles?12:45 pmNetworking BreakRegistration Level:
- VIP / Exclusive
12:45 pm - 1:15 pmLocation / Room: Exhibitor Hall
- Open Sessions
Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.1:15 pmHow Deep Are We in These Fakes? Addressing AI AdvancementsRegistration Level:
1:15 pm - 2:15 pmLocation / Room: Jade
- Conference Pass
The proliferation of deep fakes has become a pressing concern in this era of rapid advancements in artificial intelligence. Deep fakes, convincingly manipulated audio and video content created with AI algorithms, have the potential to disrupt trust, mislead the public, and cause irreparable damage to individuals and society as a whole. As AI continues to evolve at an unprecedented pace, addressing the urgent need for strong regulations to mitigate the harmful effects of deep fakes becomes increasingly important.
This session explores:
1:15 pmBuilding Trust in the Supply Chain: Creating a Third-Party Cybersecurity ProgramRegistration Level:
- Understanding the concept of deep fakes
- Awareness of the growing threat
- Recognizing the pace of AI advancement
- Importance of strong regulations
- Challenges in regulating deep fakes
- Building a collaborative approach
- Charting a safer future
1:15 pm - 2:15 pmLocation / Room: Amethyst
- Conference Pass
Threat actors are increasingly targeting the third party eco system of organizations and the attacks are becoming more and more sophisticated. It is crucial that companies have a strategy and a program designed to minimize data breaches and/or disruptions due to cyber events in the third party network.
In this session, the speaker will share with the audience his experience in creating a cybersecurity program tailored for the third party engagements.1:15 pm[Panel] Sustainable Cybersecurity and ResiliencyCybersecurity Advisor, Region 5, CISACybersecurity Advisor, Region 5, CISAProfessor and Graduate Program Director, UDMRegistration Level:
1:15 pm - 2:15 pmLocation / Room: EmeraldAs the nation’s cyber defense agency, CISA leads the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. Since the majority of our nation’s critical infrastructure is privately owned, ensuring the nation’s cybersecurity posture requires continued collaboration between government and the private sector. During this fireside chat, CISA will discuss the current cyber threat landscape, the agency’s latest initiatives to help critical infrastructure owners and operators protect and defend their networks, and the catalog of CISA services available to organizations to become more cyber resilient.2:15 pmNetworking BreakRegistration Level:
- Open Sessions
2:15 pm - 2:30 pmLocation / Room: Exhibitor Hall
- Open Sessions
Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.2:30 pmSecuring the Digital Frontier: AI, Cyber Threat Intelligence, and the Future of PrivacyRegistration Level:
2:30 pm - 3:15 pmLocation / Room: EmeraldIn this presentation, Bidemi will delve into the prospective developments in digital security, specifically spotlighting the role of AI and machine learning in strengthening cyber threat intelligence. In addition, he will also discuss the repercussions of these technologies on privacy rights and the safeguarding of data. Audience members will better learn how to harness the power of AI and machine learning can significantly bolster digital security, but it’s critical to carefully navigate their impact on privacy rights and data protection.2:30 pmFocusing on the Building Blocks of Your Security ProgramRegistration Level:
- Conference Pass
2:30 pm - 3:15 pmLocation / Room: Jade
- Open Sessions
The key to a strong security program is its foundational components. Just as we build houses, the order in which we put the pieces together is important and can impact the success of a cyber security program. What building blocks are missing from your security program?
A strong cybersecurity program is key to protecting corporate assets and the organization itself. Understanding all the cybersecurity building blocks which are necessary and the impact they can have on your program is important. This session discusses the most common building blocks, how they make an impact, why they are important, and how the information they provide can help guide your security program while ensuring that it aligns with business goals, client expectations, and local, state, or federal regulations.2:30 pmISSA Motor City Chapter Meeting with Guest SpeakerOverview of NIST 800-171 Controls and Cybersecurity Maturity Model Certification (CMMC)Director, Information Security, RoushRegistration Level:
2:30 pm - 3:15 pmLocation / Room: Amethyst
- Open Sessions
Session description to come.3:15 pmNetworking Break and Dash for PrizesRegistration Level:
3:15 pm - 3:45 pmLocation / Room: Exhibitor Hall
- Open Sessions
Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.
Participating sponsors will announce their Dash for Prizes winners. Must be present to win.3:15 pmHappy HourRegistration Level:
3:15 pm - 5:00 pmLocation / Room: Exhibitor Hall
- Open Sessions
Join your peers for conversation and complimentary hors d’oeuvres and beverages. This is a great opportunity to network with other security professionals from the area, and to discuss the hot topics from the day.3:45 pm[Closing Keynote] AI: The Good, the Bad, and the UglyBoard Member and International Healthcare Cybersecurity Luminary; Teaching Professor, University of DenverRegistration Level:
3:45 pm - 4:30 pmLocation / Room: Keynote Theater
- Open Sessions
AI and generative AI have become the buzzwords du jour since the launch of ChapGPT4 last year, but AI has been in widespread and popular use for the better part of the past decade. We use it every day at home, in the office, and when we visit the doctor or go for an X-Ray.
AI has been applied in many positive ways to make things easier for most of us, but it has also more recently been applied in very nefarious ways, some of which may lead to significant damage including our safety as humans.
This presentation looks at the development of Offensive AI and makes a case for greater development of Defensive AI. It will suggest that as cybersecurity professionals, we need “fire” to “fight fire” and that our current security toolsets are not equipped to defend us from the attacks of tomorrow.
Learning objectives from this session:
- Consider the “Maturity Paradox” and “Attackers Arbitrage,” the gap between new technology being implemented and the security controls necessary to protect that new technology. What risks are we exposing ourselves and our organizations to?
- Examine the arming of malicious bots and malware using AI.
- Gain a better understanding of the power and dangers of Offensive AI.
- Consider the benefits of employing AI Defensive tools to protect us from Offensive AI. How will this change that way that cybersecurity work?
- Cloud Security Alliance DetroitBooth:
- Critical StartBooth: 230
Critical Start Managed Cyber Risk Reduction solutions deliver continuous security cyber risk monitoring and mitigation enabling strong protection against threats. Combined with a team of expert risk mitigators, our platform provides maturity assessments, posture and event analytics, response capabilities, comprehensive threat intelligence, and security workload management capabilities. We help you achieve the highest level of cyber risk reduction for every dollar invested, leading to increased confidence in reaching your desired level of security posture.
- ExabeamBooth: 430
Exabeam is a global cybersecurity leader that adds intelligence to every IT and security stack. The leader in Next-gen SIEM and XDR, Exabeam is reinventing the way security teams use analytics and automation to solve Threat Detection, Investigation, and Response (TDIR), from common security threats to the most critical that are difficult to identify. Exabeam offers a comprehensive cloud-delivered solution that leverages machine learning and automation using a prescriptive, outcomes-based approach to TDIR. We design and build products to help security teams detect external threats, compromised users and malicious adversaries, minimize false positives and best protect their organizations.
- GLIMPSBooth: 110
Developer of cybersecurity software designed to automate security processes. The company’s platform utilizes code conceptualization technology to analyze systems and detect viruses that are immediately correlated with known APT families, for effective threat characterization, both open-source and proprietary, enabling businesses to reduce malware threats in an efficient manner.
- Horizon3.aiBooth: 410
Horizon3.ai’s mission is to help you find and fix attack vectors before attackers can exploit them. NodeZero, our autonomous penetration testing solution, enables organizations to continuously assess the security posture of their enterprise, including external, identity, on-prem, IoT, and cloud attack surfaces.
Like APTs, ransomware, and other threat actors, our algorithms discover and fingerprint your attack surface, identifying the ways exploitable vulnerabilities, misconfigurations, harvested credentials, and dangerous product defaults can be chained together to facilitate a compromise.
NodeZero is a true self-service SaaS offering that is safe to run in production and requires no persistent or credentialed agents. You will see your enterprise through the eyes of the attacker, identify your ineffective security controls, and ensure your limited resources are spent fixing problems that can actually be exploited.
- InfraGard MichiganBooth:
InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. With thousands of vetted members nationally, InfraGard’s membership includes business executives, entrepreneurs, military and government officials, computer professionals, academia and state and local law enforcement; each dedicated to contributing industry specific insight and advancing national security.
- ISC2 Greater DetroitBooth:
ISC2 is consists of over 80,000 members worldwide. Our chapter program provides members a forum to facilitate the exchange of knowledge and ideas, development of leadership and professional skills, and advancement of information systems security. We also provide our members with access to a variety of industry resource and educational programs to keep our members informed of the latest advances in technology and techniques. The Greater Detroit chapter was been established in 2012 to help bring together local professionals. Our members consist of ISC2 credentialed professionals who hold either a SSCP, CAP, CSSLP, and/or a CISSP or advanced concentration certification.
- ISACA DetroitBooth:
Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the metro Detroit area.
- ISSA Motor CityBooth:
The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals. The Motor City chapter is located in the automotive capital of the United States, Detroit, MI. Our chapter is committed to educating, consulting, advising, and overall improving information security for our technology infrastructures.
- Judy SecurityBooth: 130
Judy Security provides smart, simple, effective and affordable cybersecurity software solutions for small and midsize businesses. Judy, our all-in-one cybersecurity platform leverages AI and machine learning to deliver next-generation, 24/7 protection and support for companies who lack the time, expertise and capital to successfully implement these solutions on their own. judysecurity.ai
- LogRhythmBooth: 400
LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.
- One IdentityBooth: TBD
One Identity, a Quest Software business, helps organizations achieve an identity-centric security strategy with a uniquely broad and integrated portfolio of identity management offerings developed with a cloud-first strategy including AD account lifecycle management, identity governance and administration, and privileged access management. One Identity empowers organizations to reach their full potential, unimpeded by security, yet safeguarded against threats without compromise regardless of how they choose to consume the services. One Identity and its approach is trusted by customers worldwide, where more than 7,500 organizations worldwide depend on One Identity solutions to manage more than 125 million identities, enhancing their agility and efficiency while securing access to their systems and data—on-prem, cloud, or hybrid.
- Palo Alto NetworksBooth: 340
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before.
- SilverfortBooth: 420
Silverfort protects enterprises from data breaches, cyber attacks and insider threats, by preventing credential compromise and misuse across the entire corporate network and cloud infrastructure. Silverfort leverages patent-pending technology to seamlessly harden the basic authentication and access mechanisms used by all client devices and services, instantly equipping them with the latest authentication and access protection technology without any change or integration.
- Team CymruBooth: 300
Team Cymru’s mission is to save and improve human lives. We are unrivalled across three disciplines; digital business risk platforms, free to use community services and support services to over 143 Government CSIRT teams.
Our business risk and threat intelligence platforms empower global organizations with unmatched Threat Reconnaissance and Attack Surface Management capabilities to meet the challenges of today’s cyber threats.
Community Services equip those who run the internet to defend it from criminals who wish to disrupt and cause harm, and CSIRT enables Governments the tools to outmaneuver nation state threat actors.
Since 2005, our reputation remains unchallenged.
- TechTargetBooth: n/a
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- ThreatLockerBooth: 450
ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com
- Trend MicroBooth: TBD
Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Bob Bacigal, ModeratorAVP, Information Security Services, Amerisure Mutual Insurance
Bob Bacigal is the Assistant Vice President of Information Security at Amerisure Insurance. He has over 30 years of experience in information security management, risk management, incident response, disaster recovery, and business continuity planning. Prior to joining Amerisure, he held security management positions with Great Lakes BanCorp, the Federal Reserve Bank of Chicago, and Delphi Corporation. Bob is an active member of the InfoSec community and has served as President and Chairman of the InfraGard Michigan Members Alliance (IMMA) and is currently serving on its Board of Directors. He is an active member of the State of Michigan CSO Kitchen Cabinet, Detroit CISO Executive Council Governing Body, and the SecureWorld Detroit Advisory Council. Bacigal earned his bachelor’s degree in Criminology form Eastern Michigan University and is both a Certified Information Systems Security Professional (CISSP) and a Certified Information Security Manager (CISM).
- Lisa PlaggemierExecutive Director, National Cybersecurity Alliance
Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.
- Arun DeSouzaCISO & CPO, Nexteer Automotive
Arun DeSouza is currently Chief Information Security & Privacy Officer at Nexteer Automotive Corporation. Arun has extensive global IT and security leadership experience. His interests include the Internet of Things (IoT), security analytics, blockchain, and quantum computing. Arun’s areas of expertise include strategic planning, risk management, identity management, cloud computing, and privacy. Arun earned M.S. and PhD degrees from Vanderbilt University and is a Certified Information Systems Security professional (CISSP). He has won multiple industry honors: CSO50 Award, Computerworld Premier 100 IT Leaders Award, CIO Ones to Watch Award, and Network World Enterprise All Star Award.
- Ryan MostillerSr. Manager, IT Security, BorgWarner
Ryan has nearly 10 years of experience in defending large enterprise environments, specializing in Windows and Active Directory environments. Ryan has responsibility for Incident Response, Vulnerability Management, and the Management of all Security Tools and Controls. Ryan is a proud double alumnus from Oakland University as well as husband and father.
- Scott FisherSr. Security Engineer, Team Cymru
- Cynthia GonzalezSenior Product Marketing Manager, Exabeam
Cynthia Gonzalez is a Sr. Product Marketing Manager at Exabeam. An advocate for customers, she’s focused on their use of technology to enable and simplify work. She is at her best when bridging the gap between sophisticated software products and the benefits customers can expect.
- Mo WehbiHead of Cybersecurity, Penske Automotive Group
As the Director of Information Security & Project Management Office within the IT department at Penske Automotive Group, Mo oversees the implementation and governance of cybersecurity and IT service management best practices across the organization. He has over 18 years of experience in leading and managing complex IT projects, portfolios, and programs, as well as ensuring compliance, data security, and risk management for multiple business units and stakeholders.
He is also an active board member and speaker at various professional associations and forums, such as ISACA, Cloud Security Alliance, and Cybersecurity Collaboration Forum, where he shares his insights and expertise on emerging trends and challenges in the cybersecurity and IT services. His specialties include Risk Management, Information Security Management, Compliance, Data Security, Project Management, Portfolio Management, Program Management, Mergers, Acquisitions and Divestitures, Organization Management, Change Management, and IT Management.
- Paul RapierVice President of Information Technology, Detroit Pistons
- Coover ChinoyCEO, CISO & Founder, Strategic Security Advisors, LLC
- Steven Aiello, ModeratorSecurity & Compliance Practice Director, AHEAD
Mr. Aiello holds a BA in Technology Management and a Master's of Science with a concentration in Information Assurance. Currently, he is a Security & Compliance Practice Director with AHEAD, a consulting firm based in Chicago. Steven works closely with clients working across storage, virtualization and security silos.
- Habibeh DeyhimDirector of Customer Success, Horizon3.ai
- Juman Doleh-AlomaryDirector of Cybersecurity, Little Caesars Enterprises
- Robin PurnellSr. Security Engineer, Trend Micro
Robin Purnell currently works as a Senior Security Engineer at Trend Micro. With almost two decades of experience, he has made significant contributions to the global security landscape, partnering with organizations worldwide to tackle their most pressing security challenges. His expertise spans diverse industry sectors, including corporate, public sector, education and government agencies. One of Robin’s primary objectives is to empower businesses through continuous education, ensuring they are well-equipped to proactively address security concerns within their operational environments. His aim is to guide organizations in making informed, strategic decisions rather than viewing security as a mere checkbox requirement.
- Tyler ThornsberrySOC Analyst and Red Team Operative, Universal Logistics Holdings
Tyler Thornsberry is a SOC Analyst for Universal Logistics who holds a Bachelor’s Degree in Information Security from Oakland University. He provides an offensive perspective in the threat landscape with his experience in pen-testing. Ranging from Active Directory to web applications, Tyler has engaged in numerous red-team exercises in an effort to demonstrate the severity of vulnerabilities before threat actors have the chance to.
- Mary Rowley, ModeratorSr. Manager, Third-Party Risk, Raytheon Technologies
Mary’s several years of leadership experience encompasses many areas of cybersecurity with a focus on IT risk management, IT audit, security awareness training, vulnerability management and incident response. Her extensive information security background includes working at Henry Ford Health System, Comerica Bank, WorkForce Software, Learning Care Group and most recently, Raytheon Technologies, where she continues to build and mature the company’s Cyber 3rd party risk program. Mary is a graduate from Walsh College with a Master’s degree in Business Information Technology, Information Assurance and holds several certifications including CISSP, CISA and CRISC.
- Josh YostSr. Director, Systems Engineering, Palo Alto Networks
Josh is an experienced cybersecurity leader with over 20 years in security and networking. He has spent the last decade at Palo Alto Networks where he has held multiple roles, beginning with Next Generation Firewalls and Network Security, and now leading the Cortex Systems Engineering and Solutions Architecture teams for North America. Josh and his teams have helped thousands of customers improve their security outcomes. He is steadfast in the belief that mature and advanced security operations is not solely the domain of the largest organizations, but achievable across the board; he particularly enjoys being part of that journey with our customers. Before joining Palo Alto Networks, he worked in network and security MSSP product management at CDW.
- Col. Cedric LeightonCNN Military Analyst; USAF (Ret.), Chairman, Cedric Leighton Associates, LLC
Founder of a strategic risk consultancy after serving 26 years in the US Air Force, Cedric Leighton oversaw numerous critical intelligence missions throughout his career. He served at US Special Operations Command, the Joint Staff and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star.
Currently, Cedric advises multinational businesses on cyber attacks and the management of complex global strategies to reduce risk and unpredictability.
- Scott Aschenbach, ModeratorDirector of IT Security, CISO, Hygieia, Inc.
- Chahak MittalSr. Cybersecurity Engineer (GRC), Universal Logistics Holdings
Chahak Mittal is a cybersecurity professional and GRC analyst working with internal SOX audits. Beyond that, security training and awareness is her passion. Her core interest is towards educating people of all age groups to be Cyber Smart. She regularly conducts seminars in various schools and other educational institutions regarding online safety and hot topics in cybersecurity and Artificial Intelligence. Chahak is also planning to launch workshops for all age groups. She has her own YouTube channel, where she posts videos about online safety tips, cyberattacks, etc.
Chahak is a journal reviewer for IEEE Access, as well as other science publications, and recently has been honored by CT University, India, to be an Ambassador for their Cyber Wellness Center. Her certifications and achievements include:
• Certified Information Systems Security Professional (CISSP): A certification offered by ISACA (ISC)2. This exam has a pass rate of 20%
• Double Masters in Cybersecurity from Thapar University, Patiala (India), and Eastern Michigan University, Michigan (USA)
• Member of ISACA, IEEE Access, Order of the Sword and Shield (Department of Homeland Security, USA)
- Marwan YoussefThird Party Cybersecurity Program Leader, General Motors
Marwan Youssef is an accomplished cybersecurity and risk management expert with over 25 years of experience leading information security and technology programs at large organizations. Marwan is currently serving as the Third Party Cybersecurity Program leader at General Motors.
Prior to GM, Marwan was the Client Management Executive for Proctor & Gamble at HP, where he was responsible for relationship management and revenue growth. He also served as Client Manager for GM's global engineering workstations contract with HP.
Marwan holds 2 Master's degree in Information Systems Management from Carnegie Mellon University and in Management of Technology from Rensselaer Polytechnic Institute. Marwan's undergraduate studies were in Aerospace Engineering from Wichita State University. He also holds multiple certifications including Certified Information Systems Security Professional (CISSP), IT Infrastructure Library (ITIL), and Project Management Professional (PMP).
- Wei Chen LinCybersecurity Advisor, Region 5, CISA
Mr. Lin serves as a Cybersecurity Advisor (CSA) in Region 5 (IL, IN, MI, MN, OH, WI) at the Cybersecurity and Infrastructure Security Agency (CISA). Based in Chicago, IL, Wei Chen supports CISA’s mission of strengthening the security and resilience of the nation’s critical infrastructure.
As a CSA, Mr. Lin conducts various cyber preparedness, risk mitigation, incident response coordination, and outreach activities through partnerships with critical infrastructure, private industry, and state, local, tribal, and territorial (SLTT) governments.
Prior to joining CISA, Wei Chen served as the Policy Advisor of the Office of Cybersecurity & Risk Management at the Illinois Commerce Commission. In this role, he coordinated with public and private sector entities to prioritize ongoing efforts of public utilities to protect critical infrastructure.
Mr. Lin is a licensed attorney in Illinois and a Certified Information Systems Security Professional (CISSP). He earned a Juris Doctor (JD) degree with a Certificate in Health Law from DePaul University College of Law, and a Bachelor of Science (BS) degree in Information Assurance and Security Engineering from DePaul University.
- Brian YoshinoCybersecurity Advisor, Region 5, CISA
Brian Yoshino serves as a Cybersecurity Advisor with the Cybersecurity and Infrastructure Security Agency (CISA) where he supports CISA’s mission of strengthening the security and resilience of the nation’s critical infrastructure. As a CSA, Mr. Yoshino is the liaison between federal services and state, local, tribal, and territorial governments, critical infrastructure, and private industry. He conducts various cyber preparedness, risk mitigation, and incident response coordination activities through public and private partnerships and outreach efforts. Mr. Yoshino has over two decades of experience in cybersecurity spanning the federal civilian and private sector communities. Prior to joining CISA, Mr. Yoshino held positions within the National Security Agency and the Executive Office of the President, White House Information Security Directorate. He holds numerous cybersecurity certifications including the SANS GIAC Security Expert (GSE) certification. He holds a bachelor’s degree from Northern Illinois University and a master’s degree in Information Security from Lewis University.
- Dan Shoemaker, ModeratorProfessor and Graduate Program Director, UDM
Daniel P. Shoemaker, PhD, is a Full Professor and Director of the Graduate Program in Cybersecurity at the University of Detroit Mercy, where he has worked for over 35 years. He has retired from his administrative position as Department Chair, PI for the NSA Center and Subject Matter Expert for DHS and NIST. He is enjoying more time with his students and writing. He has published over 200 cybersecurity papers and articles as well as this list of books:
• Cybersecurity “The Essential Body of Knowledge”
• “The CSSLP Certification All-in-One Exam Guide”
• Cybersecurity “Engineering a More Secure Software Organization”
• “A Guide to the National Initiative for Cybersecurity Education (NICE) Framework: The Complete Guide to Cybersecurity Risk & Controls in Cyber Security”
• ”Implementing Cybersecurity: A Guide to the NIST Risk Management Framework”,
• “Supply Chain Risk Management: Applying Secure Acquisition Principles to Ensure a Trusted Product”
• “How to Build A Cyber Resilient Organization”
• “The Complete Guide to Cybersecurity Risks and Controls”
• Information Assurance for the Enterprise: A Roadmap to Information Security”
• “The Cybersecurity Body of Knowledge”
• “The ACM/IEEE/AIS/IFIP Recommendations for a Complete Curriculum in Cybersecurity”
- Bidemi OlogundeSr. Intelligence Analyst, Expedia Group
Bidemi, a seasoned Intelligence Analyst, boasts a versatile career spanning incident response, SIEM operations, and the forefront of technological trends. His expertise is backed by an impressive portfolio of certifications, including CISA, C|EH, C|TIA, CASP+, amplifying his prowess in the InfoSec realm. His profound insights have been instrumental in shaping a dynamic security landscape.
As the host and producer of 'The Bid Picture Podcast' and 'The Cyber Case Files Podcast', he discusses the daily implications of cybersecurity and analyzes federal cybercrime cases, respectively. He takes an active part in open-source investigations and uses his expertise to assist in locating missing children and supporting victims of human trafficking and domestic violence.
- Brian GawneDirector, Cyber Security & Compliance, People Driven Technology
- Rajesh NanwaniDirector, Information Security, Roush
Rajesh is the Chapter President of ISSA Motor City.
- Happy Hour
- Richard StayningsBoard Member and International Healthcare Cybersecurity Luminary; Teaching Professor, University of Denver
Richard Staynings is a globally renowned thought leader, author, public speaker, and advocate for improved cybersecurity across the Healthcare and Life Sciences industry. He has served on various industry and international cybersecurity committees and presented or lectured on cybersecurity themes or concerns all over the world. He has advised numerous government and industry leaders on their healthcare security strategy and defensive posture and has served as a subject matter expert on government Committees of Inquiry into some of the highest profile healthcare breaches.
Richard is currently Chief Security Strategist for Cylera, a pioneer in the space of medical device and HIoT security. He is also author of Cyber Thoughts, a leading healthcare cybersecurity blog, teaches postgraduate courses in cybersecurity, health informatics and healthcare management at the University of Denver University College, and is a retained advisor to a number of governments and private companies.
A recovering CISO, with more than 25 years’ experience of both cybersecurity leadership and client consulting in healthcare, Richard has lived in over 30 countries and delivered innovative solutions to organizations in all of them. When he’s not on a plane or speaking at an event, he can usually be found in the Rocky Mountains of Colorado, USA
Some of his more notable successes include work for: Amgen, Cisco, CSC (now DxC), PricewaterhouseCoopers, Intel, Microsoft, Zurich Financial, and a long list of hospital and health systems.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Join your regional cybersecurity community for learning and professional growth. Sign up today!